Purpose

To provide and overview of what is required for onboarding a customer to TW Hybrid Connect.

Context

TW Hybrid Connect provides a secure means to be able to connect Prodoc Cloud to a customers on-prem ERP, thus customers can still leverage the assets they have invested in. This connector is needed when moving customers from on-prem Prodoc to cloud.

Approach

A staged approach to onboarding a customer for Hybrid Connect is:

Connect Services

• • Created DMZ

  • Setup on Hybrid Connect on-prem Node

  • Connect Hybrid Connect on-prem Node to Hybrid Connect Server

Connect DB

• • Agree Views on customer ERP

  • Setup DB user accounts

Prodoc Configure

• • Configure Product to utilise customer DB

Hybrid Connect Node

TradeWindow supports virtual or physical nodes.

Option 1 : TradeWindow Provided Image (preferred)

TradeWindow will provide, using a secure file transfer and 2FA PIN, the image to be used for the Hybrid Connect Node.

The image provided is hardened to CIS (Center for Internet Security) / NIST (National Institute of Standards and Technology) standards, by TradeWindow.

The image will be maintain to CIS / NIST standards following any major operating system updates, with a minimum of 6 months.

The node:

• • is designed to be treated like an appliance that needs near zero touch.

  • will auto apply windows security updates at 02:00 every Tuesday Morning.

  • does not require an open remote access capability

Option 2 : Customer Provided Image

• • Customer will provide the Image and hosting within their own environments.

    The image provided by the customer must be hardened to CIS (Center for Internet Security) / NIST (National Institute of Standards and Technology) or comparable standards.

  • The image must be maintain to CIS / NIST standards following any major operating system updates, with a minimum of 6 months.

  • The node is designed to be treated like an appliance that needs near zero touch.

    • will auto apply windows security updates at 02:00 every Tuesday Morning.

    • does not require an open remote access capability for TradeWindow

  • Customer must evidence to TradeWindow the compliance.

  • Specification for the node is:

    • Windows 10,11 Pro

    • Memory : Min 4G

    • Disk : 100 GB

    • CPU : Min 2 Cores

    • Security : Windows Defender, Windows Firewall

    • Networking : Location on a DMZ with Internet access and connectivity to the ERP through the specified firewall rules.

  • TradeWindow will provide the Hybrid Connect Binary and configuration files needed for the customer, installation of the files is a very simple process.

Recovery

In the event of any failure of the node, then the Gold Image will be used to reestablish the service. Only transient data is held on the node.

If node fails to start then access through the customers approved remote node management will be required.

Networking

Customer is responsible for creating the DMZ, providing internet access and configuring the on-prem networks. The details around the IPs will be provided to TradeWindow.

• • Node IP, Subnet Mask, Default Gateway, DNS

  • Customer Public IP

Firewall Rules

The following firewall rules are required to allow the Hybrid Connect service to function

TW Hybrid Connect On-prem Node : Customer to confirm IP

Customer ERP : Customer to confirm IP

TW Hybrid Connect Server : 20.92.232.244

OnBoarding Check List

Restart Customer Node

Go to Windows Services and restart the service starting “TradeWindow”, this will start the client process that communicates with the TW Hybrid Connect Server.

To test communication from the customer site they can type “config” in the windows search bar and select “Configuration Tool”. This will bring up the “Trade Window Configuration Tool”, showing a screen like this:

The customer should then press “Test” and a successful test should show: