Question

How to enable communication between FME DataExpress app and FME Server

F
Badge

Good day,

I have a working FME Server 2019 environment and would like to use the FME DataExpress app on my phone to access FME Server (and server apps). Our company uses MobileIron to secure Apple-devices and set up tunnels for communication.

This way it must be possible - at least theoretically - that the IOS-app can connect to our FME-server that is behind our corporate firewall and NOT part of our DMZ.

At the moment, it doesn't work and I made an appointment with our system and network engineers. I think we might open some ports in our firewall. Is there any technical information available about the communication (IP-addresses, UDP, ports, etc.) we need to know in order to configure the firewall.

Thanks in advance,

Frank van Doorne

10 replies

redgeographics
Rank
Userlevel 5
Badge +25

This overview should help you along:

Taken from this page, which also contains more detailed explanations.

F
Badge

This overview should help you along:

Taken from this page, which also contains more detailed explanations.

Thank you @redgeographics,

I had seen this page, but I could not figure out where the FME DataExpress comes in. Is it just a custom application? Given the fact that you provide your credentials in FME DataExpress, it must 'plugin' to the FME Server API or above... the numbers 3, 5 or 6 or information streams B or C?

Anyway, I'll pass this info over to our infrastructural boys. Isn't it a good idea that Safe adds the FME DataExpress to this infograph?

redgeographics
Rank
Userlevel 5
Badge +25

Thank you @redgeographics,

I had seen this page, but I could not figure out where the FME DataExpress comes in. Is it just a custom application? Given the fact that you provide your credentials in FME DataExpress, it must 'plugin' to the FME Server API or above... the numbers 3, 5 or 6 or information streams B or C?

Anyway, I'll pass this info over to our infrastructural boys. Isn't it a good idea that Safe adds the FME DataExpress to this infograph?

It is my understanding that it communicates trough the REST API as well, but I agree that it would be good to have this clarified in the documentation (pinging @mark2atsafe)

mark2atsafe
Rank
Userlevel 4
Badge +25

Can you connect to the Server using a web browser on your phone, or on a computer outside the network? If so, I wonder if it's less the Server setup and more the way your mobile device is set up.

I could be wrong though, so I've asked our developers for more info.

I also asked that the tech publications team add the app to Server documentation, particularly the architecture diagram. fyi it's filed under the reference TECHPUBS-6360.

F
Badge

Can you connect to the Server using a web browser on your phone, or on a computer outside the network? If so, I wonder if it's less the Server setup and more the way your mobile device is set up.

I could be wrong though, so I've asked our developers for more info.

I also asked that the tech publications team add the app to Server documentation, particularly the architecture diagram. fyi it's filed under the reference TECHPUBS-6360.

Thanks for your answer. No, I cannot connect via webbrowser, because only the app uses the tunnel.... I’m pretty sure it”s got nothing to do with our server setup. Most probably it is network configuration. Together we will figure it out!

Thanks for expanding the documentation.

mark2atsafe
Rank
Userlevel 4
Badge +25

Thanks for your answer. No, I cannot connect via webbrowser, because only the app uses the tunnel.... I’m pretty sure it”s got nothing to do with our server setup. Most probably it is network configuration. Together we will figure it out!

Thanks for expanding the documentation.

So our developers tell me the app uses the FME Server REST API which uses HTTP (or HTTPS if Server is set up that way). It doesn't keep a connection open, only when it's checking credentials and making queries, etc.

Server itself defines the ports used. We have a list of those ports in our documentation, which you can find here: https://docs.safe.com/fme/html/FME_Server_Documentation/ReferenceManual/FME-Server-Ports.htm

It might be that you need to get your MobileIron setup to grant the app access to the network, but I'm sure you and your IT folks know that.

One final thing - if you're using a self-signed SSL certificate on Server, then let us know, since accessing such a Server through the app isn't yet supported I'm told.

Anyway, I hope this is useful and that you get it sorted out.

F
Badge

So our developers tell me the app uses the FME Server REST API which uses HTTP (or HTTPS if Server is set up that way). It doesn't keep a connection open, only when it's checking credentials and making queries, etc.

Server itself defines the ports used. We have a list of those ports in our documentation, which you can find here: https://docs.safe.com/fme/html/FME_Server_Documentation/ReferenceManual/FME-Server-Ports.htm

It might be that you need to get your MobileIron setup to grant the app access to the network, but I'm sure you and your IT folks know that.

One final thing - if you're using a self-signed SSL certificate on Server, then let us know, since accessing such a Server through the app isn't yet supported I'm told.

Anyway, I hope this is useful and that you get it sorted out.

Thanks @mark2atsafe, clear answer. I'll pass this through.

We do not use self-signed SSL certificates in Server, so hopefully we'l get things working very quick. I will let you know.

F
Badge

So our developers tell me the app uses the FME Server REST API which uses HTTP (or HTTPS if Server is set up that way). It doesn't keep a connection open, only when it's checking credentials and making queries, etc.

Server itself defines the ports used. We have a list of those ports in our documentation, which you can find here: https://docs.safe.com/fme/html/FME_Server_Documentation/ReferenceManual/FME-Server-Ports.htm

It might be that you need to get your MobileIron setup to grant the app access to the network, but I'm sure you and your IT folks know that.

One final thing - if you're using a self-signed SSL certificate on Server, then let us know, since accessing such a Server through the app isn't yet supported I'm told.

Anyway, I hope this is useful and that you get it sorted out.

We have taken some small steps. Some changes must be made to our tunnel. As a test our system engineer has connected the app directly to our server, bypassing our firewall etc. and he got a connection time-out.

That is better than what I got, but still not working. My system engineer does NOT want to open all ports mentioned "FME-Server Ports". In what LOG-files can I find "proof" what ports are needed? Do I have to reconfigure some config files in FME Server? Or is it possible to highlight only the ports needed for de FME DataExpress Server app? Thanks a lot.

siennaatsafe
Rank
Badge +9

We have taken some small steps. Some changes must be made to our tunnel. As a test our system engineer has connected the app directly to our server, bypassing our firewall etc. and he got a connection time-out.

That is better than what I got, but still not working. My system engineer does NOT want to open all ports mentioned "FME-Server Ports". In what LOG-files can I find "proof" what ports are needed? Do I have to reconfigure some config files in FME Server? Or is it possible to highlight only the ports needed for de FME DataExpress Server app? Thanks a lot.

I would start by opening whatever port that your application port is set to. By default, it's set to port 80. To find out what port you are using you can go to this link http://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/Changing-Web-App-Server-Host-Name-Port.htm

 

and see "Update the Web Application Server XML File (For Updating Port)".

 

Also, when the systems engineer was able to bypass the firewall. What URL were they using? I've found I have to use just my hostname without the trailing fmeserver. So myhostname instead of myhostname/fmeserver.

F
Badge

I would start by opening whatever port that your application port is set to. By default, it's set to port 80. To find out what port you are using you can go to this link http://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/Changing-Web-App-Server-Host-Name-Port.htm

 

and see "Update the Web Application Server XML File (For Updating Port)".

 

Also, when the systems engineer was able to bypass the firewall. What URL were they using? I've found I have to use just my hostname without the trailing fmeserver. So myhostname instead of myhostname/fmeserver.

Thank you for your answer. We already found out to use myhostname without the trailing /fmeserver. I am going to investigate LOG-files….

Reply


Community Stats

28,707
Posts
109,479
Replies
36,552
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.