IRIS General description: Unterschied zwischen den Versionen
Lbanik (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „de:IRIS Allgemeine Beschreibung == Problematik bei Cloud-Systemen == Grundsätzlich kann das HVS32 ohne Bedenken in Cloud-Umgebungen betrieben werden, sof…“) |
|||
| (12 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
[[de:IRIS Allgemeine Beschreibung]] | [[de:IRIS Allgemeine Beschreibung]] | ||
| + | [[IRIS cloud system|IRIS]] enables you to securely publish functions of the HVS32 dispatch system into the public internet (cloud capability). | ||
| − | == | + | == Issues with cloud systems == |
| − | + | In principle, the HVS32 can be operated in cloud environments without hesitation, provided that the connection from the upstream system (ERP or WMS, hereinafter referred to as just ERP for simplicity) to the HVS32 is in a shared, secure, internal network. | |
| + | [[Datei:IRIS internal network.png|alternativtext=|zentriert|rahmenlos|717x717px]] | ||
| + | Problems arise, however, when a connection is to take place across networks: | ||
| + | [[Datei:IRIS Problem across networks.png|alternativtext=|zentriert|rahmenlos|702x702px]] | ||
| + | Then this connection between two networks must be secured. | ||
| − | + | Secured means: Both the connection must be encrypted and each incoming connection must be authenticated and authorized. | |
| − | |||
| + | There are two possibilities for this. The bridging of the networks by means of VPN or the secured publication of the HVS32 functions to the Internet with IRIS, a software developed by Heidler Strichcode. | ||
| + | == VPN vs IRIS == | ||
| + | There is no 100% perfect solution for securing the network bridge. Mostly you have to choose a compromise depending on the case. | ||
| − | + | Here we will list the common advantages and disadvantages of a VPN connection compared to IRIS to help you decide. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ | ||
| Zeile 24: | Zeile 23: | ||
!IRIS | !IRIS | ||
|- | |- | ||
| − | |'''+''' | + | |'''+''' Simple setup |
| − | |'''+''' | + | |'''+''' Accessible from the internet |
|- | |- | ||
| − | |'''+''' | + | |'''+''' No further safety concerns |
| − | |'''+''' | + | |'''+''' Accessible for multiple ERP systems simultaneously |
|- | |- | ||
| − | |'''+''' | + | |'''+''' Only minor change effort for existing systems |
| − | |'''+''' | + | |'''+''' Also accessible from [https://en.wikipedia.org/wiki/Software_as_a_Service SaaS] ERP systems |
|- | |- | ||
| − | |'''-''' | + | |'''-''' Only possible with self-hosted (installed) ERP system |
| − | [https:// | + | [https://en.wikipedia.org/wiki/Software_as_a_Service SaaS] based ERP systems are not possible. |
| − | |'''+''' | + | |'''+''' Developed according to the latest safety standards |
|- | |- | ||
| − | |'''-''' HVS32 | + | |'''-''' HVS32 is only accessible within these 2 networks |
| − | + | The VPN connection becomes mandatory for every client | |
| − | |'''+''' | + | |'''+''' Future features possible, e.g. information in web interface (in planning) |
|- | |- | ||
| − | |'''-''' | + | |'''-''' Difficult scalability |
| − | + | Multiple ERP systems only with extension of VPN connection | |
| − | |'''-''' | + | |'''-''' Complex setup of all security-related technologies |
|- | |- | ||
| | | | ||
| − | |'''-''' | + | |'''-''' Higher technical requirements for clients (ERP systems) |
|- | |- | ||
| | | | ||
| − | |'''-''' | + | |'''-''' Regular (security) updates required |
|} | |} | ||
| − | == IRIS in | + | == IRIS in the cloud environment == |
| − | + | If you decided to use IRIS, the IRIS system would integrate with your internal corporate or cloud network as follows: | |
| − | [[Datei:IRIS | + | [[Datei:IRIS in the network.png|alternativtext=|zentriert|rahmenlos|694x694px]] |
| − | + | All requests to IRIS are encrypted, authenticated, and authorized. | |
| − | |||
| − | |||
| − | + | Encrypted: Encryption is possible via HTTPS using TLSv1.2 or TLSv1.3 (if supported by the client). | |
| − | + | Authenticated: Each user is given a personal account in the IRIS system with which to log in. | |
| + | Authorized: Authorizations for functions in the dispatch system can be assigned for each user, according to the [https://en.wikipedia.org/wiki/Role-based_access_control RBAC system] | ||
| − | |||
| − | |||
| − | + | In addition, the IRIS system can manage multiple HVS32 systems simultaneously. | |
| − | + | Example: | |
| − | + | You use both a test and a production system. Using a simple identifier in the request to IRIS, the request is forwarded to the respective system. | |
| − | |||
| − | + | You use different HVS32 installations for multiple sites. However: All HVS32 installations must then be located in the same internal company network. | |
| + | == Challenges == | ||
| + | Every new software naturally comes with new challenges and requirements for the system. | ||
| − | + | We would like to point out at this point that the introduction of a security-relevant application such as IRIS can also bring with it various challenges and the security of the overall system must also be regularly checked from all sides. | |
| + | We have described further details on the requirements for an installation on our [[IRIS System requirements|IRIS system requirements]] page. | ||
| − | + | In addition, however, these security requirements also make ERP system connectivity more complex. Additional challenges arise for the ERP system, which must also implement these requirements at least as a client of the shipping system. | |
| − | + | Therefore, please also schedule a meeting with your ERP system vendor to discuss these requirements. These include: | |
| − | * | + | * Only possible with our latest [https://interface.heidler-strichcode.de/ REST interface] |
| − | * | + | * Requests only via an HTTPS connection |
| − | * | + | * Authentication using [[wikipedia:OAuth|OAuth2]] (Authorization Code / Client Credentials) |
Aktuelle Version vom 7. Dezember 2023, 09:59 Uhr
IRIS enables you to securely publish functions of the HVS32 dispatch system into the public internet (cloud capability).
Issues with cloud systems
In principle, the HVS32 can be operated in cloud environments without hesitation, provided that the connection from the upstream system (ERP or WMS, hereinafter referred to as just ERP for simplicity) to the HVS32 is in a shared, secure, internal network.
Problems arise, however, when a connection is to take place across networks:
Then this connection between two networks must be secured.
Secured means: Both the connection must be encrypted and each incoming connection must be authenticated and authorized.
There are two possibilities for this. The bridging of the networks by means of VPN or the secured publication of the HVS32 functions to the Internet with IRIS, a software developed by Heidler Strichcode.
VPN vs IRIS
There is no 100% perfect solution for securing the network bridge. Mostly you have to choose a compromise depending on the case.
Here we will list the common advantages and disadvantages of a VPN connection compared to IRIS to help you decide.
| VPN | IRIS |
|---|---|
| + Simple setup | + Accessible from the internet |
| + No further safety concerns | + Accessible for multiple ERP systems simultaneously |
| + Only minor change effort for existing systems | + Also accessible from SaaS ERP systems |
| - Only possible with self-hosted (installed) ERP system
SaaS based ERP systems are not possible. |
+ Developed according to the latest safety standards |
| - HVS32 is only accessible within these 2 networks
The VPN connection becomes mandatory for every client |
+ Future features possible, e.g. information in web interface (in planning) |
| - Difficult scalability
Multiple ERP systems only with extension of VPN connection |
- Complex setup of all security-related technologies |
| - Higher technical requirements for clients (ERP systems) | |
| - Regular (security) updates required |
IRIS in the cloud environment
If you decided to use IRIS, the IRIS system would integrate with your internal corporate or cloud network as follows:
All requests to IRIS are encrypted, authenticated, and authorized.
Encrypted: Encryption is possible via HTTPS using TLSv1.2 or TLSv1.3 (if supported by the client).
Authenticated: Each user is given a personal account in the IRIS system with which to log in.
Authorized: Authorizations for functions in the dispatch system can be assigned for each user, according to the RBAC system
In addition, the IRIS system can manage multiple HVS32 systems simultaneously.
Example:
You use both a test and a production system. Using a simple identifier in the request to IRIS, the request is forwarded to the respective system.
You use different HVS32 installations for multiple sites. However: All HVS32 installations must then be located in the same internal company network.
Challenges
Every new software naturally comes with new challenges and requirements for the system.
We would like to point out at this point that the introduction of a security-relevant application such as IRIS can also bring with it various challenges and the security of the overall system must also be regularly checked from all sides.
We have described further details on the requirements for an installation on our IRIS system requirements page.
In addition, however, these security requirements also make ERP system connectivity more complex. Additional challenges arise for the ERP system, which must also implement these requirements at least as a client of the shipping system.
Therefore, please also schedule a meeting with your ERP system vendor to discuss these requirements. These include:
- Only possible with our latest REST interface
- Requests only via an HTTPS connection
- Authentication using OAuth2 (Authorization Code / Client Credentials)