Salesforce

LIM overview and setup (Local Integration Module)

Printable View
« Go Back
Information
LIM overview and setup (Local Integration Module)
lim-overview-and-setup-local-integration-module
Article Details


Introduction

The LIM provides a secure way for our cloud-based systems to integrate with local services, such as databases, email, and 3rd party applications. It has no user interface, but instead acts as a web server that can service requests that originate from the cloud. For example:

  1. A user does a postcode lookup on a cloud-based form
  2. The cloud performs a HTTP request on the LIM to get the data it needs
  3. The LIM performs the action requested by the cloud (such as a SQL query) and responds
  4. The cloud then returns the data to the user

All of the traffic between the LIM and the cloud is encrypted using AES256. The LIM is also used to deliver email through your local mail infrastructure rather than sending emails from the cloud - this ensures internal mail is handled securely and also ensures that external mail originates from your systems and so is not considered to be spam.

Installation - Important key facts

The LIM is typically installed by Firmstep consultants on a server prepared by the customer to meet these prerequisites:

  • Windows Server OS (any version)
  • IIS (any version)
  • ASP.net 4.6 (Web Server> Application Development > ASP.NET 4.6) and (Features>.Net Framework 4.65 Features)
  • To be able to serve web content to the internet, this can be locked down to only allow incoming connections from the platform (lim.ec2.firmstep.com) after the installation is working.
  • To be able to send email via SMTP to internal and external recipients, you'll need to provide the hostname/IP of your mail server. It may also need a relay rule that will  allow the LIM send email to anyone.
  • Any ODBC drivers and appropriate connectivity through firewalls to reach the databases and back-office systems you want to integrate with.

Once all of this is in place, our consultants can complete the installation remotely while you watch. The process takes approximately one hour. This will involve downloading a ZIP file containing the software.

What information do I need to provide to Firmstep before a LIM installation?

You need to confirm that the server is ready, so generally a yes/no to the following:

  • IIS is installed.
  • ASP.Net 4.6 is installed and enabled on IIS (Web Server> Application Development > ASP.NET 4.6 and Features>.Net Framework 4.6 Features).
  • LIM Server is able to connect to you mail server (and set as a permitted relay if necessary). Any restrictions you have placed on relaying emails.
  • LIM Server is accessible from the internet.
  • Does the LIM need to be configured for Inbox in Service (this is not usually necessary during an initial LIM installation)?

You will need to provide these details:

  • Remote access details.
  • The external address (IP or URL) for the LIM Server.
  • Mail server hostname/IP and port.
  • To configure Inbox:
    • IMAP server hostname/IP
    • IMAP port
    • Username and password for the IMAP account(s) that need to be configured.

Installation - FAQs

Q) Can we change LIM Config ourselves or do Firmstep need to change it on your side?

The customer can change their LIM Config file from their side.

Q) Will the LIM work on a Virtual Machine?

Yes - there are no issues with VM servers.
 

Q) Can the LIM use SSL?

Yes, in addition to the AES256 encryption already used as standard. You will need to configure IIS (and/or your proxy) with the necessary certificates prior to installation.
 

Q) Can I configure my firewall with an IP address rather than the hostname "lim.ec2.firmstep.com"?

Yes. See the LIM Shared Proxy page for details of the IP addresses.
 

Q) Does the LIM need to be open to serve content to the entire Internet?

No, but the installation process is simpler and quicker if it starts out this way. We'll then install the software and configure the platform to connect directly to it - this is the simplest way to connect and diagnose issues. Once that is working, we reconfigure the platform to route requests via our proxies. This means that the requests that reach your LIM will originate from a small set of consistent IP addresses rather than whatever IP addresses our elastic cloud of application servers happen to be using that day. Once that is done, you can lock down your firewall to only allow the LIM to serve content to these IPs. At each stage the operation of the LIM can be tested, which makes it easy to identify which configuration change introduced any problems. See the LIM Shared Proxy page for details of the IP addresses.
 

Q) Can I cluster the LIM?

Yes, although it does a tiny amount of computation so this is not necessary for scalability. VM infrastructure normally provides sufficient fault tolerance, however the standard Network Load Balancing features of Windows will work just fine.
 

Q) How should I setup IIS Application pools / Virtual directories?

The LIM is normally installed with its own application pool and in a virtual directory called 'firmsteplim' which maps to program files\firmstep\lim. We will normally setup this for you.
 

Q) Does the LIM need a dedicated server?

No, it does a very small amount of computation
 

Q) Shall I put my LIM in the DMZ or on my LAN?

Either is fine - it depends on your approach to internet security and your existing infrastructure. Remember that the LIM must be able to serve content to our cloud platform. Some organisations prefer to locate the LIM in a DMZ network for this reason, and open up firewall rules to allow the LIM to access only specific systems on the LAN. If you put the LIM on the LAN, you can probably use the same server for the FAM.
 

Q) What server specification is required?

The LIM does a tiny amount of computation and requires nothing more than the minimum recommended specifications quoted by Microsoft for your server OS.
 

Q) Can the LIM serve content on a port other than 80?

Yes. Configure an IIS website (and perhaps your reverse proxy) to do this prior to your installation.
 

Q) Does the LIM need to be backed up?

In most situations the LIM server is not used to store data. The only exception to this is an integration method that saves files to the local disk - this is often used to integrate with EDRM and similar systems. If you are using this method in your solutions, you will need to ensure the files are managed responsibly (transferred to the target system via scripts, ftp etc). If you are not using this method, then there is no operational data stored on the LIM and backups need only be taken after installation or configuration changes.
 

Q) Can I use multiple separate LIMs to allow the cloud to integrate with separate networks?

Yes.
 

Q) Is there a minimum specification for a LIM server?

No, there is not a minimum specification.
 

Q) Is there a diagram that shows where the LIM sits?
Yes. Note that you may have an extra firewall between the LIM and the back-office systems.

Lim architecture

Preparation

  1. Prepare a new server so that it meets the installation prerequisites as described above
  2. Install and configure any other required software, such as Oracle ODBC drivers
  3. Ensure the new LIM server can perform the same acts as the old one - e.g. sending Email, accessing SOAP endpoints, accessing databases. This may involve configuring firewalls, email relays and setting up DSN records.
  4. Ensure the new LIM server can serve content to the Internet.
  5. Granicus will then install, configure and test the latest LIM software over a remote working session. A non-production Forms platform site will be used to test the new LIM so as to avoid disruption to your production system. You must have access to the desktops of both old and new LIM servers to facilitate this.
  6. Granicus will then setup a proxy rule that will ensure that all requests to the new LIM originate from the Granicus/govService Firmstep proxy.
  7. You can then add firewall rules to limit the external IP addresses that can connect to the new LIM to the Granicus/govService Firmstep Proxy addresses.
  8. If you are running the LIM or FAM application with logging enabled, please ensure that appropriate measures are taken to ensure log files are not remotely accessible. The simplest way to do this is to ensure log files are stored in a location outside the IIS directory structure (ie by changing the location in the log4net.config file located in the LIM folder)

 Switch

When you are ready, Granicus consultants will update the configuration records of your platform sites to use the new LIM. The changes take effect immediately and there will be no downtime. The LIM installation on your old server is then no longer in use and can be decommissioned. Take care to ensure that any other software services running on the same machine are also migrated away before decommissioning the old server.

 

top of page
Powered by