Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using middleware for App Broker and FNMS integration

A customer is looking to use middleware and API's for connecting App Broker to Cloud FNMS because their security team recommended it due to the fact that AB is on-prem and FNMS is in the cloud. Wondering if anyone has seen or done something like this before. Specifically they are looking at using Boomi to do the integration. Currently they are re-evaluating the need from a security perspective, but would like to hear from other experiences (if there are any) should they decide to use middleware for this. 

(2) Replies
By Level 12 Flexeran
Level 12 Flexeran

I don't really have any experience with Boomi, or similar "middleware", but I have to imagine that you could set this up without any special configuration in App Broker (there is none )..  The integration between FNMS and App Broker is fairly straight forward.. App Broker is basically making a web request to the Compliance API service, in order to make SOAP API calls.. The following code blurb is very similar to what App Broker is doing:


var myUri = new Uri(fullpath);
var myWebRequest = WebRequest.Create(myUri);
var myHttpWebRequest = (HttpWebRequest)myWebRequest;
myHttpWebRequest.PreAuthenticate = true;
myHttpWebRequest.Headers.Add("Authorization", "Bearer " + AccessToken);
myHttpWebRequest.Accept = "application/json";

var myWebResponse = myWebRequest.GetResponse();
var responseStream = myWebResponse.GetResponseStream();
if (responseStream == null) return null;

var myStreamReader = new StreamReader(responseStream, Encoding.Default);
var json = myStreamReader.ReadToEnd();



Where the URI (fullPath) would be something like: https://<vendorName>" And the AccessToken is that entered in App Broker...

I have seen a similar request from another customer that wanted to use Boomi middleware.  I'm not sure if they ended up implementing it or not.  I'm not sure what value this would really provide.  Please note that FNMS (in the cloud) never initiates any communication with App Broker (on-prem).  Any communication between these two products is always initiated from App Broker (over HTTPS), and for the most part, is read-only (the only exception is if a license reservation is created as a result of a license check).  What is the security concern they are trying to mitigate?

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".