Strategies, Patterns, and Security Measures for Integrating Infor CloudSuite with AWS

By Vignesh Subramanian, VP, Product Management – Infor Platform Technology
By Yogesh Dhimate and Brandon Blincoe, Sr. Partner Solutions Architects – AWS­
By Gokul Sarangaraju and Ambar Kumar, Sr. Solutions Architects – AWS­

Infor

Organizations that move to Infor CloudSuite often have concerns about how the solution will fit into the rest of their IT stack including their Amazon Web Services (AWS) landscape. Customers ask the following questions:

• How will my existing systems interface to Infor CloudSuite?
• In what ways can I securely access data in the Infor CloudSuite from my AWS account?
• How can I build new applications on AWS leveraging Infor CloudSuite as my business needs change?
• How can Infor solutions help my business innovate with advanced technology like Amazon Bedrock?

Infor is an AWS Specialization Partner and AWS Marketplace Seller that builds cloud-based industry-specific business software. Infor CloudSuite enable growth, reduce risk, support global ambitions. In this post, you will find strategies for common integration scenarios.

What is Infor OS and ION?

Infor OS provides deep integration capabilities and includes Intelligent Open Network (ION), which is an interoperability and business process management platform designed to integrate applications, processes, people, and data to run your business.

Infor ION enables you to easily integrate your Infor and non-Infor enterprise systems, whether they’re on-premises, in the cloud, or both. With Infor, ION you can:

• Integrate both Infor and third-party software applications.
• Create workflows and alerts that improve exception management.
• Design, standardize, monitor, and change business processes without IT involvement.
• Connect applications to the events in your business processes

ION’s comprehensive set of tools and services support popular integration patterns such as:

• Asynchronous/event-eriven/publish-subscribe
• Synchronous/API-driven
• Data ingestion/ETL (extract, transform, load)

ION also supports structured and unstructured data as well as binary data formats such as:

• Business Object Documents (BOD): These are Canonical/Extensible/Standard models based on OAGISCustom Schema support.
• Text-based data formats:
  • XML/JSON/NDJSON/DSV (CSV, TSV)
• Non-text or binary data support:
  • Anything stored in a file (image, PDF, etc.)

While ION encourages drag-and-drop as well as low-code development for faster time to market, it also supports in-flight data transformations using powerful Python scripts. This includes support for external library import and repeatable data transformation patterns.

In the following section, we’ll discuss general scenarios and integration patterns while using ION.

Integrating with Infor ION Using Enterprise Connector

You can use the Infor Enterprise Connector to provide hybrid service integration for Infor Cloud services and your local deployed services. Enterprise Connector provides an out-of-the-box connectivity with Infor Cloud through Amazon Simple Queue Service (SQS) and Amazon Simple Storage Service (Amazon S3) used for intermediate storage.

The Enterprise Connector is deployed in your on-premises or cloud infrastructure and is responsible for the communication with the Infor Cloud services. It uses outbound connections to AWS services that are exposed through https and port 443. Only an outbound connection is required.

The services in the Infor Cloud do not require any inbound connection to the Enterprise Connector. For performance reasons, the Enterprise Connector must be installed close to the applications for which it has a connection point running. To achieve low latency, we recommend the Enterprise Connector is installed in the same network segment.

Enterprise Connector supports different connection types such as Infor Application, Infor messaging service, Infor LN, File, Database, and Message Queue.

This diagram shows Enterprise Connector and protocol support that makes it possible to build wide variety of solutions.

Figure 1 – Integrating with Infor ION over Enterprise Connector.

Integrating with Infor ION Over SFTP with AWS Transfer Family

Another way to integrate applications with Infor CloudSuite is through bulk data transfer over Secure Shell (SSH) File Transfer Protocol (SFTP). Infor ION acts as an SFTP client and polls an SFTP server for new data. AWS makes it simple to provision an SFTP server using AWS Transfer Family.

With Infor ION, you can create SFTP read and write connection points to send and receive Infor CloudSuite data. You use a connection point to define a connection from Infor ION to an external SFTP server and configure the URL and credentials of the external SFTP file directory.

In addition, an Infor ION administrator can define file schemas, polling frequency, error handling rules, and a variety of other administrative tasks using the Infor ION Desk application. Data that can be transferred over SFTP include Business Object Documents (BOD/XML), delimiter-separated, JSON, or files with no defined schema.

The following steps describe how to integrate with Infor ION over SFTP with AWS Transfer Family:

1. Instantiate an SFTP server using AWS Transfer Family: When you create a server through AWS Transfer Family, you’re able to choose the SFTP protocol, map your hostname, set up users, and configure Amazon S3 buckets or Amazon Elastic File System (Amazon EFS) for data storage. An SFTP user must be created in AWS Transfer Family.
2. Set up Infor ION SFTP client for reading and writing data: An administrator can create Infor ION connection points with the user credentials from Step 1, as well as any additional configuration required such as file paths to read and write to and from.
3. Read data from Infor CloudSuite: To read data from Infor CloudSuite, the files must use the Infor ION SFTP connection point setup for sending. When ION sends a file to the FTP server created through AWS Transfer Family, Amazon S3 event notifications can send this data to SQS, AWS Lambda, or Amazon Simple Notification Service (Amazon SNS) when new objects are written to a bucket.
4. Write data to Infor CloudSuite: To write data to Infor CloudSuite, producers will write data to Amazon S3 or EFS, and the data will be available based on how the ION SFTP connection point was set up for receiving.
5. AWS PrivateLink can be used to avoid over-the-internet traffic between the virtual private cloud (VPC) and Amazon S3 or Amazon EFS.

Figure 2 – Integrating with ION over SFTP.

Integrating with Infor ION Over REST API

Infor ION API Gateway provides a collection of REST APIs to perform actions to retrieve, write, update, or delete data. External applications can integrate with Infor CloudSuite by authorizing with the Infor ION API Gateway and invoking exposed APIs.

Data that can be transferred is identical to what was described with SFTP, such as BOD/XML, delimiter-separated, JSON, or files with no defined schema.

The following steps describe how to integrate with Infor ION over REST API:

1. Create an Authorized App in Infor ION API Gateway: For each external application that needs to integrate with Infor CloudSuite, the app must be registered with Infor ION API as an Authorized App. Credentials can then be downloaded and used by the external application when communicating with Infor CloudSuite.
2. Authenticate with Infor ION API Gateway using an OAuth2 flow: You must authenticate with the API Gateway prior to being able to invoke any APIs.
3. Invoke a REST API: On successful authentication, an access token is provided which represents the authorization of a specific application to access specific parts of the user’s data. This token must be provided on API calls.

Figure 3 – Integrating with ION over REST API.

Integrating with Infor ION Over Amazon Kinesis Data Streams

With a stream connection point, you can connect to Amazon Kinesis Data Streams whcih is a data streaming service that enables real-time analytics. You can send any document type that’s supported by ION, and batches of up to 20 ION documents are sent with each ION document compressed (deflated) and Base64-encoded. The expected Kinesis record size is in the range of 20-40% original document.

The following steps describe how to integrate with Infor ION over Amazon Kinesis Data Streams:

1. The document is wrapped into a JSON structure together with the message headers.
2. Each JSON structure is packed into the Kinesis record format. Each record is given a random partition key, which results in the records being distributed to all available Kinesis shards. Records that have a compressed size of more than 1 MB cannot be handled by the stream connector.
3. All available Kinesis records are added into a Kinesis request until the size reaches the maximum based on available shards in Kinesis Data Streams. For each shard, the max size is increased by 1 MB, up to a maximum size of 5 MB.
4. The delivery of records to Kinesis Data Streams is guaranteed. Infor cannot ensure the data is available from the Kinesis data stream if the document is not retrieved on time. By default, the Kinesis data stream stores records from 24 hours up to 168 hours.

Figure 4 – Integrating with ION over Amazon Kinesis Data Streams.

Integrating with Infor ION Over Amazon EventBridge

Data producers can also use Amazon EventBridge’s API destinations feature to integrate with Infor ION API Gateway. An API destination uses a connection to manage Infor’s OAuth client credentials and input transformers to change the payload format as needed.

In addition, Amazon EventBridge allows producers to set an invocation rate limit and set up a dead-letter queue for reprocessing. Internally, EventBridge bus connects to vast array of services such as Lambda functions, Amazon Elastic Compute Cloud (Amazon EC2) instances, S3 buckets, containers, and more.

Figure 5 – Integrating with ION over Amazon EventBridge.

Security, Authentication, and Authorization

ION API Gateway provides modern and robust security capabilities. It’s the proxy on the edge and required when a client app such as an AWS service is trying to access ION endpoint. ION API inbound security requires the client application to use OAuth 2.0.

These are the steps required for AWS Services to consume ION API resources:

1. Acquire the OAuth Client – When creating a new application, you must self-register it in the API Gateway application within Infor Portal. Registering your application generates an OAuth 2.0 client ID and client secret. Your application uses the clientID/secret to obtain valid OAuth bearer tokens that allow your application to make calls into API Gateway to access APIs.
   • Select the Authorized Apps.
   • Select Add New App.
   • Specify a Name and select the Type of application.
   • Additional fields are shown depending on the Type. Complete the fields required.
   • Click Save.
2. As you save the detail of your application, the system generates a clientID and associated secret for the application.
3. Obtain the OAuth token – After your app has the OAuth client and authorization server details, use these steps to obtain the OAuth tokens.
4. Send an authorization code request to the authorization server. To initiate obtaining the OAuth token, send an authorization code request to the authorization server. This is an HTTP GET or POST request to the authorization endpoint with these parameters:
   • client_id – Specify the OAuth clientID of your app.
   • redirect_uri – Specify the URL where the authorization server sends the code. This must be the same URL as registered during integration.
   • response_type=code – Indicate the authorization server to send the authorization code upon user consent. If the user approves sharing claims with your application, the authorization server releases the authorization code to your application.
5. Exchange the authorization code for an access token and refresh token. Using the token endpoint of the authorization server, exchange the authorization code for an OAuth access token and refresh token.
6. Use the OAuth Token to consume ION API. Use the access token to consume ION API endpoints by sending the access token in the authorization (HTTP) header.

 Please refer to the software developer kit (SDK) published in the Infor Marketplace for program samples on how to authenticate with Infor OS API Gateway.

Customer Benefits

Infor OS enables customers securely connect disparate data sources, both on-premises or in the cloud. Infor is secure and certified to FedRAMP level and offers a variety of advantages such as guaranteed message delivery, scalable multi-tenant architecture, end-to-end message governance, continuous integration/continuous delivery (CI/CD), and audit of every admin action.

The following table summarizes integration patterns and approaches we discussed in this post.

Conclusion

In this post, you learned how Infor OS enables system-centric backend automation and supports flexible and customizable architecture to bring disparate data sources together.

Explore Infor’s solution in AWS Marketplace to get started on securely and easily integrating your applications and building solutions to meet your customer needs. We also encourage you to read this AWS blog post on how Infor OS on AWS accelerates intelligent business solutions with AI and data capabilities.

For additional information about systems integration using Infor OS, please visit developer.infor.com.

.

.

Infor – AWS Partner Spotlight

Infor is an AWS Specialization Partner that builds cloud-based and industry-specific software. Infor supports innovation and progress for leading organizations in every industry.

Contact Infor | Partner Overview | AWS Marketplace | Case Studies