/
Remote Agent Overview

Remote Agent Overview

Owned by Nick Judson
Last updated: Jul 05, 2018

What is the Remote Agent?

The Integrator Remote Agent software is a light-weight service designed to securely broker data between you and a central repository. It also functions as an integration engine which allows the ingestion of data from many sources in various formats, as well as the delivery of data to many different targets in various formats. Once installed, this service is remotely managed and upgraded.

Installation and Footprint

The Remote Agent package installer is a 20MB download, and once installed consumes about 100MB of space. The Microsoft .NET framework 4.6.1 is required to run the Remote Agent (see https://msdn.microsoft.com/en-CA/library/8z6watww(v=vs.110).aspx), and requires up to 5GB of free space for installation. The .NET framework will be automatically downloaded and installed by the Remote Agent installer, or you can choose to pre-install it via the web downloader

available at https://www.microsoft.com/en-us/download/details.aspx?id=49981.

When operating, the Remote Agent service will cache data locally. We recommend a minimum of 1GB of free space be available after installation to facilitate this caching. The Remote Agent service, under typical conditions, requires very little system resources and should not have a noticeable impact on the host computer. 

Security

The Remote Agent service uses the same industry-standard SSL technologies used by secure websites and web servers to establish a secure, encrypted tunnel between you and the central repository. You do not need to open any incoming firewall ports as this service does not accept unsolicited external traffic. In order to establish the encrypted tunnel, the Remote Agent must be able to access the internet via a specific port (specified by the deployer). If you block outbound traffic, you will need to add an exception to allow outbound traffic on this port.

Additionally, the Remote Agent runs under the Local Service account, which is a built-in account with limited privileges. Typically, the Remote Agent does not have access to any local or external resources (such as files and folders) and permission must be explicitly granted by you. The Remote Agent can be configured to use impersonation (user credentials) in order to access shared resources such as network shares, although this will require the creation of a restricted account whose credentials can be shared.

In order to provide network resiliency, data ingested by the Remote Agent is stored locally. Once the data is successfully delivered, the local copy is typically purged within 7 days. In order to keep your data safe, your system(s) must be properly secured (properly patched operating systems, password protected login with inactivity timeout, Bitlocker® or similar hard drive encryption etc.).

System Access

The Remote Agent software has the ability to access specific low-security functions of the computer on which it is installed. This is primarily for diagnostic purposes, and allows access to system health, diagnostic log files, unattended Remote Agent software upgrades, as well as Remote Agent service restarts.

If you will be providing files for the Remote Agent to ingest, you will need to give full permissions on the target folder to the Local Service account. If the Remote Agent will be accessing a restricted external resource (such as a file share), we recommend you create a specific limited-privilege user and assign read/write permissions on the shared resource. Most other methods of ingesting data (such as HL7 MLLP, Ftp, Web Service etc.) do not require any operating system configuration. Starting with version 15, EFS is now used to provide data-at-rest encryption for queue data. Your operating system must support EFS in order to use this feature.

Resilience

If there is a network outage, the Remote Agent service will continue to ingest messages and buffer them until the network connection is restored. Computer restarts and manual service restarts will not affect the service health.

Advantages

Connexion Remote Agent has several significant advantages over other technologies such as sFTPs or VPN.

  • The Remote Agent includes a light-weight but powerful integration engine which can perform message transformation and routing at both ends of the communications tunnel. Instead of simply dropping a file in a particular folder, we can deliver data via a variety of technologies and formats.
  • The added integration component allows much more flexible and customizable workflows which are outside the scope of transport-only technologies such as sFTPs and VPN.
  • Network interruptions causing a VPN trunk to fail will often cause issues/processing backups in message source software. The Remote Agent will receive data regardless of the network state and source systems will continue to operate unaffected.
  • The communications stack is bi-directional and near real-time, without the need for inbound firewall exceptions. Bidirectional VPNs often require specialized network hardware or open firewall ports. sFTPs requires an open firewall port to be bi-directional.
  • VPNs may allow access into entire private networks instead of a single folder or target computer.
  • The Remote Agent service is remotely managed and maintained. Customer intervention is rarely required once the service is installed. Most troubleshooting can be performed without customer intervention.
  • The Remote Agent service is easy to deploy. Simply run the Remote Agent installer and configure your data feeds.

Related content

Remote Agent / Integrator
Remote Agent / Integrator
Connexion
More like this
Remote Agent Local User Interface
Remote Agent Local User Interface
Connexion
More like this
Introduction to Components / Deployment
Introduction to Components / Deployment
Connexion
More like this
UI Update Summary
UI Update Summary
Connexion
More like this
RA UI Administration
RA UI Administration
Connexion
More like this
RC4 Feature Updates
RC4 Feature Updates
Connexion
More like this