Hi,
Can we have a reverse proxy running in ProjectWise Design Integration Server so that all the client connect to the reverse proxy instead of directly connecting to the server? The purpose of the reverse proxy is, I would like to capture the file transfer between the client and server? Thank you.
Ramnath, I can't answer your question about reverse proxy (I'll see what I can find out though), but have you taken ProjectWise Training? The reason why I ask is that the ProjectWise "Server" doesn't actually transfer the file to the client and at least when I used to teach the ProjectWise Administrator training, this was covered in the training material. The content of the training may have changed since then and I don't see the older explanation in the help file anymore.
The way file transfer works is like this: The ProjectWise Integration server determines from where the client needs to fetch the file and the connection is actually made from the client to the server where the storage location is. Now if all of the storage areas are on the same server as the ProjectWise Integration server, then it is downloaded from that server, but if there are any ProjectWise Caching servers involved (and they do not have to be configured for caching), and the file is in a storage area on that server, then the file is transferred from that server to the client, it does not "pass through" the ProjectWise Integration Server. This is to improve file transfer times when "remote" locations need faster access and a ProjectWise caching server might be deployed for that purpose.
This section in the help file mentions some of the details:
Also, you should be aware that if Delta File Transfer is enabled, there are scenarios where on the differences between the file in the storage location and what is in the client's working directory are transfered, not the complete file, so the bytes being transfer are the differences, not the file's contents.
ProjectWise Administrator Training is available, as well as accreditation. Typically (i.e. before the pandemic), ProjectWise User and Administrator training is done live and during the initial deployment process. Here's a link to the accreditation program:
https://communities.bentley.com/products/projectwise/content_management/w/wiki/51607/projectwise-administrator-accreditation-program
One of the points I try to make in the ProjectWise SDK Training classes I teach is that before you try to implement a custom feature (or behavior), you should verify that what you want to do can't be done "out of the box". ProjectWise has many features, some of which are enabled by default and others are disabled by default, as well as some features can be "tweaked" a bit. Training can help by providing an idea of what is available or possible.
Now in this case, wanting to intercept the file transfer, I don't know of a way to do that "out of the box", nor with the ProjectWise SDK, but I could be wrong.
As a follow up to the question about "reverse proxy", a colleague pointed me to this Wiki article: https://communities.bentley.com/products/projectwise/content_management/w/wiki/8374/set-up-2-projectwise-nested-gateway-servers
I don't know if that is of any help to you, but I suspect that if Delta File Transfer is enabled, you will still need a way to determine the full file's contents.
HTHs
Thank you Dan for your help. First I changed the ProjectWise Design Integration Server to listen to port 16365 in 'dmskrnl.cfg' file as shown in the image below.
And the secure connection is disabled or commented as shown in the image below.
When I try to 'Checkout' a text file containing the text "ICANSEEYOU", using ProjectWise Explorer Client from ProjectWise Design Integration Server, the data is transferred in plain text as unencrypted format and it is visible in the WireShark Trace as shown in the image below.
I wrote a reverse proxy in C++ that will connect between the ProjectWise Explorer Client and ProjectWise Design Integration Server. The client will connect to the reverse proxy which listens to a different port (5800) and communicates with the server on port 16365. The reverse proxy will capture all the packets that travel between the PW Explorer Client and PW DIS and dump it to a file. It is also capturing the file when we check out text file as shown in the image below.
But the packets, when it captures the file, has header and footer. How do I capture the only the file data alone with the file name? Are there any format Bentley follows when it transfers the file (either through Checkout, Check-in, Copy etc.) between the client and server? In all the above case Delta File Transfer is disabled.
Ramnath Muralidhar,
Unfortunately, I don't know of a way to do what you are asking. I suspect that the process is not documented for public use as I wasn't able to find any references to it in the SDK material. Also, it is likely to vary from what you see if encryption was enabled and/or if Delta File transfer was enabled (and in use for the particular file).
Thank you Dan for your reply, We don't want the default encryption to be enabled rather we wanted to implement our DLP solution when the file is transferred between client and server. Default encryption is just a normal protection feature but with our DLP solution it will be a roal based document access mechanism based upon who is accessing the documents.
There is another option on the server side which might help us. On the server side (ProjectWise Integration Server). In C:\Program Files\Bentley\ProjectWise\Bin\dmskrnl.cfg there is a section for plugins or server customizations. It looks like this:
[UserModules] ; ----------------------------------------------------------- ; Section provides user customized modules ; ----------------------------------------------------------- ; On start up the server will read this section and load any listed DLLs. ; The dll is not unloaded until the server is shut down. ;dmsgeosrv=dmsgeosrv.dll ;EventLogging=EventLoggingATP.dll ;drmsvcsrv=drmsvcsrv.dll
How to write a server plugin or what can be done using a server plugin? Will this plugin be able to capture the file transfer between the client and server?
Hi Dan, finally I have written a reverse proxy that run on the ProjectWise Design Integration Server. It acts as a bridge between the PW client and PW server. All the communication happens through my reverse proxy. Additionally my reverse proxy also captures the files that are being exchanged between the client and server. It understands the format of the data that is being exchanged and segregates the data and save it in a disk location. Before any further communication happened, my reverse proxy encrypts or decrypts the files that are captured and retransmit it back so that whoever client accessing the PW server will receive the encrypted file and who ever client that uploads or check-in the encrypted file will be decrypted by the reverse proxy and saves in the PW server as a normal file.
I would like to reconfirm that whether the process which I am doing, is it valid?