Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
[email protected] www.nintex.com
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 2 of 12
Table of Contents Architecture Overview - Nintex Live ........................................................................................................ 3
Nintex Live for SharePoint environments ............................................................................................ 3
Nintex Live services for Nintex Workflow ........................................................................................ 5
Nintex Live services for Nintex Forms ............................................................................................ 5
Nintex Live framework (enablement) .............................................................................................. 5
SharePoint to Nintex Live Authentication ........................................................................................ 5
SharePoint to Nintex Live Communication ..................................................................................... 6
Nintex Live for Office 365 environments ............................................................................................. 9
Nintex Live services for Nintex Workflow for Office 365 ............................................................... 10
Office 365 to Nintex Live Communication ..................................................................................... 10
Nintex Live definitions ....................................................................................................................... 11
“Nintex Live” terms ........................................................................................................................ 11
“Nintex” terms ................................................................................................................................ 11
Non-Nintex terms .......................................................................................................................... 12
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 3 of 12
Architecture Overview - Nintex Live
This article describes the architecture of Nintex Live.
Contents:
Nintex Live for SharePoint environments
Nintex Live for Office 365 environments
Nintex Live definitions
Nintex Live is a hosted service on the Microsoft Windows Azure cloud platform that securely extends
the integrated capabilities of Nintex Workflow, Nintex Forms for SharePoint, and Nintex Mobile.
When Nintex Live capability is enabled, workflow and forms designers can accomplish these tasks:
Add available Nintex Live services from the Nintex Live Catalog to the Nintex Workflow
actions toolbox. Build more powerful workflows by including third-party service providers.
(Nintex Forms for SharePoint) Publish and host forms within Nintex Live, which can then be
submitted by anonymous, secure desktop, or mobile device end-users safely outside a
company’s firewall.
Nintex Live for SharePoint environments The following diagram shows the architecture of Nintex Live for SharePoint environments. It displays
the relationships and transient data flow between the Nintex Live/Windows Azure infrastructure for
Nintex Workflows and Nintex Forms and the Nintex Live framework that enables connectivity to
Nintex Live.
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 4 of 12
Ref Description
1
Nintex Live services manage and handle authentication, data transfer, and storage for both
Nintex Workflow and Nintex Forms.
2
The framework for Nintex Workflow and Nintex Forms provides the connectivity component
and details required to leverage the Nintex Live hosted service.
3
After the Nintex Live framework has been deployed to your SharePoint environment, the
components can be enabled for Nintex Workflow and Nintex Forms.
4
Using Nintex Mobile apps, customers and employees can connect, consume, and submit their
forms, tasks, and attachments. Nintex Mobile apps are available on all major mobile platforms.
Important! Nintex Live is a data routing solution only. It is not a repository or system of record. Any
data temporarily held by Nintex Live is cleaned/removed after the dependent processes are finalized.
In the event where a workflow initiates a live request and the third-party service is unavailable to
process the request, or, a request is processed but Nintex Live is unable to deliver the response back
to SharePoint, the message is considered orphaned and will be permanently deleted.
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 5 of 12
Nintex Live services for Nintex Workflow Nintex Live services for Nintex Workflow (SharePoint) is a service broker that provides message
queue management and a services catalog (Nintex Live Catalog). The workflow designer is able to
leverage real-time, web-based intelligence within the business processes.
Nintex Live Catalog
The Nintex Live Catalog lists the available Nintex Live services that can be added to the Nintex
Workflow actions toolbox. It also includes the details of the service provider, description of the service,
whether the service is free or requires payment, if registration is required, and the terms of use for the
service.
For more information, see Using the Nintex Live Catalog.
Service Provider
While the service provider (for example, Dropbox or Google) is technically the owner of the internet-
based application that has exposed a web service API for public or contracted consumption. Nintex
Live considers brokered services to be the service provider.
Queue Management
The Queue Management layer receives service requests and places them in a queue before they are
executed. In the event the service is unavailable, Nintex Live will hold the request and continue when
the service is available again. This allows workflows to continue independent of service availability.
Nintex Live services for Nintex Forms Nintex Live services for Nintex Forms (SharePoint) is a hosting service. This form hosting service
allows an organization to extend their forms beyond the intranet and extranet, making it available and
accessible from anywhere without relying on the configuration of the SharePoint infrastructure.
Individuals outside the corporate network may easily access the form from any device (as designed
by the forms designer).
Nintex Live framework (enablement)
Products: Nintex Workflow 2013, 2010, 2007; Nintex Forms 2013, 2010.
The Nintex Live Framework (nintexlivecore.wsp) is included with Nintex Workflow and Nintex Forms
to enable connectivity to Nintex Live. The Nintex Live Framework provides common settings such as
connection details to Nintex Live for both Nintex Workflow and Nintex Forms.
Functionality for Nintex Workflow
Allows workflow designers to add pre-defined Nintex Live services from the Nintex Live Catalog to the
Nintex Workflow actions toolbox. They also determine what data is sent to the Nintex Live/Windows
Azure platform as a parameter in the workflow actions.
For more information about installing and enabling Nintex Live, see the Installation Guides.
Functionality for Nintex Forms
Allows form designers to make designated forms available to internet users through Nintex Live.
SharePoint to Nintex Live Authentication
To use the specific Nintex Live service (Workflow/Forms), a valid product license key known as the
Nintex License File (NLF) must be activated. The NLF is used to authenticate with the SharePoint
farm.
Once the SharePoint farm authenticates with Nintex Live, an Authentication Key is generated and
used to authenticate further secure Transport Layer Security (TLS) requests made by the SharePoint
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 6 of 12
farm. The Authentication Key expires after a set period of time (at time of writing, less than 24 hours).
When an Authentication Key expires, the SharePoint farm will request a new key by authenticating
with Nintex Live.
A SharePoint farm is identified using two pieces of information:
1. The NLF.
2. A Live ID (generated by Nintex). Nintex Live uses the Live ID as a unique identifier for the
SharePoint farm. This ID is auto generated at product installation and can be updated or
changed through Nintex Live Management in SharePoint Central Administration.
Based on a combination of the NLF and the Live ID, a unique identity is generated for the Nintex Live
application (Workflow/Forms). This application identity is secured inside Nintex Live.
Nintex Live does not expose the Nintex ID of the SharePoint environment nor the service provider.
Whenever a request is made (submitting a form / executing a Nintex Live action within a workflow),
the request passes through Nintex Live and a random generated ID mapped to the application identity
is provided to the service provider to respond to a request. This process ensures that at either end
point, there is no possibility to identify where the end point is, reducing security issues where the
identity of the requester or service can be deciphered.
For more information about accessing Nintex Live, see Using Nintex Live Connector.
SharePoint to Nintex Live Communication
Products: Nintex Workflow 2013, 2010, 2007; Nintex Forms 2013, 2010
All communication points to Nintex Live use TLS.
Nintex Workflow for SharePoint Communication includes connection to and from the SharePoint farm and third-party service
providers.
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 7 of 12
The following table refers to and describes the communication points in Figure 2: Nintex Live Services
for Nintex Workflow Communications.
Ref TLS Description
1 Yes Request made to and received from Nintex Live (includes file transfers, if there are any)
2 Yes
Service provider connects to Nintex Live over TLS to retrieve and respond to the requests
(includes file transfers, if there are any)
Note: Data is transmitted securely over TLS to and from Nintex Live and the third-party service
provider. Once the data has been successfully passed to the third-party service provider, it is then the
responsibility of the third-party service provider to maintain the security and integrity of the data.
Data storage Nintex Live services for Nintex Workflow uses Azure storage. All files transferred between Nintex Live
and the SharePoint farm are over a TLS connection. Refer to “Figure 2: Nintex Live Services for
Nintex Workflow Communications”. When a file is uploaded or downloaded using a service provider
(for example, SharePoint download file, File download, Upload to Dropbox), the file is temporarily
stored in the Azure provided storage container specifically allocated for each Nintex Live ID
(SharePoint farm) within Nintex Live until the service request has been completed successfully. Once
the request is completed successfully the file is deleted from Nintex Live immediately.
If the request does not complete successfully, the request and file is considered orphaned and will be
permanently deleted.
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 8 of 12
Nintex Live services for Nintex Workflow
Nintex Live services may be used as part of building workflows.
Nintex Forms for SharePoint
Communication occurs when publishing and submitting forms.
The following table refers to and describes the communication points in Figure 3: Nintex Live Services
for Nintex Forms Communications.
Ref TLS Description
a Yes Forms definitions are published to Nintex Live services for Nintex Forms
b Yes Anonymous and authenticated forms are viewed and submitted
Data storage
Nintex Live services for Nintex Forms uses Azure storage.
The following data is stored within the Azure storage:
Form definitions that are published to Nintex Live.
Data captured when a form is submitted through Nintex Live.
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 9 of 12
A form definition is kept in Nintex Live until the defined “Form Expiry Date” is reached or when the
form has been unpublished from Nintex Live. The “Form Expiry Date” property is defined by the form
designer when configuring the “Live Settings” for the Nintex form. If no “Form Expiry Date” is
specified, the form definition will not expire and will remain in Nintex Live indefinitely.
Data captured in a form will reside in Nintex Live until it is transferred to the associated list within the
SharePoint farm. Once the transfer to the list is complete, the data is deleted.
Authentication When a form is published to Nintex Live, the form designer sets the security restrictions (secure or
anonymous) on the form. When selecting secure, the form designer is required to specify the users
who will be allowed to view and submit the form. For each user specified, the email address is used
as the primary identity stored with the form definition. The defined users are then required to
authenticate with a form configured authentication provider (for example, Windows Live, Google, or
Facebook). The authentication provider (e.g Google) will supply Nintex Live with the user’s registered
email address. The email address supplied by the authentication provider is verified dependent on a
match to an email address stored in the form.
Internet-published forms As described, form designers can publish Nintex Forms to Nintex Live. These forms may then be
accessed by anyone (should the forms designer choose to do so) outside the corporate network. This
access, however, may require additional Microsoft server licensing (applicable only to SharePoint
2010).
The Nintex Live functionality for Nintex Workflow and Nintex Forms uses TLS for connecting to the
intended Nintex Live service.
Nintex Live for Office 365 environments Nintex Live for Nintex Workflow (Office 365) runs on the Windows Azure platform. For information
about the security frameworks, see the Microsoft Azure documentation.
The following diagram shows the architecture of Nintex Live for Office 365 environments.
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 10 of 12
Ref Description
1
Nintex Live services manage and handle authentication, data transfer, and storage for Nintex
Workflow for Office 365.
2
Workflow designers add Nintex Live services from the Nintex Store to the Nintex Workflow
actions toolbox. Build, publish, and run workflows using added web services. External actions
execute outside of your Office 365 tenancy.
3
Using Nintex Mobile apps, customers and employees can connect, consume, and submit
forms, tasks, and attachments. Nintex Mobile apps are available on all major mobile platforms.
Nintex Live services for Nintex Workflow for Office 365
Nintex Live services for Nintex Workflow is a cloud service broker that provides message queue
management and a services catalog (Nintex Store). The workflow designer is able to leverage real-
time, web-based intelligence within the business processes.
Nintex Store
The Nintex Store lists the available Nintex Live services that can be added to the Nintex Workflow
actions toolbox. It also includes the details of the service provider, description of the service, whether
the service is free or requires payment, if registration is required, and the terms of use for the service.
For more information about the Nintex Store, see the Nintex Workflow for Office 365 Help.
Service Provider
While the service provider (for example, Dropbox or Google) is technically the owner of the internet-
based application that has exposed a web service API for public or contracted consumption. Nintex
Live considers brokered services to be the service provider.
Queue Management
The Queue Management layer receives service requests and places them in a queue before they are
executed. In the event the service is unavailable, Nintex Live will hold the request and continue when
the service is available again. This allows workflows to continue independent of service availability.
Office 365 to Nintex Live Communication
All communication is through TLS.
Nintex Workflow for Office 365
The following provides an overview of the communication process:
1. The workflow designer configures the relevant Nintex Live actions from within the Nintex
Workflow designer.
2. The workflow action determines what data points are considered sensitive for encryption
purposes. Nintex Workflow for Office 365 is built to automatically treat credential passwords
as sensitive information and encrypted.
3. When the workflow is published, any sensitive configuration options are encrypted from within
the Nintex Workflow for Office 365 application.
a. All encryption is in memory. There is no storage of unencrypted credentials as part of
the workflow publishing process.
b. The published workflow definition contains the encrypted item, not plain text.
Note: Users can use a variable to store a credential, then utilize that variable in the
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 11 of 12
Credential field. In this case, the setting of the variable may not be subject to
encryption. Nintex recommends storing credentials in the designated Credential field.
4. At run time, when the workflow executes, the workflow sends the action configuration,
including the encrypted information, to Nintex over secure TLS. The credentials are then
decrypted in memory before sending it to the Nintex Live routing engine also within the Nintex
Live/Windows Azure infrastructure.
Data storage
Nintex Live services for Nintex Workflow on Office 365 uses Azure storage.
Nintex Live definitions The following terms are relevant to Nintex Live as used in both SharePoint and Office 365 products.
“Nintex Live” terms
Term Definition SharePoint1
Office 3652
Nintex Live action
Workflow action that uses the Nintex Live service. Connects to an internet-based application exposing web service APIs for public or contracted consumption. Examples: Google Drive download file, Dropbox query files.
√ √
Nintex Live catalog
Provides access to Nintex Live actions. Indicates the service provider and description, subscription and registration requirements (where applicable), and terms of use.
√
Nintex Live services for Nintex Forms
Set of Nintex Live services that hosts forms for anonymous access.
√
Nintex Live services for Nintex Workflow
Set of Nintex Live services that manages message queues and provides access to Nintex Live actions. Uses Azure storage.
√ √
Nintex Live framework
Solution (nintexlivecore.wsp) providing connectivity between the Nintex Live service and Nintex workflows and forms.
√
Nintex Live service
Securely extends integration of Nintex workflows and forms.
√ √
1Nintex Workflow 2013, Nintex Workflow 2010, Nintex Forms 2013, Nintex Forms 2010 (and Nintex
Mobile)
2Nintex Workflow for Office 365
“Nintex” terms
Term Definition SharePoint1
Office 3652
Nintex form Form created using Nintex Forms designer. √ √
Nintex license file (NLF)
The .nlf file for Nintex Workflow or Nintex Forms that includes Nintex Live.
√
Nintex Store Provides access to Nintex Live actions. Indicates the service provider and description, subscription and registration requirements (where applicable), and terms of use.
√
Nintex workflow
Workflow created using Nintex Workflow designer. √ √
Nintex Workflow actions toolbox
Lists workflow actions for use in the Nintex Workflow designer.
√ √
Architecture Overview – Nintex Live
Architecture Overview – Nintex Live
Page 12 of 12
Nintex Workflow designer
User interface for creating and modifying Nintex workflows.
√ √
1Nintex Workflow 2013, Nintex Workflow 2010, Nintex Forms 2013, Nintex Forms 2010 (and Nintex
Mobile)
2Nintex Workflow for Office 365, Nintex Forms for Office 365 (and Nintex Mobile)
Non-Nintex terms
Term Definition SharePoint1
Office 3652
SharePoint farm
Logical grouping of SharePoint servers that share common resources. A farm typically operates stand-alone, but can also subscribe to functions from another farm, or provide functions to another farm. Each farm has its own central configuration database, which is managed through either a PowerShell interface, or a Central Administration website.
√
queue management
Receives and orders service provider requests related to Nintex Live actions. Unavailable providers are retried for a given period to prevent workflows from failing due to intermittent availability. Component of Nintex Live services for Nintex Workflow.
√
service provider
Owner of the Nintex Live action. Examples: Dropbox, Google.
√ √
Transport Layer Security (TLS)
Secure protocol used for file transfers and other communications to Nintex Live (from/to service providers, Nintex Workflow, and Nintex Forms).
1Nintex Workflow 2013, Nintex Workflow 2010, Nintex Forms 2013, Nintex Forms 2010 (and Nintex
Mobile)
2Nintex Workflow for Office 365, Nintex Forms for Office 365 (and Nintex Mobile)