The Xchange Agent is the technological doorway that allows data to move securely between your systems and the Data Xchange Platform.
PLEASE READ IF YOU ARE A SAGE CUSTOMER:
As of July 1, 2021, Data Xchange will no longer guarantee compatibility with Sage versions older than 18. For best results, please make sure your instance of Sage is 18+. Thank you!
Overview
Data Xchange is the Marketplace for Construction Technology. Data Xchange works with many Construction Technology software companies to co-develop integration solutions that are pre-built and ready to activate for Customers in the Marketplace. Those integration solutions are available in the Marketplace and can be subscribed to and customized based on available configuration options.
One key aspect of being able to use and receive benefit from the use of an integration solution in the Data Xchange Marketplace is the ability to establish a connection to certain systems available in the Data Xchange Network, especially those systems that are still installed on local server infrastructure that reside on-premise, behind a firewall, with no web-based connectivity available.
The Xchange Agent is the feature of the Data Xchange platform that establishes secure connections to these types of systems. The Xchange Agent is responsible for controlling the overall security profile for the Data Xchange platform to communicate with the local system and its respective data source, whether that is in the form of a database, files, or many others.
At a more technical level, the Xchange Agent is a streamlined and lightweight Windows service that can be installed, monitored, and maintained within a Windows server environment. This service that is installed and setup to run, once the Agent is installed, can be utilized to broker connectivity between the local system’s data and the Data Xchange platform. The Xchange Agent routinely checks in with the platform to maintain communication and receive instructions. If instructions are provided, the Agent is responsible for simply executing those instructions, placing the results into an encrypted packet that can be issued back to the platform via a response stream for efficient processing.
The Xchange Agent is setup via a simple installation wizard in just a few quick and intuitive steps. The average time to download and install the Agent takes less than 5 minutes. The Xchange Agent security profile is outlined as follows:
- All communication occurs via HTTPS; this means no additional firewall ports need to be touched, and ensures that data in motion is encrypted and secured via well accepted and universal communication protocol.
- Functionally, communication is performed between the Agent and the platform via an internal API that enables a secure and private authorization mechanism for an added security layer.
- Because processing occurs within the Data Xchange platform vs. in the local environment, local resources are protected from expanded or inappropriate use.
- The Xchange Agent has a monitoring feature for the platform to establish, maintain, and monitor the connection between the Agent and platform.
- For versioning and updates, the Agent is programmed to automatically maintain and update itself to the latest versions available, as available, from the platform.
Version Information
Current Version - 1.0.20743.0+
- Updated service and monitoring restart capabilities, eliminating customer interaction for connector and monitoring app restarts.
Data Xchange Agent System Requirements
Minimum Requirements
Your device must meet all minimum requirements to install:
Operating System | Windows Server 2008 or more recent |
Architecture |
x64, x86 Any general purpose application server should be sufficient. We recommend something comparable to AWS EC2 M5 large, but it's up to the customer depending on what the server is used for, besides the Xchange Agent. The Xchange Agent is very lightweight and does not need a beefy server. It just needs a stable connection that is always up. It’s not resource intensive. |
.NET Framework |
Customers need to upgrade .NET from an older version to at least 4.7.2. Microsoft's recommended version is 4.8. |
Agent Installation Instructions
- Ensure that your server meets the minimum requirements specified in this guide.
- Download the zip file from the email you received from Trimble
**if you did not receive an email, please reach out to xchange_support@trimble.com** - Move the zip file to the server where your ERP is hosted
- Run the Install
- Follow the instructions in the wizard. When prompted, use the activation code provided in the email to activate the Data Xchange Agent and complete the installation.
- Follow up your assigned implementation point of contact on the Data Xchange team once the Agent is installed so that Data Xchange can ensure the connection is established and work with you to set up credentials or necessary credentials to the system/data source being connected to.
Security
The Xchange Agent comes complete with security to protect your pertinent data. Below outlines the measures Data Xchange takes to ensure your data is secure and protected. Additionally, there is a list of FAQs at the bottom of this document highlighting some additional questions our team commonly receives.
Data Security
Data is passed through HTTPS web services and via private REST API’s designed specifically to enable communication with the Data Xchange platform. All data, whether in transit or at rest is encrypted via AES256. This allows for your data, regardless of the state, to be protected and encrypted at all times. Once data is streamed from the Agent into the Data Xchange platform, data is persisted, cached, and processed as specified by the specific use cases of any single integration solution.
Security FAQs
Application Security | Answer |
Are APIs exposed to the tenants? | Yes. APIs are available to assigned customers/tenants. They are protected with access and authorization controls, and they may be disabled. |
What's the key chain size? | 2048 |
How are tenant/client data and metadata accessed, analyzed, and shared with cloud partners and providers? Is metadata sent to advertising and external analytics? | Tenant/client data and metadata are not collected, analyzed, or shared with other parties. |
Is data segregated between different tenants that are stored in a shared environment? | Yes. Data is logically segregated using a tenant ID with strong validated access controls. |
Does the application provide anti-virus and malware scanning capabilities before storing files on destination servers? | No. Shared files are text files (i.e. configuration files) with strict parsing controls and input parameter validation. |
Is there a policy in place with technical measures to prevent the execution of malware on organizationally-owned or managed end-point devices used by administrators (i.e., issued workstations, laptops, and mobile devices)? | Yes. |
Does your software development standard address the OWASP Top 10 and CVE common web application coding mistakes? | Yes. |
What is the expiry date of the SSL certificate? | Less than one year. |
What is the method of SSL certificate management? |
SSL Certificate signed by Trusted Certificate Authority. |
What is the signature algorithm for the SSL certificate? | SHA-2 |
Authentication & Authorization Criteria | Answer |
Does your service authenticate and verify user access rights prior to disclosing information or granting access to business functionality and/or data? | Yes. |
What standards are followed to store user passwords? | Hashed with SHA-256 or PBKDF2 |
Does your service enforce password expiration and password rotation policies for all users, local, administrative and system account passwords? | Yes. |
What type of administrative access is allowed to the hosted service? |
Only internal access is granted. |
Has restricted root and sudo access been implemented? |
Yes. |
Do you have controls and processes to ensure immediate removal of system access which is no longer required for business purposes? | Yes. |
Privacy and Data Security Criteria | Answer |
What protocol is used for data transfer from the customer to Data Xchange and vice versa? |
HTTPS web services/REST API |
Do you maintain backup copies of "sensitive" tenant and "essential business" data? | Yes. But only for data that must maintain state and/or does not expire. |
Does the service encrypt backup copies of sensitive data? |
Yes. Backup data is encrypted both at rest and in transit. |
What is the encryption mechanism for "Back-Up Data"? | AES256 |
What are your retention policies for tenants' data? | Tenants' data is archived/stored based on country-specific business, legal, or global regulatory specifications. |
Infrastructure Security | Answer |
Do you isolate the management network from the application network? | Yes. |
What is your hosted infrastructure service provider? | Microsoft Azure Platform |
Vulnerability Management | Answer |
Do you allow tenants to perform an independent 3rd party vulnerability assessment on the system(s)? | This procedure does not currently exist. But, exceptions can be made upon request, with appropriate approvals, change control, and cost reimbursement. |
Do you track third-party software and libraries in your product/service and identify vulnerabilities? | Yes. |
Do you have the ability to rapidly patch "zero-day" vulnerabilities? | Yes. |
Do you have the capability to rapidly patch vulnerabilities across all of your computing devices, applications, and systems? | Yes. |
When was the last run of your "Application Vulnerability" report? | Within the last 12 months. |
Logging and Auditability | Answer |
How do you log changes to the system(s)? | We use multiple methods, depending on the functional process, including local files, database tier, development work management, and tracking tools. |
Do logs contain sensitive data? |
No. |
Is access to audit logs restricted to authorized users only? | Yes. |
How long are audit logs retained? |
More than 60 days. |
Support and Operations | Answer |
|
|
How are your environments set up to support the platform and overall solution? |
We provide local, development, test, staging, and production environments for each phase of the development process. |
Is there a “Change Control Board” in place that reviews and authorizes Routine and Emergency modifications to the systems? | Yes. |
What's the source of test data in testing (or non-production) environments? | No production data is ever copied into Data Xchange testing environments. When customer/tenant testing environments are leveraged for Use Case / Validation / Usability testing, Data Xchange does not have control of the dataset as it belongs to each tenant. |
Incident Analysis and Forensic | Answer |
Does Data Xchange have a notification process to inform impacted tenants in case of a “Security Incident/Breach”? | Yes. |
Have there been any “Security Incidents/Breaches” in the last six months? |
No. |
Xchange Agent FAQs
How does Trimble Integrations connect to an on-prem application hosted internally behind a firewall? |
|
How does the Connector App work? |
|
Didn't get the help you were looking for? Ask us anything at xchange_support@trimble.com