Cognite InField, Cognite Remote, Cognite Maintain, Cognite Data Fusion, InRobot: Proxy Aware

Hi Ibrahim! 

Just to make sure we’re aligned, could you detail an example? Is this to ensure all outgoing network requests are made to a defined proxy? e.g. instead of requesting to cognitedata.com, we would request to a new destination of the customers choice? Any more details?

We can assume, but could you describe why you need this also?

@DanielJohnLevings - It’s very common in enterprise environments to require all web traffic to traverse a proxy versus going straight to a network firewall, as your applications do now.

The goal would be proxy support similar to what you provide for your PiExtractorService.exe. Allow the end user to specify a web proxy for all of your applications, starting with the desktop Remote client. 

Example configuration from your PI Extractor -

Hi @ibrahim.alsyed!

For the web applications (such as InField and Maintain), it should be sufficient to use the regular proxy settings in the browser. Has this been attempted, and if yes, what were the problems observed?

For the Remote desktop application, the request is understood and will be evaluated by Product Management.

Best regards,

Eira

@Eira Monstad - the browser’s Proxy setting only effects HTTP / HTTPS (TCP) traffic. The UDP traffic generated does not use the proxy setting. Better yet, stop using UDP and the problem solves itself for most of the cognite applications. We would still need proxy awareness for the desktop app.

Thanks for elaborating, @MattH! We will follow up on this with the various applications.

@ibrahim.alsyed is this something that is still open/waiting? @Anita Hæhre not sure what the latest update is - as this is still in “Gathering interest” after a year and a half

@Eira Monstad would you be able to provide an update on this one please? 

Hi @MattH, @Eira Monstad 
 

I apologize if my understanding of the request is unclear; this is merely a suggestion to consider alternative approaches. It's quite common to address scenarios like this by configuring a reverse proxy and load balancing solution, such as Nginx (NGINX Plus or NGINX Open Source, for example). Additionally, NGINX can be utilized to continually test TCP or UDP upstream servers, avoid failed servers, and gracefully incorporate recovered servers into the load-balanced group. This type of solution enables us to sidestep adding network dependencies to applications and enhances connection resilience.

A reverse proxy like Nginx could introduce features in an enterprise environment, such as Reverse Proxy, Load Balancing, SSL/TLS, Caching, TCP and UDP Load Balancing, as well as high concurrency and low resource usage.

@Knut Vidvei or @Hunter Beck could you add some insight here into upcoming plans and/or recommended setup for the applications?

Hi all! 

Just some brief updates on this based on a few conversations: 

1. General best-practice for web applications based on our engineering team is leveraging browser-based proxy settings as @Eira Monstad mentioned above. As of today, this is the only planned mechanism for supporting proxies for InField, Maintain, and Fusion.
2. However, as mentioned, we do have one web application that uses UDP - InRobot. However, I’ve been informed by the team that there is a fallback to TCP, so that should circumvent the issue. You should be able to test out connection by visiting: https://networktest.twilio.com/ And here are our firewall configs can be found here: https://docs.cognite.com/cdf/admin/allowlist/. 
3. For the Remote desktop application does not have a mechanism for configuring a proxy. However, this application is scheduled to be sunset on June 30, 2024 (per this notice and as discussed in a few different release forums). We have brought most of the major features and workflows already into the new Cognite Search, and this is really the future home of the workflows done in Remote as of today. 

I hope that helps to clarify, and per the above, we’ll close this feature request. However, if you test the above and find that something does not work as expected, please feel free to comment on this idea, and we’ll do further assessment. 

Best Regards, 

Hunter Beck