Connectors hosted by Capriza on a dedicated VPC can access source applications behind your firewall through a reverse proxy.
Security and Deployment Model
Follow these steps:
- Create a publicly accessible reverse proxy.
- Provide Capriza with the hostname and IP address of each internal source application as exposed by the Reverse Proxy.
- Configure the reverse proxy to:
- Allow traffic from the Capriza-provided ApproveSimple Connector IP addresses.
- Forward all traffic from the connector to the correct internal system based on the provided Host header.
Capriza-provided static IP addresses
For each connector, Capriza provides four static IP addresses:
- Two static IP addresses are allocated in the main region, providing high availability
- Two static IP addresses are configured in a different region to provide Disaster Recovery.
- Configure the reverse proxy with a valid SSL certificate to allow secure access from the connector.
IMPORTANT for Security:
The reverse proxy should only accept requests from the IP
addresses specified by Capriza.
For additional security, you may provide a client
certificate which Capriza will configure so that requests from the connector server
will include the certificate.