Technical Details for Systems Administrators
Micromine Geobank requires connection to Micromine Australia Pty Ltd Online Services in order to perform various functions, including license verification. The table which follows contains information on the functions and the addresses to which they need access.
| Micromine Online Services Details | Notes | |
|---|---|---|
| Licensing Server address | microminelicensingservice.com (https) | |
| Micromine Nexus | https://nexus.micromine.com/ (http2) | |
| Micromine Online Services | https://compute.cloud.micromine.com | |
| Port | 443 | |
| Protocol | SSL /TLS over TCP | This connection uses self signed (by Micromine Australia Pty Ltd) SSL certificates to establish a mutually authenticated secure connection between the Micromine Licensing Service (MLS) and the Network Licence Server (NLS). See "Secure Connection" info note below. |
| IP Address (static) | 18.138.193.37 18.138.136.212 |
These IP addresses are static and unique to Micromine. They are within the Amazon AWS ap-southeast-1 IP range. You can always check what the current IP addresses are with the following command: nslookup Microminelicensingservice.com |
Secure Connection
Micromine uses SSL/TLS connection to the licensing cloud service; it establishes mutually authenticated secure connection to licensing cloud service. The SSL/TLS connection protocol is designed to detect and withstand Man-in-the-middle attach (which a pass-through proxy server effectively is).
Even though the service connection point URL starts with https and the port is 443, it is not a web site. As this is not a web site and is not supposed to be opened in a web browser, there's no need for the connection point certificate to be signed with any CA. That's why if you attempt to use a web browser to get to that URL, you get an error saying that the connection is not secure.
Micromine as a product unconditionally trusts the certificate issued by Micromine as a company. No third-party software products are expected to be using this connection.
Licensing cloud service also performs client's certificate validation and rejects any connections that present no or an invalid client certificate.
Due to the nature of the SSL/TLS mutually authenticated secure connection Micromine requires the HTTP 1.1 CONNECT method of connection via any proxy server.
Since version 1.1, HTTP supports a special method, CONNECT. This sets up the TLS tunnel through the proxy, even though your computer only directly connects to the proxy. HTTPS knows how to tunnel the TLS handshake even through the proxy. The CONNECT method converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy. A variation of HTTP tunnelling when behind an HTTP Proxy Server is to use the "CONNECT" HTTP method. In this mechanism, the client asks an HTTP Proxy server to forward the TCP connection to the desired destination. The server then proceeds to make the connection on behalf of the client. Once the connection has been established by the server, the Proxy server continues to proxy the TCP stream to and from the client. Note that only the initial connection request is HTTP - after that, the server simply proxies the established TCP connection. This mechanism is how a client behind an HTTP proxy can access websites using SSL (i.e. HTTPS).
However, note that not all HTTP Proxy Servers support this feature, and even those that do, may limit the behaviour (for example only allowing connections to the default HTTPS port 443, or blocking traffic which doesn't appear to be SSL).
Client to Database Server Connection
The following specifications are recommended for the connection between the Client machine(s) on which the Geobank application is installed and the server which hosts the SQL server instance: 1,2,2
-
Latency:
-
100ms minimum;
-
<50ms recommended,
-
-
Network Transfer rate (bandwidth):
-
25MBit/sec connection minimum;
-
>100MBit/sec connection recommended
-
WebView2
Support for the WebView2 browser applet is required for various Micromine Geobank features, including Flow and Panorama. Machines and Servers running Windows 11 will already support WebView2. If your installation does not support WebView2, you may receive an error message while using the features which utilise it.
To ensure support for WebView2, you can download and install the Evergreen Bootstrapper application from the link.
Footnotes
1 When assessing the environment latency and bandwidth, constraints from Wifi / extender connections must be considered.
2 Subject to the connection quality constraints above, a Geobank system will work on physical LAN/WAN network as well as in a visualised network environment. Mixed environments are not recommended; e.g. having the application installed on a physical machine, connecting to a SQL server instance on a virtual server is unlikely to meet the connection requirements.
3 Accessing data over WAN can be configured properly with timeout settings from various components of the whole system tuned to suit the latency. These settings will be specific to your client/server configuration and your network.