Syncplicity Support

Search our knowledgebase to get the help you need, today

Follow

Prerequisites for WOPI Connector

The Syncplicity On-Premises WOPI Connector is server software that runs as a virtual machine. It connects the Syncplicity orchestration layer in the cloud and Microsoft Office cloud application services to your storage endpoint using the Web Application Open Platform Interface Protocol (WOPI). You should review About Syncplicity StorageVaults and private storage before reading further.

The storage endpoint should already be configured with at least two Syncplicity Storage Connectors. If you have not configured your storage for this, see Hybrid Cloud Storage and Deploy the Syncplicity On-Premise Storage Connector to setup your storage endpoint for Syncplicity.

The following topics describe the prerequisites for installing the on-premises WOPI Connector.

Hardware requirements

The WOPI Connector requires:

  • A minimum of two virtual machines hosted on VMware vSphere Hypervisor (ESXi) 6.0, 6.5, 6.7 or later.
  • Each virtual machine must be configured with 8 gigabytes of random access memory, 8 virtual cores and a hard disk drive (HDD) of at least 50 GB.

See the next topic about network configuration for the network hardware requirements, which includes an externally-addressable SSL-offloading load balancer, two or more Storage Connectors, and a storage backend that supports a standard NFS v3 or v4, or s3 interfaces.

Software requirements

The following requirements should be met:

  • Microsoft Office 365 subscription is needed for users of the Viewing and Editing in Microsoft Office Online feature. For details, see Microsoft Office Online Integration.
  • Each Syncplicity client or app that is to connect to the WOPI Connector must meet the minimum version requirements listed in the table below.

    Syncplicity client or app Minimum version
    iOS 4.4.0
    Android 4.5.0

Network configuration

The WOPI Connector is supplied as an OVA file and installed on a virtual machine. The WOPI Connector requires the following:

  • Each WOPI Connector requires a dedicated virtual machine hosted on VMware vSphere Hypervisor.
  • At least two WOPI Connectors, but you can deploy more for scalability and high-availability.
  • Deployment of an externally addressable SSL-offloading load balancer in front of all virtual machines, configured with a certificate authority (CA) signed SSL certificate. Do not use a self-signed certificate.
  • Ensure that TLS1.2 is used (by disabling TLS1.0 and TLS1.1), and that SSLv3 is disabled (SSLv3 is disabled by default from the JDK).

As shown in the diagram, a typical example is with the storage layer in the private area of the corporate network. The Storage Connector and WOPI Connector virtual machines are in the semi-private area. The SSL-offloading load balancer is in the DMZ.

Open port requirements

The WOPI Connector requires specific inbound and outbound ports to be open.

Inbound port requirements

To enable the Syncplicity clients to connect to the WOPI Connector from the Internet, the following inbound ports must be open.

Connection Port

Protocol

From the Internet to the SSL-offloading load balancer in the DMZ.

443

HTTPS

From the SSL-offloading load balancer to the WOPI Connector virtual machines

9000

HTTP

Atmos storage requirements

To enable the WOPI Connector to connect to an EMC Atmos storage backend, the following inbound ports must be open.

Connection

Port

Protocol

From the WOPI Connector to the Atmos load balancer

443 if SSL is used with Atmos
80 if SSL is not used with Atmos

HTTP or HTTPS

From the WOPI Connector in the DMZ to the Network Time Protocol (NTP) server

123

UDP

EMC ECS storage requirements

To enable the WOPI Connector to connect to an ECS storage backend, the following inbound ports must be open.

Connection

Port

Protocol

From the WOPI Connector to the ECS load balancer

9021 if SSL is used to ECS
9020 if SSL is not used to ECS

HTTP or HTTPS

From the WOPI Connector in the DMZ to the NTP server

123

UDP

NFS v3 or v4-based storage

To enable connections from the WOPI Connector virtual machines to the NFS storage backend, the following inbound ports must be open. This includes EMC Isilon storage.

Port

Protocol

Type of Traffic

53

TCP

DNS for SmartConnect (Isilon only)

111

TCP

SUN Remote Procedure Call

111

UDP

SUN Remote Procedure Call

300

TCP

NFS mount daemon

300

UDP

NFS mount daemon

302

TCP

NFS stat daemon

302

UDP

NFS stat daemon

304

TCP

NFS lock daemon

304

UDP

NFS lock daemon

2049

TCP

NFS server daemon

2049

UDP

NFS server daemon

Outbound port requirements

In general, traffic outbound to external hosts on port 443 should be allowed. If for some reason this is not so, at least the following should be allowed.

Connection

Port

Protocol

From the WOPI Connector virtual machines to xml.syncplicity.com, xml.eu.syncplicity.com, api.syncplicity.com, api.eu.syncplicity.com, health.syncplicity.com, health.eu.syncplicity.com, and bootstrapper.wopi.syncplicity.com

Important: You also need to ensure that onenote.officeapps.live.com is allowed. This is the Microsoft endpoint that the WOPI connector must communicate with.

443

HTTPS

From the WOPI Connector virtual machines to centos.org, fedoraproject.org

Note: Only required during the upgrade procedure or installation of separate packages to allow for RPM dependency checking.

80

HTTP

Configuring Isilon storage

If you are not using Isilon storage, skip this section.

Isilon storage requires the following additional configuration steps.

  1. Create a directory on EMC Isilon cluster where you want to store the Syncplicity data. This should be done via an ssh session to the Isilon cluster.
    Example: /ifs/syncp-data
  2. Configure the permissions on the directory via an ssh session to the Isilon cluster.
    sudo chown syncp-wopi:syncp-wopi /ifs/syncp-data
    sudo chmod 770 /ifs/syncp-data
    These commands lock down security access, specifically for the "syncp" user.
  3. Create an NFS Export via the WebUI.
    The following screen shows the basic export settings that lock the export down to only the connected Storage Connectors and WOPI Connectors. Add the IP addresses of the WOPI Connectors in the appropriate fields. The values 10.111.158.3 and 10.111.158.4 are example IP addresses of the Storage Connectors. Your IP addresses will be different.
    All other export settings should be left as the defaults and not change.
  4. If the WOPI Connector is in the DMZ (Internet side of the firewall) and Isilon storage is inside of the firewall, you need to verify specific ports are opened on the firewall to allow access via NFS from the WOPI Connectors to the Isilon storage. This does not apply if the Isilon storage is not behind a firewall.
  5. See Installing WOPI Connector to check the NFS mount to the Isilon storage.

This completes the basic configuration of the EMC Isilon storage for the Syncplicity on-premises WOPI Connector.

Current limitations

Customers deploying WOPI Connector in their on-premises datacenter who also are using the StorageVault Authentication (SVA) feature will only be able to view and edit Microsoft documents in Office Online from the Online File Browser. The MS Places integration on mobile does not support SVA. This limitation only applies to SVA-enabled StorageVaults. Customers who are not using SVA can access Syncplicity folders and files from MS Places on mobile.

Powered by Zendesk