Cutover Connect™
Cutover Connect™ is a server application used to perform secure integration with enterprise customer infrastructures. Designed to be deployed on-premise, it links third-party systems (also called ‘services’) to their dedicated Cutover instance (‘Cutover Core’) through a secure channel. This allows secure data transfers between Cutover and customer platforms enabling complex automation tasks in user-facing Cutover runbooks.
Note: Cutover Connect establishes a secure channel with our AWS account without the need to expose client APIs. Role based permissions allow clients to access dedicated assets within AWS.
Key features of Cutover Connect™
- Platform flexibility: Cutover Connect™ is versatile, supporting deployment on both Windows and Linux VMs.
- Secure hosting: The system is positioned either behind the customer's firewall or within the DMZ, ensuring a secure environment for data transmission.
- Spring Boot foundation: Built using the industry standard Spring Boot framework, Cutover Connect™ benefits from all the security and features that Spring Boot offers.
- Proxy configuration: If placed behind a firewall, access to Cutover Connect™ can be tailored through proxy settings, offering flexibility in various network environments.
- Redundancy and availability: The platform is engineered to support both redundancy and high availability options, ensuring uninterrupted service.
- Multithread processing: Cutover Connect™ can manage multiple tasks concurrently allowing automations to scale as volumes increase.
- Enhanced security: Separate integration execution using Cutover Connect™, from user-facing automation tasks in Cutover Runbooks.
- Dedicated secure channel: Cutover creates a dedicated secure message channel (‘Secure Channel’) based on Amazon Web Services (AWS) Simple Queue Service (SQS) to pass messages between Cutover and Cutover Connect™.
- Pull model: Cutover Connect™ uses a ‘pull-model’ so sensitive messages are retrieved by the on-prem host from the Secure Channel without needing to be open to inbound internet traffic.
- Integration execution using HTTP or Command Line Interface: Cutover Connect™ reads Cutover Core messages and relays it to a RESTful API or command-line program. Message destinations are defined locally, ensuring authentication and network details remain confidential.
- World-class high-availability infrastructure: Cutover Connect™ uses the AWS platform for message transfer, security and data processing.
Note: When you are ready to get started with Cutover Connect™, please contact your Customer Success Manager (CSM).
What software does Cutover Connect™ require?
Cutover Connect™ requires Java 17+ runtime environment (JRE) to operate. Refer to the official Oracle Java download page for more information.
What hardware does Cutover Connect™ require?
The Cutover Connect™ server executable (‘JAR file’) requires approximately 2GB of disk space on execution to allow for log file generation, disk swap space and so on. Cutover recommends allocating at least 2GB of RAM to allow in-memory
caching, JRE environment loading and general memory management. We also recommend the following:
- Linux (preferred) or Windows Server (Windows Server 2019+) host with
Java 17 installed - as a container, VM or dedicated hardware
environment as a minimum - 2GB RAM and 5GB disk space (in addition to host system requirements)
- Firewall access to enable Cutover Global Proxy (AWS) HTTPS requests
on port 443 - Ability to download zip files from Cutover Core (required to download the
Cutover Connect package™
Network and firewall considerations
Cutover Connect™ will require outbound access to the internet to allow Cutover messages to be retrieved via ‘the Secure Channel’. Configure your firewall to allow outbound HTTP connections on port 443 to:
https://<subdomain>.cutover.com
https://<subdomain>.cutover.net
https://api.<subdomain>.cutover.com
https://api.<subdomain>.cutover.net
https://aws-proxy.cutover.com
https://aws-proxy.integrations.cutover.com
https://aws-proxy.dev-integrations.cutover.com
https://cutover-connect.integrations.cutover.com
Note: Always consult your Information Security and Networking teams to ensure your company security guidelines are followed correctly.
Performance and Resilience FAQ
1. Does Cutover Connect™ support network throttling?
Cutover Connect™ does not have built-in network throttling. However, message processing is naturally limited by the design: Cutover Connect™ polls messages from SQS based on a configurable timer and processes them using a set number of threads (up to 10). This limits throughput without requiring external throttling.
2. Can Cutover Connect™ handle high volumes of messages from SQS?
Yes. Cutover Connect™ reads messages from the queue at controlled intervals. The polling frequency and number of processing threads are configurable, which prevents the system from becoming overwhelmed. If needed, additional limits can be added to further control how frequently Cutover Connect™ checks the queue.
3. Does Cutover Connect™ use a circuit breaker mechanism?
Yes. Cutover Connect™ supports circuit breaking on polling integrations. If a request does not receive a response, Cutover Connect™ will retry up to three times. After three unsuccessful attempts, the integration is marked as failed, and no further polling messages will be sent for that task.
4. Does Cutover Connect™ have a retry mechanism for HTTP calls?
Yes. When Cutover Connect™ makes HTTP calls, it will retry up to three times if there is an I/O exception (e.g. an unreachable endpoint). If a valid HTTP error is returned (like 401 Unauthorized or 404 Not Found), no retry will be attempted, as this is expected behavior.
Further resources - diagrams
1. Diagram (Fig. 1) illustrates the high availability architecture when running multiple instances of Cutover Connect™.
2. The architecture diagram (Fig. 2) shows the secure data flow and system integration between on-premises systems and 3rd party services integrating with Cutover Connect™.
