Skip to content

Requirements for on-premise Lime installations

General

The integration is dependent on being able to communicate from our Lime Marketing cloud environment to the on-premise Lime CRM Server in order to be able to get data and write back when events occur in Lime Marketing. The addon is installed into the Lime Web Server and the Lime Web Client must be enabled for that to work.

Since most on-premise solutions are behind the customer firewall the customer need to take actions in order to let the Lime Marketing environment connect to their Lime CRM server. The customer doesn't have to open up the Web Client to the whole world. It can be limited to the Lime Marketing environment IPs.

The image shows how the Lime Marketing environment communicates with the on-premise solution in most cases. Either direct through the firewall to the Lime CRM Server or through the firewall and then via a reverse proxy to the Lime CRM Server

lime Marketing communication

Security

The communication from the Lime Marketing environment to the on-premise Lime CRM environment is secured via HTTPS/TLS.

Every request from the Lime Marketing environment to the on-premise Lime CRM server needs to be authenticated. That is done by passing a unique secret (API-key) in the header (x-api-key). The API-key can only be generated by an administrator on the on-premise Lime CRM server with the Lime administration tools (or the command line tool limefu). The API-key is bound to an existing Lime user and all requests using that API-key will impersonate that Lime user. The API-key is then stored in the Lime Marketing environment for the customer and used to authenticate with the addon API.

Actions

  1. Make sure the Web Client is enabled
  2. The customer needs to set up a publicly available IP/hostname for us to use to connect to the on-premise Lime CRM server
  3. The integration doesn't require a hostname - a IP address is enough

  4. The certificate for HTTPS does not have to been issued by a trusted CA but its recommended (self-signed certificates is supported)

  5. The customer IT need to allow HTTPS traffic (port 443) from at least the newsletter environment through the firewall to the Lime CRM server

Source IP Destination IP Destination Port Description
any or 84.19.149.64/27 IP from step 2 443 Rule to allow traffic via the publicly available IP to the Lime CRM server from any or the Lime Marketing environment
  1. Some on-premise solutions also have a reverse proxy solution in front of their servers which the IT need to configure as well to direct traffic through to the Lime CRM Server

All requests to limepkg-survey are made to https://public-lime-server-url.domain/lime-app-name/limepkg-survey/\*