What are the advantages/disadvantages? (gRPC vs TCP/IP vs HTTPS)

I have been wondering for a while, what are the advantages/disadvantages between the various ways of connecting to a vault?

Do any of the connection methods come with any feature differences (security, functionality, etc) or perhaps even major speed/latency improvements.

I have not had the option to test gRPC yet as I am yet to understand how to set it up to pass through our pfSense firewall with haProxy :D

So let us find out, which way should clients really be connecting to the server!

  • Short answer: If possible, use gRPC as it is a future-proof connection protocol.

    Longer answer: gRPC should be used when possible, but setting up a gRPC environment when there's a proxy server in front of the M-Files application server requires expertise in that particular proxy solution. We don't currently have extensive documentation on setting up such an environment and some details are of course dependent on the used proxy solution. gRPC works over HTTP/2 so IIS cannot currently be used as a proxy as it lacks this support as far as I know. That's why RPC over HTTPS is still used also in some new on-premises environments. Vaults on the new M-Files Cloud will always use gRPC for the communication.

    At least in theory gRPC can provide performance benefits over the other protocols but I haven't yet seen any data from real-world setups. My gut feeling is that there isn't a noticeable difference currently.

  • On the recent partner conference it was mentioned that some upcoming functions will only work with gRPC. I did not notice exactly what it was, but apparently that is the way we are headed. Have included gRPC settings on all installations that last year just to be prepared but have not seen any noticeable difference so far. Have been lucky not to encounter situations with proxy servers in front so far (except for my own, where I am not able to forward gRPC calls to other than the primary server.)

  • That the other connection methods will not have feature parity with gRPC going forward, or sometime in the future, was also my understanding. This is obviously not great in cases where gRPC is not an option, like as mentions when IIS is used as a proxy, which is a very common sight. Some more transparency on what will happen feature-wise would be ideal.

    I am hoping one day to understand how to set up HAProxy myself to allow for M-Files to run on gRPC and to gain a better understanding of the performance and so on compared to the other methods.

    Perhaps the gRPC setup instructions on the KB could also do with an update. In my opinion, it is not clear what should go into the certificate and private key sections. Would that be from the certificate used in IIS for HTTPS or something separate?

  • I've sent a note to our documentation team to check if the setup instructions could be clarified.

Reply Children
No Data