All installations of FME Flow, regardless of type, include the FME Flow Core and FME Engines. These components are always provided directly from the FME Flow installation package. Two additional components - a Web Application Server and a server for the FME Flow Database - must also be installed. When you choose an Express installation of FME Flow, the install package provides its own versions of these components, including an Apache Tomcat web application servlet, and a PostgreSQL database server. If you choose a Distributed installation of FME Flow, you may need to provide your own database server and web application server, depending on the scenario.
One factor in deciding between a stand-alone or distributed installation of FME Flow is the degree of control you want in applying security updates to the web application and database servers. If you install a full, stand-alone FME Flow (Express), keep in mind that any security updates to these components are dependent on updates to FME Flow releases in general. Each time FME Flow releases an update to its software (including both major and minor releases), any security updates for these components are included in that release.
If you do not want to rely on updates to the FME Flow software in general for security updates to the web application and database servers, then we recommend a Distributed/Fault Tolerant installation. You can provide these components on your own, and maintain security for them separately. In the case of the web application server, Apache Tomcat version 9.0.x is supported. The FME Flow Database supports PostgreSQL (recommended), Oracle, and SQL Server. Alternatively, if your FME Flow is entirely internal to your organization, and behind a firewall, then you may be more comfortable with the security updates provided with a full installation.
- To proceed with a full installation of FME Flow, including web application and database servers provided with the install package, see Install FME Flow: Express Installation for Windows or Install FME Flow: Express Installation for Linux.
- To read about installation scenarios that support providing your own web application and database servers, see Distributed.
Reporting Potential Vulnerabilities
FME Flow is comprised of many Java and 3rd-party libraries. It is possible for virus scanners to identify security vulnerabilities at any time during the life of an FME Flow installation. When this occurs, you can search the FME Community for more information, or contact Safe Software Support to report the vulnerability. Safe Software takes all security vulnerability concerns seriously. Each concern is handled individually and we will report on the appropriate action once investigated.