Firewall friendly pipeline for secure data access

Firewall Friendly Pipeline for Secure Data Access

Sumit Sarkar, Chief Data EvangelistDipak Patel, Principal Product Manager

© 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.2

During this webinar, you’ll learn:

How to establish a firewall friendly connection

Best practices and lessons learned from accessing data behind firewalls

How Board and Intuit connect their cloud applications to on-premises data

How to establish a firewall friendly connection


When organizations need to traverse firewalls

Connect Cloud infrastructure to on-premises application data• SaaS applications• Cloud analytics and data management• Web or Mobile appdev platforms

Access database behind firewall for cloud hosted server (Big, Small, SQL, NoSQL) Access data resident behind customer or partner firewalls


What is a “connection”?

Access a database or API residing behind a firewall using standard SQL or REST


What are common options we hear?

Virtual Private Networks (VPN) Server-based SSH Tunneling Reverse Proxy Vendor Agnostic Service


Network based VPN examples from AWS to Azure

Trusted support from cloud provider Requires IT administration and does not work as well in SaaS model for deployed

applications


SSH Tunneling

Free for developers to quickly get connected from PuTTY Not scalable and has security vulnerabilities with ssh keys. Requires SSH client and

server must be configured to allow SSH connections.


Reverse Proxy Server

Implemented by networking professionals and helps achieve regulatory compliance Requires IT expertise and maintenance


Vendor Agnostic Service – DataDirect Cloud

Fully hosted and managed open data service running in AWS

On-premises connector provides secure firewall traversal for cloud to ground connections.

Data access interfaces include standard SQL (ODBC and JDBC) and REST (OData).

OPC Self service, secure and scalable While not persisted, data lands in AWS


Vendor Agnostic Service – Project Mustang

Fully hosted and managed open data service running anywhere

On-premises connector provides secure firewall traversal for cloud to ground connections.

Data access interfaces include standard SQL (ODBC and JDBC) and REST (OData).

OPC Secure, scalable and flexible deployment Requires maintenance on cloud side


Configure Data Source

OPC


Configure Data Source


Configure On-premises connector

OPC


Access Data

OPC

Best practices and lessons learned from accessing data behind firewalls


If You Build It, They Will Come

Once a hybrid solution is successful in the first application, more applications become candidates

Scalability is key • Must be able to scale on-premises• Must be able to scale in the cloud

High Availability• Transparently fail over to other on-premises agents for continuous

operations

Network Efficiency• Reduce network traffic from end to end• Protocol designed for database results


Best Practices for Scalability and Availability

Install the On-Premises connectors (OPC) on multiple machines

Group OPCs into a logical OPC Put the OPC close to the database

DB1 DB2

Subnet 1 Subnet 2

opc_a1

opc_an

Group A

…

Router

opc_B1

opc_Bn

Group B

…


End to End Monitoring by Customer’s IT is Critical

Lots of moving parts• Consuming Application• DataDirect Hybrid connectivity solution (or

private installation)• Internet• Customer’s firewall/network• Customer’s database and local network

Customer’s have their own monitoring system

OPC


Best Practice for Monitoring

Recommendations• DataDirect Hybrid Connectivity

solution supports use of REST API (OData) to issue a query

• Monitor logs generated by on-premises agents REST API

OPCLogs


Breadth of Databases Support

You want to be able to support as many database types as possible Depth - versions of databases – Oracle 8.1.7 to present Single agent Out-of-the box - Relational, NoSQL, BigData No 3rd party clients to install or update

How Board and Intuit connect their cloud applications to on-premises data


BOARD International

Business Intelligence (BI) and Corporate Performance Management (CPM) software vendor known for its BOARD toolkit.

BOARD’s first customer to leverage the connector was a fashion retailer in Belgium, with more than 125 shops in Belgium and Luxembourg.

To date, six BOARD customers are leveraging the DataDirect connector, but Ferrari expects 75-80 percent of BOARD’s customers to purchase them over the next couple of years.

– Pietro Ferrari, Chief Technology Officer

https://en.wikipedia.org/wiki/BOARD_International#Products


Intuit

Develops financial and tax preparation software and related services for small businesses, accountants and individuals.

I wanted to know about implementation complexity. Lekhter told me that each rollout to a new user group took only a week of development. They push new business capabilities into production on a monthly basis. Lehkter credits the ease of development to the heavy lifting provided by the Lighting Connect and Progress connectivity.

– Jerry Lekhter, Director of Engineering


Shameless street cred


Learn More

http://bit.ly/hybridpreview

http://bit.ly/hybridpreview

Questions?

@DataDirect_News

@SAsInSumit