This webinar discusses how to establish secure connections between cloud applications and on-premises data behind firewalls. It presents common connection options like VPNs, SSH tunneling, and reverse proxies, and recommends a vendor-agnostic service that provides a managed open data connection. The webinar covers best practices for scalability, availability, and end-to-end monitoring. It provides examples of how BOARD and Intuit leverage such a connection service to access on-premises data from their cloud applications.

1. Firewall Friendly Pipeline
for Secure Data Access
Sumit Sarkar, Chief Data Evangelist
Dipak Patel, Principal Product Manager

2. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.2
During this webinar, you’ll learn:
 How to establish a firewall friendly connection
 Best practices and lessons learned from accessing data
behind firewalls
 How Board and Intuit connect their cloud applications to
on-premises data

3. How to establish a firewall
friendly connection

4. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.4
When organizations need to traverse firewalls
 Connect Cloud infrastructure to on-premises application data
• SaaS applications
• Cloud analytics and data management
• Web or Mobile appdev platforms
 Access database behind firewall for cloud hosted server (Big, Small, SQL, NoSQL)
 Access data resident behind customer or partner firewalls

5. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.5
What is a “connection”?
Access a database or API residing behind
a firewall using standard SQL or REST

6. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.6
What are common options we hear?
 Virtual Private Networks (VPN) Server-based
 SSH Tunneling
 Reverse Proxy
 Vendor Agnostic Service

7. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.7
Network based VPN examples from AWS to Azure
 Trusted support from cloud provider
 Requires IT administration and does not work as well in SaaS model for deployed
applications

8. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.8
SSH Tunneling
 Free for developers to quickly get connected from PuTTY
 Not scalable and has security vulnerabilities with ssh keys. Requires SSH client and
server must be configured to allow SSH connections.

9. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.9
Reverse Proxy Server
 Implemented by networking professionals and helps achieve regulatory compliance
 Requires IT expertise and maintenance

10. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.10
Vendor Agnostic Service – DataDirect Cloud
Fully hosted and managed open data service
running in AWS
On-premises connector provides secure
firewall traversal for cloud to ground
connections.
Data access interfaces include standard SQL
(ODBC and JDBC) and REST (OData).
OPC
 Self service, secure and scalable
 While not persisted, data lands in AWS

11. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.11
Vendor Agnostic Service – Project Mustang
Fully hosted and managed open data service
running anywhere
On-premises connector provides secure
firewall traversal for cloud to ground
connections.
Data access interfaces include standard SQL
(ODBC and JDBC) and REST (OData).
OPC
 Secure, scalable and flexible deployment
 Requires maintenance on cloud side

12. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.12
Configure Data Source
OPC

13. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.13
Configure Data Source

14. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.14
Configure On-premises connector
OPC

15. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.15
Access Data
OPC

16. Best practices and lessons learned from
accessing data behind firewalls

17. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.17
If You Build It, They Will Come
Once a hybrid solution is successful in the first application, more
applications become candidates
 Scalability is key
• Must be able to scale on-premises
• Must be able to scale in the cloud
 High Availability
• Transparently fail over to other on-premises agents for continuous
operations
 Network Efficiency
• Reduce network traffic from end to end
• Protocol designed for database results

18. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.18
Best Practices for Scalability and Availability
 Install the On-Premises connectors
(OPC) on multiple machines
 Group OPCs into a logical OPC
 Put the OPC close to the database
DB1
DB2
Subnet 1 Subnet 2
opc_a1 opc_an
Group A
…
Router
opc_B1 opc_Bn
Group B
…

19. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.19
End to End Monitoring by Customer’s IT is Critical
 Lots of moving parts
• Consuming Application
• DataDirect Hybrid connectivity solution (or
private installation)
• Internet
• Customer’s firewall/network
• Customer’s database and local network
 Customer’s have their own monitoring
system
OPC

20. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.20
Best Practice for Monitoring
 Recommendations
• DataDirect Hybrid Connectivity
solution supports use of REST API
(OData) to issue a query
• Monitor logs generated by on-
premises agents REST API
OPC
Logs

21. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.21
Breadth of Databases Support
 You want to be able to support as many database types as possible
 Depth - versions of databases – Oracle 8.1.7 to present
 Single agent Out-of-the box - Relational, NoSQL, BigData
 No 3rd party clients to install or update

22. How Board and Intuit connect their cloud
applications to on-premises data

23. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.23
BOARD International
Business Intelligence (BI) and Corporate Performance
Management (CPM) software vendor known for
its BOARD toolkit.
BOARD’s first customer to leverage the connector was
a fashion retailer in Belgium, with more than 125 shops
in Belgium and Luxembourg.
To date, six BOARD customers are leveraging the
DataDirect connector, but Ferrari expects 75-80
percent of BOARD’s customers to purchase them
over the next couple of years.
– Pietro Ferrari, Chief Technology Officer

24. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.24
Intuit
Develops financial and tax preparation software and
related services for small businesses, accountants and
individuals.
I wanted to know about implementation complexity.
Lekhter told me that each rollout to a new user
group took only a week of development. They push
new business capabilities into production on a monthly
basis. Lehkter credits the ease of development to the
heavy lifting provided by the Lighting Connect and
Progress connectivity.
– Jerry Lekhter, Director of Engineering

25. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.25
Shameless street cred

26. © 2016 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.26
Learn More
http://bit.ly/hybridpreview

27. Questions?
@DataDirect_News
@SAsInSumit