Connecting Applications Platform to an On Premises Database

Overview

Typically, you use Applications Platform to host data, as well as services, in the cloud.

From time-to-time, it may be necessary to connect Applications Platform to an on premises database. To facilitate this, Applications Platform provides Tunnelling Servers, which act as a “go-between” between the Applications Platform Tenant and the on premises database. It is responsible for establishing and routing TCP traffic through the tunnel, and routing traffic back to the requesting Applications Platform Tenant.

How Does it Work?

Each Tunnelling Server is allocated a unique pool of private IP addresses and TCP port numbers. A connection is established between the Applications Platform Tenant and the Tunnelling Server, using a unique IP address and port combination.

On the “other side”, an encrypted, SSH-based tunnel is established between the on premises database on the customer network, to the server. The database server must be configured to accept TCP connections.

Requests to the on premises database are made using the connection and corresponding tunnel.

What about Data Security?

Each Applications Platform-side connection can only be accessed using the unique IP address and port number combination. By using tunnels, each tenant’s traffic and data is isolated from other tenants using the same Tunnelling Server. The same is still true if more than one tenant belongs to a single customer or partner.

How can I Connect my Application to an On Premises Database?

A customised utility is available for the database server. This utility makes the initial connection to the Tunnelling Server, providing the database connection details. The Tunnelling Server then uses the utility to connect to the database and route database requests through.

You can choose to install the utility either locally on the database server, or on a remote machine that has access to the database.

You configure the utility with the relevant database credentials, the IP address or hostname, and port number required to access the database.

TIP: If your database server contains multiple database instances, you can bind the port number to a database instance which provides another level of security on the database-side. This has the advantage of ensuring the Tunnelling Server only has access to that instance.

Adding a dedicated database user strictly for the Tunnelling Server is also recommended.

To request a copy of the utility, contact your Codeless Platforms representative.