Private Network

For customers hosting data sources on private networks, such AWS VPC, or on-premises, our platform supports several secure and flexible integration methods. These methods are designed to ensure seamless data integration while upholding the highest security standards.

Before beginning any integration process of data sources in private network, please contact our technical support team. Our team will work with you to review your specific requirements and environment, helping to select the most effective solution.

Here’s how you can connect your data sources in private network to our platform:

1. Using Load Balancers

Customers can configure a load balancer to expose their data sources securely to us. In this case, instead of a direct connection to the data source, a connection via loadbalancer is used. The loadbalancer address should be indicated as the data source's hostname configuration.

Steps to implement:

• Setup loadbalancer: Customer to setup loadbalancer routing to the data source.

• Connection Setup: Our technical support to ensure that load balancer is used to connect to your data source

For AWS Users: Utilize an AWS Network Load Balancer (NLB) along with security groups to manage access controls effectively.

Security Measures: The loadbalancer must be publicly accessible from the Internet. We recommend implementing IP filtering to restrict access exclusively to our platform, enhancing your security posture.

2. Using AWS PrivateLink

For customers using AWS, AWS PrivateLink provides a secure and scalable way to connect services across different accounts and VPCs without exposing data to the public internet. This solution does not require further maintenance or updates after one-time setup.

For data sources in the AWS us-east-2 region, we can associate directly using AWS PrivateLink. If your data sources are in regions other than us-east-2, setup a intermediary VPC in the us-east-2 region and establish VPC peering to facilitate connectivity.

Steps to implement:

• Initial contact: Contact us so our support team can provide the necessary VPC ID for your environment.

• Setup AWS PrivateLink Service: Create an AWS PrivateLink in your VPC located in the us-east-2 region and authorize our VPC ID.

• Setup AWS PrivateLink Endpoint: Our team will set up an AWS Endpoint in our VPC that connects to your AWS PrivateLink.

• Connection Setup: Our technical support will ensure that the AWS PrivateLink is correctly established and used to securely connect to your data source.

Depending on the data source and environment, it may also require other cloud resources, such as internal AWS NLB, AWS Lambda.

Helpful links:

• Working with Redshift-managed VPC endpoints

• Access Amazon RDS across VPCs using AWS PrivateLink and Network Load Balancer

• AWS PrivateLink now Supports Access Over VPC Peering

3. Using SSH Tunneling

SSH tunneling can be setup to securely connect to data sources within a customer's private network. This solution allows for an encrypted point-to-point connection via the Internet.

Steps to implement:

• Public Key Provision: Our team will provide a public key specifically for the data source, allowing secure connection to the SSH bastion.

• SSH Bastion Setup: Setup an SSH bastion host that can access the data source directly.

• Access Authorization: Grant our platform access to an SSH bastion host within your network.

• Connection Setup: Our team will ensure that the SSH tunnel is correctly established and used to securely connect to your data source.

Security Measures: The SSH bastion must be publicly accessible from the Internet. We recommend implementing IP filtering to restrict access exclusively to our platform, enhancing your security posture.

4. Using Reverse Tunneling

If establishing a direct SSH connection is not feasible, reverse tunneling offers a secure alternative by using an external SSH broker to handle connections.

This method secures your data transmission by establishing an intermediary that handles all external connections, thereby not exposing any host in your private network directly to the Internet.

Steps to implement:

• Public Key Provision: Our team will provide a public key specifically for the data source, allowing secure connection to the SSH broker.

• SSH Broker Setup: Establish dedicated hosts that will act as SSH brokers. This could be an EC2 instance configured solely with an SSH server, or any other suitable VPS.

• Tunnel Creation: Set up an SSH or VPN tunnel from your private network to the SSH broker, so SSH broker can access data source.

• Access Authorization: Grant our platform access to an SSH broker host.

• Connection Setup: Our team will ensure that the SSH tunnel is correctly established and used to securely connect to your data source.

Security Measures: The SSH broker must be publicly accessible from the Internet. We recommend implementing IP filtering to restrict access exclusively to our platform, enhancing your security posture.

5. Other methods

We are open to meeting the needs of rigorous environments. If none of the solutions presented meet your requirements, still contact us to explore less common solutions.

Support and Troubleshooting

If you encounter any issues or require assistance during the setup process, our dedicated support team is available to help you with troubleshooting and guidance to ensure a smooth integration process.