Use a VPN to connect to an internal network
If there is a need to connect to databases inside internal protected networks, the best option is to configure a VPN that links the Altair AI Cloud network to the internal one.
It works this way:
-
The customer's tenant administrator configures an OpenVPN network in Altair AI Cloud.
-
When a database connection is activated using the VPN, a VPN process is launched, and the connection can read data from the internal database.
-
Once the workflow is complete, the VPN process is closed.
Let's see it in a bit more detail.
Configure the VPN
To configure the VPN, you need to have the admin role.
Read more: Creating configuration files for server and clients
Note that only OpenVPN is supported. The Cloud VPN acts as a client to the server VPN that needs to be deployed and configured at the customer's site.
The client configuration consists simply in uploading the OpenVPN client configuration files as a zip.
Configure a database connection to use the VPN
Once the tenant admin has added the VPN configuration, it becomes available for users to use in their connections. They just have to go to their connections, where they will find a new VPN switch.
The connection will use the VPN once the switch is activated.
How it all works together
When the user has activated the VPN switch in a connection, then the VPN will be run together with any workflow including that connection.
Take this simple workflow that reads from an internal database, does some ETL, then writes back.
When the workflow is executed, be it within the Designer, using a schedule or a deployment, the container running the workflow will also include what's called a sidecar container (in the Cloud Kubernetes infrastructure). That sidecar container runs the VPN, which connects to the customer's VPN server, allowing connections to the internal databases.
Once the workflow is complete, the VPN client is shut down, which means that the VPN is only kept while strictly necessary.