Overview, Installation, and Configuration of K2 Cloud On-prem Data Access

  • 24 February 2022
  • 0 replies
  • 605 views

Badge +5

Use this article for an overview of what K2 Cloud On-premises Data Access (K2 OPDA) is and how you can start using it.

For other options when connecting K2 Cloud to on-premises systems, see Connecting to On-Premises Data from K2 Cloud.

The information in this article requires that you purchase a license for K2 OPDA. If you have not yet purchased a license, please contact your Nintex Sales representative for details and pricing.

Overview

K2 OPDA is a secure mechanism by which you access on-premises data from K2 Cloud. Nintex recommends this approach over other data access mechanisms to utilize data stored in your on-premises line-of-business systems within your K2 Cloud-based solutions.

17688i6B67B12AAB62532F.png

 

It is important to keep in mind that K2 OPDA does not require a VPN connection from your K2 Cloud tenant to your on-premises network.  Your physical network remains safe with this approach, and on-premises assets are protected from the internet; only your K2 Cloud instance can access these on-premises data sources. In the architectural diagram, notice that your servers and data still reside on your LAN and not in the DMZ where they could be more vulnerable to attack.

Common uses of K2 OPDA include accessing proprietary, on-prem data sources stored in SQL, web services, and other data sources that K2 Cloud supports using SmartObject services. The OPDA connector is a virtual image that you download and deploy within your network which, once configured, creates a secure tunnel between your on-premises systems and your K2 Cloud tenant.

(For more details on K2 OPDA, please see the article How K2 Cloud On-prem Data Access Works . See attachment for full dataflow diagram)

Benefits

The benefits of using K2 OPDA to connect K2 Cloud to your on-premises data include:

  • Reduces the attack surface of on-premises network
  • Simplifies managing firewalls and the DMZ
  • Eliminates the need to store sensitive data in the DMZ
  • Simplifies adding new back-end services
  • Eliminates the possibility of users establishing direct connections from an untrusted network to specific hosts in the internal network
  • Can provide substantial cost savings by reducing or eliminating DMZ-based servers, both their physical hardware, OS, and application server licenses

Supported Data Sources

You can configure any combination of the following data sources in K2 Cloud that reside on your internal network. For the latest compatibility information, see Product Compatibility, Integration and Support.

  • Microsoft SQL Server 2014, 2016, and 2017
  • Microsoft Dynamics CRM 2013, 2015, and 2016
  • Microsoft Exchange 2013 and 2016
  • Oracle 11g (releases 1 & 2) and 12c
  • REST web services
  • WCF web services
  • SOAP web services
  • OData web services

Prerequisites

In order to surface on-premises LOB systems using Nintex K2 Cloud OPDA, you must first provide the following Line of Business (LoB) information to the Nintex K2 Cloud Operations team via your Nintex Support Case.

19127iCC97726C635327EA.png

For the case details, select the following options:

  • Subject: K2 Cloud OPDA - setup
  • Platform: K2
  • Product: Cloud

When you create your support case, provide the following details within the Description field:

  • K2 Cloud tenant URL (i.e. https://denallix.onk2.com)
  • Local OnPrem AD Domain name (i.e denallix.local)
  • LoB data source type (i.e. SQL Server, web service, etc.)
  • LoB data source IP address
  • LoB data source port
  • LoB data source protocol (i.e. TCP or UDP)

 Virtual Machine, Password, and Port Requirements

Next, you will be instructed to download the K2 Cloud OPDA connector virtual machine image (.VHD) from the Product Releases section of Nintex Customer Central by Nintex Support or by the Nintex Cloud Operations team.

19637i19DABDC263302DF0.png

Use the following information on the requirements for this VM:

K2 Cloud OPDA connector Requirements

  • 2 vCPUs, 4 GB RAM
  • Minimum processor type: Intel Xeon E5-2620 @ 2.00 GHz
  • One of the following Virtualization platforms
  • VMware ESX (6.0 or 6.5U2)
  • Microsoft Hyper-V (10.0.14393 or higher)
  • Citrix Hypervisor (7.4 or higher), Agent (7.1 or higher)

K2 Cloud OPDA connector Installation Configuration

To setup and start using the K2 OPDA connector, you must first purchase a license and have received the K2ODPA configuration seed file (ISO) from the K2 Cloud Ops team. Once you have these, follow the steps below:

Hyper-V

  1. Download the Virtual Hard Disk (VHD) file from Nintex Customer Central. The virtual image contains the K2 Cloud OPDA connector.
  2. Using your Virtualization platform, create a NEW virtual machine in your on-premises network. The following screenshots are using Microsoft Hyper-V:
    17690iDA4A0F428FDED4EE.png17691i428E187DF7592072.png
    17692iE6E4944F857AC37E.png
    17693i88FD8673CCFD88A6.png17694i09EE89B915A574CC.png
    17695i5A78B19DB8AE76A7.png

VMWare

  1. Download the image (ISO) file from Nintex Customer Central. The ISO contains the K2 Cloud OPDA connector image.
  2. Using your Virtualization platform, create a NEW virtual machine in your on-premises network using Linux Ubuntu. The following screenshots are using VMWare:

19953i6019869FC0CCD1B6.png

19954i550964E18AFECD94.png

19955iB8C79BBD3BA35735.png

19956iAEB1CBBCB3F5B932.png

19957i0C92F79D6AB37179.png

19959i800CCFCB64E6B0F8.png

 

K2 Cloud OPDA connector Configuration

  1. After the virtual machine is started and completed its boot process, you are presented with this console prompt.
    17696i01CE8C3CE9E1371C.png
  2. Attach the seed file (.iso) provided by K2 Cloud Ops team to one of the drives of the OPDA VM
    17699i8E80FEDDA478F12E.png
    17700i5093D968C77C6918.png
  3. You should get a confirmation that the seed file was found and the connector VM has been seeded. Eject the seed file (.iso) from the drive. The OPDA connector setup is now complete.
    17701i132F69F306813B22.png
     
  4. Allow the following ports on your external firewall such that the OPDA appliance can communicate over those ports

Port number

Type

Destination

Purpose

443

TCP

North America: 40.122.26.221, 52.173.203.226, 13.67.134.53

Europe: 13.95.112.125, 40.68.4.207, 20.101.38.119

OPDA uses Single Packet Authorization (SPA) packet for all communications from

the Client to Controllers and Gateways and between peers using TCP SPA mode.

443

UDP

North America: 40.122.26.221, 52.173.203.226, 13.67.134.53

Europe: 13.95.112.125, 40.68.4.207, 20.101.38.119

SPA is more effective when using UDP-TCP SPA.

53

UDP

North America: 40.122.26.221, 52.173.203.226, 13.67.134.53

Europe: 13.95.112.125, 40.68.4.207, 20.101.38.119

(SPA-DNS on 53 &  SPA-DTLS on 443) + TCP (as TLS extension)

123

UDP

0.ubuntu.pool.ntp.org

1.ubuntu.pool.ntp.org

2.ubuntu.pool.ntp.org

3.ubuntu.pool.ntp.org   

OPDA uses NTP Pool Project which is a cluster of timeservers to synchronize the

date time of OPDA appliance

See Also

For more information about K2 OPDA, see How K2 Cloud On-premises Data Access Works.


0 replies

Be the first to reply!

Reply