Connecting to On-Premises Data from K2 Cloud

  • 16 February 2021
  • 0 replies
  • 470 views

Userlevel 5
Badge +20
 

Connecting to On-Premises Data from K2 Cloud

KB002939

PRODUCT
K2 Cloud K2 Cloud

 

Use this article to discover options available for connecting your K2 Cloud environment to data that exists on-premises, such as in a private network or a different cloud environment. Use this data in applications you build in K2 Cloud. Supported on-premises systems include any system with which K2 Cloud has a standard integration capability. However, some sources such as SharePoint are not supported.

This article does not outline the specific steps to implement these approaches. You must review factors such as security, availability, and speed for your individual needs when deciding to implement any of these solutions.

 

 

Table of Contents

Summary of Approaches

Use one or more of the following approaches and features to access on-premises data from K2 Cloud.

A note about authentication: Each approach described below for using on-premises data in K2 Cloud applications requires credentials for accessing each data source. K2 Cloud allows you to configure different connection credentials for each data source instance, but you must determine what the best approach is for your security and data requirements.

K2 Cloud On-premises Data Access

This approach allows you to configure a K2 Cloud On-premises Data Access connection from K2 Cloud to your on-premises systems. K2 Cloud On-premises Data Access is a service that enables you to connect line-of-business systems within your on-premises data centers while avoiding some of the inherent complexities of VPN (or other offerings described within this guide).17451i67A7B66BD8F5A4E0.png

 

Implementation

For more information about implementing the customer requirements for K2 Cloud OPDA as well as details around deployment, see Configuring K2 Cloud On-prem Data Access.

Site to Site VPN

This approach allows you to configure a VPN connection from K2 Cloud to your on-premises systems. Creating and maintaining this VPN connection requires an additional subscription from K2, but you are responsible for configuring and maintaining your on-premises network infrastructure that allows the VPN connection. You cooperate with the K2 Cloud Operations team to configure this approach. Any system that K2 Cloud connects to using this approach must be accessible using DNS or directly by IP address and port. Once you do this you can create a service instance and SmartObjects to use data in K2 Cloud.

If you have multiple K2 Cloud environments, each environment connects to the same on-premises systems by sharing the networking infrastructure across K2 Cloud environments.

17452i558270FE72E6C792.png

 

Implementation

For more information about implementing a VPN connection from K2 Cloud to your on-premises network, see Configuring a VPN Connection in K2 Cloud. Note that you must work with the K2 Cloud Operations team to configure a VPN connection.

 

Opening Network Firewall Ports

This approach allows you to selectively open one or more firewalls ports for inbound and/or outbound traffic. If you prefer to not have K2 Cloud applications accessing your systems directly, you can configure a reverse proxy to manage the communication flow between internal data sources and K2 Cloud.

17453i6E0B7004CBA2DE60.png

 

Allowing external systems such as K2 Cloud to your on-premises data by opening firewall ports is a security risk that must be carefully planned and monitored. In many cases, using a reverse proxy provides better security. Also, configuring authentication and whitelisting your K2 Cloud IP addresses is strongly recommended.

Implementation

You are responsible for both networking configuration as well as any additional infrastructure costs to support the security of your on-premises systems. Any system that K2 Cloud connects to using this approach must be accessible using DNS or directly by IP address and port. Once you do this you can create a service instance and SmartObjects to use data in K2 Cloud.

Placing Systems in a DMZ

Similar to opening firewall ports, you may choose to locate your data source outside your on-premises in a protected demilitarized zone (DMZ). These systems could be accessed directly by K2 Cloud or with a reverse proxy that manages communication to the data source behind the firewall.

17454iFEE9AE986FB67E00.png

 

Implementation

You are responsible for both networking configuration as well as any additional infrastructure costs to support the security of your on-premises and DMZ systems. Any system that K2 Cloud connects to using this approach must be accessible using DNS or directly by IP address and port. Once you do this you can create a service instance and SmartObjects to use data in K2 Cloud.

 

Configuring Feature Instances and Service Instances

Use the information in this section to configure a feature instance or service instance to connect to an on-premises server or service.

Before you configure a feature or service instance, you must have a working, dedicated connection from your K2 Cloud tenant to your on-premises network, using one of the connection options described above.

The authentication mode used to connect to on-premises systems from K2 Cloud is limited to static credentials, meaning that you cannot configure Impersonate, OAuth, Service Account, or Single Sign-On (SSO) to connect from K2 Cloud to your on-premises systems or services. SmartObjects based on connections from K2 Cloud to your private network and used in K2 Cloud solutions only use the static identity you configure for the feature or service instance in every connection (method) made to your on-premises systems or services.

 

The systems/services that you want to connect to must be supported versions of that technology. See the Product Compatibility, Integration and Support page for more information about supported versions of the technologies listed below.

Microsoft Dynamics CRM

To connect to a Dynamics CRM server using a new CRM service instance, follow these steps:

  1. Navigate to K2 Management > Integration > Service Types
  2. Select CRM in the Service Types list and click New Instance
  3. On the Configure Service Instance page, specify a Display Name and Description (optional)
  4. Select Static for the Authentication Mode
  5. Specify a User Name and Password
  6. Specify your CRMServerURL and OrganizationName
  7. Your final page should look similar to the following. Click OK to generate the service instance.

Image

 

  1. Once the service instance is ready, you can create SmartObjects for that service instance. You can use K2 Designer to manually create advanced SmartObjects, or alternatively:
    1. Navigate to K2 Management > Integration > Service Instances and select the instance you created
    2. Click Generate SmartObjects from the toolbar
    3. On the Generate SmartObjects page, check the Select All option and then click OK to create your SmartObjects

 

Once created, the SmartObjects are ready to use in your K2 solutions.

You may get the following error when trying to refresh your CRM Online service instance or execute any CRM online related SmartObject:

"An error occurred when processing the security tokens in the message: You are using Ws-Trust authentication which has been deprecated and no longer supported in your environment. Please use OAuth 2.0 authentication."

If you do, make sure you change the Use OAuth Protocol with Static Credentials Service Keys setting to true.

The reason this error is appearing is that Microsoft deprecated the WS-Trust authentication type (also known as Office365 authentication type). You can find more information in the article Deprecation of Office365 authentication type and OrganizationServiceProxy class for connecting to Dataverse.

Microsoft SQL Server

To connect to a Microsoft SQL Server using a new SQL Server service instance, follow these steps:

  1. Navigate to K2 Management > Integration > Service Types
  2. Select SQL Server Service in the Service Types list and click New Instance from the toolbar
  3. On the Configure Service Instance page, specify a Display Name and Description (optional)
  4. Select Static for the Authentication Mode
  5. Specify a User Name and Password
  6. Change the On Different SQL Server service key to true
  7. Specify a Database and a Server
  8. Your final page should look similar to the following. Click OK to generate the service instance.

Image

 

  1. Once the service instance is ready, you can create SmartObjects for that service instance. You can use K2 Designer to manually create advanced SmartObjects, or alternatively:
    1. Navigate to K2 Management > Integration Service Instances and select the instance you created
    2. Click Generate SmartObjects from the toolbar
    3. On the Generate SmartObjects page, check the Select All option and then click OK to create your SmartObjects

 

Once created, the SmartObjects are ready to use in your K2 solutions.

 

If you want to pass user context to SQL in scenarios when it is available on the method, such as SQL-based SmartObject methods used in a SmartForm, see Pass Identity Information to Microsoft SQL Server for Security and Auditing.

 

REST/WCF/OData/ASMX Web Services

To connect to a REST, WCF, OData, or SOAP web service using a new service instance of the appropriate service type, follow these steps:

 

  1. Navigate to K2 Management > Integration > Service Types
  2. Select one of the following Service Types in the list below, as appropriate for the service you are connecting to, and click New Instance from the toolbar
    1. Endpoints WCF
    2. Endpoints WebService
    3. OData
    4. REST
  3. On the Configure Service Instance page, specify a Display Name and Description (optional)
  4. Select Static for the Authentication Mode
  5. Depending on the service you’re connecting to, you may choose to leave the User Name and Password blank or provide values for it if the service requires a login.
  6. Specify values for the service instance options, such as a Service Endpoint URL and Service Metadata URL for WCF, a WebService URL for WebService, an OData Service URL for OData, or a Descriptor Location for REST.
  7. Click OK to generate the service instance
  8. Once the service instance is ready, you can create SmartObjects for that service instance. You can use K2 Designer to manually create advanced SmartObjects, or alternatively:
    1. Navigate to K2 Management > Integration > Service Instances and select the instance you created
    2. Click Generate SmartObjects from the toolbar
    3. On the Generate SmartObjects page, check the Select All option and then click OK to create your SmartObjects

 

Once created, the SmartObjects are ready to use in your K2 solutions.

Exchange

There are two different ways to connect to an Exchange server. The recommended way is to create an instance of the Exchange Online feature (which can also be used to connect to a Microsoft Exchange Server on-premises running Exchange Web Services with the Exchange2013 schema) and use static credentials. To do this, follow these steps:

  1. Navigate to K2 Management > Features
  2. Select the Exchange Online feature and click New Instance from the toolbar
  3. On the Add Feature Instance page, specify a Name, Description, and EWS URL
  4. Click Static in the Authentication section and specify a Username and Password
  5. Click Add to create the feature instance

Image

  1. Once the service instance is ready, you can create SmartObjects for that service instance. You can use K2 Designer to manually create advanced SmartObjects, or alternatively:
    1. Navigate to K2 Management > Integration Service Instances and select the instance you created
    2. Click Generate SmartObjects from the toolbar
    3. On the Generate SmartObjects page, check the Select All option and then click OK to create your SmartObjects

 

Once created, the SmartObjects are ready to use in your K2 solutions.

The other method of connecting to an Exchange server on-premises is to configure an instance each of the Exchange Management, Exchange Administration, and Exchange Metadata services. If you choose this method, configure the authentication of the service instances as Static with a User Name and Password.

Oracle

To connect to an Oracle server using a new Oracle service instance, follow these steps:

  1. Navigate to K2 Management > Integration > Service Types
  2. Select Oracle Service in the Service Types list and click New Instance from the toolbar
  3. On the Configure Service Instance page, specify a Display Name and Description (optional)
  4. Select Static for the Authentication Mode
  5. Specify a User Name and Password
  6. Specify values for the Owner List and Connection String. You typically use the same identity information as in step 5.
  7. Specify values for the required Oracle service keys, including Get Views, Get Procedures, Decimal Precision and Scale, Complex output as XML, Get Packages, Get Tables, and Get Functions.
  8. Your final page should look similar to the following. Click OK to generate the service instance.

Image

Image

  1. Once the service instance is ready, you can create SmartObjects for that service instance. You can use K2 Designer to manually create advanced SmartObjects, or alternatively:
    1. Navigate to K2 Management > Integration Service Instances and select the instance you created
    2. Click Generate SmartObjects from the toolbar
    3. On the Generate SmartObjects page, check the Select All option and then click OK to create your SmartObjects

 

Once created, the SmartObjects are ready to use in your K2 solutions.


0 replies

Be the first to reply!

Reply