Planning Analytics

 View Only

Migrating from Secure Gateway to Satellite Connector

By SAMI EL CHEIKH posted 22 days ago

  

In transitioning from Secure Gateway to Satellite Connector we wanted to ensure the experience was intuitive for both new and existing customers of Planning Analytics and Cognos Analytics.  The following flow is a work-in-progress design for Planning Analytics as to what you can expect from your experience with Satellite Connector that is targeting an in-product delivery in Q2 2024. These designs are subject to change, and we welcome your feedback in the comments to this post.

Step 1: Find the Satellite Connector tile

Navigate to the Planning Analytics Administration screen where existing customers would find Secure Gateway. Existing customers would be greeted with the following screen that has a deprecation notice on the Satellite Gateway tile and a notification banner at the top of the screen for administrators. New Customers would only see the Satellite Connector tile.

Step 2: Create a Satellite Connector

Once the Satellite tile has been selected, you will need to create a Satellite Connector that will connect to the agents and the endpoints associated. A Satellite connector provides a secure connection between a specific remote location and IBM Cloud. For more information please see the following document. Select the “Create connector” button.

Step 3: Name your Satellite connector

Enter a name for your Satellite Connector.

Step 4: Download the Agent, Configuration File and Access Key

Once the connector has been created, you can select the other tabs in the user interface: Endpoints and Agents. Select the Agent tab. Download the agent, the configuration File and the Access Key.

The Satellite Agent is the equivalent of the Secure Gateway Client and needs to be installed locally in your network. Note that you can have up to 6 agents per connector for high availability. The Windows server where you run your Connector agent must have at least 4 cores and 4GB memory for optimal performance. For more information please see this document.

Step 5: Configure the Agent(s) and test the connection to the Satellite Connector

Once the agent(s) have been configured successfully they will appear as entries on the Agents tab.

Step 6: Import your existing Secure Gateway connections (optional).

Select the Endpoints tab and click the Import button to import existing connections from Secure Gateway to Satellite.

Select all applicable Secure Gateway connections to import. Only those with valid Data source, DSN, Server host, Server port and Secure Gateway entries will be importable.

Step 7: Create new endpoints

To create new endpoints simply enter the information needed once “Create endpoint” has been selected on the Endpoints tab.

Step 8: Confirm successful connections

Once the endpoints have been created and the agents have been configured, we recommend you test your connections by selecting the context menu of your endpoint(s).

The import flow is meant to be a one-time migration. However, if the import from Secure Gateway was not successful, and you need to revert back to Secure Gateway as you transition, select the Undo button.

This action will restore all imported Secure Gateway data sources. 

3 comments
52 views

Permalink

Comments

Mirko Sereno Regis
10 days ago

Hello, 

Thanks, this looks very intuitive. Is there a specific minimum PAW version we need to have in order to have access to this new Administration area? 

Guy Hylton
13 days ago

When creating an end-point in Satellite itself there is a warning about also defining an ACL.

"If no rules are enabled, any client that is connected to the IBM Cloud private network can use the endpoint to connect to the destination resource that runs in your location"

Presumably this is also being setup as part of the Endpoint definition?  Allowing a customer to display the Endpoint ACL & confirm that only their PAoC environments can connect would be a useful addition & avoid the inevitable queries.

Bob Gill
22 days ago

Thank you for the post. This sounds like a great step towards a more robust architecture. I have a few questions though:

  1. Will there be instructions on how to setup a container for the client-side of the connection? We currently host a VM for the secure client for each environment. We would like to replace these VMs with containers to update our infrastructure.
  2. What kind of error handling or logging would be available with this new connection? It would be very helpful to have some mechanism of alerts/notification when a connection drops, starts nearing capacity or starts slowing down. 
  3. Will there be a list of supported datasources made available? I know some datasources (i.e. snowflake) have required additional installs to work with IBM secure gateway. It would be helpful to know if that will still be the case with these satellites.
  4. Will there be any monitoring capabilities within the PAW administration console? It would be helpful to see which satellite connections are in use, with thread counts, when large ETL processes are running.