How to connect to cloud-based/on-premise applications using TIBCO Cloud Hybrid connectivity (VPN or ProxyAgent)
Article ID: KB0073783
Updated On:
| Products | Versions |
|---|---|
| TIBCO Cloud Integration | N/A |
Description
We interact with both cloud based as well as on premise applications.When we connect to these applications from our machines we just have to take care of firewalls(at least from network perspective if other configurations are good). But there are certain prerequisites which need to taken care of when we need to connect to these applications from TIBCO Cloud Integrations(TCI). What are these pre-requistes and how to configure them?
Issue/Introduction
How to connect to cloud-based/on-premise applications using TIBCO Cloud Hybrid connectivity (VPN or ProxyAgent) e.g. databases from TIBCO Cloud Integration(TCI)
Environment
TIBCO Cloud
TIBCO Cloud Integration (TCI)
Resolution
To interact with cloud-based applications:
1. Ensure that the exposed port which your application uses falls under the range allowed by TCI.
To get a complete list, please refer:https://integration.cloud.tibco.com/docs/index.html#tci/getstarted/reference/open-ports.html
If your application is using a port beyond this range you will not be able to connect to this application from TCI.
2. You will need to whitelist a few IP addresses(based on region) to allow traffic from TIBCO® Cloud Integration.
https://integration.cloud.tibco.com/docs/index.html#tci/getstarted/reference/whitelisting.html
Example: If we have an Aurora database running on port 3306 then it's security group should have following entries for US region:
To interact with on-premise applications:
You can use two-hybrid connectivity options to connect to your on-premise application from TCI:
1. VPN
2. TIBCO Cloud Proxy agent using tibtunnel.
Please refer the following article regarding advantages of one over the other:
https://support.tibco.com/s/article/Hybrid-Connectivity-Proxy-Agent-Advantages-over-VPN
Steps for using VPN:
1. Review the prerequisites: https://integration.cloud.tibco.com/docs/index.html#tci/using/using-apps/vpn/prerequisites.html
2. Follow the steps mentioned here to create a new connection: https://integration.cloud.tibco.com/docs/index.html#tci/using/using-apps/vpn/creating-connection.html
Screenshots of the new connection:
After saving the connection if the connection is established:
3. First of all test your application with an on-premise database running within your VPN. Once this is working upload and deploy your application on TCI.
Follow the steps mentioned here to use the VPN Connection created in step 2: https://integration.cloud.tibco.com/docs/index.html#tci/using/using-apps/vpn/using-vpn.html
Steps for using TIBCO Cloud Proxy agent:
1. Download the TIBCO Cloud Proxy agent a.k.a tibtunnel by clicking "Downloads" in your TIBCO Cloud Home page. It needs to be downloaded on the host machine where your on-premise database/application is running and which you plan to use in your deployed application on TCI
2. Create an Access Key by going to TIBCO Cloud Home page -> Setting -> Advanced Settings -> Create New Access Key.
For example:
Save this Secret Access Key as it would be required in a further step.
3. Create a profile by running the following command:
e.g. Here profile name is "profileName" and secret key is "DI0cXrJgO+ffcFzMNNO3yGlnuQAWgg7cWVqsO3afAwo"
4. Create an application that needs to be deployed to TCI. Test it locally just to check everything is working fine.
For example: I created an application that is connecting to SQL Server running on my local machine. Here I am running SQL Server on port 1433 and hostname is Ssingh-Z240.na.tibco.com
5. Push the application to TCI. It will start and you can see the application will give an error as it is not connecting to on premise application.
6. Now navigate to App Details > Environment Controls > Hybrid Connectivity panel, select the access key and click "Update App".
Now note down the appID shown below the Access Key on the App Details > Environment Controls > Hybrid Connectivity panel i.e. everything starting with tunnel e.g. tunnel/opgltyfl23jez3ugnjmt5g7enyjxp4gf
7. Start the agent on your on premise by running the following command:
Note:
The connect URL is
For example: We will use the profile "profileName" created in Step3. On Premise, host is "Ssingh-Z240.na.tibco.com" and On Premise, port is "1433". We will continue using "1433" as 'appPort'. Connect URL for US region would be https://integration.cloud.tibcoapps.com/+<<value noted in Step 6>> i.e. https://integration.cloud.tibcoapps.com/tunnel/opgltyfl23jez3ugnjmt5g7enyjxp4gf
So the command looks like:
8. Restart the app and it should connect to your on premise application
1. Ensure that the exposed port which your application uses falls under the range allowed by TCI.
To get a complete list, please refer:https://integration.cloud.tibco.com/docs/index.html#tci/getstarted/reference/open-ports.html
If your application is using a port beyond this range you will not be able to connect to this application from TCI.
2. You will need to whitelist a few IP addresses(based on region) to allow traffic from TIBCO® Cloud Integration.
| The IP addresses for the US region are:
The IP addresses for the EU region are:
The IP addresses for the AU region are:
|
https://integration.cloud.tibco.com/docs/index.html#tci/getstarted/reference/whitelisting.html
Example: If we have an Aurora database running on port 3306 then it's security group should have following entries for US region:
To interact with on-premise applications:
You can use two-hybrid connectivity options to connect to your on-premise application from TCI:
1. VPN
2. TIBCO Cloud Proxy agent using tibtunnel.
Please refer the following article regarding advantages of one over the other:
https://support.tibco.com/s/article/Hybrid-Connectivity-Proxy-Agent-Advantages-over-VPN
Steps for using VPN:
1. Review the prerequisites: https://integration.cloud.tibco.com/docs/index.html#tci/using/using-apps/vpn/prerequisites.html
2. Follow the steps mentioned here to create a new connection: https://integration.cloud.tibco.com/docs/index.html#tci/using/using-apps/vpn/creating-connection.html
Screenshots of the new connection:
After saving the connection if the connection is established:
3. First of all test your application with an on-premise database running within your VPN. Once this is working upload and deploy your application on TCI.
Follow the steps mentioned here to use the VPN Connection created in step 2: https://integration.cloud.tibco.com/docs/index.html#tci/using/using-apps/vpn/using-vpn.html
Steps for using TIBCO Cloud Proxy agent:
1. Download the TIBCO Cloud Proxy agent a.k.a tibtunnel by clicking "Downloads" in your TIBCO Cloud Home page. It needs to be downloaded on the host machine where your on-premise database/application is running and which you plan to use in your deployed application on TCI
2. Create an Access Key by going to TIBCO Cloud Home page -> Setting -> Advanced Settings -> Create New Access Key.
For example:
Save this Secret Access Key as it would be required in a further step.
3. Create a profile by running the following command:
| /tibtunnel configure --profile <<profileName>> --accessKey <<Secret Key created in Step2>> |
| c:\Users\ssingh\Downloads>tibtunnel configure --profile profileName --accessKey DI0cXrJgO+ffcFzMNNO3yGlnuQAWgg7cWVqsO3afAwo [OK] Configuration for profile 'profileName' was saved |
4. Create an application that needs to be deployed to TCI. Test it locally just to check everything is working fine.
For example: I created an application that is connecting to SQL Server running on my local machine. Here I am running SQL Server on port 1433 and hostname is Ssingh-Z240.na.tibco.com
5. Push the application to TCI. It will start and you can see the application will give an error as it is not connecting to on premise application.
6. Now navigate to App Details > Environment Controls > Hybrid Connectivity panel, select the access key and click "Update App".
Now note down the appID shown below the Access Key on the App Details > Environment Controls > Hybrid Connectivity panel i.e. everything starting with tunnel e.g. tunnel/opgltyfl23jez3ugnjmt5g7enyjxp4gf
7. Start the agent on your on premise by running the following command:
| ./tibtunnel connect --profile <<profile name>> -s <<appPort>>:<<onPremiseHostname>>:<<onPremisePort>> <<connect URL>> |
Note:
The connect URL is
https://<region>.integration.cloud.tibcoapps.com/tunnel/<appID>. It is where the TIBCO Cloud - Proxy Agent will connect in order to establish the tunnel connection. The value of appID is shown below the Access Key on the App Details > Environment Controls > Hybrid Connectivity panel.For example: We will use the profile "profileName" created in Step3. On Premise, host is "Ssingh-Z240.na.tibco.com" and On Premise, port is "1433". We will continue using "1433" as 'appPort'. Connect URL for US region would be https://integration.cloud.tibcoapps.com/+<<value noted in Step 6>> i.e. https://integration.cloud.tibcoapps.com/tunnel/opgltyfl23jez3ugnjmt5g7enyjxp4gf
So the command looks like:
| c:\Users\tci>tibtunnel connect --profile profileName -s 1433:Ssingh-Z240.na.tibco.com:1433 https://integration.cloud.tibcoapps.com/tunnel/opgltyfl23jez3ugnjmt5g7enyjxp4gf time="2019-05-09T12:20:15-07:00" level=info msg="Starting tibtunnel client..." time="2019-05-09T12:20:16-07:00" level=info msg="client started and connected to 34.208.165.226:443" time="2019-05-09T12:21:57-07:00" level=info msg="There is no container running for tunnel /tunnel/opgltyfl23jez3ugnjmt5g7enyjxp4gf" time="2019-05-09T12:22:07-07:00" level=info msg="There is no container running for tunnel /tunnel/opgltyfl23jez3ugnjmt5g7enyjxp4gf" time="2019-05-09T12:22:18-07:00" level=info msg="client started and connected to 35.166.9.214:443" |
| NOTE: The value of region is eu-west-1 for the EU instance, ap-southeast-2 for the AU instance, or can be omitted for the US instance.<ConnectURL> format For US :https://integration.cloud.tibcoapps.com/tunnel/<appID> For EU :https://eu-west-1.integration.cloud.tibcoapps.com/tunnel/<appID> For AU :https://ap-southeast-2.integration.cloud.tibcoapps.com/tunnel/<appID> |
8. Restart the app and it should connect to your on premise application
Additional Information
Feedback
Yes
No
Powered by
