Friday, 19 August 2016

Setting up Secure Gateway for connecting to On-Prem sources using IBM DataWorks Forge

One of the key use cases for IBM DataWorks Forge is to move data from different on-prem sources into cloud based targets.  Examples of on-prem sources supported by IBM DataWorks Forge are: IBM Db2, Oracle, IBM Pure Data For Analytics, IBM Informix, etc.  Similarly examples of cloud based targets include IBM dash DB, IBM Db2, Amazon S3, Bluemix Object Storage, etc.  

In order to connect to any on-prem source, IBM DataWorks Forge makes use of IBM Secure Gateway service.  The Secure Gateway Service brings Hybrid Integration capability to your Bluemix environment. It provides secure connectivity from Bluemix to other applications and data sources running on-premise or in other clouds. A remote client is provided to enable secure connectivity.  In this blog post we will explain how to configure the Secure Gateway for usage with IBM DataWorks Forge.

  1. Open the IBM DataWorks Forge GUI in Bluemix.  For details on how to create a IBM DataWorks Forge service instance you can refer to the following blog post.
  2. Click on the "Secure Gateway" link on the left hand side panel under the "ADMIN" section
  3. Click on "Add Gateway" button.
  4. Provide a name for the secure gateway.  If you do not want the token which is used by on-prem clients for connecting to the gateway to expire, uncheck the box of "Token expiration".  Click on "Add Gateway".
  5. A new gateway will be created and will be shown in the list.  Click on the newly created gateway and it will show the details of the gateway.  On that page, click on "Add Clients" button at the top.
  6. There are three ways to connect to the gateway.  We will provide the details of using a docker based approach.  Hence select the bullet for "docker".
  7. It will show you a command which needs to be run on the machine where the secure gateway client is to be run.  Copy this command.
  8. You will need a machine in the on-prem environment where the secure gateway client needs to be installed.  On this environment, you need to first install docker (if it is not already installed). 
  9. In our testing we installed docker on a machine with OS Windows 7.1FP1 or higher.  The steps for installing are available at:  Once docker is installed, it also installs SSH on the windows machine. We need to ensure that the path for SSH is added to the PATH environment variable in System properties.  SSH is typically installed in C:\Program Files (x86)\Git\bin folder in windows.  Hence add this folder to the PATH environment variable in System properties.
  10. Once the above is done, open an command prompt  and execute the following commands:
    1. Change the directory to the folder where docker is installed.  It is typically installed in c:\Program Files\Boot2Docker
    2. Run the following command: "boot2docker init".  This is a onetime activity which is to be run the first time you install docker on the machine.
    3. Then run the following two commands
      1. boot2docker start
      2. boot2docker ssh

Commands mentioned in step 10.3 are to be run in a window which needs to be kept open whenever you want to read data from an on-prem source.  If the window is closed, you can open a new window and run the commands (in 10.3) again.

You can ensure that your docker is up-to-date by running the following command: 

docker pull ibmcom/secure-gateway-client

Once the above steps have been done, you can run the command mentioned in Step 7 above, e.g., docker run -it bluemix/secure-gateway-client <gateway_id>. This will download the Secure Gateway client, run it, and connect to the gateway.    Please note that whenever you wish to connect to an on-prem source, you will have to ensure that the command is running in a window on the on-premises machine.

Please ensure that there is no firewall between the machine on which docker is installed and the source.  An easy way to check this is to ensure that you can telnet to the source from the machine on which docker is installed. 

Once this is done, you are good to go!  


No comments:

Post a Comment