USER MANUALS


AWS Connectivity Guidelines

The goal of this guide is to explain how to configure the network infrastructure in AWS to allow connections from the Agora execution plane to your data sources and also how to enable you to connect to and access data at the Agora execution plane from external tools (consumers) like Power BI.

Default Scenario

By default, Agora will create network infrastructure in the client account according to the AWS recommendations about enabling instances in a private subnet to send outbound traffic to the internet.

Default Scenario

Please check NAT gateway use cases: Access the internet from a private subnet for more information.

The Network Elements

  • A new VPC in the selected region. Please check AWS VPC documentation for further details.

  • Two subnets, one private to host the Agora servers and one public to host the NAT gateway and public load balancers network interfaces.

The CIDR block will be divided between them leaving only around 25 addresses to be used in the public one, maximizing the addresses to use in the private one.

For example, when indicating 10.2.0.0/24 as the CIDR block for the subnets, the private subnet will be allocated with a CIDR of 10.2.0.0/25 and the public one with a CIDR of 10.2.0.128/27.

Note that each subnet has its own route table to ensure the private subnet is totally isolated from external inbound traffic.

  • An Internet Gateway to allow communication between your VPC and the internet. Please check AWS internet gateway documentation for further details.

  • A NAT Gateway to allow outbound connections to the internet from the private subnet. Please check AWS NAT gateways documentation for further details.

  • The NAT gateway requires an elastic IP.

Southbound Connections

How to Connect to Public Data Sources

Since the Agora execution plane servers have access to the Internet you need to do nothing when your data sources are accessible through the Internet.

How to Connect to AWS Data Sources

Since the data sources are not public you will need to give access them to the Agora Execution Plane servers. You can use a VPC peering to communicate between the Agora Execution Plane servers and the data source. Please check AWS What is VPC peering documentation for further details.

For example, to connect to Amazon Aurora RDBMS follow these steps:

  1. Create a VPC peering between the VPC created by Agora and the VPC where the Aurora RDBMS is running.

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select Peering Connections.

    4. Choose create Peering Connection

    5. Select the VPC created by Agora as the VPC requester.

    6. If the Aurora RDBMS is in the same account as the Agora Execution Plane:

      1. Check My Account

      2. Select the region where the Aurora RDBMS is running.

      3. Select the VPC where the Aurora RDBMS is running

      Create Peering Connection
    7. If the Aurora RDBMS is in a different account:

      1. Check Another Account

      2. Fill the VPC Accepter account ID with the Aurora RDBMS account ID.

      3. Fill the VPC Accepter ID with the Aurora RDBMS VPC ID.

      Configure Peering Connection
    8. Press the Create peering connection button and write down the peering connection ID.

    9. Select Peering Connections.

    10. Choose peering created before.

    11. From the Actions menu, select Edit DNS Settings.

    12. Click to enable DNS resolution. If Aurora RDBMS is running in another account/region you should allow requester VPC to resolve DNS of accepter VPC managing the Aurora RDBMS account.

    13. If the Aurora RDBMS is in the same account as the Agora Execution Plane:

      1. Navigate to the VPC Dashboard.

      2. Select Peering Connections.

      3. The peering created before should appear as “Pending acceptance”, so select it and perform the action Accept request.

      Accept Peering Connection
    14. If the Aurora RDBMS is in a different account than the Agora Execution Plane:

      1. Connect to the AWS console to manage the Aurora RDBMS account.

      2. Navigate to the VPC Dashboard.

      3. Select Peering Connections.

      4. The peering created before should appear as “Pending acceptance”, so select it and perform the action Accept request.

    15. Write down the Requester CIDRs and the Accepter CIDRs. You will need it later, when configuring the routes.

  2. Modify the route tables to enable traffic through VPC peering

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select subnets.

    4. Filter by the VPC created by Agora.

    5. Choose the subnet whose name does not begin with aux-denodo-agora-*.

    6. Choose the route table associated with it.

    7. Select it and perform the action Edit routes

    8. Add a new route to the peering created before to the Accepter CIDR.

    9. If the Aurora RDBMS is running in a different account, connect to the AWS console to manage the Aurora RDBMS account. Do nothing if running in the same account

    10. Navigate to the VPC Dashboard.

    11. Select subnets.

    12. Filter by the VPC of the Aurora RDBMS.

    13. One by one, select the route table subnets used by the Aurora RDBMS.

    Subnet Route
    Subnet Edit Route

    n. Perform the action Edit routes m. Add a new route to the peering created before to the Requester CIDR.

  3. Create and test a new data source in Design Studio.

Create Datasource

How to Connect On-Premises or Privately Running in Other Cloud Providers Data Sources

Since the data sources are not public, you must give access to the Denodo servers. This scenario will require a VPN between the VPC of the Denodo servers and the private network of the data sources.

Northbound Connections

How to Connect to Agora from the Internet

Since the Agora Execution Plane servers are running in a private network you will have no access to them from any client tool running on the Internet.

The only way to connect from the Internet is to open the load balancers to the Internet, as done for the Data Catalog.

In this case, you should create the cluster using the Provisioning manually option and enable the Internet Facing Load Balancer option.

How to Connect from Running in AWS Clients

Since the Agora Execution Plane servers are running in a private network you will need to give access to them. You can use a VPC peering to communicate between the Agora Execution Plane servers and the client tool.

Please check AWS What is VPC peering documentation for further details.

For example, to connect from a Tableau Desktop follow these steps:

  1. Create a VPC peering between the VPC created by Denodo Managed services and the VPC where the Tableau Desktop is running.

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select Peering Connections.

    4. Choose create Peering Connection

    5. Select the VPC created by Agora as the VPC requester.

    6. If the Aurora RDBMS is in the same account as the Agora Execution Plane:

      1. Check My Account

      2. Select the region where the Tableau Desktop is running.

      3. Select the VPC where the Tableau Desktop is running

      Create Peering Connection
    7. If the Tableau Desktop is in a different account than the Agora Execution Plane:

      1. Check Another Account

      2. Fill the VPC Accepter account ID with the Tableau Desktop account ID.

      3. Fill the VPC Accepter ID with the Tableau Desktop VPC ID.

      Configure Peering Connection
    8. Press the Create peering connection button and write down the peering connection ID.

    9. Select Peering Connections.

    10. Choose peering created before.

    11. From the Actions menu, select Edit DNS Settings.

    12. Click to enable DNS resolution. If Tableau Desktop is running in another account/region you should allow requester VPC to resolve DNS of accepter VPC managing the Tableau Desktop account.

    13. If the Tableau Desktop is in the same account as the Agora Execution Plane:

      1. Navigate to the VPC Dashboard.

      2. Select Peering Connections.

      3. The peering created before should appear as “Pending acceptance”, so select it and perform the action Accept request.

      Accept Peering Connection
    14. If the Tableau Desktop is in a different account than the Agora Execution Plane:

      1. Connect to the AWS console to manage the Tableau Desktop account.

      2. Navigate to the VPC Dashboard.

      3. Select Peering Connections.

      4. The peering created before should appear as “Pending acceptance”, so select it and perform the action Accept request.

    15. Write down the Requester CIDRs and the Accepter CIDRs. You will need it later when configuring the routes.

  2. Modify the route tables to enable traffic through VPC peering

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select subnets.

    4. Filter by the VPC created by Agora.

    5. Choose the subnet whose name does not begin with aux-denodo-agora-*.

    6. Choose the route table associated with it.

    7. Select it and perform the action Edit routes

    8. Add a new route to the peering created before to the Accepter CIDR.

    9. If the Tableau Desktop is running in a different account, connect to the AWS console to manage the Tableau Desktop account. Do nothing if running in the same account

    10. Navigate to the VPC Dashboard.

    11. Select subnets.

    12. Filter by the VPC of the Tableau Desktop.

    13. Select the route table used by the Tableau Desktop subnet.

    Configure Route Table
    Route Table
    1. Perform the action Edit routes

    2. Add a new route to the peering created before to the Requester CIDR.

  3. Connect to the Agora Execution servers from Tableau Desktop.

    1. To obtain the host to connect to you will need to go to Design Studio.

    Connected
    1. Configure Tableau Desktop to connect to the Agora Execution Plane server.

      1. Follow the steps of the document How to connect to Denodo from Tableau Desktop

      2. Connect to the Agora Execution Plane server using your Agora credentials.

      Configure Agora credentials
      Agora connected

How to Connect from On-Premises or Privately Running in Other Cloud Providers Clients

Since the Agora Execution Plane servers are not accessible from the Internet, you will need to give access to them. This scenario will require a VPN between the VPC of the Agora Execution Plane servers and the private network of the client tools.

Add feedback