USER MANUALS

AWS Connectivity Guidelines

This guide explains how to configure the network infrastructure in AWS to enable connections from the Agora execution plane to your data sources and also connections from external tools (consumers) such as Power BI or Tableau to the Agora execution plane to access data.

Default Scenario

By default, Agora creates network infrastructure in the client account according to AWS recommendations regarding the enablement of instances in a private subnet to send outbound traffic to the internet.

Default Scenario

Please review the AWS documentation NAT gateway use cases: Access the internet from a private subnet for more information.

The Network Elements

The default network elements created by Agora comprise:

  • A new VPC in the selected region. Please see the AWS VPC documentation for further details.

  • Two subnets, one private to host the Agora servers and one public to host the NAT gateway and public load balancer’s network interfaces.

    • The CIDR block for the VPC, is divided between the subnets allocating approximately 25 addresses to the public subnet, while the remaining addresses are used in the private subnet.

    • For example, when indicating 10.2.0.0/24 as the CIDR block for the subnets, the private subnet will be allocated with a CIDR of 10.2.0.0/25 and the public one with a CIDR of 10.2.0.128/27.

    • Note that each subnet has its own route table to ensure the private subnet is totally isolated from external inbound traffic.

  • An Internet Gateway to allow communication between the VPC and the internet. Please see the AWS internet gateway documentation for further details.

  • A NAT Gateway to allow outbound connections to the internet from the private subnet. Please see the AWS NAT gateways documentation for further details.

  • The NAT gateway requires an elastic IP address.

Southbound Connections

How to Connect to Public Data Sources

The Agora execution plane servers have access to the Internet by default, so there is no further configuration needed to enable connectivity to data sources accessible via the Internet.

How to Connect to AWS Data Sources

AWS data sources are not public so the Agora Execution Plane servers need to be given network access to them. VPC peering can be used to enable network communication between the Agora Execution Plane servers and the AWS data source. Please see the AWS What is VPC peering documentation for further details.

For example, to connect to an Amazon Aurora RDBMS follow these steps:

  1. Create a VPC peering between the VPC created by Agora and the VPC where the Aurora RDBMS is running:

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select Peering Connections.

    4. Choose the create Peering Connection option.

    5. Select the VPC created by Agora as the VPC requester.

    6. If the Aurora RDBMS is in the same account as the Agora Execution Plane:

      • Select My Account as the account for the VPC of the Aurora RDBMS (Accepter).

      • Select the region where the Aurora RDBMS is running.

      • Select the VPC where the Aurora RDBMS is running.

      Create Peering Connection

    7. If the Aurora RDBMS is in a different account:

      • Select Another Account as the account for the VPC of the Aurora RDBMS (Accepter).

      • Fill the VPC Accepter Account ID with the Aurora RDBMS account ID.

      • Fill the VPC Accepter ID with the Aurora RDBMS VPC ID.

      Configure Peering Connection

    8. Press the Create peering connection button and write down the peering connection ID.

    9. Select Peering Connections again in the VPC Dashboard.

    10. Choose the peering created in the previous steps.

    11. From the Actions menu, select Edit DNS Settings.

    12. Click to enable DNS resolution. If the Aurora RDBMS is running in another account/region you should allow the requester VPC to resolve the DNS of accepter VPC managing the Aurora RDBMS account.

    13. If the Aurora RDBMS is in the same account as the Agora Execution Plane:

      • Navigate to the VPC Dashboard.

      • Select Peering Connections.

      • The peering connection created in the previous steps, this should appear as “Pending acceptance”, select it and perform the action Accept request.

        Accept Peering Connection

    14. If the Aurora RDBMS is in a different account to the Agora Execution Plane:

      • Connect to the AWS console and manage the Aurora RDBMS account.

      • Navigate to the VPC Dashboard.

      • Select Peering Connections.

      • The peering created in the above steps should be flagged as “Pending acceptance”, select it and perform the action Accept request.

    15. Write down the Requester CIDRs and the Accepter CIDRs. You will need these later, when configuring network routing for the peering between the VPCs.

  2. Modify the route tables to enable traffic through VPC peering:

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select subnets.

    4. Filter by the VPC created by Agora.

    5. Choose the subnet whose name does not begin with ‘aux-denodo-agora-*’.

    6. Choose the route table associated with it.

    7. Select it and perform the action Edit routes.

    8. Add a new route to the peering connection created in the previous steps, for the Accepter CIDR.

    9. If the Aurora RDBMS is running in a different account, connect the AWS console to the Aurora RDBMS account. Otherwise, continue in the AWS console with the same account.

    10. Navigate to the VPC Dashboard.

    11. Select subnets.

    12. Filter by the VPC of the Aurora RDBMS.

    13. Select a route table subnet used by the Aurora RDBMS.

    Subnet Route
    Subnet Edit Route

    1. Perform the action Edit routes.

    2. Add a new route to the peering created in the previous steps to the Requester CIDR.

    3. Repeat these last two steps to configure routes for each subnet used by the Aurora RDBMS.

  3. Create and test a new data source in Design Studio.

Create Datasource

How to Connect to Data Sources Running On-Premise or in Other Private Clouds

As the data sources are not public, network access must be configured for the Denodo servers. This scenario requires a VPN between the VPC of the Denodo servers and the private network of the data sources.

Northbound Connections

How to Connect to Agora from the Internet

The Agora Execution Plane servers are deployed in a private network and are not accessible by client tools running on the Internet by default.

To connect from the Internet to the Agora Execution Plane servers it is necessary to open the Agora load balancers to the Internet.

In this case, when creating the Agora Denodo server cluster, choose the Provisioning manually option and configure the option to enable the Internet Facing Load Balancer.

How to Connect from to Agora from AWS Clients

The Agora Execution Plane servers are running in a private network and are not accessible by default to other applications running in AWS. Network access must be configured for any AWS client needing to connect to Agora. A VPC peering connection can be used to communicate between the Agora Execution Plane servers and AWS client tools.

Please see the AWS What is VPC peering documentation for further details.

For example, to connect to an Agora VDP Server from a Tableau Desktop follow the steps below:

  1. Create a VPC peering between the Agora’s VPC and the VPC where the Tableau Desktop is running:

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select Peering Connections.

    4. Choose the create Peering Connection option.

    5. Select the VPC created by Agora as the VPC requester.

    6. If the Tableau Desktop is in the same account as the Agora Execution Plane:

      • Select My Account as the account for the VPC

      • Select the region where the Tableau Desktop is running.

      • Select the VPC where the Tableau Desktop is running

      Create Peering Connection

    7. If the Tableau Desktop is in a different account than the Agora Execution Plane:

      • Select Another Account as the account for the VPC of the Tableau Desktop (Accepter).

      • Fill the VPC Accepter account ID with the Tableau Desktop account ID.

      • Fill the VPC Accepter ID with the Tableau Desktop VPC ID.

      Configure Peering Connection

    8. Press the Create peering connection button and write down the peering connection ID.

    9. Select Peering Connections.

    10. Choose the peering created previously.

    11. From the Actions menu, select Edit DNS Settings.

    12. Click to enable DNS resolution. If Tableau Desktop is running in another account/region you should allow requester VPC to resolve DNS of accepter VPC managing the Tableau Desktop account.

    13. If the Tableau Desktop is in the same account as the Agora Execution Plane:

      • Navigate to the VPC Dashboard.

      • Select Peering Connections.

      • The peering created previously should appear as “Pending acceptance”, so select it and perform the action Accept request.

      Accept Peering Connection

    14. If the Tableau Desktop is in a different account than the Agora Execution Plane:

      • Connect to the AWS console to manage the Tableau Desktop account.

      • Navigate to the VPC Dashboard.

      • Select Peering Connections.

      • The peering created earlier should appear with a status of “Pending acceptance”, select it and perform the action Accept request.

    15. Write down the Requester CIDRs and the Accepter CIDRs. You will need it later when configuring the routes.

  2. Modify the route tables to enable traffic through VPC peering:

    1. Connect to the AWS console to manage the Agora Execution Plane account.

    2. Navigate to the VPC Dashboard.

    3. Select subnets.

    4. Filter by the VPC created by Agora.

    5. Choose the subnet whose name does not begin with aux-denodo-agora-*.

    6. Choose the route table associated with it.

    7. Select it and perform the action Edit routes.

    8. Add a new route to the peering created previously to the Accepter CIDR.

    9. If the Tableau Desktop is running in a different account, connect to the AWS console to manage the Tableau Desktop account. Do nothing if running in the same account

    10. Navigate to the VPC Dashboard.

    11. Select subnets.

    12. Filter by the VPC of the Tableau Desktop.

    13. Select the route table used by the Tableau Desktop subnet.

      Configure Route Table
      Route Table

    14. Perform the action Edit routes

    15. Add a new route to the peering created previously to the Requester CIDR.

  3. Connect to the Agora Execution servers from Tableau Desktop:

    1. Obtain the name of the host to connect from the Agora Design Studio.

    Connected

    1. Configure Tableau Desktop to connect to the Agora Execution Plane server. Please review the document How to connect to Denodo from Tableau Desktop:

      1. Connect to the Agora Execution Plane server using your Agora credentials.

      Configure Agora credentials
      Agora connected

How to Connect from Client Tools Running On-Premise or in Other Private Clouds

The Agora Execution Plane servers are not accessible over the Internet. Network connectivity must be configured to allow the clients On-Premise or in Other Private Clouds to connect to Agora. A VPN between the VPC of the Agora Execution Plane servers and the private network of the client tools should be configured for this purpose.

Add feedback