OneStream applications are strategic components in your financial environment. Data from financial systems is imported to OneStream and contributes to financial closing and reporting processes. While performing analysis, you leverage data lineage capabilities to make contextual associations to data sources in your network.
The goals for Smart Integration Connector are to establish all required data source connections without a VPN and establish residency and management of data source connections solely in your network.
With Smart Integration Connector, you can:
-
Securely establish connectivity between OneStream Cloud and data sources in your network without a VPN connection.
-
Create and manage network data source integration using OneStream administration interfaces.
-
Locally manage database credentials and ancillary files.
Common Understanding
Use the reference charts below to understand common terms used throughout the product and this document.
OneStream Client Application Terms
| Term | Definition |
|---|---|
| OneStream Windows Application client | The Windows client facilitating user interface access for all user personas to OneStream applications. |
| OneStream Windows Application Server (App Server) | The application server executing all OneStream business logic and processing. |
| Connection (Gateway Connection, Direct Connection) |
Connections define direct channels of integration between the OneStream Cloud and a local customer network. Connections are represented by a unique key and are configured for communication to an Azure Relay endpoint. Connections carry a 1:1 correlation to a local gateway on the SIC Local Gateway Server. The channel of communication is established from the OneStream connection and a local gateway is created in Smart Integration Connector Local Gateway Server. |
| Gateway Server | A gateway server carries no unique technical definition or configuration address. It is a node in the tree control UI to organize connections and typically corresponds to an installed local gateway server name. |
| Custom Database Connections (System Configuration) |
Custom database connections define a named data source to which OneStream may connect using Smart Integration Connector for the purpose of data import, data export, or drill through querying. The named custom database connection is referenced in OneStream business logic (data management objects or business rules) to initiate data source connectivity. Credentials and ancillary files required for a designated data source connection are configured to and reside on the corresponding local gateway server. |
| Direct Connection / Port Forwarding (e.g. SFTP, Web API) | A direct connection represents a point-to-point channel to designated resources such as an SFTP server or Web API (including iPaaS services). The OneStream Local Gateway Server Configuration Utility UI facilitates configuration of mapped connections to resources where the on-premises TCP port is mapped to a server (hostname/IP). |
| Gateway Connection (e.g. DBs, DLL Integrations) | A gateway connection represents the ultimate datasource destination for Smart Integration Connector, and is typically associated with a local gateway connection that connects to a designated database. The OneStream Local Gateway Server Configuration Utility facilitates configuration of required credentials and supporting files. The identification of a local gateway connection must correspond to a custom database connection established to the OneStream Application Server. |
| Smart Integration Function (Remote Business Rule) |
A Smart Integration Function (Remote Business Rule) is created in the Windows Desktop Client and compiled and executed on the local gateway server. |
| IPv4 Whitelist (Whitelisting) |
Whitelisting can be applied to the Relay via IP addresses in the OneStream Windows Application client and also applied to your firewall via namespaces through your IT Admin. |
OneStream Local Gateway Configuration Terms
| Term | Definition |
|---|---|
| Local Gateway Server | Smart Integration Connector requires a client installation on Windows servers to establish a local gateway server. The local gateway server houses one or more local gateways which are configured through the OneStream Local Gateway Configuration. |
| Local Gateway | Local gateways define the local customer endpoint for distinct channels of communication used by Smart Integration Connector. A local gateway facilitates connections to local databases, Web API connections, iPaaS servers, or sFTP servers and corresponds 1:1 with a gateway definition on the OneStream Application Server. To ensure a valid connection, a local gateway must be configured by importing the corresponding gateway definition exported from the OneStream Windows Application client. |
| Local Gateway Connections | Local gateway connections are typically database connections defined in the utility and confirm the connection between the local gateway and the local data sources. |
| OneStream Local Gateway Configuration | This utility is where you configure the local gateway server, local gateways and local gateway connections to data sources. |
Architecture
In contrast to a direct data source connection established using a VPN, Smart Integration Connector makes an indirect connection to data sources. Smart Integration local gateways integrate with on-premises customer environments through a cloud hosted service called Azure Relay. The locally installed and configured local gateway server makes the direct connection to data sources and responds to the OneStream application.
NOTE: In OneStream, Custom Database Server Connections define the relationship between the Smart Integration Connector connection gateway and the data source.
The two primary services of Smart Integration Connector are:
-
OneStream Application Server: The application server brokers communication between the OneStream Cloud instance application and the Azure Relay service.
-
Local Gateway Server: Instances of the Smart Integration Connector Local Gateway Server are installed inside your network and configured to make direct connections to designated data sources. The Smart Integration Connector Local Gateway Server runs as a Windows service and brokers communication between local data sources and Azure Relay using an outbound connection over port 443. All communication is encrypted end to end through TLS.
The components of the Smart Integration Connector are:
-
OneStream Windows Application client
Direct and Gateway Connections configured through
System > Administration > Smart Integration Connector.NOTE: The SmartIntegrationConnectorAdminPage role must be assigned to a user for this to be visible.
-
A Custom Database Connection to the local gateway data source. Custom Database Connections are configured in
System > System Configuration > Application Server Configuration > Database Server Connections.NOTE: The ManageSystemConfiguration role must be assigned to a user for this to be visible.
-
OneStream Smart Integration Connector Local Gateway Server
-
Connection Settings provide the information to establish the relationship with the OneStream Windows Application. Connection Settings are exported from the connection settings in the OneStream Windows Application and imported to the Local Gateway section of the OneStream Local Gateway Configuration.
-
Local Gateway Connections provide the setup information necessary for the Smart Integration Connector Local Gateway to connect to local data sources. Local Gateway Connections are set up through the OneStream Local Gateway Configuration in the Gateway Connections Settings section.
-
TLS/SSL Certificate
Communication between the OneStream Application Server(s) is encrypted end-to-end. For additional information about certificates and certificate errors, see Troubleshooting.
Gateway Connection example:
Direct Connection example:
NOTE: Certificate errors in the OneStream Application Server caused by a domain name mismatch between the WebAPI domain name and OneStream hostname are ignored. This occurs because the business rule uses localhost:{boundPort} for the hostname and the response contains a certificate with a hostname specific to the API (for example, someapi.org).
Additional Considerations
-
To provide high availability there can be multiple instances of a designated local gateway server, each running on a separate server bound to the same connection.
-
Multiple local gateways can be installed to establish global connectivity to data sources in different subnetworks.
-
Local gateway configuration must align to the corresponding connection as defined in the OneStream Windows application. An export process from the OneStream Windows application connection user interface can assist with the alignment to ensure corresponding names and keys are identical.
