Use this article to discover options available for connecting your K2 Cloud environment to data that exists on-premises, such as in a private network or a different cloud environment. Use this data in applications you build in K2 Cloud. Supported on-premises systems include any system with which K2 Cloud has a standard integration capability. However, some sources such as SharePoint are not supported.

This document does not outline the specific steps to implement these approaches. You must review factors such as security, availability, and speed for your individual needs when deciding to implement any of these solutions.

Summary of Approaches

Use one or more of the following approaches and features to access on-premises data from K2 Cloud.

A note about authentication: Each approach described below for using on-premises data in K2 Cloud applications requires credentials for accessing each data source. K2 Cloud allows you to configure different connection credentials for each data source instance, but you must determine what the best approach is for your security and data requirements.

K2 Cloud Secure Data Access

This approach allows you to install a polling service in your on-premises environment to query requests from K2 Cloud. Configuring K2 Cloud Secure Data Access requires an additional subscription from K2.

Implementation

For more information about K2 Cloud Secure Data Access, see the following articles:

Site to Site VPN

This approach allows you to configure a VPN connection from K2 Cloud to your on-premises systems. Creating and maintaining this VPN connection requires an additional subscription from K2, but you are responsible for configuring and maintaining your on-premises network infrastructure that allows the VPN connection. You cooperate with the K2 Cloud Operations team to configure this approach. Any system that K2 Cloud connects to using this approach must be accessible using DNS or directly by IP address and port. Once you do this you can create a service instance and SmartObjects to use data in K2 Cloud.

If you have multiple K2 Cloud environments, each environment connects to the same on-premises systems by sharing the networking infrastructure across K2 Cloud environments.

Image

Implementation

For more information about implementing a VPN connection from K2 Cloud to your on-premises network, see Configuring a VPN Connection in K2 Cloud. Note that you must work with the K2 Cloud Operations team to configure a VPN connection.

Opening Network Firewall Ports

This approach allows you to selectively open one or more firewalls ports for inbound and/or outbound traffic. If you prefer to not have K2 Cloud applications accessing your systems directly, you can configure a reverse proxy to manage the communication flow between internal data sources and K2 Cloud.

Image

Allowing external systems such as K2 Cloud to your on-premises data by opening firewall ports is a security risk that must be carefully planned and monitored. In many cases, using a reverse proxy provides better security. Also, configuring authentication and whitelisting your K2 Cloud IP addresses is strongly recommended.

Implementation

You are responsible for both networking configuration as well as any additional infrastructure costs to support the security of your on-premises systems. Any system that K2 Cloud connects to using this approach must be accessible using DNS or directly by IP address and port. Once you do this you can create a service instance and SmartObjects to use data in K2 Cloud.

Placing Systems in a DMZ

Similar to opening firewall ports, you may choose to locate your data source outside your on-premises in a protected demilitarized zone (DMZ). These systems could be accessed directly by K2 Cloud or with a reverse proxy that manages communication to the data source behind the firewall.

Image

Implementation

You are responsible for both networking configuration as well as any additional infrastructure costs to support the security of your on-premises and DMZ systems. Any system that K2 Cloud connects to using this approach must be accessible using DNS or directly by IP address and port. Once you do this you can create a service instance and SmartObjects to use data in K2 Cloud.