Create and Configure OneCloud Connections
A OneCloud Connection consists of a resource (i.e., a server) that is pre-configured to run a specific type of Command and the credentials associated with a connection to a particular application (e.g., login information for a SaaS platform). Connections can be configured to use either a OneCloud CloudRunner or GroundRunner. Commands are aware of which Connections they need to run (for example, a command that can run only in a Windows environment). Additionally, a Command cannot be added to a Chain until an appropriate connection is configured.
Add New or View Existing Connections
To add a new connection or view an existing OneCloud Connection, click the Connections tab on the navigation pane on the left of the page.
📓 The OneCloud Connection Manager is only visible only to admin users.
Create a new Connection
To create a new Connection, open the Connections list view and in the bottom right corner, click the plus icon to create a new Connection:
Editing a Connection and Version History
If editing an existing Connection, expand a Connection to view and edit its properties:
Creating or editing a OneCloud Connection will provide various options based upon the type of connection that is being created. The most important choice is selecting the BizApp that should be associated with the Connection, such as Box, Anaplan, IBM Planning Analytics, Oracle Hyperion, etc. This choice will then drive connection-specific parameters such as service name, instances, tokens, etc. that are specific to a particular connection.
Once a BizApp is selected, one or more Runners must also be selected from the dropdown list. Be sure to pick the Runner appropriate for the BizApp that is being used. For example, when connecting with an on-premise database within a company’s firewall, be sure to select a GroundRunner that is running on-premises.
📓 BizApps are sometimes Runner-specific
Some OneCloud BizApps are only available on certain runners. For example, the OneCloud Script Runner BizApp is only available on a GroundRunner.
📓 When a Runner is not available
If a OneCloud GroundRunner is offline and not available, then there will be a red circle to the left of the runner name.
Sometimes a resource is required for a connection such as in the case of the Anaplan CA Certificate authentication. To streamline the management of a particular file resource associated with the connection, the resource can be loaded, managed, and encrypted in OneCloud.
To add a file such as a certificate, click the blue plus icon on the right of the resources section and upload the required files. Once the files have been uploaded, reference the file resources in the connection. For example, if the chosen BizApp that is being connected to has a field “Certificate Path”, and the uploaded certificate file is called anaplan-admin.cer, then simply enter anaplan-admin.cer into the certificate field.
Many external services allow for basic authentication (i.e., username and password), but some require users to connect via OAuth 2.0. When a BizApp is selected that needs to connect via OAuth, the form will automatically provide a prompt to enter the credentials requiring authentication. Once the proper values are provided, click Connect to complete the connection.
Upon filling out the OAuth-specific fields, you should see a pop-up window that prompts you to log in to the external service. Once the proper credentials are successfully authenticated, OneCloud will store the access token and refresh token.
📓 Ensure pop-ups are enabled when connecting via OAuth. OneCloud will create a pop-up window to allow you to log in to an external service.
Next, enter the properties specific to the selected service. These properties could be user credentials or application-specific information.
📓 All sensitive credentials and certificates are automatically encrypted, and OneCloud ALWAYS stores encrypted values and resources at 2,048-bit encryption.
Connections can be enabled and disabled on a per-Environment and per-Workspace basis. This allows an added level of granularity and ensures that users are not using production credentials for non-production Environments. Additionally, this feature directly ties into OneCloud’s promotion and lifecycle management. Individual connections are created for specific environments, and the connection can be mapped during a Chain Promotion.
To enable or disable a connection for an Environment, click on the colored checkboxes corresponding to different Environments. To enable or disable the credential for all Environments within a Workspace, click the checkbox at the top right of each Workspace.
📓 At least one environment needs to be selected for each Connection.