A OneCloud connection consists of a resource (i.e. a server) that is pre-configured to run a certain type of command and the credentials associated with a connection to a particular application (e.g login information for a SaaS platform). Connections can be configured to use either a OneCloud CloudRunner or GroundRunner]. Commands are aware of which connections they need to run (for example, a command that can run only in a Windows environment). Additionally, a command cannot be added to a chain until an appropriate connection is configured.
To add a new connection or view an existing OneCloud connection, click the Connections tab on the navigation pane on the left of the page.
The OneCloud Connection Manager is only visible only to admin users.
In the connections list view, click the plus icon at the bottom right of the screen to take you to the connection editor:
If editing an existing connection, expand a connection to view and edit the connection properties:
Creating or editing a OneCloud connection will provide various options based upon the type of connection that is being created. The most important choice is selecting the BizApp that should be associated with the connection such as Anaplan, IBM Planning Analytics, Oracle PBCS, etc. This choice will then drive connection-specific parameters such as service name, instances, tokens, etc that are specific to a particular connection.
Once a BizApp is selected, a runner must also be selected from the dropdown list. Be sure to pick the runner appropriate for the BizApp that is being used. For example, when connecting with an on-premise database within a company's firewall, be sure to select a GroundRunner that is running on-premise.
BizApps are sometimes Runner-specific
Some OneCloud BizApps are only available on certain runners. For example, the OneCloud Script Runner BizApp is only available on a GroundRunner.
When a Runner is not available
If a OneCloud GroundRunner is offline and not available, then there will be a red circle to the left of the runner name.
Sometimes a resource is required for a connection such as in the case of the Anaplan CA Certificate authentication. To streamline the management of a particular file resource associated with the connection, the resource can be loaded, managed and encrypted in OneCloud.
To add a file such as a certificate, click the blue plus icon on the right of the resources section and upload the required files. Once the files have been uploaded, reference the file resources via a relative path as an input to the connection. For example, if the chosen BizApp that is being connected to has a field "Certificate Path", and the uploaded certificate file is called anaplan-admin.cer, then simply enter anaplan-admin.cer into the certificate field.
Many external services allow for basic authentication (i.e. username and password), but some require users to connect via OAuth 2.0. When a BizApp is selected that requires to connect via OAuth, the form will automatically provide a prompt to enter the credentials requiring authentication. Once the proper values are provided click Connect to complete the connection.
Ensure pop-ups are enabled when connecting via OAuth. OneCloud will create a popup window to allow you to login to an external service.
Upon filling out the OAuth-specific fields, you should see a pop-up window that prompts you to login to the external service. Once the proper credentials are successfully authenticated, OneCloud will store the access token and refresh token.
Next, enter the properties specific to the selected service. These properties could be user credentials or application-specific information.
All sensitive credentials and certificates are automatically encrypted and OneCloud ALWAYS stores encrypted values and resources at 2,048-bit encryption.
Connections can be enabled and disabled on a per-environment and per-workspace basis. This allows an added level of granularity and ensures that users are not using production credentials to non-production environments. Additionally, this feature directly ties into OneCloud's promotion and lifecycle management. Certain connections are created for specific environments and the connection can be mapped during a Chain Promotion.
To enable or disable a connection for an environment, click on the colored checkboxes corresponding to different environments. To enable or disable the credential for all environments within a workspace, click the checkbox at the top right of each workspace.
At least one environment needs to be select for a connection to be used.