Search code examples
oracle-databasesecurityibm-clouddata-integrationdataconnect

How to connect to a Secure Gateway's destination with TLS in DataWorks

I would like to load on-premise Oracle data to Bluemix dashDB. I plan to use DataWorks and Secure Gateway. It is required that only DataWorks can access to Secure Gateway.

According to the tutorial Securing Destinations with TLS in Bluemix Secure Gateway, a destination with TLS: Mutual Auth can restrict clients.

So I try to adapt the how-to to DataWorks and refer the APIs of DataWorks. But, I found the can't find request parameters about TLS: Mutual Auth in "Create an activity" API.

Would anyone teach me how to use TLS: Mutual Auth between DataWorks and Secure Gateway or any other methods to secure the destination of Secure Gateway?

  Oracle Connection:
    type ( string): Specify oracle,
    sid ( string): The Oracle System ID,
    host ( string): The host name or IP address of the database,
    port ( integer): The port number,
    user ( string): The user name to use to connect to the database,
    password ( string): The password for the specified user name,
    schema ( string): The schema name. The name is case sensitive,
    ssl ( string, optional):
    sslCert ( string, optional):
    gateway ( string, optional):

Solution

  • This documentation describes how to add the Secure Gateway service by using the Bluemix UI:

    https://www.ng.bluemix.net/docs/#services/SecureGateway/index.html#gettingstartedsecuregateway

    There are 3 possible options:

    1. No TLS - No authentication is provided. Your application can communicate directly to the gateway without requiring any certificates.
    2. TLS: Server Side - TLS is enabled and the server provides a certificate to prove its authority. You need to accept the server certificate into your application truststore.
    3. TLS: Mutual Auth - The server provides a set of certificates. However, you also need to upload your own certificate or select auto-generate to automatically create a self-signed certificate/key pair that you can download along with the server certificate.

    To choose TLS: Mutual Auth, just select it in the Create Destinations page. If you are using DataWorks, you do not need to create a destination.