On-prem webserver Integration

navneetv
Regular Contributor
Regular Contributor

Hi Everyone,

we have a use case, where we want to onboard an on-prem webserver to Saviynt. that web server is not accessible from the Internet. it requires VPN to connect to access the Webservice URL.

Now I am not sure. From where do I need to start and what to do to onboard that application to Saviynt?

Did anyone have the same use case, where the on-prem webserver has been onboarded to Saviynt successfully? if so then what all steps you followed . could you please share those steps?

10 REPLIES 10

Paul_Meyer
Regular Contributor
Regular Contributor

You would need to deploy an on-prem (or tenant) VM for hosting the Saviynt Connect (OpenVPN) client. I recommend that you contact Support to assist you with the setup and configuration of the server and client side components. For some details please refer to the following links:

Note you can also request DNS forwarding to be set up on the Saviynt server side, so that you don't have to use IP addresses in your connector configs, but rather hostnames that is resolved by your internal DNS. Also, the Saviynt Client VM hardware requirements are rather generous... Confirm what the minimum requirements are for the Saviynt Client VM.

 

navneetv
Regular Contributor
Regular Contributor

Hi @Paul_Meyer thank you for sharing and checking. We have already Connect 2.0 server installed in our perm, therefore we are able to onboard our on-prem AD. 

How The Connect 2.0 server will help to onboard on-prem WebServer with Rest connector?  Should I white list the IP and hostname of the Web-server with 80 and 443 ports and check the talent from connect 2.0 server, whether talent is happing or not?

Is there any steps or document we have for onboarding the on-prem WebServer application with Rest Connector?

Paul_Meyer
Regular Contributor
Regular Contributor

Please explain what you mean regarding integrating with an on-prem webserver. Is there an application deployed on the webserver, such as a Rest API, that you need to integrate with?

Do you have direct connectivity between the on-prem SC2.0 VM and the application? Or would you need to establish a VPN connection between the SC2.0 VM and the application?

navneetv
Regular Contributor
Regular Contributor

Hi @Paul_Meyer  

We have On-prem Webserver(Internal Web Application) and We want to onboard the WebServer application in Saviynt. But the thing is that the application is not connected to the Internet. Webserver(Application) can be accessed within the premise network. Since it is not hosted in the cloud. I am not sure, how it can be onboarded to Saviynt by using a Rest type connection.  

On-prem application has user-management API but it cannot be accessed from the Internet

Paul_Meyer
Regular Contributor
Regular Contributor

You would use the same integration traffic pattern as for your on-prem Active Directory.

Make sure you :

  • have connectivity between the SC2.0 VM and the webserver. This can be done by curl, telnet etc.
  • have routing configured on the Saviynt instances to direct network traffic to the webserver via the SC2.0 Server/Client VM OpenVPN tunnel. Similar to your existing AD traffic pattern. The routing config can be checked with Saviynt Support.
  • configure the Rest connector config to use the webserver IP/hostname. DNS forwarding can also be configured by the Saviynt Support team to resolve your internal DNS names.

navneetv
Regular Contributor
Regular Contributor

Hi @Paul_Meyer thank you for sharing the steps.  I will follow the above guidelines.  Also, I have reached out Saviynt Support team and they said the port needs to be added on the Saviynt side after that it can be communicated. Not sure, how it will work. 

navneetv
Regular Contributor
Regular Contributor

@sahil  @rushikeshvartak  could you please suggest? what can be the way to onboard the on-prem webserver with Saviynt by using the rest connection?

 

sahil
Saviynt Employee
Saviynt Employee

@navneetv The first step would be to ensure that the app url/ip is reachable from Saviynt server. For this you will need to work with Support team so they can ensure the IP/port is whitelisted on Saviynt side. Support team check for telnet/ping from Saviynt server to ensure the traffic is flowing.

Once this communication is established, you should be able to integrate the REST application. 

 


Regards,
Sahil

navneetv
Regular Contributor
Regular Contributor

Hi @sahil  When you say, Saviynt Server, are you talking about Saviynt connect2.0 server which is hosted in our prem or are you talking about a server, which is hosted on the Saviynt side, that we don't have access to?

Paul_Meyer
Regular Contributor
Regular Contributor

Please review the Saviynt Connect Architecture guide. It explains the components and traffic flow.