Product UpdatesStatus PageAutomation Institute
▼ To JA
Accessing On-prem
On-prem Agent
On-prem Connections

# Cloud Profiles

A single Workato on-prem agent (OPA) can connect to multiple on-prem applications. A cloud profile allows you to set up a connection directly in Workato. This option can be selected when creating a new on-prem group.

# Basics

# What's a cloud profile?

A cloud profile is a new way of setting connection for on-prem agent. Since OPA version 2.15.0 you can configure on-prem connections directly in Workato instead of editing local on-prem agent config file. This is a big simplifcation of the existing process as you no longer need a direct access to the machine where the agent is installed. Just make sure your agent is up and running.

When creating a connection you will see the input field called Connection type. It is a list of existing on-prem groups. For some of the cloud connectors there can be a default Cloud setting. Make sure you select on-prem group that supports cloud profiles so you can create a connection directly in Workato.

Below is an example of SQL Server connection when on-prem group with cloud profiles is selected. As you can see database connection properties can be set just like for a normal cloud connector.

SQL Server cloud profile connection SQL Server cloud profile connection

# What types of systems can I connect to?

Cloud profiles are supported by the following system types:

WARNING

Please note that configuring some additional settings like google secrets manager, azure key vault or more advanced settings is not yet supported by cloud profiles. If you want to use them please check connection profiles.

# How do I apply a new configuration?

When you create a new connection the details are automatically propagated to all agents in the specific on-prem group. It should happen almost immediately but in some cases it might take a while for an agent to get updated connection details.

# Database Cloud Profiles

Database cloud profiles provide the information your OPA uses to connect to a database.

All database connectors give you the option to connect through an on-prem agent. In the connection fields, select the desired on-prem group from the field labelled Connection type.

Once you select the on-prem group that allows cloud profile configuration you can set up the connection directly in Workato as for the regular cloud connector. Just fill in the required fields and click Connect.

Database connection using cloud profiles Database connection using cloud profile

In this section, we'll cover:

# Profile Properties

Database cloud connection profiles can contain the following properties:

Name Type Description
url/host required The host address of the database. For example, localhost.

Note: A url or host value must be provided to fully configure the connection profile.
port required The port of the database. If using the default port for a database type, this property may be omitted.

For example, PostgreSQL databases use port 5432 by default. If your PostgreSQL uses this port, you don't need to add a port property to the connection profile.

Default ports are listed in the Supported databases section.
database required The name of the database. For example: sales

Note: This property may be omitted if the url property is provided.
username required The username of a database user that will be used to connect to the database.
password required The password of the database user (username).
ssl optional Options for configuring SSL connections. SSL is supported for the following databases:
  • MySQL - version 5.7 and higher
  • PostgreSQL - version 11.x and higher
 Contains the following properties:
Name Type Description
Server certificate optional X509 server certification in .pem format.
SSL certificate optional X509 client certificate in .pem format.
SSL certificate key optional RSA client key in .pem format.

# Supported Databases

The following table contains information about the databases OPA currently supports.

Database name Default port
Amazon Redshift 5439
JDBC-compatible databases
Microsoft SQL Server 1433
MySQL 3306
Oracle 1521
PostgreSQL 5432

# On-prem Files Cloud Profile

Please refer to On-prem Files connector documentation.

# SAP Cloud Profile

There are two connection types that the SAP connector supports - Direct connections or Message Server connections.

SAP default ports

Our SAP connector uses these ports by default:

  • Via SAP Message Server : 36xx (where xx is SAP system number)
  • W/o SAP Message Server, e.g. direct call to SAP : 33xx (with SNC) and 48xx (w/o SNC)

Furthermore for HTTP(s) inbound communication (for example for consuming REST OData services, SOAP WebServices etc. provisioned from SAP) ports are per default 8000 (HTTP) and 44300 (HTTPs). If this ports have been setup on SAP in custom way, port numbers can be figured out in SAP by

  1. Go to the ICM Monitor ( SMICM ) transaction.
  2. Choose Goto Services to display the services configured in ICM and correlated ports.

If these ports differ from our defaults, please contact Workato support.

# SAP - Direct Connection

Below is the example of Direct connection type. Use this connection type if SAP system is directly exposed as an application server.

On-prem sap direct connection using cloud profile On-prem sap direct connection using cloud profile

Parameter Description Click to expand image
Gateway host Could be either DNS name or IP address. If present, this describes a direct connection to SAP host. Could be in the format xx.xx.xx.xx. This is the IP Address of the SAP application server you are connecting directly. This can be seen on the SAP Logon Pad which is used to login to your on-premise SAP Application server. Host
System number Two digit SAP system number. It identifies the logical port on which the application server is listening for incoming requests. Commonly found from the TCP Port 33XX where XX is the system_number System number
Program ID OPTIONAL. Only needed when IDOCs are used in recipes. This matches the program ID given to the RFC destination linked to Workato in Tcode SM59. This is defaulted to WORKATO if not supplied. Program ID
Client The actual client number which is used for connecting to Workato. Use the same one you log into with your SAP Logon Pad. It's always a 3 digit integer. Client
Language OPTIONAL. Represents the logon language. If the property is not provided, the user's or system's default language is used. Valid values are two-character ISO language codes or one-character SAP language codes. Language
User SAP user provisioned for Workato. Using background user and disabling dialog properties are recommended. User
Password SAP user password. Password

# SAP - Message Server Connection

Below is the example of Message server connection type. Use this connection type when SAP system is behind message server gateway.

On-prem sap message server connection using cloud profile On-prem sap message server connection using cloud profile

Parameter Description Click to expand image
Message server host Message Server host in the format of xx.xx.xx.xx. This is the IP Address of the Message Server you are connecting. Message Server Host
System ID The system ID of the system the message server belongs to. See SAP Note 52959 in case of connection error.
Logon group (Optional) Logical group name of the application servers. Can be found in SAP Tcode SMLG Group
Program ID OPTIONAL. Only needed when IDOCs are used in recipes. This matches the program ID given to the RFC destination linked to Workato in Tcode SM59. This is defaulted to WORKATO if not supplied. Program ID
Client The actual client number which is used for connecting to Workato. Use the same one you log into with your SAP Logon Pad. It's always a 3 digit integer. Client
Language OPTIONAL. Represents the logon language. If the property is not provided, the user's or system's default language is used. Valid values are two-character ISO language codes or one-character SAP language codes. Language
User SAP user provisioned for Workato. Using background user and disabling dialog properties are recommended. User
Password SAP user password. Password

# JMS Cloud Profile

The following JMS providers are supported by the cloud profile on-prem agent:

  • Amazon Simple Queue Service
  • Apache ActiveMQ
  • Azure Service Bus

# Amazon SQS

You need the following configuration properties when connecting to Amazon SQS:

On-prem cloud profile amazon On-prem cloud profile amazon

Property name Comment
region Your Amazon API region, eg 'us-east-2'
accessKey Your Amazon API access key
secretKey Your Amazon API secret

Note that you need to make sure your SQS queue is created before sending messages.

# Apache ActiveMQ

For connecting to a running ActiveMQ broker you only need to specify the broker URL:

On-prem cloud profile activemq On-prem cloud profile activemq

ActiveMQ broker cannot be embedded into the agent. Using any vm:// broker connections is not supported.

# Azure Service Bus

Azure Service Bus uses custom JMS provider. You will need the following configuration properties when connecting to Azure Service Bus:

On-prem cloud profile custom On-prem cloud profile custom

Property name Comment
provider Custom
class org.apache.qpid.jms.JmsConnectionFactory
remoteURI amqps://host-name.servicebus.windows.net
username policy-name
password primary-key

Download jar files from here (opens new window) and extract it inside the lib_ext folder.

Add the classpath inside the config.yml file.

server:
 classpath: lib_ext

# Apache Kafka Cloud Profile

Configure your Kafka connection directly in Workato by setting following properties:

On-prem cloud profile kafka On-prem cloud profile kafka

Property name Description
url Comma-separated list of server URLs where protocol is either kafka or kafka+ssl.
timeout General operation timeout, milliseconds.
Server certificate X509 server certificate in .pem format
SSL certificate X509 client certificate in .pem format
SSL certificate key RSA client key in .pem format

The preceding certificate options can be used when connecting to Kafka using SSL/TLS.

Password-protected private keys cannot be inlined.

You can provide any Kafka producer (opens new window) or consumer (opens new window) configuration properties, for example, bootstrap.servers or batch_size.

However, some properties are overridden by the on-prem agent and cannot be configured. You will get a warning when trying to redefine a protected property. Protected properties include:

Property name Comment
key.serializer Only StringSerializer is supported by agent
value.serializer Only StringSerializer is supported by agent
key.deserializer Only StringSerializer is supported by agent
value.deserializer Only StringSerializer is supported by agent
auto.offset.reset Defined by recipes
enable.auto.commit Defined internally

The Kafka connector supports Apache Avro, a binary serialization format. Avro relies on schemas in JSON that define what fields are present and their type. The connector relies on storing data in a schema registry. The Kafka connector only works with schema registry version 6.1.4 and above.

Example:

# Active Directory Cloud Profile

Please refer to Active Directory connector documentation.

# Command-line Scripts Cloud Profile

Please refer to On-prem Files connector documentation.

Overview
Connection profiles

On this page