SKP / SAP ADMM — Hybrid Deployment V2

Syniti Knowledge Platform / Advanced Data Migrations and Management Hybrid Deployment Guide

The Syniti Knowledge Platform (SKP) consists of the cloud-native, multi-tenant application platform with customer-hosted working databases and a series of remote services. The remote services are the platform components that run outside of the Syniti Knowledge Platform application and are designed to run close to the data stores that persist and transact data management activities.

The above diagram shows a logical representation of the services that run in the cloud (Cloud Services) and the services that are customer-hosted and run on-premises/customer hardware, which include:

• Syniti Knowledge Platform Connector—Allows a secure connection to enable communications between the Cloud Services and the customer-hosted services

• Syniti Replicate —Provides services that require low latency connectivity to data stores for high-performance data access and replication.

• Working Database—Where customer data is staged during processing

Network Requirements

When using a Hybrid Deployment model the Syniti Knowledge Platform Cloud Services must communicate over a secure network with the Customer Hosted Components and databases to function. Security is of utmost importance when configuring the network infrastructure. To secure your network from unauthorized access, your network will have firewalls, proxy server and NAT devices, etc. Hence, the network security measures must be updated to allow communications to the Syniti Knowledge Platform Cloud Services.

These communications can be grouped into the following categories:

• Cloud Services to Connector communications occur through a secure encrypted VPN tunnel between the Cloud Services Edge nodes and the customer-hosted services using UDP protocol. The VPN tunnel uses WireGuard, which is a high performance VPN that utilizes state-of-the-art cryptography to secure the communication.

• Connector to Working Databases using ODBC drivers/protocols over TCP/IP.

• Customer-Hosted Services

  • Replicate and the Connector communicate to the Cloud Services using HTTPS protocol.

  • Replicate and the Connector communicate to the Working, Source, and Target Databases using ODBC Drivers, and/or APIs use SSL encrypted connections over TCP/IP to the respective systems.

Note

Syniti strongly recommends that all communications are configured to use SSL and encryption.

Cloud Services to Connector communications (VPN/UDP)

Communication from the Syniti Knowledge Platform to the Connector uses Wireguard ( https://www.wireguard.com/), a highly secure VPN that utilizes state-of-the-art cryptography The VPN uses UDP protocol on port 51820. The following static IP addresses must be allow-listed by your network administration team for UDP protocol for the VPN to be set up between the Syniti Knowledge Platform edge nodes and the machine where the Connector Service is deployed.

UDP outbound traffic to the IP addresses listed below and to port 51820 from the machine running the connector must be allowed.

Note

US tenants only use IPs listed under the US Tenants section. EU tenants use IPs listed under EU Tenants section.

US Tenants

Allow-list the following IP addresses for UDP traffic on port 51820:

• 3.133.52.182

• 3.140.102.168

• 3.142.163.199

• 13.58.102.195

• 3.20.25.109

• 3.20.188.107

• 3.18.172.83

• 18.190.58.216

• 3.15.114.245

• 3.14.201.206

EU Tenants

Allow-list the following IP addresses for UDP traffic on port 51820:

• 18.158.132.137

• 18.198.254.134

• 18.192.157.181

• 18.192.157.181

• 3.68.162.253

• 18.194.250.127

• 3.127.112.189

• 18.195.178.207

• 3.127.54.110

• 3.72.58.229

APJ (Australia) Tenants

Allow-list the following IP addresses for UDP traffic on port 51820:

• 54.252.16.235

• 54.79.184.39

• 3.24.83.147

• 52.63.239.200

• 3.104.73.186

• 3.106.34.168

• 13.54.226.235

• 54.79.62.168

• 13.210.199.82

Canada Tenants

Allow-list the following IP addresses for UDP traffic on port 51820:

• 15.222.134.203

• 15.222.162.216

• 15.156.175.55

• 3.97.27.235

• 3.98.225.202

• 3.98.241.30

• 3.99.79.66

• 35.182.163.154

• 35.183.187.32

Connector to Working Database/Customer Hosted Services Connectivity (TCP/IP)

The Connector forwards the HTTPS and ODBC traffic coming over the VPN tunnel to the Working Databases and the Customer-Hosted Services. TCP/IP traffic from the connector to the host and port of the working databases as well as to the Customer-Hosted Services must be allowed. If there are two separate databases in use, then traffic to both databases must be allowed.

Note

SSL must be enabled on all the databases and the connections must be configured to use SSL to secure these connections.

The following example shows how to document the connectivity and work with the IT/Network Administrator to configure the network. Use this example as a guide by replacing the text with the customer’s IPs, ports and other values.

Customer-Hosted Services to Cloud Connectivity (HTTPS)

The Customer-Hosted Services communicate to the Syniti Knowledge Platform using HTTPS protocol on TCP port 443. The following web domains must be allow-listed for outbound traffic by your network administration team for outbound traffic from the machines running the customer hosted services.

US Tenants

• https://api.syniti.com

• https://onprem.syniti.com

EU Tenants

• https://api.syniti.eu

• https://onprem.syniti.eu

APJ (Australia) Tenants

• https://api.syniti.au

• https://onprem.syniti.au

Canada Tenants

• https://api.syniti.ca

• https://onprem.syniti.ca

Customer-Hosted Service (Replicate) Connectivity

Customer-Hosted Services communicate to the source and target systems and the Working Database using TCP/IP. Depending on your project needs, connectivity will be required to several databases and systems that use APIs for communication. Before you proceed to installing these components you must carefully document all the databases and systems that are required for your project. The following example illustrates how you can document the connectivity and work with the IT/Network Administrator to configure the network. Use this example as a guide by replacing the text with the customer’s information.

Network Latency

Network Latency between the four systems (Linux virtual machine with the Wiregaurd Connectors, Migrate working database server, Windows virtual machine running Replicate, Construct WebApp database on SQL Server) must be less than 5ms.

Warning

If latency drifts to a larger number, systems will appear slower and some applications may have trouble communicating. Syniti expects all four of these systems to be connected on a local network LAN, not across WAN links or across VPN tunnels to each other.

Hardware and Software Requirements

To maintain performance and scalability, the customer-hosted services must run on separate hardware/VMs . The following are requirements for each of the customer-hosted services:

Syniti Knowledge Platform Connector

The Syniti Knowledge Platform Connector runs on a Linux machine.

Operating System

The following distributions of Linux are supported:

• Redhat Enterprise Linux 8.7 - 8.9, 9.2 and 9.3

• Oracle Linux 8.7 - 8.9, 9.2 and 9.3

• SUSE Linux Enterprise Server 15 SP4 and SP5

• Ubuntu 22.04

Note

SAP does not officially support RFC connectivity via Ubuntu and Oracle Linux; therefore, the SAP metadata scanning may not operate fully on Ubuntu or Oracle Linux servers.

Software Prerequisites

The installation process installs the necessary prerequisites.

Note

When using the Redhat Enterprise Linux versions lower than 9.0, Wireguard must be installed before installing the software.

Wireguard and WireguardTools (https://www.wireguard.com/install/) are required for the Syniti Knowledge Platform Connector machine. The install scripts check for their existence before continuing.

Hardware

The following minimum hardware specifications are recommended:

• 4 core CPU

• 16GB RAM

• 50GB Disk

• 125MB/s disk throughput

Replication Service

Replication services run on a Windows machine.

Operating System

Microsoft Windows Server 2019 or later is required with .NET Framework 4.8 or higher installed.

Hardware

• 8 core CPU

• 16GB RAM

• 50GB hard disk space

• 125MB/s disk throughput

Working Database

The Syniti Knowledge Platform requires a database instance to host the Working Databases where customer data that is to be processed is persisted. The working database must be installed on independent hardware and not share resources with other services / components for optimal performance. Three database technologies are currently supported for the Working Database Environment: Microsoft SQL Server, PostgreSQL, and SAP HANA (cloud or on-premise).

Microsoft SQL Server 2019 or later

• 100+ GB hard drive space

• 1600 MB/s disk throughput (or 200 MB/s per CPU Core)

• 8-16 available processing cores

• 64-128GB memory

Note

The disk subsystem performance on this system significantly impacts overall performance.

Oracle Release 12.2 or later

• 100+ GB hard drive space

• 1600 MB/s disk throughput (or 200 MB/s per CPU Core)

• 8-16 available processing cores

• 32-64 GB memory

• COMPATIBLE must be set to 12.2 or later to support 128 byt object names

Note

The disk subsystem performance on this system significantly impacts overall performance.

PostgreSQL

Waiting on information.

SAP HANA

• RAM = (size of uncompressed business data/compression factor) x2

  Note

  The  Compression factor varies based on actual data: 2 - low, 4 - medium, 8 - high
  For example, 100GB of business data using a medium compression factor is (100 / 4) x 2 = 50GM. On SAP HANA Cloud, this would require an instance of 60GB as RAM is allocated in 15GB blocks.

• CPU and disk sizing is determined automatically from the RAM size.

Note

Construct only supports Microsoft SQL server at this time. If you are using Construct, you can have a single Microsoft SQL server database hosting all the working data or you can have two separate databases: Microsoft SQL Server to host the Construct working data and either Oracle or SAP HANA to host the rest of the working data.

Recovery Model and Backup Recommendations

While it is expected that the customer or system integrator will follow their own backup policies, Syniti recommends backups be run once installation is complete.

The following backups should be taken:

• Syniti Connector OS —Daily snapshot

• Syniti Replicate OS —Daily snapshot

  Note

  Replicate metadata must be set up in SQL Server and a SIMPLE backup of that database should be run daily.

• Syniti Working Databases—Daily OS snapshot

  • SRC / TGT Databases—Daily SIMPLE backup

  • WRK Databases—Daily FULL backup (if possible), otherwise SIMPLE

  • MIGRATE Database—Daily FULL backup

  • REPORT Database(s)—Daily SIMPLE backup

• Syniti Construction Database(s)—Daily FULL backup

• Syniti Replicate Metadata Database—Daily SIMPLE backup

Installation Steps for Windows Server

Install SQL Database

When installing the SQL Database as the working database,  the client must provide a Product Key for either Standard Edition or Enterprise Edition.   If SQL Server is only used for the Replicate Metadata then SQL Server Express edition may be used.

To install the SQL Database:

1. Log on to the server

2. Navigate to the D:/ drive

3. Create a folder titled “Software Install”

4. Move the SQL Server Installation file to the new Software Install folder

5. Open the SQL Server Installation file

6. Right click on Setup and select to run as an administrator

7. Select Installation from the Planning menu

8. Select New SQL Server stand-alone installation or add features to an existing installation. This starts the installation process on the windows server.

   Note

   Install SQL SERVER Data Tools and Install SQL SERVER REPORTING SERVICES is not needed.

9. Click Next.

10. Leave Use Microsoft Update to check for updates (recommended) unchecked. Server upgrades and SQL SERVER upgrades are normally scheduled by the BASIS team.

11. Click Next.

12. Check the I accept the license terms and Privacy Statement option.

13. Click Next.

14. If an error occurs due to a firewall warning, contact Syniti Support.

15. Click Next.

16. Select the following options:

    1. Database Engine Services—required

    2. SQL Server Replication—Not required

    3. Full-Text and Semantic Extractions for Search—Not required

    4. Data Quality Services—Not required

    5. Data Quality Client—Not required

    6. Client Tools Connectivity—Not required

    7. Integration Services—Not required

    8. Scale Out Master—optional

    9. Scale Out Worker—optional

    10. Client Tools Backwards Compatibility—required

    11. Client Tools SDK—required

    12. SQL Client Connectivity SDK—required

17. Change the drive for Instance root directory, Shared feature directory, and Shared feature directory (x86) to :D\.

18. Click Next.

19. If desired, select the Named instance option and enter an instance name.

20. Click Next.

21. Select the option to Grant Perform Volume Maintenance Task privilege to SQL Server Database Engine Service.

22. Click Next.

23. Select the Mixed Mode (SQL Server authentication and Windows authentication) option.

    Note

    Syniti Knowledge Platform only supports Mixed Mode authentication.

24. Enter and Confirm the SA Password.

25. Click Next.

Install SSMS

The Client Software must be downloaded onto the application server. This process is required to use SSMS and SQL SERVER Drivers on the Windows Server.

To install SSMS:

1. Download the latest version of SSMS from Microsoft into the Software Install Folder on the D:\ drive.

2. Right-click on SSMS-Setup-enu and select to run as an administrator.

3. Change the directory on the Location from C:\ to D:\.

4. Click Install.

5. Click Close.

6. Reboot the server.

Install HANA Driver

The HANA Driver is required to extract data from SAP HANA

To install the HANA Driver:

1. Download the SAP_HANA_CLIENT_xx into the Software Install folder on the D:\ drive.

2. Move the SAP_HANA_CLIENT_xx file into the Software Install folder.

3. Extract SAP_HANA_CLIENT_xx.

4. Double-click to open SAP_HANA_CLIENT_xx.

5. Double-click to open SAP_HANA_CLIENT.

6. Right-click on the hdbsetup application file and select to run as an administrator.

7. Change the directory in the Install new SAP HANA Database Client field to :D\.

8. Once the installation has successfully completed, click Finish.

9. Reboot the server.

Install JAVA JRE

1. Download the Java JRE into the D:\Software_Install folder.

2. Right-click on the jre-8u161-Windows-x64 file and select to run as an administrator.

3. Select the Change destination folder option and change the directory to D:\.

4. Click Install.

5. Click Next.

6. Once the install completes successfully, click Close.

7. Reboot the server.

Install Oracle Driver

1. Download the latest Oracle Client software into D:\Software_Install folder.

2. Copy the Oracle_xxxx_Client file into the Software Install folder.

3. Extract the Oracle_xxxx_Client file.

4. Double-click to open the Oracle_xxxx_Client folder.

5. Double-click to open the Client folder.

6. Right-click on the setup file and select to run as an administrator.

7. Select the Administrator option to install the OLE Drivers and different language packs.

8. Click Next.

9. Select the Use Windows Built-in Account option.

10. Click Next.

11. Change the Oracle base file path to the D:\drive and remove the User Name as a sub-folder, i.e. D:App\Client or D:\Oracle.

12. Click Next.

13. When the Prerequisites Check process has successfully completed, click Install.

14. Reboot the server when the installation process is complete.

Install Access Driver

1. Download the MS Access driver (accessdatabaseengine_x64.exe) into the D:\Software_Install folder.

2. Navigate to D:\Software_Install\accessdatabaseengine_x64.exe.

3. Right-click on the setup application file and select to run as an administrator.

Install Syniti Data Replication

The Replication Engine is a data integration component designed to stream data between source and target datastores using a variety of batch and change data capture techniques.

1. Download the latest release of Syniti Data Replication into the D:\Software_Install folder.

2. Verify you have a license available.

3. Right-click on the setup application file and select to run as an administrator.

4. Click Next.

5. Select the I accept the license agreement option.

6. Click Next.

7. Click Browse… to change the Destination Folder to D:\SDRService or D:\SynitiDataReplication.

   Note

   Do not install on the C:\ drive. Temp files and log files may fill up the C:\ drive.

8. Click Next.

9. Select the Standard Installation option.

10. Click Next

11. Click Import… to import the SDR License.

    Note

    The SDR License file is provided by Syniti Support. Default files are located at D:\Software_Install.

12. Click Next.

13. Select the Disable digital signing verification (Recommended) option.

14. Click Next.

15. Click Next.

16. Click Install.

17. When the installation process has successfully completed, click Finish.

Install the Replication Engine

Refer to Installing Syniti Replicate for installation steps.

HTTP Port and SSL

Ensure the Replication Agent has the correct HTTP Port and SSL value. This value is set using the Agent HTTP Port field in the Replication Agent Options in the Replicate Management Center.

You can access this page by right-clicking on the Replication server in the Replication Management Center and selecting Replication Agent Options from the menu.

The Enable Agent HTTP SSL value must be set to True.

Add External Access (Windows Firewall and Replicate Server Agent)

Use the following steps to add external access to port 58380 to the Windows Firewall and port 58361 to the Replicate Server Agent:

1. Open Windows Defender with Advanced Security.

2. Click Inbound Rules in the left pane.

3. In the Actions panel on the right, select New Rule…

4. Select the Port option and click Next.

5. Retain the default TCP setting and enter 58380 in the Specific Local Ports field.

6. Retain the default Allow the connection option and click Next.

7. Retain the settings for Domain, Private and Public and click Next.

8. Enter a Name for the rule (in the example below, Agent58380 is used), and click the Finish button.

Install Steps for Linux Server

Install Agent

1. There are two options for the install script to be created on the Linux server, either to transfer it from the support site download or to copy and past the content into a new install script file on the Linux server.

2. If you have the ability to SCP the file to the server then locate the installation file relevant to your Linux environment and run the scp command to transfer the file.  e.g. scp -i <pem file> syniti_install_<os>.sh <user>@<server address>:~

3. If not you can open the file on your local machine and follow the instructions below (steps 4-9).

4. Open Install Script using the Notepad Windows application.

5. Click Ctrl+A and Ctrl+C to put all the script into the memory buffer.

6. Log on to the Linux server.

7. Open VI (i.e., VI syniti_install_ubuntu.sh).

8. Right-click to paste the script into the VI editor.

9. Enter :wq to save the file
   OR
   Use FTP to send the file to the Linux server.

10. Run command sudo bash <install script> -<region>.
    Note: Where <region> is replaced by -u for US, -e for EU, -a for AU and -c for CA depending on where your SKP tenant is located.

11. Sudo reboot to reboot the Linux server.

12. Sudo systemctl status syniti-rdc to display the system Status.

13. Sudo systemctl restart syniti-rdc to restate Server Agent.

Obtain Public Key for the Syniti Connector

1. Log into the Linux server.

2. Enter ‘sudo wg’.

3. Copy the Public Key from the terminal screen.

Setup Steps for Cloud Services

Syniti Knowledge Platform Connector Registration

Note

You must be logged in to the Syniti Knowledge Platform as a user that has the necessary permissions to register a Syniti Knowledge Platform Connector. For more information about setting up user permissions, refer to Manage User Security.

To register the Syniti Knowledge Platform Connector:

1. Click the user avatar in the top right corner.

2. Click Admin in the Profile menu.
   

3. Click SKP Connectors on the Admin menu.

4. Click the Register SKP connector button.
   

5. Enter a name for the connector in the Name field.

   Note

   Syniti recommends naming the Syniti Knowledge Platform Connector with information such as the IP address or other identifying information to assist with troubleshooting if necessary.

6. Paste the public key value from the server where the Syniti Knowledge Platform Connector is installed in the Public Key field.
   

7. Click Save.

8. Click Confirm.

9. Click SKP Connectors in the Admin menu to return to the Connectors page.

10. Locate the connector created in the previous steps and click the Test connection button.

    Note

    It may take up to 60 seconds for the initial handshake to be established. If the test connection fails, try again after a couple minutes.

11. A successful test is confirmed with a green check in a green circle in the Last Test Result column.

SKP Catalog Setup

1. Select Catalog from the Home menu.

2. Click the Create new system button.

3. Enter the necessary information on the Create a New System page.

4. Click the Save button.

5. Go to the System Connections page.

6. Click the Create connection button.

7. Enter a Name for the Connection.

8. Select the Connection Type from the Type selection box.

9. Enter the appropriate information for the selected Connection Type.

10. Select an agent from the Agents selection box.

    Note

    The connection must be assigned to an agent in order to test the connection.

11. Click the Save button.

12. Click the Test connection button on the Connection Details page.

    Note

    The connection must be available from the SKP Connector (Linux) server for the test connection to run successfully.

The Admin Connections page can be used to test connections after they have been created.

Replication Hub Registration

Note

You must be logged in to the Syniti Knowledge Platform as a user that has the appropriate permissions to register a Replication Hub. For more information about setting up user permissions, refer to Manage User Security.

To register the Replication Hub:

1. Click the user avatar in the top right corner.

2. Click Admin in the Profile menu.

3. Click Replication Hubs in the Admin menu.

4. Click the Register replication hub button.

5. Enter a descriptive Name for the Hub.

6. Enter the Address of the Hub. This is the public IP of the Windows Server that is hosting the Replication Agent and the port, for example, https://1.2.3.4:58380.

7. Choose the SKP Connector from the list that will connect to the Replication Hub.

   1. The Windows Server hosting the Replication Agent must have inbound access to the SKP Connector’s public IP address on port 58380.

8. Leave the Windows Replication Agent toggle in the Off position. It can be enabled later if necessary.

9. Click the Test and save button. You will be redirected to the Replication Hub Details page.

Appendix A - Syniti Data Replication Source and Target Connectivity

Provide the following for each database connection:

• Read-only database credentials

• Database named user (not an AD account)

• Non-expiring password

• TNS Names entry (Oracle only)