If it's not possible to provide direct access to your database port, or you would like to add an extra layer of security, you can connect your data to Sisu via an SSH tunnel.
Understanding SSH Tunneling
SSH tunnelling (or SSH port forward) is a method of creating an encrypted SSH connection between a client and server, and vice-versa.
The benefits of using SSH tunneling include:
- Connecting to your database over a secured tunnel.
- SSH is a security-focused product, so it is more secure than simply using encrypted connection.
- As long as you keep SSH up to date on your side, it’s a more reliably secured protocol regardless of your data source type or version.
- System administrators and security professionals are generally familiar with securing SSH and prefer to deal with SSH over securing various database connections individually.
Just like our other data processing pipelines, data that we pull from your data source is never stored anywhere. SSH tunneling is simply an additional layer of protection.
Connecting via an SSH Tunnel
To connect via an SSH tunnel server:
- Contact Sisu at firstname.lastname@example.org to request a public SSH key.
- Set up an SSH tunnel server that can connect to your database.
The SSH tunnel server's SSH port needs to be accessible from Sisu’s public IP ranges. (See he Allowlisting Sisu Static IPs for Data Sources article for a list of Sisu's IP ranges).
- Create a SSH user for Sisu and add the public key from Step 1 as an authorized key.
- Provide the following information back to Sisu:
* SSH tunnel server public IP
* Database server private IP address
* Database server port
- Expect a response from Sisu with the IP address you should use to configure the data source connection.