Skip to main content
The Connect Gateway is an on-premises gateway, which you can run as a Docker container or deploy to Kubernetes via Helm. The gateway acts as a secure reverse tunnel between the data behind your company’s firewall, private network, or Virtual Private Cloud (VPC) and the Connect AI cloud-based services. It allows Connect AI to access your data without exposing your data directly to the internet.
Connect Gateway Architecture
You then register each gateway in the Connect AI user interface, within the individual connection setup. You can have gateways in multiple locations. You must register a gateway in Connect AI for each location. The Connect Gateway provides high availability by supporting multiple gateway instances—either multiple Docker containers, or replicas in a Kubernetes deployment—pointing to the same location and account Id. If one instance goes down, requests are automatically routed to the remaining gateway instances. The following diagram shows how Connect Gateway supports multiple locations and multiple data sources.
Connect Gateway Architecture Advanced
Currently, Connect AI supports the following connectors with the Connect Gateway: Contact CData Support if you need a different connector with the Connect Gateway. Setting up the Connect Gateway involves three main steps:
1
Register the Connect Gateway in Connect AI.
2
Install and run the on-premises gateway in each location where your on-premises data is located. You can either deploy the Connect Gateway with Docker or deploy the Connect Gateway on Kubernetes.
3
Finish the Connect Gateway setup in Connect AI to test the gateway and complete the connection.

Register the Connect Gateway in Connect AI

To register the Connect Gateway in Connect AI:
1
Go to Sources and click Add Connection for a new connection, or edit an existing connection.
2
Click the Gateways tab in the Add/Edit Connection page.
3
In Gateways, click Add. The Add Gateway dialog appears.
Add Gateway
4
Enter a descriptive location name to identify where the gateway is installed, and click Confirm.Your location appears in the Gateways list, along with a key and a Pending status. Click the eye icon to view the key.
Gateways List
You need to copy the following values for the on-premises gateway (click the copy icons):
  • Account Id–this is the ACCOUNT_ID environment variable for the on-premises gateway.
  • Location Id–this is the GATEWAY_LOCATION_ID environment variable for the on-premises gateway.
  • Key–this is the GATEWAY_API_KEY environment variable for the on-premises gateway.

Deploy the Connect Gateway with Docker

The on-premises gateway is a lightweight service that runs inside your network and acts as a secure reverse tunnel between Connect AI and your local data sources. The gateway registers itself with Connect AI on startup. It then listens for incoming connections, via Azure Relay technology, without ever exposing them to the public internet. The gateway is protocol-agnostic: it forwards raw bytes without any knowledge of the database protocol (such as MySQL, PostgreSQL, or SQL Server), making it compatible with any TCP-based data source.

Prerequisites

To run the Connect Gateway as a Docker container, you must have the following:
  • Docker installed on the host machine.
  • Network access to cloud.cdata.com.
  • The gateway created in Connect AI.

Environment Variables

The following environment variables are required to run the gateway:
VariableDescription
GATEWAY_LOCATION_IDThe unique identifier for this gateway instance. Copy the value under the user-defined Location Name in the Gateways list in Connect AI.
GATEWAY_API_KEYThe secret API key used to authenticate this gateway with Connect AI. Copy the value under Key in the Gateways list in Connect AI.
ACCOUNT_IDYour CData Connect AI account identifier. This is specific to your organization. Copy Account Id in the Gateways list in Connect AI.

Run the Gateway in Docker

Run the gateway as follows: 
docker run \
    --name my-onprem-gateway \
    -e GATEWAY_LOCATION_ID=<gateway_location_id> \
    -e GATEWAY_API_KEY=<gateway_api_key> \
    -e ACCOUNT_ID=<account_id> \
    connectaipublic.azurecr.io/connectgateway:latest
docker run will pull the Docker image from the registry if it is not already present on the host.

View Docker Logs

docker logs -f my-onprem-gateway

Stop the Gateway

docker stop my-onprem-gateway
docker rm my-onprem-gateway

Docker Compose

Copy the following and save as docker-compose.yml: 
version: "3.8"

services:
  onprem-gateway:
    image: connectaipublic.azurecr.io/connectgateway:latest
    container_name: my-onprem-gateway
    restart: unless-stopped
    environment:
      GATEWAY_LOCATION_ID: <gateway_location_id>
      GATEWAY_API_KEY: <gateway_api_key>
      ACCOUNT_ID: <account_id>

Start the Gateway

docker compose up
docker compose up will pull the Docker image from the registry if it is not already present on the host.

View Logs

docker compose logs -f

Stop the Gateway

docker compose down

Deploy the Connect Gateway on Kubernetes

The Connect Gateway Kubernetes Helm chart is available in a GitHub repository. Kubernetes deployment requires the following:
  • Kubernetes 1.25 or later
  • Helm 3.10 or later
  • Metrics Server installed on your cluster (required for memory-based autoscaling)
  • Network egress from the cluster to cloud.cdata.com
  • Your Account Id, Location Id, and Key from Connect AI. See Register the Connect Gateway in Connect AI for the location of these values.

Quick Start

Add the Helm repository: 
helm repo add cdata https://cdatasoftware.github.io/connect-gateway-helm
helm repo update
Install the chart: 
helm install connect-gateway cdata/connect-gateway \
  --set gateway.locationId=<location-id> \
  --set gateway.accountId=<account-id> \
  --set gateway.apiKey=<api-key> \
  -n connect-gateway --create-namespace
You can also install directly from a GitHub release. This is useful for air-gapped environments or when you do not want to add a Helm repo. Replace the version in the URL below with the latest release. 
helm install connect-gateway \
  https://github.com/CDataSoftware/connect-gateway-helm/releases/download/v1.0.0/connect-gateway-1.0.0.tgz \
  --set gateway.locationId=<location-id> \
  --set gateway.accountId=<account-id> \
  --set gateway.apiKey=<api-key> \
  -n connect-gateway --create-namespace
For production, create a Kubernetes Secret containing your gateway credentials and pass --set existingSecret=<secret-name> instead of --set gateway.apiKey=…. Passing the API key with --set writes it to shell history and to the Helm release’s stored values. See the Helm chart Readme file for secret-management patterns.

Verify the Gateway is Running

Check that the gateway pods are ready and view their logs: 
kubectl get pods -n connect-gateway
kubectl logs -n connect-gateway -l app.kubernetes.io/name=connect-gateway -f

Upgrade the Gateway

helm repo update
helm upgrade connect-gateway cdata/connect-gateway -n connect-gateway

Uninstall the Gateway

helm uninstall connect-gateway -n connect-gateway
Refer to the Helm chart Readme file for the full list of installation options, configuration values, and secret-management patterns.

Finish Connect Gateway Setup

Return to Connect AI and finish the Connect Gateway setup.
1
After you complete the steps to deploy the Connect Gateway with Docker or deploy the Connect Gateway on Kubernetes, you can test the gateways you added to Gateways. Click the Connect Gateway tab of the Add/Edit Connection page. Click Test Gateways. The Status turns to Success if all gateway setup is complete.
You still need to click Save & Test to test the entire connection.
2
Return to the Basic Settings tab of your connection. Under Connection Type, select Connect Gateway.
3
Select the Connect Gateway location to use from the drop-down list.
Basic Settings
4
Enter the Authentication instructions for the connector according to the connector’s Documentation pane.
5
Click Save & Test to authenticate your connector.