How-to | Access data sources through a VPN server

Dataiku Cloud offers multiple ways to connect to your data sources leveraging a VPN:

• OpenVPN

• VPN IPSec

• Custom DNS Servers

OpenVPN

You can configure an OpenVPN tunnel between Dataiku Cloud and your network to access your private data sources. The OpenVPN server is under your control, and it exposes your data sources. Dataiku uses an OpenVPN client to establish the VPN connection and reach them.

Important

• OpenVPN is not available in all Dataiku plans. You may need to reach out to your Dataiku Account Manager or Customer Success Manager.

• The private subnets exposed by your OpenVPN server or VPN IPSec Gateway should not overlap with the following CIDR ranges: 10.0.0.0/16, 10.1.0.0/16, 172.20.0.0/16, 10.11.0.0/16 and 10.94.0.0/16.

• To enable VPN tunneling, the Dataiku instances need to be restarted. This operation could take up to 15 minutes.

To configure the VPN:

1. Go to Launchpad’s Extensions panel.

2. Add the VPN extension.

3. Provide an OpenVPN configuration file for clients.

You can choose between:

Routing all traffic	If this option is selected, all outgoing traffic from Dataiku will go through the VPN tunnel. In this case, ensure that all your data sources are accessible from your VPN server, and that your VPN server can also route traffic to the internet so your Cloud instances can function properly.
Routing the traffic to a list of IP ranges	If you deselected the all traffic option, you must list all addresses or ranges for which the traffic will be routed through the VPN.

VPN IPSec

Each VPN tunnel configuration tends to have unique edge cases. Please contact the Dataiku account team to complete this configuration.

Custom DNS Servers

With both OpenVPN and VPN IPSec, you can optionally configure custom DNS servers. This allows you to use your own DNS servers to resolve the domains of your private data sources accessed through the VPN.

In the Launchpad VPN extension (OpenVPN or VPN IPSec), you can specify multiple DNS servers by providing their IP addresses. For each DNS server, you can associate a list of domains that should be resolved using it. The domains assigned to each DNS server can be distinct or overlapping. Any domains not specified will continue to be resolved by the default Dataiku DNS servers.

Tip

Suppose you have two private domains: internal.company.com and private.company.net.

• You can assign internal.company.com to DNS server 10.30.0.5 and private.company.net to DNS server 10.30.0.6. For example: internal.company.com=10.30.0.5,private.company.net=10.30.0.6.

• Any other domains will be resolved by the default Dataiku DNS servers.