Skip to main content
Language Selector

  1. Other Languages

    (machine translation)

Planview Customer Success Center

How can I connect Hub Cloud to an On-prem repository?

  1. Last updated
  2. Save as PDF

Last Updated:    |  Applicable Hub Versions: Cloud

Answer

Hub Cloud can directly connect to cloud repositories (such as Atlassian Cloud); however, some additional configuration may be necessary to connect to on-prem repositories.

On-prem repositories are hosted behind a firewall or router on a private network and are not directly accessible from the public internet. For Hub Cloud to connect to these repositories, the following must be implemented:

  • An internet-resolvable hostname
  • Third-party signed certificate for the repository configured for the hostname
  • Access for Hub Cloud into the firewall or router pointing to the specified repository, via Port Forwarding or Reverse Proxy

Port Forwarding

The firewall or router that is reachable from the public internet needs to forward a port to the on-prem repository. Any port can be exposed as long as it forwards to the HTTPS-enabled port of the repository, such as Jira Server or GitHub Enterprise. 

For Hub to access the repository, the hostname and forwarded port of the firewall or router needs to be specified in Hub. When a repository has more than a single server, the forward should be fixed to a single server via a ‘sticky-bit’ in the firewall or router settings. If there is more than a single server without this configuration, users will likely experience issues with the connection.

To increase security, it is strongly recommended that users limit access to the forwarded port to the static IP address of Hub. Customer care can provide the IP address which is unique to their instance of Hub.

Note: The IP address you use to access the Hub Cloud server for your particular organization (e.g., https://company.tasktop.net) is not the same IP address that the Hub Cloud instance will use to connect to the repository.

Port Forwarding

In Hub, the repository connection will point to the public hostname of the firewall or router. Typically, the certificate used for the HTTPS connection will not specify a name that matches the public IP address. In order to connect, the SSL certificate must be signed by an internet authority, and an internet-resolvable hostname for this certificate must be used.

Jira Repository Connection

Reverse Proxy / API Gateway

A reverse proxy or an API gateway is a type of security device that acts on behalf of the application servers on a network, hiding the servers themselves from traffic that might be malicious. It acts as a proxy or front-end to the repository servers. 

Because this device sits both on the internet and the internal network, it has complete control over which API endpoints are available, as well as the contents of the message. These proxies are designed for public exposure on the internet and keep your internal server completely hidden away.

You can further secure access to the proxy by allowing access to only our IP addresses, requesting our SSL client certificates, or requiring custom HTTP headers. Please contact customer care for any assistance needed on this.

NoteHubop does not currently support users who would like to import their SSL certificates for Hub cloud to connect to on-prem repositories or EDS databases.