{
  "access": "public",
  "type": "reference",
  "format": "markdown",
  "title": "Private Connectors",
  "chunked": true,
  "url": "https://library.datagrout.ai/private-connectors",
  "summary": "Private Connectors provide secure access to on-premise systems without opening inbound firewall ports. They create outbound-only tunnels from your network to DataGrout.",
  "content_markdown": "# Private Connectors\n\nPrivate Connectors provide secure access to on-premise systems without opening inbound firewall ports. They create outbound-only tunnels from your network to DataGrout.\n\n## How It Works\n\nDeploy a lightweight connector appliance in your network or cloud. The connector establishes an outbound VPN tunnel to DataGrout's VPC. Once connected, your internal tools appear in your server just like cloud integrations.\n\n### Architecture\n\nThe connector runs a VPN client and a relay service. When an agent calls a tool that routes through the connector, DataGrout sends the request through the VPN tunnel. The relay service forwards it to your internal system and returns the response.\n\nTotal latency overhead is typically 10-30ms.\n\n## Setup\n\n### Step 1: Deploy Connector\n\nDeploy the connector template on AWS, Azure, GCP, or your own infrastructure. The connector is a small Linux instance that requires minimal resources (1 vCPU, 512 MB RAM).\n\n### Step 2: Configure VPN\n\nChoose a VPN provider:\n- **NetBird**: WireGuard-based, zero-config, recommended for new deployments\n- **WireGuard**: Industry standard, minimal overhead\n- **OpenVPN**: Enterprise standard, maximum compatibility\n- **Custom**: Bring your own VPN solution\n\nConfigure the connector with VPN credentials (activation token, certificates, or config files).\n\n### Step 3: Configure in DataGrout\n\n1. Go to Integration → Private Connector tab\n2. Enter connector details:\n   - Name and description\n   - VPN provider and credentials\n   - Target host and port (your internal system)\n3. Save\n\n### Step 4: Verify Connection\n\nCheck the connector status in the UI. Once active, test by calling a tool that routes through the connector.\n\n## Security\n\nConnectors use mTLS authentication. Each connector is isolated and single-tenant. Only outbound connections are required—no inbound firewall ports.\n\nVPN tunnels are encrypted end-to-end. Credentials are encrypted at rest and never logged. Connectors can only reach the configured target host and port.\n\n## Use Cases\n\n### SAP ERP Access\n\nConnect to SAP instances in your data center. Deploy a connector, configure it to target your SAP endpoint, and all SAP tools become available to agents.\n\n### Oracle Database\n\nAccess Oracle databases on private subnets. The connector forwards database queries through the secure tunnel.\n\n### Legacy Systems\n\nConnect to AS/400, Dynamics on-premise, or other legacy systems. Build a thin HTTP wrapper if needed, then route through the connector.\n\n### Multi-Site Access\n\nDeploy multiple connectors for different locations. One connector for US datacenter, another for EU datacenter. Both appear in your unified server endpoint.\n\n## Management\n\n### Health Monitoring\n\nConnectors report health status every 60 seconds. Status indicators show Active, Degraded, or Down. View status, uptime, and latency in the UI.\n\n### Maintenance\n\nConnectors auto-update with zero-downtime deployments. VPN tunnels reconnect automatically. Deploy multiple connectors for high availability with automatic failover.\n\n## Performance\n\nTypical overhead is 10-30ms. Throughput depends on instance size—nano instances handle ~10 requests/second, micro instances ~50 requests/second.\n\nConnection pooling reduces latency by reusing TCP connections to internal systems.\n\n## Troubleshooting\n\nIf the connector won't connect, check VPN credentials, verify outbound ports are open (51820 for WireGuard, 1194 for OpenVPN), and ensure the connector has internet access.\n\nIf the integration can't reach the target, verify the target host and port are correct, check internal firewall rules, and test connectivity from the connector.\n\nIf performance is slow, deploy the connector closer to your datacenter, upgrade the instance size, or enable connection pooling.\n\n## Pricing\n\nPrivate Connectors are included in Enterprise plans (3 connectors). Additional connectors are available as add-ons. You pay for the cloud instance separately (typically $5-10/month for a nano instance).\n"
}