Tunnel from Transcend to your Private Database
For database integrations, we recommend customers self-host Sombra where it can directly connect to their databases. This is the most secure method, as it:
- Lets you use your own encryption keys, so Transcend cannot access the data in your database.
- Keeps your database private, with the only ingress change being that Sombra can connect to it.
- Lets you fully control the region where Sombra resides, ensuring compliance with regional data tenancy requirements.
- Ensures data classification occurs within your firewall if desired.
However, if you cannot or choose not to self-host Sombra, you can use Transcend's multi-tenant Sombra instance to connect to your databases. In this case, ensure that your databases remain protected.
With Transcend, you have the following options:
- If your database has public endpoints, no action is needed, and you can connect directly to your database. We strongly discourage this option!
- If you're comfortable with IP address allowlisting, follow this guide to allow our Sombra to connect to your database.
- If you prefer a private tunnel and use AWS, you can set up AWS PrivateLink endpoints using this guide.
AWS PrivateLink is an Amazon service for opening communication channels between AWS Accounts.
In this case, our multi-tenant Sombra instances need to communicate with your databases. We'll open a tunnel from our AWS account to yours.
To start, set up a PrivateLink endpoint service by following this guide.
Make sure to:
- Allowlist our AWS Account ID:
829095311197
, so we can open connections to your service. - Contact our customer support and provide your service endpoint address.
- Set up the endpoint service in
us-east-1
if using our US backend oreu-west-1
if using our EU backend.- If your database is not in one of these regions, you can set up a VPC in the appropriate region and use VPC peering, as described here.
- Approve our client if your PrivateLink service requires approval for incoming connections.
Once our VPCs connect to your endpoint service, you can set up database integrations from the Admin Dashboard.