I'm testing the Data Catalog's ability to access a remote(to IBM's cloud) relational database. I provisioned a NoSQL database using AWS RDS service. I wanted to set the AWS security group to only permit access from the IP address used by the Data Catalog. I used AWS logging to determine the IP address used by Data Catalog and set the security group to permit access from that IP. Data Catalog was able to access the MySQL database and access the data. However, the next day it stopped working. Reviewing the access logs on AWS showed the IP address used by the Data Catalog had changed. I tried this several different times and at some point the IP address of the Data Catalog would change (the "From" address as seen by the AWS security group.) The class-A subnet also changed making it impossible to create a generic IBM cloud filter. I realize IP addresses are a bad approach but, unfortunately, are in use as security filters by clouds and on-premise systems.
Is there any way to specify a public IP address for the Data Catalog to use that doesn't change?
I don't know if the observed behavior is coming from Data Catalog or the networking layer of Bluemix and/or Softlayer.
My next step is to try setting up a Security Gateway between Bluemix and AWS with the idea I can get the Data Catalog to use the Security Gateway to tunnel over to a virtual lan segment at AWS where the database resides.
|Who would benefit from this IDEA?||As a customer I want to access an on-premise or remote cloud protected by IP address based security filtering|
|IBM's success depends on gathering feedback from customers like yourself. Aha Ideas Portal is the third party tool through which IBM Offering Managers gather feedback from customers such as yourself.|
|IBM is a global organization with business processes, management structures, technical systems and service provider networks that cross borders. As such, the information collected through Aha Ideas Portal (Customer Name, Customer Email Address) will be stored by them in the United States, and handled only as per IBM's instructions and policies. Your data (Name and Email Address) will NOT be shared with other IBM customers.|
|In order to safeguard your information in Aha, do not leave your workstation unattended while using this application, log off after using it, and print only if necessary. If you need to make a hardcopy, remember to pick up the print-out immediately, keep it under lock, and destroy it immediately when no longer needed.|
|NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "email@example.com" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions|