SaaS Integration Model

The Software as a Service (SaaS) integration model uses NEXUS SaaS connectors to expose a web-based REST interface over Hypertext Transfer Protocol Secure (HTTPS), secured with Transport Layer Security (TLS). This interface enables client systems to integrate with NEXUS either on demand or through scheduled execution.

The SaaS connectors support both client-driven data submission and cloud-initiated data retrieval from client systems.

Connector Behaviour

Typically, a dedicated portion of the Microsoft Azure cloud infrastructure is provisioned to host the NEXUS SaaS connectors alongside the NEXUS platform.

Once deployed, clients are provided with REST application programming interface (API) documentation describing the available endpoints and their purpose. These endpoints enable data to be ingested into NEXUS through the SaaS connectors using one of two approaches:

  • Client-driven execution, where client systems call the REST API endpoints and submit data payloads.

  • Scheduled execution, where the SaaS connector runs at defined intervals and retrieves data from client systems by pulling from their data sources and executing the workload in the cloud.

Deployment Topologies

1. Client-driven REST cloud deployment

This topology is used when the client initiates execution of the SaaS connector through REST API calls. The following diagram shows an example of a typical setup:

_images/data.connectors.cloud.client.png

Execution flow

  1. The client sends an authorised REST request containing a JSON payload to the connector. The request includes an identifier that tells the connector which execution flow to use.

  2. The connector returns a result payload describing the execution state of the flow. This enables the client system to poll the execution state and outcome of the flow.

  3. The connector executes the specified data flow using the supplied payload and submits valid data to the NEXUS IC-Web interface.

2. Logic App-driven cloud deployment

This topology is used when execution is initiated by a cloud-based scheduler, such as an Azure Logic App. The following diagram shows an example of a typical setup:

_images/data.connectors.cloud.logicapp.png

Execution flow

  1. The Logic App triggers based on a schedule expression, such as a Cron expression, and invokes the SaaS connector over REST, passing only the connector identifier or flow identifier.

  2. The connector starts the configured flow and determines, from the flow configuration, the method to obtain the required source data.

  3. The connector processes the retrieved source data and submits valid data to the NEXUS IC-Web interface.

Security Considerations

  • All REST API traffic between connectors and data sources is:

    1. Encrypted over HTTPS using TLS, with a minimum cipher suite of TLS_RSA_WITH_AES_128_CBC_SHA.

    2. Requires a credential artefact known as a function key, which supports immediate value rotations at a clients’ request.

  • All inbound and outbound traffic involving on-premises connectors in a hybrid-cloud configuration follows the same security controls described above.