Connection Options

Last updated on Jun 04, 2024

Direct connection

Hevo connects to your Source database or SaaS application directly with the database login credentials, API Keys, or OAuth tokens. This method is the easiest way to connect. However, you can connect directly to database Sources only if the database is publicly accessible. Refer to the respective Source documents for the steps to configure such Sources.

Secure Shell (SSH) connection

Hevo allows for both SSH and Reverse SSH connections to database Sources. This connection method enhances the security of remote connections when your database is not publicly accessible. To connect to an SSH tunnel server, you must allow access to your database from Hevo’s IP address of the region where your account is created. However, this type of connection may introduce latency in the Pipeline due to encryption and tunneling. Read Connecting Through SSH and Connecting Through Reverse SSH Tunnel for the steps to set up the SSH and Reverse SSH connections, respectively.

Note: SSH connections are available for database Sources only.

Virtual Private Network (VPN) connection

Hevo provides you with the option of connecting through a VPN to your Source and or Destination databases that are not publicly accessible. In this method, Hevo connects through an Internet Protocol Security (IPSec) VPN to your database hosted on-premise, in a non-AWS cloud, or in a hybrid setup. This connection method enhances security and provides access control, compliance adherence, and flexibility. Read Connecting Through VPN for the steps to implement this method for your account.

Through Amazon Web Services

You can connect through Amazon Web Services (AWS) to your Source and or Destination database inside an AWS Virtual Private Cloud (VPC) using one of the following methods:

AWS PrivateLink for MongoDB: This method facilitates communication between your MongoDB Atlas cluster deployed in an AWS VPC and Hevo using the AWS PrivateLink service. This service enables private and secure access to other AWS services through AWS VPC endpoints. A VPC endpoint is a virtual device that allows seamless communication between VPCs within the same region. This connection method simplifies network management and enhances data security, as your data does not leave the AWS network. Read Connecting through Mongo PrivateLink for the steps to implement this option for your account.
AWS Transit Gateway Peering: This method facilitates communication to your Source or Destination database via a transit gateway peering attachment. A transit gateway acts as a virtual router, allowing you to manage your network easily if you have multiple VPCs. You can route traffic from various VPCs through a transit gateway to Hevo’s VPC. This connection method enhances data security, as your data does not leave the AWS network. Read Connecting Through AWS Transit Gateway for the steps to implement this option for your account.
AWS VPC Endpoint: This method facilitates a direct connection between your VPC and Hevo’s using an AWS PrivateLink. A VPC endpoint is a virtual device that allows seamless communication between VPCs within the same region. This connection method reduces latency, optimizes data transfer, and enhances data security, as your data does not leave the AWS network. Read Connecting Through AWS VPC Endpoint for the steps to implement this option for your account.
AWS VPC Peering: This method facilitates communication between two VPCs using private IP addresses. This connection method provides optimized network communication, enhanced data security, and reduced network costs, as your data does not leave the AWS network. Read Connecting Through AWS VPC Peering for the steps to implement this option for your account.

Note: All connection options via AWS are feasible only if your Source and or Destination database is hosted in AWS.

Selecting the Optimal Connection Option for Database Sources

In the case of database Sources, you can consider the following parameters while deciding the connection type:

Data Sensitivity: If your database does not contain any sensitive data, you can establish a direct connection between Hevo and the database for optimal data replication. However, for sensitive data, an SSH, a VPN, or one of the VPC connection methods is recommended due to its enhanced encryption and tunneling.
Database accessibility: If your database is:
- Hosted on-premise or on a public cloud network, you can directly connect it to Hevo.
- Not publicly accessible over the internet, you can set up an SSH or a VPN connection.
- Hosted in an AWS VPC different from Hevo, you can set up a connection using one of the AWS VPC methods.

Optimizing the Data Replication for Database Sources

To optimize the Pipeline performance and data replication efficiency for your SaaS or database Source, ensure that your Source database or application is either colocated or geographically closest to the region where you create the Pipeline. For example, create your Pipeline in the US region if your database or application is present in the US region.

Note: Since the data ingestion takes longer than loading, the account is usually set up where your data lies. However, you can optimize on the Source or Destination location, or select a different region altogether.

Articles in this section

Revision History

Refer to the following table for the list of key updates made to this page:

Date	Release	Description of Change
Jun-04-2024	NA	Added information about the AWS PrivateLink for MongoDB connection method.
May-20-2024	NA	Added information about the VPN connection method.
Apr-15-2024	NA	- Added content for AWS VPC Endpoint connection option. - Reorganized the Connection Options overview into subsections.
Apr-08-2024	NA	Added the AWS transit gateway peering connection option.
Mar-25-2024	NA	Added AWS VPC Peering as a connection option and removed VPC connection.
Apr-14-2023	NA	New document.