TrendMiner SaaS with one or more on-premise data source(s)
In this scenario, a secure connection needs to be established between the TrendMiner SaaS platform hosted in the cloud and the on-premise data source(s). This is managed by setting up a secure VPN tunnel between the two locations.
From an infrastructure ownership point-of-view, it is important to note that the on-premise components are to be managed by the customer’s organization. From our Security by Default approach, the TrendMiner organization will not manage and access on-premise systems.
Architecture schema
 |
Example reference architecture for TrendMiner SaaS with on-premise data source(s)
The analytics platform is deployed in a dedicated customer tenant in the cloud. This instance is managed and operated by TrendMiner.
On the customer side, the Plant Integrations module is installed on a Windows server. This module is configured to connect to the on-premise data sources. The module is managed and operated by the customer.
A secure VPN tunnel is created between the on-premise Plant Integrations and the cloud tenant. For example, through an Azure VPN Gateway.
Strengths
Ability to outsource operations to the TrendMiner operations teams
SaaS platform hosted in desired region
Easily connect to existing on-premise data sources without the need to migrate them to the cloud
Considerations
Collaboration between TrendMiner and customer IT required to set up an IPSEC VPN tunnel
Plant Integrations connector must be deployed on-premise and managed by the customer’s organization
Available bandwidth from on-premise to cloud must be sufficient for good performance
Datasource connection
As indicated in the schema above, TrendMiner’s Plant Integrations module will run on-premise and is responsible for the data transfer between the local data source(s) (e.g. a historian) and the TrendMiner SaaS environment. The Plant Integrations module uses data source SDKs (e.g. enterprise historians) to connect to each historian instance, and exposes access to read data over a REST-based API (HTTP or HTTPS).
TrendMiner always only accesses this connector, not the sources directly. This creates additional flexibility to manage access rights and network firewalls.
VPN Connection
To set up a secure connection between the customer’s network and the TrendMiner cloud environment, an IPSEC VPN tunnel needs to be established. TrendMiner will provide guidance on setting up this connection. A questionnaire will be forwarded to the IT specialists from the customer’s side to establish this connection.