Skip to main content

On-Prem Agent

The On-Prem Agent lets you connect your instances to resources that are not accessible from the public internet. This is useful when you or your customers have databases, file storage systems, or other services that reside on a private network behind a firewall.

Feature Availability

The on-prem feature is available to customers on specific pricing plans. Refer to your pricing plan or contract, or contact the Prismatic support team to learn more.

How the on-prem agent works

The on-prem agent is a lightweight Docker container that you or your customer can install on your own infrastructure. When the Docker container is started, it establishes a secure mutual TLS (mTLS) connection to an on-prem service running within the Prismatic platform and thereafter maintains a persistent connection with Prismatic. When an instance of your integration is deployed, your customer can select the OPA as the connection method.

When an on-prem connection is used in the instance, the instance communicates with the OPA on the private network using the established connection, which in turn communicates with your resource on the private network.

Data sent from the instance to the OPA through the on-prem service is encrypted using mTLS, and data is transmitted on OSI Layer 4 (transport layer). This allows you to send both HTTP and non-HTTP traffic through the OPA.

No inbound ports need to be opened

Note that the on-prem agent initiates the connection to the Prismatic platform, so you do not need to open any inbound ports on your firewall. The on-prem agent only needs to be able to make outbound connections to the Prismatic platform on ports 22 and 443:

  • The agent will connect on port 22 to onprem.prismatic.io (or onprem.<YOUR DOMAIN> for other regions or white-label domains) to create a persistent connection. For example, onprem.eu-west-1.prismatic.io for the Europe (Ireland) region, or onprem.integrations.example.com for a white-labeled domain.
  • The agent will also connect on port 443 to app.prismatic.io (or your region or white-labeled domain) for authentication and configuration data.

Connectors with on-prem support

The following built-in connectors support on-prem connections:

Next steps