Frequently Asked Questions

Do I need a license for Collibra Connect?

Yes. In order to use Collibra Connect, your license for the Collibra DGC has to support Collibra Connect.

Please reach out to your Collibra Customer Success representative or contact us at [email protected] to get more information on pricing and features on Collibra Connect license.

What are the current versions of Collibra Connect?

The current version is 2.0 for the Collibra DGC Connector running on Anypoint Mule ESB 4.1 with Java 1.8.

Collibra recommends Mule ESB 4.1 or newer.

Are there trainings provided?

Please contact your account executive and customer success manager for Collibra Connect specific training courses. For general Anypoint development, free and paid courses can be found here.

Is Collibra Connect Installed on the Same Server of Collibra DGC?

For non-production usage, assuming the server has enough storage (100 GB+) and memory (4 GB+) Collibra Connect can run on the same server as Collibra DGC. For production the recommendation is always to use separate servers.

What is the application server Collibra Connect runs on?

Collibra Connect runs on the Anypoint ESB Server, version 4.1 or newer. This is a java application server and can run on Linux, Unix, macOS and Windows based servers respectively.

How does Collibra Connect communicate with SaaS Systems such as Workday, ServiceNow and Salesforce.com ...?

Collibra Connect can leverage existing Anypoint Connectors for most common systems such as Workday, ServiceNow and Salesforce.com. For systems without existing connector, direct REST or SOAP API calls can also be made using out of the box web services consumer. Under the hood, the connector is using HTTPS to communicate to the system. Note that data encryption during transmission depends on the endpoint's API capability. Generally, message is encrypted and transmitted via HTTPS/SSL.

How does Collibra Connect communicate with on-premise Systems such as SAP and Oracle Financial etc.?

Collibra Connect can leverage existing Anypoint Connectors for most common systems such as Workday, ServiceNow and Salesforce.com. For systems without existing connector, direct REST or SOAP API calls can also be made using out of the box web services consumer. Under the hood, the connector is using HTTPS to communicate to the system. Java libraries based communication, JMS, FTP and JDBC etc. are also supported. Note that data encryption during transmission depends on the endpoint's API capability. Generally, message is encrypted and transmitted via HTTPS/SSL.

Is there any Intrusion Detection Mechanism in place?

Collibra Connect runs at the application server layer level, therefore, there is no intrusion detection mechanism out of the box since the detection is generally at the operating system and network level. It will not interfere with any network or operating system level mechanism.

How is patching performed? Is there Auto Update?

There is no auto update for Collibra Connect. Patches are delivered as jar or zip files, and can simply be dropped into directory.

What is the rollback process?

Collibra Connect applications can be un-deployed at any given time. For the integration process itself, if rollback capability is required, it must be designed and the built in.

How about authentication, authorization, access control and data security?

Collibra Connect is an integration platform, on top of which actual use-case specific integration applications can be deployed and run. Therefore, out of the box the platform simply comes with capabilities that support most common authentication protocols in use today, such as LDAP, OAuth, SAML and Webservices Security. However, no specific mechanism is turned on. Specific authentication and control will depend on the actual integration application running on Collibra Connect. Note that the integration is at system to system level, which may require a different mechanism than that for end user authentication, as dictated by the end system being connected to. For example, one does not "log into" Collibra Connect, but will build a Collibra Connect app to log into Workday, using a Workday API user which can be stored in encrypted format.

As a best practice, integration applications do not store data in transit, although data can still be stored, either on file or in database, by the integration application if the requirements call for persistence.

For sensitive information, such as username and password, these can be stored as encrypted using the Anypoint Credential Vault that comes with Collibra Connect.

Basic Auth backed by LDAP

One of the most common use cases, especially for the gateway, is to have Basic Auth backed by LDAP (for example for user control via Active Directory). To create a security provider for LDAP to work with Basic Auth, please follow the documentation on the MuleSoft website. Note the documentation is for Anypoint ESB 3.7 but it applies to newer versions as well.

What do I need to do when one of the applications I'm integrating with requires a secure (SSL) connection to self-signed certificate?

When connecting to a server that has a self-signed (not CA-verified) certificate, Collibra Connect may throw an exception with the message: "unable to find valid certification path to requested target".

For Mule runtime 3.8.0 and higher, simply check the "insecure" attribute in TLS configuration for the HTTP requester connector:

For Mule runtime version 3.7.x, the insecure certificates should be imported into a custom truststore and the configuration should include the truststore information.

Alternatively, adding the certificate to the default Java truststore used by Collibra Connect can work as well but note that this change will be at the operating system level.

  1. Get the certificate from the server.
  2. Import the certificate to the truststore of the Java that is used by the Collibra Connect (example below):
    keytool -keystore "c:\Program Files\Java\jdk1.7.0_75\jre\lib\security\cacerts" \
    -importcert -alias specifyTheAliasHere -file theCertificate.cer
  3. Verify that the certificate was installed:
    1. keytool -keystore \
      "c:\Program Files\Java\jdk1.7.0_75\jre\lib\security\cacerts" -list
    2. Look for the alias that was specified for the certificate

If necessary, it is also possible to specify a different truststore using the standard Java mechanism. This can be done by providing the path to the given truststore with the "javax.net.ssl.trustStore" startup parameter.

Example:

-Djavax.net.ssl.trustStore="d:\Java 7 JDK\jre\lib\security\cacerts"

How do I check which version of the Collibra DGC Connector is used?

When working in Anypoint Studio, go to Help Installation Details and look for CollibraDGC Connector entry.

You can also see the version of used connector in the log file. It is logged when the server is started. You should see a message similar to the one provided below:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ DevKit Extensions (1) used in this application
CollibraDGC 1.1.0 (DevKit +
+ 3.6.0 Build UNNAMED.2363.ef5c8a7)+
+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

What if I need to go through a proxy server in order to connect to Collibra DGC from Collibra Connect?

Open the configuration of given connector and go to Advanced Settings tab. Fill the fields with necessary proxy server information.

For more details, see Configuring Collibra Connect to connect to a proxied Collibra DGC.

This feature is available since Collibra DGC Connector version 1.1.0.

How can I know which REST calls are made by the Collibra DGC Connector during execution of given integration flow?

You can define a java system property com.collibra.dgc.rest.client.debug=true and restart the server. All calls made with the use of Collibra DGC Connector will be logged. You can find this property described also in the documentation of the connector or you can see detailed description on this page. Please remember that this setting should not be used in production environment. To add this setting, either use runtime argument for the JVM:

Or as environment variables for the application:

This feature is available since Collibra DGC Connectorversion 1.1.0.

How can I set verbose exception stacktrace?

In your runtime argument for the Java VM, add this: -Dmule.verbose.exceptions=true

How can I see the actual HTTP call message data?

Collibra Connect logging is built on the open-source Apache Log4j2 framework. More details about the logging capability can be found in standard logging documentation. For HTTP calls, in order to see the actual messages sent and received, turn the log level to DEBUG in the log4j2.xml configuration file for the following class and package: org.mule.module.http.internal.HttpMessageLogger, com.ning.http.client.providers.grizzly.

This feature is available only for calls made via the Anypoint HTTP connector, including Web Services Consumer, but not for other connectors.