1.1 Understanding the Benefits of Cloud Bridge

Cloud Bridge simplifies and secures communication between SaaS applications, such as Identity Governance as a Service or Advanced Authentication as a Service, and on-premises identity sources and applications, such as Active Directory or Identity Manager. The Cloud Bridge Agent communicates with the SaaS applications through a secure messaging service outside the corporate firewall. This messaging service is adaptable for various workloads and provides guaranteed delivery of messages. No VPN is needed and all Cloud Bridge Agent connections are outbound connections to a well-defined port. Data is protected both in transit and at rest.

In a common scenario, you might have both on-premises and SaaS products interacting with Cloud Bridge. You have both on-premises NetIQ Identity Manager and SaaS licenses for Advanced Authentication and Identity Governance. Your employees need to log in to their SaaS accounts as well as their on-premises applications. Your employees are authenticated through the Advanced Authentication SaaS service, which communicates with on-premises identity sources through a Cloud Bridge messaging layer.

After your Cloud Bridge Agent is installed and running in your on-premises environment, it begins sending heartbeat messages. The OpenText SaaS operations team sets up the necessary data protection features and monitors the health of your installed Agent.

The credential management feature in the Cloud Bridge Agent ensures that the credentials for a target data source never leave your network. The Agent associates the credentials with the service configuration on demand.

High availability capabilities in Cloud Bridge 1.9.0 or later also help you meet your organizational goals for operational performance. After you configure your environment to specify your preferred sites and CBA instances, when a planned or unplanned shutdown takes place, failover to the specified CBA site and instance occurs automatically and with minimal service interruption. As part of the failover process, the Cloud Bridge Client loads active service configurations previously used by the primary CBA instance into a new target CBA instance, enabling consuming applications to quickly resume their collection, provisioning, and other activities.

The high availability architecture means that more instances of the CBA simply require you to run additional CBA containers without any orchestration software or databases needed. You can set up as many failover instances as your organization requires, and all CBA instances can be in an active state concurrently. Not only do CBA administrators have the ability to view each CBA’s instance configuration and the current target CBA instance, but the SaaS operations team also monitors your CBA instances. For more information about planning for high availability, see Planning for High Availability.