How Gtmhub connects to your data source
Gtmhub enables you to fully automate your Key Results and KPIs by gathering data from external data sources. You can connect to over 150 business systems and databases, some of which are SaaS-based, others hosted on-premises.
When connecting to SaaS-based solutions, you authorize Gtmhub to sync data on your behalf, involving OAuth 2.0 authorization flow and HTTPS TLS > 1.2 encryption for the data during transmission.
When connecting to an on-premise data source, these resources are usually behind a firewall, thus you must enable Gtmhub to access them.
Whitelisting the Gtmhub IPs
When you integrate Gtmhub with your on-premises data source, we will make platform-specific API requests to fetch the data. In order for our data sync nodes to establish a successful connection to your data source, you must whitelist the IP range assigned to these data sync machines.
EU data center
If your account is hosted in our European data center (your account URL is something like this: https://accountname.gtmhub.com) you must configure your firewall to allow inbound traffic to your data sources for the following IPs:
- 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199
- or CIDR range: 188.8.131.52/29
US data center
If your account is hosted in our US data center (your account URL is something like this: https://accountname.us.gtmhub.com) you must configure your firewall to allow inbound traffic to your data sources for the following IPs:
- 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168
- or CIDR range: 22.214.171.124/29
Which ports do I whitelist
When you whitelist the above IPs, it is a good practice to allow traffic on specific ports only. Depending on the data source you are connecting to, and your specific internal setup, you must whitelist the port that your data source is accessible on. As a rule of thumb:
- All data sources that expose REST APIs (e.g. Jira Server/DC) - port 443, or the custom port on which you host the system.
- Databases (e.g. PostgreSQL, MS SQL) - each database specific port, depending on the DB server. For example, the default port for connecting to a PostgreSQL instance is port 5432.
Secure connections via tunnel
Usually, the specific application protocol provides encryption of the data in transit. When this is not the case, network tunneling usually comes into play. To find out the details you need to share with your IT administrator in order to establish access from Gtmhub to databases or business services behind a firewall using an encrypted tunnel use our article on Database secure tunnel connection.