Direct connections depend on Foundry's container infrastructure which is only available in Foundry's managed SaaS platform. As a result, cloud-based direct connections may not be available in your environment.
If you are trying to connect to a data source which is accessible over the Internet, such as a REST API, an SFTP server, or an Azure storage account, you can configure a direct connection to avoid needing to set up an agent. Using a direct connection has a number of advantages:
If you are interested in configuring a cloud-based direct connection, follow these steps:
Currently, network egress between Palantir's managed SaaS platform and external domains is subject to an allowlist. To enable egress to a domain you wish to connect to, contact your Palantir representative with the following details:
Palantir will review your request and set up egress appropriately.
We are actively working on enabling self-service egress creation, removing the need to contact your Palantir representative.
You must have the Information security officer role on your Enrollment to configure network egress. If you do not have permissions to configure egress, contact your Palantir representative for help.
The Information security officer role can be found in the Enrollment permissions section of the Control Panel. An administrator needs to have the Enrollment administrator role in order to see this section.
To configure a network policy, navigate to Control Panel using the Other workspaces link in the Workspace sidebar. In Control Panel, select Network egress in the sidebar. If you can't see this option, contact your Palantir representative to go through the following steps.
Add a network policy by selecting Add network policy. Add a description and connection details, similar to the details you provided when contacting Palantir:
Keep the default Optional policy type selection, and select Add network policy.
In the majority of cases, Foundry will require authorized credentials (such as a username and password) to access Sources. It is best practice to use a service account specifically for Foundry.
Provision a service account for the Source following any internal guidelines and processes that your organization has for establishing service accounts. Note the credentials before proceeding to the next step.
Once the above steps are done, you can proceed with creating the Source in Data Connection:
Next, name your Source and choose a Project to place it in. We generally recommend creating a new Project for each Source, as this provides the cleanest way to permission datasets derived from this Source. Consult the Source permission best practices for more information. Full guidance for how to structure data pipelines end-to-end in Foundry is available in the recommended Project structure documentation.
Select Create source and continue in the bottom right.
On the next page, select the network policy you configured earlier by clicking Use existing policy and searching for the policy name.
Add details about how to connect to your source. These details will depend on the source type you are using and typically consist of basic credentials such as connection URLs, cloud provider regions, and so on.
JDBC sources may require adding and selecting drivers required to connect to your source. Although many drivers ship out-of-the-box with Foundry, you may need to upload and select a driver to proceed.
Add the credentials you provisioned previously to allow the direct connection to connect to your data.
Select Save in the bottom right to complete setting up your direct connection. Once your Source is fully set up, you can proceed to set up a Sync to bring data into Foundry.