Nowadays, more and more organizations are choosing a cloud solution, instead of an on-premise reporting & planning solution. The reason is that in general, cloud solutions offer organizations greater flexibility, scalability and cost savings compared to an on-premise solution, while still providing advanced security and compliance possibilities. The same concept also applies to CCH Tagetik.
CCH Tagetik is a corporate performance management application that brings financial and operational data together in a unified intelligent platform with predefined modules like:
- Financial closing and consolidation;
- Financial reporting;
- Budget, planning and forecasting;
- Disclosure management;
- Pillar 2 tax reporting;
Figure 1 - Tagetik Finance transformation platform
In all these modules the need for consuming and exchanging data with other transactional and reporting systems is obvious and crucial.
But how do you connect a CCH Tagetik application running in the cloud with another cloud application or with an on-premise database?
For a CCH Tagetik application that runs within your organizational domain, you need to choose the correct database connection. The choice of database connection depends on the specific needs of the application, the database management system, and the programming language used, but it is in general pretty straightforward.
For cloud applications, you go outside your organizational domain, and this automatically raises the question of preventing data from being exposed and potentially falling into the wrong hands.
There are several methods via which CCH Tagetik in the cloud can consume and expose data from and to external systems in a secure way:
- CCH Tagetik Data Loader (TDL);
- Secure File Transfer Protocol (SFTP);
- Representational Application Programming Interfaces (REST API) integration;
The first two options require the installation of additional software for setting up the connection between CCH Tagetik and the external application. The Tagetik Data Loader is software designed by CCH Tagetik that allows you to transfer data from and to CCH Tagetik. The Tagetik Data Loader is designed to be installed on-premise, on a server on the network domain where also the data is stored. It uses HTTPS as a transfer protocol which makes it possible to set up communication without the need to create an exception in your company's firewall. The second option (SFTP) is a widely accepted safe way of transferring files between remote systems. In SFTP all data transmissions, including the login credentials and file transfers are encrypted.
The third option is the most direct and “clean” one without the need for installing additional software. Via an API you can set up by-directional communication between applications on the web. It offers you the possibility to read, write and delete data from and to other systems. And last but not least, it avoids developers to build custom software to communicate between applications.
In REST API, the client sends a request to the server, which corresponds with a representation of the requested resource in a specific format, such as JSON, XML, or plain text. The server's response contains all the necessary information about the resource, including its state and metadata. This information can be used by the client to manipulate or update the resource as needed.
Figure 2 - Tagetik rest API
Until service pack 23 (version 5.3), CCH Tagetik can consume and expose data via OData (Open Data Protocol). Odata is a standardized protocol for creating and consuming RESTful APIs. Odata defines a set of conventions for building and exposing RESTful APIs. Odata is supported and used by several software applications, such as:
- Microsoft Dynamics 365;
- SAP NetWeaver Gateway;
- Salesforce Connect;
- IBM WebSphere;
- Apache Olingo;
OData generates a JSON file that the browser translates into XML. OData comes in different versions. CCH Tagetik can expose data in version 4 and consume data with version 2 and version 4.
Figure 3 - Tagetik cloud release planning
From Service pack 23, it’s also possible to consume data via RestFul API. This new feature even makes the connection possibilities broader, because now you can also connect to source systems that do not expose their data through Odata.
CCH Tagetik potentially can consume data via the built-in Extract-Transform-Load tool (ETL) in the financial workspace or via data source mapping in the analytical workspace. The financial workspace is a structured data model with a fixed setup of tables and dimensions. This workspace contains a predefined setup for calculations that can be performed on the data in the data model, for example, the financial consolidation model. The analytical workspace is a more customized data model in which you have complete freedom in the setup of tables (datasets) and analytical dimensions. The analytical workspace is equipped for handling large amounts of detailed data. So basically both workspaces serve their own goal and it’s the customer requirement that determines which workspace is most appropriate.
Figure 4 - Tagetik AIH data approach
For both options, you need to set up some parameters in the repository and the application to make the magic happen. Once this is taken care of, reading data via OData is just as simple as reading data via files or an internal database connection. The administrator that is responsible for designing the ETL or data-source mapping or the end-user that consumes the data do not notice any difference.
What do you need to enable to make this connection to external systems from the cloud?
First, you need to set up an endpoint. The endpoint is the component of the connection string where is defined where the service is located (Odata service URL) and via which authentication protocol this location is going to be reached. For authentication, there are 2 options:
- Basic Authentication;
- OAuth 2.0;
Figure 5 - Tagetik Authentication
There is a third option “no authentication” but I hope I don’t need to explain to you that this is not the way to go. The first one is the most simple choice, but the level of security is not very strong. OAuth 2.0 (Open Authorization 2.0) is a widely used authorization protocol. It works with an access token which is a unique identifier that the application can use to make requests to the service provider's server without requiring the user's credentials. It’s a much stronger solution in terms of security and makes single sign-on supported.
The second thing to do is to define the EntitySets that are available in the Odata Service URL. An EntitySet is a data container that has attributes that can be mapped against the staging tables fields in the ETL (financial workspace) or the dataset fields in the data source mapping (analytical workspace). In the definition of EntitySet, you can also add query options to limit the number of records in the query, like filters and/or sorting. In the query options, you can also use parameters (scenario, period, entity, …) to make the definition of the EntitySet dynamic in that respect that it adjusts itself depending on the content of the parameter.
Figure 6 - Tagetik oData protocol
From this point, the processing of the data is the same as it would be when other methods of data integration were used.
Finally, I want to point out a really useful tool when testing the connection via REST API called Postman. Postman is a powerful tool that can help you in testing the connection and the outcome of the connection before you incorporate the connection into CCH Tagetik.
I hope this document helps you understand data integration possibilities for the CCH Tagetik cloud application and gives you confidence that working in the cloud can be as safe and easy as working with an on-premise application.
Keen to know more?
Continue reading or contact us to get started: