Something Digital - magento

Securely Connecting Magento BI to Magento On-Premise 

Magento BI (“Business Intelligence”) is an analytics platform which aggregates data from various sources to create beautiful and actionable dashboards and reports. If you’d like to learn more about what Magento BI is and does check out our blog post “Magento BI and why you need it”.

In this blog post, we’ll look at what’s involved with connecting Magento BI to Magento from a technical standpoint, and how to do so in the most secure manner possible.

How Magento BI Connects to Magento

Per Magento’s official documentation, Magento BI connects to Magento through a MySQL connection. You’ll also see that an SSH tunnel is recommended for the connection. We agree with this recommendation as it ensures that the connection is encrypted and allows you to keep port 3306 completely closed from public access.

Securely Setting Up the Connection via an SSH Tunnel

When setting up the connection between Magento BI and Magento the principle of least privilege should be followed. In other words, Magento BI should be given the minimum level of access required on the Magento system to function.

Magento also provides documentation on setting up the connection via an SSH tunnel which follows this principle well. A few important things to call out:

  • A dedicated Linux user should be set up for Magento BI.
    • We recommend using a restricted shell as documented here.
  • A dedicated MySQL user should be created.
    • The user should not be given write access to the database as documented here.
    • Access should also be limited only to the required tables (e.g. the connection does not need access to the admin_user table).

 

Additionally, in an environment using master / slave replication, Magento BI should be configured to connect to the read slave, not the master.

Magento Commerce Cloud

If you are using Magento Commerce Cloud the process differs and is documented here.

Written by: Max Chadwick, Technical Lead