Workato's on-premise agent (OPA) provides a secure way for Workato to selectively access customer-authorized on-prem apps, databases, and folders without having to open inbound ports in the corporate firewall. See Workato's article, On-prem Connectivity.
Workato's on-prem connectivity has two core components:
- Tunneling
- Database, file system, and application access.
The OPA runs within the user's server, typically behind a firewall, and establishes a TLS WebSocket tunnel to connect out to Workato.
Since the OPA is within the same network as systems behind the firewall, it can safely access them and act as the agent to communicate securely with Workato.
OPA High Availability architecture
OPAs can also be installed into logical groups to achieve High Availability and Load Balancing capabilities. These logical groups are called On-prem groups. See Workato's article, On-prem Group.
OPA secure connection
The OPA makes an outbound connection to the Workato cloud's on-premise gateways using a small number of hostnames/IP addresses.
Hostname |
IP Addresses |
TCP port |
Notes |
sg1.workato.com |
50.16.101.13 54.84.241.116 34.237.50.149 |
443 |
|
sg1.eu.workato.com |
18.193.100.169 3.65.178.110 18.198.138.101 |
443 |
For customers accessing Workato in the EU data center. See Workato's article, European Union data center. |
sg2.workato.com |
34.204.129.29 34.228.172.35 54.83.143.113 |
443 |
|
sg2.eu.workato.com |
52.57.169.138 3.65.171.53 54.93.132.62 |
443 |
For customers accessing Workato in the EU data center. See Workato's article, European Union data center. |
sg.workato.com |
34.192.94.13 34.195.128.7 34.226.84.130 |
443 |
|
N/A |
52.206.58.244 |
443 |
Deprecated 28 March 2018, not used in recent OPA versions. See Workato's article, OPA versions. |
If your organization has strict outbound traffic rules, you'll need to whitelist the OPA's access to the Workato cloud.
IP Addresses
Firewall whitelists should allow outbound TCP connections from the OPA to port 443 on each address listed in this article.
DNS resolution of hostnames
Some organizations also restrict DNS hostname resolution from the machines/networks where the OPA might run. In that case, you should ensure that the machine where OPA will be running can resolve the relevant hostnames above to their corresponding IP addresses.
OPA installation
Supported operating systems (OS)
The OPA runs on:
- Linux (64-bit)
- Windows 7, 10 (64-bit)
- Mac OS X
- Windows Server 2008 and newer (before OPA v2.8.0) See Workato's v2.8 version notes, v2.8.
- Windows Server 2012 R2 and newer (OPA v2.8.0 onwards) See Workato's v2.8 version notes, v2.8.
The minimum hardware requirements are:
- 8 GB of RAM
- 250 MB of disk space
- 800 Mhz 64-bit CPU (Intel/AMD).
Learn how to set up the OPA for each OS by reading Workato's article, Setting up On-prem Agent.
Applaud will help you create the On-premise groups and generate the agent binaries/keys. Once you have created the on-premise groups and downloaded the binaries, follow the agent installation documentation, Workato OPA installation.
OPA and internal network diagram
The latest version of the Agent
Applaud support will update you on the release of new agents from Workato. You can monitor this article for any new releases and updates, OPA Versions.