Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This page outlines Step 4 of Deploying CinchyDXD: Updating the Data Experience
This page outlines Step 5 of Deploying CinchyDXD: Repackaging the Data Experience
This page outlines Step 6 of Deploying CinchyDXD: Reinstalling the Data Experience
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This page provides a brief overview of Data Collaboration
You are currently browsing the Cinchy v5.6 platform documentation. For documentation pertaining to other versions of the platform, please navigate to the relevant space(s) via the drop down menu in the upper left of the page.
Dataware is the emergence of a common group of technologies that solve data related problems across many business use cases. One of the most exciting new categories within this group is Data Collaboration.
Data Collaboration solves the costly, time-consuming, and ineffective integration processes born from silo-ing your data in a traditional app-centric environment. Instead of your data serving your applications, data collaboration refocuses and pivots to a model where your data is at the forefront and is being served by your apps (Image 1).
Harnessing this power, Cinchy connects unlimited data sources within a networked architecture, offering persistent delivery of real-time solutions, without complex integrations. And the more data you connect into your data network, the more powerful your processes can be.
When a new IT project is green-lit, you often pay a hefty fine called the integration tax where you're continuously building new integrations between applications, just to reuse data that is already available in your systems.
Over time, this never-ending cycle of copying data between fragmented apps gets more complex, resulting in delayed launches, budget overruns, and “shadow IT” projects.
This process of making copies now consumes up to 50% of the resources on large IT projects, and it's the reason that delivery often takes months, sometimes years, and costs millions (Image 2).
How can this be fixed?
With data collaboration, you shift your approach from integration for data sharing, to access for data collaboration (Image 3).
For every app you build where you leverage data collaboration, you’re able to access the network to reuse information for future apps. Your IT team will find that previous projects have already connected many of the data sources they need to the network.
Cinchy's data collaboration platform does for application development what the power grid does for individual buildings. In the same way that buildings no longer need to generate their own power thanks to the power grid, with a data collaboration platform applications no longer need to manage, integrate, and protect their own data (Image 4).
Organizations can build data collaboration applications in half the time, while enabling effortless and copyless data sharing across applications. Using Cinchy is unique in that it eliminates the "integration tax" that today consumes half of most enterprise IT budgets -- that is to say, data collaboration makes integration obsolete (Image 5).
Now, instead of connecting apps to gain access to data through costly point-to-point integration, your apps serve your data by leveraging and connecting it all together via Cinchy. In this way, you can still gain the best usage out of your apps through zero-copy integration while avoiding the disadvantages of data silo-ing. You have both full access to and full control of your data (Image 6).
Simply putting pipes between data silos, and centralizing a few housekeeping tasks, is not data collaboration. What that's actually doing is leading you down a path of managing endless copies. True data collaboration not only connects your data but upgrades it as part of an interconnected, autonomous network.
Autonomous data exists independently of any application. It is self-controlled, self-protected, and self-describing. This creates a number of benefits compared to traditional app-dependent data, including the ability to simplify cross-application usage and reporting. And when you use autonomous data in an interconnected network, wherein individual contributors maintain their roles and priorities as they apply their unique skills and leadership autonomy in a problem solving process, you get: Collaborative Autonomy.
Collaborative Autonomy is thus the principle underpinning Collaborative Intelligence, the entire basis of Dataware and Cinchy.
Individuals are not homogenized, as in consensus-driven processes, nor equalized through quantitative data processing, as in collective intelligence. Consensus is not required. Problem resolution is achieved through systematic convergence toward coherent results. Collaborative intelligence relies on the principle of collaborative autonomy to overcome “the consensus barrier” and succeed where other methods have failed.
One of the most significant advantages of dataware is the ease with which data owners can set universal data access controls at the cellular level, and automate data quality (Data Governance) with a “golden record” of data.
In effect, it is removing the need to maintain access controls within individual apps and centralizing these functions in an incredibly efficient way.
Compare this with designing and maintaining controls within thousands of apps and systems independently. It’s not only incredibly challenging and costly, but virtually impossible to maintain consistency (Image 7).
Dataware is a game changer for IT delivery: it produces network effects, where each new solution actually speeds up delivery times and reduces costs
Network-based designs scale beautifully and become more efficient as they expand. Consider the human brain; its neuroplasticity helps it learn more as it grows. The more interconnected it gets, the better. The neural pathways are reorganizing themselves such that the fewer connections, the higher the intelligence, because information is more efficient to operationalize.
It's the same with dataware. The more you connect your data, the harder and better it works. It's the ability to have the platform take care of your whole data journey and transformation. You don't have to manage the changes of all your applications, regression testing, the QA you have to go through, etc.
And it's also your time machine - you can have applications based on different points in time of your data, and it's all done through network-based design.
Now that you know how efficient and secure things can be there is no going back.
Let's build the connected future, together.
This page contains the release notes for version 5.4 of the Cinchy platform.
Version 5.4 of the platform was released on January 18th, 2023.
For instructions on how to upgrade to the latest version of Cinchy, see here.
Customize the appearance of your Form text with our new rich text editing capabilities. Enabling this on your text columns will give you access to exciting new formatting options previously unavailable in Forms such as:
Bold, Italic, Underlined text
Checklists
Headers
Hyperlinks
etc.
For more information on how to make a visual impact with our new rich text editing capabilities, please review the documentation here.
A GUID is a globally unique identifier, formatted as a 128-bit text string, that represents a unique ID. All Cinchy Tables and Columns have a GUID.
You now have the ability to display and edit table and column GUIDs within the Design Table screen.
This feature is particularly useful when deploying between Cinchy instances.
For example, in a model deployment, you must have matching GUIDs on your columns in order for them to properly load between environment A and environment B. There might be times when these GUIDs don’t automatically match, however, such as if you manually added a new column to environment B and also manually added it to environment A.
In this case, the two columns would have different GUIDs, and the model deployment would fail. With this new capability, however, you can match up conflicting GUIDs to properly load your model.
Version 5.4 of the Cinchy platform introduces data polling, which uses the Cinchy Event Listener to continuously monitor and sync data entries from your SQLServer or DB2 server into your Cinchy table. This capability makes data polling a much easier, effective, and streamlined process and avoids implementing the complex orchestration logic that was previous necessary to capture frequently changing data.
You can read more about setting up Data Polling here.
A mandatory database upgrade script was introduced in v5.2 that increased the number of possible Cinchy IDs that can be generated (read the releases note here). To streamline this process further, we have created a utility to deploy the changes. This should save you valuable time and resources when performing the upgrade, even on large databases.
For more information on the utility, please review the documentation here.
For new environments (or if your setting was previously left blank), we have changed the Cinchy default session timeout from 30 minutes to 7 days. This will keep you logged in and working without interruptions. You can further change or revert this session timeout value in your appsettings.
In an IIS deployment, you can find the value in your CinchySSO > appsettings.json
In a Kubernetes deployment, you can find the value in your deployment.json file.
We have upgraded our application components to .NET 6.0 to ensure official Microsoft support for another 2 years. See the documentation here for more on .NET 6.
Becauses of the .NET update, if you are upgrading to 5.4+ on an SQL Server Database you will need to make a change to your connectionString. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
In an IIS Deployment you must update your connectionString in your Cinchy SSO and Cinchy appsettings.
In a Kubernetes deployment you must update your connectionString in your deployment.json.
We have added a silent refresh to the Connections experience to keep your session active while you're on the UI and to keep you working without interruptions.
Real time data sync will now continue to retry if an "Out of Memory Exception" is thrown, avoiding unnecessary downtime.
You now have the ability to choose between Debian or Alpine based Docker images when using a Kubernetes deployment of the Cinchy platform to be able to connect to a DB2 data source in Connections.
When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
Alpine: "5.x.x"
Debian: "5.x.x-debian"
You now have the option to update the default passwords for Grafana and Opensearch in a Kubernetes deployment by configuring your deployment.json file. See here for instructions on updating Grafana and here for Opensearch.
We have increased the average throughput for CDC subscriptions returning the Cinchy ID, so that it will now be able to process a greater number of events per second. Being able to reliably exceed 1000 events per second, based on the average use case, means that you can leverage the CDC capability for more demanding use cases.
Prior to this release, the Files API could only handle files up to 100mb. We have now upped the maximum default file size to 1GB and have added a configurable property to allow you to set your own upload size should you wish.
In an IIS deployment, you can find the value in your Cinchy > appsettings.json
In a Kubernetes deployment, you can find the value in your deployment.json file.
Note: When choosing your maximum upload size, keep in mind that very large files may slow down your database if you are using local storage.
We have fixed an error that occurred when attempting a data sync with conflicting target and source data types in link columns, where the error message would read: Value must be specified from the available options
We have fixed an issue that was preventing new Connection jobs from starting when a previous job got stuck.
We have fixed an issue where data syncs would fail if your sync key used a Target Column with a Link Column property that is different from the Primary Linked Column in the table definition.
We have fixed a bug that was impacting write performance to tables on PostgreSQL with Data Change Notifications enabled.
We have fixed a "cell entitlements failed" error on Forms that would occur if a Form column contained a single quote in the column name.
We have fixed an issue on Forms where adding a [Created By] or [Modified By] field would return an error.
The /healthcheck no longer redirects to the initialization screen during a Cinchy startup, allowing you to properly hit the endpoint.
This page captures the release notes for Cinchy version 5.2
Version 5.2 of the platform was released on September 16th, 2022.
For instructions on how to upgrade to the latest version of Cinchy, see here.
We have increased the number of possible Cinchy IDs that can be generated. This in turn allows the creation of more records within one table, so that you can create and manage larger data sets.
Previous Limit: 2,147,483,647 (2^31-1) Cinchy IDs per table
Updated Limit: 9,223,372,036,854,775,807 (2^63-1) Cinchy IDs per table
For backward compatibility with your database, you will need to manually run the below script against your TSQL or PGSQL databases. For instructions on how to run this upgrade, see the documentation here.
WARNING: This script is REQUIRED when upgrading from v5.1 or lower to v5.2 or higher, otherwise your platform will break.
We have expanded our Connections capabilities to support binary file types as a data source. Review the documentation here for more information.
We have improved the Connections experience by now making it optional to input a username or password when starting a batch sync job. This field can now be left blank if you want to run the job as the currently logged in user.
We have added new optimizations and quicker processing of Kafka messages for real time data syncs in Connections.
For added security, any logged password or sensitive parameters from the request details of a SOAP connector data sync is now redacted in the logs.
Dead messages in the event listener are now written out to the execution errors table for easy collection and querying.
The Connections experience now supports sourcing file based data sources from Azure Blob Storage and Amazon S3.
You now have the option to free up database space by using S3 compatible or Azure Blob Storage for file storage. This is configured in your deployment.json for Kubernetes installations and the appsettings.json in an IIS deployment.
If you are upgrading from an earlier v5 version, you can update your previous configuration to take advantage of this. For further instructions, review the documentation here.
You are now able to run an erasure maintenance job on records that link to the Files table to delete the underlying referenced file.
We have made improvements to the Files API to avoid cache build up and optimize the API.
General security fixes and updates.
We have added anonymous API access to GraphQL, no token required.
We have added write operations to our GraphQL beta, meaning that you can now insert and modify data.
We have fixed a UI instability bug that resulted in the inability to resize view panes in the query designer and difficulty in selecting any cell in the first row of a table. This bug was affecting Chromium users (Google Chrome, Brave, Microsoft Edge, etc.) who had recently updated their internet browsers.
We have fixed a bug that caused the “Created” column to incorrectly display as the last approved date of the column instead of the column created date.
You can now add/remove a column from a table that has a columnar index without needing to remove said index entirely. We have also fixed a bug that prevented users from reapplying their columnar index to a table once it had been removed.
We have fixed an issue where an “Unsupported Function Call” error was raised in certain situations when using the REPLACE function in conditional calculated columns in Connections.
We have fixed a bug that caused unnecessary updates to the Users table when a user’s Language and Region was not set.
We have fixed a bug that was causing some GUID calculated columns to appear as blank, such as in the Integrated Clients table. If you are experiencing this bug, a manual update on the affected rows, either through the UI or through an UPDATE query, will resolve it.
We have fixed an issue where the '&' in links was sometimes showing up as 'amp&' in the table view instead. This fix will only appear for customers on Postgres/Microsoft SQL servers 2017 or higher.
We have fixed an issue where certain Update statements on multi-select link columns were failing to properly update with the link values specified. This bug was affecting statement with long strings done via the API.
We have fixed a bug that was causing the Event Listener to pick up and process messages from deleted configs from the LIstener Configs table.
We have fixed a bug that was causing an InvalidOperationException when executing a POST request to a Saved Query API.
We have fixed a bug that was throwing errors on reconciliation when Data Syncs compared Text Conditional Calculated Columns to Links (PGSQL).
FOR JSON PATH now works as expected in Postgres deployments.
This page contains the release notes for Cinchy version 5.0
Cinchy on Kubernetes: We have added the ability for deploying Cinchy v5 on the Kubernetes system. Kubernetes is an open-source system that manages and automates the full lifecycle of container-based applications. You now have the ability to deploy Cinchy v5 on Kubernetes, and with it comes a myriad of features that help to simplify your deployment and enhance your scaling. Kubernetes can maximize your container capacity and easily scale up/down with your current operations.
Fluentbit, Opensearch: Available to those who deploy on Kubernetes, Fluentbit collects logs which are then displayed through the Opensearch visual dashboard, for all pods that write to stdout. This streamlines your search for information by putting the control into your hands and compiling your logs in one easy to access place — you can now easily write a query against all of your logs, in all of your environments. You will have access to a default configuration out of the box, but you can also customize your dashboards as well.
Grafana and Prometheus: With the Kubernetes addition, you now have access to Prometheus to collect your metrics. Prometheus records real-time metrics in a time series database used for event monitoring and alerting. You can then create custom dashboards through Grafana to display your data in an easy to use visual that makes reporting on your metrics easy, and even set up push alerts based on your custom needs.
PostgreSQL: You now have the option to deploy Cinchy on PostgreSQL, an open source alternative to the Microsoft SQL Server that can save you the cost of licensing fees. It is standards-compliant, reliable, highly programmable, and allows for concurrency. Utilizing this deployment makes Cinchy more affordable and scalable. We recommend Amazon Aurora for AWS users.
Kafka: Kafka is an open-source event streaming platform. This is designed to act as the middleware that allows for messaging between components through a queuing mechanism.
Redis: Redis is currently being used to facilitate a distributed lock using RedLock, which guarantees lock synchronizations across Cinchy instances. It is also a storage location for the execution output when running batch data syncs.
All components have been transitioned from Log4Net to Serilog.
The BuildIdentifier property from the appsettings.json will now appear in the healthcheck endpoint at the root level of the json payload, with a key of “buildidentifier”.
Elmah was removed from the platform.
Refactored hidden passwords in initialization.
Added the ability to ingest S3 Datasources for delimited or parquet files.
Improved performance of the Connection UI when there is a large (250+) number of columns/mappings.
Optimization of bulk upsert performance.
Added the following UI optimizations for handling large tables: default views set to collapsed, page size limited to 1k records, and added a button for getting the row count. Added the ability for Connections to read/write error files to S3 when an S3 bucket is specified.
Added accessibility fixes.
We have added support for PUT, PATCH, and DELETE in UDF Extensions in addition to GET/POST.
You are able to override a Kafka topic within the appsettings for Connections, the Worker, and the Event Listener.
We have added support for the INSERT INTO SELECT statement, which copies data from one table and inserts it into another table. Click here for more information on INSERT INTO SELECT.
When using Postgres, the SELECT @cinchy_row_id function will fail in queries. Instead, use the OUTPUT clause with INSERT, UPDATE, DELETE. Click here for more information on OUTPUT.
We have added support for the TRUNCATE TABLE statement, which removes all rows from a table, without logging the individual row deletions. Click here for more information on TRUNCATE TABLE. (Please note that we do not support the "With Partitions" argument.)
Fixed an issue where two users approving data could cause the row to become corrupted.
Addressed a memory leak in query translation issue through the creation of a background task that removes expired objects from the cache.
Fixed an issue where updating the formula of a non-cached calculated column wouldn’t reflect properly in the Table Columns table.
Addressed an issue where changing a field in a table with multi-select links results in the removal of the field value from the version history.
Fixed an API issue when updating UDF columns.
Fixed an issue where numeric calculated columns that resolved off of a link column's numeric display column wouldn't work.
Enablement of Content-Type headers to be added for REST API data syncs during GET requests.
Added frame-ancestors to the UI to prevent UI redress attacks.
Implemented HSTS headers for when HTTPS is enabled on Cinchy.
This page outlines the various changes made to the Cinchy platform in version 5.6
Cinchy version 5.6 was released on May 31st, 2023.
For instructions on how to upgrade your platform to the latest version, please review the documentation here.
When upgrading to Cinchy v5.6, there are mandatory changes that must be made within your platform appsettings files. For an IIS deployment this involves making manual updates to your appsetting.json files. For a Kubernetes deployment, the changes will reconcile automatically if you are deploying the new 5.6 template. If you are not deploying the new template, please reach out to the Support team. For instructions on how to upgrade your platform to the latest version, please review the documentation here.
If you are planning to update your platform to 5.6 on a Kubernetes deployment, please note that you will also need to update your AWS EKS Kubernetes version to 1.24.
The Kubernetes project runs a community-owned image registry called registry.k8s.io in which to host its container images. On April 3rd, 2023, the registry k8s.gcr.io was deprecated and no further images for Kubernetes and related subprojects are being pushed to this location.
Instead, there is a new registry: registry.k8s.io.
New Cinchy Deployments: this change will be automatically reflected in your installation.
For Current Cinchy Deployments: please follow the instructions outlined in the upgrade guide to ensure your components are pointed to the correct image repo.
You can review the full details on this change on the Kubernetes blog.
To continuously improve our Connections experience, we have made changes to the Sync Behaviours tab for Full-File data syncs.
Record behaviour is now presented via radio buttons so that you can see and select options quicker and easier than ever before.
We have added a new "Conditional" option for Changed Record Behaviours. When Conditional is selected, you will be able to define the conditions upon which an Update should occur. For instance, you can set your condition such that an update will only occur when a "Status" column is changed to "Red", otherwise it will ignore the changed record. This new feature provides more granularity on the type of data being synced into your destination and allows for more detailed use cases. For more information on this new function please review the documentation here.
We have added support AWS EKS EBS volume encryption for customers wishing to take advantage of industry-standard AES-256 data encryption without having to build, maintain, and secure their own key management infrastructure.
By default, the EKS worker nodes will have a gp3 storage class for new deployments. If you are already running a Cinchy environment: make sure to keep your eks_persistent_apps_storage_class to gp2 within the devops automation aws.json file.
If you want to move to gp3 storage or gp3 storage and volume encryption: you will have to delete the existing volumes/pvc's for Kafka, Redis, Opensearch, Logging Operator and Event Listener with StatefulSets so that ArgoCD can recreate the proper resources.
Should your Kafka cluster pods not come back online after deleting the existing volumes/pvc's, restart the Kafka operators. You can verify the change by running the below command:
Miscellaneous security fixes.
General CDC performance optimizations.
Continuing to increase our data sync capabilities and features, you can now use @CinchyID as a parameter in post sync scripts when the source is from a Cinchy Event (such as the Event Broker, the Event Triggered REST API, and the Event Triggered MongoDB sources). This means that you can now design post sync scripts that take advantage of the unique CinchyID value of your records.
To better communicate the relationship between the Source and any required Listener Configurations, we have added additional help text to event-based sources to the Source step of a connection. This help text will help better elucidate when a listener configuration is required as part of the sync.
We have expanded on our Cinchy Event Triggered data sync source features (REST API and MongoDB), allowing you more freedom to utilize your data. You now have the ability to reference attributes of the CDC Event in your calculated columns. (Note that syncs making use of this must limit their batch size to 1.)
To better enable your business security and permission-based needs, you are now able to run the Connections pod under a service account that uses an AWS IAM (Identity and Access Management) role, which is an IAM identity that you can create to have specific permissions and access to your AWS resources. To set up an AWS IAM role for use in Connections, please review the documentation here.
To make troubleshooting easier, Connections Builders are now able to download batch sync logs directly from the Experience UI. This prevents the need to have to either wait for logs to appear in Opensearch or relying on an administrator/support to provide logs
You are also able to use AWS IAM roles when syncing S3 file or DynamoDB sources in Connections. For more information, please review the "Auth Type" field in the relevant data sync source pages.
To increase your data sync security and streamline authentication, we have added support for the use of x.509 certificate authentication for MongoDB Collection Sources, MongoDB (Cinchy Event Triggered) Sources, and MongoDB Targets. This new feature can be accessed directly from the Connections UI when configuring your data sync. For more information, please review the configuration pages for MongoDB Collection Source, MongoDB (Cinchy Event Triggered) Source, and MongoDB Targets.
Tip: Click on the below image to enlarge it.
We have fixed a bug that was causing bearer token authenticated APIs to stop working on insecure HTTP Cinchy environments.
We have fixed an issue relating to the .NET 6 upgrade that was causing the Event Listener and Worker to not start as a service on IIS in v5.4+ deployments.
We have fixed a “Column doesn’t exist” error that could occur in Postgres deployments when incrementing a column (ex: changing a column data type from number to text).
We have fixed a bug where table views containing only a single linked column record would appear blank for users with “read-only” permissions.
We have fixed a bug where the Listener Configuration message for a data sync using the MongoDB Event source would return as "running" after it was disabled during an exception event -- the message will now correctly return an error in this case.
We have fixed a bug that was preventing DELETE actions from occurring when Change Approvals were enabled on a CDC source.
In continuing to provide useful troubleshooting tools, we have fixed a bug that was preventing dead messages from appearing in the Execution Errors table when errors occurred during the open connection phase of a target. This error may have also occurred when a MongoDB target had a connection string pointing to a non-existent port/server.
We have fixed a bug that was preventing Action Type column values of "Delete" from working with REST API target Delta syncs.
We have fixed a data sync issue preventing users from using environment variables or other parameters in connection strings.
We have fixed a bug in the Polling Event data sync where records would fail with a “unique constraint violation” if both an insert and an update statement happened at nearly the same time. In order to implement this fix, you need to add the “messageKeyExpression” parameter to your listener config when using the Polling Event as a source. Please review the documentation here for further information.
We have fixed a bug that was causing data syncs to fail when doing platform event inserts of any type into Salesforce targets.
We have fixed a bug where using the ID Column in a Snowflake target sync would prevent insert and update operations from working.
We have fixed a bug where attempting to sync documents using a UUID (Universally Unique IDentifier) as a source ID in a MongoDB Event Triggered batch sync would result in a blank UUID value when saved to a Cinchy table.
We have made application stability and quality fixes to Forms, including:
Custom date formats now work in Grid, Form, and Child Form views.
A child form that has a Link column reference to a parent record now auto-populates with the parent record's identity.
A space has now been added between multi-select values when displaying a record in an embedded child table.
Negative numbers can now be entered into Number type inputs on forms.
We have fixed an issue where updated file attachments on a form would fail to save.
We have fixed a bug that was causing a “Can’t be Bound" error when you attempted to use an UPDATE query on a multi-select link column as a user with multiple filters active.
Becoming comfortable with the Cinchy terms and verbiage is an essential step to broaden your understanding of the platform and Data Collaboration as a whole. We have created this handy guide featuring to help you better understand the words and phrases you may see appear throughout this wiki space.
A Batch Sync is one of the two types of Data Syncs that you can perform using Cinchy. by processing a group or a ‘batch’ of data all together rather than each piece of data individually. When the data sync is triggered it will compare the contents of the source to the target. The Cinchy Worker will decide if data needs to be added, deleted or updated. Batch sync can either be run as a one-time data load operation, or it can be scheduled to run periodically using an external Enterprise Scheduler
The is a user or user group with special within the Cinchy platform. An administrator can be either an or a
A Builder Admin can:
Modify all table data (including system tables), all schema, and all data controls
This includes setting up and configuring users, assigning them to groups, and assigning which users have builder access
View all tables (including system tables) and queries in the platform
A Non-Builder Admin can:
View all tables (including system tables) and queries in the platform
Modify data controls for tables
The “Cinchy Builder” has access to perform the following capabilities:
Change Table Schema (use Cinchy’s “Design Table” functionality)
Grant access (use Cinchy’s “Design Controls” functionality)
Edit Cinchy Data in Cinchy System Tables
Create, Save, and Share Cinchy Queries
Perform ad hoc Cinchy Queries on the Cinchy data network
Import/export packaged business capabilities (i.e. deployment packages)
Build Cinchy Experiences
Perform integration with Cinchy (e.g. Cinchy Command Line Interface [CLI] operations)
Create and Deliver an unlimited number of Customer Use Cases within Cinchy
CinchyDXD is a downloadable utility used to move Data Experiences (DX) from one environment to another. This includes any and all objects and components that have been built for, or are required in, support of the Data Experience.
Cinchy ID is a unique identifier assigned automatically to all records within a normal table. The Cinchy ID is associated with the record permanently and is never reassigned even if the record is deleted.
Cinchy Query Language can be used in many ways, including but not limited to:
Building queries through the query editor that can return, insert, delete, and otherwise manage your data.
Creating, altering or dropping views for tables
Creating, altering or dropping indexes
Direct Users log into Cinchy via the data browser
Indirect Users (also commonly referred to as "external users") view/edit data via a third-party application/page that connects to Cinchy via API
Cinchy End-Users are able to:
Create and save personal queries. Unlike traditional saved queries made by builders, personal saved queries cannot be shared and are not auto-exposed as APIs.
Track version history for the full lifecycle of data
Bookmark and manage data
Access data through application experiences
Data Collaboration entails the collection, exchange and use of data from different origins within an organization. This interaction creates data products with data owners acting as experts for their specific data domains. The interaction of these various data set domains also results in dramatically informed insights that are solely driven by the interactions of the data itself.
Entitlements refers to the set of permissions that you are granted for any piece of data. Cinchy allows entitlements to be set at a very granular level, meaning you can give individual users or user groups access to things like:
Viewing a data sync
Running a job
Viewing a specific table row or column
Editing a specific table cell
Etc.
Healthchecks returning a critical status
Upcoming Project Due Dates/Timelines
Client Risk Ratings reaching a high threshold
Tracking Ticket Urgency or Status markers
Unfulfilled and Pending Tasks/Deliverables
Etc.
In a nutshell, MDQE monitors for specific changes in data, and then pushes out notifications when that change occurs.
It lives on top of the data collaboration platform, allowing builders to create forms with custom configurations and users to access this data outside of the tabular view that is native to Cinchy.
Each node represents a table you have access to within Cinchy, and each edge is one link between two tables. The size of the table is determined by the number of links referencing that table. The timeline on the bottom allows you to check out your data network at a point in the past and look at the evolution of your network.
Cinchy version 5.5 was released on February 24, 2023.
For instructions on how to upgrade your platform to the latest version, please review the documentation
The Cinchy Upgrade Utility was previously introduced in v5.2 in order to facilitate a mandatory INT to BigInt upgrade. This tool will continue to be used in subsequent releases as an easy way to deploy necessary changes to your Cinchy platform.
For version 5.5, you must run the Upgrade Utility in order to fix a row-breaking issue that could be triggered on cells with over 4000 characters, where you are unable to update any column in your record.
Please review the or for further details.
You now have the option to use personal access tokens (PATs) in Cinchy, which are alternatives to using passwords for authentication. Similar to , you can use a Cinchy PAT to call the Cinchy API as your current user, meaning your associated access controls will be honoured as well. Cinchy PATs, however, have an expiration date of up to 1 year. A single user can have up to 5 PATs active at one time.
For information on setting up, configuring, and managing PATs, please
We have added MongoDB to our Connections offering as both a source and target connector.
Review the following documentation to utilize this new capability in Cinchy:
We are continuing to improve our text editor functionality for forms. You can now embed tables and images into your text. We have also made various styling and usability quality of life updates, including the addition of checkbox style lists.
We have added support for ephemeral volumes in Connections on a Kubernetes deployment. Unlike persistent volumes, ephemeral storage is unstructured and the space is shared between all pods running on a node**;** it allows pods to be started and stopped without being limited to the location of persistent volume. Running more than one pod for Connections per availability zone enables you to effectively leverage auto-scaling functionality.
We have updated the Connections experience to enable more use cases. You can now use CDC parameters in Calculated Columns and use the CinchyID in the sync key in real-time syncs.
Kafka supports cluster encryption and authentication, which can encrypt data-in-transit between your applications and Kafka. We have added the ability to include this encryption/authentication in the Listener Config when setting up real-time syncs using Kafka.
Using this parameter will specify which protocol will be used for communication between client and server. Cinchy currently supports the following options: Plaintext, SaslPlaintext, or SaslSsl.
Paintext: Unauthenticated, non-encrypted.
SaslPlaintext: SASL-based authentication, non-encrypted.
SaslSSL: SASL-based authentication, TLS-based encryption.
We have improved the implementation of tooltips such that linked columns display the tables that they link to. Hovering over the i symbol on a linked column will show the linked domain and table in the following format: Domain - Table; ex: HR - Employees. You can now also see them in the grid view.
We have introduced a Retry Configuration for REST API sources and targets. This will automatically retry HTTP Requests on failure based on a defined set of conditions. This capability provides a mechanism to recover from transient errors such as network disruptions or temporary service outages.
We have increased the default retention for Prometheus from 5GB to 50GB to allow you to store more metric data at a time.
This change is automatically reflected in new v5.5 deployments. Customers on previous v5 versions wishing to implement the change are able to rerun the automation script and deploy the new template to reflect the update.
To make the Forms experience more responsive and process quicker, we have introduced lazy loading of records while searching. Instead of loading and rendering every form record in the search box, which can be a slow process for use cases with millions of records, lazy loading will initially retrieve a limited number of records. These results can then be further optimized by inputting your Lookup Filter Conditions.
We have added the ability to pass parameters from a REST response into post sync scripts during both real-time and batch data syncs, allowing you to do more with your REST API data.
Data changes in Cinchy (CDC) can now be used to trigger a data sync from a REST API or MongoDB data source to a specified target. This works as an alternative to RunQuery.
We have added two new functions, JSON_ESCAPE and URL_ESCAPE, which can be used in Connections to escape parameter values when used in constructing the body of a REST API Request or in the URL
We have added an Authorization header type for REST API data syncs in Connections. An authorization request header can be used to provide credentials that authenticate a user with a server, allowing access to a protected resource.Selecting this header defines the Header Value as a password field.
We have solved an issue that was causing Connections to get stuck behind long running jobs despite there being capacity to execute. This fix enables predictable execution behavior without stoppage.
We have fixed an issue in the MatchEngine where execution was failing in versions of Cinchy above 5.2.
File sourced data syncs will no longer fail, allowing you to run Connection jobs with uploaded files without the risk of a file not found error when auto-scaling is enabled.
In order to prevent needlessly exhausting Cinchy IDs, the platform will no longer continuously retry to update records that have failed to save. This can sometimes occur when a value causes a calculated field to violate a uniqueness constraint. If the below error appears, you will have to manually update the cell to retry the save.
We have fixed a bug that was causing the Connections UI to crash if you attempted to run a job while there was an empty parameter in the Info tab (ex: no name or formula)
We have fixed a bug that would causes images in Forms to sometimes appear with a label above them, using the image's URL as the label's value.
We have fixed a bug that was forcibly terminating authenticated sessions in Grafana, now allowing you to work without interruptions.
We have solved an issue where using a form as a child form with file links wouldn't render the link thumbnail correctly in the "edit record" view.
We have fixed a bug that prevented record updates when multiple users attempted to update a row in too quick of a succession.
We have fixed an issue where doing delta batch syncs with a REST API target wouldn’t replace the @COLUMN parameter correctly.
We have fixed a bug in Connections where an Oracle sync target would have the wrong tag in the Config XML.
We have fixed a bug that was causing a “Listener is running” message to erroneously appear when the status of the listener was actually set to Disabled.
We have fixed a bug that was preventing REST API real-time sync execution errors from being inserted into the execution errors table.
This page details the Cinchy v5.1 release notes
A new connector has been added to the Cinchy Connections experience: you can now use as a source and target connector when performing data syncs. You can review the documentation on connecting as a source and as a target .
Our GraphQL API provides a complete and understandable description of your data and gives you the power to ask for exactly what data you need and nothing more all in a single request, while leveraging the existing ecosystem of GraphQL developer tools.
This is a beta release that offers read-only queries. Future releases will include more query features and mutation support (writes).
Performing Data Sync from Cinchy to Salesforce no longer requires write access to the sync key column. This means that you can maintain your Salesforce environment and security protocols without needing to either modify them or create additional attributes, for your sync to work.
We have added WCAG 2.1 AA Accessibility fixes to improve screen-reader performance and keyboard navigation accessibility.
We’ve implemented a new loading screen for when Cinchy is installing and initializing.
We have improved the performance of Meta Forms by reducing the rendering time and adding visual guides to help you see which form sections have completed loading.
Date fields with custom display formats will now render correctly, as opposed to showing up in mm/dd/yyyy format by default.
In forms that have a 1:1 parent/child hierarchy, we have added the option to render the child form as a flattened form, instead of in a table grid.
To improve UI consistency across Forms, the record selection drop down will now appear even if no records exist in the destination table.
We have fixed an error where scrolling in a table with a file column in certain situations prevents the UI from rendering all the data.
We have fixed an issue where sorting by columns with a ‘%’ in the column name caused the rows not to sort correctly in the UI.
We have fixed a bug in Meta Forms that prevented queries in child form filters from working as expected when using OR conditions.
use the Cinchy platform to build an unlimited number of business capabilities and use-cases.
A builder can be part of the
The is a tool that offers utilities for syncing data in and out of Cinchy via
is the Data Collaboration version of common query languages such as SQL. With a robust set of functions and commands, you can use CQL to retrieve and manage/modify data and metadata from tables in your network. While data can reside across many tables, a query can isolate it to a single output, making the possibilities of CQL endlessly powerful.
is an easy to use tool that can help you deploy important changes and upgrades to your Cinchy environment when upgrading versions. Note that not every major or minor release version will require the Utility to be run, however this will be clearly noted in the release notes and upgrade guide.
of the Cinchy platform are those that apply the functionalities created by the “Cinchy Builders” to their business objectives. This can be employees, customers, partners, or systems. There are two types of end-user: direct and indirect.
Use Tables, Saved Queries, and Experiences created by
An end-user can be part of the
The Connections Experience is an integral part of Cinchy's offerings. Serving as the front-end UI for performing, the Connections Experience can be accessed natively in your Cinchy browser in order to create, configure, and manage the data being synced in and out of the platform. The user friendly interface makes synchronizing your data across a range of apps and softwares easy.
Dataware is the emergence of a common group of technologies that solve data related problems across many business use cases. One of the most exciting categories in this group is
The is the homepage of your Cinchy platform. From here you can view any , , or that you have access to. You can also use it to search and review any bookmarks that you have saved.
When setting up a Data Sync, you must define which destination to push data to. Cinchy maintains of Data Destination connectors and is always working on adding more into the .
When setting up a Data Sync, you must define which source to pull data from. Cinchy maintains of Data Source connectors and is always working on adding more into the
Data Synchronizations ("Data Syncs") are a powerful and important aspect of the Cinchy platform. Using a Data Sync allows you to bidirectional push and pull data between various and , including Salesforce, Snowflake, REST APIs, and more. Built with keeping the core tenants of Data Collaboration in mind, Data Syncs adhere to your set and can be configured using the intuitive to enable a myriad of use-cases for your business.
Entitlements can persist across the platform when using features such as link columns or the
Rather than traditional code-centric applications which creates data silos, you can build directly on the Cinchy platform. These look and feel like regular applications, but persists its data on the data network autonomously, rather than managing its own persistence. These experiences automatically adapt as your data evolves. An Org Chart is an example of a metadata driven Experience you can create using the power of on Cinchy.
When setting up real-time data syncs, you will need to for your so that it knows what data to pull/push through your sync. Each stream source has different variables and parameters that you can use to refine your sync. Note that the Listener only needs to be configured for , not for
MDQE, which stands for , can send out notifications based on a set of rules and the “exceptions” that break them. This powerful tool can be used to send notifications for exceptions such as:
is a combination of Angular code packaged as an App Experience and a Data Model packaged as a Data Experience that enables users to interact with Cinchy data in a User-Friendly manner.
Cinchy comes out of the box with a system applet called , which is a visualization of your data on the platform and how everything interconnects; it's another way to view and navigate the data you have access to within Cinchy.
It uses your for viewable tables and linked columns.
Queries are the fundamental calculations that allow data to be pushed, pulled, and manipulated across a range of Cinchy features. A query can be used to call data, change data, delete data, or whatever functionality your use case requires. Cinchy comes out of the box with a native Query Builder and works with our proprietary
A Saved Query is merely a query that has been saved in order to be reused. These can be accessed via the Saved Queries table in Cinchy, and you have access to view or run them based on your
is one of the two types of Data Syncs that you can perform using Cinchy. In real-time syncs, the Cinchy Listener picks up changes in the source immediately as they occur. These syncs do not need to be manually triggered or scheduled using an external scheduler. Setting up a real-time sync does require an extra step of defining a listener configuration in order to execute properly.
is a scalable, flexible NoSQL document database platform known for its horizontal scaling and load balancing capabilities, which has given application developers an unprecedented level of flexibility and scalability.
In order for the above tooltip improvement to reconcile in your Cinchy environment, you must deploy an up-to-date version of the Forms Data Experience. You can review the installation instructions and retrieve the package
For more information on using this configuration, refer to the documentation and
For an example and instructions on this capability,
For more information, please review the documentation hereand here
We have introduced a new that escapes single quotes when wrapped around data sync parameters. It uses the following syntax to wrap around parameters or column references respectively: STRING_ESCAPE(@COLUMN('yourcolumn')) or STRING_ESCAPE(@yourparameter). This function is particularly useful when used in a post sync script's CQL.
We have added a new function, GetLastModifiedBy([Column]), which will return the CinchyID of the user who last modified the specified column. For more information on this new function,
This section of Cinchy's documentation will guide you through the deployment process for Cinchy version 5: from planning all the way through to installation and upgrades.
If you are looking to deploy Cinchy v5, please start here and read through all the sub-pages: Deployment Planning Overview and Checklist
Once you have familiarized yourself with the above documentation, you may move on to either of the below guides, depending on your preference:
If you are a customer currently on v4 and want to upgrade to v5, start here: Upgrading from v4 to v5
If you have any questions about the processes outlined in this section, please reach out to our Support team:
Via email: support@cinchy.com
Via phone: 1-888-792-6051
Through the support portal: Support Portal
This page details how to enable TLS 1.2 on Cinchy v5.
Navigate to the CinchySSO Folder > appsettings.json file.
Find the following line:
3. Replace the above line with the following:
4. Navigate to the Cinchy Folder > web.config file.
5. Find the following line:
6. Replace the above line with the following:
7. You may need to restart the application pools in IIS for the changes to take effect.
This page walks through the integration of an Identity Provider with Cinchy via SAML Authentication
Cinchy supports integration with any Identity Provider that issues SAML tokens (e.g. Active Directory Federation Services) for authenticating users.
It follows an SP Initiated SSO pattern where the SP will Redirect to the IdP and the IdP must submit the SAML Response via an HTTP Post to the SP Assertion Consumer Service.
Below is a diagram outlining the flow when a non-authenticated user attempt to access a Cinchy resource (Image 1).
Cinchy must be registered with the Identity Provider. As part of that process you'll supply the Assertion Consumer Service URL, choose a client identifier for the Cinchy application, and generate a metadata XML file.
The Assertion Consumer Service URL for Cinchy is the base URL for the CinchySSO application followed by "{AcsURLModule}/Acs"
e.g. https:///<CinchySSO URL>/Saml2/Acs
e.g. https://myCinchyServer/Saml2/Acs
To enable SAML authentication within Cinchy, follow the below steps:
You can find the necessary metadata XML from the applicable identity provider you're using the login against. Place the metadata file in the deployment directory of the CinchySSO web application.
If you are using Azure AD for this process, you can find your metadata XML by following these steps.
If you are using GSuite for this process, you can find your metadata XML by following steps 1-6 here.
If you are using ADFS for this process, you can find your metadata XML at the following link, inputting your own information for <your.AD.server>: https://
<your.AD.server>
/FederationMetadata/2007-06/FederationMetadata.xml
If you are using Okta for this process, you can find your metadata XML by following these steps.
If you are using Auth0 for this process, you can find your metadata XML by following these steps.
If you are using PingIdentity for this process, you can find your metadata XML by following these steps.
2. Update the values of the below app settings in the CinchySSO appsettings.json file.
SAMLClientEntityId - The client identifier chosen when registering with the Identity Provider
SAMLIDPEntityId - The entityID from the Identity Provider metadata XML
SAMLMetadataXmlPath - The full path to the metadata XML file
AcsURLModule - This parameter is needs to be configured as per your SAML ACS URL. For example, if your ACS URL looks like this "https:///<CinchySSO URL>/Saml2/Acs", then the value of this parameter should be "/Saml2"
When configuring the Identity Provider, the only required claim is a user name identifier. If you plan to enable automatic user creation, then additional claims must be added to the configuration, see section 4 below for more details.
Once SSO is enabled, the next time a user arrives at the Cinchy login screen they will see an additional button for "Single Sign-On".
Retrieve your metadata.xml file from the identity provider you're using the login against.
If you are using Azure AD for this process, you can find your metadata XML by following these steps.
If you are using GSuite for this process, you can find your metadata XML by following steps 1-6 here.
If you are using ADFS for this process, you can find your metadata XML at the following link, inputting your own information for <your.AD.server>: https://
<your.AD.server>
/FederationMetadata/2007-06/FederationMetadata.xml
If you are using Okta for this process, you can find your metadata XML by following these steps.
If you are using Auth0 for this process, you can find your metadata XML by following these steps.
If you are using PingIdentity for this process, you can find your metadata XML by following these steps.
2. Navigate to your cinchy.kubernetes\environment_kustomizations_template\instance_template\idp\kustomization.yaml file.
3. Add your metadata.xml patch into your secrets where specified below as <<metadata.xml>>
4. Navigate to your devops.automation > deployment.json in your Cinchy instance.
5. Add the following fields into the .json and update them below using the metadata.xml.
6. Navigate to your kubernetes\environment_kustomizations_template\instance_template_encoded_vars\idp_appsettings_json.
7. Update the below code with your proper AppSettings and ExternalIdentityClaimSection details.
8. Run devops automation script which will populate the updated outputs into the cinchy.kubernetes repo.
9. Commit your changes and push to your source control system.
10. Navigate to your ArgoCD dashboard and refresh the idp-app to pick up your changes. It will also delete your currently running pods in order to pick up the latest secrets.
11. Once the pods are healthy, you can verify the changes by looking for the SSO Tab on your Cinchy login page.
Before a user is able to login through the SSO flow, the user must be set up in Cinchy with the appropriate authentication configuration.
Users in Cinchy are maintained within the Users table in the Cinchy domain. Each user in the system is configured with 1 of 3 Authentication Methods:
Cinchy User Account - These are users that are created and managed directly in the Cinchy application. They log into Cinchy by entering their username and password on the login screen.
Non Interactive - These accounts are intended for application use.
Single Sign-On - These users authenticate through the SSO Identity Provider (configured using the steps above). They log into Cinchy by clicking the "Login with Single Sign-On" link on the login screen.
Create a new record within the Users table with the Authentication Method set to "Single Sign-On".
The password field in the Users table is mandatory. For Single Sign-On users, the value entered is ignored. You can input "n/a".
Change the Authentication Method of the existing user to "Single Sign-On".
Once a user is configured for SSO, they can then click the "Login with Single Sign-On" link on the login page and that will then take them through the Identity Provider's authentication flow and bring them into Cinchy.
If a user successfully authenticates with the Identity Provider but has not been set up in the Users table, then they will see the following error message - " You are not a registered user in Cinchy . Please contact your Cinchy administrator." To avoid the manual step to add new users, you can consider enabling Automatic User Creation.
Once SSO has been enabled on your instance of Cinchy, by default, any user that does not exist in the Cinchy Users table will not be able to login regardless if they are authenticated by the Identity Provider.
Enabling Automatic User Creation means that upon login, if the Identity Provider authorizes the user, an entry for this user will automatically be created in the Cinchy Users table if one does not already exist. This means that any SSO authenticated user is guaranteed to be able to access the platform.
In addition to creating a user record, if AD Groups are configured within Cinchy, then the authenticated user will automatically be added to any Cinchy mapped AD Groups where they are a member. See AD Group Integration for additional information on how to define AD Groups in Cinchy.
See below for details on how to enable Automatic User Creation.
Users that are automatically added will not be allowed to create or modify tables and queries. To provision this access, Can Design Tables and Can Design Queries must be checked on the User record in the Cinchy Users table.
The Identity Provider configuration must include the following claims in addition to the base configuration in the SAML token response:
First Name
Last Name
In order to enable automatic group assignment for newly created users (which is applicable if you plan on using AD Groups), then you must also include an attribute that captures the groups that this user is a member of (e.g. memberOf field in AD)
Enabling automatic user creation requires the following changes. For IIS Deployments this will be done to the appsettings.json file in the CinchySSO web application.
Add ExternalClaimName attribute values under "ExternalIdentityClaimSection" in appsettings.json file. Do not add the value for "MemberOf" if you don't want to enable automatic group assignment .
The ExternalClaimName value must be updated to create a mapping between the attribute name in the SAML response and the required field. (e.g. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname is the name in the SAML response for the FirstName field)
Beginning in Cinchy v5.6, you are now able to run the Connections pod under a service account that uses an AWS IAM (Identity and Access Management) role, which is an IAM identity that you can create to have specific permissions and access to your AWS resources. To set up AWS IAM role authentication, please review the procedure below.
To check that you have an OpenID Connect set up with the cluster (the default for deployments made using the Cinchy automation process), run the below command within a terminal:
The output should appear like the below. Make sure to note this down for later use.
Log in to your AWS account and create an IAM Role policy through the AWS UI. Ensure that it has S3 access.
Run the below command in a terminal to create a service account with the role created in step 3. If your cluster has a special character like an underscore, skip to section 1.1.
If your cluster name has a special character, like an underscore, you will need to create and apply the yaml. Follow section 1 up until step 4, and then follow the below procedure.
In an editor like Visual Code or similar, create a new file titled "my-service-account.yaml" in your working directory. It should contain the below content.
In a terminal, run the below command:
In an editor like Visual Code or similar, create a new file titled "trust-relationship.json" in your working directory. It should contain the below content.
For example,
Execute the following command to create the role, referencing the above .json file:
For example,
Execute the following command to attach the IAM policy to your role:
For example,
Execute the following command to annotate your service account with the Amazon Resource Name (ARN) of the IAM role that you want the service account to assume:
For example,
Confirm that the role and service account are configured correctly by verifying the ouput of the following commands:
To ensure that the Connections pod's role has the correct permissions, the role specified by the user in AWS must have its Trusted Relationships configured as such:
To confirm that the Connections app is using the service account:
Navigate to the cinchy.kubernetes repo > connections/kustomization.yaml file
Execute the following:
From a terminal, run the below command:
The output should look like the following:
This page provides an overview for the deployment architecture of Cinchy v5.
When choosing to deploy Cinchy version 5, you must decide whether to deploy via Kubernetes or on a VM (IIS).
Kubernetes is an open-source system that manages and automates the full lifecycle of container-based applications. You now have the ability to deploy Cinchy v5 on Kubernetes, and with it comes a myriad of features that help to simplify your deployment and enhance your scaling. Kubernetes can maximize your container capacity and easily scale up/down with your current operations.
Grafana, Opensearch, Opensearch Dashboard: Working together, these three applications provide a visual logging dashboard for all of the information coming in from your database pods. This streamlines your search for information by putting the control into your hands and compiling your logs in one easy to access place — you can now easily write a query against all of your logs, in all of your environments. You will have access to a default configuration out of the box, but you can also customize your dashboards as well.
Prometheus: With the Kubernetes addition, you now have access to Prometheus for your metrics dashboard. Prometheus records real-time metrics in a time series database used for event monitoring and alerting. You can then create custom dashboards to display your data in an easy to use visual that makes reporting on your metrics easy, and even set up push alerts based on your custom needs.
You also have the option to run Cinchy on Microsoft IIS, which was the traditional deployment method prior to Cinchy v5. Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
We recommend using Kubernetes to deploy Cinchy v5, because of the robust features that you can leverage, such as improved logging and metrics. Using Kubernetes allows for a greater ability to scale your Cinchy instances as well as the ability to lower your costs by using PostgreSQL.
Before deploying Cinchy v5, you must select which database you want to use.
The following list outlines which databases we support for Kubernetes Deployments.
For IIS Deployments please review the architecture requirements here.
Microsoft SQL Server is a relational database management system. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network.
Microsoft Azure SQL Database is a managed cloud database provided as part of Microsoft Azure. It runs on a cloud computing platform, and access to it is provided as a service. Managed database services take care of scalability, backup, and high availability of the database.
SQL Managed Instance is a managed, always up-to-date SQL instance in the cloud that combines broad SQL Server engine compatibility with the benefits of a fully managed PaaS.
Amazon Aurora (Aurora) is a fully managed relational database engine that's compatible with MySQL and PostgreSQL. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. Aurora is part of the managed database service Amazon Relational Database Service (Amazon RDS). Amazon RDS is a web service that makes it easier to set up, operate, and scale a relational database in the cloud.
PostgreSQL is a free and open-source relational database management system emphasizing extensibility and SQL compliance. PostgreSQL comes with features aimed to help developers build applications, administrators to protect data integrity and build fault-tolerant environments, and help you manage your data no matter how big or small the dataset.
Amazon RDS makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. With Amazon RDS, you can deploy scalable PostgreSQL deployments with cost-efficient and resizable hardware capacity. Amazon RDS manages complex and time-consuming administrative tasks such as PostgreSQL software installation and upgrades; storage management; replication for high availability and read throughput; and backups for disaster recovery. Amazon RDS for PostgreSQL gives you access to the capabilities of the familiar PostgreSQL database engine.
This is a fully managed and intelligent Azure Database for PostgreSQL. Enjoy high availability with a service-level agreement (SLA) up to 99.99 percent, AI-powered performance optimization, and advanced security. A fully managed database that automates maintenance, patching, and updates. Provision in minutes and independently scale compute or storage in seconds.
Prior to deploying Cinchy version 5, you need to define your sizing requirements.
Cluster sizing recommendations vary and are dependant on a myriad of deployment factors. We have provided the following very general sizing recommendations, but encourage you to explore more personalized options.
CPU: 8 Cores
Memory: 32GB Ram
Number of Servers: 3
AWS: m5.2xlarge
Azure: D8 v3
For sizing recommendations and prerequisites concerning an IIS deployment, please review the documentation found here.
If you are choosing to deploy Cinchy v5 on IIS, then you need to ensure that your VM disks have enough application storage to run your clusters.
Cinchy supports both Amazon S3 and Azure Blob Storage.
If you are using Terraform for your Kubernetes deployment, you will need to set up a new S3 compatible bucket to manually to store your state file. You will also need a bucket for Connections, to store error files created during data syncs.
You will create your two S3 compatible buckets using either Amazon or Azure. Ensure that you use the following convention when naming your buckets so that the automation script runs correctly: <org>-<component>-<cluster>. These bucket names will be referenced in your configuration files when you deploy Cinchy on Kubernetes.
Example Terraform Bucket: cinchy-terraform-state
Example Connection Bucket: cinchy-connections-cinchy-nonprod
There is no sizing definitions, as S3 provides unlimited scalability and it charges only for what you use/how much you store on it.
This page details the deployment architecture of Cinchy v5 when running on a VM.
The below diagram shows a high level overview of Cinchy's Infrastructure components when deploying on IIS.
Certain components and configurations are optional and dependent upon the usage pattern of the platform, these will be called out in the table below the diagram which provides a description of each component.
Tip: Click on an image to enlarge it.
Cinchy Web Application
This is the primary application for Cinchy, providing both the UI for end users as well as the REST APIs that serve application integration needs. The back-end holds the engine that powers Cinchy's data / metadata management functionality.
ASP.NET MVC 5
.NET Framework 4.7.2+
IIS 7.5+
Windows Server 2012 or later
2. Cinchy IdP
This is an OpenID Connect / OAuth 2.0 based Identity Provider that comes with Cinchy for authenticating users.
Cinchy supports user & group management directly on the platform, but can also connect into an existing IdP available in the organization if it can issue SAML tokens. Optionally, Active Directory groups may be integrated into the platform.
When SSO is turned on, this component is responsible for federating authentication to the customer's SAML enabled IdP. This centralized IdP issues tokens to all integrated applications including the Cinchy web app as well as any components accessing the REST based APIs.
.Net Core 2.1
.NET Framework 4.7.2+
IIS 7.5+
Windows Server 2012 or later
3. Cinchy Database
All data managed on Cinchy is stored in a MS SQL Server database. This is the persistence layer
MS SQL Server Database
Windows Server 2012 or later
MS SQL Server 2012 or later
4. Cinchy CLI
This is Cinchy's Command Line Interface that offers utilities to get data in and out of Cinchy.
One of these utilities is a tool to sync data from a source into a table in Cinchy. This is able to operate on large datasets by leveraging an in-built partitioning capability and performs a reconciliation to determine differences before applying changes.
Another commonly used utility is the data export, which allows customers to invoke a query against the Cinchy platform and dump the results to a file for distribution to other systems requiring batch data feeds.
.NET Core 2.0
.NET Core Runtime 2.0.7+ (on Windows or Linux)
5. ADO.NET Driver
For .NET applications Cinchy provides an ADO.NET driver that can be used to connect into the platform and perform CRUD operations on data.
.NET Standard 2.0
6. Javascript SDK
Cinchy's Javascript SDK for front-end developers looking to create an application that can integrate with the Cinchy platform to act as it's middle-tier and backend.
Javascript JQuery
7. Angular SDK
Cinchy's Angular SDK for front-end developers looking to create an application that can integrate with the Cinchy platform to act as it's middle-tier and backend.
Angular 5
A list of Frequently Asked Questions. Please use the search function or the Table of Contents to find specific queries.
You can use PowerShell to count the lines in a delimited file and based on the result decide if you will run the CLI.
There is currently no way for you to find out how many records will be inserted/updated/deleted if you run a CLI without performing the sync.
If the record is still in the table, but has been overwritten by mistake, access your Collaboration Log for the row, and restore back to the correct version.
If your row has been deleted by mistake, access your Recycling Bin, locate the row and restore it.
The only way to truly delete data on the platform is through Data Erasure and Data Compression.
For example: 4,10,15 to be used in WHERE [Id] IN (@param)
This can be done by using parameters in {}, such as {0},{1},...
These will be replaced with the exact text when running the query.
For example: SELECT * FROM [HR].[Employees] WHERE [Deleted] IS NULL AND [Employee ID] IN ({0}) (Image 1).
When updating a date field using a variable, and no value is entered for that variable, the date field will be 1900-01-01. To avoid this, use a case statement to replace the empty string with NULL, as shown in the following example:
Currently Cinchy Administrators have access to view/edit/approve all data in the platform. There is no way currently to restrict access for Cinchy administrators.
A workaround is to create a separate "administrators" group which has edit access to all Cinchy system tables, and just leave the "admin" user account or superadmins as "Cinchy administrators."
You can check if a data sync was successful by its exit code. Below is sample code in Powershell to check for the exit code and what they mean.
From the command prompt the following will also return the error code:
In Version 4:
First check <base URL>/elmah, which stores web-related induced errors.
Then check the logs, which can be accessed from <base URL>/admin/index.
Cinchy logs will contain all exceptions thrown by the Cinchy Web application. This includes failed queries, stack overflows and much more.
CinchySSO logs will contain IDP errors.
In Version 5: Errors and Logs can be found through the Opensearch Dashboard.
You can add line breaks in a cell on the UI, the same way as in Excel, by typing Alt+Enter. If you use the expanded row heights option, or manually expand the row, it will show the line breaks.
The best way to load data from external sources into Cinchy, is by using a data sync.
You can do the following to preview your changes:
Create staging tables to validate the data first.
Use formatting rules in Cinchy, to highlight data that is not valid.
Configure a CLI using a Cinchy Query source to move the data from the staging tables to the permanent tables.
Right click on the row you want additional information and select the Collaboration Log.
You can also add the "Modified By" and "Modified" columns into the current view/to your query if you want to see it for multiple rows at once.
One Time setup:
Open the Users table
For the password of this user, copy the admin user's password and paste it into the Password field of "defaultuser".
Set the Password Expiration Timestamp to today
In an Incognito browser, navigate to the Cinchy website
Sign in as defaultuser with the admin user password
Cinchy will ask you to change the password for defaultuser, change it to a default password you will give out every time you create an account.
In the original session window, refresh the Users table and remove the Password Expiration Timestamp for defaultuser.
Each time, for new users:
Open the Users table
Create the new user, for example "sandip"
For the password of this user, copy the "defaultuser" password and paste it into the Password field of "sandip".
Set the Password Expiration Timestamp to today
Give the user their username and friendly password created in step 7 above. They will be asked to change their password on first sign in.
You write the query for the records for which you want the change history, including system columns like [Version], [Created], ... and the columns for which you like to see the changes.
You can add an ORDER BY [Version] (either ASC or DESC)
Then you change the query return type to "Query Results (Including Version History )"
The following query will show when the Cinchy instances were upgraded.
Removing and updating a multi-select a link, is the same as setting the link field. The field needs to be updated with the list of values.
The value is a concatenated string of '[Cinchy Id],[Version],[Cinchy Id],[Version],[Cinchy Id],[Version]' from the lookup values
In this example it would set [Multi-Link Field Name] to values with [Cinchy Id] 1, 2, and 3. The version after each Cinchy Id should be 1.
You must provide the full list of multi-select values. If your field was '1,2' and you update it with '3,1' it will end up as '3', not '1,2,3'.
Navigate to <baseURL>/healthcheck
(ex. if your current URL is https://cinchy.mycompany.com/Tables/123?viewId=0 then you would navigate to https://cinchy.mycompany.com/healthcheck)
The response looks this:
In this case your Cinchy version is 4.14.0.0
If you would like to use the health check link for monitoring of the Cinchy application you can add "return503OnFailure=true" to the URL
Use the model loader to load it back in the system (/apps/modelloader).
You create a calculated column in the source and give it the value of the parameter.
For each table, export and import the data via the UI.
Then map the calculated source column to the target. The order of the columns in the source is important. If your source is a file, put the calculated columns at the end in the source, after all the actual columns in the file.
Set the delimiter to "|".
This can be done by using Transformations in the sync configuration of a column. Here is an example:
The pattern contains a regular expression:
^ - anchor for the beginning of the string
0 - the string to replace
* - quantifier to be applied to 0 or more occurrences
Export the Model to XML from the Design Table info tab
Open the exported model in an editor and change the name of the model
Change the name of the table
remove the guids from the table in the model and save the file
Use the modelloader at <cinchy base URL>/apps/modelloader
to upload the modified model
Export the data from the Manage Data screen of the initial table and import it in the new table
If you just have a group of tables, see the instructions below. If you have tables, queries, you want to port the permissions, etc. you can use this: Data Experience Deployment - Cinchy Platform Documentation
Table only instructions:
1. Create a dummy Data Experience and add all your tables from your domain to it (Image 2).
2. Hit the following endpoint with the GUID in your row:
<CinchyURL>/api/createdxversion?guid=<GUID>
If [Person 1] and [Person 2] are Link columns and [Member] is a Text column, a calculated column with the following expression will fail to save:
COALESCE([Person 1],[Person 2],[Member])
Please cast the link columns to VARCHAR:
COALESCE(CAST([Person 1] AS VARCHAR(50)),CAST([Person 2] AS VARCHAR(50)),[Member])
This is caused by records in Draft status. To retrieve these records, run a query with return type Query Results (Including Draft Data).
After approving these records, you will be able to disable change approval.
You may have to restore cancelled records, approve them, and delete them so that everything is approved.
The [Cinchy].[Table Access Control] table does not show in the Market Place, but you can query for the data in the table.
In this example it would set [Multi-Link Field Name] to values with [Cinchy Id] 1, 2, and 3. The version after each Cinchy Id should be 1."
Columns do not "Allow Linking" by default. Check the properties of the column in the original table and make sure that in “Show Advanced” the “Allow Linking” checkmark box is selected. If you do not have Design Table access to that table, you will need to ask someone who does to do it.
There are a couple reasons why you may not be able to see any rows:
View Filter
Data access controls
Error with the View or Table
Check the All Data view and see if there is data there, if that is the case but a particular view has no rows, there could be a filter on the view. For example, if there is a "Due Soon" or "My Actions" view, it could just be that there are no records assigned to you that require actioning.
Access controls set on the table could cause you to have access to 0 records. Since you are able to set row level filters in Cinchy, it may be the case that the permissions of the table has not changed, but the data has changed such that you no longer have permission or vice versa.
Error
There may be an error on the view. If the bottom of the page does not show 0 records then there may be an error on the page (Image 3).
It can be done. It is very unlikely that the GUID you want to change to is already allocated, but you should still check. Filter the [Cinchy].[Table Columns] for the new GUID. You should not find it. Then replace it in two places:
the json field in [Cinchy].[Tables] - replace it in the column definition
the GUID field in [Cinchy].[Table Columns]
To replace the table GUID, replace it in the json in [Cinchy].[Tables] and in the GUID field in [Cinchy].[Tables].
When you are done, restart the Cinchy UI.
A query like the following will cause multiple inserts instead of one if your result type is set to Query Results instead of # of Rows Affected.
The same applies to UPDATE statements.
If you need to perform inserts and updates in a query and want to return data at the end, another option is to use the "Single value (First Column of First Row)" return type, which will only be able to return a single value.
When I pass a value to the following query, the result is empty.
The query works without the DECLARE statement. When the DECLARE statement is present, the input variable is ignored, and needs to be SET. In order to still get the variable from the input, a second variable is needed.
When performing a data sync with a Salesforce target, you need to replace nulls with '#N/A' in the source. You can use ISNULL([Column],'#N/A') in the source query. The following is a link to the Salesforce documentation related to this topic:
https://help.salesforce.com/articleView?id=000328822&language=en_US&type=1&mode=1
Declare and set the parameters before invoking the query:
[HR].[Employees and Departments] is:
The default All Data view displays the columns in the same order as in Design Table. But you can create a view and change the columns displayed and their order.
Once link column is added to a table and saved, the multi-select checkbox should be disabled. If you need to change the option, you need to rename the column and create a new link column with the correct option.
The user needs to have "Design Table" permissions granted for the table where he/she will create or edit views and also needs to have the "Can Design Tables" checked in the [Cinchy].[Users] table.
See implementation support table
This page details the optional steps that you can take to use self-signed SSL Certificates in a Kubernetes Deployment of Cinchy.
This process needs to be followed after running the devops.automations script during your initial deployment, as well as each additional time that you run the script (Ex: updating your Cinchy platform), since it will wipe out all of the custom configuration you set up to use a self-signed certificate.
Generate the self-signed certificate by executing the following commands in any folder:
2. Create a yaml file located at cinchy.kubernetes/platform_components/base/self-signed-ssl-root-ca.yaml.
3. Add the following to the yaml file:
4. Add the self signed root CA cert file to the cinchy.kubernetes/environment_kustomizations/cinchy_nonprod/base folder.
5. Add the yaml code snippet to the cinchy.kubernetes/environment_kustomizations/cinchy_nonprod/base/kustomization.yaml file, changing the below files key value as per your root ca cert file name:
6. Add the following line to the cinchy.kubernetes/platform_components/base/kustomization.yaml file
7. Add the below Deployment patchesJson6902 to each of your cinchy.kubernetes/environment_kustomizations/cinchy_nonprod/ENV_NAME/PLATFORM_COMPONENT_NAME/kustomization.yaml files, except "base".
Ensure that the rootCA.crt file name is matched with ConfigMap data, configMapGenerator files, and the patch subpath.
8. Once the changes are deployed, verify the root CA cert is available on the pod under /etc/ssl/certs with below command, inputing your own POD_NAME and NAMESPACE where noted:
For further reference material, click here.
This page details how to change your File Storage configuration in Cinchy v5 to S3, Azure Blob, or Local.
In Cinchy v5.2, we implemented the ability to free up database space by using S3 compatible or Azure Blob Storage for file storage. This configuration is set in the deployment.json of a Kubernetes installation, or the appsettings.json of an IIS installation.
If you are using a Kubernetes deployment, you will change your file storage config in the deployment.json.
Navigate to the object storage section, where you will see either S3 or Azure Blob storage, depending on your deployment structure.
3. To utilize Blob Storage or S3, update each line with your own parameters.
4. To utilize Local storage, leave each line blank with the exception of the Connections_Storage_Type, which should be set to Local:
5. Run the deployment script by using the following command in the root directory of your devops.automations repo:
6. Commit and push your changes.
If you are using an IIS deployment, you will change your file storage config in the Cinchy Web appsettings file.
2. Locate the StorageType section of the file and set it to either "Local", "AzureBlobStorage" or "S3".
3. If you selected "AzureBlobStorage", fill out the following lines in the same file:
4. If your selected "S3", fill out the following lines in the same file:
This is the overview page for version 5 release notes.
Here's how to get help on using your Cinchy platform.
If at any point you require help or clarification on this documentation or your Cinchy platform, you can reach out to our Support team:
Via email: support@cinchy.com
Via phone: 1-888-792-6051
Through the support portal: Support Portal
This page is your first stop when considering a deployment of Cinchy v5.
There are various things to consider before deploying Cinchy v5.
The pages in this Deployment Planning section will guide you through the considerations you should think about and the prerequisites that you should implement before deploying version 5 of the Cinchy platform.
The pages in this section include:
Deployment Architecture Overview: This page explores your two high-level options for deploying Cinchy, on Kubernetes or on VM, and why we recommend a Kubernetes deployment. It also walks you through the important decision of selecting a database to run your deployment on, as well as some sizing considerations.
Kubernetes Deployment Architecture: This page provides Infrastructure (for both Azure and AWS), Cluster, and Platform component overviews for Kubernetes deployments. It also guides you through considerations concerning your cluster configuration.
IIS Deployment Architecture: This page provides Infrastructure and Platform component overviews for IIS (VM) deployments.
Deployment Prerequisites: This page details important prerequisites for deploying Cinchy v5.
We have provided the following checklist for you to use when planning for your Cinchy v5 deployment. Each item is linked to the appropriate documentation page to provide more insight and clarity.
Kubernetes is an open-source system that manages and automates the full lifecycle of container-based applications. You now have the ability to deploy Cinchy v5 on Kubernetes, and with it comes a myriad of features that help to simplify your deployment and enhance your scaling. Kubernetes can maximize your container capacity and easily scale up/down with your current operations.
You also have the option to run Cinchy on Microsoft IIS, which was the traditional deployment method prior to Cinchy v5. Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
We recommend using Kubernetes to deploy Cinchy v5, because of the robust features that you can leverage, such as improved logging and metrics. Using Kubernetes allows for a greater ability to scale your Cinchy instances as well as the ability to lower your costs by using PostgreSQL.
The main differences between a Kubernetes based deployment and an IIS deployment are:
The ability to elastically scale with your business needs.
Limits certain components to running single instances.
Better performance due to Kafka/Redis components.
Kafka/Redis not available as part of the deployment.
Ability to run the Maintenance CLI as a cron job.
Maintenance CLI must be orchestrated using a scheduler.
Detailed logging and metrics capabilities available via Prometheus/Grafana and Opensearch components.
Prometheus/Grafana and Opensearch not available as part of the deployment.
Point to point communication not required to maintain multiple instance caching.
Point to point communications (HTTP requests on the server IPs) is required to maintain caching in the event that multiple instances are stood up.
The use of container images allow for simpler version upgrades.
Does not use container images for upgrades.
Ability to use PostgreSQL database to lower infrastructure costs.
Locked into a TSQL database.
You need to manually manage your cluster(s).
You do not need to manually manage your cluster(s).
If you will be running on Kubernetes, please review the following checklist:
Define your object storage requirements.
Create an S3 compatible bucket.
Create your SSL Certs (With the option to use Self-Signed).
Define your Secrets Management, if desired.
Define whether you will use Cinchy's Docker Images or your own.
If using Cinchy’s, pull the images.
Starting in Cinchy v5.4, you will have the option between Alpine or Debian based image tags for the listener, worker, and connections. Using Debian tags will allow a Kubernetes deployment to be able to connect to a DB2 data source, and that option should be selected if you plan on leveraging a DB2 data sync.
When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
"5.x.x" - Alpine
"5.x.x-debian" - Debian
Access the deployment repositories and copy them into your own repo (Github or similar).
If you will be running on IIS, please review the following checklist:
Ensure that you have an instance of SQL Server 2017+
Ensure that you have a Windows Server 2012+ machine with IIS 7.5+ installed
Install .net core Hosting bundle Version 6.0
Specifically, install: ASP.NET Core/.NET Core Runtime & Hosting Bundle
Ensure that you review the minimum web server hardware recommendations
Ensure that you review the minimum database server hardware recommendations
Define your application storage requirements.
Ensure you have access to the release binary.
When it comes time to upgrade your various components, you can do so by updating the version number in your configuration files and applying the changes in ArgoCD.
Navigate to your cinchy devops.automation repository
Navigate to your deployment.json (You may have renamed this during your original Kubernetes deployment)
In the cinchy_instance_configs section, navigate to the image tags. Replace the version number with the instance that you wish to deploy (Ex: v5.0.0 > 5.1.0).
2. Rerun the deployment script by using the following command in the root directory of your devops.automations repo:
3. Commit and push your changes.
If your environment is not set-up to automatically apply upon configuration, complete the following the apply the newest version:
Navigate to the ArgoCD portal.
Refresh your component(s). If that does not work, re-sync.
This page details the installation instructions for deploying Cinchy v5 on Kubernetes
This page details the instructions for deployment of Cinchy v5 on Kubernetes. We recommend, and have documented below, that this is done via Terraform and ArgoCD. This setup involves a utility to centralize and streamline your configurations.
The Terraform scripts and instructions provided enable deployment on Azure and AWS cloud environments.
The following lists are required prerequisites for installing Cinchy v5 on Kubernetes.
Note that some prerequisites will depend on whether you are deploying on Azure or on AWS.
These prerequisites apply whether you are installing on Azure or on AWS.
The following four Git repositories must be created. Any source control platform supporting Git may be used, e.g. Gitlab, Azure DevOps, Github
cinchy.terraform: This repo contains all Terraform configurations.
cinchy.argocd: This repo contains all ArgoCD configurations.
cinchy.kubernetes: This repo contains cluster and application component deployment manifests.
cinchy.devops.automations: This repo contains the single configuration file and binary utility that maintains the contents of the above three repositories.
Download the artifacts for the four Git repositories. See here for information on accessing these. Check the contents of each of the directories into the respective repository.
You must have a service account with read/write permissions to the git repos created above.
If you are using Cinchy's docker images, pull them.
Starting in Cinchy v5.4, you will have the option between Alpine or Debian based image tags for the listener, worker, and connections. Using Debian tags will allow a Kubernetes deployment to be able to connect to a DB2 data source, and that option should be selected if you plan on leveraging a DB2 data sync.
When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
"5.x.x" - Alpine
"5.x.x-debian" - Debian
You will need a single domain for accessing ArgoCD, Grafana, Opensearch Dashboard, and any deployed Cinchy instances. There are two routing options for accessing these applications - path based or subdomains. See below for an example with multiple cinchy instances:
Cinchy 1 (Dev)
domain.com/dev
dev.mydomain.com
Cinchy 2 (QA)
domain.com/qa
qa.mydomain.com
Cinchy 3 (UAT)
domain.com/uat
uat.mydomain.com
ArgoCD
domain.com/argocd
cluster.mydomain.com/argocd
Grafana
domain.com/grafana
cluster.mydomain.com/grafana
Opensearch
domain.com/dashboard
cluster.mydomain.com/dashboard
You will need an SSL certificate for the cluster. This should be a wildcard certificate if you will use subdomain based routing. You can also use Self-Signed SSL.
The following prerequisites are required if you are deployment Cinchy v5 on Azure.
Terraform Backend Requirements:
A resource group that will contain the Azure Blob Storage with the terraform state.
A storage account and container (Azure Blob Storage) for persisting terraform state.
The Azure CLI should be installed on the machine where the deployment will be run. It must be set to the correct profile/login
The deployment template has the option of either leveraging an existing resource group or creating a new one:
If an existing resource group is preferred, the prerequisite requires the following be provisioned in advance of the deployment:
The resource group.
A VNet within the resource group.
A single subnet. It's important that the address range be sufficient for all executing processes within the cluster, e.g. a CIDR ending with /22 to provide a range of 1024 IPs.
If a new resource group is preferred, all resources will be automatically provisioned.
The quota limit of the Total Regional vCPUs and the Standard DSv3 Family vCPUs (or equivalent) must provide sufficient availability for the required number of vCPUs (minimum of 24).
An AAD user account to connect to Azure, which has the necessary privileges to create resources in any existing resource groups and the ability to create a resource group (if required).
The following prerequisites are required if you are deployment Cinchy v5 on AWS.
Terraform Backend Requirements:
An S3 bucket that will contain the terraform state.
The AWS CLI should be installed on the machine where the deployment will be run. It must be set to the correct profile/login
The template has the option of either leveraging an existing VPC or creating a new one:
If an existing VPC is preferred, the prerequisite requires the following be provisioned in advance of the deployment:
The VPC. It's important that the address range be sufficient for all executing processes within the cluster, e.g. a CIDR ending with /21 to provide a range of 2048 IPs.
3 Subnets (one per AZ). It's important that the address range be sufficient for all executing processes within the cluster, e.g. a CIDR ending with /23 to provide a range of 512 IPs.
If the subnets are private, a NAT Gateway is required to enable node group registration with the EKS cluster.
If a new VPC is preferred, all resources will be automatically provisioned.
The limit of the Running On-Demand All Standard vCPUs must provide sufficient availability for the required number of vCPUs (minimum of 24).
An IAM user account to connect to AWS which has the necessary privileges to create resources in any existing VPC and the ability to create a VPC (if required).
The SSL certificate must be imported into AWS Certificate Manager, or a new certificate can be requested via AWS Certificate Manager.
If your are importing it, you will need the PEM-encoded certificate body and private key. You can find this, you can get the PEM file from your chosen domain provider (GoDaddy, Google, etc.) Read more on this here.
Tips for Success:
Ensure that your region is configured the same across your SSL Certificate, your Terraform bucket, and your deployment.json in the next step of this guide.
The following steps detail the instructions for setting up the initial configurations.
Navigate to your cinchy.devops.automations repository where you will see an aws.json and azure.json.
Depending on the cloud platform that you are deploying to, select the appropriate file and copy it into a new file named deployment.json (or <cluster name>.json) within the same directory.
This file will contain the configuration for the infrastructure resources and the Cinchy instances to deploy. Each property within the configuration file has comments in-line describing its purpose along with instructions on how to populate it.
Follow the guidance within the file to configure the properties.
5. Commit and push your changes.
Tips for Success:
You can return to this step at any point in the deployment process if you need to update your configurations. Simply rerun through the guide sequentially after making any changes.
The deployment.json will ask for your repo username and password, however ArgoCD may encounter errors when retrieving your credentials in certain situations (ex: if using Github). You can verify if your credentials have been picked up or not by navigating to the ArgoCD Settings once you have deployed Argo in step 7 of this guide. To avoid errors, we recommend using a Personal Access Token instead.
This utility updates the configurations in the cinchy.terraform, cinchy.argocd, and cinchy.kubernetes repositories.
From a shell/terminal, navigate to the cinchy.devops.automations directory location and execute the following command:
2. If the file created in "Configuring the Deployment.json" step 2 has a name other than "deployment.json", the reference in the command will will need to be replaced with the correct name of the file.
3. The console output should terminate with a "Completed successfully".
The following steps detail how to deploy Terraform.
If deploying on AWS: Within the Terraform > AWS directory, a new folder named eks_cluster is created. Nested within that is a subdirectory with the same name as the newly created cluster.
To perform terraform operations, the cluster directory must be the working directory during execution. This applies to everything within step 4 of this guide.
If deploying on Azure: Within the Terraform > Azure directory, a new folder named aks_cluster is created. Nested within that is a subdirectory with the same name as the newly created cluster.
To perform terraform operations, the cluster directory must be the working directory during execution.
Launch a shell/terminal with the working directory set to the cluster directory within the cinchy.terraform repo.
2. If you are using AWS, run the following commands to authenticate the session:
3. If using Azure, run the following command and follow the on screen instructions to authenticate the session:
Execute the following command to create the cluster:
2. Type yes when prompted to apply the terraform changes.
The resource creation process can take approx. 15-20 minutes. At the end of the execution there will be a section with the following header
======= Output Variables =======
If deploying on AWS, this section will contain 2 values: Aurora RDS Server Host and Aurora RDS Password
If deploying on Azure, this section will contain a single value: Azure SQL Database Password
These variable values are required to update the connection string within the deployment.json file (or equivalent) in the cinchy.devops.automations repo.
The following section breaks down how to retrieve your SSH keys for both AWS and Azure deployments.
SSH keys should be saved for future reference in the event that a connection needs to be established directly to a worker node in the Kubernetes cluster.
The SSH key to connect to the Kubernetes nodes is maintained within the terraform state and can be retrieved by executing the following command:
The SSH key is output to the directory containing the cluster terraform configurations.
The following section pertains to updating the Deployment.json file.
Navigate to the the deployment.json (created in step 3.1) > cinchy_instance_configs section.
Each object within represents an instance that will be deployed on the cluster. Each instance configuration contains a database_connection_string property. This has placeholders for the host name and password that must be updated using output variables from the previous section.
Note that in the case of an Azure deployment, the host name is not available as part of the terraform output and instead must be sourced from the Azure Portal.
The terraform script will create an S3 bucket for the cluster that must be accessible to the Cinchy application components.
To access this programmatically, an IAM user that has read/write permissions to the new S3 bucket is required. This can be an existing user.
The Access Key and Secret Access Key for the IAM user must be specified under the object_storage section of the deployment.json
Within the deployment.json, the azure_blob_storage_conn_str must be set.
The in-line comments outline the commands required to source this value from the Azure CLI.
If you have the key_vault_secrets_provider_enabled=true value in the azure.json then the below secrets files would have been created during the execution of step 3.2:
You will need to add the following secrets to your azure key vault:
worker-secret-appsettings-<cinchy_instance_name>
web-secret-appsettings-<cinchy_instance_name>
maintenance-cli-secret-appsettings-<cinchy_instance_name>
idp-secret-appsettings-<cinchy_instance_name>
forms-secret-config-<cinchy_instance_name>
event-listener-secret-appsettings-<cinchy_instance_name>
connections-secret-config-<cinchy_instance_name>
connections-secret-appsettings-<cinchy_instance_name>
To create your new secrets:
Navigate to your key vault in the Azure portal.
Open your Key Vault Settings and select Secrets.
Select Generate/Import.
On the Create a Secret screen, choose the following values:
Upload options: Manual.
Name: Choose the secret name from the above list. They will all follow the format of: <app>-secret-appsettings-<cinchy_instance_name> or <app>-secret-config-<cinchy_instance_name>
Value: The value for the secret will be the content of each app JSON located in the cinchy.kubernetes\environment_kustomizations\nonprod<cinchy_instance_name>\secrets folder, and as shown in above image.
Content type: JSON
Leave the other values to their defaults.
Select Create.
Once you receive the message that the first secret has been successfully created, you may proceed to create the other secrets. There are a total of 8 secrets to create as shown in the above list of secret names.
This utility updates the configurations in the cinchy.terraform, cinchy.argocd, and cinchy.kubernetes repositories.
From a shell/terminal, navigate to the cinchy.devops.automations directory and execute the following command:
2. If the file created in section 3 has a name other than "deployment.json", the reference in the command will will need to be replaced with the correct name of the file.
3. The console output should terminate with a "Completed successfully".
4. The updates must be committed to Git before proceeding to the next step.
From a shell/terminal run the following command, replacing <region> and <cluster_name> with the accurate values for those placeholders:
From a shell/terminal run the following commands, replacing <subscription_id>, <deployment_resource_group>, and <cluster_name> with the accurate values for those placeholders.
These commands with the values pre-populated can also be found from the Connect panel of the AKS Cluster in the Azure Portal.
Verify that the connection has been established and the context is the correct cluster by running the following command:
In this step, we will deploy and access ArgoCD.
Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy ArgoCD:
3. Monitor the pods within the argocd namespace by running the following command every 30 seconds until they all move into a healthy state:
Launch a new shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to access ArgoCD:
This script creates a port forward using kubectl to enable ArgoCD to be accessed at http://localhost:9090
The credentials for ArgoCD's portal are output at the start of the access_argocd's script execution in Base64. The Base64 value must be decoded to get the login credentials to use for the http://localhost:9090 endpoint.
In this step, you will deploy your cluster components.
Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy the cluster components using ArgoCD:
3. Navigate to ArgoCD at http://localhost:9090 and login. Wait until all components are healthy (this may take a few minutes).
Tips for Success:
If your pods are degraded or failed to sync, refresh of resync your components. You can also delete pods and ArgoCD will automatically spin them back up for you.
Check that ArgoCD is pulling from your git repo by navigating to your Settings
If your components are failing upon attempting to pull an image, refer to your deployment.json to check that each component is set to the correct version number.
Execute the following command to get the External IP used by the istio ingress gateway.
2. DNS entries must be created using the External IP for any subdomains / primary domains that will be used, including Opensearch, Grafana, and ArgoCD.
The default path to access Opensearch, unless you have configured it otherwise in your deployment.json, is <baseurl>/dashboard
The default credentials for accessing Opensearch are admin/admin. We recommend that you change these credentials the first time you log in to Opensearch.
To change the default credentials for Cinchy v5.4+, follow the documentation here.
To change the default credentials and/or add new users for all other deployments, follow this documentation or navigate to Settings > Internal Roles in Opensearch.”
The default path to access Grafana, unless you have configured it otherwise in your deployment.json, is <baseurl>/grafana
The default username is admin. The default password for accessing Grafana can be found by doing a search of "adminPassword" within the following path: cinchy.kubernetes/cluster_components/metrics/kube-prometheus-stack/values.yaml
We recommend that you change these credentials the first time you access Grafana. You can do so through the admin profile once logged in.
In this step, you will deploy your Cinchy components.
Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy the Cinchy application components using ArgoCD:
3. Navigate to ArgoCD at http://localhost:9090 and login. Wait until all components are healthy (may take a few minutes)
4. You will be able to access ArgoCD through the URL that you configured in your deployment.json, as long as you created a DNS entry for it in step 8.2.
You have now finished the deployment steps required for Cinchy. Navigate to your configured domain URL to verify that you can login using the default username (admin) and password (cinchy).
If ArgoCD Application Sync is stuck waiting for PreSync jobs to complete, you can run the below command to restart the application controller.
This page details the deployment architecture of Cinchy v5 when running on Kubernetes.
The below diagram shows a high level overview of a possible Infrastructure diagram with components on the cluster, however your specific configuration may vary (Image 1).
Tip: Click on an image to enlarge it.
When deploying Cinchy version 5 on Kubernetes, you may deploy via Amazon Web Services (AWS). The below diagram shows a high level overview of a possible AWS Infrastructure with components outside the cluster, however your specific configuration may vary (Image 2).
Tip: Click on an image to enlarge it.
When deploying Cinchy version 5 on Kubernetes, you may deploy via Microsoft Azure. The below diagram shows a high level overview of possible Azure Infrastructure with components outside the cluster, however your specific configuration may vary (Image 3).
Tip: Click on an image to enlarge it.
The following highlighted area provides a high-level overview of cluster level components used when deploying Cinchy on Kubernetes, as well as what versions they are running.
These are created once per cluster. Clients may choose to run these components outside of the cluster or replace with their own comparable components. This diagram shows them in the cluster (Image 4).
Tip: Click on an image to enlarge it.
These are created once per cluster. Clients may choose to run these components outside of the cluster or replace with their own comparable components.
Service Mesh - Istio: All inbound traffic to your Cinchy instance is routed and handled through this component, keeping it secure and managed.
Monitoring/Alerting - Prometheus & Grafana: Prometheus consumes metrics from the running components in your environment, which can then be visualized into user friendly graphs and dashboards by Grafana. Prometheus can also connect to third party services to provide alerting capabilities. Both Prometheus and Grafana use persistent storage.
Logging - Opensearch and Fluentbit: All logs are captured and indexed by Opensearch in a single, easily accessible location. These logs can be queried, searched, and filtered, and Correlation IDs mean that they can also be traced across various components. These logging components take advantage of persistent storage.
Caching - Redis: Redis is currently being used to facilitate a distributed lock using RedLock, which guarantees lock synchronizations across Cinchy instances. It is also a storage location for the execution output when running batch data syncs.
Event Processing - Kafka: This is designed to act as the middleware that allows for messaging between components through a queuing mechanism. Kafka features persistent storage.
There are a few things to consider about your cluster configuration before you deploy Cinchy on Kubernetes:
How many clusters will you need?
Will you be sharing from an existing cluster?
Will you be running multiple environments on a single cluster?
Each instance of Cinchy has the following components, which are used to either provide an experience to users/applications or connect data in/out of Cinchy. Since multiple Cinchy instances can be deployed per cluster, these components will repeat for each environment.
The following highlighted area provides a high-level overview of instance level components used when running Cinchy on Kubernetes (Image 5).
Tip: Click on an image to enlarge it.
Meta Experiences: Cinchy offers pre-packaged experiences that you can import into your Cinchy environment and use on your data network. This includes experiences like Meta-Forms and Meta-Reports.
Connections: The Cinchy Connections experience is used to help easily create data syncs in/out of the platform. It features persistent storage.
Data Browser: Cinchy’s Dataware platform features a Universal Data Browser that allows users to view, change, analyze, and otherwise interact with all data on the network. The Data Browser even enables non-technical business users to manage and update data, build models, and set controls, all through an easy and intuitive UI.
Identity Provider: An Identity Provider (IdP) creates and manages user credentials and associated identity attributes. IdPs authentication services are used in Cinchy to authenticate end-users.
Event Listener: The Event Listener is used to picks up events from connected sources during a data sync. Review Cinchy's Data Sync documentation for further information on the Event Listener. The Event Listener uses persistent storage.
Event Stream Worker: The Event Stream Worker is used to process data picked up by the Event Listener during data syncs. Review Cinchy's Data Sync documentation for further information on the Event Stream Worker. The Event Worker uses persistent storage.
Maintenance (Batch Jobs): Cinchy performs maintenance tasks through the CLI. This currently includes the data erasure and data compression deletions.
ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes that simplifies the application deployment and lifecycle management. ArgoCD is highly recommended for deploying Cinchy, however you may also choose to use another tool.
Once you configurations are set, ArgoCD automates the deployment of the desired application states into your specified target environments. Implemented as a Kubernetes controller, it continuously monitors running applications and compares the current, live state against the desired target state (as specified in your repositories).
This page contains information on how to leverage Active Directory groups within Cinchy.
This section defines how to manage Groups.
Cinchy Groups are containers that have Users and other Groups within them as members. They are used to provision access controls throughout the platform. Cinchy Groups enable centralized administration for access controls.
Groups are defined in the "Groups" table within the Cinchy domain. By default this table can only be managed by members of the Cinchy Administrators group. Each group has the following attributes:
Name
The Group Name. This must be unique across all groups within the system.
Users
The Users which are members of the group
User Groups
The Groups which are members of the group
Owners
Users who are able to administer memberships to the group. By default, Owners are also members of the group and this do not need to also be added into the Users category.
Owner Groups
Groups whose members are able to administer the membership of the group. By default, members of Owner Groups are also members of the group itself, and thus do not need to also be added into the User or User Groups category.
Group Type
This will be either "Cinchy Group" or "AD Group". "Cinchy Group": The membership is maintained directly in Cinchy. "AD Group": A sync process will be leveraged to maintain the membership and overwrite the Users.
To define a new AD Group, create a new record within the Groups Table with the same name as the AD Group (using the cn attribute).
Set the Group Type to "AD Group".
To convert an existing group, update the Name attribute of the existing group record to match the AD Group (using the cn attribute).
Set the Group Type to "AD Group".
AD Groups defined in Cinchy have their members synced from AD through a batch process that leverages the Cinchy Command Line Interface (CLI).
The sync operation performs the following high-level steps:
Fetches all Cinchy registered AD Groups using a Saved Query.
Retrieves the usernames of all members for each AD Group. The default attribute for username that is retrieved is "userPrincipalName", but configurable as part of the sync process.
For each AD Group, it loads the users that are both a member in AD and exist in the Cinchy Users table (matched on the Username) into the "Users" attribute of the Cinchy Groups table.
The Cinchy CLI Model must be installed in your instance of Cinchy. See here for more details.
An instance of the Cinchy CLI must be available to execute the sync.
A task scheduler is required to perform the sync on a regular basis (e.g. Autosys).
Create a new query within Cinchy with the below CQL to fetch all AD Groups from the Groups table. The domain & name assigned to the query will be referenced in the subsequent step.
Copy the below XML into a text editor of your choice and update the attributes listed in the table below the XML to align to your environment specific settings.
Once complete, create an entry with the config in your Data Sync Configurations table (part of the Cinchy CLI model).
XML Tag
Attribute
Content
LDAPDataSource
ldapserver
The LDAP server url
(e.g. LDAP:\\activedirectoryserver.domain.com)
LDAPDataSource
username
The encrypted username to authenticate with the AD server
(generated using the CLI's encrypt command -
dotnet Cinchy.CLI.dll encrypt -t "Domain/username").
LDAPDataSource
password
The encrypted password to authenticate with the AD server
(generated using the CLI's encrypt command -
dotnet Cinchy.CLI.dll encrypt -t "password").
LDAPDataSource -> Filter
Domain Name
The domain of the Saved Query that retrieves AD Groups
LDAPDataSource -> Filter
Query Name
The name of the Saved Query that retrieves AD Groups
If the userPrincipalName
attribute in Active Directory does not match what you expect to have as the Username in the Cinchy Users table (e.g. if the SAML token as part of your SSO integration returns a different ID), then you must replaceuserPrincipalName
in the XML config with the expected attribute.
The userPrincipalName
appears twice in the XML, once in the LDAPDataSource Columns and once in the CinchyTableTarget ColumnMappings.
The below CLI command (see here for additional information on the syncdata command) should be used to execute the sync.
Update the command parameters (described in the table below) with your environment specific settings.
Execution of this command can be scheduled at your desired frequency using your scheduler of choice.
The user account credentials provided in above CLI syncdata command must have View/Edit access to Cinchy Groups table.
If you are syncing someone with a lot of ADFS groups, the server may reject the request for the header being too large. If you are able to login as a user with a few groups in ADFS but run into an error with users with a lot of ADFS groups (regardless of if those ADFS groups are in Cinchy), you will need to make the following changes:
Follow the instructions outlined in this document.
In your CinchySSO app settings, you will also need to increase the max size of the request, as follows:
This page details the release notes for Cinchy v5.3
For instructions on how to upgrade to the latest version of Cinchy, see here.
We are continuing to improve our Connections offerings, and we now support Kafka as a data sync target in Connections.
Apache Kafka is an end-to-end event streaming platform that:
Publishes (writes) and subscribes to (reads) streams of events from sources like databases, cloud services, and software applications.
Stores these events durably and reliably for as long as you want.
Processes and reacts to the event streams in real-time and retrospectively.
Event streaming thus ensures a continuous flow and interpretation of data so that the right information is at the right place, at the right time for your key use cases.
For information on setting up data syncs with Kafka as a target, please review the documentation here.
We have also added support for Apache AVRO (inbound) as a data format and added integration with the Kafka Schema Registry, which helps enforce data governance within a Kafka architecture.
Avro is an open source data serialization system that helps with data exchange between systems, programming languages, and processing frameworks. Avro stores both the data definition and the data together in one message or file. Avro stores the data definition in JSON format making it easy to read and interpret; the data itself is stored in binary format making it compact and efficient.
Some of the benefits for using AVRO as a data format are:
It's compact;
It has a direct mapping to/from JSON;
It's fast;
It has bindings for a wide variety of programming languages.
For more about AVRO and Kafka, read the documentation here.
For information on configuring AVRO in your platform, review the documentation here.
Focus the results of your Network Map to show only the data that you really want to see with our new URL parameters.
You can now add Target Node, Depth Level, and Max Depth Level Parameters, if you choose.
Example: <base url>/apps/datanetworkvisualizer?targetNode=&maxDepth=&depthLevel=
Target Node: Using the Target Node parameter defines which of your nodes will be the central node from which all connections branch from.
Target Node uses the TableID number, which you can find in the URL of any table.
Example: <base url>/apps/datanetworkvisualizer?targetNode=8 will show TableID 8 as the central node
Max Depths: This parameter defines how many levels of network hierarchy you want to display.
Example: <base url>/apps/datanetworkvisualizer?maxDepth=2 will only show you two levels of connections.
Depth Level: Depth Level is a UI parameter that will highlight/focus on a certain depth of connections.
Example: <base url>/apps/datanetworkvisualizer?DepthLevel=1 will highlight all first level network connections, while the rest will appear muted.
The below example visualizer uses the following URL: <base url>/apps/datanetworkvisualizer?targetNode=8&maxDepth=2&depthLevel=1
It shows Table ID 8 ("Groups") as the central node.
It only displays the Max Depth of 2 connections from the central node.
It highlights the nodes that have a Depth Level of 1 from the central node.
We have increased the length of the [Parameters] field in the [Cinchy].[Execution Log] to 100,000 characters.
Two new parameters are now available to use in real time syncs that have a Cinchy Table as the target. @InsertedRecordIds() and @UpdatedRecordIds() can be used in post sync scripts to insert and update Record IDs respectively, with the desired value input as comma separated list format.
We have fixed a bug that was preventing some new SSO users belonging to existing active directory groups from seeing tables that they should have access to.
We have fixed a bug where a Webhook would return a 400 error if a JSON body was provided, and the key was in the query parameter of the HTTP request.
We continue to optimize our GraphQL beta capabilities by improving memory utilization and performance.
This page details various prerequisites for deploying Cinchy v5.
The following is a list of steps that are required prior to deploying Cinchy v5 on Kubernetes.
The following tools should be installed on the machine where the deployment will run:
Kubectl (v1.23.0+)
All of your Cinchy environments will need a domain for each of the following:
ArgoCD
Opensearch
Grafana
This is done through your specific domain registrar (for example: GoDaddy, Google Domains, etc.)
You will need to have valid SSL Certs ready when you deploy Cinchy v5. This should be a wildcard certificate if ArgoCD will be exposed via a subdomain (preferred). Without the wildcard certificate, accessing ArgoCD's portal requires a port forward to be created using kubectl on demand.
You also have the option to use Self-Signed Certs in Kubernetes deployments. Find more information here.
Secrets management is optional, however Cinchy recommends it for securely storing and accessing secrets that will be used in the deployment process. Cinchy currently supports:
This is optional, but if you would like to set up single sign-on for use in your Cinchy v5 environments, please review the documentation here.
You have the option to either use Cinchy's Docker images or your own. If you would like to use Cinchy's, please follow the section below to access them.
You will pull Docker images from Cinchy's AWS Elastic Container Registry (ECR).
To gain access to Cinchy's Docker images, you will need login credentials to the ECR. You can gain these by contacting Cinchy Support.
Starting in Cinchy v5.4, you will have the option between Alpine or Debian based image tags for the listener, worker, and connections. Using Debian tags will allow a Kubernetes deployment to be able to connect to a DB2 data source, and that option should be selected if you plan on leveraging a DB2 data sync.
When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
"5.x.x" - Alpine
"5.x.x-debian" - Debian
The following four Git repositories must be created. Any source control platform supporting Git may be used, e.g. Gitlab, Azure DevOps, Github
cinchy.terraform: This repo contains all Terraform configurations.
cinchy.argocd: This repo contains all ArgoCD configurations.
cinchy.kubernetes: This repo contains cluster and application component deployment manifests.
cinchy.devops.automations: This repo contains the single configuration file and binary utility that maintains the contents of the above three repositories.
You must have a service account with read/write permissions to the git repos created above.
You will need to access and download the Cinchy artifacts prior to deployment.
To access the Kubernetes artifacts:
Access the Cinchy Releases table. Please contact Cinchy Support if you do not have the access credentials necessary.
Navigate to the release you wish to deploy
Download the .zip file(s) listed under the Kubernetes Artifacts column
Check the contents of each of the directories into their respective repository.
Please contact Cinchy Support if you are encountering issues accessing the table or the artifacts.
The following prerequisites are required if you are deployment Cinchy v5 on Azure.
Terraform Backend Requirements:
A resource group that will contain the Azure Blob Storage with the terraform state.
A storage account and container (Azure Blob Storage) for persisting terraform state.
The Azure CLI should be installed on the machine where the deployment will be run. It must be set to the correct profile/login
The deployment template has the option of either leveraging an existing resource group or creating a new one:
If an existing resource group is preferred, the prerequisite requires the following be provisioned in advance of the deployment:
The resource group.
A VNet within the resource group.
A single subnet. It's important that the address range be sufficient for all executing processes within the cluster, e.g. a CIDR ending with /22 to provide a range of 1024 IPs.
If a new resource group is preferred, all resources will be automatically provisioned.
The quota limit of the Total Regional vCPUs and the Standard DSv3 Family vCPUs (or equivalent) must provide sufficient availability for the required number of vCPUs (minimum of 24).
An AAD user account to connect to Azure, which has the necessary privileges to create resources in any existing resource groups and the ability to create a resource group (if required).
The following prerequisites are required if you are deployment Cinchy v5 on AWS.
Terraform Backend Requirements:
An S3 bucket that will contain the terraform state.
The AWS CLI should be installed on the machine where the deployment will be run. It must be set to the correct profile/login
The template has the option of either leveraging an existing VPC or creating a new one:
If an existing VPC is preferred, the prerequisite requires the following be provisioned in advance of the deployment:
The VPC. It's important that the address range be sufficient for all executing processes within the cluster, e.g. a CIDR ending with /21 to provide a range of 2048 IPs.
3 Subnets (one per AZ). It's important that the address range be sufficient for all executing processes within the cluster, e.g. a CIDR ending with /23 to provide a range of 512 IPs.
If the subnets are private, a NAT Gateway is required to enable node group registration with the EKS cluster.
If a new VPC is preferred, all resources will be automatically provisioned.
The limit of the Running On-Demand All Standard vCPUs must provide sufficient availability for the required number of vCPUs (minimum of 24).
An IAM user account to connect to AWS which has the necessary privileges to create resources in any existing VPC and the ability to create a VPC (if required).
The SSL certificate must be imported into AWS Certificate Manager (or a new certificate can be requested via AWS Certificate Manager).
The following is a list of steps that are required prior to deploying Cinchy v5 on IIS
You will need to access and download the Cinchy binary prior to deployment:
Access the Cinchy Releases table. Please contact Cinchy Support if you do not have the access credentials necessary.
Navigate to the release you wish to deploy
Download the files listed under the Component Artifacts column. This should include zip files for:
Cinchy Platform
Cinchy Maintenance CLI and CLI (optional)
Cinchy Meta-Forms (optional)
Please contact Cinchy Support if you are encountering issues accessing the table or the artifacts.
An instance of SQL Server 2017+
A Windows Server 2012+ machine with IIS 7.5+ installed
Install .net core Hosting bundle Version 6.0
Specifically, install: ASP.NET Core/.NET Core Runtime & Hosting Bundle
Cinchy Platform 5.4+ uses .NET Core 6.0.
4.18.0+ used .NET Core 3.1 and previous versions used .NET Core 2.1
Minimum Web Server Hardware Recommendations
2 x 2 GHz Processor
8 GB RAM
4 GB Hard Disk storage available
Minimum Database Server Hardware Recommendations
4 x 2 GHz Processor
12 GB RAM
Hard disk storage dependent upon use case. Note that Cinchy maintains historical versions of data and performs soft deletes which will add to the overall storage requirements.
Clustering considerations are applicable to both the Web and Database tiers in the Cinchy deployment architecture.
The web tier can be clustered by introducing a load balancer and scaling web server instances horizontally. Each node within Cinchy uses an in-memory cache of metadata information, and expiration of cached elements is triggered upon data changes that would impact that metadata. Data changes processed by one node wouldn't immediately be known to other nodes without establishing connectivity between them. For this reason the nodes must be able to communicate over either http or https through an IP based binding on the IIS server that allows cache expiration messages to be broadcast. The port used for this communication is different from the standard port that is used by the application when a domain name is involved. Often for customers this means that a firewall port must be opened on these servers.
The database tier relies on standard MS SQL Server failover clustering capabilities.
The web application is responsible for all interactions with Cinchy be it through the UI or connectivity from an application. It interprets/routes incoming requests, handles serialization/deserialization of data, data validation, enforcement of access controls, and the query engine to transform Cinchy queries into the physical representation for the database. The memory footprint for the application is fairly low as caching is limited to metadata, but the CPU utilization grows with request volume and complexity (e.g. insert / update operations are more complex than select operations). As the user population grows or request volume increases from batch processes / upstream system API calls there may be a need to add nodes.
The database tier relies on a persistence platform that scales vertically. As the user population grows and request volume increases from batch processes / upstream system API calls the system may require additional CPU / Memory. Starting off in an environment that allows flexibility (e.g. a VM) would be advised until the real world load can be profiled and a configuration established. On the storage side, Cinchy maintains historical versions of records when changes are made and performs soft deletes of data which will add to the storage requirements. The volume of updates occurring to records should be considered when estimating the storage size.
Outside of log files there is no other data generated & stored on the web servers by the application, which means backups are generally centered around the database. Since the underlying persistence platform is a MS SQL Server, this relies on standard procedures for this platform.
The pages under this section deal with upgrading your Cinchy platform.
If you are currently running Cinchy v4+ or v5+ and wish to upgrade your components, please review the documentation here:
If you are currently running Cinchy v4+ and wish to upgrade to v5+, please review the documentation here:
There may be times when you want to temporarily disable your Kubernetes pods in order to perform maintenance or certain upgrades. You can do so through the following steps:
Access your ArgoCD
Navigate to the application directory for the namespace you wish to disable, in this case development-cinchy (Image 1). You should see your cluster component applications.
3. Click on the main application (i.e. development-cinchy) (Image 2).
4. Navigate to Summary > Sync Policy > Automated. Click on Disable Auto-Sync > OK (Image 3).
5. For each of the cluster applications that you wish to disable, click on the "..." > Delete (Image 5).
6. Your apps should all appear as "out of sync" (Image 6).
To re-enable your applications, return to the application directory for your disabled namespace (Image 7).
2. Click on the main application (i.e. development-cinchy) (Image 8).
3. Navigate to Summary > Sync Policy. Click on Enable Auto-Sync > OK (Image 9).
This page details information on the Cinchy Upgrade Utility.
The Cinchy Upgrade Utility was first introduced in v5.2 in order to facilitate a mandatory INT to BigInt upgrade. This tool has continued to be used in subsequent releases as an easy way to deploy necessary changes to your Cinchy platform.
Upgrades will also be specified on the applicable page for each release.
Depending on your upgrade path, certain upgrades must be performed in sequential and/or specific order. This will be clearly marked in the section.
For example: To go from v5.1 to v5.5, you would first have to run the 5.2 upgrade utility and deploy the release. Once validated, you would then run the 5.5 upgrade and deploy that version.
Not all new releases will have changes that require the utility to be run. Review the table in section 4 for the full list.
You will need to run this process as a user with admin/dbowner privileges to your database.
You will need to have installed on the machine that you will run the utility on.
Retrieve the Upgrade Utility from the
We recommend you follow this process during off-peak hours.
Turn off your Cinchy platform. (Note: This step is only required for the 5.2 upgrade)
In an IIS Deployment:
Open your Windows Services Panel.
Select IIS Admin Service.
Stop the service.
Right-click IIS Admin Service and select Properties.
Change 'Start Up Type' to 'Disabled'.
Create a backup snapshot of your platform.
Run the following command through a command window as an admin/dbowner, using the table below as a guide.
5. You will see the below progress bar as your upgrade completes (Image 1). Once it is done, you will see a VALIDATION PASSED check.
Tip: Click on the image below to enlarge it.
If there are any errors during execution or your validation fails, we suggest that you restore your database from the backup and contact Cinchy support.
Note: You must deploy whichever version of the platform you ran the upgrade utility for.
7. If it was turned off in step 1, turn your Cinchy platform back on.
2. In an IIS deployment:
1. Open your Windows Services Panel.
2. Select IIS Admin Service.
3. Start the service.
4. Right-click IIS Admin Service and select Properties.
5. Change 'Start Up Type' to 'Enabled'.
This document outlines the steps for configuring Active Directory Federation Services (ADFS) to facilitate Single Sign-On (SSO) with Cinchy.
Certainly, presenting the information in a table can help make it easier to understand. Here's how you can structure it:
Before starting with the ADFS configuration, make sure to have following information:
Having these details readily available will streamline the ADFS configuration process.
Navigate to AD FS Management on your ADFS server.
Right-click on Relying Party Trusts and choose Add Relying Party Trust to open the Add Relying Party Trust Wizard.
In the wizard, select Claims Aware > Start > Select Data Source.
Select Enter Data About the Relying Part Manually > Next.
Fill in a Display Name under Specify Display Name.
Skip certificate configuration in Configure Certificates.
In Configure URL, select Enable support for the SAML 2.0 SSO Web SSO protocol.
Input your login URL as follows:
Under Configure Identifiers, add an Identifier and press Next to complete the setup.
Right-click on the newly created Relying Party Trust (located by its Display Name) and select Edit Claim Issuance Policy.
Select Add Rule > Claim Rule > Send LDAP Attributes as Claims.
Input a Claim Rule Name.
In the Attribute Store, select Active Directory. Map the LDAP attributes to the corresponding outgoing claim types as shown in the table below:
Select Finish.
Select Edit Rule > View Rule Language. Copy the Claim URLs for later use in configuring your Cinchy appsettings.json
. It should look like the following:
Press OK to confirm and save.
Note: Please ensure that the configurations below are case-sensitive and align exactly with those in your SAML IdP setup.
Retrieve and save the Federation Metadata XML file from the following location: https://{your.ADFS.server}/FederationMetadata/2007-06/FederationMetadata.xml
.
If needed, use IIS Manager to establish an HTTPS connection for the Cinchy website.
Also establish an HTTPS connection for the SSO site. Make sure the port number aligns with the one specified in the login URL.
You will need to refer to the Rule Language URLs you copied from the ADFS Configuration. Replace the placeholders below with your own URLs:
Insert the following lines within the <appSettings>
section of your web.config
file. Make sure to replace the {your.cinchy.url}
and {your.cinchysso.url}
with your Cinchy and Cinchy SSO values.
This guide serves as a walkthrough of how to deploy v5 on IIS.
Cinchy version 5 on IIS comes bundled with common components such as Connections, Meta Forms, and the Event Listener. This page details the configuration and deployment instructions for the Cinchy Platform, including SSO. Click on the links below to be taken to the appropriate pages for other components:
Ensure that you review the prior to performing an IIS Deployment, including downloading all necessary artifacts from the
Please contact if you do not have the credentials required to access the artifacts table.
Step 1 of this guide refers to the SQL Server. Step 2 onwards refers to the Web Server.
On your SQL Server 2017+ instance, create a new database named Cinchy (or any other name you prefer).
If you choose an alternate name, in the remaining instructions wherever the database name is referenced, replace the word Cinchy with the name you chose.
A single user account with db_owner privileges is required for the Cinchy application to connect to the database. If you choose to use Windows Authentication instead of SQL Server Authentication, the account that is granted access must be the same account under which the IIS Application Pool runs.
On the Windows Server machine, launch an instance of PowerShell as Administrator.
Run the below commands to create the application pool and set its properties.
3. If you chose to use Windows Authentication in the database or want to run the application under a different user account, execute the below commands to change the application pool identity.
You may use an alternate application pool name (i.e. instead of Cinchy) if you prefer.
Run the below commands in the Administrator instance of PowerShell to create directories for the application logs. Ensure your application pool account has write access to these directories.
Open the C:\CinchySSO\appsettings.json file in a text editor and update the values below.
1. Under AppSettings section, update the values outlined in the table.
2. Wherever you see <base url> in the value, replace this with the actual protocol (i.e. http or https) and the domain name (or ip address) you plan to use.
Ex:. if you're using https with the domain app.cinchy.co, then <base url> should be replaced with https://app.cinchy.co
4.18.0+ includes session expiration based on the CinchyAccessTokenLifetime. So for the default of "7.00:00:00", this means that if you have been inactive in Cinchy for 7 days, your session will expire and you will need to log in again.
In order for the application to connect to the database, the "SqlServer" value needs to be set.
Find and update the value under the "ConnectionStrings" section:
Example:
Under the "ExternalIdentityClaimSection" section you'll see the following values.
These values are used for SAML SSO. If you are not using SSO, keep these values as blank
There is a "serilog" property that allows you to configure where it logs to. In the below code, update the following:
"Name" must be set to "File" so it writes to a physical file on the disk.
Set "path" to the file path to where you want it to log.
This configuration makes a log every day (defined by the "rollingInterval" value) and keeps your file count to 30 (defined by the "retainedFileCountLimit" value).
Navigate to C:\Cinchy
Navigate to the appsettings.json file and update the following properties:
In order for the application to connect to the database, the "SqlServer" value needs to be set.
Find and update the value under the "ConnectionStrings" section:
Example:
There is a "serilog" property that allows you to configure where it logs to. In the below code, update the following:
"Name" must be set to "File" so it writes to a physical file on the disk.
Set "path" to the file path to where you want it to log.
This configuration makes a log every day (defined by the "rollingInterval" value) and keeps your file count to 30 (defined by the "retainedFileCountLimit" value).
Open an administrator instance of PowerShell
Execute the below commands to create the IIS applications and enable anonymous authentication. (This is required in order to allow authentication to be handled by the application)
To enable HTTPS, the server certificate must be loaded and the standard IIS configuration completed at the Web Site level to add the binding.
Access the <base url>/Cinchy (e.g. http://app.cinchy.co/Cinchy) through Google Chrome.
Once the login screen appears, enter the credentials:
The default username is admin and the password is cinchy.
You will be prompted to change your password the first time you log in.
Navigate to the following sub-pages to deploy the following bundled v5 components:
This page details the instructions for upgrading your Cinchy platform to v5.5 on Kubernetes
When it comes time to upgrade your various components, you can do so by following the below instructions.
Warning: There is a mandatory upgrade for this release that requires you to run the Cinchy Upgrade Utility.
Additionally, If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.5, you must first run a mandatory process (Upgrade 5.2) and deploy version 5.2. Once complete, you can continue on with your 5.5 upgrade.
If you are upgrading from Cinchy v5.3 or lower to Cinchy v5.5 on an SQL Server Database, you will need to make a change to your connectionString. Adding will allow you to bypass the certificate chain during validation.
For a Kubernetes deployment, you can add this value in your deployment.json file:
Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column (Image 1). For this upgrade, please download the Cinchy v5.5 k8s-template.zip file.
Navigate to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
Navigate to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it is not commented then please keep it as it is. Changing this will delete your Argocd namespace, which will force you to delete everything from Kubernetes and redeploy.
Navigate to your cinchy.terraform repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Navigate to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented and your deployment.json.
Open the new Cinchy v5.4 k8s-template.zip file you downloaded from the Cinchy Releases table and check the files into their respective cinchy.kubernete, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories.
Navigate to the new aws.json/azure.json files and compare them with your current deployment.json file. Any additional fields in the new aws.json/azure.json files should be added to your current deployment.json.
Note that you may have changed the name of the deployment.json file during your original platform deployment. If so, ensure that you swap up the name wherever it appears in this document.
Starting in Cinchy v5.4, you will have the option between Alpine or Debian based image tags for the listener, worker, and connections. Using Debian tags will allow a Kubernetes deployment to be able to connect to a DB2 data source, and that option should be selected if you plan on leveraging a DB2 data sync.
When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
"5.x.x" - Alpine
"5.x.x-debian" - Debian
Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:
Commit all of your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.
Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy ArgoCD:
If there were any change to the cluster components, execute the following command from the cinchy.argocd repository:
If there were any change to the Cinchy instance, execute the following command from the cinchy.argocd repository:
Log in to your ArgoCD application console and refresh the apps to ensure that all changes were picked up.
In a Kubernetes deployment,
In a Kubernetes deployment on AWS, you can
In a Kubernetes deployment on Azure, you can
In an IIS Deployment, you can
Retrieve the Upgrade Utility from the if you haven't already.
6.
1. In a Kubernetes deployment,
Right-click on Relying Party Trust > Properties. Move to the Advanced tab and select SHA-256 as the secure hash algorithm.
Unzip the "Cinchy vX.X" application package (for the Cinchy Platform) that you downloaded from the into your C drive. This will create 2 directories, C:\Cinchy and C:\CinchySSO. Ensure your application pool accounts has read and execute access to these directories (default accounts are IIS AppPool\CinchyWeb and IIS AppPool\CinchySSO).
If you are deploying Cinchy v5.4+ on an SQL Server Database, you will need to make an addition to your connectionString. Adding will allow you to bypass the certificate chain during validation.
If you are deploying Cinchy v5.4+ on an SQL Server Database, you will need to make an addition to your connectionString. Adding will allow you to bypass the certificate chain during validation.
To avoid users from having to access the application at a url that contains /Cinchy, you can use a downloadable IIS extension called URL Rewrite to remap requests hitting the <base url> to <base url>/Cinchy. The extension is available .
Perform this step only If you are upgrading to 5.5 on an SQL Server Database and did not already make this change in any previous updates. Navigate to your cinchy_instance_configs section > database_connection_string, and add in the following value to the end of your string:
-d
Mandatory. "Database type". This can be either "TSQL" or "PGSQL".
-s
Mandatory. "Connection String". You must provide the unencrypted connection string for your database.
-v
Mandatory. This specifies the upgrade version that you wish to deploy. Ex: specifying "5.2" will run the 5.2 upgrade.
-c
Optional and not recommended to be used on your first run of the utility. This "clean up" value will delete any extra metadata the application created on the database
User-Principal-Name
Name ID
SAM-Account-Name
sub
Type sub
manually to avoid auto complete
Given-Name
Given Name
Required for Auto User Creation
Surname
Surname
Required for Auto User Creation
E-Mail-Address
E-Mail Address
Required for Auto User Creation
Is-Member-Of-DL
Role
Required for Auto User Creation
CinchyLoginRedirectUri
URL of the user login redirect
https://{your.cinchysso.url}/Account/LoginRedirect
CinchyPostLogoutRedirectUri
URL of the user post-logout redirect
https://{your.cinchy.url}
CertificatePath
Path to Cinchy SSO certificate
{Path/to/CinchySSO}\\cinchyidentitysrv.pfx
SAMLClientEntityId
Relying Party Identifier from earlier-configured Relying Party Trust
SAMLIDPEntityId
Entity ID for SAML IdP, found in FederationMetadata.xml
http://{your.AD.server}/adfs/services/trust
SAMLMetadataXmlPath
Location of saved FederationMetadata.xml from Initial setup
SAMLSSOServiceURL
URL path in Domain Controller's in-service endpoints
https://{your.AD.server}/Saml2/Acs
AcsURLModule
/Saml2
MaxRequestHeadersTotalSize
Maximum header size in bytes; adjustable if default is insufficient
MaxRequestBufferSize
Should be equal to or larger than MaxRequestHeadersTotalSize
MaxRequestBodySize
Maximum request body size in bytes (use -1
for default; usually no need to change)
CinchyUri
<base url>/Cinchy
CertificatePath
Adjust the certificate path to point to the CinchySSO v5 folder. Ex: C:\CinchySSO\\cinchyidentitysrv.pfx
StsPublicOriginUri
The Base URL used by the .well-known discovery.
Ex: <base url>/cinchySSO
StsPrivateOriginUri
The Private Base URL used by the .well-known discovery. Ex: <base url>/cinchySSO
CinchyAccessTokenLifetime
The duration for the Cinchy Access Token. This determines how long a user can be inactive until they need to re-enter their credentials.
In Cinchy v5.4+ it defaults to "7.00:00:00", i.e. 7 days.
DB Type
Either "PostgreSQL" or "TSQL"
SAMLClientEntityId
Client Entity Id
SAMLIDPEntityId
Identity Provider Entity Id
SAMLMetadataXmlPath
Identity Provider metadata XML file path
SAMLSSOServiceURL
Configure service endpoint for SAML authentication
AcsURLModule
This parameter is needs to be configured as per your SAML ACS URL. For example, if your ACS URL looks like this - "https:///CinchySSO/identity/AuthServices/Acs", then the value of this parameter should be "/identity/AuthServices"
ExternalIdentityClaim > FirstName > ExternalClaimName
ExternalIdentityClaim > LastName > ExternalClaimName
ExternalIdentityClaim > Email > ExternalClaimName
ExternalIdentityClaim -> MemberOf -> ExternalClaimName
StsPrivateAuthorityUri
This should match your private Cinchy SSO URL. Ex: <baseURL>/CinchySSO
StsPublicAuthorityUri
This should match your public Cinchy SSO URL. Ex: <baseURL>/CinchySSO
CinchyPrivateUri
This should match your private Cinchy URL. Ex: <baseURL>/Cinchy
CinchyPublicUri
This should match your public Cinchy URL. Ex: <baseURL>/Cinchy
UseHttps
This is "true" by default.
DB Type
Either "PostgreSQL" or "TSQL"
“MaxRequestBodySize”
This capability was introduced in Cinchy v5.4
This configurable property to allow you to set your own file upload size for the Files API, should you wish. It is defaulted to 1G.
5.2
5.5
Cinchy SSO URL
The URL of your Cinchy SSO instance
{your.cinchysso.url}
Cinchy URL
The URL of your main Cinchy instance
{your.cinchy.url}
Cinchy SSO Installation Path
Directory where CinchySSO files are located
{Path/to/CinchySSO}
ADFS Server
The URL of your ADFS server
{your.ADFS.server}
This page will guide you through how to update your AWS EKS Kubernetes version for your Cinchy v5 platform.
This page will guide you through how to update your AWS EKS Kubernetes version for your Cinchy v5 platform.
Update your Cinchy platform to the latest version.
Confirm the latest Cinchy supported version of EKS. You can find the version number in the cinchy.devops.automations\aws-deployment.json as "cluster_version": "1.xx".
You must upgrade your EKS sequentially. For example, if you are on EKS cluster version 1.22 and wish to upgrade to 1.24, you must upgrade from 1.22 > 1.23 > 1.24.
Navigate to your cinchy.devops.automations\aws-deployment.json file.
Change the cluster_version key value to the EKS version you wish to upgrade to. (Example: "1.24")
Open a shell/terminal and navigate to the cinchy.devops.automations directory location.
Execute the following command:
Commit changes for all the repositories (cinchy.argocd, cinchy.kubernetes, cinchy.terraform and cinchy.devops.automation).
Open a new shell/terminal and navigate to the cinchy.terraform\aws\eks_cluster\CLUSTER_NAME directory location.
Execute the following command:
Verify the changes are as expected and then accept.
This process will first upgrade the managed master node version and then the worker nodes. During the upgrade process, existing pods get migrated to new worker nodes and all pods will get migrated to new upgraded worker nodes automatically.
The below two commands can be used to verify that all pods are being migrated to new worker nodes.
To show both old and new nodes:
To show all the pods on the new worker nodes and the old worker nodes.
For EKS version 1.24, the metrics server goes into a crashed loop status. Reinstalling the metrics server will fix this, should you encounter this during your upgrade.
In a code editor, open the cinchy.terraform\aws\eks_cluster\CLUSTER_NAME\new-vpc.tf or existing-VPC.tf file.
Find the enable_metrics_server key and mark its value to false.
Open a new shell/terminal and navigate to the cinchy.terraform\aws\eks_cluster\CLUSTER_NAME file.
Run the below command to remove metrics server.
Revert the enable_metrics_server key value from step 1 to true.
Run the below command within the same shell/terminal as step 3 to deploy metrics server with
The Kubernetes project runs a community-owned image registry called registry.k8s.io in which to host its container images. On April 3rd, 2023, the registry k8s.gcr.io was deprecated and no further images for Kubernetes and related subprojects are being pushed to this location.
Instead, there is a new registry: registry.k8s.io.
New Cinchy Deployments: this change will be automatically reflected in your installation.
For Current Cinchy Deployments: please follow the instructions outlined in this upgrade guide to ensure your components are pointed to the correct image repo.
You can review the full details on this change here: https://kubernetes.io/blog/2023/02/06/k8s-gcr-io-freeze-announcement/
In a shell/terminal, run the below command to get a list of all the pods that are pointing to the old registry: k8s.gcr.io. These will need to be updated to point to the new image registry.
Once you find which pods are using old image registry, you need to update its deployment/daemonset/stateful set with new registry.k8s.io registry. Find the right resource type for your pods with below command:
Once you have your pod name and resource type, run the below command to open the manifest file in an editor:
The below command uses the autoscaler as an example. You will want to propagate the command with your correct pod and resource type.
In the editor, find any instances of k8s.gcr.io and replace it with registry.k8s.io.
Save and close the file.
Repeat steps 3-5 for the rest of your pods until they are all pointing to the correct registry.
This page details the upgrade process for Cinchy v4.x to v5.x on IIS.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.2 or higher, please see the Mandatory Upgrade from INT to BigInt and follow the directives on that page.This process can be run when upgrading your IIS v4 instance to any v5+ instance
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in steps 3.2.2 and 3.3.2. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
Follow this guide to take a backup of your database.
Extract the new build for the version you wish to upgrade to.
Open the C:\CinchySSO\appsettings.json file in a text editor and update the values below.
1. Under AppSettings section, update the values outlined in the table.
2. Wherever you see <base url> in the value, replace this with the actual protocol (i.e. http or https) and the domain name (or ip address) you plan to use.
Ex:. if you're using https with the domain app.cinchy.co, then <base url> should be replaced with https://app.cinchy.co
CinchyUri
<base url>
CertificatePath
Adjust the certificate path to point to the CinchySSO v5 folder. C:\CinchySSO\cinchyidentitysrv.pfx
StsPublicOriginUri
Base URL used by the .well-known discovery. If left blank will match the request URL.
<base url>/cinchysso
CinchyAccessTokenLifetime
Duration for the Cinchy Access Token. This determines how long a user can be inactive until they need to re-enter their credentials. It defaults to "0.00:30:00"
DB Type
Set this to "TSQL"
4.18.0+ includes session expiration based on the CinchyAccessTokenLifetime. So for the default of "0.00:30:00", this means that if you have been inactive in Cinchy for 30 minutes, your session will expire and you will need to log in again.
SAMLClientEntityId
Client Entity Id
SAMLIDPEntityId
Identity Provider Entity Id
SAMLMetadataXmlPath
Identity Provider metadata XML file path
SAMLSSOServiceURL
Configure service endpoint for SAML authentication
AcsURLModule
This parameter is needs to be configured as per your SAML ACS URL. For example, if your ACS URL looks like this - "https:///CinchySSO/identity/AuthServices/Acs", then the value of this parameter should be "/identity/AuthServices"
In order for the application to connect to the database, the "SqlServer" value needs to be set.
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
Ensure your database type is set to TSQL.
Find and update the value under the "ConnectionStrings" section:
SQL Server Authentication Example:
SQL Server Windows Authentication Example:
Under the "ExternalIdentityClaimSection" section you'll see the following values.
These values are used for SAML SSO. If you are not using SSO, keep these values as blank
ExternalIdentityClaim > FirstName > ExternalClaimName
ExternalIdentityClaim > LastName > ExternalClaimName
ExternalIdentityClaim > Email > ExternalClaimName
ExternalIdentityClaim -> MemberOf -> ExternalClaimName
There is a "Serilog" property that allows you to configure where it logs to. In the below code, update the following:
"Name" must be set to "File" so it writes to a physical file on the disk.
"Path" must be set to the file path to where you want it to log.
Navigate to C:\Cinchy
Delete the appsettings.Development.json
Navigate to the appsettings.json file and update the following properties:
StsAuthorityUri
This should match your Cinchy SSO URL
UseHttps
This is "false" by default.
DB Type
Set this to "TSQL"
In order for the application to connect to the database, the "SqlServer" value needs to be set.
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in steps . Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
Ensure your database type is set to TSQL
Find and update the value under the "ConnectionStrings" section:
SQL Server Authentication Example:
SQL Server Windows Authentication Example:
There is a "Serilog" property that allows you to configure where it logs to. In the below code, update the following:
"Name" must be set to "File" so it writes to a physical file on the disk.
"Path" must be set to the file path to where you want it to log.
You can also use an alternative setting if you want to have rolling log files with retention settings by adding in the following parameters:
Your full "Serilog" property, if you choose to use the alternative settings, would look like this, inputting your own variables as required:
Open your Internet Information Services (IIS) Manager.
Navigate to Connections > Sites.
Right click on the Cinchy site and select Manage Application > Advanced Settings.
Change the Cinchy folder path to that of the version you're deploying.
Right click on the CinchySSO site and select Manage Application > Advanced Settings
Ensure that both Applications Pools for Cinchy and CinchySSO have their .NET CLR Versions set to No Managed Code.
Change the Cinchy SSO folder path to that of the version you're deploying.
Execute the following command:
9. Execute the following command:
10. Open your Cinchy URL in your browser.
Because Cinchy v5 creates new tables and assets in the background upon initialization, this first startup may take longer to fully load than usual.
11. Ensure that you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
This page details the process for upgrading your AKS instance once you've deployed Cinchy v5 on Kuubernetes.
AKS (Azure Kubernetes Service) is a managed K8 service used when deploying Cinchy v5 over Azure. Once you have deployed your v5 instance of Cinchy, you may want to upgrade your AKS to a newer version. You can do so with the below guide.
Before proceeding for the AKS version upgrade, ensure that you have enough IP address space, as this process will need to start new nodes and pods.
You will need more than 1024 IP addresses in total when you have single Cinchy instance/environment.
If you have limited IP address space, you can upgrade the master node and then the worker node pools one by one.
Before proceeding, make sure to check with Cinchy support which versions of Kubernetes are supported by this process.
Navigate to your ArgoCD Dashboard.
Find and click on your Istio app > disable auto-sync.
Find and click on your Istio-ingress app > disable auto-sync.
Open a terminal and run the following command to get the currently available Kubernetes versions for AKS, inputting your AKS cluster name and resource group where specified:
5. Within your cinchy.devops.automations folder/repo, navigate to the deployment-azure.json file and change the values for kubernetes_version
and orchestrator_version
to the currently available Kubernetes version found in step 4.
6. Within the cinchy.devops.automations folder/repo, run the following command to push your new values:
7. Within your cinchy.terraform/azure/aks_cluster/ directory, run bash create.sh
and accept the change.
8. AKS has three node pools, one node pool per availability zone. Terraform will now start the upgrade of the master node and the zone1 node pool.
9. Verify which nodes that the istio-ingressgateway and istiod pods are running on with below command.
10. In the output you will see aks-zone1/2/3-xxxxx under the Nodes column.
If one or both pods are running on aks-zone1-xxxxx then you need to scale up replicas 2 by following steps 12-14. If not, skip to step 15.
11. Use the following command to start replica on zone2 or zone3 nodes; once you scale down it will terminate from zone1 upgrading nodes.
12. Verify that new pods are running on other node pool by running the following command:
13. Run the following command to scale it back. This will remove the pod from cordoned node:
14. Once Maser node and zone1 upgrade is done, you will see a message such as:
15. The Terraform script will continue with the zone2 and zone3 node pool upgrade. You will see messages like the below when thee zone2 and zone3 node pool upgrade is in process:
16. Repeat steps 11-13. This will make sure that istio-ingressgateway and istiod are running on zone1 nodes.
17. Return to your ArgoCD dashboard and re-enable the auto sync for Istio and Istio-ingress apps auto sync on argocd dashboard.
When it comes time to upgrade your various components, you can do so by updating the version number in your configuration files and applying the changes in ArgoCD.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.2, please review and follow the directives for Upgrade 5.2.
Navigate to your cinchy devops.automation repository
Navigate to your deployment.json (You may have renamed this during your original Kubernetes deployment)
In the cinchy_instance_configs section, navigate to the image tags. Replace the version number with the instance that you wish to deploy (Ex: v5.1.0 > 5.2.0).
2. Rerun the deployment script by using the following command in the root directory of your devops.automations repo:
3. Commit and push your changes.
If your environment is not set-up to automatically apply upon configuration, complete the following the apply the newest version:
Navigate to the ArgoCD portal.
Refresh your component(s). If that does not work, re-sync.
When it comes time to upgrade your various components, you can do so by updating the version number in your configuration files and applying the changes in ArgoCD.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.3, you must first run a mandatory process (Upgrade 5.2) using the Cinchy Utility and deploy version 5.2. Once complete, you can continue on with your 5.3 upgrade.
Navigate to your cinchy devops.automation repository
Navigate to your deployment.json (You may have renamed this during your original Kubernetes deployment)
In the cinchy_instance_configs section, navigate to the image tags. Replace the version number with the instance that you wish to deploy (Ex: v5.2.0 > 5.3.0).
2. Rerun the deployment script by using the following command in the root directory of your devops.automations repo:
3. Commit and push your changes.
If your environment is not set-up to automatically apply upon configuration, complete the following the apply the newest version:
Navigate to the ArgoCD portal.
Refresh your component(s). If that does not work, re-sync.
When it comes time to upgrade your various components, you can do so by following the below instructions.
Warning: Upgrading to v5.4 will require you to take your Cinchy platform offline. We recommend you perform this upgrade during off-peak hours
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.4, you must first run a mandatory process (Upgrade 5.2) using the Cinchy Utility and deploy version 5.2. Once complete, you can continue on with your 5.4 upgrade.
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
For a Kubernetes deployment, you can add this value in your deployment.json file:
Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column (Image 1). For this upgrade, please download the Cinchy v5.4 k8s-template.zip file.
Turn off your Cinchy platform. In a Kubernetes deployment, you can do so via ArgoCD.
Navigate to your cinchy.argocd repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Navigate to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it is not commented then please keep it as it is. Changing this will delete your Argocd namespace, which will force you to delete everything from Kubernetes and redeploy.
Navigate to your cinchy.terraform repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Navigate to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and any custom changes you may have implemented.
Open the new Cinchy v5.4 k8s-template.zip file you downloaded from the Cinchy Releases table.
Navigate to the new aws.json/azure.json files and compare them with your current deployment.json file. Any additional fields in the new aws.json/azure.json files should be added to your current deployment.json.
Note that you may have changed the name of the deployment.json file during your original platform deployment. If so, ensure that you swap up the name wherever it appears in this document.
Starting in Cinchy v5.4, you will have the option between Alpine or Debian based image tags for the listener, worker, and connections. Using Debian tags will allow a Kubernetes deployment to be able to connect to a DB2 data source, and that option should be selected if you plan on leveraging a DB2 data sync.
When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
"5.x.x" - Alpine
"5.x.x-debian" - Debian
3. Perform this step only If you are upgrading to 5.4+ on an SQL Server Database. Navigate to your cinchy_instance_configs section > database_connection_string, and add in the following value to the end of your string: TrustServerCertificate=True
Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:
Commit all of your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.
Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy ArgoCD:
If there were any change to the cluster components, execute the following command from the cinchy.argocd repository:
If there were any change to the Cinchy instance, execute the following command from the cinchy.argocd repository:
Log in to your ArgoCD application console and refresh the apps to ensure that all changes were picked up.
Turn your platform back on. In a Kubernetes deployment, you can do so via Argo CD
When the new version is started for the first time, one node is made responsible for the migration of the entire database. This process can take upwards of 30 minute to complete and your system will be unavailable during this time.
This page details the instructions for upgrading your Cinchy platform to v5.6 on Kubernetes
When it comes time to upgrade your various components, you can do so by following the below instructions.
If you have made custom changes to your deployment file structure, please contact your Support team prior to upgrading your environments.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.2) using the Cinchy Utility and deploy version 5.2.
If you are upgrading from Cinchy v5.3 or lower to Cinchy v5.6 on an SQL Server Database, you will need to make a change to your connectionString. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
For a Kubernetes deployment, you can add this value in your deployment.json file:
Warning: If you are upgrading from Cinchy v5.4 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.5) using the Cinchy Utility and deploy version 5.5.
Download the latest Cinchy Artifacts from the Cinchy Releases Table > Kubernetes Artifacts column (Image 1). For this upgrade, please download the Cinchy v5.6 k8s-template.zip file.
Review the template changes for this upgrade.
Navigate to your cinchy.argocd repository. Delete all existing folder structure except for the .git folder/directory and any custom changes you may have implemented.
Navigate to your cinchy.kubernetes repository. Delete all existing folder structure except for the .git file.
If you have cinchy.kubernetes\cluster_components\servicemesh\istio\istio-injection\argocd-ns.yaml file and it is not commented then please keep it as it is. Changing this will delete your Argocd namespace, which will force you to delete everything from Kubernetes and redeploy.
Navigate to your cinchy.terraform repository. Delete all existing folder structure except for the .git file.
Navigate to your cinchy.devops.automation repository. Delete all existing folder structure except for the .git file and your deployment.json.
Open the new Cinchy v5.6 k8s-template.zip file you downloaded from the Cinchy Releases table and check the files into their respective cinchy.kubernete, cinchy.argocd, cinchy.terraform and cinchy.devops.automation repositories.
Navigate to the new aws.json/azure.json files and compare them with your current deployment.json file. Any additional fields in the new aws.json/azure.json files should be added to your current deployment.json.
Note that you may have changed the name of the deployment.json file during your original platform deployment. If so, ensure that you swap up the name wherever it appears in this document.
Starting in Cinchy v5.4, you will have the option between Alpine or Debian based image tags for the listener, worker, and connections. Using Debian tags will allow a Kubernetes deployment to be able to connect to a DB2 data source, and that option should be selected if you plan on leveraging a DB2 data sync.
When either installing or upgrading your platform, you can use the following Docker image tags for the listener, worker, and connections:
"5.x.x" - Alpine
"5.x.x-debian" - Debian
Perform this step only If you are upgrading to 5.6 on an SQL Server Database and did not already make this change in any previous updates.
Navigate to your cinchy_instance_configs section > database_connection_string, and add in the following value to the end of your string: TrustServerCertificate=True
Open a shell/terminal from the cinchy.devops.automations directory and execute the following command:
Commit all of your changes (if there were any) in each repository.
If there were any changes in your cinchy.argocd repository you may need to redeploy ArgoCD.
Launch a shell/terminal with the working directory set to the root of the cinchy.argocd repository.
Execute the following command to deploy ArgoCD:
If there were any change to the cluster components, execute the following command from the cinchy.argocd repository:
If there were any change to the Cinchy instance, execute the following command from the cinchy.argocd repository:
Log in to your ArgoCD application console and refresh the apps to ensure that all changes were picked up.
The AWS EKS version has been upgraded to support up to v1.24.
We have added support for AWS EKS EBS volume encryption. By default EKS worker nodes will have gp3 storage class.
For current Cinchy environments you must keep your eks_persistent_apps_storage_class to gp2 in your devops automation aws.json file.
If you want to move to gp3 storage or gp3 storage and volume encryption, you will have to delete any existing volumes/pvc's for Kafka, Redis, Opensearch, Logging Operator and Event Listener with statefulset. This ensures that ArgoCD will take care of recreation of resources.
If your Kafka cluster pods are not coming back you must restart your Kafka operators.
You can verify the change by running the following command: "kubectl get pvc --all-namespaces".
The Connections app has changed from StatefulSet to Deployment. The persistence volume has changed to emptyDir.
We have modified the replica count from 1 to 2 for istiod and istio ingress.
We have disabled the ArgoCD namespace: istio injection.
If this is already enabled on your environment you may keep it as is, i.e. keeping the cinchy.kubernetes/cluster_components/servicemesh/istio/istio-injection/argocd-ns.yaml file as it is without commenting content in it.
The Istio namespace injection has been removed.
If this is already enabled on your environment please keep it as is -- otherwise it will force you to redeploy all of your Kubernetes application components.
We have upgraded the AWS Secret Manager CSI Driver to the latest version due to crashing pods.
We have added support for the EKS EBS CSI driver in lieu of using in-tree EBS storage plugin.
We have changed the EKS Metrics server port number in order to support newer versions of Kubernetes.
We have set fixed AWS Terraform providers version for all components.
We have installed the cluster autoscaler from local charts instead of remote charts.
The deprecated azurerm_sql_server Terraform resource has been changed to azurerm_mssql_server
The deprecated azurerm_sql_database resource has been changed to azurerm_mssql_database
The deprecated azurerm_sql_failover_group has been changed to azurerm_mssql_failover_group
The deprecated azurerm_sql_firewall_rule has been changed to azurerm_mssql_firewall_rule
This page details the upgrade process for Cinchy v5.3 on IIS.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.3, you must first run a mandatory process (Upgrade 5.2) using the Cinchy Utility and deploy version 5.2. Once complete, you can continue on with your 5.3 upgrade.
The following process can be run when upgrading any v5.x instance to Cinchy v5.3 on IIS.
Take a backup of your database.
Extract the new build for the version you wish to upgrade to.
Merge the following configs with your current instance configs:
Cinchy/web.config
Cinchy/appsettings.json
CinchySSO/appsettings.json
CinchySSO/web.config
Execute the following command:
3. Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
4. Execute the following command:
5. Open your Cinchy URL in your browser.
6. Ensure you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
This page details the upgrade process for Cinchy v5.4 on IIS.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.4, you must first run a mandatory process (Upgrade 5.2) using the Cinchy Utility and deploy version 5.2. Once complete, you can continue on with your 5.4 upgrade.
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in your SSO and Cinchy appsettings. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
The following process can be run when upgrading any v5.x instance to v5.4 on IIS.
Take a backup of your database.
Extract the new build for the version you wish to upgrade to.
Merge the following configs with your current instance configs:
Cinchy/web.config
Cinchy/appsettings.json
CinchySSO/appsettings.json
CinchySSO/web.config
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in both your SSO and Cinchy appsettings. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
Execute the following command:
4. Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
5. Execute the following command:
6. Open your Cinchy URL in your browser.
7. Ensure you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
This page details the upgrade process for Cinchy v5.1 on IIS.
The following process can be run when upgrading from v5.0 to v5.1 on IIS.
Take a backup of your database.
Extract the new build for the version you wish to upgrade to.
Merge the following configs with your current instance configs:
Cinchy/web.config
Cinchy/appsettings.json
CinchySSO/appsettings.json
CinchySSO/web.config
Execute the following command:
3. Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
4. Execute the following command:
5. Open your Cinchy URL in your browser.
6. Ensure you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
This page details the upgrade process for Cinchy v5.2 on IIS.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.2 or higher, you must run a mandatory process (Upgrade 5.2) using the Cinchy Utility.
The following process can be run when upgrading any v5.x instance to v5.2 on IIS.
Take a backup of your database.
Extract the new build for the version you wish to upgrade to.
Merge the following configs with your current instance configs:
Cinchy/web.config
Cinchy/appsettings.json
CinchySSO/appsettings.json
CinchySSO/web.config
Execute the following command:
3. Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
4. Execute the following command:
5. Open your Cinchy URL in your browser.
6. Ensure you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
This page provides an overview of the role of the End User in Cinchy.
The “End-Users” of the Cinchy platform are those that apply the functionalities created by the “Cinchy Builders” to their business objectives. This can be employees, customers, partners, or systems. There are two types of end-user: direct and indirect.
Direct Users log into Cinchy via the data browser
Indirect Users (also commonly referred to as "external users") view/edit data via a third-party application/page that connects to Cinchy via API
All Builders are also End-Users, but not all End-Users are Builders.
Cinchy End-Users are able to:
Create and save personal queries. Unlike traditional saved queries made by builders, personal saved queries cannot be shared and are not auto-exposed as APIs.
Use Tables, Saved Queries, and Experiences created by
Track version history for the full lifecycle of data
Bookmark and manage data
Access data through application experiences
An end-user can be part of the
Cinchy’s Dataware platform features a Universal Data Browser that allows users to view, change, analyze, and otherwise interact with all data on the network. The Data Browser even enables non-technical business users to manage and update data, build models, and set controls, all through an easy and intuitive UI.
Data on the network is protected by cellular-level access controls, data-driven entitlements, and superior data governance. This means that users can only view, edit, or operationalize data that has been granted access to from the data owner (Image 1).
All data is automatically version-controlled and can easily be reverted to previous states with the proper permissions. On all data tables, you can see changes made by users, systems, or external applications through Data Synchronization or by using a Collaboration Log (Image 2).
Users can easily access and run saved queries that are available to them through the Data Marketplace. All queries respect Universal Access Controls meaning you will only see the data that you have access to (Image 3).
Users can also access all accessible tables, queries, and applets through the Cinchy Marketplace. Here you can also order tiles and bookmark favourites (Image 4).
Users can also experience their data through custom application experiences that are created by Builders on the platform. All application experiences also respect Universal Access Controls meaning you will only be able to see the data you have been granted access.
Here is an example Experience (Image 5):
This page provides an overview of some of the important pieces of the data browser: the homepage, the login page, and the data network.
Cinchy officially supports Google Chrome and Mozilla Firefox browsers for accessing the data browser.
Once you log in to Cinchy, you'll be on the Homepage (Image 1). From here, you can navigate to a variety of tables, queries, and applets you have access to.
You can return to this page at any time by clicking the Cinchy logo in the top left corner.
All objects you have access to in your Marketplace (including bookmarks) are searchable and can be filtered by typing the partial or full name of the object you are searching for in the search bar (Image 2).
You can also search by object type by clicking on either Tables, Queries, or Experiences in the toolbar.
You can bookmark your most often used objects and rearrange them to your liking within your bookmarks.
To bookmark an object, select the star. The star will be yellow when bookmarked, and grey when not (Image 3).
The object will pop into your “Bookmark” section.To rearrange your bookmarks simply drag and drop the object into the desired order.
You "Network Map" shows a visualization of all tables in Cinchy you have access to and how they are all connected (Image 4).
Each of the coloured circles represents an object in Cinchy. The lines between them demonstrate the links between them.
You are able to search and open tables from this view using the search bar on the left (Image 5).
You can see what the network looked like in the past by clicking and dragging the pink circle along the timeline at the bottom.
In Cinchy v5.2 we added the ability to include new parameters on the URL path for your network visualizer in order to focus your node view. You can now add Target Node, Depth Level, and Max Depth Level Parameters, if you choose.
Example: <base url>/apps/datanetworkvisualizer?targetNode=&maxDepth=&depthLevel=
Target Node: Using the Target Node parameter defines which of your nodes will be the central node from which all connections branch from.
Target Node uses the TableID number, which you can find in the URL of any table.
Example: <base url>/apps/datanetworkvisualizer?targetNode=8 will show TableID 8 as the central node
Max Depths: This parameter defines how many levels of network hierarchy you want to display.
Example: <base url>/apps/datanetworkvisualizer?maxDepth=2 will only show you two levels of connections.
Depth Level: Depth Level is a UI parameter that will highlight/focus on a certain depth of connections.
Example: <base url>/apps/datanetworkvisualizer?DepthLevel=1 will highlight all first level network connections, while the rest will appear muted.
The below example visualizer uses the following URL (Image 6): <base url>/apps/datanetworkvisualizer?targetNode=8&maxDepth=2&depthLevel=1
It shows Table ID 8 ("Groups") as the central node.
It only displays the Max Depth of 2 connections from the central node.
It highlights the nodes that have a Depth Level of 1 from the central node.
You can upload a custom logo to appear on your platform login screen and homepage. You will need to have adamin access to do so.
Navigate to <base url>/admin/index
Scroll to the bottom of the admin panel and navigate to the “Upload Logo” button (Image 11).
3. Upload your logo
Once uploaded, your logo is stored in the System Properties table.
Navigate to the table and find the row with Name: Logo (Image 12)
3. Delete the Logo row to remove the logo.
This page outlines your user preferences.
Your Cinchy Profile has three (3) components that can be changed from user preferences:
My Photo
My Profile
My Password
To add a photo to your profile, complete the following (Image 1):
From My Network, click the avatar icon
Select My Profile
From the settings page click on the my photo image
Locate and upload your photo
From the settings page in the My Profile section you are able to update the language, region, and time zone (Image 2).
If you do not see the password option in my profile, you must be logging on to Cinchy using Single Sign-On and will not need to update your password within Cinchy.
To change your password, complete the following:
In the Old Password field, enter in your existing password
In the New Password field, enter a new password
In the Confirm New Password field, re-enter in your new password
This page details information about the Admin Panel on Cinchy.
You can view the admin panel of your Cinchy instance by This is only reachable if you are logged in as a user with admin access. The admin panel includes the following sections:
The Cinchy Healthcheck shows information about your system such as current version, IP Address, the system time, and your database status (Image 1).
This section shows a list of viewable log files from your system, as well as their size, creation time, and last modified time (Image 2).
When you upgrade to Cinchy v5 on Kubernetes you are creating a separate instance. You will need to plan the migration of your database, and then follow the
To upgrade from v4+ to v5+ on IIS,
If you choose to upgrade to Cinchy v5 on PostgreSQL, please review the following features that are not currently available in that deployment.
These may be implemented in future versions of the platform.
No Partitioning
No Geospatial
No Column Indexing
No Full Text Indexing
No Column Level Encryption
You may also wish to review the list of CQL functions currently unsupported in PGSQL. Please note that this is a living document and that the development team is actively working on function translations between databases. Make sure to check back for the most up to date information.
This page details the upgrade process for Cinchy v4.21 on IIS.
This process can be run when upgrading from a Cinchy version that is not v5.0+.
to take a backup of your database.
Extract thefor the version you wish to upgrade to.
Swap out the following configs with your current instance configs:
Cinchy/web.config
CinchySSO/appsettings.json
Log4net.config
Web.config
Execute the following command:
5. Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
6. Execute the following command:
7. Start Cinchy in your browser.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
The following process can be run when upgrading any v5.x instance to v5.5 on IIS.
Warning: There is a mandatory upgrade for this release that requires you to run the Cinchy Upgrade Utility.
Additionally, If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.5, you must first run a mandatory process (Upgrade 5.2) and deploy version 5.2. Once complete, you can continue on with your 5.5 upgrade.
If you are upgrading to 5.4+ on an SQL Server Database, you will need to make a change to your connectionString in your SSO and Cinchy appsettings. Adding will allow you to bypass the certificate chain during validation.
Ex:
Take a backup of your database.
Extract thefor the version you wish to upgrade to.
Merge the following configs with your current instance configs:
Cinchy/web.config
Cinchy/appsettings.json
CinchySSO/appsettings.json
CinchySSO/web.config
If you are upgrading to 5.5 on an SQL Server Database and did not do so in any previous updates, you will need to make a change to your connectionString in both your SSO and Cinchy appsettings. Adding will allow you to bypass the certificate chain during validation.
Ex:
Execute the following command:
4. Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
5. Execute the following command:
6. Open your Cinchy URL in your browser.
7. Ensure you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
The following process can be run when upgrading any v5.x instance to v5.6 on IIS.
Warning: If you are upgrading from Cinchy v5.1 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.2) and deploy version 5.2.
If you are upgrading from Cinchy v5.3 or lower to v5.5+ on an SQL Server Database, you will need to make a change to your connectionString in your SSO and Cinchy appsettings. Adding will allow you to bypass the certificate chain during validation.
Ex:
Warning: If you are upgrading from Cinchy v5.4 or lower to Cinchy v5.6, you must first run a mandatory process (Upgrade 5.5) and deploy version 5.5.
The upgrade of any version to Cinchy v5.6 requires changes to be made to various App Setting files. See section 1.2, step 3, for further details.
Take a backup of your database.
Extract thefor the version you wish to upgrade to.
Merge the following configs with your current instance configs:
Cinchy/web.config
Cinchy/appsettings.json
CinchySSO/appsettings.json
CinchySSO/web.config
If you are upgrading to 5.6 on an SQL Server Database and did not do so in any previous updates, you will need to make a change to your connectionString in both your SSO and Cinchy appsettings. Adding will allow you to bypass the certificate chain during validation.
Ex:
When upgrading to 5.6, you are required to make the following changes to various appsettings.json files:
Execute the following command:
Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
Execute the following command:
Open your Cinchy URL in your browser.
Ensure you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.
You can learn more about you Network Map
Your Cinchy password must conform to whatever
Log files in the Admin Panel are only visible on Cinchy deployments on IIS, or on a version prior to v5. In those cases, you will need to
Review the for information on uploading a logo.
This page details how Cinchy approaches Version Management within the platform.
Cinchy natively and automatically manages data versioning in the platform through the ‘always-on’ version tracking, collaboration logging, and recycle bin features (data restore).
Cinchy maintains a version history of all changes to every data element stored in Cinchy. The version history is queryable in Cinchy to accelerate analysis, and can also be viewed through the Collaboration Log, which tracks changes made by users, systems, or external applications (Image 1). When required, you can easily revert data to previous states using the Recycle Bin or the Revert button.
This section refers to data schemas/models, not data values themselves.
Your schema/data model version can also be managed when you are using multiple environments. For example, if you have a DEV environment and make a change to a table design (ex: changing a column name), you can export and deploy your data model to a PROD environment and Cinchy will intelligently consolidate and merge the schema changes to adhere to the latest version.
To export a table (i.e. your data model), navigate to the Design Table > Export button (Image 2). You can then import your data model into any other environment using the model loader (Image 3).
This functionality is achieved through the use and synchronization of GUIDs. Each data element in Cinchy (table, column, etc.) will have a matching GUID, which stays consistent even across multiple environments. That means that changes made in your source environment will automatically and accurately be applied once promoted to your higher environment.
A GUID (globally unique identifier) is a 128-bit text string that represents an identification (ID).
You can find the GUID for your object by navigating to the applicable System Table. Ex: Column GUIDs can be found in the Columns table (Image 4).
While you are able to manually export/import data models across environments, you may want to package up multiple objects (tables, queries, reference data, etc.) and push that all together between environments. This method still adheres to schema version control and management.
This can be accomplished using the Cinchy DXD Utility, which you can learn more about by reviewing the documentation here.
You now have the option to use personal access tokens (PATs) in Cinchy, which are alternatives to using passwords for authentication. Similar to Cinchy Bearer Tokens, you can use a Cinchy PAT to call the Cinchy API as your current user, meaning your associated access controls will be honoured as well. Cinchy PATs, however, have an expiration date of up to 1 year. A single user can have up to 5 PATs active at one time. See Authentication for details on using a PAT in lieu of a Bearer token.
From the Cinchy homepage, navigate to your User Settings > Tokens. Any tokens that you make will appear here. You will also be able to see any expired tokens.
Click “Generate New Token”.
Note: You can have up to 5 active (non-expired) tokens at a time. Once you reach that threshold, the “Generate New Token” button will not work.
3. Input the following information about your PAT and click Generate:
Token Name
Description
Expiration
4. Once generated, make sure to copy down the PAT somewhere secure. You will not be able to view the PAT again once you navigate away from this screen.
From the Cinchy homepage, navigate to your User Settings > Tokens. Any tokens that you make will appear here.
Click the “Delete” button next to the applicable PAT.
Cinchy PATs can be used in much the same way that Bearer tokens are used for in API authentication. I.E. in the Authorization header with the value: "Bearer <token>".
You may also wish to review the information on using PATs in Excel or PowerBI.
This page outlines some best practices for versioning.
This page details a few best practices concerning version history in Cinchy. These recommendations are important because they can help:
Minimize your database bloat/size.
Make it easier to parse through version history when there aren't hundreds of redundant records.
When doing any type of update statement, it is best practice to include an opposite “where” clause to avoid creating unnecessary history for unchanged values.
For example, if your update was “set name to Marc”, you would include a “where name does not already equal Marc”. Doing so prevents a redundant update in your version history.
When writing an update statement, run it more than once. If it results in an update each time, return to your query and troubleshoot.
This is especially relevant anywhere the statement can be run repeatedly, such as in APIs or Post Sync Scripts.
In data syncs, ensure that your data types are matched properly.
For example, if the source is text and the target is data, even if the values are the same, it will update and create unnecessary version history.
When performing a data sync, run it more than once. If it creates an update each time, return to your configuration and troubleshoot.
Queries are requests for information within Cinchy.
Cinchy Builders and Users have the capability to create ad-hoc queries, however only Cinchy Users can create saved queries. For more information on how to create queries, see creating a saved query.
Cinchy Users can execute pre-built queries based on their access.
You can find a list of saved queries on your network by navigating to the Saved Queries table (Image 1). You can then search the Cinchy homepage for the saved query in order to execute it.
You will need "Execute Access" for each Saved Query that you want to run. You can find this information in the Saved Queries table.
Once you have executed the query, click the Grid drop down list and select Pivot. Here is where you can take your standard table view and slice and dice your data (Image 2).
From within your pivot view, open the drop down list with the value “table” and select the type of chart you want to use to display the data (Image 3).
Once you have a desired visualization, that visualization can be made available for others as an applet in Cinchy. Grab the Pivot URL and send it to your Cinchy builder to create your mini applet that can be shared and leveraged!
To copy the Pivot URL to build have a visualization created, complete the following:
From within the Pivot, locate the blue Pivot URL
Click Pivot URL button
Click the Copy button
Send the copied URL to your Cinchy builder to create your applet that can be shared and leveraged!
You can also open that visualization by clicking Open in new tab.
This page goes over the several ways to work with (enter, update, remove, load and extract) data from Cinchy tables.
Users are only able to enter data into Cinchy based on their access. Users can also copy and paste data from external sources.
Users are only able to insert or delete rows based on their access. If you have the ability to insert and/or delete a row of data it will be visible when right-clicking on a row of data (Image 1).
Importing data allows you to add new rows of data into a table. If you wish to perform a sync instead please refer to the CLI. Importing data acts as a smart copy-and-paste of new data into an existing table.
Importing the first row of your CSV as a header row will match the headers to the column names within your table. Any columns that cannot be matched will be ignored as well as any columns you do not have edit permissions for.
Users can import data from a CSV file to an existing table in Cinchy. Importing data into a Cinchy table only adds records to the table. This type of importing of data does not update or append existing records
To import data into a table, complete the following:
From within the table, click the Import button on the top toolbar of the table (Image 2).
2. Click Choose File to locate and import your file.
3. Validate the imported columns and click next (Image 3).
4. Click the Import button
5. Click the OK button on the Import confirmation window
If there are import errors, click the download button next to Rejected Rows on the Import Succeeded with Errors window (Image 4).
You will get a file back with all the rejected rows, as well as the 2 columns added called ‘Cinchy Import Errors' and 'Cinchy Import Original Row Number’.
This provides a reference to the row number in the original file you imported in case you need to check it.
You can simply fix any errors in your error log followed by importing the error log since successful rows are omitted.
Users are only able to export data in CSV or TSV format. In tables with over 1000 records, you will need to export each page of data separately, or you can use the CLI to export your entire table at once.
When data is exported out of the network, it is now just a copy and no longer connected to Cinchy.
To export data from a table, complete the following:
From within the table, click the Export button in the table toolbar
Select the Export file type (CSV or TSV) (Image 5).
Open your file in Excel, or any other CSV software, to view.
Cinchy has the ability to have data change approvals turned on (configured by builders) when data is added or removed from a table view. A change approval process can be put into place for the addition or removal of specific data. If you have been identified as an "Approval" of data you will have the ability to:
approve a cell of data
approve a row of data
reject a row of data
To approve or reject a cell/row of data, complete the following:
Right-click on the desired row/cell
Select Approve row/cell or Reject row/cell
The Collaboration log is accessible from each and every table within Cinchy (including metadata). It allows you to see the version history of ALL changes that have been made to an individual row of data.
To access Cinchy’s Collaboration Log:
Open the desired table
Locate the desired row > Right Click > View Collaboration Log (Image 6).
Once the Collaboration Log is open you have the ability to view ALL changes with a version history for the row selected within the table.
Users have the ability to revert to a prior version of the record. To do so, click the Revert button for the desired version (Image 7).
There is a potential for a record to have a white coloured Revert button. This indicates that version record(s) are identical to the current version of the record in the table. Hovering over the Revert button will provide a tool-tip.
By default, Cinchy does not delete any data or metadata from within the Data Fabric.
Click here for more information on Data Erasure & Compression Policies in Cinchy
Audit Logging of data loaded into Cinchy via Data Synchronization such as batch or real-time using the Cinchy CLI, or through data changes by any Saved Queries exposed as APIs to external clients, is recorded the same way as if data is inputted into Cinchy by a User. All data synced into Cinchy will have corresponding line items in the Collaboration Log similarly to how it is handled when data is entered / modified in Cinchy by a User.
The Collaboration Log data is also stored within Cinchy as data, allowing the logs to be available for use through a query or for any downstream consumers. There are no separate performance considerations needed for the logs as it will rely on the Cinchy platform’s performance measures.
All data records that have been deleted are put into Cinchy’s Recycle Bin. Data that resides in the Recycle Bin can be restored if required.
To restore data from the recycle bin:
From the left-hand navigation, click Recycle Bin (Image 8)
2. Locate the row for restoring
3. Right-click and select Restore Row.
The restored row will now be visible in your table.
If Change Approvals are turned on, that row will need to be approved.
There are several table features that can be used to better view, collaborate and analyze the data in Cinchy tables.
When you first create a table, a default view called All Data will be created for you under Manage Data. Cinchy builders can create different views for users to manage their data in Cinchy where Views can be filtered and/or sorted according to the requirements.
To switch between views simply select the view from the left navigation toolbar under Manage Data (Image 1).
Users can filter data in a view for one or more columns. Filters persist when users navigate from one view to another. The number of filter criteria is identified against the filter icon (Image 2).
Users can add, remove or rearrange the columns in a view based on how they need the data represented in the View (Image 3).
Click Display Columns in the top toolbar
From the ‘Add a Column’ drop down, locate and select the appropriate column.
Ensure you click ‘Apply’ to save.
Click Display Columns in the top toolbar
Click the “X” to the right of the column name to remove.
Ensure you click ‘Apply’ to save.
Click Display Columns in the top toolbar
Drag the column to the appropriate location in the list of visible columns.
Ensure you click ‘Apply’ to save.
Display Columns do not persist. When you move away from the View, any modifications will be lost.
Users can sort data in a view for one or more columns. Sorting can be done by clicking on a column to sort in ascending or descending order (Image 4).
Sorting can also be done by clicking on the Sorting button and selecting the column(s) to be sorted and the order in which the sorting should occur (Image 5).
Sorting Columns do not persist, when you move away from the View any modifications will be lost.
Scrolling “Top” & “Bottom” allows you to jump from the top to the bottom of a view without scrolling (Image 6).
Row height can be either Collapsed or Expanded using the Row Height drop-down (Image 7).
In addition to the row height selection, you can also manually resize a row (or multiple rows if you select more of them). You can also double click on the default row number on the left to auto expand the row height.
Cinchy allows you to freeze and unfreeze a row/column similar to Excel.
Select the row/column for freezing/unfreezing
Right-click on the row and select Freeze/Unfreeze Row/Column from the menu (Image 8).
This page outlines a few common best practices when building in Cinchy.
Cinchy is built as a simple, business user friendly application. This means that you should use business friendly terms to name your tables and columns. For example, you want to name a column “Full Name” rather than full_name, fullName, fName etc.
Domains essentially act as folders to be able to organize your data. Generally you will want to split domains by business lines (ex. Sales, Marketing, Human Resources, Product Development). The key thing is to keep it consistent so users have a general idea where to go to find information.
You can add descriptions to your tables and columns. Descriptions allow other users to use data in a more self-serve fashion, and also helps prevent misunderstandings of the meaning of your data.
Table descriptions are shown in the My Network screen, and will show up in search as well. (Image 1).
Column descriptions show up when you hover on the column in the Manage Data screen (Image 2 and 3).
Comments are used in Cinchy to provide context to your data along with providing a means of collaborating directly with and on the data.
Anyone who can view or edit a cell can comment on it. Any data that is read-only does not allow comments to be entered.
To add a comment:
Locate the desired cell
Right-click and select comment (Image 1).
Enter the comment in the comment window
Click "Comment" to finish
Comments can be modified only by only the individual(s) that have created the comment(s).To edit a comment, complete the following:
Hover over the comment
Click the pencil icon (Image 2).
Make the appropriate edit
Click the Submit button to save the change
Comments can be deleted only by the individual(s) who has created the comment(s).To delete a comment, complete the following:
Hover over the comment
Click the garbage bin icon (Image 3).
A User can archive his own comment regardless of approve permissions
A User with the Approve All permission has the ability to archive any cell comments.
A User with the Approve Select Cell permission has the ability to archive comments on that specific cell
To archive all comments in a cell:
Hover over the comment
Click the Archive All button (Image 4).
You can also archive just one comment in a comment string by clicking the archive icon for the specific comment you wish to archive in the thread.
Comments are stored in the [Cinchy].[Comments] table.
This page gives an overview on Cinchy Builders
“Cinchy Builders” use the Cinchy platform to build an unlimited number of business capabilities and use-cases.
The “Cinchy Builder” has access to perform the following capabilities:
Change Table Schema (use Cinchy’s “Design Table” functionality)
Grant access (use Cinchy’s “Design Controls” functionality)
Edit Cinchy Data in Cinchy System Tables
Create, Save, and Share Cinchy Queries
Perform ad hoc Cinchy Queries on the Cinchy data network
Import/export packaged business capabilities (i.e. deployment packages)
Build Cinchy Experiences
Perform integration with Cinchy (e.g. Cinchy Command Line Interface [CLI] operations)
Create and Deliver an unlimited number of Customer Use Cases within Cinchy
A builder can be part of the
The “End-Users” of the Cinchy platform are those that use the functionalities created by the “Cinchy Builders” to their business objectives.
All Builders are also End-Users, but not all End-Users are Builders.
of the Cinchy Platform can:
Use Tables, Saved Queries, and Experiences created by “Builders”
Builders can leverage Cinchy as one platform to simplify solutions delivery as they:
Connect
Protect
Collaborate
Build
Reuse
Dataware eliminates point-to-point integration, reducing cost and complexity (including real-time, batch, on-prem, cloud, legacy, and SaaS services) and allowing custom data-sync configurations. This drives faster time to market, lower costs and improved usability.
Once a data source is connected to your data network, its data can be used in conjunction with data from any other source on the network with no further integration efforts. The more sources you connect, the more powerful and efficient it becomes. You can extend data on the network with attributes and entirely new entities, including calculated data, derived data, AI models, and user-managed data.
Data on Cinchy is protected by cellular-level access controls, data-driven entitlements, and superior data governance. This includes meta architecture, versioning, and write-specific business functions that restrict user views, such as a managed hierarchy. Owner-defined permissions are universally enforced, significantly reducing the effort of managing them at the enterprise level. You can use existing Active Directory and SSO access policies to set controls for an individual user, external system, or user-defined functions (such as approving updates row by row or using bulk approvals).
All data is automatically version-controlled and can easily be reverted to previous states. You can see changes made by users, systems, or external applications through Data Synchronization or by using a Collaboration Log.
Use the universal Data Browser to view, change, analyze, and otherwise interact with ALL data on the Fabric. Non-technical business users can manage and update data, build models, and set controls, all through an easy and intuitive UI.
By decoupling the data from the application, our Autonomous Data Network lets you consolidate legacy applications to increase operational agility and reduce overhead. You can create enterprise-grade solutions using the Application SDK as quickly and easily as you would build Excel-based solutions and without the operational risk. Application SDK (React Native, Angular, and REST SDKs) lets you build custom applications for end users.
For even more flexibility, connect your Data Network to third-party Data Visualization tools. You’ll be able to run cross-queries against all data on the Fabric while maintaining universal access policies for users, systems, and external applications.
The more you use Dataware the more it’s capable of doing.
Any new data you add to the network will work in conjunction with any previously existing data, instantly and easily. This means you can re-use data in new ways, with no time-consuming integration efforts. Teams can collaborate directly in real-time, allowing it to act as a central data hub while simplifying integration. Unlike traditional data architecture projects, which grow more complicated as they involve more data sources, dataware delivers solutions faster and faster as more data is added to it.
This page will describe how to attach files to your Cinchy table rows.
You are able to attach files and images to any row in a Cinchy table by creating a linked column that is linked to the 'Files' system table of your platform.
If you have access to view the 'Files' table, you can also view every attachment on your system.
Cinchy supports the attaching of any file type.
Navigate to the table where you want to attach your file.
Click Design Table > Columns
Add a new column with the following parameters (Image 1):
Column Name: We recommend you name this something easy to recognize, like "Images and Files"
Data Type: Link
Linked Table: You will link this to the "Cinchy\Files" table
Linked Column: File Name
Advanced Settings: Make sure to select the "Multi-select" checkbox if you want the capability to add more than one file to a row.
4. Click Save
5. Navigate back to your table and locate your newly created files column.
Note that you must first create the row prior to uploading a file.
6. To attach a file, click on the upload button (located in the top right hand corner of any cell in the column) (Image 2).
7. From the pop-up window, select Choose Files to pick your file from your machine, then click Submit (Image 3).
8. Once uploaded, your cell should look like this (Image 4):
To fully delete your attachment from the platform, you will need to navigate to the Files system table and delete the row associated with your attachment.
You will need edit access to the Files table in order to do so.
Your file will appear crossed out in your original table and cannot be opened or downloaded (Image 5).
This page guides you through the various column types available on Cinchy,
Cinchy contains system columns used to perform various functionality. These columns cannot be modified directly by a user.
You cannot create a new column with the same name as a system column.
Cinchy Id is a unique identifier assigned automatically to all records within a normal table. The Cinchy Id is associated with the record permanently and is never reassigned even if the record is deleted.
Version and Draft Version are used to track changes and versions.
Any changes made to a record increments the Version
. Draft Version
is always 0.
Any data approval increments Version
and resets Draft Version
to 0. Any proposed changes increments the Draft Version
.
This is a legacy column. It is always blank.
Created By
is a linked column to the [Cinchy].[Users]
table, of the user who created the record.
Created
is the time when the record was created, per the logged-in user's timezone.
Created By
and Created
will be the same for all records with the same Cinchy Id.
Created By
and Created
is based on the first user to make changes on an approved record. So the user where Draft Version
= 1.
Modified By
is a linked column to the [Cinchy].[Users]
table, of the user who last modified the record.
The last user to modify the record, and when it happened, per the logged-in user's timezone.
The last user to either modify the record (Draft Version
!= 0) or approve the record (Draft Version
= 0). The timestamp for when that version was generated.
If a record is deleted, it will show up in the Recycle Bin.
A deleted record will have Deleted By
and Deleted
filled in, with the timezone set to the logged-in user's.
Deleted By
and Deleted
are based on the user/time when the Delete Request was created, per the logged-in user's timezone., not when it was approved.
There is always only one latest/up to date record at a time. Anytime changes are made to a record, a new version (normal or draft) is created, and the previous version is updated with a Replaced
timestamp.
Any record where Replaced
is empty is the current version of that record.
Each column must have a unique name. They must also not conflict with system columns (even if you are not using Change Approvals on the table).
Each column has a data security classification. This defaults to blank, and can be set to one of 4 pre-configured settings (Public, Internal, Restricted, Confidential) or additional options can be created in the [Cinchy].[Data Security Classifications]
table by an administrator.
Currently there is no functionality tied directly to Data Security Classification - the tagging is just for internal auditing purposes. Future security settings will be tied to Data Security Classifications, rather than simply done at a column level.
Public: This type of data is freely accessible to all employees and company personnel. It can be freely used, reused, and redistributed without repercussions. An example might be job descriptions, press releases or links to articles.
Internal: This type of data is strictly accessible to internal company personnel or employees who are granted access. This might include internal-only memos, business performance, customer surveys or website analytics.
Confidential: Often, access to confidential data requires additional authorization and explanation of why access to the data is needed. Examples of confidential data include social security numbers, credit card details, phone numbers or medical records. Depending on the industry, confidential data is protected by laws like GDPR, HIPAA, CASL and others.
Restricted: Restricted data is what we can call "high stakes". If compromised or accessed without authorization, it could lead to criminal charges, massive legal fines, or cause irreparable damage to the company. This is the most sensitive data, so you would have to treat it extra carefully. Examples include intellectual property, proprietary information or data protected by state and federal regulations.
Each column can optionally have a description. The description is displayed when you hover on the column header in Data Management.
Be very careful when editing GUIDs, as you can have unintended consequences.
Checked by default. After saving your changes this will add the column to be displayed in the default table (All Data by default). Generally it makes sense to be checked since there should be a view where all columns are displayed.
If you need to hide a column from certain users or groups you can do so in table controls. It is usually best to have a view where all table columns are displayed.
Makes the column a mandatory field. You will not be able to save or alter a record in a state where a mandatory field is blank.
Requires all values in the column to be unique. Adding a new record or modifying a previous record into a state where it is a duplicate of another record will cause an error and cannot be saved.
If you need uniqueness across multiple columns instead (ex. First Name does not need to be unique, but First Name + Last Name needs to be unique), you can create an index in Design Table, add those columns and set the index to unique. If it needs to be more complicated, you can also create a calculated column and set that column to unique.
Some fields can also be set to multi-select.
For example, the column Players
in [Football].[Teams]
can be a multi-select field since each team will have multiple players.
Checked by default. This allows other tables to use the column as a link/relationship.
You want to pick identifying columns for linking, such as IDs or Name. Generally you want to use unique columns, but in some cases it is a better user experience to pick an almost unique field for readability.
I.e. Full name may not be unique, but it is much easier to understand than Employee ID.
Checked by default. Some columns may not make sense for linking but can be useful to display when someone is choosing an option.
There is no difference in user experience within the Cinchy platform. The data is displayed in plain text on the UI or via the query APIs.
Text columns have a maximum length, set to 500 by default.
These are equivalent to VARCHAR(n)
data type in SQL.
You can choose from 3 display formats for number - regular, currency, and percentage. You can also decide how many decimal places to display (0 by default). Note that these are both display settings, and will not affect how the number is stored.
These are equivalent to FLOAT(53)
data type in SQL (default, 8-byte field).
There are several Date column type display format options available in Cinchy:
MMM DD, YYYY (e.g. Oct 31, 2016)
YY-MM-DD (e.g. 16-10-31)
DD-MM-YYYY (e.g. 31-10-2016)
DD-MMM-YY (e.g. 31-Oct-16)
Custom Format
Please Note: the "Default Value" field is not mandatory and should be left blank (best practice). However, if populated you will not be able to clear the default date value provided to a "blank" data (no date). You will only be able to overwrite it with another date value.
These are equivalent to DATE()
data type in SQL.
You must select a default value of yes (1) or no (0) for yes/no fields.
These are equivalent to bit
data type in SQL.
A calculated column is evaluated using other fields on the record. It will also have a result type - which is the form in which the calculated results will be stored.
For example, you can have a column [Full Name]
that is CONCAT([First Name], ' ', [Last Name])
.
These are equivalent to computed columns in SQL.
When creating a calculated column, you will notice the option to have it cached or not, located under Advanced Settings. This was an option introduced in version 4.0 of the platform.
A cached calculated column stores your data for fast retrieval and querying. Calculated columns are defaulted to cached. This is an actual column in your table that is based on a defined CQL formula. This column will recalculate when data is changed in the same row.
In the below example, the Label column is a calculated column that connects various name columns together. You can see that "Connect your data" appears in each label. If you then wanted to change the name in row one from "Connect your data" to "Connect all your data", only that specific row would recalculate automatically to update the label. To update any other row (within this table or another) with a calculated column that references that data, you would need to manually make changes to each in order to prompt a recalculation.
The other option is to uncheck the cached button, and to have a live calculated column instead. A live column runs the query in real time, on the fly: it is essentially a stored formula that is only executed when you read or query the record, and is executed each time you do so.
In the above example, if the Label column was a live calculation, the formula would run every time you refresh the screen or requery the data. If changes have been made (in this example, changing "Connect your data" to "Connect all your data"), the calculated column will automatically reflect them, regardless of if it references another row or even another table.
While live calculated columns can be very powerful this way, they also have their drawbacks, including possibly throwing errors and being very resource intensive. In some cases, live calculated columns can even break a table (for example if you have a live calculated column linking to another live calculated column, you may run into errors).
You can create a choice column (single or multi-select) in Cinchy. In this scenario, you specify all your choices (1 per newline) in the table design. A user will only be able to select from the options provided.
If you created a spatial table, you will have access to the geography and geometry column types. These columns also have the option to be indexed via Index in the advanced settings on the column itself.
In the UI, this takes a well-known text (WKT) representation of a geometry object. You can modify or paste the WKT representation directly in the editor on the UI. Geometric functions can be performed on this column through CQL and calculated columns.
In the UI, this takes a well-known text (WKT) representation of a geography object. You can modify or paste the WKT representation directly in the editor on the UI. Geographic functions can be performed on this column through CQL and calculated columns.
Hierarchy columns are simply link columns referencing the current table. For example, the below table contains a list of documentation pages, some of which also have sub-level pages (or even sub-sub-level pages). Using a Hierarchy Column allows you to quickly view the relationships between data.
Example 1: API Overview is the parent page. It had four sub-pages: API Authentication, API Saved Queries, ExecuteCQL, and Webhook Ingestion. Clicking on any of the links within the Sub-Pages column would return you to the row for that specific data set.
Example 2: Builder Guides is the parent page. It has five sub-pages: Best Practices, Creating Tables, Saved Queries, Integration Guides, and CInchy DXD Utility. In this example, we also have another level of hierarchy, wherein Best Practices is also a parent page, and Multilingual Support is its sub-page.
Another common use of Hierarchy columns are to show Manager/Employee relationships
This page guides you through creating table in Cinchy.
Navigate to the Cinchy homepage. In the upper left-hand corner, click on Create to get started. (Image 1)
2. Select either a Standard or a Spatial Table (Image 2), per the descriptions below.
Spatial Table: A spatial table allows you to create geography and geometry column types, as well as geospatial indexes. You will not be able to create partitions on a spatial table.
Standard Table: You cannot create geography or geometry columns in a standard table.
You cannot convert from one type to another and will have to either recreate your table or link to another table with geospatial columns.
Any existing tables created before installing Cinchy Platform v4.19.0 are standard tables.
3. Select From Scratch (Image 3).
4. A new page will open with the Table Info tab (Image 4). Input the following information:
Table Name: This is a mandatory field, and must be unique to the domain you select.
Icon: You can pick an icon and colour to differentiate your table on thee home screen.
Domain: This is a mandatory field. Select the domain that this table will reside under. If you are have administrative privileges, you can also create new domains from this screen.
Description: You can give your table a description, which will be displayed on the homepage.
6. A new page will open with the Columns tab (Image 6). Every table in Cinchy must have at least one column. Input the following information:
Column Name: Input a unique column name.
Data Type: You can select from the following:
Text: All data in this column must be input as text
Number: All data in this column must be input numerically
Date: All data in this column must be in date format. The default is yyyy-mm-dd however you can change that.
Yes/No: All data in this column must be in Yes/No format
Choice: Data entered in this column must be selected from a set of choice answers that you provide
Link: Data in a link column is pulled from elsewhere on Cinchy
Description: Enter a description of your column
Data Security Classification: You can select from Public, Internal, Confidential, or Restricted. Additional options can be created in the [Cinchy].[Data Security Classifications]
table by an Administrator.
Restricted: Restricted data is what we can call "high stakes". If compromised or accessed without authorization, it could lead to criminal charges, massive legal fines, or cause irreparable damage to the company. This is the most sensitive data, so you would have to treat it extra carefully. Examples include intellectual property, proprietary information or data protected by state and federal regulations.
Confidential: Often, access to confidential data requires additional authorization and explanation of why access to the data is needed. Examples of confidential data include social security numbers, credit card details, phone numbers or medical records. Depending on the industry, confidential data is protected by laws like GDPR, HIPAA, CASL and others.
Internal: This type of data is strictly accessible to internal company personnel or employees who are granted access. This might include internal-only memos, business performance, customer surveys or website analytics.
Public: This type of data is freely accessible to all employees and company personnel. It can be freely used, reused, and redistributed without repercussions. An example might be job descriptions, press releases or links to articles.
Currently there is no functionality tied directly to Data Security Classification - the tagging is just for internal auditing purposes. Future security settings will be tied to Data Security Classifications, rather than simply done at a column level.
You may have further mandatory or optional data to input depending on your selected Data Type.
8. Click Save to finalize your table.
9. You may return to change the structure of the existing table (i.e. Rename columns, add new columns, change data type) by clicking on the Design Table button on the left-hand navigation (Image 8).
Navigate to the Cinchy homepage. In the upper left-hand corner, click on Create to get started (Image 9).
2. Select either a Standard or a Spatial Table (Image 10), per the descriptions below.
Spatial Table: A spatial table allows you to create geography and geometry column types, as well as geospatial indexes. You will not be able to create partitions on a spatial table.
Standard Table: You cannot create geography or geometry columns in a standard table.
You cannot convert from one type to another and will have to either recreate your table or link to another table with geospatial columns.
Any existing tables created before installing Cinchy Platform v4.19.0 are standard tables.
3. Select Import a CSV (Image 11).
4. Enter the following information_:_
Domain: Select the domain that you table will reside under. If you are have administrative privileges, you can also create new domains from this screen.
File: In order to create the table, you must upload a .csv file.
5. When creating a table via Import a CSV, a few settings will be set by default:
Default Table Name: The name of the file will be used as the name of the table (a number will be appended if there is a duplicate - ex. uploading Teams.csv will create a table named Teams 1, then Team 2 if uploaded again). You can always rename the table after it has been created.
Default Table Icon: The icon defaults to a green paintbrush.
Default Column Types: Columns by default will be created as a text field, with a maximum length of the longest value in the column. If a column has only numeric values in it, it will be created as a numeric column.
6. To update these settings, navigate to the Design Table tab on the left navigation bar (Image 12).
When you first create a table, a default view called All Data will be created for you, which you can find on the left navigation bar under Manage Data (Image 13).
2. You can create additional views by clicking on "+Create View" (Image 14).
3. You may chose to create a view From Scratch or by Copying an Existing view (Image 15).
Select "From Scratch".
The Columns tab will open. Create a Name for your View (Image 16).
If you'd like this to become the default view, toggle the default setting to On (Image 16).
4. Select the column(s) that you want to be visible in this view (Image 17). You may rearrange the column order using drag and drop.
5. Click on the Sort tab in the left navigation bar (Image 18).
6. Use this screen to select which columns you'd like to sort your data by, and in which order. You may rearrange the columns using drag and drop (Image 19).
8. Click on the Permission tab in the left navigation bar. Here, you may set permissions for who can use this view. By default, it is set to All Users (Image 21).
9. Select Save to finalize your view.
Select "From Existing".
Select which view you would like to copy (Image 22).
To update any view, including the Add Data view, click on the pencil icon next to the view's name under Manage Data (Image 23).
Once you create a table, it will be added to your bookmarks by default. Other users (or if you un-star the table from your bookmarks) will see it in the Homepage if they have permissions to.
Cinchy’s Dataware platform features an intuitive Drag and Drop Query Builder that allows Builders to create using the Cinchy Query Language (), a proprietary language specific to Cinchy. All queries can be easily saved and shared, and query results automatically generate a full no-code API.
A GUID is a globally unique identifier, formatted as a 128-bit text string, that represents a unique identification. Every column in Cinchy is automatically assigned one. For more information on GUIDs, you can
See to get more context on how they are used.
See to get more context and tips.
If is enabled, you will see the option of Encrypt for columns. If this is checked, the column will be encrypted within the database. This is useful for hiding sensitive information so that people with access to the database directly do not see these fields.
Link columns allow you to establish inherent relationships with other records in other tables. See for more details.
5. When you are finished with the Info page, select Columns from the left-hand navigation bar (Image 5). for additional information about column types.
Calculated: Data is this column is calculated using a expression
Advanced Settings: Select any checkboxes that pertain to your column. for more information about these parameters.
7. Click on Design Controls > Entitlements in the left navigation pane to set your permissions (Image 7). You may set these as granular as you choose. You may also set permissions on a
The column names in your .csv file must not conflict with
7. Click on the Filter tab in the left navigation bar. Here, you may use to focus your view (Image 20).
Data Control Entitlements allow you to set up permissions for who can view, edit, or approve data within a table. Note that this was formerly called "Design Controls"
Data Entitlements define who has access to do what on your Cinchy platform. These access controls are universally set at a cellular level, meaning that you can configure user access in the way that best supports your use case.
You can set entitlements such that specific users can view, edit, delete, insert, or all of the above for whichever data you want them to access.
Cinchy supports user-based, role-based, and attribute-based access controls.
User-based controls are entitlements given to specific users. This is done via the Users column.
Defining access based on a user means that even if the user changes their role, team, group, etc., they will still maintain their data entitlements.
Role-based controls are entitlements given to set(s) or users based on their role in your environment. For example, you are able to define that only the Product team has access to insert records into a Product Roadmap table. Instead of configuring the entitlements user by user, which takes time and can lead to incorrect data when/if employees shift teams, you can configure it such that any user within the Product team automatically maintains the same level of control across the board.
In Cinchy, this is done via the Groups column.
Attribute-based controls are entitlements given to a user(s) based on a defined set of "tags". This can include attributes such as their team, their role, their security clearance, their location, etc.
Defining entitlements based on attributes allows you to drill even deeper into the specificity of which users can do what on your tables.
In Cinchy, you can set up an infinite number of attributes based on your specific use case(s). This is done via Row Filters.
For example, if you have an Employee table that contains salary information visible only to certain people, you can configure a Row Filter such that the logged in user MUST have at least one of the following attributes to be able to see it:
The user to whom the salary belongs
Their manager
All VPs
The CEO
You are able to add as many attributes into your Row Filter as needed. For example you could only allow a user with the following set of tags to view a row: Located in Toronto, on the Marketing Team, and with a Security Clearance level of 2.
When viewing a table, click on Data Controls > Entitlements from the left navigation menu (Image 1).
2. Currently both the table creator and anyone in the Cinchy Administrators
group has access to perform any action on any objects. You can give granular entitlements at a Group or a User level, for both viewing and editing access (Image 2).
3. In the above scenario, John Smith is part of the Developers group. He is able to view all columns via the entitlement to the Developers group, and he is able to edit both the First Name and Last Name column through different entitlements.
There are certain entitlements in the Data Controls menu that apply to the entire table.
Approving this entitlement enables users to see and search for the table in the Marketplace/Homepage.
Approving this entitlement enables users to export data from the table via the Manage Data screen (Image 3).
Approving this entitlement enables users to query the data from the table directly in the Query Builder (Image 4).
Approving this entitlement enables users to alter the structure of the table.
This is a builder/administrative function and should not generally be granted to end users.
Approving this entitlement enables users to change the permissions on a table.
This is a builder/administrative function and should not generally be granted to end users.
There are certain entitlements in the Data Controls menu that apply only to columns.
Approving this entitlement enables users to view all columns within the table.
Note that this applies to any new columns that are added to the table after providing this permission as well.
This is a drop down where you can select the specific columns you want to grant view access to for users.
Approving this entitlement enables users to edit all columns within the table.
Note that this applies to any new columns that are added to the table after providing this permission as well.
Giving a user edit permission will also give them view permission.
This is a drop down where you can select the specific columns you want to grant edit access to for users.
Giving a user edit permission will also give them view permission.
Approving this entitlement enables users to approve all columns within the table. This also allows users to approve Create and Delete requests.
Note that this applies to any new columns that are added to the table after providing this permission as well.
Approve permissions only apply when Change Approvals are enabled.
Giving a user approve permission will also give them view permission.
This is a drop down where you can select the specific columns you want to grant approve access to for users.
Approve permissions only apply when Change Approvals are enabled.
Giving a user approve permission will also give them view permission.
Link columns require both permission to the column within this table, as well as the column in the link column itself.
These are entitlements that apply to specific rows. Used in conjunction with Column Level entitlements this allows for granular cell level entitlements.
Approving this entitlement enables users to create new rows in the table.
Approving this entitlement enables users to delete rows in the table.
This is a CQL fragment that applies a filter to which rows will be viewable or editable. Think of the column entitlements and the fragment as a SQL statement applied to the table.SELECT {Edit Selected Columns} WHERE {Editable Row Filter}
Most of these examples will be with the editable row filter so it is easy to see the underlying data for comparison. However this can be done for viewable row data as well.
(Image 5)
With the following entitlements (Image 6):
Edit Specific Columns: Age
Editable Row Filter: [Age] > 30
(Image 7)
View Specific Columns: First Name, Last Name
Viewable Row Filter: [End Date] IS NULL OR [End Date] > GetDate()
(Image 8)
View Specific Columns: All
Edit Specific Columns: First Name, Last Name, Age
Viewable Row Filter: [First Name] = 'John'
Editable Row Filter: [First Name] = 'John'
(Image 9)
For the All Users group:
(Image 10)
View All Columns: Check
Edit Selected Columns: First Name, Last Name
Editable Row Filter: [User Account].[Cinchy Id] = CurrentUserId()
To allow a user to edit certain fields of their own data, you will need an association from a user to the [Cinchy].[Users]
table. You can then use the following function to allow edit for that user, where [...]
is the chain of link columns to get to the Users table.
[...].[Cinchy Id] = CurrentUserId()
This page provides an overview on data erasure.
Data erasure allows you to permanently delete data in Cinchy. As the data owner, you can set an erasure policy on your table if you need to delete data for compliance reasons (Image 1).
The actual erasing of data happens during the maintenance window. Please check with your system administrators to confirm when maintenance is scheduled.
Once data is erased, any links pointing to erased data will look like this (Image 2):
The time is counted based on the record's modified time stamp, not the deleted time stamp. This means for change approval records it is the time when the pending delete request was approved and moved to the Recycle Bin, not when the delete request was made.
You can apply conditional formatting rules. Our first iteration of this is done directly in the Formatting Rules table. A future iteration will add a UI within a table to create them.
There are formatting rules for columns:
This follows the same syntax as a view filter query.
Order in which the formatting rules will apply on the same table. Ordinal 1 will show up above ordinal 2.
Color to highlight the cell. If you want to add your own colors you can do so within System Colours and check off highlight under usage.
Table in which to apply the conditional formatting.
Columns to apply the conditional formatting rules to. You do not need to include any row condition columns within the highlight columns.
This page provides an overview of Data Compression.
If you need to manage space within your database, you can set a data compression policy. Currently we allow you to permanently delete versions in the collaboration log. Be aware that the current version of compression is a LOSSY process (data will be permanently deleted). Take that into consideration when configuring a policy.
We recommend you keep more versions rather than less versions. You can think of the above as keep any versions newer than 180 days and keeping the most recent 50 versions. So as long as a version satisfies one of the two keep conditions, we keep it. Using the example above:
A version that’s from 205 days ago but is amongst the most recent 50 versions (e.g. version 22 of 60) will be kept, because it satisfies at least one condition of being in the most recent 50 versions.
A version that’s from 163 days ago but is version 65 of 80 will be kept, because it satisfies at least one condition of being less than 180 days old.
A version that’s from 185 days ago and is version 65 of 80 will be deleted because, it doesn’t satisfy either of the conditions.
The actual compression of data happens during the maintenance window. Please check with your system administrators to confirm when maintenance is scheduled.
The number of versions is based on the major version and not the minor version. This means for a record on version 35.63 with a keep most recent 10 versions, it will keep all versions 26.0 +, rather than all versions 35.44+.
This page outlines the indexing and partitioning options on your tables.
Indexing is used to improve query performance on frequently searched columns within large data sets. Without an index, Cinchy begins a data search with the first row of a table and then follows through the entire table sequentially to find all relevant rows. The larger the table(s), the slower the search.
If the table you are searching for has an index for its column(s), however, Cinchy is able to search much quicker.
In the below example, we will set up a query for a Full Name field. When you create an index for that field, an indexed version of your table is created that is sorted sequentially/alphabetically.
When you run your query on this index, that table will be searched using a binary search.
A binary search will not start from the top record. It will check the middle record with your search criteria for a match. If a match it not found, it will check whether the found value is larger or smaller than the desired value. If smaller, it reruns the data check with the top half of the data, finding the median record. If larger, it reruns the data check with the bottom half of the data, finding the median record. It will repeat until your data is found.
In this example, we have a table with employee names (Image 1). We want to search for "John Smith", using the Full Name column.
To set up your index, select Design Table from the left navigation tab.
2. Click Indexes (Image 2).
3. Select "Click Here to Add" and fill out the following information for a new index. Click save when done (Image 3):
Index Name.
Select the column(s) to add to your index. For our example we have selected the Full Name column to be indexed.
You can select more than one column per index.
Select the Included column(s) to add to your index, if applicable.
The difference between regular columns and Included columns is that indexes with included columns provide the greatest benefit when covering your query because you can include all columns your query may reference, such as columns with data types, numbers, or sizes not allowed as index key columns.
For more on Included Columns, click here
4. We can now query our full name column for John Smith and receive our results quicker than if we hadn't set up our index (Image 4).
Note that there is no UI change in the query builder or your results when running a query on an indexed column. The difference will be in the speed of your returned results.
A full-text index is a special type of index that provides index access for full-text queries against character or binary column data. A full-text index breaks the column into tokens and these tokens make up the index data.
Click on Design Table > Full-text Index
Add in the desired column(s) and click save when done (Image 5).
Columnar Indexing (also known as Columnstore indexing) is available when running SQL Server 2016+. It is not currently available on a PostgreSQL deployment of the Cinchy platform.
Columnar indexes are used for storing and querying large tables. This index uses column-based data storage and query processing to improve query performance. Instead of rowstore or b-tree indexes where the data is logically and physically organized and stored as a table with rows and column, the data in a columnstore indexes is physically stored in columns and logically organized in rows and columns.
You may want to use a columnar index when:
Your table has over 1 million records.
Your data is rarely modified. Having large numbers of deletes can cause fragmentation, which adversely affect compression rates. Updates are also processed as deletes followed by inserts, which will adversely affect the performance of your loading process.
Click on Design Table > Columnar Index
Add in the desired column(s) and click save when done (Image 6).
When using a Columnar Index, you won't be able to add any new columns to your table. You will need to delete the index, add your column(s), and then re-add the index.
Partitioning data in a table is essentially organizing and dividing it into units that can then be spread across more than one file in a database. The benefits of this are:
Improved efficiency of accessing and transferring data while maintaining its integrity.
Maintenance operations can be performed on one or more partitions more efficiently.
Query performance is improved based on the types of queries most frequently run.
When creating a partition in Cinchy, you use the values of a specified column to map the rows of a table into partitions.
In this example we want to set up a partition that divides our employees based on a Years Active column (Image 7). We want to divide the data into two groups: those who have been active for two years or more, and those who have only been active for one year.
Click on Design Table > Partition
Fill in the following information and click save when done (Image 8):
Partitioning Column: this is the column value that will be used to map your rows. In this example we are using the Years Active column.
Type: Select either Range Left (which means that your boundary will be <=) or Range Right (where you boundary is only <). In this example we want our boundary to be Range Left.
Add Boundary: Add in your boundary value(s). Click the + key to add it to your boundary list. In this example we want to set our boundary to 2.
Once set up, this partition will organize our data into two groups, based on our boundary of those who have a Years Active value of two or above.
2. You can now run a query on your partitioned table (Image 9).
Note that there is no UI change in the query builder or your results when running a query on a partitioned table. The difference will be in the speed of your returned results.
For more formation on creating, modifying or managing Partitioning, please visit Microsoft's Partitioned table and Indexes documentation.
A GUID is a globally unique identifier, formatted as a 128-bit text string, that represents a unique identification. Both Cinchy Tables and Columns have a GUID.
This feature is particularly useful when deploying between Cinchy instances.
For example, in a model deployment, you must have matching GUIDs on your columns in order for them to properly load between environment A and environment B. There might be times when these GUIDs don’t automatically match, however, such as if you manually added a new column to environment B and also manually added it to environment A.
In this case, the two columns would have different GUIDs, and the model deployment would fail. With this new feature, however, you can match up conflicting GUIDs to properly load your model.
You have the ability to display and edit these table and column GUIDs within the Design Table screen.
Table GUIDs musts be unique to your specified environment.
Column GUIDs must be unique to the table.
Table GUIDs can be found under Design Table > Info > GUID (Image 1).
Click on the pencil icon to edit the GUID.
GUIDs must adhere to Cinchy's supported format.
32 hexadecimal (base-16) digits.
Displayed in five groups, separated by hyphens.
The groups take the form of 8-4-4-4-12 characters, for a total of 36 characters (32 hexadecimal characters and 4 hyphens).
Example: 123e4567-e89b-12d3-a456-426614174000
Warning: Changing the value may have damaging effects, proceed with caution.
3. Column GUIDs can be found under Design Table > Columns > GUID (Image 2).
4. Click on the pencil icon to edit the GUID.
GUIDs must adhere to Cinchy's supported format.
32 hexadecimal (base-16) digits.
Displayed in five groups, separated by hyphens.
The groups take the form of 8-4-4-4-12 characters, for a total of 36 characters (32 hexadecimal characters and 4 hyphens).
Example: 123e4567-e89b-12d3-a456-426614174000
Warning: Changing the value may have damaging effects, proceed with caution.
You can find the Data Controls menu on the left-hand navigation bar of a table.
From here you may select to:
Change your Data Entitlements
System tables are included out-of-the-box with your Cinchy platform, and can be used to track and manage a variety of data.
You can easily query for a list of your system tables using the below:
The system tables included are:
Applets: This system table manages a list of all your integrated applications
Data Experience Definitions: This is a system table for managing data experience definitions
Data Experience References: This is a system table for managing reference data for data experiences
Data Experience Release Artifacts: This is a system table for maintaining data experience release artifacts
Data Experience Releases: This is a system table for maintaining data experience releases
Data Security Classifications: This is a system table for maintaining data security classifications
Data Sync Configurations: This system table manages a list of all your data sync configurations.
Domains: This system table manages a list of all the domains in your instance.
Execution Log: This system table tracks the execution logs of data syncs
Formatting Rules: This system table manages your formatting rules
Groups: System table for managing all groups
Literal Groups: This system table maintains a list of groups
Literal Translations: This system table maintains a list of literal translations
Literals: This system table maintains a list of literals
Regions: This system table maintains a list of regions
Saved Queries: This system table manages a list of all user saved queries that can be exposed via the REST API
System Colours: System table for maintaining colours
Table Access Control: This system table maintains a list of all table access controls in your instance
Table Columns: This system table manages a list of all the system column definitions
Tables: This system table manages a list of all the tables in your instance.
User Defined Functions: This system table manages a list of all your user defined functions
Users: System table for managing all user information including enabling/disabling the ability to create tables, queries, etc.
Views: This system table manages a list of all the views in your instance.
This page outlines how to restore tables, columns, and rows in Cinchy
This page documents the method of restoring deleted tables, columns, and rows in your Cinchy table.
Remember that you can always revert a changed or deleted record to a previous state using the
If you wish to restore a row that has been deleted, you can do so through the following steps:
In the table where you want to restore the row, navigate to the Recycle Bin.
Locate the deleted row.
Right click anywhere in the row > Restore Row (Image 1).
You should see a "Restore Successful" pop-up.
If you wish to restore a column that has been deleted or changed (such as a name change), you can do so through the following steps:
Note: You need insert access on the Table table in order to complete these steps.
This method will revert the entire table, including any changes made after the column was deleted.
Navigate to the [Cinchy].[Tables] table.
Find the row with the table that has the column you want to restore > right click anywhere in the row > Collaboration Log > Revert to a previous version (Image 2).
You should see a "Revert Successful" pop-up.
If you wish to restore a table that has been deleted, you can do so through the following steps:
Note: You need insert access on the Tables table in order to complete these steps.
Navigate to the [Cinchy].[Tables] table.
Navigate to the Recycle Bin.
Find the row with the table that you want to restore > right click > "Restore Row" (Image 3)
You should see a "Restore Successful" pop-up.
Make sure the Deleted date is the same, and you don't retrieve previously dropped columns.
When you create a column within Cinchy, you can choose to create a link column. A link column allows you to establish inherent relationships with other tables.
Linking is done by the Cinchy ID, which is unique. When you create a link column, you select a column to link to. This is simply a decision on which field to show from the linked record. You should pick a unique field to link on to avoid confusion if possible.
Once a record is created, its Cinchy ID never changes. This means that modifying the row of data in the linked table will not change the relationship in your table to that row. This also means that if you did not use a unique column, even though the UI looks the same, you are actually linking to different rows.
In general, you should only use unique columns as the linked column. This needs to be balanced with readability in other tables.
For example, Full Name might not be unique to every employee, but it is a lot more readable and understandable than Employee ID. In other cases, it makes sense to link via an ID and simply add a display column to show relevant information.
To help other builders follow best practices of only linking to unique (or close to unique, such as Full Name) columns, you should un-check the Allow Linking checkbox for non-unique columns so they will not be able to use it for linking.
If this option is unchecked, it prevents users from showing this column in another table.
For example, if you have an ID card # within an employees table, you may not want to display it to the rest of the company because it simply would not be relevant when they are linking to employees and want to see additional information (such as department, title, location). Arguably, a lot of these columns are also taken care of by access controls (since most people will not have access to view that column).
Generally unchecking this box should be done sparingly, as it does not impact the security of your data, only how convenient it is to see it.
When you select a record to link to on the Manage Data screen, it can be useful to see additional information about the records to ensure that it is the record you want to link to (Image 1). You can add additional display columns in the advanced options for link columns (Image 2).
When you type in the cell, all displayed columns will be searched through, not just the Linked Column (Image 3). (Green does not have a B in it, but #00B050 does so the Green record shows up)
The link filter can be used to filter records from the table being linked. This is useful for reducing the options to only the typical use case. Commonly used for filtering the drop down to a list of active users or other resources, while not preventing someone from entering missing records with inactive resources.
Note that this is simply a display filter, it does not prevent other values from being entered as long as they are valid records in the linked table.
You can define 1 to 1, 1 to many, and many to many relationships.
Generally it is rare to link 1:1 relationships since they should usually be in the same table. For example, you would not have a separate table for Employee Phone Number and Employee Address, they would simply be two columns within the Employees table. However there are cases nonetheless where it makes sense, for example, a Keycard tracking table where each keycard has 1 assigned employee.
To enforce a 1:1 relationship within Cinchy, you set the unique constraint and leave it as single-select when creating a link column.
A common relationship to have is a one to many relationship. For example, one customer can have multiple invoices.
To enforce a 1:many relationship within Cinchy, you want to create a link column in the table on the “many” side of the relationship (in the above example, in the invoices table) and leave the link column as single select.
You can also have a many to many relationship. For example, you can have multiple customers, and multiple products. Each customer can order multiple products, and each product can be ordered by multiple customers. Another example is books and authors. An author can write multiple books, but a book can also have multiple authors. There are two ways to express many to many relationships.
In the case of multiple customers and multiple products, we want to use orders as an intermediary table to create indirect relationships between customers and products. Each order has 1 customer, and each order has multiple products in it. We can derive the relationship between customers and products through the orders table.
To create a many:many relationship through a different entity, you want to create a table for orders. Within orders, you want to create a single-select link to customers and a multi-select link to products.
In the case of books and authors, it makes sense to create a multi-select link column in the Books table where multiple authors can be selected.
To create a multi-select link column in Cinchy, you simply check off the Multi-Select option when you create a new link column.
This page outlines how to delete tables in the Cinchy platform.
There are three ways to delete tables on your Cinchy platform:
1) Using the "Design Table" tab in the relevant table. This option is available to any user with the "Design Table" entitlement on the table.
2) Using CQL. This option is available to any user with the "Design Table" entitlement on the table.
3) Using the [Tables] table. This option is available to any user with the "Delete Row" entitlement on the table, generally this would be an Administrator.
To ensure that the relevant user has the correct entitlements, you can navigate to the Data Controls > Entitlements tab of the relevant table. The "Design Table" column should be checked off (Image 1).
Deleting a table via any of the below methods results in your data becoming inaccessible, however it will technically still be available on the underlying database. To fully remove deleted data, you must use the Data Erasure capability,
Navigate to the table you wish to delete as a user with "Design Table" access on it.
Select "Design Table" > "Info" > Delete (Image 2).
Navigate to the Query Builder as a user with "Design Access" on the table you wish to delete.
Syntax
Example
Find the row pertaining to the table that you want to delete.
Right click on the row > "Delete".
This page explores Saved Queries
Saved queries allows you to query any data within Cinchy (respecting entitlements) and save them to be used as APIs by external systems.
You can access your Saved Query directly by either CinchyID or the domain and name of the Saved Query.
<baseurl>/Query/Execute?queryId=<cinchyid>
<baseurl>/Query/Execute/<domain>/<saved query name>
You can find this information in the Saved Queries table.
You can also search your Cinchy Homepage to find your Saved Query.
From the homepage, select Create > Query (Image 1)
2. Fill out the following information:
Under the Info tab, you can fill out information on the query if you wish to save it (Image 2):
Query Name: Mandatory field. Must be unique within the Domain.
Icon: You can optionally pick a non-default icon, as well as color for your table. This will be displayed in My Network.
Domain: You need to select a Domain your query will reside in. As an admin, you can also create new domains in this screen.
Description: You can give your query a description. This description will be displayed on the home screen to users browsing the marketplace. It will also be searchable.
Return Type: There are six different return types:
This is the default return type, it returns a table from a select query with only approved data for Maker/Checker-enabled tables, or all data for tables without Maker/Checker-enabled. This is generally used for external APIs as you will want to query approved data, rather than drafts.
Query Results (Including Draft Data)
This return type returns a table from a select query with only draft data for Maker/Checker-enabled tables. Use this return type when looking to display results of records that are pending approval.
Query Results (Including Version History)
This return type returns a table from a select query with historical data for all tables, as seen in the Collaboration Log of any record. This data includes all changes that happened to all records within the scope of the select query.
Number of Rows Affected
This return type returns a single string response with the number of rows affected if the last statement in the query is an INSERT, UPDATE, or DELETE statement.
Execute DDL Script
Use this return type when your query contains DDL commands that implement schema changes such as CREATE|ALTER|DROP TABLE, CREATE|ALTER|DROP VIEW, or CREATE|DROP INDEX.
Single Value (First Column of First Row)
This return type returns a result of 1 row x 1 column, irrespective of the underlying result set.
In the Query screen, you can modify and run your query (Image 3).
On the left hand side you have the Object tree, which shows you all the domains, tables, and columns you have access to query within Cinchy. You can search or simply navigate by expanding the domains and tables.
You can drag and drop the columns or table you're looking for into the Query Builder.
Once you are satisfied with your query, you can click save to keep a copy. You can then find your query in the "Saved Queries" table (Image 4):
Once you've set up your saved query, you can find it on your homepage (Image 5).
2. Clicking the query will allow you to "Execute Query" and show you the result set (if there is a SELECT at the end). Sometimes the query will have parameters you need to fill out first before executing (Image 6).
Once you execute a query, you can switch the Display to Pivot Mode to see different visualizations of the data (Image 7).
Erroneously deleted tables can be restored via the [Tables] table,
Use the statement, shown below, to delete your table.
Erroneously deleted tables can be restored via the [Tables] table,
Navigate to the [Tables] table a user with "Delete Row" access, generally an
Erroneously deleted tables can be restored via the [Tables] table,
If you want to share the report, you can click the Pivot URL button on the top right to copy the URL to that pivoted report. Simply and bookmark it to return to the pivoted view!
For more information and documentation on Cinchy Query Language (CQL), please
This page guides you through the Cinchy Data Experience Deployment Utility.
CinchyDXD is a downloadable utility used to move Data Experiences (DX) from one environment to another. This includes any and all objects and components that have been built for, or are required in, support of the Data Experience.
The following sections in this document will outline the basics of how to build, export**,** and install a DX’s.
Items of note moving forward in this document:
Source Environment is the environment in which the DX is built.
All objects need to be created in one source environment (ex: DEV). From there, DXD will be used to push them into others (ex: SIT, UAT, Production).
Target Environment is the environment in which the DX will be installed
The example DX is a simple Currency Converter DX that consists of
One (1) table
One (1) query
This example does not include the following:
NO applets
NO integrated clients
NO Data Sync Configurations
NO Reference Data
NO Models
NO Groups
NO System Colours
NO Formatting Groups
NO Literal Groups
Future iterations of this document will add to this example's complexity level.
The general steps to deploying the CinchyDXD Utility are as follows:
This page outlines Step 1 of Deploying CinchyDXD: Building the Data Experience
Remember that all objects need to be created in one source environment (ex: DEV). From there, DXD will be used to push them into others (ex: SIT, UAT, Production).
Create your data experience (DX) in a virtual data network.
Log in to Cinchy: URL: <cinchy source URL> User ID: <source user id> Password: <source password>
From the Homepage, select Create
Select Table > From Scratch
Create the table with the following properties (Image 1).
6. Click Columns in the left hand navigation to create the columns for the table
7. Click the “Click Here to Add” a column tab to add a column
8. Click the Save button to save your table
In your newly created table, enter the following sample data (Image 2).
Create a simple query that pulls information from the Currency Exchange Rate table that will allow a simple currency exchange calculation.
From the Homepage, select Create.
Select Query.
3. In the query builder locate the Currency Exchange Rate table and drag it to the “FROM” line (Image 3).
You will find the Currency Exchange Rate table in the “Sandbox” domain. To expand the “Sandbox” domain, click on the gray arrow (or double click)
4. In the “SELECT” line drag and drop the “Rate” column and enter in the following (Image 4):
SELECT [Rate] * @Amount AS 'Converted Amount'
You will find the Rate column by expanding the Currency Exchange Rate table, similarly to expanding the “Sandbox” domain
5. Enter in the following for the WHERE clause (Image 5):
WHERE [Deleted] IS NULL
AND [Currency 1] = @Currency_1
AND [Currency 2] = @Currency_2
6. Click the Execute (or play) icon to run the query (Image 6):
7. Test the query by entering in the following and clicking the submit button (Image 7):
@Amount: 100
@Currency_1: CAD
@Currency_2: USD
8. Save the Query by clicking on the Info tab (Left Navigation) 9. Enter in the following details for the query (Image 8):
10. Click the Save button (Image 9).
This page outlines multi-lingual support information.
POST
<Cinchy-URL>/API/Translate
Pass in a list of literal GUIDs, along with a language and region. If translations are found in that language, they will be returned.
If the translation exists in the language and region specified, it will be returned.
If the translation exists in the language but not the specified region, it will still be translated and returned.
If the GUID exists but it is not available in the specified language, the default text in the Literals table will return.
If the GUID does not exist or you do not have permission to it, it will return the GUID back as the translation.
There are 3 tables in Cinchy to provide language support.
[Cinchy].[Literal Groups]
[Cinchy].[Literals]
[Cinchy].[Literal Translations].
This table can optionally be used to group the translations. The default Cinchy strings belong to the Cinchy literal group. We recommend you create one literal group per applet or UI so you can retrieve the full list of GUIDs required for that page/applet easily.
This table defines all the strings that you want to translate.
String that displays if no translation is found for the language specified.
GUID used to refer to the literal. A UUID will be generated by default, but can be overrode using the Guid Override field to something more human-readable.
As mentioned above, this can be used to group your strings so they can be easily retrieved. Note that this is a multi-select so you can use a single literal for multiple applets (including using the default Cinchy literals and translations for custom applets).
This is the table where the translations are stored.
This is the translated string that is returned.
This is the literal the translation is for.
A language must be specified for a translation. Region can also be optionally specified for region specific words (ex. color vs colour).
This page outlines Step 3 of Deploying CinchyDXD: Installing the Data Experience
The install of a Data Experience is executed in a different environment than that of the export. Please ensure that before moving forward with the following instructions you have an environment to install the data experience into.The install of a data experience MUST be done in the same version. Your source and target environment version MUST be the same (e.g. Source Version = 4.11 | Target Version = 4.11)
Below are the details that will be required for the installation environment:
Source: <cinchy target url>
UserID: <target user id>
Password: <target password>
Using Powershell you will now install the Data Experience you have exported out of Cinchy.
1. Open the File Explorer and navigate to your DX exported folder (Image 1).
2. In the folder path URL for the exported data experience type in powershell to launch Powershell for that path (Image 2).
3. Hit Enter on your keyboard, the powershell window will appear (Image 3).
4. In the Powershell window, type in cin and hit tab on your keyboard (Image 4).
5. In the Powershell command line, type install (Image 5).
6. Hit Enter on your keyboard (Image 6).
The Powershell window will provide you with the required and optional components to install the DX.
7. You must now set up your mandatory install parameters
The parameters executed in Powershell can exist on one line in powershell, however for legibility (below) the parameters have been put on separate lines. If you are putting your parameters on separate lines you will be required to have backticks quote ` for the parameters to execute
Sample:
.\CinchyDXD.ps1 install`
-s "<target Cinchy url>" `
-u "<target user id>" `
-p "<target password>" `
-c "C:\Cinchy CLI v4.0.2" `
-d "C:\CLI Output Logs" `
Be sure that the user(s) and group(s) required to install a DX are existing in your target environment. If they are not, Powershell will generate an error message when you attempt to install the DX.
8. Enter the install parameters into the Powershell window (Image 7).
9. Hit Enter on your keyboard to run the install command. Once the Data Experience has been installed you will get a message in Powershell that the install was completed (Image 8).
Ensure that the Models Table is populated in the target environment with the model that was installed (Image 9).
2. Ensure that the Currency Exchange Rate table exist in the target environment (Image 10).
3. Ensure that the Currency Converter query exist in the target environment (Image 11).
4. Ensure that the Data Experience Definitions table is populated with the DX parameters that were set up in the source environment (Image 12).
5. Ensure that the Data Experience Releases table in the target environment is populated (Image 13).
This page contains various Integration Guides
There are various methods you can use to establish a connection between Cinchy and Microsoft Excel, such as using Basic Auth, Personal Access Tokens, or Bearer Tokens.
Review each section below for further details.
Excel connects to queries within Cinchy, therefore prior to using any of the connection methods below you will need to create one that represents your dataset. Once created, you will need to copy down the , located as a green button on the right-hand side of the Execute Query screen.
The structure of the URL endpoint is <your Cinchy instance URL>/API/<the name of your query>. You might optionally have querystring parameters at the end as well.
For example: http://your.cinchy.instance.domain/API/YourQueryDomain/API Test
Note that for Basic Authentication with a result format of CSV we will use a slightly different URL endpoint. For Basic Auth: /API/ becomes /BasicAuthAPI/ For CSV results you will add the querystring parameter of ResultFormat=CSV
Our example URL for an basic auth using CSV results would then become: http://your.cinchy.instance.domain/BasicAuthAPI/YourQueryDomain/API Test?ResultFormat=CSV
Launch Excel and navigate to Data > Get Data > From Other Sources > Blank Query (Image 1).
In the expression box that appears, enter the below text to add in your query as your data source (Image 2):
=Csv.Document(Web.Contents("API ENDPOINT URL"))
Example:
=Csv.Document(Web.Contents("http://your.cinchy.instance.domain/BasicAuthAPI/YourQueryDomain/API Test?ResultFormat=CSV"))
Once you've entered that text either click the check mark to the left of the input box or click away and it will automatically attempt to run the expression.
The data may return in HTML format initially and not be what you're expecting. To correct this:
Click the Data Source Settings.
Select Basic and enter the credentials for a Cinchy User Account that has access to run this query.
Click OK.
Within the Edit Permissions dialogue, click OK.
Within the Data Source Settings dialogue, click Close.
Click Refresh Preview.
Click Close & Load and your dataset will be displayed in the Excel worksheet.
Launch Excel and navigate to Data > From Web.
Click Advanced and input the following values (Image 3):
HTTP Request Header Parameters:
In the first text box input Authorization
In the second text box type Bearer + your PAT. For example: "Bearer BGFHFHOJDF76DFDFD777"
Click OK.
Click Load to use the query data in Excel (Image 4).
Launch Excel and navigate to Data > From Web.
Click Advanced and input the following values (Image 5):
HTTP Request Header Parameters:
In the first text box input Authorization
In the second text box type Bearer + your token. For example: "Bearer eyUzI1NiIsImtpZCI6IkE4M0UwQTFEQTY1MzE0NkZENUQxOTFDMzRDNTQ0RDJDODYyMzMzMzkiLCJ0eXAiO"
Click OK.
Click Load to use the query data in Excel (Image 6).
There are various methods you can use to establish a connection between Cinchy and Power BI, such as using Basic Auth, Personal Access Tokens, or Bearer Tokens.
Review each section below for further details.
The structure of the URL endpoint is <your Cinchy instance URL>/API/<the name of your query>. You might optionally have querystring parameters at the end as well.
For example: http://your.cinchy.instance.domain/API/YourQueryDomain/API Test
Note that for Basic Authentication with a result format of CSV we will use a slightly different URL endpoint. For Basic Auth: /API/ becomes /BasicAuthAPI/ For CSV results you will add the querystring parameter of ResultFormat=CSV
Our example URL for an basic auth using CSV results would then become: http://your.cinchy.instance.domain/BasicAuthAPI/YourQueryDomain/API Test?ResultFormat=CSV
Launch Power BI and navigate Get Data > Web (Image 7)
6. In the window that launches, you will enter the below text, using your own URL endpoint where highlighted (Image 8):
=Csv.Document(Web.Contents(
"http://your.cinchy.instance.domain/BasicAuthAPI/YourQueryDomain/API Test?ResultFormat=CSV"
))
7. Click on the checkmark icon and Power BI will automatically attempt to run the expression (Image 9).
8. Click Edit Credentials > Basic (Image 10). Enter the credentials for a Cinchy User Account that has access to run this query and select the level at which to apply these settings. By default it's the root URL.
This process of entering your credentials won't occur with each query, it's just the first time and then they're saved locally.
10. Click Connect to see your data (Image 11).
11. You can now apply any transformations to the dataset.
In this example we also changed the name from Query1 to Product Roadmap and have edited to use the first row as a header (Image 12).
12. Click Close & Apply. The metadata now shows up on the right hand side and you can begin to use it to create your visualizations (Image 13).
Launch Power BI and navigate to Get Data > Web.
Click Advanced and input the following values (Image 14):
HTTP Request Header Parameters:
In the first text box input Authorization
In the second text box type Bearer + your PAT. For example: "Bearer BGFHFHOJDF76DFDFD777"
Click OK.
Click Load to use the query data in Power BI.
You can now apply any transformations to the dataset.
In this example we also changed the name from Query1 to Product Roadmap and have edited to use the first row as a header (Image 15).
Click Close & Apply. The metadata now shows up on the right hand side and you can begin to use it to create your visualizations (Image 16).
Launch Power BI and navigate to Get Data > Web.
Click Advanced and input the following values (Image 17):
HTTP Request Header Parameters:
In the first text box input Authorization
In the second text box type Bearer + your token. For example: "Bearer eyUzI1NiIsImtpZCI6IkE4M0UwQTFEQTY1MzE0NkZENUQxOTFDMzRDNTQ0RDJDODYyMzMzMzkiLCJ0eXAiO"
Click OK.
Click Load to use the query data in Power BI.
Cinchy exposes a Tableau Web Data Connector that provides access to Cinchy Saved Queries as data sources in Tableau. Tableau versions 2019.2+ are supported.
An active internet connection is required in order to use the Web Data Connector.
To get started, you must add a record into the Integrated Clients
table in the Cinchy
domain with the below values.
Launch Tableau
Under Connect
-> To a Server
select the Web Data Connector
option
Enter the URL from the Permitted Login Redirect URLs
field on the Integrated Clients
record created under the Prerequisites section above
The Cinchy login screen will appear, enter your credentials
Select one or more queries to add to your data set. The result of each query will be available as a Table in Tableau. If a query has parameters, you will be prompted to provide the parameter values before you can add it to your collection.
Click the Load button
The Cinchy query results will now be accessible for you to create your visualization.
This page outlines Step 2 of Deploying CinchyDXD: Packaging the Data Experience
The CinchyDXD utility is used to take all of the components (e.g. tables, queries, views, formatting rules, UDF’s etc…) of a DX and package them up so they can be moved from one environment to another.
Remember that all objects need to be created in one source environment (ex: DEV). From there, DXD will be used to push them into others (ex: SIT, UAT, Production).
The CinchyDXD utility is only required (made accessible) for the environment that is packing up the data experience. It is not required for the destination (or target) environment.
For CinchyDXD to work, you must have CinchyCLI installed. For further installation instructions please refer to CLI () documentation
To access the Data Experience Deployment utility please contact Cinchy support (support@cinchy.com).
To download the Utility:
Login to Cinchy
Navigate to the Releases Table
Select the Experience Deployment Utility View
Locate and download the utility (e.g. Cinchy DXD v1.3.1.zip)
The CinchyDXD utility is only upwards compatible with Cinchy version 4.6+
5. Unzip the utility and place the folder at any location on a computer that also has CinchyCLI installed
6. Create a new folder in the same directory that will hold all of the DX exports generated (e.g. CinchyDXD_Output) (Image 1).
This folder will then hold all of your deployment packages.
7. Launch a Powershell console window
8. From the console, navigate to the CinchyDXD directory (Image 2 and 3).
From within your file explorer window (folder: Cinchy DXD v.X) type “Powershell” into the file path. It will launch a Powershell window already at the folder path
There is a one-time powershell setup that is required when using CinchyDXD.
From your Powershell window type cin
Hit Tab on your keyboard (Image 4).
3. Hit Enter on your keyboard (Image 5).
You will get an error message (above) that CinchyDXD.ps1 cannot be loaded because the running script is disabled.
To resolve this error:
4. From your start menu, search for Powershell and select Run as Administrator (Image 6).
5. When prompted “if you want to allow this app to make changes on your device”, select Yes.
6. In your Powershell Administrator window enter Set-ExecutionPolicy RemoteSigned (Image 7).
7. Hit Enter on your keyboard (Image 8).
8. When prompted with the Execution Policy Changes, enter A for “Yes to All”
9. Close the Powershell Administrator window
10. Navigate back to your Powershell window for the CinchDXD v.X window
11. From your Powershell window type cin
12. Hit Tab and then Enter on your keyboard (Image 9).
The basic CinchyDXD instructions will be displayed. You will be able to execute commands such as exporting and installing a Data Experience.
There are four tables in Cinchy that are used for packing up and deploying a Data Experience (Image 10).
The Data Experience is defined and packed in what will be referred to moving forward as the “Source Environment”. Where the environment that the Data Experience will be deployed to will be referenced to as the “Target Environment”.
Data Experience Definition Table: Where the data experience is defined (e.g. tables, queries, views, formatting rules, UDF’s etc.)
Data Experience Reference Data Table: Where we define any data that needs to move with the Data Experience for the experience to work (e.g. lookup values, static values that may need to exist in tables - it typically would not be the physical data itself)
Data Experience Releases Table: Once a Data Experience is exported, an entry is created in this table for the export containing:
Version Number
Release Binary is the location where you can archive/backup your release history in Cinchy Please Note: if you have your own release management system, you do have the option to opt out of archiving the releases in Cinchy and check the release into your own source control
Release Name
Data Experience
Data Experience Release Artifact Table: Stores all of the files that are part of the Data Experience package as individual records along with all of the binary for each record
When setting up a Data Experience definition, you will need one definition for each Data Experience you wish to package and deploy to a given number of Target Environments.
Locate and open the Data Experience Definitions table (Image 11).
2. Complete the following (Image 12):
If you make changes to the DX in the future, you are NOT required to build a new Data Experience Definition in this table, you will update the existing definition. If you need to review what the definition looked like historically, you can view it via the Collaboration log.
When setting up a Data Experience Reference Data definition, you will need one (1) definition for each Reference Data table you wish to package and deploy with your Data Experience to the Target Environment.
This table set up will be similar to how you would set up a CLI.
Locate and open the Data Experience Reference Data table (Image 13).
Based on the configuration set up in this table, Cinchy will export the data and create CSV and CLI files.
Please note in this example we do not have Reference Data as part of our Data Experience.
Using Powershell you will now export the Data Experience you have defined within Cinchy.
Launch Powershell and navigate to your CinchyDXD folder (Image 14).
Reminder: you can launch Powershell right from your file explorer window in the CinchyDXD folder by entering in the folder path “powershell” and hitting enter on your keyboard. Saving you an extra step of navigating to the CinchyDXD folder manually in Powershell (Image 15).
2. In the Powershell window type in cin and hit Tab on your keyboard (Image 16).
3. Hit Enter on your keyboard, you will see a list of commands that are available to execute (Image 17).
4. In the Powershell command line hit your “up” arrow key to bring back the last command and type export next to it (Image 18).
5. Hit Enter on your keyboard (Image 19).
The Powershell window will provide you with the required and optional components to export the data experience.
6. You must now set up any mandatory export parameters
The parameters executed in Powershell can exist on one line in powershell, however for legibility (below) the parameters have been put on separate lines. If you are putting your parameters on separate lines you will be required to have backticks quote ` for the parameters to execute.
Please ensure that you are using the sample below as a sample. You will be required to provide values that correspond to:
the URL for the source environment
the User ID for the user who is performing the export
the Password for the user who is performing the export
your folder path for where CLI is stored
your folder path for where the CLI output files are written to
the GUID for the Data Experience that is generated in the Data Experience Definition table
your own version naming convention
your folder path for where your CinchyDXD output files are written to
Sample:
.\CinchyDXD.ps1 export `
-s "<cinchy source url>" `
-u "<source user id>" `
-p "<source passsword>" `
-c "C:\Cinchy CLI v4.0.2" `
-d "C:\CLI Output Logs" `
-g "8C4D08A1-C0ED-4FFC-A695-BBED068507E9" `
-v "1.0.0" `
-o "C:\CinchyDXD_Output" `
7. Enter the export parameters into the Powershell window (Image 20).
8. Hit Enter on your keyboard to run the export command.
Powershell will begin to process the export. Once the export is complete, Powershell will provide you with an export complete message (Image 21).
Ensure that the DXD Export Folder is populated (Image 22).
2. Ensure that the Data Experience Release table is populated in the source environment (Image 23).
3. Ensure that the Data Experience Release Artifacts table is populated in the source environment (Image 24).
If needed, to generate a new Personal Access Token (PAT).
URL Parts: This is the Query API URL that you created in the section.
If needed, to generate a Bearer Token.
URL Parts: This is the Query API URL that you created in the section.
Power BI connects to queries within Cinchy, therefore prior to using any of the connection methods below you will need to create one that represents your dataset. Once created, you will need to copy down the , located as a green button on the right-hand side of the Execute Query screen.
If needed, to generate a new Personal Access Token (PAT).
URL Parts: This is the Query API URL that you created in the section.
If needed, to generate a Bearer Token.
URL Parts: This is the Query API URL that you created in the section.
Column 1
Column Name: Currency 1
Data Type: Text
Advanced Settings:
Select Mandatory
Leave all other defaults
Column 2
Column Name: Currency 2
Data Type: Text
Advanced Settings:
Select Mandatory
Leave all other defaults
Column 3
Column Name: Rate
Data Type: Number
Advanced Settings:
Set Decimal Places to 4
Select Mandatory
Leave all other defaults
CAD
USD
0.71
USD
CAD
1.40
Query Name
Currency Converter
Icon + Colour
Choose your own icon
Return
Query Results (Approved Data Only)
Domain
Sandbox
API Result Format
JSON
Description
This query is a test query for building and deploying a data experience for currency conversion
Column
Value
Client Id
tableau-connector
Client Name
Tableau
Grant Type
Implicit
Permitted Login Redirect URLs
Permitted Logout Redirect URLs
Permitted Scopes
Id, OpenId, Email, Profile, Roles
Access Token Lifetime (seconds)
3600
Show Cinchy Login Screen
Checked
Enabled
Checked
Column
Definition
GUID
This value is calculated, please note this value will be required as one of your export parameters in Powershell
Name
This is the Name of your Data Experience
Tables
Select all tables that are part of the Data Experience
Integrated Clients
Select any integrated clientes (e.g. Tableau, PowerBI, custom integrations) that are part of the Data Experience
Data Sync Configurations
Select any data syncs (e.g. CLI’s experience needs to work) that are part of the Data Experience
Reference Data
Select any reference data that is part of the Data Experience. Please note that the setup of the reference data is done in the table called Data Experience Reference Data (see step 2 below for setup details)
User Defined Functions
Select any user defined functions (e.g. validate phone, validate email) that are part of the Data Experience
Models
Select any custom models that override columns or tables in your Data Experience, if there are none - leave blank
Groups
Select any groups that are part of the Data Experience (when moving groups, it will also move all table access [design] controls)
System Colours
Select a system colour (if defined) for the Data Experience
Saved Queries
Select any queries that are part of the Data Experience
Applets
Select any appletes that are part of the Data Experience
Formatting Rules
Select any formatting rules that are part of the Data Experience
Literal Groups
Select any literals that are associated to the Data Experience (e.g. key values with English and French definitions)
Builder
Select the builder(s) who have permission to export the Data Experience
Builder Groups
Select the builder group(s) that have permission to export the Data Experience
Note: Best Practice is to use a Group over a User. Users within groups can fluctuate, where the Group (or Role) will remain. This will require less maintenance moving forward
Sync GUID
Leave this column blank
Column
Value
Name
Currency Converter
Tables
Currency Exchange Rate (Sandbox)
Saved Queries
Currency Converter
Builder Groups
Currency Converters
Column
Definition
Name
This is the Name of your Reference Data Table, note this name can be anything and does not have to replicate the actual table name
Ordinal
The ordinal number assigned will identify the order in which the data is loaded and required based on dependencies within the data experience. For example if you have tables that have hierarchies in them, you will need to load the parent records first and then load your child records which would then resolve any links in the table.
Filter
This is where a WHERE clause would be required. For example, if you have a table that has hierarchies, you would require two rows within the Data Experience Reference Data table. One to load the parent data and one to load the children data. In the parent record a filter WHERE clause would be needed to filter all parent records. In the second record in the filter column a WHERE clause in another in the secord record that would be needed to filter the children records.
New Records
Identify the behaviour of a new record (e.g. insert, update, delete, ignore)
Change Records
Identify the behaviour of a changed record (e.g. insert, update, delete, ignore)
Dropped Records
Identify the behaviour of a dropped record (e.g. insert, update, delete, ignore)
Table
Identify the table that you are exporting data from
Sync Key
Required (need definition)
Expiration Timestamp Field
If Dropped Records is set to “Expire” then a timestamp column is required
debug
boolean
Defaults to false if not specified. Debug true will explain why that string was returned as the translation.
region
string
Subtag from the Regions table. User's preferences will be used if not specified.
guids
array
Array of strings. Guids from the Literals table.
language
string
Subtag from the Languages table. User's preferences will be used if not specified.
Table Details
Values
Table Name
Currency Exchange Rate
Icon + Colour
Choose your own icon
Domain
Sandbox (if the domain does not exist, create it)
To create a domain on the fly:
Enter domain name in Domain field
Hit enter on keyboard
On the Confirm Domain window, click Yes
Description
This table is a test table for building and deploying a data experience for currency conversion
This page details the role of an Admin of the Cinchy Platform
The “Admins” of the Cinchy platform are users who belong to the "Cinchy Administrators" User Group.
Cinchy Admins can either be builders or non-builders (i.e. end-users).
Setting a user as an Admin does not supersede/change their role as an end-user vs builder.
Modify all table data (including system tables), all schema, and all data controls
This includes setting up and configuring users, assigning them to groups, and assigning which users have builder access
View all tables (including system tables) and queries in the platform
View all tables (including system tables) and queries in the platform
Modify data controls for tables
To view and manage who has administrator access, you will use the system table "Groups".
Note that you must have the correct entitlements set in order to view or access the "Groups" table. If you are part of the "Administrators" group already, then you can view all system tables by default.
A non-builder is able to view which users are part of the "Administrators" group via the "Groups" system table; either in the data browser or by using a saved query.
A builder is able to view which users are part of the "Administrators" group via the "Groups" system table; either in the data browser or by using a saved/ad-hoc query.
If you are an admin, you can also use the "Groups" table to add or remove users from the "Administrators" Group.
A Cinchy platform admin has the ability to manage and transfer their builder licenses between users through the following process:
As an Administrator, navigate to Users table (Image 1).
Navigate to the row pertaining to the user that you want to manage.
To remove Builder access, uncheck the following columns (Image 2):
Can Design Tables
Can Design Queries
To add Builder access, check the following columns (Image 2):
Can Design Tables
Can Design Queries
Ensure that you are not surpassing your Builder license limits when managing access.
This page details monitoring and logging for the Cinchy v5 platform when deployed on Kubernetes.
Cinchy v5 on Kubernetes offers and recommends a robust set of open-source tools and applications for monitoring, logging, and visualizing the data on your Cinchy instances.
Click on the respective tool below to learn more about it:
Opensearch comes with the ability to set up alerts based on any number of monitors. You can then push these alerts via email, should you desire.
Prior to setting up a monitor or alert, ensure that you have added your data source as an index pattern.
Definitions:
Monitor
A job that runs on a defined schedule and queries OpenSearch indices. The results of these queries are then used as input for one or more triggers.
Trigger
Conditions that, if met, generate alerts.
Alert
An event associated with a trigger. When an alert is created, the trigger performs actions, which can include sending a notification.
Action
The information that you want the monitor to send out after being triggered. Actions have a destination, a message subject, and a message body.
Destination
A reusable location for an action. Supported locations are Amazon Chime, Email, Slack, or custom webhook.
Your destination will be where you want your alerts to be pushed to. Opensearch supports various options, however this guide will focus on email.
From the left navigation pane, click Alerting (Image 1).
2. Click on the Destinations Tab > Add Destination
3. Add a name to label your destination and select Email as type (Image 2)
4. You will need to assign a Sender. This is the email address that the alert will send from when you specify this specific destination. To add a new Sender, click Manage Senders (Image 3).
5. Click Add Sender
6. Add in the following information (Image 4):
Sender Name
Email Address
Host (this is the host address for the email provider)
Port (this is the Port of the email provider)
Encryption
Ensure that you authenticate the Sender, else your alert will not work.
7. You will need to assign your Recipients. This is the email address(es) that will receive the alert when you specify this specific destination. To add a new Recipient, you can either type their email(s) into the box, or click Manage Senders to create an email group (Image 5).
8. Click Update to finalize your Destination.
You will need to authenticate your sender to allow emails to come through. Please contact Cinchy Customer Support to help you with this step.
Via email: support@cinchy.com
Via phone: 1-888-792-6051
Through the support portal: Support Portal
Your monitor is a job that runs on a defined schedule and queries OpenSearch indices. The results of these queries are then used as input for one or more triggers.
From the Alerting dashboard, select Monitors > Create Monitor (Image 6).
2. Under Monitor Details, add in the following information (Image 7).
Monitor Name
Monitor Type (This example uses Per Bucket)
Whereas query-level monitors run your specified query and then check whether the query’s results triggers any alerts, bucket-level monitors let you select fields to create buckets and categorize your results into those buckets.
The alerting plugin runs each bucket’s unique results against a script you define later, so you have finer control over which results should trigger alerts. Each of those buckets can trigger an alert, but query-level monitors can only trigger one alert at a time.
Monitor Defining Method: the way you want to define your query and triggers. (This example uses Visual Editor)
Visual definition works well for monitors that you can define as “some value is above or below some threshold for some amount of time.”
Query definition gives you flexibility in terms of what you query for (using the OpenSearch query DSL) and how you evaluate the results of that query (Painless scripting).
Schedule: Choose a frequency and time zone for your monitor.
3. Under Data Source add in the following information (Image 8):
Index: Define the index you want to use as a source for this monitor
Time Field: Select the time field that will be used for the x-axis of your monitor
4. The Query section will appear differently depending on the Monitor Defining Method selected in step 2 (Image 9). This example is using the visual editor.
To define a monitor visually, select an aggregation (for example, count()
or average()
), a data filter if you want to monitor a subset of your source index, and a group-by field if you want to include an aggregation field in your query. At least one group-by field is required if you’re defining a bucket-level monitor. Visual definition works well for most monitors.
A trigger is a condition that, if met, will generate an alert.
To add a trigger, click the Add a Trigger button (Image 10).
2. Under New Trigger, define your trigger name and severity level (with 1 being the highest) (Image 11).
3. Under Trigger Conditions, you will specify the thresholds for the query metrics you set up previously (Image 12). In the below example, our trigger will be met if our COUNT threshold goes ABOVE 10000.
You can also use keyword filters to drill down into a more specific subset of data from your data source.
4. In the Action section you will define what happens if the trigger condition is met (Image 13). Enter the following information to set up your Action:
Action Name
Message Subject: In the case of an email alert, this will be the email subject line.
Message: In the case of an email alert, this will be the email body.
Perform Action: If you’re using a bucket-level monitor, decide whether the action is performed per execution or per alert.
Throttling: Enable action throttling if you wish. Use action throttling to limit the number of notifications you receive within a given span of time.
5. Click Send Test Message, if you want to test that the alert functions correctly.
6. Click Save.
In this example, we are pushing an alert based on errors. We will monitor our Connections stream for any instance of 'error', and push out an alert when our trigger threshold is hit.
First we create our Monitor by defining the following (Image 14):
Index: In this example we are looking specifically at Connections.
Time Field
Time Range: Define how far back you want to monitor
Data Filter: We want to monitor specifically whenever the Stream field of our index is stderr (standard error).
This is how our example monitor will appear; it shows when in the last 15 days our Connections app had errors in the log (Image 15).
2. Once our monitor is created, we need to define a trigger condition. When this condition is met, the alert will be pushed out to our defined Recipient(s). In this example we want to be alerted when there is more than one stderr in our Connections stream (Image 16). Input the following:
Trigger Name
Severity Level
Trigger Condition: In this example, we use IS ABOVE and the threshold of 1.
The trigger threshold will be visible on your monitoring graph as a red line.
In this example, we are pushing an alert based on the kubectl.kubernetes.io/restartedAt annotation, which updates whenever your pod restarts. We will monitor this annotation across our entire product-mssql instance, and push out an alert when our trigger threshold is hit.
First we create our Monitor by defining the following (Image 17):
Index: In this example we are looking at our entire product-mssql instance.
Time Field
Query: This example is using the total count of the kubectl.kubernetes.io/restartedAt annotattion
Time Range: Define how far back you want to monitor. This example goes back 30 days.
This is how our example monitor will appear; it shows when in the last 30 days our instance had restarts (Image 18).
2. Once our monitor is created, we need to define a trigger condition. When this condition is met, the alert will be pushed out to our defined Recipient(s). In this example we want to be alerted when there is more than 100 restarts across our instance (Image 19). Input the following:
Trigger Name
Severity Level
Trigger Condition: In this example, we use IS ABOVE and the threshold of 100.
The trigger threshold will be visible on your monitoring graph as a red line.
In this example, we are pushing an alert based on status codes. We will monitor our entire instance for 400 status codes and push out an alert when our trigger threshold is hit.
First we create our Monitor by defining the following (Image 20):
Index: In this example we are looking across out entire product-mssql-1 instance.
Time Field
Time Range: Define how far back you want to monitor. In this example we are looking at the past day.
Data Filter: We want to monitor specifically whenever the Status Code is 400 (bad request).
This is how our example monitor will appear (note that there are no instances of a 400 status code in this graph) (Image 21).
2. Once our monitor is created, we need to define a trigger condition. When this condition is met, the alert will be pushed out to our defined Recipient(s). In this example we want to be alerted when there is at least one 400 status code across out instance (Image 22). Input the following:
Trigger Name
Severity Level
Trigger Condition: In this example, we use IS ABOVE and the threshold of 0.
The trigger threshold will be visible on your monitoring graph as a red line.
This page is about the analytics and visualization application Grafana, one of our recommended components for Cinchy v5 on Kubernetes.
Grafana is an open source analytics and interactive visualization web application. When connected to your Cinchy platform, it provides charts, graphs, and alerting capabilities (Image 1).
Grafana, and its paired application Prometheus (which consumes metrics from the running components in your environment) is the recommended visualization application for Cinchy v5 on Kubernetes.
Grafana has a robust library of documentation of tutorials designed to help you learn the fundamentals of the application. We have listed a few notable ones below:
When using the default configuration pairing of Grafana and Prometheus, Prometheus is already set up as a data source in your metrics dashboard.
There are some saved dashboards that come out of the box with your Cinchy deployment. These dashboards will provide a great jumping off point for your metrics monitoring, and you can always customize, manage, and add further dashboards at your leisure.
Navigate to the left navigation pane, select the Dashboards icon > Manage (Image 2).
2. You will see a list of all of the Dashboards available to you (Image 3). Clicking on any of them will take you to a full metrics view (Image 4).
3. You can favourite any of your commonly used or most important dashboards by clicking on the star (Image 5).
4. Once you have favourited a dashboard, you can easily find it by navigating to the left navigation pane, select the Dashboards icon > Home. This will open the Dashboards Home. You can see both your favourite and your recent dashboards in this view (Image 6)
Your Cinchy v5 deployment comes with some out-of-the-box dashboards premade for you. You are able to customize these to suit your specifications. The following are a few notable ones:
Purpose: This dashboard provides a general overview of your entire cluster including all of your environments and pods (Image 7).
Metrics:
The following are some example metrics that you could expect to see from this dashboard:
CPU Usage
CPU Quota
Memory Usage
Memory Requests
Current Network Usage
Bandwidth (Transmitted and Received)
Average Container Bandwidth by Namespace
Rate of Packets
Rate of Packets Dropped
Storage IO & Distribution
Purpose: This dashboard is useful for looking at environment specific details (Image 8). You can use the namespace drop down menu to select which environment you want to visualize (Image 9). This can be particularly helpful during load testing. You are also able to drill down to a specific workload by clicking on its name.
Metrics:
The following are some example metrics that you could expect to see from this dashboard:
CPU Usage
CPU Quota
Memory Usage
Memory Quota
Current Network Usage
Bandwidth (Transmitted and Received)
Average Container Bandwidth by Workload
Rate of Packets
Rate of Packets Dropped
Grafana allows you to set up push alerts against your dashboards and queries. Once you have created your dashboard, you can follow the steps below to set up your alert.
Grafana does not have the capability to run alerts against queries with template variables.
To send emails out from Grafana, you need to configure your SMTP. This would have been done in the automations script run during your initial Cinchy v5 deployment. If you did not input this information at that time, you must do so before setting up your email alerts.
Your notifications channel refers to who will be receiving your alert. To set one up:
Click on the Alert icon on the left navigation tab (Image 10), and locate "Notifications Channel"
2. Click the "Add a Channel" button
3. Add in the following parameters, including any optional checkboxes you wish to use (Image 11):
Name: The name of this channel
Type: You have several options here, but email is the most common
Addresses: Input all the email addresses you want to be notified of this alert, separated by a comma
4. Click Test to send out a test email, if desired.
5. Save your Notification Channel
The following details how to set up alerts on your dashboards. You can also set up alerts upon creation of your dashboard from the same window.
Navigate to the dashboard and dashboard panel that you want to set up an alert for. In this example, we are setting up an alert for CPU usage on our cluster.
Click on the dashboard name > Edit
Click on the Alert tab (Image 12).
4. Input the following parameters to set up your alert (Image 13):
Alert Name: A title for your alert
Alert Timing: Choose how often to evaluate and for how long. In this example it is evaluated every minute for five minutes.
Conditions: Here you can set your threshold conditions for when an alert will be sent out. In this example, it is sent when the average of query A is above 75.
Set what happens if there's no data, or an error in your data
Add in your notification channel (i.e., who will be sent this notification)
Add a message to accompany the alert.
Click Apply > Save to finalize your alert.
Click on an image to enlarge it.
Below are a few alerts we recommend setting up on your Grafana.
Set up this alert to notify you when the CPU Usage on your nodes exceeds a specified limit.
You can use the following example queries to set up a dashboard that will capture CPU Usage by Node (Image 14).
Set up your alert. This example uses a threshold limit of 75 (Image 15).
Set up this alert to notify you when the Memory Usage on your nodes exceeds a specified limit.
You can use the following example queries to set up a dashboard that will capture CPU Usage by Node (Image 16)
Set up your alert. This example uses a threshold limit of 85 (Image 17).
Set up this alert to notify you when the Disk Usage on your nodes exceeds a specified limit.
You can use the following example queries to set up a dashboard that will capture Disk Usage by Node (Image 18)
Set up your alert. This example uses a threshold limit of 80 (Image 17).
Set up this alert to check the amount of iowait from the CPU. A high value usually indicates a slow/overloaded HDD or Network.
You can use the following example queries to set up a dashboard that will capture the CPU Iowait (Image 19).
Set up your alert. This example uses a threshold limit of 60 (Image 19).
This capability was added in Cinchy v5.4.
Your Grafana password can be updated in your deployment.json file (you may have renamed this during your original deployment).
Navigate to "cluster_component_config" > "grafana".
The default password is set to "prom-operator"; update this with your preferred new password, written in clear text.
Run the below command in the root directory of your devops.automations repo to update your configurations. If you have changed the name of your deployment.json file, make sure to update the command accordingly.
4. Commit and push your changes.
5. If your environment is not set-up to automatically apply upon configuration,navigate to the ArgoCD portal and refresh your component(s). If that does not work, re-sync.
When deploying Cinchy v5 on Kubernetes, we recommend using Opensearch Dashboards for your logging. Opensearch is a community-driven fork of Elasticsearch created by Amazon, and it captures and indexes all of your logs into a single, easily accessible dashboard location. These logs can be queried, searched, and filtered, and Correlation IDs mean that they can also be traced across various components. These logging components take advantage of persistent storage.
Review some of the Opensearch documentation here:
The below sections will guide you through setting up your first Index, Visualization, Dashboard, and Alert.
Opensearch comes with sample data that you can use to get a feel of the various capabilities. You will find this on the main page upon logging in.
Navigate to your cinchy.kubernetes/environment_kustomizations/instance_template/worker/kustomization.yaml file.
In the below code, copy the Base64 encoded string in the value parameter.
Decode the value to retrieve your AppSettings.
Navigate to the below Serilog section of the code and update the "Default" parameter as needed to set your log level. The options are:
Verbose
Verbose is the noisiest level, rarely (if ever) enabled for a production app.
Debug
Debug is used for internal system events that are not necessarily observable from the outside, but useful when determining how something happened. This is the default setting for Cinchy.
Information
Information events describe things happening in the system that correspond to its responsibilities and functions. Generally these are the observable actions the system can perform.
Warning
When service is degraded, endangered, or may be behaving outside of its expected parameters, Warning level events are used.
Error
When functionality is unavailable or expectations broken, an Error event is used.
Fatal
The most critical level, Fatal events demand immediate attention.
Ensure that you commit your changes.
Navigate to ArgoCD > Worker Application and refresh.
The following are some common search patterns when looking through your Opensearch Logs.
If an HTTP request to Cinchy Web/IDP fails, check the page's requests and the relevant response headers to find the "x-correlation-id" header. That header value can be used to search and find all logs associated with the HTTP request.
When debugging batch syncs, filter the "ExecutionId" field in the logs for your batch sync execution ID to narrow down your search.
When debugging real time syncs, search for your data sync config name in the Event Listener or Workers logs to find all the associated logging information.
The first step to utilizing the power of Opensearch Dashboards is to set up an index to pull data from your sources. An Index Pattern identifies which indices you want to explore. An index pattern can point to a specific index, for example, your log data from yesterday, or all indices that contain your log data.
Login to Opensearch. You would have configured the access point during your deployment installation; traditionally it will be found at <baseurl>/dashboard.
If this is your first time logging in, the username and password will be set to admin/admin.
We highly recommend you update the password as soon as possible.
2. Navigate to the Stack Management tab in the left navigation menu (Image 1).
3. From the left navigation, click on Index Patterns (Image 2).
4. Click on the Create Index Pattern button.
5. To set up your index pattern, you must define the source. Opensearch will list the sources available to you on the screen below. Input your desired source(s) in the text box (Image 3).
You can use the asterisk (*) to match multiple sources.
6. Configure your index pattern settings (Image 4).
Time field: Select a primary time field to use with the global time filter
Custom index pattern ID: By default, Opensearch gives a unique identifier to each index pattern. You can use this field to optional override the default ID with a custom one.
7. Once created, you can review your Index Patterns from the Index Patterns page (Image 5).
8. Click on your Index Pattern to review your fields (Image 6).
You can easily pull out any data from your index sources and view them in a variety of visualizations.
From the left navigation pane, click Visualize (Image 7).
2. If you have any Visualizations, they will appear on this page. To create a new one, click the Create Visualization button (Image 8).
3. Select your visualization type from the populated list (Image 9).
4. Choose your source (Image 10). If the source you want to pull data from isn't listed, you will need to set it up as an index first.
5. Configure the data parameters that appear in the right hand pane of the Create screen. These options will vary depending on what type of visualization you choose in step 3. The following example uses a pie chart visualization (Image 11):
Metrics
Aggregation: Choose how you want your data aggregated. This example uses Count.
Custom Label: You can use this optional field for custom labelling.
Buckets
Aggregation: Choose how you want your data aggregated. This example uses Split Slices > Terms.
Field: This drop down is populated based on the index source your chose. Select which field you want to use in your visualization. This example uses machine.os.keyword.
Order By: Define how you want your data to be ordered. This example uses Metric: Count, in descending order of size 10.
Choose wheteher to group other values in a seperate bucket. If you toggle this on, you will need to label the new bucket.
Choose whether to show missing values.
Advanced
You can optionally choose a JSON input. These will be merged with the opensearch aggregation definition.
Options
The variables in the options tab can be used to configure the UI of the visualization itself.
6. There are a few ways to further focus your visualization:
Use DQL to search your index data (Image 12). You can also save any queries you write for easy access by clicking on the save icon.
Add a filter on any of your fields (Image 13).
Update your date filter (Image 14).
7. Click save when finished with your visualization.
Once you have created your visualizations, you can combine them together on one Dashboard for easy access.
You can also create new visualizations from the Dashboard screen.
From the left navigation pane, click on Dashboards (Image 15).
2. If you have any Dashboards, they will appear on this page. To create a new one, click the Create Dashboard button (Image 16).
3. The "Editing New Dashboard" screen will appear. Click on Add an Existing object (Image 17).
4. Select any of the visualizations you created and it will automatically add to your Dashboard (Image 18). Repeat this step for as many visualizations as you'd like to appear.
5. Click Save to finish (Image 19).
This capability was added in Cinchy v5.4.
Your Opensearch password can be updated in your deployment.json file (you may have renamed this during your original deployment).
Navigate to "cluster_component_config" > "opensearch".
There are two users that you can configure the passwords for: Admin and Kibana Server. Kibana Server is used for communication between the opensearch dashboard and the opensearch server. The default password for both is set to "password";. To update this, you will need to use a machine with docker available.
Update your Admin password:
Your password must be hashed. You can do so by running the following command on a machine with docker available, inputting your new password where noted:
2. Navigate to "opensearch_admin_user_hashed_password" and input your hashed password.
3. You must also provide your password in a base64 encoded format; input your cleartext password here to receive your new encoded password.
4. Navigate to "opensearch_admin_user_password_base64" and input your encoded password.
4. Update your Kibana Server password:
1. Your password must be hashed. You can do so by running the following command on a machine with docker available, inputting your new password where noted:
2. Navigate to "opensearch_kibanaserver_user_hashed_password" and input your hashed password.
3. You must also provide your new password in cleartext. Navigate to "opensearch_kibanaserver_user_password" and input your cleartext password.
5. Run the below command in the root directory of your devops.automations repo to update your configurations. If you have changed the name of your deployment.json file, make sure to update the command accordingly.
4. Commit and push your changes.
5. If your environment is not set-up to automatically apply upon configuration,navigate to the ArgoCD portal and refresh your component(s). If that does not work, re-sync.
This page serves as a general guide to using ArgoCD for monitoring purposes
ArgoCD is implemented as a kubernetes controller which continuously monitors running applications and compares the current, live state against the desired target state (as specified in your Git repo).
You can use ArgoCD's dashboard (Image 1) to visually monitor your namespaces and pods, and to quickly visualize deployment issues. It can easily show you what your cluster or pods are doing, and if they are healthy.
ArgoCD has a robust set of documentation that can help you to get started with the application. We recommend the following two pages:
Your ArgoCD dashboard contains a lot of important information about how your Cinchy instance is behaving.
The application tiles view is the default view when logging into ArgoCD. You can also access it through the grid widget in the upper right hand corner of the screen.
These application tiles each represent a pod in one of your Cinchy environments. By default, you should have an application tile for each of the following pods per namespace (Image 2):
Base
Connections
Event Listener
IDP
Maintenance CLI
Meta Forms
Web
Worker
Each application tile shows you some important information about the pod, including its health and sync status. You can easily use the Sync, Refresh, and Delete buttons to manage your pods.
You can also click the star button on any application title to favourite the associated pod.
The pie chart view (Image 3) shows an easy visualization of the health of your applications. Access this view by clicking on the pie chart widget located in the upper right hand corner of the screen.
You can filter your view so that it only shows certain data. You can find the various filter options from the Filter column on the left hand side of any of the data views.
Favorites Only: You can filter by only the tiles that you have favourited (Image 4).
Sync Status: You can easily view what is out of sync using this filter (Image 5).
Health Status: Check on the health of your applications by filtering using these parameters (Image 6).
Labels: Use these labels to filter by specific instances/environments (Image 7).
Projects: If you choose to group your applications into projects, you can filter them using this tile (Image 8).
Clusters: If you have more than one cluster, you can filter for it using the Clusters tile (Image 9).
Namespace: Lastly, you can filter by Namespace. The below example shows a filter based on the dev-aurora-1 namespace (Image 10).
To bring up a more detailed view of your applications, click on the application tile. This view will show you all of components, their health and their sync status (Image 11). You can use the top navigational buttons perform actions such as syncing, rolling back, or refreshing.
This view can be particularly useful for load testing, snice you can see each individual pod spinning up and down.
Quickly view the status of your apps by looking at the health and sync status along the top of the page (Image 12).
Clicking on any individual pod or component tile in this view will bring up its information, including a Summary, a list of Events, your Manifest, and Parameters (Image 13).
You can also use this screen to edit or delete applications.
From the detailed tile summary you can also set your sync policies, such as automation, resource pruning, and self healing (Image 14).
You can click on the "Logs" tab in your detailed summary page to view the applicable logs for your selected pod (Image 15). You can filter, follow, snooze, copy, or download any logs.
This page details the vales and functions of the Cinchy System Properties table.
System Properties is a table within Cinchy for managing system properties, such as default time zones, system lockout durations, password expirations, password properties, password attempts allowed etc.
The Default of the Systems Properties table is set up as follows (Image 1):
Please note that this table is case sensitive.
The System Properties requirements can be changed by an admin user simply by editing the 'Value' columns where applicable:
Users can set their own time zones in their user profile. If a user does not set one up, the system default time zone will take effect. If this property does not exist or is invalid, the default time zone will default to UTC.
The minimum password length is 8 characters. The length will always default to 8 if an invalid value is provided, or if you attempt to set it to less than 8. This number can be changed (i.e. made higher than 8) in the 'Value' column to require users to have longer passwords.
This property specifies whether symbols are required in a user's password. The 'Value' 0 means symbols are not required and 1 means they are required.
This property specifies whether numbers are required in a user's password. The 'Value' 0 means numbers are not required and 1 means they are required.
For a new password policy to take effect, you can set all user's Password Expiration Timestamp to yesterday. They will need to change their password the next time they attempt to log in.
This property specifies how many days until a password expires. This defaults to 90 but can be set to be shorter or longer by changing the number in the 'Value' column.
This property specifies how many bad password attempts a user can make before they are locked out of the system. The default is 3 but this can be set to be more or less attempts by changing the number in the 'Value' column.
This property specifies how long a user is locked out of the system once they've run out of bad password attempts. The default is 15 minutes but this can be set to be shorter or longer by changing the number in the 'Value' column.
Note that an administrator can also go into the 'Users' table to manually unlock a user by clearing the Locked Timestamp.
You can add more blocked passwords to this list as well, and users will not be able to set their password to it (this can be used to add your company's name, or to import other blocked password lists). The check against the list is case insensitive.
Like other password policies, this check occurs when your password changes, so to enforce this you will need to set all passwords to be expired.
This is a property, defaulted to 0, that is simply responsible for showing this warning when a data owner is setting up or on a table (Image 2). It is the administrator's responsibility to set up a scheduled maintenance job for performing compression and erasure, and then to change the property to 1 so that the warning no longer appears.
There is a Cinchy table called Forbidden Passwords. This table comes with a prepopulated list of passwords from
-s
Server, i.e. Cinchy Base URL (ex. cinchy.com/Cinchy/)
-u
Username, this will need to be an account that is part of the Cinchy Administrators group
-p
Encrypted password (you can encrypt your password by using Cinchy.CLI.exe encrypt -t "plaintextpassword"
-t
Set a maintenance time window in minutes. Maintenance tasks will stop executing after the allotted time frame. This allows you to run this during an allotted maintenance window.
-h
This flag must be added if you are accessing Cinchy over https.
Property ID
Name
Value (Default)
2
Default Time Zone
Eastern Standard Time
12
Password Attempts Allowed
3
13
System Lockout Duration (minutes)
15
8
Minimum Password Length
8
9
Password Requires Symbols
1
10
Password Requires Numbers
1
11
Password Expiration (Days)
90
15
Maintenance Enabled
0