3. Configuring Data Connector


All the settings for DataConnector is in the web.config file. Use any text editor to modify it.



Add the connection strings that are required. In the current version, only Sql server is supported. The string should be in any of these formats:


Server=myServer; Database=myDataBase; User Id=myUsername; Password=myPassword;


Specific Sql server instance:

Server=myServer\myInstanceName; Database=myDataBase; User Id=myUsername; Password=myPassword;

PS! The connection string is Case Sensitive !

You need to set up two connectionstrings, one to use during the installation and for updates and one for use after installation is complete.
It is important to use the exact names in this example for the connectionstrings.


    <!-- Define your own database connection strings here. As many as you need. Name must be prefixed with "BA-" and be unique -->
    <add name="BA-SuperOffice_INSTALL" connectionString="myServer\myInstance; Database=SuperOffice; User Id=DBOWNER; Password=XXXX;" providerName="System.Data.SqlClient" />
    <add name="BA-SuperOffice" connectionString="myServer\myInstance; Database=SuperOffice; User Id=DBREADER; Password=XXXXX;" providerName="System.Data.SqlClient" />

NB! Do not use the same SQL user for installation and runtime.
 has to be a db_owner during installation and changed to a different user with db_datareader after the installation of the packages is complete.
During the installation of the SuperOffice packages in Business Analyze the db_owner will grant the needed rights to the db_datareader.
It`s important that the db_datareader user is created before the installation is started.

For the db_datareader user:
Disable "Enforce password policy"
Disable "Enfore password expiration"

myServer can be either a name or an ip address.

You may add as many Sql server connections as required. The name attribute must always be prefixed with “BA-“ (case sensitive). Remove any connections that are not required.
Make sure the user in the connection string has the required privileges, but not excessive ones.

Remove the default NORTHWIND connection string. Its only purpose is to serve as a template.

Verify service installation

Open your browser and access the service from an external ip address. This is easy to achieve if you turn off wifi on your cell phone and access the external ip address through 3G or 4G. One might also test from any browser. It should look like this if everything is ok:

If you get an error message from IIS it is probably something wrong on the server side and you need to verify the steps you have been through.

Please ensure that Metadata Publishing is disabled in the Web.config file. It should never be enabled in a production environment. It should look like this:


A security token is required to enable communication between the Business Analyze Cloud environment and a specific instance of the DataConnector. It is part of the security mechanism and ensures that parties that share the token may communicate with each other. Otherwise, communication is impossible. Every installed instance of the DataConnector has a unique security token. It is generated in the Data Central in your Business Analyze installation.

New Data Source --> use Business Analyze Data Connector --> Create Token

<!-- Security token must match definition in DataCentral --> <add key="SecurityToken" value="11111111-1111-1111-1111-111111111111" />



This feature may be used to further improve security. However, it requires that the windows server is setup to synchronize its clock every day or so. If your server always has an accurate clock inform Business Analyze and we will measure the time difference between the local server and our cloud environment, and get this setting optimized. Otherwise, leave it as it is. The default is 60 seconds. In practice, this means that the communication will fail if the computer differ by more than 60 seconds. See the

<!-- Time difference tollerance setting in milliseconds - optimal value decided in cooperation with Business Analyze -->
<add key="TimeDiffToleranceMs" value="60000" />

In the Data Central in your Business Analyze application it looks like this:


If enabled exceptions will be written to text file. Only native exceptions for the DataConnector are dumped. Sql exceptions are not incuded here.

<!-- Enable debug mode if value unlike 0: Exceptions will be written to unique file. Not Sql exceptions.-->
<add key="Debug" value="0"/>



This is the path used by the Debug and LoqRequest settings. Make sure the path exists and that the IUSR has write access to it.

<!-- This path must exist and the IUSER must have WRITE access to it. Used by Debug & LogRequest -->
<add key="DebugFilePath" value="C:\temp" />



If enabled all incoming requests are dumped to text file. All request details are included.

<!-- Enable request logging to file if value unlike 0 -->
<add key="LogRequest" value="0"/>


Final touches

IP forwarding

You will most likely need a rule in the external firewall that forwards traffic to the server where the DataConnector is installed.


IP restrictions set in external FIREWALL

It is a good idea to add a rule in the customers firewall so it ignores requests that do not originate from BA Online.
The source IP address from the BA Online environment is
The source IP address from the Data Sync service is


IP restrictions set in IIS (may not be applicable if using ip restriction above)

To improve security it is a good idea to restrict access when possible. Ip restrictions lets us do exactly that. All the requests will be coming from a single ip address.
Open the IIS manager, select the relevant application in the tree menu, and click the “IP Address and Domain Restrictions” icon.

Click the icon and click “Add Allow Entry…”. Select “Specific IP address” and enter and

You also need to check the settings for unspecified clients.

Click "Edit Feature Settings..."

This is the only two ip addresses that the DataConnector should accept requests from.



Verify installation from the Data Central in the Business Analyze application

In the Data Central you have the ability to verify the installation and perform a couple of other useful functions. You have to be an administrator and have a Developer license to perform this task.

Go to System Administration -> Data Central, and select the data source you wish to modify, or create a new one.

This is what the dialog has to offer: