Connecting to AI Services¶
Integrating AI into IFS Cloud Remote or Remote-Hybrid deployment is essential to unlock the full suite of advanced capabilities embedded in the platform. Access to Copilot for contextual assistance within workflows, predictive analytics to support data-driven decision-making, and intelligent automation that streamlines complex operational processes.
This guide provides instructions for connecting an existing remotely deployed IFS Cloud environment to the AI platform as a tenant.
Overview¶
The integration between IFS Cloud and IFS AI platform enables secure communication via modern OAuth 2.0 authentication mechanisms between IFS Remote Tenants and IFA AI Services. Once configured, your deployment can take full advantage of AI-powered features that play a critical role in optimizing deployment efficiency, scalability, and long-term value.
Prerequisites¶
Ensure the following conditions are met before proceeding with the configuration:
- IFS Cloud Version: The deployment must be on version 25.1.1 or later.
- Network Access: The deployment must not be air-gapped; it must allow outbound communication to IFS AI URLs from the IFS Cloud application.
- Entitlements: All necessary entitlements for AI capabilities must be purchased.
- Access Studio Setup: Access Studio must be registered and configured.
- Tenant Provisioning: A tenant must be successfully provisioned via Access Studio, and the following must be obtained:
- Tenant URI
- Nonce (single-use token)
For details on provisioning tenants and setting up Access Studio, please refer to the official ALE documentation.
Configuration Steps - Connecting to IFS AI¶
To integrate your remotely deployed IFS Cloud environment with the IFS AI platform, follow these steps:
1. Update Installer Configuration¶
In your installer configuration file (customvalues.yaml
), add the following parameters:
accessStudioUrl | Tenant URL copied from Access Studio |
accessStudioNonceKey | Nonce received from Access Studio |
deploymentModel | Set to REMOTE |
nxsUri | Nexus Service URI |
mlServiceApi | Machine Learning Service API URL |
xdivServiceApi | XDIV Service API URL |
Ensure all values are accurate and securely stored.
2. Run Middle-Tier Installation¶
With the configuration in place, proceed with the middle-tier installation.
During this process:
- The nonce (valid for 24 hours and unique to each tenant) is exchanged for a refresh token with a longer validity (typically 6 months).
- The installer creates a Kubernetes secret named Nexus Access Studio, containing:
- The refresh token
- The updated tenant URI
This enables IFS Cloud services to securely authenticate and interact with the IFS AI platform via Curity.
Token Management¶
Validity & Rotation
- Refresh Token Validity: 6 months
- Automatic Rotation: Each new delivery or deployment automatically triggers a token rotation via the installer.
Secure Storage Requirements
The refresh token must be securely stored using one of the following:
- Enterprise Vault (e.g., HashiCorp Vault)
- Kubernetes Secret (ensure encryption at rest is enabled)
Post-Onboarding¶
Once onboarding is complete, the remote IFS Cloud environment is fully connected to the IFS AI platform. Users can now begin leveraging AI-enhanced services, driving smarter workflows, deeper insights, and operational efficiencies.