Connect Overview and Infrastructure Requirements

*This article is in progress and may be updated at any time*


Connect (formerly Aviso Connect) is a software package offered by Watermark Student Success & Engagement that permits the SS&E hosted platform to integrate with an institution’s on-premise systems.

This guide provides information regarding prerequisites for the connector implementation and the various setup and configuration requirements of an institution.

Connect includes the following benefits for transfer of data between the institution and Student Success & Engagement or SS&E (formerly Aviso Engage).

See Import Process and Infrastructure Summary for more information.

  • Amazon Corretto is needed and is the Java JRE/JDK that is used by Connect.
  • Connect 2 does not use Apache Tomcat.

Software Requirements 

Connect runs on infrastructure provided by the institution. 

Institution to Provide 

The Institution will provide a virtual machine with the following: 

  1. A Windows 64 bit OS. Windows must be Windows 2016 R2 64-bit or newer.
  2. Minimum of 20GB of RAM. 
  3. Minimum of 80GB of disk space (at least 40GB available).
  4. The server must be configured to use a global time service (NTP or like) to ensure its clock is consistent with the SS&E platform. This is required by the security implementation. 
  5. Remote Access (RDP over VPN or other means) to the created virtual machine for Watermark staff. 
  6. Access to the SIS and LMS data stores or APIs as supported. 
    Note: For Connect Method 1: CSV via Informer, CSVs must be able to export to the virtual machine or a network/share drive accessible to the service account user.
  7. A local or network user with the following privileges (this can be the same user as above):
    • Local admin on server
    • Right to run a scheduled task (Log on as a batch job)
    • Ability to run a service (if using Connect Method 1: CSV)
    • Account must have local administrative rights so we can install programs with administrative privileges and use command prompt as an administrator. 
    • Ability to copy and paste to the server.
  8. Installation of all of the following:
  9. TLS 1.2 should be set as the default. If you are getting an error in the update script that the connection was closed while trying to run invoke-webrequest, use [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  10. Required outbound firewall connections for the data gathering and pushing process:
    • HTTPS -
      Used to pull the Accelerate configuration from the SS&E instance.
    • HTTPS - https://{institution_acronym}
      Used to push log entries back to SS&E.
    • SFTP -
      Used to push Connect files to SS&E.
    • HTTPS:
      Used for the Connect app to automatically update itself.
    • HTTPS - https://{institution_acronym}
      Used to connect to the SS&E web application. This is only needed in special cases.

Important: Student Success & Engagement solutions run on the AWS cloud.

As a result the rules above must use domain names and NOT try to use IP addresses.

Should an institution try to determine the IP address of a given URL it could change at any time without warning and their rule would no longer function.

Watermark to Provide 

Watermark SS&E Professional Services staff will install the following: 

  1. Installation and configuration of the Connect software. 
  2. Installation of Apache Drill for advanced querying capabilities (if using Connect Method 1: CSV)


Authentication/authorization is implemented via a filter that intercepts all requests to the application.

  • There are no users, just allowed/not allowed.
  • The connector requires all requests to be posts.
  • SS&E sends multiple arguments and some firewall implementations strip out header values, therefore all requests are posts with json payloads.
  • The json payload must contain three items: a salt, timestamp, and signature in a map format.
  • The salt is generated uniquely for every request from SS&E.
  • The salt is then appended to the millisecond unix timestamp and hmac sha256 encoded with the password to form the signature.
  • In this manner, the password is never sent across the network.
  • Finally, the securityFilter password that the connector uses to generate the same signature as what is being sent from SS&E is located in the Connect configuration file on the filesystem. 

Advanced Caching 

  • Connect stores in RAM a hash key for each record extracted.
  • It does this so that comparisons can be done when SS&E requests new data, providing only changes in data to the SS&E instance for processing.
  • This significantly decreases load times.
  • The hosted instance of SS&E can clear the cache by way of an HTTPs call to the connector.
  • A restart of the application server also clears the cache.
  • Both cause a full data load to take place. 

Data compression 

Data is compressed and zipped by the SS&E Connector before being sent to the SS&E instance. This reduces the bandwidth required for such transit. 

Ongoing Support 

Watermark Student Success & Engagement develops and supports the Connect codebase. Connect is versioned with the core SS&E platform to ensure version compatibility. 

The institution is responsible for the virtual machine and on-going support of the installed software packages that Watermark provides.

Depending on the support package purchased by the institution, additional support may be provided by Watermark SS&E Professional Services staff to help with ongoing troubleshooting and maintenance. 

Articles in this section

See more
How to Contact Support
There are many ways to reach out! Click here for our support options.
Watermark Academy
Click to access the Watermark Academy for consultation, training, and implementation companion courses.
Watermark Customer Community
Engage and connect with others!