To enable a private link service or private endpoint for Astra Streaming, contact DataStax Support. Be prepared to provide the credentials required for your cloud provider.

Astra Streaming supports inbound traffic flowing from your private endpoint to Astra Streaming.

The first inbound traffic pattern describes Pulsar, Kafka, and RabbitMQ messaging traffic, as well as Prometheus metrics traffic, flowing from a user’s private endpoint to Astra Streaming.

You create a connection to the DataStax private link service, and then DataStax routes traffic to your Astra Streaming dedicated cluster. If you have multiple tenants, they can have different VPCs. Each VPC will have the same private FQDN with different VNETs. The traffic on separate private end point connections is isolated until it reaches the DataStax load balancer.

The private link service pattern is the same across cloud providers, but the hostname depends on your cloud provider and region:

On a case-by-case basis, Astra Streaming can support private outbound traffic flowing from Astra Streaming to your private endpoint.

The outbound traffic pattern creates a private endpoint in Astra Streaming that connects to your private link service. DataStax opens a port on the tenant’s firewall to allow connectors and functions running in a dedicated namespace on a Astra Streaming cluster to connect to your private network. Each tenant has its own firewall.

Each cloud provider requires specific credentials to connect to a private endpoint. For information about private link configuration and credentials, see your cloud provider’s documentation.