• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Streaming Home

Astra Streaming Documentation

    • Getting Started
    • Developing
      • Using Pulsar binaries with Astra Streaming
      • Using curl with Astra Streaming
      • Astra CLI
      • Astra Streaming Functions
      • Starlight for Kafka
      • Starlight for RabbitMQ
      • Producing and consuming messages
        • Astra Portal
        • Pulsar Cli
        • Client Applications
          • Java
          • Python
          • C#
          • Golang
          • Node.js
          • Spring
      • Change data capture (CDC)
        • CDC for Astra DB
    • Operations
      • Geo-replication
      • Astra Streaming Limits
      • Astra Streaming Pricing
      • Astra Streaming Regions
      • Monitoring Streaming Tenants
        • Scrape Astra Streaming metrics with Prometheus
        • External Prometheus and Grafana Integration
        • New Relic Integration
        • Grafana dashboards for Astra Streaming metrics
          • Overview dashboard
          • Namespace dashboard
          • Topic dashboard
      • Manage Tokens
      • Private connectivity
      • Enrollment FAQ
    • Guides and Examples
      • FAQs
      • Manage permissions
        • Use custom roles
      • Pulsar subscriptions
        • Exclusive
        • Shared
        • Failover
        • Key_shared
    • API Docs
      • Using the DevOps v2 API
      • API References
    • IO Connectors
    • Changelog
  • Astra Streaming Documentation
  • Operations
  • Private connectivity
Edit this Page

Private connectivity

To better protect your streaming connections, connect Astra Streaming to a private link service for inbound connectivity, or to a private endpoint for outbound connectivity.

Private connections are only available within the same cloud provider and region as your Astra Streaming cluster.

To open a private link service or private endpoint, open a support ticket and include the credentials required for your cloud provider.

Inbound traffic

Astra Streaming supports inbound traffic (i.e. Your private endpoint → Astra Streaming). The first inbound traffic pattern describes Pulsar, Kafka, and RabbitMQ messaging traffic, as well as Prometheus metrics traffic, flowing from a user’s private endpoint to Astra Streaming.

You create a connection to our private link service, and we route traffic to your Astra Streaming cluster. If you have multiple tenants, they can have different VPCs. The different VPCs will have the same private FQDN with differing VNETs. The traffic on different private end point connections is isolated until it reaches our load balancer.

The private link service pattern is the same across cloud providers, but the hostname will vary depending on your cloud provider and region.

Table 1. Inbound private link service endpoints
Service Endpoint pattern

Pulsar Messaging

pulsar-azure-eastus.private.streaming.datastax.com:6651

Kafka Messaging

kafka-azure-eastus.private.streaming.datastax.com:9093

RabbitMQ Messaging

rabbitmq-azure-eastus.private.streaming.datastax.com

Prometheus Metrics

prometheus-azure-eastus.private.streaming.datastax.com

Outbound traffic

Astra Streaming also supports private outbound traffic (i.e. Astra Streaming → Your private endpoint) on a case-by-case basis.

The outbound traffic pattern creates a private endpoint in Astra Streaming that connects to your private link service. We open a port on the tenant’s firewall (firewalls are per tenant) so connectors and functions (running in a dedicated namespace on our cluster) can connect to your private network.

To open an outbound private endpoint, open a support ticket and include the credentials required for your cloud provider.

Cloud provider credentials

For more on connecting to your cloud provider, see your cloud provider’s documentation. Each cloud provider will require different credentials to connect to the private endpoint.

Table 2. Cloud providers
Cloud provider Credentials required Documentation

AWS

AWS account number(s)

AWS Private Link

Azure

Azure subscription id(s)

Azure Portal

GCP

GCP project id(s)

GCP Private Service Connect

Manage Tokens Enrollment FAQ

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage