Private connectivity

Astra Streaming supports inbound traffic (i.e. Your private endpoint → Astra Streaming). The first inbound traffic pattern describes Pulsar, Kafka, and RabbitMQ messaging traffic, as well as Prometheus metrics traffic, flowing from a user’s private endpoint to Astra Streaming.

You create a connection to our private link service, and we route traffic to your Astra Streaming cluster. If you have multiple tenants, they can have different VPCs. The different VPCs will have the same private FQDN with differing VNETs. The traffic on different private end point connections is isolated until it reaches our load balancer.

The private link service pattern is the same across cloud providers, but the hostname will vary depending on your cloud provider and region.

Astra Streaming also supports private outbound traffic (i.e. Astra Streaming → Your private endpoint) on a case-by-case basis.

The outbound traffic pattern creates a private endpoint in Astra Streaming that connects to your private link service. We open a port on the tenant’s firewall (firewalls are per tenant) so connectors and functions (running in a dedicated namespace on our cluster) can connect to your private network.

To open an outbound private endpoint, open a support ticket and include the credentials required for your cloud provider.

For more on connecting to your cloud provider, see your cloud provider’s documentation. Each cloud provider will require different credentials to connect to the private endpoint.