Connection Details for Deployment of PubSub+ Cloud Components
The following summarizes the Operational Connectivity required in a deployment. From a security perspective, this information is important to help you understand the ports and access points required to deploy PubSub+ Cloud in a Customer-Controlled Region. The connection information may be an important consideration when you decide on the deployment solution for a Customer-Controlled Region.
Connection Details for Operational Connectivity
The following connection details are required for Kubernetes deployments, such as Azure Kubernetes Service (AKS), Google Kubernetes Engine for Google Cloud (GKE), and Amazon Elastic Kubernetes Service (EKS). These connections are required for the Operational Connectivity when you deploy PubSub+ Cloud to Customer-Controlled Regions.
If you want to use a PubSub+ Cloud connection to Event Portal to discover runtime data and use runtime configuration for your event broker services, you must also configure operational connectivity for the cloud-based Event Management Agent as outlined in the table below. For more information see Cloud-Based Event Management Agent in Dedicated and Customer-Controlled Regions.
For more information about the security architecture for Customer-Controlled Regions, see Deployment Architecture for Kubernetes and Security Architecture for Customer-Controlled Regions.
For some connections, there are different regional sites as indicated in the table below.
| Connection | Host | IP Addresses | Port | Description |
|---|---|---|---|---|
| Mission Control Agent to PubSub+ Home Cloud |
Regional Site for United States (US): |
Regional Site for United States:
|
55443 |
TLS encrypted SMF traffic between the Mission Control Agent and the Home Cloud. For more information, see Information Exchanged Between the PubSub+ Home Cloud and the Mission Control Agent. |
|
Regional Site for Australia (AUS):
|
Regional Site for Australia:
|
|||
|
Regional Site for Singapore (SG):
|
Regional Site for Singapore:
|
|||
|
Regional Site for European Union (EU):
|
Regional Site for European Union:
|
|||
| Datadog Agents to Datadog Servers |
|
There are multiple IP addresses that must be configured for both the Mission Control Agent and the event broker services. For the Mission Control Agent: You must configure the addresses directly to Datadog. See https://ip-ranges.datadoghq.com/ for information. For event broker services: This is required for monitoring traffic to the central monitoring service (Datadog). For details about the external IP addresses, see Getting the IP Addresses for Monitoring Traffic. |
443 |
Required for monitoring traffic and metrics. TLS encrypted traffic between each Datadog agent (one per Solace pod, including Mission Control Agent) and Datadog server. Note for the Mission Control Agent, you must configure the addresses directly. |
| Kubernetes to Solace Container Registry | gcr.io( storage.googleapis.com ) |
This is not a single fixed IP address but can be proxied. |
443 |
Required to download Solace's Container images. TLS encrypted traffic between each Kubernetes cluster and Note: You do not need to allow this host and port combination if you choose to configure an image repository in your data center to mirror Solace's Container Registry ( For more information, see the Solace Container Registry information in Connectivity Model for Kubernetes Deployments. |
| Mission Control Agent to PubSub+ Home Cloud | maas-secure-prod.s3.amazonaws.com
|
N/A |
443 |
Required to download the certificate files for the created event broker service. |
|
|
N/A |
443 |
This is a unique value for each private data center. Refer to the table of bucket names when deploying PubSub+ Cloud. |
|
| Cloud-based Event Management Agent to Event Portal |
Regional Site for United States (US):
|
Regional Site for United States:
|
55443 |
TLS encrypted SMF traffic between the Event Management Agent and the Home Cloud. For more information, see Cloud-Based Event Management Agent in Dedicated and Customer-Controlled Regions. |
|
Regional Site for Australia (AUS):
|
Regional Site for Australia:
|
|||
|
Regional Site for Singapore (SG):
|
Regional Site for Singapore:
|
|||
|
Regional Site for European Union (EU):
|
Regional Site for European Union:
|
S3 Bucket Names for Gathered Diagnostics
As detailed in the table in Connection Details for Operational Connectivity above, the host address to an Amazon S3 bucket is required for gathering diagnostics. Replace {bucket_name} in the ${bucket_Name}.s3.amazonaws.com string with the appropriate value from the S3 Bucket Name column in the table below. When selecting the S3 bucket, choose the one that is geographically closest to the region where your event broker services are being deployed.
| S3 Bucket Name | AWS Region |
|---|---|
| solace-gd-af-south-1 | Africa (Cape Town) – af-south-1 |
| solace-gd-ap-northeast-1 | Asia Pacific (Tokyo) – ap-northeast-1 |
| solace-gd-ap-northeast-2 | Asia Pacific (Seoul) – ap-northeast-2 |
| solace-gd-ap-northeast-3 | Asia Pacific (Osaka) – ap-northeast-3 |
| solace-gd-ap-south-1 | Asia Pacific (Mumbai) – ap-south-1 |
| solace-gd-ap-southeast-1 | Asia Pacific (Singapore) – ap-southeast-1 |
| solace-gd-ap-southeast-2 | Asia Pacific (Sydney) – ap-southeast-2 |
| solace-gd-ca-central-1 | Canada (Central) – ca-central-1 |
| solace-gd-eu-central-1 | EU (Frankfurt) – eu-central-1 |
| solace-gd-eu-north-1 | EU (Stockholm) – eu-north-1 |
| solace-gd-eu-west-1 | EU (Ireland) – eu-west-1 |
| solace-gd-eu-west-2 | EU (London) – eu-west-2 |
| solace-gd-eu-west-3 | EU (Paris) – eu-west-3 |
| solace-gd-us-east-1 | US East (N. Virginia) – us-east-1 |
| solace-gd-us-east-2 | US East (Ohio) – us-east-2 |
| solace-gd-us-west-1 | US West (N. California) – us-west-1 |
| solace-gd-us-west-2 | US West (Oregon) – us-west-2 |