GCP outbound network access destinations
If you have limited outbound internet access (for example due to using a firewall or proxy), review this content to learn which specific outbound destinations must be available in order to register a CDP environment.
The following list includes general destinations as well as GCP-specific destinations.
General endpoints
Description/Usage |
CDP service |
Destination |
Protocol and Authentication |
IP Protocol/Port |
Comments |
|---|---|---|---|---|---|
Cloudera CCMv1 Persistent Control Plane connection |
All services |
*.ccm.cdp.cloudera.com 44.234.52.96/27 |
SSH public/private key authentication |
TCP/6000-6049 |
One connection per cluster configured; persistent |
|
Cloudera CCMv2 Persistent Control Plane connection |
All services |
US-based Control Plane: *.v2.us-west-1.ccm.cdp.cloudera.com 35.80.24.128/27 35.166.86.177/32 52.36.110.208/32 52.40.165.49/32 EU-based Control Plane: *.v2.ccm.eu-1.cdp.cloudera.com 3.65.246.128/27 AP-based Control Plane: *.v2.ccm.ap-1.cdp.cloudera.com 3.26.127.64/27 |
HTTPS with mutual authentication |
TCP/443 |
Multiple long-lived/persistent connections |
Cloudera Databus Telemetry, billing and metering data |
All services |
US-based Control Plane: dbusapi.us-west-1.sigma.altus.cloudera.com *.s3.amazonaws.com EU-based Control Plane: api.eu-1.cdp.cloudera.com *.s3.amazonaws.com AP-based Control Plane:api.ap-1.cdp.cloudera.com *.s3.amazonaws.com |
HTTPS with Cloudera-generated access key for dbus HTTPS for S3 |
TCP/443 |
Regular interval for telemetry, billing, metering services, and used for Workload Manager if enabled. Larger payloads are sent to a Cloudera managed S3 bucket. |
Cloudera Manager parcels Software distribution |
Data Hub Data Lake |
archive.cloudera.com |
HTTPS |
TCP/443 |
Cloudera’s public software repository. CDN backed service; IP range not predictable. |
Control Plane API |
CDP API |
US-based Control Plane: api.us-west-1.cdp.cloudera.com EU-based Control Plane: api.eu-1.cdp.cloudera.comAP-based Control Plane: api.ap-1.cdp.cloudera.com |
HTTPS with Cloudera-generated access key |
TCP/443 |
Cloudera’s control plane REST API. |
SQL Stream Builder PostgreSQL driver install |
Data Hub: Streaming Analytics clusters |
pypi.org |
HTTPS |
TCP/443 |
SQL Stream Builder depends on the python3 PostgreSQL driver. This is only required for Runtime versions 7.2.11, 7.2.12 and 7.2.13. |
Learning Hub |
Machine Learning |
https://github.com/cloudera/learning-hub-content |
HTTPS |
TCP/443 |
Access Learning Hub in air-gapped environments |
GCP-specific endpoints
Description/Usage |
CDP service |
Destination |
Protocol and Authentication |
IP Protocol/Port |
Comments |
|---|---|---|---|---|---|
APIs |
All services |
storage.googleapis.com iamcredentials.googleapis.com |
HTTPS |
TCP/443 |
In addition to adding the listed destinations, you need to configure Private Service Connect. Private Service Connect lets you send traffic to Google APIs using a Private Service Connect endpoint that is private to your VPC network. To configure Private Service Connect, refer to Configuring Private Service Connect. |
