Outbound network access destinations for GCP
If you have limited outbound internet access (for example due to using a firewall or proxy), review this content to learn which specific outbound destinations must be available in order to register a CDP environment.
The following list includes general destinations as well as GCP-specific destinations:
|Description/Usage||CDP service||Destination||Protocol and Authentication||IP Protocol/Port||Comments|
Persistent Control Plane connection
|All services||IP: 188.8.131.52/27
Hostname pattern: *.ccm.cdp.cloudera.com
|SSH public/private key authentication||TCP/6000-6049||One connection per cluster configured; persistent.|
Telemetry, billing and metering data
HTTPS with Cloudera-generated access key for dbus
HTTPS for S3
|TCP/443||Regular interval for telemetry, billing, metering services, and used for Workload Manager if enabled. Larger payloads are sent to a Cloudera managed S3 bucket.|
|Cloudera Manager parcels
|archive.cloudera.com||HTTPS||TCP/443||Cloudera’s public software repository. CDN backed service; IP range not predictable.|
|HTTPS||TCP/443||In addition to adding the listed destinations, you need to configure
Private Service Connect. Private Service Connect lets you send traffic to Google
APIs using a Private Service Connect endpoint that is private to your VPC network.
To configure Private Service Connect, refer to Configuring Private Service Connect.