Firewall configuration for Cloudera Observability
Connecting Telemetry Publisher to Cloudera Observability through endpoint services creates a secure connection between your CDP Data Hub cluster and the Cloudera Observability cloud service.
The Cloudera Telemetry Publisher service collects metrics from various components in a CDP Data Hub cluster and securely sends these metrics by way of the Hypertext Transfer Protocol Secure (HTTPS) protocol and the Transport Layer Security (TLS) encryption over the internet to Cloudera Observability.
Enabling secure communication from a CDP Data Hub cluster to the Cloudera Observability service that runs on an Amazon Web Services (AWS) cloud platform, requires that Telemetry Publisher connects to Cloudera Observability through the following endpoint services:
- For a US-based Control Plane cloud region, pair Endpoint #1 (EC2
service):
https://dbusapi.us-west-1.sigma.altus.cloudera.com
with Endpoint #2 (S3 service):https://cloudera-dbus-prod.s3.amazonaws.com
- For a EU-based Control Plane cloud region, pair Endpoint #1 (EC2
service):
https://dbusapi.eu-1.cdp.cloudera.com
with Endpoint #2 (S3 service):https://mow-prod-eu-central-1-sigmadbus-dbus.s3.eu-central-1.amazonaws.com
- For a AP-based Control Plane cloud region pair Endpoint #1 (EC2
service):
https://dbusapi.ap-1.cdp.cloudera.com
with Endpoint #2 (S3 service):https://mow-prod-ap-southeast-2-sigmadbus-dbus.s3.ap-southeast-2.amazonaws.com
Where, these endpoints map to a dynamic IP address in AWS. For more information on the IP address ranges, see the Amazon documentation.
You can also configure a HTTP proxy between Telemetry Publisher and Cloudera Observability. In this configuration, the proxy acts as a HTTP tunnel for the encrypted TLS communication between Telemetry Publisher and Cloudera Observability.