Firewall configuration for Cloudera Observability

Connecting Telemetry Publisher to Cloudera Observability through endpoint services creates a secure connection between your CDP Data Hub cluster and the Cloudera Observability cloud service.

The Cloudera Telemetry Publisher service collects metrics from various components in a CDP Data Hub cluster and securely sends these metrics by way of the Hypertext Transfer Protocol Secure (HTTPS) protocol and the Transport Layer Security (TLS) encryption over the internet to Cloudera Observability.

Enabling secure communication from a CDP Data Hub cluster to the Cloudera Observability service that runs on an Amazon Web Services (AWS) cloud platform, requires that Telemetry Publisher connects to Cloudera Observability through the following endpoint services:

Depending on your cloud region, pair an Endpoint #1 (EC2 service) with an Endpoint #2 (S3 service) as follows:
  • For a US-based Control Plane cloud region, pair Endpoint #1 (EC2 service):
    https://dbusapi.us-west-1.sigma.altus.cloudera.com
    with Endpoint #2 (S3 service):
    https://cloudera-dbus-prod.s3.amazonaws.com
  • For a EU-based Control Plane cloud region, pair Endpoint #1 (EC2 service):
    https://dbusapi.eu-1.cdp.cloudera.com
    with Endpoint #2 (S3 service):
    https://mow-prod-eu-central-1-sigmadbus-dbus.s3.eu-central-1.amazonaws.com
  • For a AP-based Control Plane cloud region pair Endpoint #1 (EC2 service):
    https://dbusapi.ap-1.cdp.cloudera.com
    with Endpoint #2 (S3 service):
    https://mow-prod-ap-southeast-2-sigmadbus-dbus.s3.ap-southeast-2.amazonaws.com

Where, these endpoints map to a dynamic IP address in AWS. For more information on the IP address ranges, see the Amazon documentation.

You can also configure a HTTP proxy between Telemetry Publisher and Cloudera Observability. In this configuration, the proxy acts as a HTTP tunnel for the encrypted TLS communication between Telemetry Publisher and Cloudera Observability.