Configuring your Firewall

Connecting Telemetry Publisher to Workload XM through endpoint services creates a secure connection between your on-premises CDH cluster and the Workload XM cloud service.

The Cloudera Telemetry Publisher service collects metrics from various components in a CDH cluster and securely sends these metrics by way of the Hypertext Transfer Protocol Secure (HTTPS) protocol and the Transport Layer Security (TLS) encryption over the internet to Workload XM.

Enabling secure communication from an on-premises CDH cluster to a Workload XM cloud service that runs on an Amazon Web Services (AWS) cloud platform, requires that Telemetry Publisher connects to Workload XM through the following endpoint services:
  • Endpoint #1 (EC2 service):
  • Endpoint #2 (S3 service):

Where, these endpoints map to a dynamic IP address in AWS us-west-2. For more information on the IP address ranges, see the Amazon documentation.

You can also configure a HTTP proxy between Telemetry Publisher and Workload XM. In this configuration, the proxy acts as a HTTP tunnel for the encrypted TLS communication between Telemetry Publisher and Workload XM.