In the previous modules you learned about various networking architectures for connecting to Confluent Cloud. You should now be better prepared to decide which best matches your specific requirement. As you design a network architecture for Confluent Cloud, you need to keep in mind the data flow, which comes down to three things:
Each of the cloud networking options have different security behaviors, and varying levels of ease of use and access.
With secure public endpoints, you can access your Confluent Cloud cluster from anywhere. It’s easy to set up, and can be used for clients and services that span from on-premises environments to any private or public cloud.
With VPC or VNet direct peering, your cluster is only accessed over the peering connection. It requires a /16 CIDR range for the Confluent network, and provides bidirectional connectivity from your cloud network to the Confluent Cloud network. This allows managed connectors to access your private network data sources and data sinks.
AWS Transit Gateway builds on a peering network. It only works in AWS, but it removes the requirement for 1:1 peering connections. It also makes connectivity to cloud environments, or even your datacenter, much easier.
Finally, Private Link is a one-way connection that allows your clients to access Confluent Cloud, but not the other way around. It doesn’t require a /16 CIDR range, but it does require a custom zone in your DNS infrastructure. Also, because it uses just a set of endpoints, any client that can access the VPC or VNet where the private endpoints reside can access Confluent Cloud.
To sum it all up, this is what Confluent Cloud looks like from a network architecture perspective.
We have the control plane, which is always accessed over the internet, and is used for provisioning, management, and monitoring.
Most importantly, we have the data plane, which has the Internet-accessible schema registry, as well as your “Confluent Network”, which can be accessed over a secure public endpoint, over a peering connection (either directly, or through a transit gateway), or over a Private Link connection.
Thanks for joining us in this course.
We will only share developer content and updates, including notifications when new content is added. We will never send you sales emails. 🙂 By subscribing, you understand we will process your personal information in accordance with our Privacy Statement.