Introducing DeltaStream Private Links

PreviousSecuring Your Connections to Data Stores NextCreating an AWS Private Link from DeltaStream to your Confluent Kafka Dedicated Cluster

Last updated 3 months ago

Introducing DeltaStream Private Links

Private links enable you to securely connect DeltaStream to a data store or schema registry in your private VPC without exposing your data to the public internet. Sensitive data never leaves your private network perimeter. You can securely access a storage platform, then query your data however you wish.

There are separate setup instructions for each of 4 storage platforms:

In addition to more robust security, the benefits of using private links can include:

faster performance due to lower latency and higher bandwidth (since network traffic does not leave the AWS internal network)
improved regulatory compliance by effectively isolating sensitive data within a private network environment. This lowers the risk of a data breach; decreases the potential attack surface for malicious actors; and makes possible fine-grained access controls on private endpoints.
streamlined network management
lower network data transfer cost within AWS

Private links are specific both to your DeltaStream organization and to your data store’s AWS region. Setup is important; the steps are exacting and involve using the DeltaStream command line interface (CLI) in tandem with your Confluent Cloud or AWS management console. In broad steps, you:

Create a test cluster (typical but not always necessary).
Use the DeltaStream CLI to build the SQL that instantiates the private link request from the DeltaStream platform. This involves providing details such as region, endpoint service name, resource ARNs, and DNS information, in your Confluent Cloud or AWS account console that you then copy and paste into the SQL you’re writing.
Establish connectivity between the two systems; when you establish an MSK or RDS PostgreSQL private link you must accept private link requests made by DeltaStream to your AWS account. Similarly, from within the Confluent Cloud dashboard you must also accept private link connections made to Confluent Cloud dedicated clusters.

Here are the instructions for creating private links:

Creating a private link to Confluent Cloud Kafka
Creating a private link to Confluent Cloud Enterprise
Creating a private link to MSK Postgres
Creating a private link to AWS MSK

PreviousSecuring Your Connections to Data Stores NextCreating an AWS Private Link from DeltaStream to your Confluent Kafka Dedicated Cluster

Last updated 3 months ago

There are separate setup instructions for each of 4 storage platforms:

In addition to more robust security, the benefits of using private links can include:

faster performance due to lower latency and higher bandwidth (since network traffic does not leave the AWS internal network)
improved regulatory compliance by effectively isolating sensitive data within a private network environment. This lowers the risk of a data breach; decreases the potential attack surface for malicious actors; and makes possible fine-grained access controls on private endpoints.
streamlined network management
lower network data transfer cost within AWS

Create a test cluster (typical but not always necessary).
Use the DeltaStream CLI to build the SQL that instantiates the private link request from the DeltaStream platform. This involves providing details such as region, endpoint service name, resource ARNs, and DNS information, in your Confluent Cloud or AWS account console that you then copy and paste into the SQL you’re writing.
Establish connectivity between the two systems; when you establish an MSK or RDS PostgreSQL private link you must accept private link requests made by DeltaStream to your AWS account. Similarly, from within the Confluent Cloud dashboard you must also accept private link connections made to Confluent Cloud dedicated clusters.

Here are the instructions for creating private links:

Creating a private link to Confluent Cloud Kafka
Creating a private link to Confluent Cloud Enterprise
Creating a private link to MSK Postgres
Creating a private link to AWS MSK