> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Private Networking for Catalog Integration

When integrating StreamNative Cloud with external catalog providers in production environments, you may need to configure private network connections to ensure that traffic between StreamNative Cloud and your catalog and storage services does not traverse the public internet.

Private networking for lakehouse catalog integration involves two components:

* **Storage connectivity** — Private network connections between StreamNative Cloud and your object storage (S3, GCS, or Azure Blob Storage).
* **Catalog connectivity** — Private network connections between StreamNative Cloud and your catalog provider.

The following diagram shows the network path between StreamNative Cloud and the catalog and storage services over private connectivity.

```mermaid theme={null}
flowchart TB
    subgraph BYOC["StreamNative BYOC VPC"]
        Cluster["BYOC Cluster"]
        subgraph Endpoints["Private Endpoints"]
            StorageEP["Storage Private Endpoint"]
            CatalogEP["Catalog Private Endpoint"]
        end
    end

    Storage["Object Storage"]
    Catalog["Catalog Provider"]

    Cluster -->|"storage traffic"| StorageEP --> Storage
    Cluster -->|"catalog traffic"| CatalogEP --> Catalog

    classDef byoc fill:#dbeafe,stroke:#2563eb,color:#1e3a8a
    classDef edge fill:#fde68a,stroke:#b45309,color:#451a03
    classDef ext  fill:#ede9fe,stroke:#7c3aed,color:#4c1d95
    class Cluster byoc
    class StorageEP,CatalogEP edge
    class Storage,Catalog ext
    style Endpoints fill:#fffbeb,stroke:#f59e0b,color:#92400e
```

## Prerequisites

* A StreamNative BYOC cluster deployed on AWS, GCP, or Azure.
* A registered catalog in StreamNative Cloud. See [Register Catalog](/cloud/lakehouse/catalogs/register-catalog).
* An active integration with a supported catalog provider. See the [External Tables Integrations](/cloud/lakehouse/external-tables/external-tables-overview) for setup guides.

## Storage private connectivity

Private network connections between StreamNative Cloud and object storage are handled differently depending on the cloud provider.

<Tabs>
  <Tab title="AWS">
    On AWS, StreamNative configures private network connections to Amazon S3 endpoints by default in all StreamNative environments. The S3 VPC endpoint is configured per VPC.

    **No action is required on your side.** All traffic between your StreamNative BYOC cluster and S3 stays within the AWS private network automatically.
  </Tab>

  <Tab title="GCP">
    On GCP, StreamNative configures private network connections to Google Cloud Storage (GCS) endpoints by default in all StreamNative environments. The GCS private endpoint is configured per network.

    **No action is required on your side** in most cases. All traffic between your StreamNative BYOC cluster and GCS stays within the Google private network automatically.

    **Exception — Shared VPC:** If your BYOC cluster runs in a [Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc), StreamNative cannot modify the network in the host project. You must configure private connectivity to GCS yourself by either:

    * Enabling [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access) on the subnets used by the cluster, or
    * Creating a [Private Service Connect endpoint for Google APIs](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis) (see [Shared VPC deployment patterns](https://cloud.google.com/vpc/docs/private-service-connect-deployments) for host-project guidance).
  </Tab>

  <Tab title="Azure">
    On Azure, you must configure a private endpoint for your Azure Storage account to enable private connectivity between StreamNative Cloud and your storage.

    To set up a private endpoint for your storage account, follow the instructions in the Azure documentation:
    [Configure Azure Storage private endpoints](https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints).
  </Tab>
</Tabs>

## Catalog private connectivity

To establish private network connections between StreamNative Cloud and your catalog provider, follow the guide for your catalog provider:

<CardGroup cols={2}>
  <Card title="Snowflake Open Catalog" icon="snowflake" href="/cloud/lakehouse/catalogs/private-networking/snowflake-open-catalog">
    Configure private connectivity to Snowflake Open Catalog using AWS PrivateLink, GCP Private Service Connect, or Azure Private Link.
  </Card>

  <Card title="Snowflake Horizon Catalog" icon="snowflake" href="/cloud/lakehouse/catalogs/private-networking/snowflake-horizon-catalog">
    Configure private connectivity to Snowflake Horizon Catalog using AWS PrivateLink, GCP Private Service Connect, or Azure Private Link.
  </Card>

  <Card title="Databricks Delta Lake" icon="database" href="/cloud/lakehouse/catalogs/private-networking/databricks-unity-catalog">
    Configure private connectivity to Databricks Unity Catalog for Delta Lake using AWS PrivateLink, GCP Private Service Connect, or Azure Private Link.
  </Card>

  <Card title="Databricks Iceberg" icon="database" href="/cloud/lakehouse/catalogs/private-networking/databricks-iceberg">
    Configure private connectivity to Databricks Unity Catalog for Iceberg using AWS PrivateLink, GCP Private Service Connect, or Azure Private Link.
  </Card>

  <Card title="Amazon S3 Tables" icon="aws" href="/cloud/lakehouse/catalogs/private-networking/s3-tables">
    Private connectivity for Amazon S3 Tables on AWS. Configured by default — no action required.
  </Card>

  <Card title="Google BigLake" icon="google" href="/cloud/lakehouse/catalogs/private-networking/google-biglake">
    Private connectivity for Google BigLake on GCP. Configured by default — no action required.
  </Card>
</CardGroup>