StreamNative Cloud supports the following networking solutions:

  • BYOC Clusters are accessible through secure public endpoints or Private Link connections.

    BYOC clusters support only one endpoint. If you use Private Link, your cluster will not have public endpoints, and you can access your cluster only from Private Endpoints in accounts you have registered with StreamNative Cloud.

  • BYOC Pro clusters are accessible through secure public endpoints, Private Link connections, VPC/VNet peering, or AWS Transit Gateway.

    BYOC Pro clusters can have multiple endpoints, including both public and private endpoints.

  • Serverless and Dedicated clusters are accessible through secure public endpoints.

All connections to StreamNative Cloud are encrypted with TLS 1.2 and require authentication using OAuth2 or API keys, regardless of network configuration.

After a cluster has been provisioned, you cannot change its networking solution type between public and private.

StreamNative Cloud uses the following ports and protocols for StreamNative Cloud services:

Control Plane Services

ServicePortProtocol
StreamNative Cloud Console443HTTPS
StreamNative Cloud API443HTTPS
StreamNative Metrics API443HTTPS

Data Plane Services

ServicePortProtocol
Pulsar Broker Service6651TLS
Pulsar HTTPS Service443HTTPS
Pulsar Websocket Service443TLS
Kafka Broker Service9093TLS
Kafka Schema Registry443HTTPS
Kafka Connect Admin Service443HTTPS
MQTT Service8883TLS

Considerations for public vs. private networking type

Using a private or public connectivity with StreamNative Cloud is a trade-off:

  • With private networking, your cluster cannot be accessed from the public endpoints, eliminating potential security threats.

  • Private networking requires you to manage the peered or linked networks to ensure all your client applications and developers have the needed access to StreamNative Cloud.

  • If you use private networking (VPC peering, VNet peering, or Private Links), you cannot directly connect from your local laptop or an on-premises data center to StreamNative Cloud.

    To do this, you must first route to a shared services VPC or VNet that you own and connect that to StreamNative Cloud using VPC/VNet peering (along with a proxy) or Private Link.

    If you are interested in this configuration for StreamNative Cloud, contact your StreamNative sales representative.

  • IP addresses for ingress public endpoints are not static. These ingress public endpoints include the endpoints of each StreamNative cluster, such as the Pulsar broker service, Pulsar admin service, Pulsar websocket service, Kafka broker service, Kafka schema registry, Kafka Connect admin service, and MQTT service. They also include the endpoints for StreamNative’s control plane services.

    The endpoints can assume any public IP, without a specific range.

  • Native Pulsar or Kafka clients are not designed to work seamlessly in forward proxy environments. If you are producing HTTPs records, consider using the REST API instead.

Public networking solutions

StreamNative Cloud provides secure and scalable data streaming services accessible via public endpoints. This public connectivity is available for all cluster types, offering flexibility and ease of access. Key features include:

  1. Cross-organization sharing: Services can be securely shared across different organizations.

  2. Availability: Public connectivity is available for all cluster types.

  3. BYOC flexibility: For BYOC clusters, public endpoints can be disabled if private networking is preferred.

  4. Enhanced security: All public endpoints are protected by a robust proxy layer, which provides defense against various network-level threats, including:

    • Denial of Service (DoS) attacks
    • Distributed Denial of Service (DDoS) attacks
    • SYN flooding
    • Other common network-level attack vectors

This combination of accessibility and security measures ensures that StreamNative Cloud can meet diverse organizational needs while maintaining a strong security posture.

Private networking solutions

StreamNative Cloud includes support for data streaming services that are shared privately with organizations on private networks and offer additional customization and controls for security and privacy. Private networking are currently supported in StreamNative BYOC (& BYOC Pro) clusters only.

StreamNative Cloud clusters using private networking solutions are not accessible from the public endpoints.

The following table summarizes the private networking solutions supported by StreamNative Cloud. For details on each solution, see the specific documentation for each networking type.

Cloud service providerSupported networing solutionSupported cluster type
AWSAWS PrivateLinkBYOC, BYOC Pro
AWS VPC peeringBYOC Pro
AWS Transit GatewayBYOC Pro
AzureAzure Private LinkBYOC, BYOC Pro
Azure VNet peeringBYOC Pro
Google CloudGoogle Cloud Private Service ConnectBYOC, BYOC Pro
Google Cloud VPC peeringBYOC Pro