Network migrations: benefits and impacts
The latest Pega Cloud Services infrastructure supports an enhanced network topology that uses allow list configurations for your Virtual Private Cloud (VPC).
The new network topology enables you to scale by adding new networks and environments without requiring subsequent allow list reconfigurations on your enterprise network. This requires a one-time Pega Cloud network migration for your environments, allowing you to take advantage of the Pega seamless infrastructure maintenance using the new network topology.
The network migration does not impact clients who do not add connections to their firewall allow list in their enterprise network or those who do not use the above allow list configurations. All existing clients must answer the questionnaire to consent to the migration. New clients automatically receive the new network topology and do not need to answer the questionnaire.
For verification consent purposes, you must answer a Pega-provided questionnaire to determine if your current allow list configurations require changes to support the new network topology. If the new network topology does not support your allow list configuration, Pega Cloud Services will work with you to ensure that your environment connectivity meets its required reconfiguration. After you verify that your allow list reconfigurations meet the requirements for the new network topology and consent to the migration, Pega Cloud Services completes the migration using a zero-downtime process.
For more information about allow list configurations, see Configuring public access between your Pega Cloud environment and your enterprise network.
Benefits of Pega Cloud Services network migration
Changes to your environments take effect following the network migration. The benefits of the enhanced network to the infrastructure include the items detailed below:
- Use of a more reliable and scalable Pega Cloud network infrastructure
- Enhances security of your underlying network infrastructure
- Enhances the stability of the software upgrade and patch and infrastructure update processes
For more information, see Pega Cloud Services maintenance and types of system updates.
Network migration planning considerations
The Pega Cloud network migration impact clients with the following allow list configurations:
- Inbound traffic from isolated environment types (Development, Staging, Production) from your Pega Cloud environment to your enterprise network.
- Inbound traffic from fully isolated environments of the same type (Development 1, Development 2) in your Pega Cloud environment to your enterprise network.
- Outbound traffic from your enterprise network to the Pega Cloud SFTP service to your Pega Cloud environment.
Pega Cloud Services proactively contacts you to plan the network migration to the new network topology. This communication includes a questionnaire that Pega uses to determine if you use the above allow list configurations. In order for the migration to proceed, you must reconfigure these allow lists. To see the questionnaire, see Preparing for the network migration questionnaire below.
For more information about allow list configurations, see Configuring public access between your Pega Cloud environment and your enterprise network.
Clients should plan to complete the following processes in order to proceed with the migration:
- Share the questionnaire with your enterprise network administrator and other relevant stakeholders to collaborate with Pega Cloud Services in determining allow list reconfiguration requirements for the network migration to proceed.
- Plan for the zero-downtime network migration to proceed within your next standard maintenance window.
- Clients who must reconfigure any of their allow lists must complete the following tasks:
- Reconfigure your allow lists using the new Pega-provided static IP addresses.
- Confirm with Pega Cloud Services that you updated your allow lists.
- Remove previously-used IP addresses for your Pega Cloud environment from the allow list.
If the network migration does not impact your allow list configurations, you still must answer the questionnaire to provide consent for the migration to proceed.
Pega responsibilities
During a network migration, Pega Cloud Services performs the following tasks:- Coordinates with the client to facilitate any required client-side networking changes to support the network migration.
- Sends the client a questionnaire via email correspondence to determine if they require allow list reconfigurations for the migration to proceed.
- If the client must reconfigure their allow list, Pega accomplishes the following tasks:
- Shares a set of new static IP addresses for the client to place on an inbound allow list to minimize impact to their network during the migration.
- For clients who added their SFTP connection to an allow list, provides the client with a new static IP address for their SFTP service.
- Confirms with the client that new static IP addresses are placed on an allow list.
- After the migration, shares a list of static IP addresses with the client that are no longer associated with the Pega Cloud environment for the client to remove from their enterprise network allow list.
Client responsibilities
To ensure the process maintains zero-downtime to transfer Pega Cloud environments to the new network topology, clients must perform the following tasks:
- Respond to Pega Cloud Services questionnaire that asks for the required enterprise network information.
- Confirm a standard maintenance window with Pega Cloud Services to execute the network migration.
- For all of your environments that require an allow list reconfiguration, complete the following tasks:
- Obtain necessary approvals from network administrators and other relevant stakeholders regarding inbound allow list changes to Pega Cloud environments.
- For clients who added their SFTP connection to an allow list, update the allow list with the new SFTP static IP address.
- Prior to the migration, update the allow list with the new Pega-provided static IP addresses.
- Confirm with Pega that you updated your allow lists.
- After completing the migration, remove the static IP addresses provided by Pega Cloud Services in the correspondence for your enterprise network inbound allow list.
Preparing for the network migration questionnaire
Pega Cloud Services sends the network migration questionnaire to all existing clients. The following table presents the content of the questionnaire and the implication of your reply to the email correspondence. Clients should review the table to understand which scenarios require network reconfigurations, and what actions you must complete before Pega Cloud proceeds with the migration. All clients who do not need any allow list reconfigurations must confirm this and approve the migration to proceed with the network migration.
Question | If yes: | If no: |
Does your current inbound allow list distinguish traffic coming from different Pega environments (Devtest, Staging, Production)? | Respond to the request with the following details:
| Pega Cloud Services sends you new static IP addresses for your Pega Cloud environment. After receiving the static IP addresses, perform the following tasks:
|
Does your current inbound allow list distinguish traffic between environments of the same type (such as Devtest 1 and Devtest 2)? | Update your inbound allow list to permit traffic that does not distinguish between individual environments of the same type coming from your Pega Cloud environment. | Pega Cloud Services sends you new static IP addresses for your Pega Cloud environment. After receiving the static IP addresses, perform the following tasks:
|
Does your outbound allow list from your enterprise network include your Pega-provided SFTP service IP address? | Pega Cloud Services sends you a new static IP address for your SFTP connection. After receiving the SFTP static IP address, perform the following tasks:
| Pega can perform the network migration without any further changes on your behalf. |
After the client provides their network information, Pega Cloud Services can effectively plan and execute a seamless migration process. For frequently asked questions about the network migration, see Network migration FAQ.