Completing your environment connectivity
Setting up direct connections
Organizations can manage their internal and customer networks in a variety of standard ways. You have access to applications and integration services deployed in the VPC through a secure Internet connection. Pega Cloud supports the following connectivity methods:
- Internet only
- Internet plus private connection
- Private connection only
For details, see Pega Cloud Services Networking.
Pega Cloud recognizes this variety, and supports the following optional networking methodologies of private network connectivity to your Pega Cloud subscription environments:
- AWS Direct Connect
- Virtual Private Cloud (VPC) Peering Connections
A VPN connection securely connects your existing network to your PCS environment through an IPSec VPN connection. For details, see the Pega Cloud VPN service article.
For a VPN alternative, Pega Cloud Services supports the Amazon Web Services (AWS) Direct Connect service between your PCS virtual private cloud (VPC) and your physical infrastructure. For details, see Configuring Amazon Web Services (AWS) Direct Connect in your Pega Cloud Services virtual private cloud.
Pega also supports using a virtual private cloud (VPC) peering connection to access your systems of record or transfer data between your Pega Cloud Services VPC and your Amazon VPC. VPC peering is a virtual connection within the AWS architecture that enables one-to-one networking connections between VPCs within the same region. For details, see Requesting a virtual private cloud (VPC) peering connection.
Adding IP Addresses to an allow list
Most clients whose Pega Cloud Services applications are private (i.e., not accessible through an open Internet connection) will use a VPN connection between their network and their PCS environments, to provide a secure connection. Your users must have access through the VPN in order to use the PCS applications.
Occasionally, there will be an exception you may wish to make to allow a trusted user to access your VPC without going through the VPN. The IP addresses for these trusted users can be placed on an allow list. IP addresses on an allow list permit you to create a list of trusted IP addresses or ranges from which your users can access your domains publicly or privately without using a VPN connection.
To set up an allow list for your IP addresses, your Cloud Security Contact must approve this action; they should enter an SR, which will then be reviewed and approved by Pega’s security team. For best security, only a small number of IP addresses should be added to an allow list.
Secure File Transfer Protocol (SFTP)
The Pega Cloud Services SFTP Service provides Pega Cloud Services clients with simple, secure file transfers to and from their Pega Cloud applications.
If you have licensed the Pega Marketing application, SFTP is provisioned by default. If you are not using Pega Marketing, but still wish to use SFTP, you may purchase this service.
For details on SFTP, please see Pega Cloud Services SFTP Service.