Pega Cloud Services networking details
Pega Cloud® maintains a robust set of networking and security controls that enables you to take advantage of the power of Pega Platform™, strategic applications, and third-party integrations delivered as a cloud-delivered service. Pega Cloud provisions development, staging, and production environments on separate connections within a single virtual private cloud (VPC) that is hosted in an Amazon region for public, private, and hybrid connectivity.
Connecting to Pega Cloud
You have access to applications and integration services deployed in your VPC through a secure internet connection. Pega Cloud supports the following connectivity methods:
This option supports secure internet access for all user traffic, such as hosted applications and Dev Studio, as well as integration services traffic.
Private connection only
For private network connectivity, several private access services for connection traffic are available.
Internet plus private connection
This option includes secure internet access for all user traffic, as described above, as well as the option to have private access services to your private network for all inbound and outbound traffic.
Accessing the Pega VPC
Each client environment within the client VPC supports a series of Pegasystems application computing resources. You can connect to each application with a public IP address and a private IP address. During the client onboarding delivery process, Pega Cloud disables inbound traffic (client to Pega Cloud environment) by default and only enables inbound traffic based on your application needs. Pegasystems allows all outbound traffic (Pega Cloud environment to client) for each instance by default.
In your Pega Cloud environment, your connections originate from a pool using three static source IP addresses to connect to your enterprise network. This highly available connection system offers a secure, flexible, and scalable way to integrate with your enterprise network. All environments in your Pega Cloud environment share from this pool of static source IP addresses.
Pega does not use IP addresses to resolve to your Pega Cloud environments. Instead, Pega Cloud relies on the DNS server in each client enterprise network for communication between all client environments and the public internet. During onboarding, Pega requests your DNS name resolution protocol; as long as the DNS server in your enterprise environment provides name resolution, you have access to your Pega applications. Depending on the capabilities of your DNS server, Pega Cloud can support both IPv4 and IPv6 protocols.
Pega Cloud assigns each client a single public domain for public internet access for their Pega VPC. In addition, Pega Cloud maintains a private host zone for internal communications.
Pega uses the following naming convention for the public domain:
Pega uses the following naming convention for the private host zone:
Pega also provides the option for clients to use a customized domain, for example:
For details about creating a custom domain, see Requesting a custom domain name for applications hosted in Pega Cloud.
If you only want remote access to your private servers or private services through the Pega Cloud environment, Pega Cloud can add custom DNS entries to the private host zone. To ensure secure private integration, HTTPS is recommended for REST and SOAP services. The SSL certificate for each private domain must match the certificate on the client-managed server.
For the best experience with your Pega VPC, use an entirely public connection topology with encryption. Connections that rely on an entirely public connection topology offer the most flexibility for:
- Integrations (such as adding additional third-party services)
- Enterprise network variations (such as scaling your enterprise network)
Other changes made from the client end after your Pega Cloud environments are integrated into your network.
For more information about adding public connections to an allow list and configuring private access to and from your Pega Cloud environment, see Configuring public access between your Pega Cloud environment and your enterprise network and Configuring private access to your Pega Cloud environment.