Pega Cloud maintains a robust set of networking and security controls that enables you to take advantage of the power of Pega Platform, strategic applications, and third-party integrations provided as a cloud-delivered service.
Connecting to Pega Cloud
You have access to your applications and integration services in Pega Cloud through a secure Internet connection using IPV4. Pega Cloud does not support IPv6 network connections. Pega Cloud supports the following network connectivity methods:
This option supports secure Internet access for all user traffic, such as hosted applications and Dev Studio, as well as integration services traffic.
For private network connectivity, several private access services for connection traffic are available.Internet plus private connection
This option includes secure Internet access for all user traffic, as described above, as well as the option to have private access services to your private network for all inbound traffic.
Accessing Pega Cloud
For each client Pega Cloud supports a series of Pega application computing resources. You can connect to each application with a public IP address and a private IP address. During the client onboarding delivery process, Pega allows inbound traffic (client to Pega Cloud) by default and can restrict inbound traffic based on your application needs. Pega allows all outbound traffic (Pega Cloud to client).
Pega Cloud offers a secure, flexible, and scalable way to integrate with your enterprise network, including connections that originate from a pool of three static source IP addresses to connect to your enterprise network. All system instances in Pega Cloud share from this pool of static source IP addresses.
Pega chose to support specific connectivity options to provide the best experience on Pega Cloud. Our choice of options are grounded in the principles of Zero Trust Architectures and enforce separation between networks. Following this methodology offers maximum flexibility for Pega Cloud and clients. For example:
- Integrations, such as adding additional third-party services, become much easier to manage, identify and monitor.
- Network isolation insulates all parties from Enterprise network variations, such as scaling your enterprise network.
Combining our connectivity options with application-level encryption, authentication and authorization provides you with a highly secure architecture.
For more information about adding public connections to an allow list and configuring private access to and from Pega Cloud, see Configuring public access between your Pega Cloud environment and Configuring private access to your Pega Cloud environment.
Pega does not resolve network connectivity to Pega Cloud using IP addresses. Instead, Pega Cloud relies on the DNS (Domain Name System) server for the enterprise network of each client for communication between Pega Cloud and the public Internet. During onboarding, Pega requires you to share your DNS name resolution protocol so that Pega can configure Pega Cloud connectivity to use your DNS server. As long as the DNS server in your enterprise environment provides name resolution, your network traffic can access your Pega applications.
Pega Cloud assigns each client a single public domain for public Internet access for your Pega Cloud services during initial provisioning. In addition, Pega maintains a private host zone for internal communications.For clients using a public domain, Pega uses the naming convention:
If you only want remote access to
your private servers or private services through Pega Cloud,
Pega uses the naming convention:
Pega also provides the option for you to use a
customized domain, for example:
request a custom domain, see Requesting a custom
domain name for applications hosted in Pega Cloud.
Pega also supports the ability to forward traffic to domains, IP addresses, or host zones that you have specified in your DNS server resolver rules that depend on the type of connection to Pega Cloud:
- For inbound connections, Pega can resolve domains to a private host zone on your Pega Cloud environment.
- For outbound connections, Pega can specify
domains and IP addresses that you want to forward to match a specific
resolver rule. For example, if you connect to a domain that contains
multiple resolver rules (
mortgage.com), Pega can forward the query to the domain with the most specific match (