Skip to main content

Networking details for your Pega Cloud environments

Suggest edit Updated on June 2, 2022

Pega Cloud maintains a robust set of networking and security controls that enables you to take advantage of the power of Pega Platform, strategic applications, and third-party integrations provided as a cloud-delivered service.

Pega provisions development, staging, and production environments for each client hosted in an AWS region for public, private, and hybrid connectivity.

Connecting to Pega Cloud

You have access to your applications and integration services in Pega Cloud through a secure Internet connection using IPV4. Pega Cloud does not support IPv6 network connections. Pega Cloud supports the following network connectivity methods:

Internet only

This option supports secure Internet access for all user traffic, such as hosted applications and Dev Studio, as well as integration services traffic.

Private connection only

For private network connectivity, several private access services for connection traffic are available.

Internet plus private connection

This option includes secure Internet access for all user traffic, as described above, as well as the option to have private access services to your private network for all inbound traffic.

Accessing Pega Cloud

For each client Pega Cloud supports a series of Pega application computing resources. You can connect to each application with a public IP address and a private IP address. During the client onboarding delivery process, Pega allows inbound traffic (client to Pega Cloud) by default and can restrict inbound traffic based on your application needs. Pega allows all outbound traffic (Pega Cloud to client).

Pega Cloud offers a secure, flexible, and scalable way to integrate with your enterprise network, including connections that originate from a pool of three static source IP addresses to connect to your enterprise network. All system instances in Pega Cloud share from this pool of static source IP addresses.

Pega chose to support specific connectivity options to provide the best experience on Pega Cloud. Our choice of options are grounded in the principles of Zero Trust Architectures and enforce separation between networks. Following this methodology offers maximum flexibility for Pega Cloud and clients. For example:

  • Integrations, such as adding additional third-party services, become much easier to manage, identify and monitor.
  • Network isolation insulates all parties from Enterprise network variations, such as scaling your enterprise network.

Combining our connectivity options with application-level encryption, authentication and authorization provides you with a highly secure architecture.

For more information about adding public connections to an allow list and configuring private access to and from Pega Cloud, see Configuring public access between your Pega Cloud environment and Configuring private access to your Pega Cloud environment.

DNS resolution

Pega does not resolve network connectivity to Pega Cloud using IP addresses. Instead, Pega Cloud relies on the DNS (Domain Name System) server for the enterprise network of each client for communication between Pega Cloud and the public Internet. During onboarding, Pega requires you to share your DNS name resolution protocol so that Pega can configure Pega Cloud connectivity to use your DNS server. As long as the DNS server in your enterprise environment provides name resolution, your network traffic can access your Pega applications.

Pega Cloud assigns each client a single public domain for public Internet access for your Pega Cloud services during initial provisioning. In addition, Pega maintains a private host zone for internal communications.

For clients using a public domain, Pega uses the naming convention: <>.

If you only want remote access to your private servers or private services through Pega Cloud, Pega uses the naming convention: <clientID.internal>.

Pega also provides the option for you to use a customized domain, for example: <>. To request a custom domain, see Requesting a custom domain name for applications hosted in Pega Cloud.

Pega also supports the ability to forward traffic to domains, IP addresses, or host zones that you have specified in your DNS server resolver rules that depend on the type of connection to Pega Cloud:

  • For inbound connections, Pega can resolve domains to a private host zone on your Pega Cloud environment.
  • For outbound connections, Pega can specify domains and IP addresses that you want to forward to match a specific resolver rule. For example, if you connect to a domain that contains multiple resolver rules (,, Pega can forward the query to the domain with the most specific match (
If you want Pega Cloud to resolve to private host zones only, or if you want to add additional forwarding rules to your resolution requirements, you can make a request that states your DNS resolution requirements with your regional Pega support representative by using the Support Requests tab in My Support Portal. Pega Cloud provides the details required to resolve DNS according to your specification.
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us