Skip to main content

Networking details for your Pega Cloud environments

Suggest edit Updated on January 24, 2022

Pega Cloud maintains a robust set of networking and security controls that enables you to take advantage of the power of Pega Platform, strategic applications, and third-party integrations provided as a cloud-delivered service.

Pega Cloud provisions development, staging, and production environments for each client hosted in an AWS region for public, private, and hybrid connectivity.

Connecting to Pega Cloud

You have access to your applications and integration services in Pega Cloud through a secure internet connection using IPV4. Pega Cloud does not support IPv6 network connections. Pega Cloud supports the following network connectivity methods:

Internet only

This option supports secure internet access for all user traffic, such as hosted applications and Dev Studio, as well as integration services traffic.

Private connection only

For private network connectivity, several private access services for connection traffic are available.

Internet plus private connection

This option includes secure internet access for all user traffic, as described above, as well as the option to have private access services to your private network for all inbound and outbound traffic.

Accessing Pega Cloud

Each client environment within Pega Cloud supports a series of Pega application computing resources. You can connect to each application with a public IP address and a private IP address. During the client onboarding delivery process, Pega disables inbound traffic (client to Pega Cloud environment) by default and only enables inbound traffic based on your application needs. Pega allows all outbound traffic (Pega Cloud environment to client) for each instance by default.

Your Pega Cloud environment offers a secure, flexible, and scalable way to integrate with your enterprise network, including connections that originate from a pool of three static source IP addresses to connect to your enterprise network. All system instances in your Pega Cloud environment share from this pool of static source IP addresses.

For the best experience with your Pega Cloud services, use an entirely public connection topology with encryption. Connections that rely on an entirely public connection topology offer the most flexibility for the following use cases:

  • Integrations, such as adding additional third-party services
  • Enterprise network variations, such as scaling your enterprise network

Other changes made from the client end after your Pega Cloud environments are integrated into your network.

For more information about adding public connections to an allow list and configuring private access to and from your Pega Cloud environment, see Configuring public access between your Pega Cloud environment and Configuring private access to your Pega Cloud environment.

DNS resolution

Pega does not resolve network connectivity to your Pega Cloud environments using IP addresses. Instead, Pega Cloud relies on the DNS (Domain Name System) server for the enterprise network of each client for communication between your Pega Cloud environments and the public internet. During onboarding, Pega requires you to share your DNS name resolution protocol so that Pega can configure your Pega Cloud environment connectivity to use your DNS server. As long as the DNS server in your enterprise environment provides name resolution, your network traffic can access your Pega applications.

Pega Cloud assigns each client a single public domain for public internet access for your Pega Cloud services during initial environment provisioning. In addition, Pega maintains a private host zone for internal communications.

For clients using a public domain, Pega uses the naming convention: <>.

If you only want remote access to your private servers or private services through your Pega Cloud services environment, Pega uses the naming convention: <clientID.internal>.

Pega also provides the option for you to use a customized domain, for example: <>. To request a custom domain, see Requesting a custom domain name for applications hosted in Pega Cloud.

Pega also supports the ability to forward traffic to domains, IP addresses, or host zones that you have specified in your DNS server resolver rules that depend on the type of connection to the environment:

  • For inbound connections, Pega can resolve domains to a private host zone on your Pega Cloud environment.
  • For outbound connections, Pega can specify domains and IP addresses that you want to forward to match a specific resolver rule. For example, if you connect to a domain that contains multiple resolver rules (,, Pega can forward the query to the domain with the most specific match (
If you want your Pega Cloud environments to resolve to private host zones only, or if you want to add additional forwarding rules to your resolution requirements, you can make a request that states your DNS resolution requirements with your regional Pega support representative by using the Support Requests tab in My Support Portal. Pega Cloud provides the details required to resolve DNS according to your specification.
Did you find this content helpful? YesNo

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us