Using service endpoints to privately connect to IBM Cloudant
To ensure that you enhance control and security over your data when you use IBM® Cloudant® for IBM Cloud®, you have the option of using private routes to IBM Cloud® service endpoints. Private routes are not accessible or reachable over the internet. By using the IBM Cloud Private service endpoints feature, you can protect your data from threats from the public network and logically extend your private network.
IBM Cloudant sends customer logs to LogDNA by using a private service endpoint.
Before you begin
You must first enable virtual routing and forwarding in your account, and then you can enable the use of IBM Cloud Private service endpoints. For more information about setting up your account to support the private connectivity option, see Enabling VRF and service endpoints.
Only IBM Cloudant users with the dedicated hardware plan can have a cloud service endpoint (CSE). All new dedicated hardware clusters have a CSE. If you are an existing user, and you do not have a CSE, contact the IBM Cloud Support Center.
Multi-tenant users cannot use CSE.
Setting up service endpoints for IBM Cloudant
Cloud service endpoints are ready to use when an instance is deployed. Therefore, there is no set up.
You can verify connectivity to your private service endpoint by getting the Cloudant server information from the URL of the private endpoint.
curl https://$ACCOUNT-bluemix.private.cloudantnosqldb.appdomain.cloud
import com.ibm.cloud.cloudant.v1.Cloudant;
import com.ibm.cloud.cloudant.v1.model.ServerInformation;
Cloudant service = Cloudant.newInstance();
service.setServiceUrl("https://$ACCOUNT-bluemix.private.cloudantnosqldb.appdomain.cloud");
...
const { CloudantV1 } = require('@ibm-cloud/cloudant');
const service = CloudantV1.newInstance({});
service.setServiceUrl('https://$ACCOUNT-bluemix.private.cloudantnosqldb.appdomain.cloud');
from ibmcloudant.cloudant_v1 import CloudantV1
service = CloudantV1.new_instance()
service.set_service_url('https://$ACCOUNT-bluemix.private.cloudantnosqldb.appdomain.cloud')
import (
"github.com/IBM/cloudant-go-sdk/cloudantv1"
)
service, _ := cloudantv1.NewCloudantV1UsingExternalConfig(
&cloudantv1.CloudantV1Options{},
)
service.SetServiceURL("https://$ACCOUNT-bluemix.private.cloudantnosqldb.appdomain.cloud")
if err != nil {
panic(err)
}
If it succeeds, you are ready to go. Otherwise, you might want to check a few things:
- Are your CSEs correctly enabled?
- Can you reach the CSE endpoints from where you're running the command?
- Do other CSE endpoints in the same account work correctly?
- Do your firewall rules block access?
If none of these tasks fix the problem, you can talk to our IBM Cloud Support Center team.
Disabling public service endpoints for IBM Cloudant
The public service endpoint cannot be disabled however, if you use the dedicated hardware plan, you can deny access from the public network to user traffic. To accomplish this task, make a request to update the firewall rules for your clusters to the IBM Cloud Support Center.
This option is not available to multi-tenant users.