Data Sync Network Configuration
This guide explains the network connection options available for Data Sync jobs, helping you choose the right connectivity method for your data sources.
Connection Methods
Tacnode offers two primary networking solutions for connecting to your data sources:
Public Network Connection
The simplest and fastest method for accessing your data source. This approach requires:
- Direct Internet Access: Your data source must be accessible via the public internet
- IP Whitelisting: Add Tacnode's public IP addresses to your firewall or security group
- Security Considerations: Ensure your data source has proper authentication and encryption
Required IP Addresses by Region:
Cloud Provider | Region | Public IP Address |
---|---|---|
AWS | Oregon (aws-oregon) | 54.188.106.226 |
Security Note: When using public network connections, ensure your data source implements strong authentication, uses encrypted connections (SSL/TLS), and follows security best practices.
VPC Tunnel Connection (Private Network)
For enhanced security when connecting to data sources within a Virtual Private Cloud (VPC), Data Sync supports private connectivity through:
- AWS PrivateLink: Secure, private connectivity without exposing traffic to the public internet
- SOCKS5 Proxy: Forwarding connections through a proxy server within your VPC
Architecture Overview:
This method ensures:
- Traffic remains within private networks
- No exposure to public internet
- Enhanced security and compliance
- Reduced latency for VPC-local resources
AWS VPC Tunnel Setup
To establish a secure tunnel connection within AWS VPC, follow these steps:
Step 1: Deploy ECS and SOCKS5 Proxy
Set up an ECS service running a SOCKS5 proxy within your VPC to handle connection forwarding.
Step 2: Configure Load Balancer
Create a Classic Load Balancer (CLB) or Network Load Balancer (NLB) and configure:
- Listening port for incoming connections
- Backend server targeting your ECS SOCKS5 proxy
Step 3: Create VPC Endpoint Service
Establish a VPC endpoint service that exposes your load balancer for private connectivity.
Step 4: Configure Data Source Security
Update your data source's security groups or firewall rules to allow connections from your SOCKS5 proxy.
Step 5: Set Up Tunnel in Tacnode
Configure the tunnel connection in your Data Sync job settings using the VPC endpoint service details.
Step 6: Authorize Endpoint Service
Grant Tacnode's AWS account permission to access your VPC endpoint service.
Step 7: Create Data Import Job
Set up your data import job to use the tunnel connection for secure data transfer.
Choosing the Right Method
Use Public Network Connection when:
- Quick setup is required
- Data source has robust security measures
- Compliance requirements allow public internet access
- Cost optimization is a priority
Use VPC Tunnel Connection when:
- Enhanced security is required
- Compliance mandates private network access
- Data source is within a VPC environment
- Network isolation is critical