GuidesData Sync

Data Sync Network Configuration

This guide explains the network connection options available for Data Sync jobs, helping you choose the right connectivity method for your data sources.

Connection Methods

Tacnode offers two primary networking solutions for connecting to your data sources:

Public Network Connection

The simplest and fastest method for accessing your data source. This approach requires:

  1. Direct Internet Access: Your data source must be accessible via the public internet
  2. IP Whitelisting: Add Tacnode's public IP addresses to your firewall or security group
  3. Security Considerations: Ensure your data source has proper authentication and encryption

Required IP Addresses by Region:

Cloud ProviderRegionPublic IP Address
AWSOregon (aws-oregon)54.188.106.226

Security Note: When using public network connections, ensure your data source implements strong authentication, uses encrypted connections (SSL/TLS), and follows security best practices.

VPC Tunnel Connection (Private Network)

For enhanced security when connecting to data sources within a Virtual Private Cloud (VPC), Data Sync supports private connectivity through:

  • AWS PrivateLink: Secure, private connectivity without exposing traffic to the public internet
  • SOCKS5 Proxy: Forwarding connections through a proxy server within your VPC

Architecture Overview:

This method ensures:

  • Traffic remains within private networks
  • No exposure to public internet
  • Enhanced security and compliance
  • Reduced latency for VPC-local resources

AWS VPC Tunnel Setup

To establish a secure tunnel connection within AWS VPC, follow these steps:

Step 1: Deploy ECS and SOCKS5 Proxy

Set up an ECS service running a SOCKS5 proxy within your VPC to handle connection forwarding.

Step 2: Configure Load Balancer

Create a Classic Load Balancer (CLB) or Network Load Balancer (NLB) and configure:

  • Listening port for incoming connections
  • Backend server targeting your ECS SOCKS5 proxy

Step 3: Create VPC Endpoint Service

Establish a VPC endpoint service that exposes your load balancer for private connectivity.

Step 4: Configure Data Source Security

Update your data source's security groups or firewall rules to allow connections from your SOCKS5 proxy.

Step 5: Set Up Tunnel in Tacnode

Configure the tunnel connection in your Data Sync job settings using the VPC endpoint service details.

Step 6: Authorize Endpoint Service

Grant Tacnode's AWS account permission to access your VPC endpoint service.

Step 7: Create Data Import Job

Set up your data import job to use the tunnel connection for secure data transfer.

Choosing the Right Method

Use Public Network Connection when:

  • Quick setup is required
  • Data source has robust security measures
  • Compliance requirements allow public internet access
  • Cost optimization is a priority

Use VPC Tunnel Connection when:

  • Enhanced security is required
  • Compliance mandates private network access
  • Data source is within a VPC environment
  • Network isolation is critical