Firewalls protect valuable data from public access. If your data sources reside behind a firewall for protection, and you are not using a Satellite Connector or Satellite location, then you must configure the firewall to allow the IP addresses for Cloud Pak for Data as a Service and also for individual services. Otherwise, Cloud Pak for Data as a Service is denied access to the data sources.
To allow Cloud Pak for Data as a Service access to private data sources, you configure inbound firewall rules using the security mechanisms for your firewall. Inbound firewall rules are not required for connections that use a Satellite Connector or Satellite location, which establishes a link by performing an outbound connection. For more information, see Connecting to data behind a firewall.
All services in Cloud Pak for Data as a Service actively use WebSockets for the proper functioning of the user interface and APIs. Any firewall between the user and the Cloud Pak for Data as a Service domain must allow HTTPUpgrade. If Cloud Pak for Data as a Service is installed behind a firewall, traffic for the wss:// protocol must be enabled.
Configuring inbound access rules for firewalls
If data sources reside behind a firewall, then inbound access rules are required for Cloud Pak for Data as a Service. Inbound firewall rules protect the network against incoming traffic from the internet. The following scenarios require inbound access rules through a firewall:
Learn more
Parent topic: Setting up the platform for administrators