Set Up a Peered Network for Data Hub Service - AWS

Before you begin

You need:

About this task

In a peered networking environment, you need a VPC peering connection between your Data Hub Service (DHS) clusters and endpoints. In this task, you will configure your peered DHS network and enable VPC peering.
Important: For this task, you need the SEC-ADMIN portal role. See Portal Roles.

Procedure

  1. Go to the MarkLogic Data Hub Service home page, and select Network from the menu.
  2. In the Network Configuration page, click Add Network.

    Add Network Configuration
  3. In the Configure Network page, update the network settings.

    Configure Network page
    Field Description
    Name Name for the network.
    Region The region where your preconfigured network is located. Default: us-west-2. See Supported Regions - AWS.
    Important: Your client-side VPC and peered DHS network must be configured in the same region.
    Network CIDR (Optional) The CIDR (Classless Inter-Domain Routing) block for your DHS network. If you specify a custom network CIDR, the block size must be between a /16 netmask and /22 netmask. Otherwise, we will allocate a CIDR range for your DHS network.
    Tip: Specify a larger CIDR block to host more services in your DHS network.

    Example: For 10.128.4.0/22, the public subnet CIDR values are 10.128.7.0/26, 10.128.7.64/26, and 10.128.7.128/26 and the private subnet CIDR values are 10.128.4.0/24, 10.128.5.0/24, and 10.128.6.0/24.
    Select if you want to set up VPC peering Select to set up VPC peering and create peered endpoints.
    VPC ID Your client-side VPC's identifier (vpc-*).
    Important: The VPC ID must include the vpc- prefix.

    To find your VPC ID in AWS CloudFormation Console, navigate to the AWS CloudFormation Console.

    1. Select the stack created when you set up a client-side VPC.
    2. Select the Resources tab.

    To find all of your VPC IDs in AWS, navigate to AWS.

    1. From the top menu, navigate to Services > VPC.
    2. In the Resources by Region page, click VPCs.

    Example: vpc-0f23c32843d97f2fb
    VPC CIDR Range of IPv4 addresses used to set up your client-side VPC. Primary CIDR block for your VPC. Example: 10.0.0.0/23
    Important: The CIDR range 10.128.0.0/10 is used internally. If your VPC CIDR is in the 10.128.0.0/10 range, your block size must be between a /20 netmask and /28 netmask. The maximum number of IP addresses including all subnets in this CIDR range is 4,096.
    AWS Account ID See Finding Your AWS Account ID.
    Peer Role ARN The unique AWS resource identifier that was generated when you created the peer role. For details, see AWS Identity and Access Management (IAM). Example: arn:aws:iam::123456789012:role/MLAAS-PeerRole-peerRole-PUE2MD0KEMI2
    User Subnet CIDRs

    Public and private subnet CIDRs used to set up your client-side VPC.

    One to six user subnet CIDRs. If you are running your client or application servers across three AWS zones, you must provide all of the subnet CIDRs. If your service is running within a single zone, enter one CIDR. Example: 10.0.0.0/23, 10.0.2.0/23, 10.0.4.0/23, 10.0.6.0/25, 10.0.6.128/25, 10.0.7.0/25

    Click the following link to view a full list of DHS network resources.

  4. Click Configure.

Results


Peered Network Configuration page

The dashboard displays information about each of the current network configurations, listing the information and status for each configuration. The status of the network in the status bar must be Completed. The public subnet CIDRs and the private subnet CIDRs are calculated from the network CIDR.

  • To add a network configuration, click Add Network.
  • To delete a network configuration, click Delete in the configuration's row under the Delete column.
Important: Make note of values that each task produces. Depending on your organization's security model, values might need to be shared with others in your organization.
Value How to find Required to
Public and Private Subnet CIDRs
Note: If using the customer-example.template, these values are also known as Service Public and Private Subnet CIDRs.
  1. Go to the MarkLogic Data Hub Service home page, and select Network from the menu.
  2. Locate the network you created.
  3. Note the values in the Public Subnet CIDRs and Private Subnet CIDRs columns.

    Example: 10.1.2.0/25, 10.1.3.0/24, 10.1.4.0/25, 10.1.0.0/25, 10.1.1.0/27, 10.1.5.0/24

 Configure Your Network Routing
Peering Connection ID
  1. Go to the MarkLogic Data Hub Service home page, and select Network from the menu.
  2. Locate the network you created.
  3. Note the value in the Peering Connection ID column.

    Example: pcx-*

 Configure Your Network Routing
Name
Note: If adding an LDAP configuration, this value is also known as Network.
  1. Go to the MarkLogic Data Hub Service home page, and select Network from the menu.
  2. Locate the network you created.
  3. Note the value in the Name column.
 Add an LDAP Configuration

What to do next