You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/control-center/security/private-connectivity/best-practices.md
+4-8Lines changed: 4 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,13 +14,9 @@ Private Connectivity is currently in Public Beta, and will be out of Public Beta
14
14
15
15
This page provides best practices for configuring and using Private Connectivity networks, agents, and resources. Following these guidelines helps ensure secure, efficient, and maintainable connections between your Mendix apps and internal infrastructure.
16
16
17
-
{{% alert color="info" %}}
18
-
Mendix uses Tailscale subnet routers to access routes in your network. In a Mendix context, these are called agents.
19
-
{{% /alert %}}
20
-
21
17
## Authentication Key Security
22
18
23
-
Creating an agent involves creating an authentication key. An agent registered with that authentication key can join the agent's network. If you have a production network, only use the generated authentication key for agents placed in your production network. Apply the same principle for development networks.
19
+
Installing an agent involves creating an authentication key. An agent registered with that authentication key can join the agent's network. If you have a production network, only use the generated authentication key for agents placed in your production network. Apply the same principle for development networks.
24
20
25
21
## When to Create Networks
26
22
@@ -93,12 +89,12 @@ For example, Azure Container Apps do not have privileged container access, so yo
93
89
94
90
## Advertised Routes
95
91
96
-
Mendix uses Tailscale subnet routers to advertise routes to your network. This gives you full control over where the agent forwards traffic within your network.
92
+
You need to advertise which IP addresses can be accessed by Mendix Cloud. This gives you full control over where the agent forwards traffic within your network.
97
93
98
94
### Routes to Advertise
99
95
100
96
The routes you advertise depend on what your Mendix Cloud app needs to access and what you want to share:
101
97
102
98
* Single resource – If your app only needs to reach one specific resource, advertise it as a `/32` route (for example, `192.168.1.10/32`).
103
-
* App subnet – If you host all apps in one specific subnet, use the subnet router (for example, `192.168.1.0/24`).
104
-
* Entire network – If you want to share the entire network to avoid repeatedly opening new routes, use the entire VPC or VNet subnet router (for example, `192.168.0.0/16`).
99
+
* App subnet – If you host all apps in one specific subnet, advertise the entire subnet (for example, `192.168.1.0/24`).
100
+
* Entire network – If you want to share the entire network to avoid repeatedly opening new routes, use the entire VPC or VNet subnet (for example, `192.168.0.0/16`).
0 commit comments