You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/control-center/security/private-connectivity/best-practices.md
+4-8Lines changed: 4 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,13 +15,9 @@ Check the [Feature Release Calendar](/releasenotes/feature-release-calendar/) fo
15
15
16
16
This page provides best practices for configuring and using Private Connectivity networks, agents, and resources. Following these guidelines helps ensure secure, efficient, and maintainable connections between your Mendix apps and internal infrastructure.
17
17
18
-
{{% alert color="info" %}}
19
-
Mendix uses Tailscale subnet routers to access routes in your network. In a Mendix context, these are called agents.
20
-
{{% /alert %}}
21
-
22
18
## Authentication Key Security
23
19
24
-
Creating an agent involves creating an authentication key. An agent registered with that authentication key can join the agent's network. If you have a production network, only use the generated authentication key for agents placed in your production network. Apply the same principle for development networks.
20
+
Installing an agent involves creating an authentication key. An agent registered with that authentication key can join the agent's network. If you have a production network, only use the generated authentication key for agents placed in your production network. Apply the same principle for development networks.
25
21
26
22
## When to Create Networks
27
23
@@ -94,12 +90,12 @@ For example, Azure Container Apps do not have privileged container access, so yo
94
90
95
91
## Advertised Routes
96
92
97
-
Mendix uses Tailscale subnet routers to advertise routes to your network. This gives you full control over where the agent forwards traffic within your network.
93
+
You need to advertise which IP addresses can be accessed by Mendix Cloud. This gives you full control over where the agent forwards traffic within your network.
98
94
99
95
### Routes to Advertise
100
96
101
97
The routes you advertise depend on what your Mendix Cloud app needs to access and what you want to share:
102
98
103
99
* Single resource – If your app only needs to reach one specific resource, advertise it as a `/32` route (for example, `192.168.1.10/32`).
104
-
* App subnet – If you host all apps in one specific subnet, use the subnet router (for example, `192.168.1.0/24`).
105
-
* Entire network – If you want to share the entire network to avoid repeatedly opening new routes, use the entire VPC or VNet subnet router (for example, `192.168.0.0/16`).
100
+
* App subnet – If you host all apps in one specific subnet, advertise the entire subnet (for example, `192.168.1.0/24`).
101
+
* Entire network – If you want to share the entire network to avoid repeatedly opening new routes, use the entire VPC or VNet subnet (for example, `192.168.0.0/16`).
0 commit comments