Skip to main content

Zilla Plus Secure Public Access

Zilla Plus Secure Public Access

Available in Zillaopen in new window

By automating the configuration of an internet-facing network load balancer and auto-scaling group of stateless Zilla Plus Secure Public Access proxies to expose your Kafka cluster via the public internet, Kafka clients can connect, publish messages and subscribe to topics in your Kafka cluster from outside the host network.

You will need to choose a wildcard DNS pattern to use for public internet access to the brokers in your Kafka cluster. These wildcard DNS names must resolve to the public IP address(es) where the Zilla proxy is deployed. The Zilla proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.

Amazon MSK

The Zilla Plus for Amazon MSKopen in new window Secure Public Access proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet. Follow the guide to get started.

Confluent Cloud

The Zilla Plus for Confluent Cloudopen in new window Secure Public Access proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Confluent Cloud cluster via the internet. Follow the guide to get started.

The Zilla proxy

Once you have deployed either secure public access option you can manage the proxy in the following ways.

Monitoring

The CloudFormation template used to deploy the Zilla proxy includes a Network Load Balancer that can be monitored via CloudWatchopen in new window to verify continuous health.

Network Load Balancers have many available metricsopen in new window, including the following.

  • TCP_Target_Reset_Count - The total number of reset (RST) packets sent from a target to a client. These resets are generated by the target and forwarded by the load balancer.
  • UnHealthyHostCount - The number of targets that are considered unhealthy.

You can use CloudWatchopen in new window to create a dashboard to monitor these metrics and set alarms to alert you when specific metric thresholds are reached.

Upgrading

Navigate to your AWS Marketplaceopen in new window subscriptions and select Zilla Plus for * to show the manage subscription page.

  • From the Agreement section > Actions menu > select Launch CloudFormation stack
  • Select the CloudFormation Template fulfillment option with the same Secure Public Access template used to deploy the proxy
  • Make sure you have selected the desired region selected, such as us-east-1
  • Click Continue to Launch
    • Choose the action Launch CloudFormation
  • Click Launch to show the URL of the CloudFormation template
    • Copy the CloudFormation template Amazon S3 URL
  • Select your existing CloudFormation Stack from a previous deployment of Zilla Plus for *
  • Click Update and Replace current template with the copied Amazon S3 URL
  • Complete the wizard to deploy the updated stack.

CloudFormation will incrementally deploy the Zilla proxies for the new version behind the same Network Load Balancer, checking for successful deployment before terminating the Zilla proxies for the previous version.

Connected clients will see their connections drop, and when they reconnect automatically, the Network Load Balancer will direct them to the new Zilla proxies. If the stack update is unsuccessful, then CloudFormation will rollback to use the previous stack deployment.

© aklivity, inc. 2022-2023