Grafana Cloud Private Data Connect

%% date:: [[2023-07-07]] parent:: %% # [[Grafana Cloud Private Data Connect]] [docs](https://grafana.com/blog/2023/06/23/new-in-grafana-10-securely-monitor-and-query-network-secured-data-sources-from-grafana-cloud/) [[Grafana Cloud]] Private Data Connect is a commercial feature that allows users to monitor applications hosted on [[VPC]]s and other private networks and still send data for visualisation in Grafana Cloud. ![](https://www.youtube.com/watch?v=9oPe1IICE80) Private Data Connect solves the problem of how to use a [[SaaS]] platform like Grafana Cloud to monitor/visualise data without actually giving it access to applications within a secure network. ## How it works ![[grafana-pdc-how-it-works.png]] [^graf] PDC agent on a VPC creates an [[SSH]] [[SSH tunnel|tunnel]] to Grafana Cloud. This agent can be deployed in a few different ways: - within a [[Kubernetes]] cluster, as a deployment - as [[Docker]] image - as a PDC Agent binary ## Usage <iframe width="560" height="315" src="https://www.youtube.com/embed/9pnf2U3KhG4" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> - Deploy PDC Agent From within Grafana Cloud, go to Connections > Private data source connections. Go through the instructions to set up and deploy the PDC Agent. - Create a signing token for PDC to use. - Enable the Secure Socks Proxy toggle on the data source. ## Alternatives "Private Data Connect" is the SaaS feature, but if you're using [[Self-hosted]] [[Grafana]], you can also do the same thing (get data from private networks) by following [the docs here](https://grafana.com/docs/grafana/next/setup-grafana/configure-grafana/proxy/). This process involves hosting your own [[socks5]] server with [[TLS]] using something like: - [GOST](https://v2.gost.run/) - [3proxy](https://github.com/3proxy/3proxy) - [shadowsocks](https://github.com/shadowsocks) - [outline](https://getoutline.org/) - [stunnel](https://github.com/mtrojnar/stunnel) ## Future plans - Allowlist within the UI, and maybe denylist as well [^graf]: Hingtgen, S. et al. (2023). *New in Grafana 10: Securely monitor and query network-secured data sources from Grafana Cloud*. Retrieved from https://grafana.com/blog/2023/06/23/new-in-grafana-10-securely-monitor-and-query-network-secured-data-sources-from-grafana-cloud/