Establish connectivity between on-premise or cross-cloud Kafka® clients and MSK clusters. Zilla Plus+ can be configured as a Public MSK Proxy that enables secure access to your MSK clusters from the public internet using a custom DNS domain. This one-time setup continues to work even after your cluster scales out with new Kafka® brokers.
By default, MSK clusters are not designed to be reached over the public internet. As a result, accessing MSK in a secure and flexible manner from a local, on-premise or external cloud environment is difficult. This holds back deploying MSK in a hybrid or multi-cloud setup and complicates partner integration initiatives.
By combining the Public Proxy with Kafka MirrorMaker you can replicate MSK clusters to on-premise or external cloud environments. The reverse also applies, combine the Public Proxy with MirrorMaker to replicate clusters running inside your datacenter or Azure/GCP/etc. to MSK. Cluster replication can help aggregate data from multiple streaming pipelines, isolate production workloads, support disaster recovery efforts, and align with legal and compliance security requirements.
The Public Proxy enables external partners to subscribe to your MSK topics over a custom DNS domain. Security is guaranteed through integrations with AWS Secrets Manager for public server certificates, and ACM PCA for private client ones. TLS client identity propagation is also supported. The Proxy is stateless so it is easy to scale out, and is built-on a high performance runtime, which is able to reliably support a large number of connections.
If you are migrating a Kafka deployment running outside of AWS to MSK, the Public Proxy relieves forklift efforts. With the Proxy, your existing Kafka clients will be able to reach MSK from their native environment, allowing you to keep them running as-is. When ready, you can incrementally migrate them into the AWS cloud.
With the Proxy, Kafka clients running on your local machine can easily reach your MSK cluster, in turn simplifying and accelerating your development and testing efforts.
Combining the Public Proxy with Kafka MirrorMaker allows you to replicate MSK clusters to on-premise or external cloud environments. The reverse also applies, clusters running inside your datacenter or Azure/GCP/etc. can be replicated to MSK. Cluster replication can help aggregate data from multiple streaming pipelines, isolate production workloads, support disaster recovery efforts, and align with legal/compliance security requirements.
The Public Proxy enables external partners to subscribe to your MSK topics over a custom DNS domain. Enterprise-grade security is guaranteed through integrations with AWS Secrets Manager for public server certificates, and ACM PCA for private client ones. TLS client identity propagation is also supported.
When migrating a Kafka deployment running outside of AWS to MSK, the Public Proxy relieves forklift efforts. With the Proxy, your existing Kafka clients can reach MSK from their native environment, allowing them to continue running as-is. Once ready, they can be incrementally carried over into the AWS cloud.
Leverage your favorite Kafka tools directly from your local environment to streamline MSK development and testing efforts.
Aklivity enables connectivity between public Kafka® clients and scaled-out MSK clusters.
The Aklivity Public MSK Proxy enables secure public internet connectivity to Amazon MSK clusters from authorized Kafka® clients. It automates the configuration of an internet-facing network load balancer and auto-scaling group of stateless proxies to access your MSK cluster via the public internet. Kafka® clients can connect, publish messages and subscribe to topics in your Amazon MSK cluster from outside AWS.
The Proxy integrates with AWS Secrets Manager and AWS Certificate Manager to retrieve the private keys and certificate chains used to support both wildcard DNS bootstrap server names and trusted client identity for mutual authentication.
While Public Access is a feature of MSK, it exposes brokers directly to the public internet and lacks support for custom domain names.
Public MSK Proxying with Zilla enables Kafka® clients to connect, publish messages and subscribe to topics in your Amazon MSK cluster from outside AWS. It automates the configuration of an internet-facing Network Load Balancer and an auto-scaling group of stateless proxies. These proxies route traffic to and from MSK brokers, which remain unaltered and unexposed.
A custom domain name not only helps align your public MSK endpoints with your own domain, it provides a stable DNS name should it become necessary to recreate the MSK cluster behind the scenes. It also allows you to expose a cluster using only a single Elastic IP address — this simplifies local firewall policies and eases client integrations. A single Proxy with different custom domains can be deployed in front of multiple MSK clusters.
Zilla Plus integrates with AWS Secrets Manager and AWS Certificate Manager to retrieve the private keys and certificate chains used to support both wildcard DNS bootstrap server names and trusted client identity for mutual authentication.
The Aklivity Public MSK Proxy is an AWS Qualified solution.
