Enable Confluent and Apache Kafka® clients to access the full functionality of your privately-networked Confluent Cloud cluster even if they are running outside the cluster's AWS VPC network.
Private network deployments enhance the security of Confluent Cloud clusters—but they also block internet access, limiting hybrid cloud workflows and partner integrations. Zilla Plus solves this by acting as a public Kafka proxy in front of your privately networked cluster. With Zilla Plus, external clients can connect securely to publish messages, subscribe to topics, and run ksqlDB queries—without compromising your network boundaries.
Allow external partners to subscribe to topics in your private Confluent Cloud cluster over a custom DNS domain. Enterprise-grade security is guaranteed through integrations with AWS Secrets Manager for public server certificates, ACM PCA for private client ones, and support for Confluent Cloud API keys used by external Kafka clients.
Zilla Plus relieves forklift efforts when migrating a Kafka deployment running outside of AWS to a privately-networked Confluent Cloud deployment. With it, your existing Kafka clients can reach your newly setup Confluent Cloud cluster from their native environment, allowing them to continue running as-is. Once ready, they can be incrementally carried over into the AWS cloud.
Leverage your favorite Kafka tools directly from your local environment to streamline Confluent Cloud development and testing efforts in a secure setting.
Allow external partners to subscribe to topics in your private Confluent Cloud cluster over a custom DNS domain. Enterprise-grade security is guaranteed through integrations with AWS Secrets Manager and Certificate Manager as well as client authentication via Confluent Cloud API keys.
Zilla Plus relieves forklift efforts when migrating a Kafka deployment running outside of AWS to a privately-networked Confluent Cloud deployment. With Zilla Plus, your existing Kafka clients can reach your newly setup Confluent Cloud cluster from their native environment, allowing them to continue running as-is. Once ready, they can be incrementally carried over into the AWS cloud.
Leverage your favorite Kafka tools directly from your local environment to streamline Confluent Cloud development and testing efforts in a secure setting.
Zilla Plus is a Kafka-native proxy that routes traffic between Kafka clients and brokers using the native Kafka wire protocol. When deployed in front of a privately networked Confluent Cloud cluster, it enables secure, publicly accessible Kafka endpoints—allowing external clients to connect, publish, and subscribe without direct access to the cluster. Available as an AMI or container, Zilla Plus runs as an auto-scaling proxy group in a public VPC connected via PrivateLink to your secure Confluent Cloud deployment.
While Public Access is a feature of MSK, it exposes brokers directly to the public internet and lacks support for custom domain names.
Zilla Plus integrates with AWS Secrets Manager and Certificate Manager to make it easy to configure Kafka entry points with custom domain names. This not only gives your external-facing endpoints a branded, professional appearance, but also provides a stable DNS name—even if you need to make changes to your Confluent Cloud cluster behind the scenes. One Zilla Plus deployment can support multiple custom domains and seamlessly front multiple Confluent Cloud clusters.
Confluent Cloud API Keys are passed through Zilla proxies ensuring clients can be properly authenticated.
Zilla proxies are stateless and only require a single Network Load Balancer. This reduces both the complexity and costs of scaling out.
The Aklivity Public MSK Proxy is an AWS Qualified solution.
