Updated on 2023-06-09 GMT+08:00

Preparing Required Resources

Overview

Before creating a ROMA Connect instance, you need to ensure availability of resources, including a virtual private cloud (VPC), subnet, and security group. Each ROMA Connect instance is deployed in a VPC and bound to specific subnets and security groups. In this way, ROMA Connect provides an isolated virtual network environment and security protection policies that can be easily configured and managed by users.

Required Resources

The following table lists the resources required by a ROMA Connect instance.

Table 1 ROMA Connect resources

Resource

Requirement

Operations

VPC and subnet

Different ROMA Connect instances can use the same or different VPCs and subnets based on site requirements. Note the following when creating a VPC and subnet:

  • The created VPC and ROMA Connect must be in the same region.
  • Retain the default settings unless otherwise specified.

For details about how to create a VPC and subnet, see Creating a VPC. If you need to create and use a new subnet in an existing VPC, see Creating a Subnet for the VPC.

Security group

Different ROMA Connect instances can use the same security group or different security groups. Note the following when creating a security group:

  • Set Template to Custom.
  • After a security group is created, retain the default inbound and outbound rules.
  • To use ROMA Connect, you must add the security group rules described in Table 2.

For details about how to create a security group, see Creating a Security Group. For details about how to add rules to a security group, see Adding a Security Group Rule.

(Optional) EIP

If you want to access ROMA Connect through a public network, apply for an EIP. An instance needs to be bound to only one EIP.

For details about how to assign an EIP, see Assigning an EIP.

Table 2 Security group rules

Direction

Protocol

Port

Source IP Address

Description

Inbound

TCP

80

0.0.0.0/0

Access APIC through a public network (without SSL encryption).

Inbound

TCP

443

0.0.0.0/0

Access APIC through a public network (with SSL encryption).

Inbound

TCP

1883

0.0.0.0/0

Access LINK through a public network (without SSL encryption).

Inbound

TCP

7443

0.0.0.0/0

Access LINK through a public network (using RESTful APIs).

Inbound

TCP

8443

0.0.0.0/0

Access LINK through a public network (with SSL encryption).

Inbound

TCP

9092

0.0.0.0/0

Access MQS through a private network (without SASL authentication).

Inbound

TCP

9093

0.0.0.0/0

Access MQS through a private network (with SASL authentication).

Inbound

TCP

9094

0.0.0.0/0

Access MQS through a public network (without SASL authentication).

Inbound

TCP

9095

0.0.0.0/0

Access MQS through a public network (with or without SASL authentication).

Inbound

TCP

9096

0.0.0.0/0

Access MQS through a public network (with or without SASL authentication).

Inbound

TCP

9097

0.0.0.0/0

Access MQS through a public network (with SASL authentication).

Inbound

TCP

9292

0.0.0.0/0

Access MQS through a public network (using RESTful APIs).