Skip to main content
This topic uses private connectivity as a general term for AWS PrivateLink and Azure Private Link.
Dedicated Instances rely on cloud-provider private networking features and require baseline infrastructure components for a secure and successful deployment. For supported cloud providers and regions, see Dedicated instance overview.

Prerequisites

AWS requirements:
  • VPC with private subnets
  • Network Load Balancer for connections into the customer environment
  • IAM permissions to create VPC endpoints, security groups, and Route 53 records
Azure requirements:
  • Virtual network with subnets configured for private endpoints
  • Private endpoint network policies disabled on target subnets
  • Standard Load Balancer for connections into the customer environment

DNS requirements

Private connectivity requires DNS configuration to route traffic through private endpoints:
  • AWS: Route 53 Private Hosted Zone, and on-premises DNS forwarding if needed
  • Azure: Azure Private DNS Zone linked to the customer VNet
  • Both: CNAME records that point to the private endpoint
For dedicated instances with private connectivity, Unstructured provides the DNS name in the format <company>.privatelink.unstructuredapp.io. For dedicated instances without private connectivity, the DNS name is in the format <company>.unstructuredapp.io.

Known limitations

LimitationNotes
Cross-Region private connectivityNot supported. Your VPC Endpoints must be in the same region as your dedicated instance.
Cross-CSP private connectivityNot supported, for example AWS to Azure
VPC PeeringNot supported as an alternative to private connectivity