Using virtual private endpoints for VPC to privately connect to IBM Cloud Activity Tracker hosted event search
IBM Cloud® Virtual Private Endpoints (VPE) for VPC enables you to connect to IBM Cloud Activity Tracker hosted event search from your VPC network by using the IP addresses of your choosing, allocated from a subnet within your VPC.
As of 28 March 2024 the IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs, which replaces these two services, prior to 30 March 2025.
The VPE endpoints for IBM Cloud Activity Tracker hosted event search are shared with IBM Log Analysis. When you create a VPE gateway you need to select IBM Log Analysis instead of IBM Cloud Activity Tracker as your service.
VPEs are virtual IP interfaces that are bound to an endpoint gateway created on a per service, or service instance, basis (depending on the service operation model). The endpoint gateway is a virtualized function that scales horizontally, is redundant and highly available, and spans all availability zones of your VPC. Endpoint gateways enable communications from virtual server instances within your VPC and IBM Cloud® service on the private backbone. VPE for VPC gives you the experience of controlling all the private addressing within your cloud. For more information, see About virtual private endpoint gateways.
Before you begin
Before you target a virtual private endpoint for IBM Cloud Activity Tracker hosted event search you must complete the following tasks.
- Ensure that a Virtual Private Cloud is created.
- Make a plan for your virtual private endpoints.
- Ensure that correct access controls are set for your virtual private endpoint.
- Understand the limitations of having a virtual private endpoint.
- Understand how to view details about a virtual private endpoint.
Virtual private endpoint settings, specifically the Internet Protocol (IP) address, might need to be manually updated during Disaster recovery and business continuity actions.
Virtual Private Service Endpoints
The following table lists regions where IBM Cloud Activity Tracker hosted event search service supports VPE. It also lists the endpoints supported from each region. You can connect to the IBM Cloud Activity Tracker service in another region
using supported endpoints. For example, from the Sydney region, you can use IBM Cloud Activity Tracker hosted event search service in the us-south
region using the us-south
endpoint.
When connecting to a VPE via CLI or API, you will need to specify the CRN of the region that you will use to connect to the IBM Cloud Activity Tracker hosted event search service. Use the table below to locate the CRN of the target region.
Region | Endpoints Supported in Region | CRN | |
---|---|---|---|
Dallas (us-south) | api.private.us-south.logging.cloud.ibm.com
logs.private.us-south.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:us-south:::endpoint:api.private.us-south.logging.cloud.ibm.com | |
Frankfurt (eu-de) | api.private.eu-de.logging.cloud.ibm.com
logs.private.eu-de.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:eu-de:::endpoint:api.private.eu-de.logging.cloud.ibm.com | |
London (eu-gb) | api.private.eu-gb.logging.cloud.ibm.com
logs.private.eu-gb.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:eu-gb:::endpoint:api.private.eu-gb.logging.cloud.ibm.com | |
Madrid (eu-es) | api.private.eu-es.logging.cloud.ibm.com
logs.private.eu-es.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:eu-es:::endpoint:api.private.eu-es.logging.cloud.ibm.com | |
Osaka (jp-osa) | api.private.jp-osa.logging.cloud.ibm.com
logs.private.jp-osa.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:jp-osa:::endpoint:api.private.jp-osa.logging.cloud.ibm.com | |
Sao Paulo (br-sao) | api.private.br-sao.logging.cloud.ibm.com
logs.private.br-sao.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:br-sao:::endpoint:api.private.br-sao.logging.cloud.ibm.com | |
Sydney (au-syd) | api.private.au-syd.logging.cloud.ibm.com
logs.private.au-syd.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:au-syd:::endpoint:api.private.au-syd.logging.cloud.ibm.com | |
Tokyo (jp-tok) | api.private.jp-tok.logging.cloud.ibm.com
logs.private.jp-tok.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:jp-tok:::endpoint:api.private.jp-tok.logging.cloud.ibm.com | |
Toronto (ca-tor) | api.private.ca-tor.logging.cloud.ibm.com
logs.private.ca-tor.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:ca-tor:::endpoint:api.private.ca-tor.logging.cloud.ibm.com | |
Washington (us-east) | api.private.us-east.logging.cloud.ibm.com
logs.private.us-east.logging.cloud.ibm.com |
crn:v1:bluemix:public:logdna:us-east:::endpoint:api.private.us-east.logging.cloud.ibm.com |
Using Virtual Private Endpoints
Before you begin
- You need to have an IBM Cloud account
- And a IBM Cloud Activity Tracker instance. You can provision one from the IBM Cloud catalog. Give your instance a memorable name that appears in your account's Resource List.
Setting up your VPE
-
Create an IBM Cloud® Virtual Private Cloud. Follow the
Getting started
instructions here. -
Make sure that your VPC has at least one VSI (virtual server instance), and can connect to the VSI. You can use the UI, CLI, and API to quickly provision IBM Cloud® Virtual Private Cloud from the Virtual server instances page in the IBM Cloud console. For more information, see Creating virtual server instances.
-
Make sure your IBM Cloud Activity Tracker deployment's private endpoint is enabled.
-
In the IBM Cloud console, click the menu icon and select VPC > Infrastructure > Network > Virtual private endpoint gateways. Create a VPE for your IBM Cloud Activity Tracker instances with the following instruction.
The VPE endpoints for IBM Cloud Activity Tracker hosted event search are shared with IBM Log Analysis. When you create a VPE gateway you need to select IBM Log Analysis instead of IBM Cloud Activity Tracker as your service.
-
After you create your VPE, it might take a few minutes for the new VPE and pDNS to complete the process and begin working for your VPC. Completion is confirmed when you see an IP address set in the details view of the VPE.
-
To make sure pDNS is functioning for your VPE,
ssh
into your VSI and runnslookup <instance_hostname>
. The following example shows the output from runningnslookup
on instance hostnames ofapi.private.us-east.logging.cloud.ibm.com
andlogs.private.us-east.logging.cloud.ibm.com
:root@test-vpc-vsi:~# nslookup api.private.us-east.logging.cloud.ibm.com Server: 161.26.0.7 Address: 161.26.0.7#53 Non-authoritative answer: Name: api.private.us-east.logging.cloud.ibm.com Address: 10.241.65.4
root@test-vpc-vsi:~# nslookup logs.private.us-east.logging.cloud.ibm.com Server: 161.26.0.7 Address: 161.26.0.7#53 Non-authoritative answer: Name: logs.private.us-east.logging.cloud.ibm.com Address: 10.241.65.4
In these examples
10.241.65.4
is your VPE IP address. -
You can now use your instance in the VSI.
VPE Discoverability
Following the previous steps results in a IBM Cloud Activity Tracker hosted event search instance with private endpoints that is reachable with the Virtual Private Endpoints from your VPC network.
For more information, see Setting up service endpoints for IBM Cloud Activity Tracker.
More resources
- Planning for virtual private endpoint gateways
- Creating an endpoint gateway
- For further assistance, see the FAQs for virtual private endpoints here, and the
Troubleshooting VPE gateways
documentation that includes how to fix communications issues here.