Securely query data sources on your Tailscale network using Private Data Source Connect in Grafana Cloud

Balancing security with your observability needs can be a difficult task. We know our users want to leverage platforms like Grafana Cloud to visualize and gain valuable insights into their data, while also keeping their data sources private and secure.

Grafana Cloud already lets you securely query private data sources with Private Data Source Connect (PDC), a solution for establishing a private, secured connection between a Grafana Cloud instance, or stack, and data sources secured within a private network. PDC makes it easy to benefit from the convenience and features of Grafana Cloud, while still accessing all of your data, wherever it is. 

Today, PDC is becoming even more powerful and flexible. We’re excited to share a new integration between Tailscale and Grafana Cloud that lets you query data sources on your Tailscale network directly from your Grafana Cloud stack. 

Read on to learn more about this new integration, and check out the video below to learn more about how it works.

An overview of the Tailscale and Grafana Cloud integration 

Tailscale allows you to create a secure network (called a tailnet) by directly connecting users, devices, and resources. This new integration — available now in private preview — temporarily adds an ephemeral machine to your tailnet on your behalf. You can add tags to these machines, which allow you to configure Tailscale ACLs  and Grants, giving you full control of what your Grafana Cloud stack can access.

Here’s how it works:

• When a data source is configured with a Tailscale auth key, all of its queries are sent through PDC. 
• Upon receiving a query, PDC will create a new ephemeral node on your tailnet, or use an existing one if it is already running. 
• The connection to the target data source is then provided by Tailscale. This means you can query any data sources supported by PDC using your Tailscale network.

Key benefits of the integration

By combining the ease, security, and operational efficiency of Tailscale with the advanced observability and scalability of Grafana Cloud, monitoring internal infrastructure becomes easier and more secure, with reduced overhead and complexity. 

Here’s a closer look at what the integration provides. 

1. Secure and private data access: With Tailscale, querying private data sources can remain private — no endpoints need to be opened to the public internet. Grafana Cloud can temporarily join your tailnet on your behalf and securely query data sources in your tailnet. Data remains secure, as all traffic between a Grafana Cloud stack and a tailnet is encrypted. You will also be able to benefit from Tailscale’s powerful access control mechanisms, meaning your Grafana Cloud stack will only have access to the endpoints that you need. 
2. Simplified setup and reduced operational overhead: Private Data Source Connect with Tailscale is a simpler alternative to running PDC agents. To connect to a data source on a tailnet, you simply need to enter your data source’s tailnet address or machine name using MagicDNS and provide a Tailscale auth key. You will not have to deal with the overhead of operating PDC agents and monitoring their connection state. Connecting internal data sources on your private tailnet is straightforward and, by leveraging Grafana Cloud, you get a fully managed observability platform, reducing operational burden.
3. Extended observability with Grafana Cloud: Grafana Cloud offers advanced observability solutions and greater convenience than a self-hosted stack. It allows you to leverage the power of open source tools like Prometheus, Grafana Loki, and Grafana Tempo, without the overhead of installing or maintaining them yourself. Using Grafana Cloud also means you don’t have to expose a Grafana server to the internet or maintain a reverse proxy for remote access. You can query data sources in private networks from anywhere, without compromising on security — making it ideal for distributed teams and remote work.

Learn more and get started

The Tailscale and Grafana Cloud integration is in private preview, so for now, we recommend using it only for non-production stacks. You can sign up for the private preview, and we will contact eligible users for onboarding. If you are not in the first cohort, don’t worry; we will email you once the feature is ready for public preview. 

To learn more about PDC, check out our Private Data Source Connect documentation. 

Tailscale is an identity-first connectivity solution that securely connects humans, machines, and services across any network or environment. To learn more about how Tailscale can simplify your network access, visit tailscale.com. 

Grafana Cloud is the easiest way to get started with metrics, logs, traces, dashboards, and more. We have a generous forever-free tier and plans for every use case. Sign up for free now!