Create a private connection to a data source
Welcome to the private data source connect learning journey.
Private data source connect, or PDC, is a way for you to establish a private, secured connection between a Grafana Cloud instance, or stack, and data sources secured within a private network.
Observability data is often located within private networks such as on-premise networks and Virtual Private Clouds (VPCs) hosted by AWS, Azure, Google Cloud Platform, or other public cloud providers. For example, you might host your Splunk or Elasticsearch service on your private network, or you might want to visualize data from Amazon RDS hosted in a VPC. PDC also allows you to connect to any network-secured data source regardless of what cloud provider you use, or if you host your own data in an on-premises network.
Here’s what to expect
When you complete this journey, you’ll be able to:
- Describe why you should use PDC when connecting Grafana Cloud to an external data source
- Install the PDC binaries on a Linux or Windows machine
- Learn how to deploy the PDC agent on Kubernetes or Docker
Troubleshooting
If you get stuck, we’ve got your back! Where appropriate, troubleshooting information is just a click away.
More to explore
We understand you might want to explore other capabilities not strictly on this path. We’ll provide you opportunities where it makes sense.
Before you begin
Before you begin working with private data source connect (PDC) ensure the following:
- You have the tools you need to deploy the PDC agent within your network. You can deploy it directly to a Linux or Windows server, or use a container management system like Docker or Kubernetes. 
- The OpenSSH version is 9.2 or higher on the server the PDC agent was deployed to. For more information on this version requirement, refer to the PDC scalability and security page 
- You need to know the local host name and port of the data source you would like to connect to, for example - loki:8080.
- You have the proper set of credentials to access the data, for example, a username and password, or a token. Refer to the documentation for your data source to learn what credentials are needed. 
- You have an administrator account for your Grafana Cloud organization. To learn more about Grafana Cloud permissions, refer to Grafana Cloud user roles and permissions. 
Note
To establish an SSH connection to Grafana Cloud, the PDC agent must run on a network that allows internet egress to the following endpoints:
private-datasource-connect-<cluster>.grafana.net:22andprivate-datasource-connect-api-<cluster>.grafana.net:443. The<cluster>is displayed in the grafana UI (under Connections > Private data source connections > Configuration Details).The API endpoint (port 443) is used for signing the short-lived SSH certificates used for authenticating with the SSH endpoint (port 22).
If your data source uses AWS SigV4 (AWS Signature Version 4 Authentication), the network where the PDC agent runs must allow internet egress to
sts.<region>.amazonaws.com:443. Replace<region>with the AWS region you are querying. For more details on AWS SigV4, refer to the AWS documentation.




