Enabling HTTPS

To secure communication within Data Collector, enable HTTPS for the following components:

Data Collector: Enable HTTPS for Data Collector to secure the communication to the REST API and to use the Data Collector as an authoring Data Collector in Control Hub.; For Control Hub cloud, an authoring Data Collector must use the HTTPS protocol because Control Hub cloud also uses the HTTPS protocol. For Control Hub on-premises, an authoring Data Collector must use the same protocol as the Control Hub on-premises installation.
stages that connect to external systems: During development, developers can enable specific stages to use SSL/TLS to secure the communication with an external system. For example, if designing a that writes to a Cassandra cluster enabled for HTTPS, the developer must configure the Cassandra destination to use SSL/TLS to connect to Cassandra.; For information about enabling HTTPS for stages, see SSL/TLS Encryption.

By default, Data Collector uses the HTTP protocol. Use HTTPS in a production environment. HTTPS requires SSL/TLS certificates.

By default, the Control Hub web browser uses WebSocket tunneling to communicate with deployed Data Collectors. WebSocket tunneling ensures that your data is secure and does not require additional setup.

However, when you preview a or capture a snapshot of an active job, your source data does pass through encrypted connections beyond your corporate network into Control Hub, and then back to your web browser. If your data must remain behind a firewall due to corporate regulations, you can configure the browser to use direct engine REST APIs to directly communicate with the engines behind the firewall.

When using direct engine REST APIs, you must enable Data Collector to use the HTTPS protocol. For information about enabling HTTPS for Data Collector, see the Control Hub documentation.

Note: During development, developers can enable specific stages to use SSL/TLS to secure the communication with an external system. For example, if designing a that writes to a Cassandra cluster enabled for HTTPS, the developer must configure the Cassandra destination to use SSL/TLS to connect to Cassandra. Enabling SSL/TLS in stages does not require enabling Data Collector to use HTTPS. For information about enabling HTTPS for stages, see SSL/TLS Encryption.