QuickStart Guide

Deployment Models

11min

Refer to the following deployment models that are possible for Manufacturing Connect and Manufacturing Connect Edge.

These models use Virtual Private Clouds (VPC) and Google Kubernetes Engine (GKE) clusters.

Deployment Model 1: Single VPC with Private GKE Cluster

If you deploy a single VPC with a private GKE cluster, you have option of including a license server proxy in the deployment model.

Model a: Single VPC without License Server Proxy

Document image


Refer to the following settings.

Enterprise to Cloud Firewall settings

  • Nginx endpoint: port 443, 8883
  • Remote-UDP endpoint: port 51820
  • Enterprise DNS endpoint: port 53
  • Pubsub endpoint: port 443 to private.googleapis.com (199.36.153.8/30)
  • Requires DNS resolution (private.googleapis.com -> 199.36.153.8/30)

Manufacturing Firewall settings

  • Nginx endpoint: port 443, 8883
  • Remote-UDP endpoint: port 51820
  • Enterprise DNS endpoint: port 53
  • Pubsub endpoint: port 443 to private.googleapis.com (199.36.153.8/30)
  • Requires DNS resolution (private.googleapis.com -> 199.36.153.8/30)

OT Firewall settings

  • PLC communication: ports based on PLC protocol

Model b: Single VPC with License Server Proxy

A license server proxy is only required when Manufacturing Connect Edge in the OT layer has no direct communication to the Manufacturing Connect/Google Cloud Platform.

Document image


Deployment Model 2: Shared VPC with Private GKE Cluster

If you deploy a shared VPC with a private GKE cluster, you have option of including a license server proxy in the deployment model.

Model a: Shared VPC without License Server Proxy

Document image


Refer to the following settings.

Enterprise to Cloud Firewall settings

  • Nginx endpoint: port 443, 8883
  • Remote-udp endpoint: port 51820
  • Customer DNS endpoint: port 53
  • Pubsub endpoint: port 443 to private.googleapis.com (199.36.153.8/30)
  • Requires DNS resolution (private.googleapis.com -> 199.36.153.8/30)

Manufacturing Firewall settings

  • Nginx endpoint: port 443, 8883
  • Remote-udp endpoint: port 51820
  • Enterprise DNS endpoint: port 53
  • Pubsub endpoint: port 443 to private.googleapis.com (199.36.153.8/30)
  • Requires DNS resolution (private.googleapis.com -> 199.36.153.8/30)

OT Firewall settings

  • PLC communication: ports based on PLC protocol

Model b: Shared VPC with License Server proxy

A license server proxy is only required when Manufacturing Connect Edge in the OT layer has no direct communication to the Manufacturing Connect/Google Cloud Platform.

Document image