Network Connectivity

About

This page outlines some networking basics for successfully connecting with Monte Carlo.

For an overview of the various options available for managing connections, click here.

To begin, please follow the guide specific to your deployment type:

If you are uncertain about which deployment type you are using, refer to the definitions below or contact your account representative for assistance.

Definitions and Terminology

To help with clarity, we have defined the following terms and phrases:

  • Cloud Deployments: Refers to customers who connect to an integration without deploying any infrastructure. This term is synonymous with SaaS deployments.

  • Hybrid Deployments: Refers to customers who connect to an integration using an Agent or have a Data Store. For more details, please see the definition here.

  • Integrations: This term encompasses a variety of connections supported by the Monte Carlo Platform, independently of the developer toolkit.

Refer to the documentation here to determine your exact deployment type and platform version.

For Cloud Deployments

Generally, for cloud deployments and resource availability, you can either leverage IP allowlisting or Private Link services offered by certain vendors to manage connectivity between the Monte Carlo Platform and your integration.

Neither option is required by Monte Carlo, but they are available if you need or wish to use them to manage connectivity.

If you need or wish to use another option (such as deploying in a VNet or VPC, peering, or connecting to on-premises resources), you may need to use an agent as part of our hybrid deployment options.

IP Allowlisting

To use IP allowlisting with your integration for all accounts on the V2 Platform, please ensure the following IP addresses are allowlisted:

  • 34.200.118.118
  • 35.169.25.209

Both IP addresses must be allowlisted, as requests from the Monte Carlo platform can originate from either one.

If your account is not on the V2 Platform, please contact your Monte Carlo representative for further assistance.

Private Link

To use a private link with your integrations, please follow the appropriate guide for your cloud platform:

For Hybrid Deployments

Data Stores

Connectivity to the data store from the Monte Carlo Platform typically varies depending on the specific cloud platform in use.

👍

This guide focuses on Ingress connectivity.

Egress connectivity for your integrations is handled via the Monte Carlo Cloud, so the same options apply. Refer to the relevant section for details and any limitations.

AWS

For all accounts on the V2 platform, Monte Carlo will use VPC endpoints to communicate with the AWS data store by default in supported regions. No action is required to enable this feature. For additional details and limitations, please see here.

If your account is not on this platform or if you wish to further restrict this condition, please refer to this guide.

Azure

By default, Monte Carlo makes an HTTPS request to the data store over the internet. You can restrict inbound IP addresses through IP allowlisting or optionally use private endpoints to direct traffic through the Microsoft backbone network.

IP Allowlisting

To use IP allowlisting with your integration for all accounts on the V2 Platform, please ensure the following IP addresses are allowlisted:

  • 34.200.118.118
  • 35.169.25.209

Both IP addresses must be allowlisted, as requests from the Monte Carlo platform can originate from either one.

If your account is not on the V2 Platform, please contact your Monte Carlo representative for further assistance.

And please refer to this guide for details on how to constrain access (e.g., enable IP allowlisting).

Private Link

If you prefer to use Private Link (private endpoints), please follow the instructions in this guide.

GCP

By default, Monte Carlo makes an HTTPS request to the data store over the internet. You can restrict inbound IP addresses through IP allowlisting.

To use IP allowlisting with your integration for all accounts on the V2 Platform, please ensure the following IP addresses are allowlisted:

  • 34.200.118.118
  • 35.169.25.209

Both IP addresses must be allowlisted, as requests from the Monte Carlo platform can originate from either one.

If your account is not on the V2 Platform, please contact your Monte Carlo representative for further assistance.

And please refer to this guide for details on how to constrain access (e.g., enable IP allowlisting).

Agents

Connectivity for agents generally consists of two components, which vary based on the cloud platform:

  • Ingress: Connectivity from the Monte Carlo Platform to the agent.
  • Egress: Connectivity from the agent to your integrations.

👍

This guide focuses on Ingress connectivity.

To learn more about Egress connectivity, please refer to the FAQs for the respective deployment (AWS, Azure, GCP). These Egress options enable scenarios such as connecting to a VPC or VNet, which are not strictly required but may be necessary for specific connectivity setups, like when you have an IP allowlist for your resource, want to peer, or deploy within your existing network.

AWS

For all accounts on the V2 platform, Monte Carlo will use VPC endpoints to communicate with the AWS agent by default in supported regions. No action is required to enable this. For additional details and limitations, please see here.

If you wish to further restrict this setup, please refer to this guide.

If your account is not on this platform, please see additional options here.

Azure

By default, Monte Carlo makes an HTTPS request to the agent over the internet. You can restrict inbound IP addresses through IP allowlisting or optionally use private endpoints to direct traffic through the Microsoft backbone network.

IP Allowlisting

To use IP allowlisting with your integration for all accounts on the V2 Platform, please ensure the following IP addresses are allowlisted:

  • 34.200.118.118
  • 35.169.25.209

Both IP addresses must be allowlisted, as requests from the Monte Carlo platform can originate from either one.

If your account is not on the V2 Platform, please contact your Monte Carlo representative for further assistance.

And please refer to this guide for details on how to constrain access (e.g., enable IP allowlisting).

Private Link

If you prefer to use Private Link (private endpoints), please follow the instructions in this guide.

GCP

By default, Monte Carlo makes an HTTPS request to the agent over the internet. You can restrict inbound IP addresses through IP allowlisting.

To use IP allowlisting with your integration for all accounts on the V2 Platform, please ensure the following IP addresses are allowlisted:

  • 34.200.118.118
  • 35.169.25.209

Both IP addresses must be allowlisted, as requests from the Monte Carlo platform can originate from either one.

If your account is not on the V2 Platform, please contact your Monte Carlo representative for further assistance.

And please refer to this guide for details on how to constrain access (e.g., enable IP allowlisting).

FAQs

What are the Different Options I Have to Manage Connections?

The options can be summarized as follows:

Cloud Deployments: Connectivity to an Integration from the Monte Carlo Platform

Options
IP Allowlisting
PrivateLink for AWS (compatibility)
Private Link for Azure (compatibility)

These options also apply to connectivity to an integration from the Monte Carlo Platform if you are using a hybrid data store.

Hybrid Deployments (Ingress): Connectivity to an agent or data store from the Monte Carlo Platform

IP AllowlistingPrivate Link
AWSYes*Yes* (compatibility)
AzureYesYes (compatibility)
GCPYesNo

*IP Allowlisting for AWS is only supported on the V1.5 platform. The V2 platform and newer use VPC endpoints by default (i.e., PrivateLink). Additional details here. To determine which version of the platform you are using, see here.

Hybrid Deployments (Egress): Connectivity from an agent to an integration

To learn more about Egress connectivity, please refer to the FAQs for the respective deployment (AWS, Azure, GCP). These Egress options enable scenarios such as connecting to a VPC or VNet, which are not strictly required but may be necessary for specific connectivity setups, like when you have an IP allowlist for your resource, want to peer, or deploy within your existing network.

How Do I Check Which Version of the Platform I Am Using?

👍

If your account was created after April 24th, 2024, it will automatically be using the V2 platform or newer.

To check the status of your deployment, follow these steps using our API or Command Line Interface (CLI).

API

  1. Access the API Explorer:
    Visit the API Explorer in the Monte Carlo UI (learn more about the API Explorer here). Alternatively, you can generate an API key and use tools such as cURL or Postman to make API calls.

  2. Trigger the API:
    Use this API to fetch deployment details. For instance:

    query getPlatformServices {
      getPlatformServices {
        uuid
        deployment {
          deploymentType
        }
      }
    }
    

CLI

  1. Install and Configure the CLI:
    If you haven't done so already, follow the installation and configuration instructions. Ensure you have at least version v0.100.0 of the CLI.
  2. Execute the Command:
    Open your terminal and run the following command (reference docs):
    montecarlo platform list
    

Either way, you can use the following table to interpret the output and determine the status of your deployment:

TypePlatformDescription
CLOUD_V1V1Legacy cloud deployment
CLOUD_V2V2Cloud deployment using the new platform
REMOTE_V1V1Legacy hybrid deployment (data collector)
REMOTE_V1.5V1.5Hybrid deployment (remote agent or data store) not using the new platform
REMOTE_V2V2Hybrid deployment (remote agent or data store) using the new platform

What types of integrations do I usually need to set up connectivity for?

Generally, you might need to enable connectivity between the Monte Carlo Platform and your integration (Cloud) or between the Monte Carlo Agent and your integration (Hybrid). This varies by vendor and depends on how you are managing your resource (e.g., whether it is publicly available).

For push-based developer tools or integrations that are automatically generated by query logs, usually, no action is required. This includes, but is not limited to, integrations like:

  • Atlan
  • Airflow
  • dbt Core
  • Sigma
  • Mode

How Can I Debug or Test Connectivity

Even though each network configuration is unique, you can try the following steps to help debug connectivity:

  1. Double Check Connection Details
    Verify the connection details provided to Monte Carlo, such as host, port, database, and user, for any typos or omissions.
  2. Confirm Service User Functionality
    Ensure that the service user you created is working correctly (e.g., you are able to log in as the service user).
  3. Use Monte Carlo Network Utilities
    • Test TCP Open: Tests if a destination exists and accepts requests by opening a TCP socket to a specific port.
    • Test Telnet: Checks if a Telnet connection is usable.

These two utilities are available on the integrations page, as well as via the CLI and API (Tcp Open and Telnet).

Note that you can use our API from the UI via the API Explorer. Learn more about the API Explorer here.