FAQ for Confluent Cloud

This topic provides answers to general Confluent Cloud questions.

General

What cloud providers are supported?

Tip

If you don’t see your region listed, contact Confluent. Additional regions can be supported by request.

  • Amazon Web Services (AWS)
    • ap-northeast-1 (Tokyo)
    • ap-south-1 (Mumbai)
    • ap-southeast-1 (Singapore)
    • ap-southeast-2 (Sydney)
    • ca-central-1 (Canada Central)
    • eu-central-1 (Frankfurt)
    • eu-west-1 (Ireland)
    • eu-west-2 (London)
    • sa-east-1 (São Paulo)
    • us-east-1 (N. Virginia)
    • us-east-2 (Ohio)
    • us-west-2 (Oregon)
  • Azure (Microsoft Azure)
    • australiaeast (New South Wales)
    • centralus (Iowa)
    • eastus (Virginia)
    • eastus2 (Virginia)
    • northeurope (Ireland)
    • southeastasia (Singapore)
    • uksouth (London)
    • westus2 (Washington)
    • westeurope (Netherlands)
  • GCP (Google Cloud Platform)
    • asia-east2 (Hong Kong)
    • asia-northeast1 (Tokyo)
    • asia-southeast1 (Singapore)
    • australia-southeast1 (Sydney)
    • europe-north1 (Finland)
    • europe-west1 (Belgium)
    • europe-west2 (London)
    • europe-west3 (Frankfurt)
    • europe-west4 (Netherlands)
    • northamerica-northeast1 (Montreal)
    • us-central1 (Iowa)
    • us-east1 (S. Carolina)
    • us-east4 (N. Virginia)
    • us-west1 (Oregon)
    • us-west2 (Los Angeles)

What compliance standards does Confluent Cloud offer?

Description Confluent Cloud Enterprise Confluent Cloud
GDPR readiness Yes Yes
HIPAA Yes No
ISO 27001 Yes No
PCI level 2 Yes Yes
SOC 1, SOC 2, SOC 3 Yes Yes

What version of Kafka does Confluent Cloud use?

Confluent Cloud runs the latest version of Confluent Platform, including all released and to-be-released updates.

  • After a new version of Kafka is released, there is an expected lag before all Confluent Cloud clusters are updated with the latest.
  • Not all current Confluent Platform features are available in Confluent Cloud. For more information, see Supported Features for Confluent Cloud.

Since Kafka version 0.10.0.0, clients and brokers provide backward compatibility so that they can fall back to older request types or throw appropriate errors if functionality is not available. This means that upgrades to Kafka clients do not require corresponding broker upgrades and upgrades to the Kafka version running in Confluent Cloud do not require corresponding version upgrades on the client side. However, it is strongly recommended that you keep all of your clients running on the latest version so that you get the best performance and can use the latest features. For more information, see Confluent Platform and Apache Kafka Compatibility.

What client and protocol versions are supported?

  • Confluent Cloud follows the Confluent Platform client version support policy.
  • Compatible clients must support and implement TLS/SSL encryption and SASL_PLAIN authentication. This is required to connect to Confluent Cloud.
  • All client features since 0.10.0.0 are supported, including exactly-once delivery semantics.

Can I do unlimited retention using log compacted topics with Confluent Cloud?

Yes. You can set retention per topic in Confluent Cloud, including unlimited retention with log compaction. You are only limited by the amount of total storage for your cluster.

Are there topic or partition limits?

Yes, these are described in Supported Features for Confluent Cloud. If you try to create more partitions than you are allowed, you will see this error:

"You may not create more than the maximum number of partitions"

How do I change support plans?

You can manage your support plan from the Resources -> Support plans menu in the upper-right.

../_images/cloud-support-plan.png

What specific security features does Confluent Cloud offer?

  • All traffic over the wire requires TLS/SSL encryption and SASL_PLAIN authentication.
  • All data is encrypted at rest on encrypted volumes.
  • You control the API key and secrets specific to your cluster which you can revoke or reissue if necessary.
  • All data is stored on secure infrastructure, with access controls that are restricted to Confluent engineers, inside a Confluent controlled VPC.
  • Confluent Cloud Enterprise is a private cluster product. Resources are allocated specifically to each cluster. There is no shared data from other customers in your cluster.
  • VPC Peering (optional) provides network-level security for Confluent Cloud Enterprise customers and customers with Dedicated Clusters in Confluent Cloud.

For more information, see the Confluent Cloud Security Addendum.

What version of TLS is supported on Confluent Cloud?

TLS version 1.2 is supported.

Important

Effective March 15, 2020, connections made by using TLS 1.0 and 1.1 are no longer supported. TLS 1.0 and 1.1 are legacy cryptographic protocols that do not support modern cryptographic algorithms. They contain security vulnerabilities that can be exploited by attackers. The Internet Engineering Task Force is planning to officially deprecate both protocols. The majority of encrypted internet traffic is now over TLS 1.2. TLS 1.2 has been the recommended version for IETF protocols since 2008.

Is Kerberos supported on Confluent Cloud?

Kerberos authentication is not supported.

Are Confluent Cloud IP addresses static?

No. Because the cloud infrastructure that is used by Confluent Cloud does not guarantee static IPs across cluster changes, DNS is used to provide a consistent address. The underlying IPs may be stable for some period of time, but are subject to change at any time, so they should not be relied upon for any use.

However, DNS for each cluster follows a predictable pattern. If your cluster bootstrap URL is pkc-12345.<region>.<cloud>.<tld>, all broker endpoints will be of the format:

b0-pkc-12345.<region>.<cloud>.<tld>, b1-pkc-12345.<region>.<cloud>.<tld>, b2-pkc-12345.<region>.<cloud>.<tld>...

Can I switch between Confluent Cloud cluster types?

It is not currently possible to change a cluster from one type to another. For more information on cluster types, see Confluent Cloud Cluster Types.

Can I use the same email account for both Confluent Cloud Enterprise and Confluent Cloud?

No, an email account can only be in one organization at a time. If you are switching from Confluent Cloud to Confluent Cloud Enterprise or changing organizations, Confluent can move you to a different organization. If your email provider supports tagging with a plus sign (+), then you can register a new account using your existing email address with a different tag. For example, if you have an existing Confluent Cloud account using myemail@gmail.com then you could register a Confluent Cloud Enterprise account with this syntax: myemail+enterprise@gmail.com.