Configuring Connections
The Connection Configuration dialog makes it easy to configure your ClickHouse cluster’s connections to the world:
Figure 1 - The Connection Configuration dialog
Here are the details of these fields:
Endpoints
This are the endpoints of your cluster. The public endpoint is enabled by default, but you can also have a private endpoint and a VPC endpoint. Contact Altinity support to configure a private or VPC endpoint.
Protocols
Port 9440 enables the ClickHouse binary protocol and port 8443 enables HTTP connections. Clicking the 
icon displays a message with the requirements for opening a port for MySQL connections:
Figure 2 - Requirements for opening a port for MySQL connections
If MySQL connections are available, the checkbox will be active. Selecting it gives you a dropdown list of available ports:
Figure 3 - Activating a MySQL connection and selecting a port
NOTE: Within your environment, you must use a different port for each cluster with a MySQL connection. The dropdown list of ports will only show the unused (aka available) ports.
Alternate Endpoints
You can define alternate endpoints for your cluster. Click the 
button to add a new endpoint. The name of the alternate endpoint can contain lowercase letters, numbers, and hyphens. It must start with a letter, and it cannot end with a hyphen.
Figure 4 – Defining an Alternate Endpoint
For example, you might want an endpoint that uses your organization’s domain, such as cluster.environment.example.com instead ofcluster.environment.altinity.cloud. You might also want to create an alternate endpoint and use it as the ClickHouse access point in your applications. With that approach, pointing the alternate endpoint to another cluster lets you switch the cluster your applications are using without changing the applications at all.
Clicking the yellow triangle icon displays the Create DNS records panel, which lists the required and optional DNS records you’ll need to create:
Figure 5 – Creating DNS records
When your DNS records are created, contact Altinity support to set up the alternate endpoint.
Zone Awareness
When Zone Awareness is enabled, Altinity.Cloud keeps traffic between client connections and your ClickHouse cluster in a single availability zone whenever possible. This allows you to avoid cross-zone hops.
However, if all of your client connections come from a single zone, this feature will route all requests to a single ClickHouse node. In that case, turning Zone Awareness off will ensure that your load balancer will distribute requests across all the nodes in the cluster.
VPC Endpoint Enabled
Contact Altinity support to set up a VPC endpoint.
Allowed IPs
If enabled, only ClickHouse applications or clients coming from addresses in the IP restrictions text box can connect to your cluster. You can specify individual IP address or ranges of addresses in CIDR format. Separate each entry with commas or newlines.
Disabling IP restrictions means any application can connect to your ClickHouse cluster from any IP address. This is not recommended.
NOTE: The Allowed IPs restriction only applies to ClickHouse applications or clients. Anyone with the proper credentials can access the Altinity Cloud Manager UI from any IP address.
Altinity Shield (Beta)
If enabled, uses Altinity’s CHGuard as a sidecar proxy to protect your cluster endpoint from DDoS and password enumeration attacks. You can disable it temporarily with the Temporary Bypass slider; that disables the shield without uninstalling it. Clicking the 
button lets you configure Altinity Shield:
Figure 6 - The Altinity Shield Advanced Settings dialog
The dialog lets you set a limit on the number of concurrent connections. Changing this value requires a restart.
The remaining options let you define rate limits in two categories: Default rate limits, and rate limits for connections that failed authentication. Within each category, you can define rate limits for a given IP address, for the combination of an IP address and user, and for a given user.
Datadog Integration
You can use Datadog to monitor your ClickHouse cluster. The Datadog options are only enabled if your cluster’s environment is enabled for Datadog support. See the section Enabling Datadog at the environment level for the details. Be aware that you must have the appropriate privileges to edit an environment’s settings, so you may need to contact your administrator.