Connecting Your Druid to Facet

As an exploratory analytics tool, connecting Facet into your Druid cluster is a great way to have an enhanced user experience in the application. When using a database such as Druid, your database is optimized for the point and click, slice and dice performance which Facet offers.

There are 3 options for connecting your Druid Cluster to Facet.

  1. TLS over Public Internet
  2. Druid Basic Authentication
  3. Customer Virtual Private Network (VPN)

Below is information about each integration option as an overview. The exact steps to be followed are located in the "Databases and Datasets" page of the Admin Panel.

For more information on connecting your Druid to Facet, please contact [email protected]

TLS over Public Internet

This option is applicable if you have already enabled TLS support in your Druid cluster. Facet can authenticate with your Druid using HTTPS client certificates.

Requests to your Druid will authenticate through a client certificate signed by your certificate authority. To configure this option, Facet needs a client certificate signed by your certificate authority (.crt), the associated private key file (.key) used to create the certificate signing request, an optional passphrase if the key file is further protected, and a certificate authority certificate if you used a self-signed certificate (.pem).

All these secrets are encrypted at rest and in transit within Facet’s VPC. Each time a secret is accessed, the request is audited.

With this configuration in place, Facet can securely connect to your Druid cluster using TLS with the provided Druid broker/router IP/port combinations.

Druid Basic Authentication

This option is applicable if your cluster is configured to use Druid Basic Security. Facet will authenticate using the authentication credentials you provide. We suggest to create a user which has read access to the tables which are to be visualized within Facet, including any lookups.

Facet can securely connect to your Druid using the basic authentication method into the provided Druid broker/router IP/port combinations.

Customer VPN

This option is applicable if you already have an internal VPN that is used to extend a private network that hosts Druid. With the VPN, users can query Druid datasources across shared or public networks as if their computing devices were directly connected to the private network.

Facet’s software can establish a VPN tunnel from our Virtual Private Cloud (VPC) in GCP to your VPN gateway. To configure this option, Facet needs details from you about how to setup the VPN connection. For prior deployments, we received an OpenVPN configuration file and a username/password combination to authenticate with the VPN gateway.

With the VPN connection established, Facet can securely query your Druid cluster over HTTP with the provided Druid broker/router IP/port combinations.

For more information on how to connect with a VPN, please contact Email [email protected] for more information


Did this page help you?