Purchase and deploy an Internet- and VPC-connected instance - Message Queue for Apache Kafka

This topic describes how to purchase and deploy a Message Queue for Apache Kafka instance that can be accessed over the Internet and a virtual private cloud (VPC).

Prerequisites

Message Queue for Apache Kafka is granted the required permissions to access the resources of other Alibaba Cloud services. For more information, see Obtain the access permissions.
A VPC is created. For more information, see Create and manage a VPC.

Step 1: Purchase a Message Queue for Apache Kafka instance

Log on to the Message Queue for Apache Kafka console.
In the Resource Distribution section of the Overview page, select the region where your instance is deployed.
On the Instances page, click Buy Instance.
In the Select Instance Billing Method panel, set the Billing Method parameter to Subscription or Pay-as-you-go and click OK.
On the page that appears, select Internet and VPC for the Network parameter, set other parameters based on your business requirements, and then click Buy Now. On the page that appears, complete the payment by following the on-screen instructions.

Step 2: Obtain the VPC information

Log on to the VPC console.
In the top navigation bar, select the region where your VPC is deployed.
In the left-side navigation pane, click vSwitch.
On the vSwitch page, find your VPC, and view the vSwitch ID and the VPC ID.

Step 3: Deploy the Message Queue for Apache Kafka instance

In the left-side navigation pane of the Message Queue for Apache Kafka console, click Instances. On the page that appears, find the instance that you purchased and click Deploy. The instance is in the Not Deployed state.

In the Deploy Instance panel, configure the following parameters and click OK.


Parameter	Description	Example
VPC ID	Select the VPC ID that you obtained in Step 2. For more information, see Step 2: Obtain the VPC information.	vpc-bp17fapfdj0dwzjkd****
vSwitch ID	Select the vSwitch ID that you obtained in Step 2. For more information, see Step 2: Obtain the VPC information.	vsw-bp1gbjhj53hdjdkg****
Cross-zone Deployment	If the instance edition is Professional Edition, you can specify whether to deploy the instance across zones. Instances that are deployed across zones provide excellent disaster recovery capabilities and have a high tolerance for faults that occur in data centers.	Yes
Candidate Zones of Primary Zone	After you select a vSwitch ID, the system automatically sets the value of this parameter to the zone where the vSwitch is deployed. You can also change the value of this parameter by selecting other zones or adding other zones. This parameter is required only if the Cross-zone Deployment parameter is set to Yes.	Zone D
Candidate Zones of Secondary Zone	We recommend that you select a newer zone as the secondary zone. In most cases, select the zone from bottom to top in alphabetical order. The primary zone and the secondary zone must be different. This parameter is required only if the Cross-zone Deployment parameter is set to Yes.	Zone H
Force Deployment in the Selected Zone	Specify whether to deploy the instance across the specified candidate zones. By default, No is selected. This parameter is required only if the Cross-zone Deployment parameter is set to Yes.	No
Version	The version of the Message Queue for Apache Kafka instance that you want to deploy. The supported version numbers correspond to the version numbers of open source Apache Kafka. 0.10.2 2.6.2 2.2.0	2.2.0
Message Retention Period	Specify the maximum retention period for messages. Unit: hours.	72
Maximum Message Size	Specify the maximum message size that can be received on the instance. Unit: MB.	1
Consumer Offset Retention Period	Specify the maximum retention period for consumer offsets. Unit: minutes.	10080
ACL	Specify whether to enable the access control list (ACL) feature. The ACL feature of Message Queue for Apache Kafka allows you to authorize Simple Authentication and Security Layer (SASL) users to send and consume messages in the Message Queue for Apache Kafka instance based on your business requirements.	Disable
Custom Username and Password	Specify whether to use a custom username and a custom password. If you select No, the default username and password that the system assigns to the instance are used.	No
Disk Encryption	Specify whether to enable disk encryption for the instance.	Enable
Disk Encryption Key ID	The key ID for disk encryption in the region where the instance is deployed. Follow the on-screen instructions to specify a key ID. This parameter is required if the Disk Encryption parameter is set to Enable.	0d24xxxx-da7b-4786-b981-9a164dxxxxxx

The instance enters the Deploying state. It may take approximately 10 to 30 minutes to deploy the instance.

Step 4: View instance details

In the left-side navigation pane of the Message Queue for Apache Kafka console, click Instances. On the page that appears, click the name of the instance whose details you want to view.
On the Instance Details page, view the endpoints, username, and password of the instance.
1. In the Endpoint Information section, view the endpoints of the instance. For information about how to select an endpoint, see Comparison among endpoints.
  - You can use the default endpoint and the SASL endpoint if you want to connect to the instance over a VPC.
  - You can use the SSL endpoint if you want to connect to the instance over the Internet.
2. In the Configuration Information section, view the values of the Username and Password parameters.

Step 5: Configure the whitelist for an endpoint and check whether you can connect to the instance

In the Endpoint Information section of the Instance Details page, find the endpoint for which you want to configure the whitelist and click Edit Whitelist in the Actions column.
In the Edit Whitelist of Endpoint panel, click Add IP Address to Whitelist, enter the IP addresses or CIDR blocks from which you want to allow access to the Message Queue for Apache Kafka instance, and then click OK.
Enable Telnet on your local client and run the telnet Domain name in an endpoint Port number command to check whether you can connect to Message Queue for Apache Kafka.
For example, if you want to connect the client to the SSL endpoint of the Message Queue for Apache Kafka instance, run the telnet alikafka-pre-cn-zv**********-1.alikafka.aliyuncs.com 9093 command.

If the Telnet command returns a success response, the client is connected to the Message Queue for Apache Kafka instance.
If the instance is running but the client fails to connect to the instance, use the self-check tool to perform a self-check. For more information, see Perform health self-check on instances.

What to do next

Create resources