Skip to main content

Best practices in externalization of services

Externalizing services is critical for improving functionality, performance, and scalability in enterprise applications. This approach introduces a microservice-based, container-native architecture that helps organizations optimize deployments, strengthen security, and maintain operational flexibility. As a lead system architect on the Center of Excellence team, you need to understand the processes and best practices for service externalization to guide your organization through this transition.
Service externalization involves deploying third-party software components as separate services, instead of embedding them within Pega Platform™. This architectural approach provides several advantages:

  • Independent scaling: Scale each externalized service independently based on workload requirements, to optimize resource utilization.
  • Faster updates: Apply security fixes and functional improvements more quickly without affecting the entire system.
  • Enhanced security: Provisioning third-party solutions as separate services, which improves security isolation and reduces the attack surface.
  • Shortened development cycles: Independent release cycles for externalized services enable faster updates without system-wide disruption.

If your organization uses Pega Cloud®, the system manages all activities related to externalization behind the scenes, including provisioning, scaling, and maintaining externalized services. If your organization deploys Pega Platform in a client-managed cloud or on-premises environment, plan an externalization strategy and follow the best practices outlined below.

Best practices for service externalization

1. Ensure compatibility and version support

Verify compatibility between each third-party service version and your version of Pega Platform. Use Pega configuration and sizing guides to set up externalized services correctly. Stack component vendors generally manage forward and backward compatibility effectively. Pega supports later versions or patch levels of these components even if they are not explicitly listed in the documentation.

2. Maintain infrastructure co-location

Deploy all components of your Pega implementation within the same infrastructure type. Do not mix deployment models. For example, do not allow Pega Cloud services to communicate with third-party services on a client-managed cloud. This approach ensures consistent network performance, security policies, and management practices.

3. Deploy services in separate containers

Deploy each externalized service in a separate container to:

  • Manage and scale services independently
  • Isolate failures, to prevent cascading issues
  • Simplify maintenance and upgrade cycles
  • Improve resource allocation and monitoring

4. Respect service sharing boundaries

You can share Elasticsearch, Kafka, and Cassandra across multiple Pega instances, but follow these guidelines:

  • Do not share services between production and non-production environments because maintenance cycles, sensitive data, and access roles differ significantly
  • Apply access controls and data isolation mechanisms for sensitive data
  • Monitor for resource contention and performance degradation when multiple Pega instances share externalized services

5. Choose the right service model based on expertise

Evaluate your organization's technical expertise when selecting an externalization model: Self-managed, Self-managed with vendor license, Vendor-managed SaaS and Pega Cloud. This decision affects operational overhead, cost structure, and the ability to maintain service-level agreements.

6. Understand the shared responsibility model

In externalized deployments Pega provides the platform security infrastructure, while the client organization owns the following responsibilities:

  • Service administration: Administer, configure, and upgrade external services
  • Security management: Secure data in transit and at rest using third-party solutions and security tools
  • Maintenance and remediation: Address vulnerabilities discovered in externalized third-party services
  • Monitoring and performance: Monitor resource usage, respond to alerts, and adjust resource levels when thresholds are reached

7. Implement comprehensive security measures

Apply these security practices when externalizing services:

  • Encrypt data at rest and in transit.
  • Manage keys with KMS.
  • Enforce access controls and mask sensitive properties.
  • Secure networks with VPNs or private connectivity.

8. Plan storage and repository architecture

Externalized services store their repositories outside Pega Platform nodes. Plan for:

  • Adequate storage capacity and performance for externalized data stores
  • Backup strategies that account for data in externalized services
  • Disaster recovery procedures that meet recovery time objectives (RTO) and recovery point objectives (RPO)

9. Follow node startup and shutdown sequences

Understanding the proper startup and shutdown sequence is critical for system stability. 

Startup order:

  • Kafka / Messaging Infrastructure (Externalized Services)
  • Search and Reporting Service (SRS)
  • Background processing nodes
  • WebUser nodes

Shutdown order (reverse of startup):

  • WebUser nodes
  • Background processing nodes
  • Search and Reporting Service (SRS)
  • Kafka / Messaging Infrastructure 
Node startup and shutdown sequence

This sequence ensures dependent services are available before processing begins.

10. Make use of official documentation and migration guides

Before externalization, ensure that your team:

  • Reviews all deployment documentation
  • Follows configuration and sizing guides for your Pega Platform version
  • Consults the Third-Party Externalized Services FAQs
  • Tests the complete deployment in a non-production environment before migrating to production

As the lead of this externalization effort, you must adhere to best practices to encrypt and protect data, especially if sensitive information is transmitted between Pega instances and externalized services. Follow all instructions provided in the externalization deployment documentation
 

Check your knowledge with the following interaction:

This Topic is available in the following Module:
If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice