The Problem
You’re hitting the 6,000-application limit per App Connector because your current configuration sends all apps to every connector group using a single broad application segment AKA wildcards (*.corp.internal
). This overloads each connector with unnecessary traffic.
Root Cause
The issue stems from the flat hierarchy:
- Single Application Segment → Single Segment Group → All Connector Groups
- Result: Every connector receives every app, even if it only needs a small subset.
Recommended Hierarchy
To avoid overloading connectors, follow this nested structure:
Applications → Application Segments → Segment Groups → Connector Groups → App Connectors
Current Setup (Problematic)
Component | Configuration |
---|---|
Application Segment | All Internal Apps |
Domain | *.corp.internal |
Segment Group | Internal Services Group |
Connector Groups | AWS_App_Connectors, Miami_App_Connectors, DR_App_Connectors |
Issue: All connectors get 6,000+ apps, hitting the limit.
Solution: Segment Apps by Function & Location
Step 1: Create Specific Application Segments
Name | Domain | Purpose |
---|---|---|
WEB – Finance Apps | *.finance.corp.internal |
Finance web apps |
SQL – Production DBs | *.sql.prod.corp.internal |
Production databases |
RDP – Domain Controllers | dc*.corp.internal |
Domain controller access |
SSH – DevOps Jump Servers | *.jump.devops.corp.internal |
DevOps SSH hosts |
Step 2: Group Segments by Access Type
- WEB Services Group → Finance web apps
- SQL Services Group → Production databases
- RDP Services Group → Domain controllers
- SSH Services Group → DevOps jump hosts
Step 3: Map Segment Groups to Connector Groups
Segment Group | Connector Group | Expected App Count |
---|---|---|
WEB Services Group | AWS_App_Connectors | ~3,000 |
SQL Services Group | Miami_App_Connectors | ~1,500 |
RDP Services Group | DR_App_Connectors | ~1,200 |
SSH Services Group | AWS_App_Connectors | (Included in ~3,000) |
Result: No connector exceeds the 6,000-app limit.
Before vs. After
Before
- Single wildcard (
*.corp.internal
) - All connectors see 6,000+ apps
- One Segment Group
After
- Four logical segments (by protocol/team)
- Each group sees only relevant apps (1,200–3,000)
- Dedicated Segment Groups per access type
Key Takeaways
- Granular segments reduce connector load
- Logical grouping improves scalability
- No more 6,000-app limit breaches