Skip to main content
Private BetaContact us to get set up.
Some MCP servers can’t be exposed to the public internet. They live in VPCs, behind firewalls, in air-gapped environments. VPC connectivity lets the Tool Hub reach these servers without requiring public endpoints.

The problem

Your internal services are internal for a reason. Exposing them to the internet—even with authentication—isn’t acceptable. But the Tool Hub runs in our cloud. How does it reach your private network?

How it works

A Connector Worker deployed in your Cloudflare account bridges the gap. The Worker has access to your private network via Cloudflare Tunnel. The Tool Hub calls your Connector Worker over HTTPS; the Worker proxies requests through the tunnel to your internal MCP server. Your internal services stay private. The only public endpoint is the Connector Worker, which authenticates requests from the Tool Hub before forwarding them.

What you get

No public exposure. Your MCP servers never touch the public internet. Traffic flows through Cloudflare’s network directly into your VPC. Your infrastructure. The Connector Worker runs in your Cloudflare account. You control the deployment, the tunnel configuration, the network policies. Same identity model. ID-JAG token exchange still works. The Connector Worker passes through the scoped credentials; your MCP server validates them as usual.

See also

Internal MCP Servers

Authentication for internal services