Deploying Hybrid Cloud using IBM Virtual Private Network (VPN) Service

Share this post:

According to a recent report from IDC, more than 80% of enterprise IT organizations will commit to hybrid cloud architectures by 2017. Another estimate from IDC suggests that roughly 65% of companies’ IT assets will be hosted off-site in colocation, hosting, and cloud data centers by 2018. Not long ago, while cloud computing was still in its infancy, many organizations wondered if public, private or hybrid cloud were viable options for them. Today, no one questions the benefits of cloud computing and how it helps businesses achieve agility and fosters innovations.

Are you contemplating moving some of your workloads into the cloud, but worried about accessing them securely using private IP addressing? Look no further. Check out IBM Virtual Private Network (VPN) service. It uses time-tested, mature Internet Protocol Security (IPsec) protocol suite to build a secure communication channel between your private on-premises data center and your IBM Bluemix cloud resources.

In addition to the Bluemix VPN gateway, an IPsec-compatible VPN gateway device such as your existing border router or firewall is required inside your on-premises data center. The secure IPsec tunnel is established at the network layer between these two VPN gateway devices. Once this secure VPN tunnel is in place, an endpoint on one side of the tunnel can communicate with any endpoint on the other side of the tunnel without requiring any special client software.

Ready to get started?

Follow these simple steps to configure your Bluemix VPN service:

  • Go to Bluemix Catalog > Services > Network. Click Virtual Private Network (VPN) service.
  • Select your Space, Service Plan and click CREATE.
  • Create VPN Gateway, and select your Container destinations inside the Bluemix cloud. Note: The VPN beta service is currently available for Containers only.

    Create gateway

  • Specify the four mandatory parameters – Name, Preshared Key String, Customer Gateway IP and Customer Subnet – for your new VPN connection. The system-defined default settings for new IPsec connection are: encryption- aes128, authentication- sha1, PFS group- Group 2, and Keepalive interval- 15 seconds. Your IPsec settings on the Bluemix VPN gateway must match with that on your on-premises VPN gateway device.


  • Optionally, you can customize IPsec policy, IKE policy, and other advanced settings to comply with your organization’s security needs. Click Save.

    IPSec Policies
    Advanced Settings

  • Check the status of your IPsec connection by selecting VPN service from the Bluemix Dashboard.


You can find more details in Getting Started with IBM VPN service. You can also check out the How To Configure VPN Service video below:

Explore the powerful Bluemix platform at

More stories
May 7, 2019

We’ve Moved! The IBM Cloud Blog Has a New URL

In an effort better integrate the IBM Cloud Blog with the IBM Cloud web experience, we have migrated the blog to a new URL:

Continue reading

May 1, 2019

Two Tutorials: Plan, Create, and Update Deployment Environments with Terraform

Multiple environments are pretty common in a project when building a solution. They support the different phases of the development cycle and the slight differences between the environments, like capacity, networking, credentials, and log verbosity. These two tutorials will show you how to manage the environments with Terraform.

Continue reading

April 29, 2019

Transforming Customer Experiences with AI Services (Part 1)

This is an experience from a recent customer engagement on transcribing customer conversations using IBM Watson AI services.

Continue reading