Tutorial: Use a VPC/VPN Gateway for Secure Access from On-Prem-to-Cloud Resources
By: Henrik Loeser
A new tutorial discussing the setup of VPN gateways for secure and private on-prem-to-cloud access.
There are several ways to securely extend an on-premise computer network with resources in IBM Cloud. Customers benefit from the elasticity of provisioning resources when they are needed. Moreover, it is easy and secure to combine on-premise capabilities with IBM Cloud services.
This new tutorial walks you through connecting an on-premise Virtual Private Network (VPN) gateway to a cloud VPN created within an IBM Cloud Virtual Private Cloud (VPC). The tutorial uses the OpenSource IPsec-based VPN solution strongSwan as gateway on-premise and the VPC/VPN gateway in the cloud.
Secure site-to-site communication using VPN
IBM Cloud Virtual Private Cloud (VPC) offers an isolated environment within the public cloud. It allows you to shield off network and compute resources by defining network properties, access control lists (ACLs), and security rules. Applications within a VPC can consume services from the rich IBM Cloud catalog. By establishing a secure connection from the on-premise network into the VPC network, it is possible to access those cloud resources without routing traffic through the public internet.
In the new tutorial, you will learn how to connect an on-premise VPN gateway to a cloud VPN created within a VPC. First, you will use a shell script utilizing the IBM Cloud CLI to create a basic VPC environment with network and compute resources. Thereafter, you will create VPN gateways within both the VPC and a simulated on-premise environment. The gateways establish an IPsec site-to-site link. Further, to demonstrate secure and private access, you will deploy a microservice on a VSI to access Cloud Object Storage (COS). This represents a line of business application. The COS service has a direct endpoint that can be used for private, no-cost ingress/egress when all access is within the same region of the IBM Cloud. An on-premise computer will access the COS microservice. All traffic will flow through the VPN and, hence, privately through IBM Cloud.
Comments, suggestions, and ideas for future tutorials
The tutorials section has a feedback form on the side where you can comment on the content. If you have suggestions on the existing tutorials or ideas for future additions, please submit your feedback. Moreover, you can reach out to me on Twitter (@data_henrik) or LinkedIn.