Connecting to applications using Virtual Private Endpoints with EASeJ

Edit online

All IBM® Enterprise Application Service for Java® instances offer integration with IBM Cloud® Virtual Private Endpoints (VPE) for Virtual Private Cloud (VPC). This support gives you the ability to connect from your VPC network to your applications by using the IP addresses of your choosing, which are allocated from a subnet within your VPC.

With EASeJ, you can use Virtual Private Endpoints to connect to applications. Enable VPE endpoints in your staging or production environment.yaml file and then set up your VPE to access your application securely.

Draft comment: helyar@us.ibm.com
Hold for when more types of VPEs are available in EASeJ:

With EASeJ, you can use the following type of VPE:

  • Virtual Private Endpoints to access applications.

    There are multiple VPEs per EASeJ instance. Each VPE corresponds to the staging or production environment in an EASeJ instance.

Enable VPE endpoints in the environment.yaml file

To use a VPE to access your application with a private endpoint, you must enable endpoint visibility in the staging or production environment environment.yaml file. Set the endpoints setting to either vpe or public to enable VPE endpoint connectivity. The following example sets endpoints to vpe in an environment.yaml file.
version: 1.0
app:
  endpoints: vpe

Set up your VPE to access an application securely

With EASeJ, you can use Virtual Private Endpoints to access applications. There are multiple VPEs per EASeJ instance. Each VPE corresponds to the staging or production environment in an EASeJ instance.

Complete the following steps to set up your VPE to access an application.

  1. Create an IBM Cloud Virtual Private Cloud. Follow the Getting started instructions in the IBM Cloud VPC documentation.

  2. Make sure that your VPC has at least one virtual server instance (VSI) and can connect to the VSI. You can use the console, CLI, or API to quickly provision virtual server instances from the IBM Cloud Virtual Private Cloud page in the IBM Cloud console.

    1. Create an SSH key to access the VSI.
    2. Create a virtual server instance by using the UI.
    3. Reserve a floating IP address so your instance is reachable from the internet.
    4. Connect to your VSI.

  3. Go to the Virtual private endpoint gateways for VPC page in the IBM Cloud console. From the navigation menu, click Infrastructure icon in IBM Cloud menu Infrastructure > Network > Virtual private endpoint gateways.

  4. Create a VPE gateway for Enterprise Application Service.

    During VPE gateway creation, each VPE is listed with <app-name>.<uuid>.private.<region>.ease.ibmappdomain.cloud as an application endpoint.

  5. Check the VPE gateway. After you create your VPE, it might take a few minutes for the new VPE and private DNS (pDNS) to complete the process and begin working for your VPC. Completion is confirmed when you see an IP address set in the details view of the VPE.

  6. Retrieve the URL of the EASeJ application that is exposed to the private network. You can find the generated URL in the deployment job. The URL has the following format.

    https://<app-name>.<uuid>.private.<region>.ease.ibmappdomain.cloud
    • <app-name> is the application name.
    • <uuid> is a universally unique identifier (UUID).
    • <region> is the IBM Cloud region. Use the Washington DC (us-east) region.

What to do next

Use your instance in the VSI. The following curl example calls the <app-name> application. 
curl https://<app-name>.<uuid>.private.us-east.ease.ibmappdomain.cloud