Configuring private network connections

Create inbound and outbound private network connections in IBM® webMethods Hybrid Integration to share resources over dedicated private links.

Before you begin

You must have one of the following roles to complete this task:
  • Service admin; enables you to manage capabilities in a specific environment.
  • iPaaS admin; enables you to manage capabilities across all environments in a specific subscription.

For more information about permissions, see Roles.

To configure private network connections, you must know how to set up a Virtual Private Cloud (VPC) and interface endpoints in Amazon Web Services (AWS). This task typically requires certified network and cloud security knowledge. Depending on your deployment strategy, different teams might share the configuration work. You might also need the following supporting infrastructure:
  • A Network Load Balancer (NLB) and router. This technology distributes incoming network traffic based on IP address and port to improve application availability, performance, and scalability. NLBs are commonly used in cloud environments to expose services by using private connections, particularly when multiple endpoints need to be aggregated, or when direct endpoint management is not feasible.
  • Network traffic encryption. AWS doesn't encrypt network traffic by default, so it's advisable to set up a security protocol such as Transport Layer Security (TLS), or mutual TLS (mTLS).
Configuring this infrastructure relies on third-party software that IBM does not control. As such, any reference to this software might change and the information become outdated.
Restriction:
  • You can create private network connections only within the same region as your environment. To view your environment region, click Manage capabilities and then select the Environment details tab.
  • Only the following capabilities currently support private network connections:
    • API Connect
    • App Connect
    • webMethods API Gateway
    • webMethods Integration

About this task

Private network connections enable webMethods Hybrid Integration to connect to your private cloud on Amazon Web Services (AWS) without exposing your network traffic to the public internet. You create these private connections by using the AWS PrivateLink technology, and you can create one inbound connection and up to three outbound connections per webMethods Hybrid Integration environment. For more information about the AWS PrivateLink technology, see What is AWS PrivateLink?.

Outbound connections enable you to connect a Virtual Private Cloud (VPC) interface endpoint in webMethods Hybrid Integration to an endpoint service in your AWS account. Inbound connections enable you to connect your AWS VPC interface endpoint to a dedicated VPC endpoint service and router in webMethods Hybrid Integration.

Before you can create any private network connections, you must enable the Private network connections capability in webMethods Hybrid Integration.

Procedure

  1. From the webMethods Hybrid Integration home page, select Manage capabilities.
  2. In the Additional capabilities available section, click Add on the Private network connections tile.

    A confirmation dialog is displayed, which includes information about the base charge for the capability.

  3. Click Add capability to start the provisioning.

    After the capability is provisioned, it's displayed in the Environment capabilities section of the Capabilities tab and in the webMethods Hybrid Integration Home page main menu icon of four horizontal white lines on a black background. main menu.

What to do next

To start creating an outbound or inbound private network connection, click the Private network connections tile or its entry in the main menu.

You can delete the Private network connections capability by clicking Remove on its capability tile. However, you must first delete any associated inbound or outbound connections from the private network connections table.