r1 - 2019-04-25 - 22:27:30 - Main.jsaulmanYou are here: TWiki > 
Deployment Web > ELMSaaS > HTTPSAccessELM
Deployment Web > ELMSaaS > HTTPSAccessELM
HTTPS provides standard in-flight encryption. For large and enterprise customers, with over 200 subscribed users, in-flight encryption is enhanced by a site-to-site virtual private network tunnel.
VPN Access without Site-to-Site VPN Tunnel
The following diagram shows what network diagram should resemble (your particular implementation may vary depending on your vendors, etc.) for a SSL VPN connection environment without a dedicated SSL VPN tunnel.
Non-site-to-site Diagram Important Points
The important points to understand about this diagram include:- Individual users make the connection via VPN client from their workstation to the IBM Cloud environment
- VPN traffic for these users is no different than any other VPN communication they may currently utilize
- A remote user or a LAN-based corporate user will use an identical way to connect to the environment
- VPN users will connect to either the Virtual Private Cloud (VPC) for their production (and optionally sandbox and test) environment(s) or to a second VPC for the user acceptance testing environment (also optional)
- Customer network security is not changed in the use of this method and no additional firewall restrictions or permissions are required (unless VPN traffic is restricted normally)
VPN Access with Site-to-Site Dedicated VPN Tunnel
The following diagram shows what network diagram should resemble (your particular implementation may vary depending on your vendors, etc.) for a SSL VPN connection environment with a dedicated SSL VPN tunnel.
Site-to-site Diagram Important Points
The important points to understand about this network diagram include:- A dedicated tunnel directs all network traffic from customer backbone (depending on customer network vendor infrastructure) router directly to the IBM Cloud environment
- Network traffic from all users must travel through the customer's normal VPN (remote access methodology) to get to the tunnel entrance and to the IBM Cloud with one exception: when a customer uses a UAT environment, this is only accessed via SSL VPN separately from the tunnel connectivity exactly as it worked in the non tunnel diagram above
- The dedicated tunnel permits bi-directional communication between the cloud environment and the customer environment (with the exception of the UAT environment which is not covered)
- Remote users must connect to the company network to access the IBM Cloud production environment, which they did not have to do with SSL VPN connections (above) (with the exception of the UAT environment which is still accessed as previously mentioned)
Related topics: Engineering Lifecycle Management SaaS home, Deployment web home, Deployment web home
External links:
-
Deployment web
-
Planning and design
- Installing and upgrading
- Migrating and evolving
- Integrating
- Administering
- Monitoring
- Troubleshooting
- ELM SaaS
Community information and contribution guidelines 
Topic list 
Search 
Advanced search 
Notify 
RSS 
Atom 
Changes 
Statistics 
Web preferences 
NOTE: Please use the Sandbox web for testing -
To do
-
Under construction
-
New
-
Updated
-
Constant change
- None - stable page
- Smaller versions of status icons for inline text:
-
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Contributions are governed by our Terms of Use. Please read the following disclaimer.