r1 - 2019-04-25 - 22:27:30 - JerrySaulmanYou are here: TWiki >  Deployment Web > ELMSaaS > HTTPSAccessELM

HTTPS (SSL) Access todo.png

Authors: JerrySaulman, StevenBeard

HTTPS provides standard in-flight encryption. For large and enterprise customers, with over 200 subscribed users, in-flight encryption is enhanced by a site-to-site virtual private network tunnel.

VPN Access without Site-to-Site VPN Tunnel

The following diagram shows what network diagram should resemble (your particular implementation may vary depending on your vendors, etc.) for a SSL VPN connection environment without a dedicated SSL VPN tunnel.

network_diagram_professional_tier_1v4.1.jpg

Non-site-to-site Diagram Important Points

The important points to understand about this diagram include:

  • Individual users make the connection via VPN client from their workstation to the IBM Cloud environment
  • VPN traffic for these users is no different than any other VPN communication they may currently utilize
  • A remote user or a LAN-based corporate user will use an identical way to connect to the environment
  • VPN users will connect to either the Virtual Private Cloud (VPC) for their production (and optionally sandbox and test) environment(s) or to a second VPC for the user acceptance testing environment (also optional)
  • Customer network security is not changed in the use of this method and no additional firewall restrictions or permissions are required (unless VPN traffic is restricted normally)

The complexity of your solution may vary but this is a representative diagram that explains the basic technology that could be implemented.

VPN Access with Site-to-Site Dedicated VPN Tunnel

The following diagram shows what network diagram should resemble (your particular implementation may vary depending on your vendors, etc.) for a SSL VPN connection environment with a dedicated SSL VPN tunnel.

network diagram professional tier 2v4.1.jpg

Site-to-site Diagram Important Points

The important points to understand about this network diagram include:

  • A dedicated tunnel directs all network traffic from customer backbone (depending on customer network vendor infrastructure) router directly to the IBM Cloud environment
  • Network traffic from all users must travel through the customer's normal VPN (remote access methodology) to get to the tunnel entrance and to the IBM Cloud with one exception: when a customer uses a UAT environment, this is only accessed via SSL VPN separately from the tunnel connectivity exactly as it worked in the non tunnel diagram above
  • The dedicated tunnel permits bi-directional communication between the cloud environment and the customer environment (with the exception of the UAT environment which is not covered)
  • Remote users must connect to the company network to access the IBM Cloud production environment, which they did not have to do with SSL VPN connections (above) (with the exception of the UAT environment which is still accessed as previously mentioned)

The complexity of your solution may vary but this is a representative diagram that explains the basic technology that could be implemented.

Related topics: Engineering Lifecycle Management SaaS home, Deployment web home, Deployment web home

External links:

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our Terms of Use. Please read the following disclaimer.
Ideas, requests, problems regarding the Deployment wiki? Create a new task in the RTC Deployment wiki project