Skip to main content

Adding a Network

Abstract

Networks can contain the resources to serve private applications (for example, web servers). They can also provide access to internet Applications (e.g. public websites and SaaS apps). These Applications can be addressed using domain names or IP addresses.

Networks can contain the resources to serve private applications (for example, web servers). They can also provide access to internet Applications (e.g. public websites and SaaS apps). These Applications can be addressed using domain names or IP addresses.

If these Applications are to be accessible via the WPC, either an Application or Route must be configured for that Network.

For an Application that needs to be accessible using IP address, a Route needs to be configured. In order to define granular services for access control to the services accessible from the IP subnets configured in RouteIP Service can be configured.

The Add Network configuration starts with an intention-based configuration wizard that can be skipped to continue with the form-based Network configuration.

It is recommended that you use the Wizard for the following reasons:

  • Configuration steps are tailored based on your intention(s) behind connecting your network to CloudConnexa so that no needed configuration is missed

  • Collection of information and sequencing of actions is done in a logical progression making it easier to understand and get your network connected

  • Connector installation and testing is integrated as one of the steps

  • Additional steps outside of network configuration are also included to ensure proper setup

Add A Network Using Wizard

To Configure a Network using the setup wizard, follow the procedures below:

Sign in to the CloudConnexa administration portal at https://cloud.openvpn.com.

  1. Navigate to Networks.

  2. Click Add Network. You may click Skip Wizard and Add A Network Using Form-based Configuration.

  3. Select one or multiple scenarios:

Remote Access – Connect your private resources to CloudConnexa. Provide remote access to your resources, which are Networked on IaaS Cloud, and on-premises resources. Read more.

remote_access.png

Site-to-Site – Connect multiple private networks to CloudConnexa (site-to-site connectivity). This wizard will assist you in adding a single network. Repeatedly use this wizard to connect all your networks. Read more.

site_to_site.png

Secure Internet Access – Provide secure access to public resources. Use this network as an Internet Gateway for all Internet traffic or only for selected public resources. You can then apply whitelisting rules on your public resources. Read more.

secure_internet.png

Define Network Details

network_wizard_define_network.png

  1. Enter a Network Name.

  2. (Optional) Enter a Description.

    Note

    The Wizard sets up only one Network. For additional Networks, you will need to perform the Add Network task once for every site.

Add Connector

network_wizard_add_connector.png

A Connector is an unattended device that provides constant connectivity to CloudConnexa. You can create multiple network Connectors for high availability and load balancing. It is recommended to choose the closest region to the location, where your Connector will be deployed.

  1. Enter a Name to identify the Connector.

  2. Select the Region closest to your Network. 

    Note

    The default Region is automatically selected.

  3. (Optional) Enter a Description.

Deploy Network Connector

network_deploy_connector.png

To deploy the Connector onto your Network, follow the procedure below:

  1. Select the Connector Type.

    • Choose where you would like to deploy your Connector

    • Follow the setup wizard to deploy your Connector

  2. Click Next.

Configure Internet Access (Secure Internet Access scenario)

configure_internet_access.png

  1. Select Internet Access:

    • All Internet traffic

    • Selected Applications and IP Services

  2. Select User GroupsNetworks , and Hosts, which will use this Network for all internet traffic.

    Note

    Internet Access will be set to Split Tunnel Off for selected User Groups, Networks, and Hosts. If you remove selection, Internet Access will be set to Split Tunnel On.

Configure Routing

configure_routing.png

When you connect a site to a WPC, you must ensure clients from the site are able to route traffic to other sites and remote clients. This can be achieved by adding static routes to your gateway router. This requires adding routes to WPC Subnets and Subnets of other Networks. Read More.

This screen lists routes that should be configured with the private IP address of the Connector as a target.

Important

To route traffic to your Network, you will need to configure at least one Application or IP Service.

To add a route to either an Application or IP Service, follow the procedures below:

(Optional) Add a Network Application

network_add_application.png

If you choose to add an IP Service instead, click Next.

network_access_to_public_and_private_domain.png

An Application must be configured to make a domain accessible from a Network (for public domains accessible from the Network, or private domains served within the Network). To configure an Application using the setup wizard, follow the procedure below:

Note

You may also specify subdomains.

  1. Enter an Application Name.

  2. Enter a Domain (ex: myNetwork.example.com

    Note

    You may also specify subdomains here.

  3. Select an Application Type (Protocols and/or Ports):

    • All

    • Custom

      • Click Save

(Optional) Add Route and Network IP Services

Route and IP Service must be configured to make an IP service accessible from a Network (for public IP addresses or subnets accessible from a Network, or private IP addresses or subnets that are a part of your Network). To configure an IP Service using the setup wizard, follow the procedure below:

Add Route

network_wizard_route2.png

  1. Enter an IP Address or Subnet.

  2. (Optional) Enter a Description.

  3. Click Create.

Add IP Service

network_wizard_add_ip_service2.png

  1. Enter a corresponding Name.

  2. Enter a corresponding IP Address or Subnet.

  3. Select the Service Type (Protocols and/or Ports):

    • All

    • Custom

      • Click Save

  4. Toggle Use as Source to ON to use IP Service as a Network source and to configure granular access controls to filter traffic from this Network.

    Note

    The IP Service will appear in both the Source and Destination columns in Access Groups.

  5. (Optional) enter a Description.

  6. Click Add.

    • To add additional IP Services, click the Add IP Service button

  7. Click Next.

Configure Access Group (Optional)

network_wizard_configure_access_group.png

Access Groups are used to define access control policies between Sources (i.e. Who?) User Groups, Networks, and Destinations (i.e. What?) Applications/IP Services.

You can create a new Access Group or update existing Access Group to define access to newly created Network and/or Applications/IP Services.

By default, an Access Group WPC topology is set to Full-Mesh, which means that all connected devices can freely access each other. You can edit or delete the default group only when more than one group exists. To configure granular access controls, change your WPC topology to Custom.

Create a new Access Group

  1. Click Create Access Group.

  2. Enter an Access Group Name.

  3. (Optional) Enter a Description.

  4. Select a Source (Who gets the access).

  5. Select a Destination (What gets accessed).

  6. Click Create.

  7. After configuring an Access Group(s) click Finish. You will be redirected to the newly created Network Overview screen.

Add A Network Using Form-based Configuration

network_form.png

To add a Network from the form-based Network configuration, follow the procedures below:

Sign in to the CloudConnexa administration portal at https://cloud.openvpn.com.

  1. Sign in to the CloudConnexa administration portal at https://cloud.openvpn.com.

  2. Click Add Network.

  3. Click Skip Wizard.

  4. Enter a Network Name.

  5. Select the Internet Access for your Network from the drop-down menu:

    • Split Tunnel On (Level-1 Security) — Private and trusted internet traffic is tunneled, all other internet traffic uses local internet

    • Split Tunnel Off (Level-2 Security) — All traffic is tunneled, internet traffic exits from selected Internet Gateways

    • Restricted Internet (Level-3 Security) — Private and trusted internet traffic is tunneled, all other internet traffic is blocked

      • Trusted internet traffic — public domains and public subnets used as routes for remote Networks. Read more about security levels

  6. To configure this Network as an egress, toggle the Internet Gateway button to ON. Please make sure that the following configuration is done when you enable Internet Gateway (Egress):

    • Network Connector is installed

    • Routing and NAT are configured on Network Connector

    • Connector is online

  7. (Optional) Enter a Description.

    Important

    To establish a connection with your Network, you must specify at least one Application or IP Service / Route.

Add Connector

network_form_connector.png

  1. Click Add Connector

  2. Enter a Name to identify the Connector.

  3. Select a Region closest to your Network. 

    Note

    The default Region will be selected.

  4. (Optional) Description.

  5. Click Add.

(Optional) Add a Network Application

network_form_app.png

To add an Application, follow these procedures:

  1. Click the Applications tab.

  2. Click Add Application.

  3. Enter the Application Domain (ex: myNetwork.example.com).

    • This Domain will append the selected Network domain name (ex: domain.myNetwork.example.com).

  4. (Optional) Toggle Allow Embedded IP to ON. 

    Note

    Embedded IP enables implicit domain resolution. This is useful for IoT / IIoT devices which can allow remote SSH access. You can use the private IP address of the device and the Network Application Domain Name to create a hostname without configuring a DNS record. For example SSH<private ip address>.Network Application Domain Name.

  5. Select a Service Type:

    • All

    • Custom

      • Click Save

  6. (Optional) enter a Description.

  7. Click Add.

(Optional) Add a Network IP Service

network_form_ip_service.png

To add an Application, follow these procedures:

  1. Click the Applications tab.

  2. Click Add Application.

  3. Enter the Application Domain (ex: myNetwork.example.com).

    • This Domain will append the selected Network domain name (ex: domain.myNetwork.example.com).

  4. (Optional) Toggle Allow Embedded IP to ON. 

    Note

    Embedded IP enables implicit domain resolution. This is useful for IoT / IIoT devices which can allow remote SSH access. You can use the private IP address of the device and the Network Application Domain Name to create a hostname without configuring a DNS record. For example: SSH<private ip address>.Network Application Domain Name.

  5. Select a Service Type:

    • All

    • Custom

      • Click Save

  6. (Optional) enter a Description.

  7. Click Add.

Configure Access Groups

To learn more abut access control policies for the newly created Host, see CloudConnexa Access Group.

Update a Network

network_update_network.png

You may update or delete a Network, its Applications, IP Services, and Connectors. To do so, follow the procedures below:

  1. Navigate to Networks.

  2. Click the edit icon (pencil) of the Network to be updated.

  3. Click Update when complete.

Delete a Network

network_delete.png

  1. Navigate to Networks.

  2. Select the checkbox of the Network to be deleted.

  3. Click the delete icon (trash can).

  4. Click Remove.

Update an Application

network_update_app.png

  1. Navigate to Networks > Applications.

  2. Click the edit icon (pencil) of the Application to be updated.

  3. Click Update when complete.

Delete an Application

network_delete_app.png

  1. Navigate to Networks > Applications.

  2. Click the delete icon (trash can) of the Application to be removed.

  3. Click Remove.

Update IP Services

network_update_ip_service.png

  1. Navigate to Networks > IP Services.

  2. Click the edit icon (pencil) next to the IP Service to be updated.

  3. Click Update when complete.

Delete an IP Service

network_delete_ip_service.png

  1. Navigate to Networks > IP Services.

  2. Click the delete icon (trash can) of the IP Service to be deleted.

  3. Click Remove.

Update Route

network_update_route.png

  1. Navigate to Networks > IP Services.

  2. Click the edit icon (pencil) next to the Route to be updated.

  3. Click Update when complete.

Delete Route

network_delete_route.png

  1. Navigate to Networks > IP Services.

  2. Click the delete icon (trash can) of the Route to be deleted.

  3. Click Remove.

Update Connectors

network_update_connector.png

  1. Navigate to Networks > Connectors.

  2. Click the edit icon (pencil) next to the Connector to be updated.

  3. Click Update when complete.

Delete a Connector

network_delete_connector.png

  1. Navigate to Network > Connectors.

  2. Click the kebab menu (three dots) of the Connector to be deleted.

  3. Click Delete.

In this section: