VPN Gateway:Overview of best practices

VPN gateway network type

Scenario

Reference

Internet

Enable communication between virtual private clouds (VPCs) by using a VPN gateway

Enable communication between two VPCs by using an IPsec-VPN connection in dual-tunnel mode

Synchronize or migrate data by using Data Transmission Service (DTS) over a VPN gateway

• Synchronize data to a database in a VPC over a VPN gateway

• Use DTS to synchronize data between ApsaraDB RDS and Amazon EC2 over a VPN gateway

• Use DTS to migrate data from Azure to ApsaraDB RDS over a VPN gateway

Establish IPsec-VPN connections between Alibaba Cloud VPN gateways and other cloud services

• Use IPsec-VPN to connect Alibaba Cloud VPCs to Amazon VPCs

• Use DTS to migrate data from Azure to ApsaraDB RDS over a VPN gateway

Query and analyze the data transfer information of a VPN gateway

Query and analyze the data transfer information of a VPN gateway based on ENI flow logs

VPN gateway network type

Scenario

Reference

Internet

Enable communication between VPCs by using a VPN gateway

Establish IPsec-VPN connections between two VPCs

Establish high-availability IPsec-VPN connections

• Use two public IP addresses to create active/standby IPsec-VPN connections

• Configure active/standby connections by using IPsec-VPN and an Express Connect circuit

Use VPN Gateway together with other services

• Configure active/standby connections by using IPsec-VPN and an Express Connect circuit

• Use IPsec-VPN and CEN to build a high-quality global network

Connect multiple offices to each other and to a VPC

Connect multiple offices to each other and to a VPC

Internal network

Encrypt a private connection by using a private VPN gateway

• Overview of configuration methods

• Encrypt private connections by using static routes

• Encrypt private connections by using static routing and BGP routing

• Encrypt private connections by using BGP routing

IPsec-VPN connection network type

Scenario

Reference

Internet

Establish high-availability IPsec-VPN connections

Configure active/standby connections by using IPsec-VPN (transit router associated) and an Express Connect circuit

Create multiple IPsec-VPN connections over the Internet for load balancing

Internal network

Enable encrypted connections by using IPsec-VPN

Create multiple private IPsec-VPN connections to implement load balancing

Category

Alibaba Cloud service

Reference

Network connection

NAT Gateway

Use a VPC NAT gateway and a VPN gateway to connect a data center and a VPC

Cloud Enterprise Network (CEN)

Connect a third-party SD-WAN appliance to a transit router to establish communication between data centers and VPCs

Elastic Desktop Service (EDS)

Use IPsec-VPN to access a cloud computer from the Alibaba Cloud Workspace client over a private network

EDS and Express Connect

Use Express Connect circuits and IPsec-VPN gateways to establish active/standby connections to access cloud computers over private networks

Network monitoring

Network Intelligence Service (NIS)

Self-service diagnostics for IPsec-VPN connections

CloudMonitor

Monitor system events of an IPsec-VPN connection

DNS services

Alibaba Cloud DNS PrivateZone

Use Alibaba Cloud DNS PrivateZone and VPN Gateway to allow ECS instances in a VPC to access an on-premises DNS

Access Alibaba Cloud DNS from an on-premises network through a VPN Gateway

Databases

Database Backup (DBS)

Back up a self-managed database in an on-premises data center connected to Alibaba Cloud through VPN Gateway or Smart Access Gateway to OSS or DBS