All Products
Search

This Product

    Virtual Private Cloud:Connect multiple sites

    Document Center

    Virtual Private Cloud:Connect multiple sites

    Last Updated:Nov 21, 2023

    You can connect multiple sites by using Smart Access Gateway (SAG) or the VPN-Hub feature of VPN Gateway.

    Service comparison

    You can use the following services to connect multiple sites.

    Service

    Description

    Benefits

    VPN Gateway

    You can establish secure connections among multiple sites by using VPN gateways. The VPN-Hub feature enables communication among different sites, or between sites and virtual private clouds (VPCs).

    • Low cost.

    • Ready-to-use.

    • The configuration immediately takes effect.

    SAG

    You can purchase SAG instances for branch offices and associate the SAG instances with a Cloud Connect Network (CCN) instance. Then, the branch offices can communicate with each other.

    • Ready-to-use. Automatic configuration is supported.

    • Data transmitted over the Internet between the data center and the VPC is encrypted.

    • You can connect to nearby access points in a metropolitan area network (MAN). Branch offices can be connected to Alibaba Cloud by using active and standby access devices or connections.

    VPN Gateway and VPC peering connection

    You can connect application systems and offices around the world by using a combination of VPN gateways and VPC peering connections.

    • High network quality.

    • Ready-to-use. The configuration immediately takes effect.

    Note

    The network latency and availability vary based on the Internet.

    Examples

    SAG

    SAG is an all-in-one solution that can be used to connect your workloads to Alibaba Cloud. You can use SAG to access the Internet from the nearest locations. The connections that are established by SAG are secure and reliable.

    You can purchase SAG instances for branch offices and associate the SAG instances with a CCN instance. Then, the branch offices can communicate with each other.

    VPN Gateway

    The IPsec-VPN feature of VPN Gateway provides site-to-site VPN connections. Each VPN gateway supports up to 10 IPsec-VPN connections. You can purchase a VPN gateway and establish connections among up to 10 data centers or branch offices in different regions.

    You can create multiple site-to-site IPsec connections among sites, or between sites and VPCs by using VPN-Hub. VPN-Hub allows large enterprises to establish private connections across branch offices that run business in different regions.

    By default, the VPN-Hub feature is enabled. You need to only configure an IPsec-VPN connection between each branch office and Alibaba Cloud. No additional configurations or payments are required. Each VPN gateway supports up to 10 IPsec-VPN connections, which indicates that you can connect up to 10 branch offices in different regions by using one VPN gateway. The following figure shows how to establish connections among the branch offices in Shanghai, Hangzhou, and Ningbo by using a VPN gateway.

    Use VPC peering connections and VPN gateways to establish a high-speed global network

    You can establish connections among applications and branch offices worldwide by using VPC peering connections and VPN gateways. This solution ensures secure communication and optimal network quality, and minimizes your costs.

    The following figure shows how to establish connections among the branch offices that are connected to the VPC in the US (Virginia) region and the VPC in the China (Shanghai) region. You can deploy applications in both VPCs and connect the two VPCs by using a VPC peering connection. Then, you can connect the branch offices to each VPC by using the IPsec-VPN tunnel.