Open Telekom Cloud for Business Customers

Extend your cloud and your options - creating a Virtual Private Network VPN connection between Open Telekom Cloud and DSI vCloud

Using the web interface (“service console”) of Open Telekom Cloud and the Web-Portal of DSI vCloud Director for quickly set up a secure Virtual Private Network Connection (VPN) through the Internet between Open Telekom Cloud and DSI vCloud in a self-service manner. Connect both “Cloud Worlds” together which brings a lot of advantages and agility for your IT.

Connecting means that Applications and Server are able to communicate through this “isolated Tunnel” in a secure way. This enables you to establish Disaster Recovery Concepts on Application Level or make use of Central Services e. g. located in DSI vCloud also accessible from Open Telekom Cloud.

Connecting "Cloud Worlds"

Preparation

Before Starting some info’s must be noticed, because the VPN’s needs info from the opposite environment:

DSI vCloud

Remote Gateway: <DSI vCloud Edge Gateway Internet IP chosen for VPN>
How to obtain Remote Gateway (External Network IP on Edge Gateway – Flexible Internet IP):
On Edge Gateway Services choose Tab VPN and click on “Configure Public IPs”. Choose an IP of Network vm-vl<xxxx>-dsi-vcd-inet-flex:

Remote Gateway DSI vCloud

After getting the IP click “Cancel”!
Local Network: <private network(s) of vCloud which should be connected to VPN>

Common

PSK/Shared Key:  <value containing an alphanumeric string between 32-128 in length> 
Best Practice: Use 128 for strong encryption.

Establish the connection

1. First Create VPN on Open Telekom Cloud:

Click “Virtual Private Cloud” in Section “Network” on Open Telekom Cloud console.
Click “VPNs” in Section “My resources”
Click “+ Create VPN”

Creating VPN on Open Telekom Cloud

VPC:                       <Choose Name of VPC on which VPN should be created>
Name:                    <Name of VPN>
PSK:                         <value containing an alphanumeric string between 32-128 in length>
Local Subnets:        <mark local OTC Subnet(s) which should be connected to VPN>
Remote Gateway: < External Network IP on DSI vCloud Edge Gateway – Flexible Internet IP>
Remote Subnets:    <DSI vCloud local Subnet(s) which should be accessible>

IKE Policy Parameters:
Authentication Algorithm:     sha1
Encryption Algorithm:           aes-256
DH Algorithm:                        group2
Version:                                  v1
Lifecycle (sec):                       86400

IPSec Policy Parameters:
Authentication Algorithm:     sha1
Encryption Algorithm:           aes-256
DH Algorithm:                        group2
Transfer Protocol:                  esp
Lifecycle:                                3600

After Confirmation with “Create Now” the VPN will be created:

Creating Virtual Private Network

After Creation the Status changes to “Not connected”.
Use also the refresh Button on the right side.
In the background all for VPN necessary Ports opened and NAT-Rules for the connection are created automatically.

Note also the Local Gateway of Open Telekom Cloud for use in DSI vCloud VPN Setting! 

2. Create VPN on DSI vCloud:

Double-click the organization virtual datacenter name to open the organization virtual datacenter.
Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.
Click the VPN tab.
Click Add

Creating VPN on DSI vCloud

Name:     <Name of VPN>
Description: <description>
Mark: “Enable this VPN configuration”
Estabilsh VPN to: a remote network

Extend your cloud and your options - creating a Virtual Private Network VPN connection between Open Telekom Cloud and DSI vCloud

07.07.2016 by Engelbert Eckstein

Share article     

Using the web interface (“service console”) of Open Telekom Cloud and the Web-Portal of DSI vCloud Director for quickly set up a secure Virtual Private Network Connection (VPN) through the Internet between Open Telekom Cloud and DSI vCloud in a self-service manner. Connect both “Cloud Worlds” together which brings a lot of advantages and agility for your IT.

Connecting means that Applications and Server are able to communicate through this “isolated Tunnel” in a secure way. This enables you to establish Disaster Recovery Concepts on Application Level or make use of Central Services e. g. located in DSI vCloud also accessible from Open Telekom Cloud.

Preparation

Before Starting some info’s must be noticed, because the VPN’s needs info from the opposite environment:

DSI vCloud

Remote Gateway: <DSI vCloud Edge Gateway Internet IP chosen for VPN>
How to obtain Remote Gateway (External Network IP on Edge Gateway – Flexible Internet IP):
On Edge Gateway Services choose Tab VPN and click on “Configure Public IPs”. Choose an IP of Network vm-vl<xxxx>-dsi-vcd-inet-flex:

After getting the IP click “Cancel”! Local Network:

After getting the IP click “Cancel”!
Local Network: <private network(s) of vCloud which should be connected to VPN>

Common

PSK/Shared Key:  <value containing an alphanumeric string between 32-128 in length> 
Best Practice: Use 128 for strong encryption.

Establish the connection

1. First Create VPN on Open Telekom Cloud:

Click “Virtual Private Cloud” in Section “Network” on Open Telekom Cloud console.
Click “VPNs” in Section “My resources”
Click “+ Create VPN”

VPC:                       <Choose Name of VPC on which VPN should be created>
Name:                    <Name of VPN>
PSK:                         <value containing an alphanumeric string between 32-128 in length>
Local Subnets:        <mark local OTC Subnet(s) which should be connected to VPN>
Remote Gateway: < External Network IP on DSI vCloud Edge Gateway – Flexible Internet IP>
Remote Subnets:    <DSI vCloud local Subnet(s) which should be accessible>

IKE Policy Parameters:
Authentication Algorithm:     sha1
Encryption Algorithm:           aes-256
DH Algorithm:                        group2
Version:                                  v1
Lifecycle (sec):                       86400

IPSec Policy Parameters:
Authentication Algorithm:     sha1
Encryption Algorithm:           aes-256
DH Algorithm:                        group2
Transfer Protocol:                  esp
Lifecycle:                                3600

After Confirmation with “Create Now” the VPN will be created:

After Creation the Status changes to “Not connected”.
Use also the refresh Button on the right side.
In the background all for VPN necessary Ports opened and NAT-Rules for the connection are created automatically.

Note also the Local Gateway of Open Telekom Cloud for use in DSI vCloud VPN Setting! 

2. Create VPN on DSI vCloud:

Double-click the organization virtual datacenter name to open the organization virtual datacenter.
Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.
Click the VPN tab.
Click Add

Name:     <Name of VPN>
Description: <description>
Mark: “Enable this VPN configuration”
Estabilsh VPN to: a remote network

Local Networks: Mark all wanted local networks which should be connected to VPN

Peer Networks: Put in all local networks of Open Telekom Cloud  which should be connected.

Local Endpoint: Choose the “vm-vl<xxxx>-dsi-vcd-inet-flex” network
Local ID: Put in the local gateway IP of DSI vCloud
Peer ID: Put in the local gateway IP of Open Telekom Cloud

Peer IP: Put in the local gateway IP of Open Telekom Cloud

Encryption protocol: Choose “AES-256”
Shared Key: Put in Shared Key / PSK

MTU: 1500

Modify the settings as appropriate and click OK.
On next window click OK and the VPN on the Edge Gateway is configured and started.

Configuration Service In the background all for VPN necessary Ports opened and NAT-Rules for the connection are created automatically.

After Creation check the VPN status:

VPN status vCloud Sometimes the status is shown as disconnected – even when connected. This is a known BUG.

After configuring the VPN Gateway of vCloud check the status on the Open Telekom Cloud VPN:

Status on the Open Telekom Cloud VPN The Status should be “Normal” now – this means that the VPN is up and connected!

Now you can start to connect your Applications in a secure manner and more between Open Telekom Cloud and DSI vCloud.

Summary

Open Telekom Cloud and DSI vCloud offers a Self Service VPN. With an appropriate Setting these VPN endpoints and the networks behind can be connected together.

What’s Next?

Creation of FW-Rules on Open Telekom Cloud and DSI vCloud so that only through the defined Ports connections can be established between both Clouds. After this new and already exiting Server and Applications can use the Connection.

Resources

Open Telekom Cloud Documentation
VMware vCloud Director 5.6 Dokumentationszentrum
VMware-Tutorial „Creating an IPsec VPN Connection“


Engelbert Eckstein Engelbert Eckstein studied communications and data systems technology at the university of applied science “Georg SIMON OHM” of Nuremberg. Since the late 90 he has been working with Mainframe, different Unix Derivates and Storage Technologies. Since 2004 he mainly deals with operations, engineering and architecture of T-Systems Cloud environments - first with Appliance Computing (AppCom), then with Dynamic Computing Platform (DCP) and DSI vCloud and finally at Open Telekom Cloud.


Book now and claim starting credit of EUR 250* (code: 4UOTC250)
24/7 Service
Take advantage of our consulting services!

Our experts will be happy to help you.

We will answer any questions you have regarding testing, booking and usage – free and tailored to your needs. Try it out today!

Hotline: 24 hours a day, seven days a week 

0800 33 04477 from Germany
00800 44 556 600 from abroad

* Voucher can be redeemed until June 30, 2020. Please contact us when using the voucher for booking. The discount is only valid for customers with a billing address in Germany and expires two months after conclusion of the contract. The credit is deducted according to the valid list prices as per the service description. Payment of the credit in cash is excluded.


  • Test it today – with no obligation and free of charge

    Book now and claim starting credit of EUR 250*
    Code: 4UOTC250

    Book now

  • Telefon

    Free expert hotline

    Our certified cloud experts provide you with personal service free of charge.

    0800 33 04477 (from Germany)

    24 hours a day, seven days a week

  • E-Mail

    Our customer service is available free of charge via E-Mail

    Write an E-Mail

  • Arrange an appointment

    Our Open Telekom Cloud experts provide you with free, non-binding and idividual support

    Arrange an appointment