Open Telekom Cloud for Business Customers

Extend your cloud and your options - creating a Virtual Private Network VPN connection between Open Telekom Cloud and DSI vCloud

Using the web interface (“service console”) of Open Telekom Cloud and the Web-Portal of DSI vCloud Director for quickly set up a secure Virtual Private Network Connection (VPN) through the Internet between Open Telekom Cloud and DSI vCloud in a self-service manner. Connect both “Cloud Worlds” together which brings a lot of advantages and agility for your IT.

Connecting means that Applications and Server are able to communicate through this “isolated Tunnel” in a secure way. This enables you to establish Disaster Recovery Concepts on Application Level or make use of Central Services e. g. located in DSI vCloud also accessible from Open Telekom Cloud.

Graphis show the connecting in "Cloud Worlds".
 

Preparation

Before Starting some info’s must be noticed, because the VPN’s needs info from the opposite environment:

DSI vCloud

Remote Gateway: <DSI vCloud Edge Gateway Internet IP chosen for VPN>
How to obtain Remote Gateway (External Network IP on Edge Gateway – Flexible Internet IP):
On Edge Gateway Services choose Tab VPN and click on “Configure Public IPs”. Choose an IP of Network vm-vl<xxxx>-dsi-vcd-inet-flex:

Screenshot of a Remote Gateway DSI vCloud.
 

After getting the IP click “Cancel”!
Local Network: <private network(s) of vCloud which should be connected to VPN>

Common

PSK/Shared Key:  <value containing an alphanumeric string between 32-128 in length> 
Best Practice: Use 128 for strong encryption.

Establish the connection

1. First Create VPN on Open Telekom Cloud:

Click “Virtual Private Cloud” in Section “Network” on Open Telekom Cloud console.
Click “VPNs” in Section “My resources”
Click “+ Create VPN”

Screenshot showing how to create a VPN on Open Telekom Cloud.
 

VPC:                       <Choose Name of VPC on which VPN should be created>
Name:                    <Name of VPN>
PSK:                         <value containing an alphanumeric string between 32-128 in length>
Local Subnets:        <mark local OTC Subnet(s) which should be connected to VPN>
Remote Gateway: < External Network IP on DSI vCloud Edge Gateway – Flexible Internet IP>
Remote Subnets:    <DSI vCloud local Subnet(s) which should be accessible>

IKE Policy Parameters:
Authentication Algorithm:     sha1
Encryption Algorithm:           aes-256
DH Algorithm:                        group2
Version:                                  v1
Lifecycle (sec):                       86400

IPSec Policy Parameters:
Authentication Algorithm:     sha1
Encryption Algorithm:           aes-256
DH Algorithm:                        group2
Transfer Protocol:                  esp
Lifecycle:                                3600

After Confirmation with “Create Now” the VPN will be created:

Screenshot showing how to create a VPN on Open Telekom Cloud.
 

After Creation the Status changes to “Not connected”.
Use also the refresh Button on the right side.
In the background all for VPN necessary Ports opened and NAT-Rules for the connection are created automatically.

Note also the Local Gateway of Open Telekom Cloud for use in DSI vCloud VPN Setting! 

2. Create VPN on DSI vCloud:

Double-click the organization virtual datacenter name to open the organization virtual datacenter.
Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.
Click the VPN tab.
Click Add

Screenshot of creating VPN on DSI vCloud.
 

Name:     <Name of VPN>
Description: <description>
Mark: “Enable this VPN configuration”
Estabilsh VPN to: a remote network

Local Networks: Mark all wanted local networks which should be connected to VPN

Peer Networks: Put in all local networks of Open Telekom Cloud  which should be connected.

Local Endpoint: Choose the “vm-vl<xxxx>-dsi-vcd-inet-flex” network
Local ID: Put in the local gateway IP of DSI vCloud
Peer ID: Put in the local gateway IP of Open Telekom Cloud

Peer IP: Put in the local gateway IP of Open Telekom Cloud

Encryption protocol: Choose “AES-256”
Shared Key: Put in Shared Key / PSK

MTU: 1500

Modify the settings as appropriate and click OK.
On next window click OK and the VPN on the Edge Gateway is configured and started.

Screenshot of the configuration Service at VPN overview.
In the background all for VPN necessary Ports opened and NAT-Rules for the connection are created automatically.
 

After Creation check the VPN status:

Screenshot shows the VPN vCloud status.
Sometimes the status is shown as disconnected – even when connected. This is a known BUG.
 

After configuring the VPN Gateway of vCloud check the status on the Open Telekom Cloud VPN:

Screenshot showing normal status for the Open Telekom Cloud VPN.
The Status should be “Normal” now – this means that the VPN is up and connected!
 

Now you can start to connect your Applications in a secure manner and more between Open Telekom Cloud and DSI vCloud.

Summary

Open Telekom Cloud and DSI vCloud offers a Self Service VPN. With an appropriate Setting these VPN endpoints and the networks behind can be connected together.

What’s Next?

Creation of FW-Rules on Open Telekom Cloud and DSI vCloud so that only through the defined Ports connections can be established between both Clouds. After this new and already exiting Server and Applications can use the Connection.

Resources

Open Telekom Cloud Documentation
VMware vCloud Director 5.6 Dokumentationszentrum
VMware-Tutorial „Creating an IPsec VPN Connection“

 
Foto von Engelbert Eckstein

Engelbert Eckstein studied communications and data systems technology at the university of applied science “Georg SIMON OHM” of Nuremberg. Since the late 90 he has been working with Mainframe, different Unix Derivates and Storage Technologies. Since 2004 he mainly deals with operations, engineering and architecture of T-Systems Cloud environments - first with Appliance Computing (AppCom), then with Dynamic Computing Platform (DCP) and DSI vCloud and finally at Open Telekom Cloud.

 
 

Book now and claim starting credit of EUR 250* (code: 4UOTC250)

Book now
 
Take advantage of our consulting services!
Our experts will be happy to help you.
We will answer any questions you have regarding testing, booking and usage – free and tailored to your needs. Try it out today!

Hotline: 24 hours a day, seven days a week 
0800 3304477from Germany
+800 33044770from abroad
Write an E-mail

* Voucher can be redeemed until December 31, 2024. Please contact us when using the voucher for booking. The discount is only valid for customers with a billing address in Germany and expires two months after conclusion of the contract. The credit is deducted according to the valid list prices as per the service description. Payment of the credit in cash is excluded.

 
  • Communities

    The Open Telekom Cloud Community

    This is where users, developers and product owners meet to help each other, share knowledge and discuss.

    Discover now

  • Telefon

    Free expert hotline

    Our certified cloud experts provide you with personal service free of charge.

     0800 3304477 (from Germany)

         +800 33044770 (from abroad)

         24 hours a day, seven days a week

  • E-Mail

    Our customer service is available free of charge via E-Mail

    Write an E-Mail