Connectivity
VPN Connections
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
VGS provides VPN connections to enterprise customers for both inbound and outbound traffic across a range of supported protocols. To discuss your requirements, please contact VGS and plan an implementation.
Dedicated Routing and Static IP Addresses
VGS supports both static inbound and outbound, shared and dedicated IP addresses for the purposes of routing and security for enterprise customers. By default, customers use a shared pool of IP addresses for outbound traffic and a dynamic set of IP addresses for inbound traffic. To discuss your requirements, please contact VGS and plan an implementation.
CNAME and TLS
VGS Inbound Routes support custom CNAME and TLS certificates via the VGS Dashboard and API. Bring your own certificates are available for enterprise customers. To discuss your certificate requirements, please contact VGS and plan an implementation.
mTLS
VGS inbound and outbound routes support mTLS and mutual authentication for enterprise customers.
AWS PrivateLink
Use AWS PrivateLink to establish private, direct connectivity between VGS and your service providers or internal services. AWS PrivateLink is used in place of VPN or VPC connections to and from AWS-enabled services.
Overview
Using AWS PrivateLink connectivity offers many benefits, including:
Private Connectivity: AWS PrivateLink provides secure, private connectivity between VPCs, AWS services, and on-premises networks without exposing traffic to the public internet.
Reduced Attack Surface: By keeping traffic within the AWS network, PrivateLink minimizes exposure to potential threats and vulnerabilities associated with the public internet.
Low Latency: Since the data does not traverse the public internet, it experiences lower latency and potentially higher throughput.
Easier VPC Peering: Establishing connectivity with services in different VPCs becomes straightforward without the complexity of VPC peering configurations.
Simplified Management: Customers can manage and monitor their private connections easily using VGS Management Console, CLI, or APIs.
AWS PrivateLink connectivity is available in the following Availability Zones
prod/vault/live
US
use1-az2, use1-az4, use1-az6
prod/vault/live-eu-1
EU
euc1-az1, euc1-az2, euc-az3
prod/vault/live-ap-1
AP
apse1-az1, apse1-az2, apse1-az3
With VGS, AWS PrivateLink connections come in two flavors
Service Provider - Inbound Connections to VGS - Establish PrivateLink connectivity into VGS services
Service Consumer - Outbound Connections from VGS - Establish PrivateLink connections from VGS into your services
Service Provider - Inbound Connections from Third Party to VGS
In order to establish a PrivateLink connection to VGS, the customer must provide the following information to VGS
Customer AWS Account ID
Any valid AWS account ID
Customer AWS Region
Either us-east-1 or eu-central-1 or ap-southeast-1
Ports + Service(s)
forward-http-proxy - 4433 reverse-http-proxy - 443 sftp-proxy - 8022 tcp-proxy, ports 9000-9900 These ports are which each VGS service protocol will be exposed on via the PrivateLink NLB
Service Consumer - Outbound Connections from VGS to Third Party
In order to establish a PrivateLink connection from VGS, the customer must provide the following information to VGS
Customer AWS Account ID
Any valid AWS account ID
Customer AWS Region
Either us-east-1 or eu-central-1 or ap-southeast-1
PrivateLink Service Name
e.g. com.amazonaws.vpce.us-east-1.vpce-svc-0e123abc123198abc
PrivateLink Service Endpoint
e.g. vpce-svc-03d5ebb7d9579a2b3.us-east-1.vpce.amazonaws.com
Ports + Service(s)
List of Ports + Service(s)
Last updated