Introduction

Download this manual as a PDF file

This section describes how to build a Virtual Private Network (VPN) between a SL1 Software-as-a-Service (SaaS) environment and the customer network, specifically on Amazon Web Services (AWS).

SaaS Connectivity

SaaS on SL1 is currently a single-tenant application hosted in a dedicated Virtual Private Cloud (VPC). This method provides a direct path for the data engine to connect to and pull data from every Data Collector in your SL1 system. You must have private connectivity from the SL1 VPC to the customer network deployed within a customer-managed AWS Transit Gateway.

This Transit Gateway can be connected to the customer's on-premises environment using the following methods:

  • An existing or new AWS Site-to-Site IPSec VPN
  • An existing AWS Direct Connect connection

Terminology

This section defines some of the common terminology you will encounter when configuring a site-to-site VPN:

  • VPN connection. A secure connection between on-premises equipment and AWS VPCs.
  • VPN tunnel. An encrypted link where data can pass from the customer network to or from AWS. Each VPN connection includes two VPN tunnels which you can simultaneously use for high availability.
  • Customer gateway device (CGW). A physical device or software application on the customer side of the site-to-site VPN connection.
  • Transit gateway (TGW). A transit hub that can be used to interconnect multiple VPCs and on-premises networks. It also serves as a VPN endpoint for the Amazon side of the site-to-site VPN connection.