Digibee connectivity solutions
Learn more about Digibee’s VPN and NAT solutions
Virtual Private Network (VPN) is a technology used to establish secure and encrypted connections over a public network such as the Internet. You can use Digibee’s VPN to connect to your workloads wherever they are hosted.
Digibee provides an IPSEC-based VPN solution that allows you to extend your private network (a private cloud or an on-premise data center ) to your Digibee SaaS realm. To do this, we create one VPN Linux instance per realm and configure this instance to connect to your VPN Gateway and realm infrastructure simultaneously.
A realm can have multiple VPN instances. A VPN instance can belong to a single realm.
IPSEC, the protocol used by Digibee's VPN solution, establishes secure connections over the internet by employing two phases: Phase 1 and Phase 2.
In Phase 1, a secure tunnel is established over which information flows between two VPN gateway devices.During this phase, the devices exchange credentials.They identify each other and negotiate to find a common set of security settings to use.
Once Phase 1 is complete, the parties move on to Phase 2. This phase is about securing the data transmitted between the two devices by establishing encryption and authentication policies.
You can use a VPN instance as a Network Address Translation (NAT) gateway to reach Internet hosts that require a fixed IP. When you do this, your pipelines use the VPN instance as NAT and all outbound traffic to a specific destination is routed through a single IP address associated with that realm’s VPN instance.
To add a VPN connection to a realm, contact Digibee’s support team or your Customer Success Manager (CSM). Be sure to provide the following information:
- IP of the application you want to connect to.
- Port of the application you want to connect to.
- Phase 2 range if the IP of your application is private.
VPNs for test environments are deployed as a single gateway instance, while VPNs for production environments can be deployed in pairs for redundancy.
VPN gateway sizes depend on the number of RTUs in your current subscription. To learn more about this, read our documentation on Capacity and quotas.
Digibee offers two VPN redundancy models:
- The Active/Active model: this model maintains two active (UP) tunnels. When you use this model, the destination connections to your network, such as IPs and ports, must be fully available on the VPN instances.
- The Active/Passive model: in this model, there is an active (UP) tunnel and a backup tunnel that becomes active when the first tunnel becomes unavailable.
When you enable a redundant VPN connection, we recommend that you plan for a 1-hour unavailability of your current VPN connection.
- FTP and FTPS components are not compatible with VPN/NAT.
- Digibee Integration Platform supports only route-based IPSEC VPNs.
- You cannot connect to subnets which overlap with Digibee’s internal subnet.
- Digibee SaaS subnet (Brazil) - 10.0.0.0/14 (10.0.0.1 - 10.3.255.254)
- Digibee Saas subnet (USA) - 172.19.0.0/16 (172.19.0.1 - 172.19.255.254) and 172.12.0.0/16 (172.12.0.1 - 172.12.255.254)
- You cannot use the same VPN instance for two or more realms.
- The peer used to connect to Phase 1 must be
/32.