Stacks can be used to run intranets, and can support websites requiring secure access into other networks. For example to integrate into back-office systems holding important data. Agencies may use Virtual Private Networking (VPN) to provide a high level of security to enable these scenarios. In technical terms, the VPN End Point:
- Provides configuration to place the Environments of a stack in a secure network container (VLAN), creating additional isolation from other stacks on Silverstripe Cloud.
- Creates a VPN End Point in the form of an opening in the Silverstripe Cloud firewall and provides services enabling communication to another End Point using a standard VPN protocol (IPSec).
- Provides network engineer time to work with the Participating Agency to determine correct network configuration and establish the VPN connection, including whether web traffic on the stack is accessible exclusively through the VPN (creating an Intranet) or accessible publicly but with certain network routes configured to utilise the VPN (creating a website with API access into a remote network).
- For clarity, does not provide underlying network connectivity between the two End Points, or any hardware or software to the agency. Agencies will still need to pay for and use the public internet or a dedicated pipe to connect between the End Points, and will need an IPSec compatible device to establish a VPN with the Cloud End Point
A VPN End Point is provided for a set upfront and ongoing monthly fee. Note that where a stack uses Active DR, a second End Point is provided for redundancy over two data centres, and will cost double.