How to Use the Smart Access Gateway (SAG) App to Secure Access Your Cross-border Cloud Resources

In this tutorial, we'll show you how to use the SAG app with CEN to ensure secure access for your cross-border cloud resources (step-by-step with pictures.

By Victor Mak, Alibaba Cloud Solution Architect

This article describes how to use the SAG app to secure access your cross-border cloud resources, step-by-step.

Background Information

As the coronavirus outbreak forces unprecedented changes in work culture across the world. Most people are working from home during the pandemic. Some of them stayed in China and want to access oversea cloud resources. Alibaba Cloud Smart Access Gateway (SAG) and Cloud Enterprise Network (CEN) provide a one-stop solution to secure, accelerate, and connect your mobile phone/PC to cross border cloud resources.

Prerequisites

Before you begin, make sure:

You have Alibaba Cloud Account. If not, sign up with Alibaba Cloud, add a payment method.
You have VPC created in the Hong Kong region. If not, create a VPC first.
You have created a Linux based ECS server in the Hong Kong region with SSH enabled. We will use the ECS instances below with the internal IP 192.168.0.249 as an example.

Procedure Overview

Here's an overview of the entire process. We'll be describing each step in detail, please follow these steps in the corresponding order to avoid any complications.

Subscribe and configure the CEN for Hong Kong VPC
Subscribe and configure the Smart Access Gateway app in Mainland China
Configure SAG CCN in CEN
Download and install the Smart Access Gateway app client
Check the results

Step 1: Subscribe and configure CEN for Hong Kong and Shen Zhen VPCs

1. Log on to the CEN console

2. On the Instances page, click Create CEN Instance

3. Fill in the required information, select the Hong Kong VPC you created, then click OK:

4. Your results should be the same as the picture below:

5. You need to purchase cross-region connection bandwidth in to establish a connection between different regions. Click Buy Bandwidth Package (Subscription) in the Bandwidth Packages tab:

6. Select the CEN instance that you want to purchase, a bandwidth package, and the areas to be interconnected. In this example, select Asia Pacific and Mainland China with 2 Mbps bandwidth, then click Buy Now:

7. Bind the Bandwidth Package to the CEN instance, then click OK:

8. You will see the same results as the picture below. The bandwidth is already associated with the CEN instance:

Step 2: Subscribe and configure Smart Access Gateway App in Mainland China

1. Log on to the Smart Access Gateway console

2. Select the Mainland China region and go to the Smart Access Gateway app, and click Create SAG app:

3. Select the Mainland China Region and the Number of Client Accounts you want to create. In this example, the default value was 10:

4. Before the client can use the Smart Access Gateway App, you need to create a client account. Alibaba Cloud will send the login information to the email address you fill in:

Step 3: Configure SAG CCN in CEN

1. Before the Smart Access Gateway app can bind to the CEN instance, you need to create a CCN instance under the Smart Access Gateway console, input the CCN instance name, and click OK:

2. Once you have created the CCN instance, you need to connect the CCN instance with the Smart Access Gateway app. Click Network Configuration.

3. Select the CCN instance and configure the private CIDR Block. In this example, we used 10.10.100.0/24:

4. Once you have created the CCN instance, you can bind that CCN instance to the CEN instance:

5. Go to the CEN console, find Region Connections, then click Set Region Connection:

6. Configure the Connected Regions and bandwidth. In this example, we used China (Hong Kong) and Mainland China CCN with 2 Mbps bandwidth. After it's selected, click OK:

Step 4: Download and Install the Smart Access Gateway App Client

You can go to the Alibaba Cloud Document Center to download the latest SAG app client. Currently, we support Windows, MacOS, Android, and iOS operating systems.
Once you have successfully downloaded and installed the app, you should be able to launch the SAG app Client. In this example, we used the MacOS client.