Community Blog How to Use the Smart Access Gateway (SAG) App to Secure Access Your Cross-border Cloud Resources

How to Use the Smart Access Gateway (SAG) App to Secure Access Your Cross-border Cloud Resources

In this tutorial, we'll show you how to use the SAG app with CEN to ensure secure access for your cross-border cloud resources (step-by-step with pictures.

By Victor Mak, Alibaba Cloud Solution Architect

This article describes how to use the SAG app to secure access your cross-border cloud resources, step-by-step.

Background Information

As the coronavirus outbreak forces unprecedented changes in work culture across the world. Most people are working from home during the pandemic. Some of them stayed in China and want to access oversea cloud resources. Alibaba Cloud Smart Access Gateway (SAG) and Cloud Enterprise Network (CEN) provide a one-stop solution to secure, accelerate, and connect your mobile phone/PC to cross border cloud resources.


Before you begin, make sure:


Procedure Overview

Here's an overview of the entire process. We'll be describing each step in detail, please follow these steps in the corresponding order to avoid any complications.

  1. Subscribe and configure the CEN for Hong Kong VPC
  2. Subscribe and configure the Smart Access Gateway app in Mainland China
  3. Configure SAG CCN in CEN
  4. Download and install the Smart Access Gateway app client
  5. Check the results

Step 1: Subscribe and configure CEN for Hong Kong and Shen Zhen VPCs

1. Log on to the CEN console

2. On the Instances page, click Create CEN Instance


3. Fill in the required information, select the Hong Kong VPC you created, then click OK:


4. Your results should be the same as the picture below:


5. You need to purchase cross-region connection bandwidth in to establish a connection between different regions. Click Buy Bandwidth Package (Subscription) in the Bandwidth Packages tab:


6. Select the CEN instance that you want to purchase, a bandwidth package, and the areas to be interconnected. In this example, select Asia Pacific and Mainland China with 2 Mbps bandwidth, then click Buy Now:


7. Bind the Bandwidth Package to the CEN instance, then click OK:


8. You will see the same results as the picture below. The bandwidth is already associated with the CEN instance:


Step 2: Subscribe and configure Smart Access Gateway App in Mainland China

1. Log on to the Smart Access Gateway console

2. Select the Mainland China region and go to the Smart Access Gateway app, and click Create SAG app:


3. Select the Mainland China Region and the Number of Client Accounts you want to create. In this example, the default value was 10:


4. Before the client can use the Smart Access Gateway App, you need to create a client account. Alibaba Cloud will send the login information to the email address you fill in:



Step 3: Configure SAG CCN in CEN

1. Before the Smart Access Gateway app can bind to the CEN instance, you need to create a CCN instance under the Smart Access Gateway console, input the CCN instance name, and click OK:


2. Once you have created the CCN instance, you need to connect the CCN instance with the Smart Access Gateway app. Click Network Configuration.


3. Select the CCN instance and configure the private CIDR Block. In this example, we used


4. Once you have created the CCN instance, you can bind that CCN instance to the CEN instance:



5. Go to the CEN console, find Region Connections, then click Set Region Connection:


6. Configure the Connected Regions and bandwidth. In this example, we used China (Hong Kong) and Mainland China CCN with 2 Mbps bandwidth. After it's selected, click OK:


Step 4: Download and Install the Smart Access Gateway App Client

  1. You can go to the Alibaba Cloud Document Center to download the latest SAG app client. Currently, we support Windows, MacOS, Android, and iOS operating systems.
  2. Once you have successfully downloaded and installed the app, you should be able to launch the SAG app Client. In this example, we used the MacOS client.


Step 5: Check the Results

1. Fill in your login details in the SAG app client. The information can be found in the email Alibaba sent to you before.


2. Once you successfully log in the first time, you will need to click Agree to accept the terms and conditions.


3. You can click Connect and start the VPN connection.



4. You are now able to connect SSH to the ECS server using the internal IP address


The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.

0 1 0
Share on

Alibaba Clouder

2,605 posts | 747 followers

You may also like