This topic describes how to configure PrivateZone access. PrivateZone is a VPC-based resolution and management service for private domain names. After you set a PrivateZone access, the Cloud Connect Network (CCN) and Virtual Border Router (VBR) attached to a CEN instance can access the PrivateZone service through CEN.


Make sure that the host region and access region have networks (VPC, VBR, and CCN) attached to the CEN instance.

Background information

The PrivateZone supports VBR or CCN that are in the same region as the host region. To access the PrivateZone service, a VPC that is attached to a CEN instance must configure the private network resolution service on the PrivateZone. For more information, see Bind VPC.


  1. Log on to the CEN console.
  2. Click the ID of the target CEN instance.
  3. Click the PrivateZone tab, and then click Authorization.
    Note You only need to grant permissions to Smart Access Gateway when you configure PrivateZone access for the first time.
  4. In the Cloud Resource Access Authorization dialogue box, click Confirm Authorization Policy to allow local branches associated with a CCN (a component of Smart Access Gateway) in the CEN instance to access PrivateZone.
  5. Click Set Private Zone and then in the Set Private Zone dialog box, set the following parameters.
    1. Host Region: Select the region to which the VPC configured with the PrivateZone service belongs.
    2. Host VPC: Select the VPC configured with the PrivateZone service.

      The PrivateZone service can be selected only by selecting the VPC in the host region.

    3. Access region: Select the region where the access is initiated.
      • The access region can be the host region or a CCN. The target VBR and CCN network instances in the selected access region must be attached to the CEN instance.
      • If you select a CCN whose account is different from that of the VPC or CEN, you must authorize the CCN. For more information, see Grant permissions to CCN.
    4. Click OK.