This topic describes how to use Smart Access Gateway (SAG) to connect a store in an area outside mainland China to Alibaba Cloud. In this example, a local store needs to access resources on Alibaba Cloud.

Prerequisites

  • A Virtual Private Cloud (VPC) network is created in the Singapore region. For more information, see Create a VPC.
  • A Cloud Enterprise Network (CEN) instance is created and associated with the VPC network. For more information, see Create a CEN instance.

Background information

In this example, the private network of a store in Singapore is connected to Alibaba Cloud through SAG.

Framework

The resources required in the configuration are listed in the following table.

Resource Specification Quantity
SAG devices SAG-100WM 1
SAG bandwidth Deployed in the Singapore region 50M
CEN instances Default edition 1
Cloud Connect Network (CCN) instances Deployed in the Singapore region 1
VPC networks Deployed in the Singapore region 1
Elastic Compute Service (ECS) instances Deployed in the Singapore region 2

Procedure

The following flowchart shows the deployment procedure.Process

Step 1: Purchase an SAG device

If your area is in an area outside mainland China, we recommend that you purchase SAG devices from a third-party vendor. The sales information is listed in the following table. SAG-100WM is used in this example.

Note The price of an SAG device depends on the information listed on the buy page. If your SAG device is purchased from a third-party vendor, after-sales service is provided by this vendor.
Device type Sales area Shipping rate Checkout link
SAG-100WM China (Hong Kong) and Singapore Shipping fee required For more information, see SAG-100WM.
SAG-1000 China (Hong Kong), Singapore, Malaysia, Philippines, Indonesia, Thailand, Germany, UK, Japan, US, and Greece Shipping fee required For more information, see SAG-1000.

Step 2: Purchase bandwidth for the SAG device

After you purchase an SAG device, you can purchase bandwidth for the SAG device in the SAG console. After you purchase the bandwidth, Alibaba Cloud creates an SAG instance to facilitate device management.

To purchase the bandwidth, take the following steps:

  1. Log on to the SAG console.
  2. In the left-side navigation pane, click Smart Access Gateway.
  3. On the Smart Access Gateway page, click Create SAG Instance.
  4. Set the following parameters and click Buy Now.
    • Area: Select the area where the SAG device is deployed to connect workloads to Alibaba Cloud. Asia Pacific SE 1 (Singapore) is selected in this example.
      Note Areas (outside mainland China) where workloads can be connected to Alibaba Cloud through SAG devices include China (Hong Kong), Singapore, Malaysia (Kuala Lumpur), and Indonesia (Jakarta). If your area is not included in the preceding areas, we recommend that you select the nearest area. For example, if you purchase an SAG device in Thailand, you can select China (Hong Kong) to connect your workloads to Alibaba Cloud.
    • Device Spec: Select the type of the SAG device. SAG-100WM is selected in this example.
    • Have SAG Devices Already: Yes is selected in this example. The value cannot be modified after it is specified.
    • Quantity: You do not need to set this parameter. The default value is used in this example.
    • Area: Select the area where the SAG bandwidth will be used. The area must be the same as that of the SAG device and cannot be modified.
    • Instance Name: Specify a name for the SAG instance. test123 is used in this example.

      The name must be 2 to 128 characters in length and can contain digits, periods (.), hyphens (-), and underscores (_). It must start with a letter or Chinese character.

    • Peak Bandwidth: Select the maximum bandwidth for network connections. The default value is used in this example.
    • Subscription Duration: Select the duration of the subscription. The default value is used in this example.
    Common Buy
  5. Confirm the order information and click Confirm Purchase.
  6. In the Shipping Address dialog box that appears, enter the recipient address and then click Buy Now.
    Note You must provide the address of the recipient before you can settle the payment. The console does not record this information.
  7. On the Pay page that appears, click Pay.
    You can check whether the order has been placed on the Smart Access Gateway page.
    Order placed

Step 3: Connect the SAG device to your private network

After you purchase an SAG device, you must configure the device and connect it to your private network.

  1. Connect the SAG device to your private network.
    1. After you receive the SAG device, check whether you have received all the accessories in the purchase order.
    2. After you start the SAG device, connect the wide area network (WAN) port to the modem and connect the local area network (LAN) port to the local client.
    3. In this example, the local client in the Singapore region is directly connected to the SAG device and the default gateway configurations are used. For more information about configuring the WAN and LAN ports, see Web configurations for an SAG-100WM device.
  2. Activate the SAG device and associate it with the SAG instance.
    1. Log on to the SAG console.
    2. In the left-side navigation pane, click Smart Access Gateway.
    3. In the upper-left corner, select Singapore.
    4. On the Smart Access Gateway page, click Activate in the Actions column.
    5. Click the ID of the target instance. On the instance details page that appears, click the Device Management tab and enter the serial number of the SAG device.
      Add device
    6. Click Add Device.
  3. Configure routes.
    1. In the left-side navigation pane, click Smart Access Gateway.
    2. On the Smart Access Gateway page, find the target SAG instance and click Network Configuration in the Actions column.
    3. In the left-side navigation tree, click Method to Synchronize with On-premises Routes.
    4. Select Static Routing and click Add Static Route.
      192.168.10.0/24 is used in this example. In this example, the private network uses the default gateway configurations. Therefore, the IP addresses of local devices are allocated from 192.168.10.0/24.
    5. Click OK.

Step 4: Set up network connections

Take the following steps to establish connections between the private network and cloud resources deployed in the VPC network.

  1. Associate the SAG instance with a CCN instance.
    1. Log on to the SAG console.
    2. In the left-side navigation pane, click CCN.
    3. In the upper-left corner, select Singapore.
    4. On the CCN page, click Create CCN Instance.
    5. In the Create CCN Instance pane that appears, specify a name for the CCN instance and click OK.
      The name must be 2 to 100 characters in length and can contain letters, Chinese characters, digits, underscores (_), and hyphens (-). The name must start with a letter or Chinese character. test123 is used in this example.
      Note If you have already created a CCN instance in the target area, skip the preceding steps and associate it with the SAG and CEN instances.
    6. In the left-side navigation pane, click Smart Access Gateway.
    7. On the Smart Access Gateway page, find the target SAG instance and click Network Configuration in the Actions column.
    8. In the left-side navigation tree, click Network Instance Details.
    9. Click Attach Network, select the target CCN instance, and then click OK.
      Attach Network
  2. Associate the CCN instance with a CEN instance.
    1. In the left-side navigation pane, click CCN.
    2. Find the target CCN instance and click Bind CEN Instance in the Actions column.
    3. In the Bind CEN Instance pane that appears, select the target CEN instance and click OK. After the CCN instance is associated with the CEN instance, SAG devices in the CCN can communicate with VPC networks associated with the CEN.
      Bind CEN Intance
  3. Configure a security group.
    1. Log on to the ECS console.
    2. In the left-side navigation pane, click Instances.
    3. In the upper-left corner, select the target resource group and the Singapore region.
    4. Find the ECS instance deployed in the target VPC network and choose More > Network and Security Group > Configure Security Group.
      ECS Instance
    5. Click Add Rules and then click Add Security Group Rule.
    6. Create a security group rule that allows access from the private network to the VPC network.
      The following figure shows how to configure a security group rule. Set Authorization Object to the private CIDR block of the private network. 192.168.10.0/24 is used in this example. For more information, see Add security group rules.Add Security

Step 5: Test the connectivity

After you complete the configurations in the preceding steps, access cloud resources deployed in the VPC network from a client in your private network to test the connectivity.