This topic describes how to configure a Smart Access Gateway (SAG) instance and establish secure and fast connections to Alibaba Cloud.

Background information

The scenario in the following figure is used as an example. A company has deployed application services on Alibaba Cloud. The employees access resource on Alibaba Cloud from the private network of the company. As the company develops, employees that work off-site need to remotely access resources on Alibaba Cloud. To meet such requirements, the company chooses to use SAG APP to enable the employees to quickly and securely connect to the private network. This solution allows the employees to remotely access resources on Alibaba Cloud at any time.

Scenario

Configuration procedure

Configuration procedure

Step 1: Purchase an SAG APP instance

You must purchase an SAG APP instance before you can use features of SAG APP. After you purchase an SAG APP instance, you can use it to manage networks and client accounts.

  1. Log on to the SAG console.
  2. In the left-side navigation pane, click Smart Access Gateway APP.
  3. On the Smart Access Gateway APP page, click Create SAG APP and set the following parameters.
    Purchase an SAG APP instance
    • Region: Select the area where SAG APP is used. Mainland China is selected in this example.
    • Number of Client Accounts: Specify the number of client accounts that can be added to the SAG APP instance. Typically, you need to create an account for each user that needs to log on to the SAG app. The default value 10 is used in this example.
      Note An SAG APP instance supports 5 to 1,000 clients. Pricing is tiered and based on the number of client accounts. For more information, see Billing and pricing of SAG APP.
    • Data Plan Per Account: The amount of free data usage allocated to each account per month. The data transfer plan cannot be shared among different accounts. The data transfer plan remains effective only within the month. By default, a plan offers 5 GB of data usage.
    • Billing Method When Data Plan is Exhausted: If the actual data usage of an account exceeds the data transfer plan, the amount that exceeds the data transfer plan is charged based on the pay-as-you-go billing method.
    • Subscription Duration: The subscription duration of the data transfer plan for each account. SAG APP supports monthly subscriptions and auto renewal. One month is selected in this example.
  4. Click Buy Now to confirm the order and complete the payment.

Step 2: Set up network connections

After you purchase an SAG APP instance, you must set up network connections. In this step, you must specify the CIDR blocks of clients and associate the SAG APP instance with a Cloud Connect Network (CCN) instance.

CCN is an important component of SAG. After an SAG APP instance is associated with a CCN instance, all clients associated with the SAG APP instance can communicate with gateway devices associated with the CCN instance. For more information, see Introduction to CCN.

  1. On the Smart Access Gateway APP page, find the target instance and click Quick Configuration in the Actions column.
  2. In the Quick Configuration wizard, set the required parameters.
    Network Configuration
    • CCN Instance ID/Name: You can select one of the following options to associate the SAG APP instance with a CCN instance. Create CCN is selected in this example.
      • Existing CCN: If you have already created CCN instances, you can select an existing CCN instance from the drop-down list.
      • Create CCN: If you have not created a CCN instance, enter an instance name. The system then creates a CCN instance and automatically associates it with the SAG APP instance.

        The name must be 2 to 100 characters in length, and can contain digits, underscores (_), and hyphens (-). The name must start with a letter or a Chinese character.

    • Standby and Active DNS: optional. The active and standby DNS servers that the clients use to connect to the private network through SAG APP. After you configure the DNS servers in the SAG console, the system automatically synchronizes the DNS settings to the clients. Ignore this parameter in this example.
      Note
      • If the clients use PrivateZone to connect to Alibaba Cloud, set the DNS server addresses to 100.100.2.136 and 100.100.2.138. For more information about PrivateZone, see What is PrivateZone?
      • Android and macOS operating systems require 2.1.1 or later versions of the SAG app for receiving DNS settings. For more information about how to install the SAG app, see Install SAG APP.
    • Private CIDR Block: Specify the private CIDR blocks that the clients use to connect to Alibaba Cloud. When a client connects to Alibaba Cloud, an IP address within the specified CIDR block is assigned to the client. Make sure that the private CIDR blocks do not overlap with each other. 192.168.10.0/24 is used in this example.

      You can click Add Private CIDR Block to add more private CIDR blocks. You can add a maximum of five private CIDR blocks.

Step 3: Configure a CEN instance (optional)

You can associate the CCN instance with a Cloud Enterprise Network (CEN) instance to enable communication between networks attached to the CCN instance and resources associated with the CEN instance. For more information, see What is Cloud Enterprise Network.

  1. Click Associate with a CEN (Optional) to associate the CCN instance with a CEN instance.
    This step is optional. If you do not need to associate the CCN instance with a CEN instance, click Skip.
  2. You can select one of the following options to associate the CCN instance with a CEN instance to enable communication between the clients and cloud resources. Existing CEN is selected in this example.
    Associate with a CEN instance
    • Existing CEN: If you have already created CEN instances, you can select an existing CEN instance from the drop-down list.
    • Create CEN: If you have not created a CEN instance, enter an instance name. The system then creates a CEN instance and automatically associates it with the CCN instance.

      The name must be 2 to 100 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter or a Chinese character.

Step 4: Create a client account

After you set up network connections, you must create client accounts to allow users to log on to the SAG app and access the private network.

  1. Click Next: Create a client account to create a client account.
    Create a client account
    • Username: optional. The username must be 7 to 33 characters in length, and can contain underscores (_), at signs (@), periods (.), and hyphens (-). It must start with a digit or a letter.
      Note
      • The usernames of client accounts added to the same SAG APP instance must be unique.
      • When you create a client account, if you specify only the email address, the system automatically generates a username and password. The specified email address is used as the username.
    • Email Address: required. The email address of the user. The username and password are sent to the specified email address.

      The email address must be 2 to 64 characters in length, and can contain letters, digits, underscores (_), periods (.), and hyphens (-). It must contain an at sign (@).

    • Static IP:
      • If you enable this feature, you must configure the IP address of the client. The current client account uses the specified IP address to connect to Alibaba Cloud.
        Note The specified IP address must fall into the CIDR block of the private network.
      • If you disable this feature, an IP address within the CIDR block of the private network is assigned to the client. Each connection to Alibaba Cloud uses a different IP address.
    • Set Maximum Bandwidth: Specify the maximum bandwidth for the current client account. The default value is used in this example.

      You can set the maximum bandwidth to 1 to 2,000 Kbit/s. The maximum bandwidth is set to 2,000 Kbit/s by default.

    • Set Password: optional. The password used to log on to the SAG app.

      The password must be 8 to 32 characters in length, and can contain underscores (_) and hyphens (-). It must start with a letter or digit.

  2. Click OK.

Step 5: Connect the client to Alibaba Cloud

After you create the client account, you must download and install the SAG app on your mobile terminal. The SAG app allows terminals to access resources on Alibaba Cloud through private networks.

  1. After you create a client account, click Download Now to go to the page that provides instructions on how to download and install the SAG app. For more information, see Install SAG APP.
  2. After you download and install the SAG app on your terminal, you can log on to the SAG app with your username and password, and then connect to the private network. This allows you to access resources on Alibaba Cloud. For more information, see Connect to Alibaba Cloud.