Smart Access Gateway (SAG) vCPE provides an image that can be deployed on your host. After you deploy the SAG vCPE image on your host, the host serves as a virtual customer-premise equipment (CPE) device. SAG vCPE allows you to connect private networks to Alibaba Cloud in a more flexible way.

Scenarios

You can deploy the SAG vCPE image in various types of networks. This allows you to connect private networks to Alibaba Cloud in a more flexible way.

You can deploy the SAG vCPE image in hosts of the following network types:
  • You can deploy the SAG vCPE image on an on-premises server. This enables you to connect on-premises networks to Alibaba Cloud.
  • You can also deploy the SAG vCPE image on an instance provided by a cloud service provider. This allows you to enable multi-cloud communication. For example, you can deploy the SAG vCPE image on an Alibaba Cloud Elastic Compute Service (ECS) instance, an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance, a Microsoft Azure virtual machine (VM), or a Google Cloud VM.
Use scenarios - Alibaba Cloud International Site

Prerequisites

Before you deploy the SAG vCPE image on a host, make sure that the host meets the following requirements:
  • You can install operating systems of the following types on the host:
    • 64-bit CentOS 7.6 or later.
    • 64-bit Ubuntu 18.04 or later.

    We recommend that you install the 64-bit CentOS 7.6 operating system.

  • Make sure that the host has the 3.10.0-957.21.3.el7.x86_64 kernel or a later kernel installed.
  • The host has an independent network interface controller (NIC) that allows the instance to connect to the Internet.
  • The host supports remote logons.
  • No service system is deployed on the host.
  • If the host is a cloud instance or an Edge Node Service (ENS) instance, the number of vCPU cores must be one or more and the memory must be 2 GB or more. The following table describes the performance of different specifications.
    Specification Performance
    1 Core - 2 GB The bandwidth of the private network for encrypted connections can reach 200 Mbit/s and higher (the packet length in the performance test is 1024 bytes).
    2 Core - 4 GB (recommended) The encrypted private bandwidth can reach 350 Mbit/s and higher (the packet length in the performance test is 1024 bytes).

Procedure

Deployment procedure -202107
  1. Create an SAG vCPE instance.

    After you create an SAG vCPE instance in the SAG console, one SAG vCPE instance can be associated with two SAG vCPE devices by default. The system assigns a serial number and a key to each SAG vCPE device. A serial number and a key are used to associate an SAG vCPE instance with an SAG vCPE device.

  2. Deploy the SAG vCPE image.

    After you deploy the SAG vCPE image on the host, the host can serve as an SAG vCPE device. You must register the serial number and key of the SAG vCPE device to the host. The serial number and key are used to associate the SAG vCPE device with an SAG vCPE instance. Alibaba Cloud checks the validity of the serial number and key for an SAG vCPE device. If the serial number and key are invalid, the SAG vCPE device cannot be connected to Alibaba Cloud. This ensures network security.

  3. Configure networks on the Alibaba Cloud side.

    After you deploy the SAG vCPE image, you must advertise routes to Alibaba Cloud and associate the SAG vCPE instance with a Cloud Connect Network (CCN) instance. Then, you can connect the SAG vCPE device to Alibaba Cloud.

  4. Configure networks on the user side.

    You must configure routes for your local networks to route traffic from local networks to the SAG vCPE device, and then to Alibaba Cloud.

  5. Test the connectivity.

Basic scenarios

Connect AWS resources to Alibaba Cloud resources through SAG vCPE