Configure PrivateZone - Cloud Enterprise Network - Alibaba Cloud Documentation Center

Alibaba Cloud DNS PrivateZone (PrivateZone) is an Alibaba Cloud private domain name resolution and management service based on Virtual Private Cloud (VPC). After you connect a virtual border router (VBR) or a Cloud Connect Network (CCN) instance to a transit router, the on-premises network associated with the VBR or CCN instance can access PrivateZone by using the transit router.

Limits

The on-premises networks connected to VBRs or CCN instances must be deployed in the same region as the PrivateZone service.

For example, if the PrivateZone service is deployed in the China (Beijing) region, only on-premises networks connected to VBRs or CCN instances in the China (Beijing) region can access the PrivateZone service.

Prerequisites

PrivateZone is deployed. For more information, see Subscribe Service.
The VPC associated with PrivateZone and the VBR or CCN instance associated with the on-premises network are connected to the same transit router. For more information, see Create a VPC connection, Create a VBR connection, and Associate a CCN instance with a transit router.
If your on-premises network uses a CCN instance to connect to Alibaba Cloud, and the CCN instance and the VPC or transit router belong to different accounts, you must grant the required permissions to the CCN instance. For more information, see Authorize CCN instances to use the PrivateZone service.

Configure access to PrivateZone

Log on to CEN console.
On the Instances page, find the CEN instance that you want to manage and click its ID.
On the Basic Settings > Transit Router tab, click the ID of the transit router in the region where the VPC that is associated with PrivateZone is deployed.
If this is the first time that you configure PrivateZone, click the Private Zone tab on the transit router details page, and then click Authorization. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy.
After you grant permissions to the Smart Access Gateway (SAG) service associated with the on-premises network, the CCN instance that belongs to the SAG service can access the PrivateZone service.
Return to the Private Zone tab and click Configure PrivateZone. In the Configure PrivateZone dialog box, set the following parameters and click OK.
- Host Region: Select the region where PrivateZone is deployed.
- Host VPC: Select the VPC associated with PrivateZone.
- Access Region: Select the region where the VBR or CCN instance that needs to access PrivateZone is deployed.

Delete a PrivateZone configuration

Log on to CEN console.
On the Instances page, find the CEN instance that you want to manage and click its ID.
On the Basic Settings > Transit Router tab, click the ID of the transit router in the region where PrivateZone is deployed.
On the transit router details page, click the Private Zone tab, find the configuration that you want to delete, and then click Delete in the Actions column.
In the Delete PrivateZone message, click OK.