We're here to help, 24x7

Virtual Server (Dedicated) Gen2: network and security

by Community Manager 4 weeks ago

ABOUT NETWORK AND SECURITY ADD-ONS

CONNECTING TO YOUR VIRTUAL SERVERS

Virtual servers can be connected to the internet and/or a private cloud network. You can connect one or more IP subnets to your private cloud network.

There are two options for connecting to virtual servers through a permanent, private network - the Telstra IP network service or an IPsec VPN network tunnel. There are two options for connecting to the Telstra IP network service:

    1. Cloud Gateway – for virtual data centres in Melbourne and Sydney
    2. Through the Cloud Services management console – virtual data centres in Perth

A Telstra IP network service connection can reach all your IP subnets in your private cloud network.

IPsec VPN network tunnels connect only to the IP subnets you specify.

Return to top

 

REMOTE ACCESS TO VIRTUAL SERVERS

You can remotely access and manage virtual servers through SSL VPN technology – a secure client-to-site network tunnel used to remotely access your cloud solution from the internet. You access it over HTTPS, using a web browser. Once authenticated, you have direct access to virtual servers. All the network traffic will be transmitted securely.

Once you've established a VPN connection, you'll be able to use tools such as Remote Desktop Services or Secure Shell to manage your virtual server – just as if you were sitting in front of it.

Return to top

 

IPSEC VPN

To be reachable by IPsec VPN, a virtual server needs to be connected to a private cloud network.

Connect up to three IPsec VPN network tunnels at one time. Add and remove tunnels any time.

Specify one or more source subnets at a single office site and multiple destination subnets in your private cloud network – all within a single network tunnel. Use firewall rules to restrict access to selected virtual servers.

You choose the encryption and authentication protocols that secure your IPsec VPN connection, from the options below.

IPsec VPN security phase

Algorithm options

Phase 1
Lifetime: 86,400 seconds (24 hours)

AES/SHA/DH2
AES/SHA/DH5
AES-256/SHA/DH2
AES-256/SHA/DH5
AES/MD5/DH2
3DES/SHA/DH2
3DES/MD5/DH2

Phase 2
Lifetime: between 3,600 and 43,200 seconds (regardless of whether or not PFS is selected)

AES/SHA
AES-256/SHA
AES/MD5
3DES/SHA
3DES/MD5

Phase 2 Perfect forwarding secrecy (PFS)

Not required
DH2 (1024 bits)
DH5 (1536 bits)

Return to top

 

SMTP MAIL RELAY

All outbound email traffic originating from mail servers operating within the cloud must be sent through our SMTP mail relay service. SMTP mail relay is charged based on the number of email messages sent.

Configure your application using our SMTP mail relay details (which we send to you when your cloud solution is up and running). You're automatically charged for any emails sent through our servers.

Return to top

 

EXTRA SERVICES

FIREWALLS

Firewalls are provided for both your public and private networks to increase the security and privacy of your virtual servers.

Both private networks and public networks are created with default firewall rules – all network traffic is allowed by default on the private network, and all traffic is blocked by default on the public network. These rules can by updated via the Cloud Services management console.

Return to top

 

LOAD BALANCER SERVICES

Want to optimise your virtual server and network performance? Request load balancers for your private and public networks and control traffic between multiple virtual servers.

For more complex network configurations, you have the flexibility to customise the load balancer algorithm to divert particular traffic to different directions. The load balancer health check redirects traffic to other load-balanced servers if one of your virtual servers is not responding.

If your load balancer is facing the internet, we allocate a public IP address. If it's located in your private network, you assign your own private IP address.

SSL offloading can be provided to improve the performance of your service by designating a separate device to process the encryption of sensitive data.

Return to top

 

STATIC ROUTES

Static Routes allow you to choose a pre-determined path for your information to reach a specific host or network. Setup a Static Route to direct traffic to an alternative IP address on a server, or direct whole subnets to a virtual device or appliance. Static Routes are configured in your logical routing instance on the appropriate network.

Static Routes are available on both your public and private networks.

Private Static Routes can be used in conjunction with Layer 2 Private Networks to direct IP addresses or IP subnets to a previously configured address on your private IP subnets. Static Routes can be configured to be advertised to the Cloud Gateway network/Telstra Next IP network from the management console

Return to top