• Administrator overview
• Managing users and permissions
  • User roles and access permissions
  • Creating users
  • Editing users
  • Unlocking a user account
  • Resending a user activation link
  • Deleting or deactivating users
  • Using groups
  • Managing departments
  • Managing passwords and password policies
  • Setting account-wide access policies
  • Changing a resource owner
  • Using Single Sign-On (SSO)
    • Using Single Sign-on (SSO) with Azure Active Directory (AAD)
    • Configuring an ADFS claim rule for SSO
• Managing account-wide settings
  • Adding container registries
• Managing public IP addresses
• Managing WANs
  • Overview: VPNs
    • Creating a VPN
      • VPN configuration parameters
        • AWS VPC: VPN configuration example
        • Azure VPN: VPN configuration example
        • Cisco ASA: VPN configuration example
        • Cisco IOS: VPN configuration example
        • Juniper SRX: VPN configuration example
        • pfSense: VPN configuration example
        • strongSwan: VPN configuration example
  • Overview: Skytap on Azure ExpressRoute connections
    • Creating a Skytap on Azure ExpressRoute connection
    • Creating a customer-managed Skytap on Azure ExpressRoute connection
  • Testing the WAN
    • Troubleshooting VPN test failures
  • Connecting an environment network to a WAN
  • Configuring WAN access controls
  • Editing an existing WAN connection
  • Disable a WAN
• Managing Metered RAM and storage usage
  • How usage is calculated
  • Viewing current usage and enabling pay-as-you-go capacity
  • Reserved capacity for Skytap on Azure
  • Reserved capacity for Skytap on IBM Cloud
  • Setting usage limits
  • Setting up notifications
  • VM pinning
• Reporting overview
  • Viewing and exporting user information
  • Viewing and exporting group information
  • Generating department reports
  • Generating audit reports
    • Configuring the webhook service for audit data
  • Viewing usage data
    • Using labels for in-depth reporting
    • Creating usage label categories
    • Configuring the webhook service for usage data
  • Enabling other users to generate reports
• Security best practices
• Other best practices
• Sharing templates with users in other Skytap accounts
• Finding the source environment from a sharing portal URL
• Including your logo in the Skytap interface

Configuring access to a WAN

Administrators can use an access control list to control which groups, departments, and users can attach and connect environments to a WAN (VPN or Skytap on Azure ExpressRoute connection).

By default, every new WAN is created without access restrictions, which allows any account user to attach, connect, detach, or disconnect an environment to that WAN.

Instructions

To configure access to the WAN

1. From the navigation bar, click Manage > WANs.

   

   The WANs page displays.

   

2. Click the name of the WAN you want to configure.

3. Click the Access controls tab.

   

4. Click the switch in the Access Control List section to select from two access options. The text next to the switch indicates the current state of the VPN.

   • Everyone - All users in the account can use this WAN. This includes permission to:

     • Attach and connect environments to this WAN
     • Detach and disconnect environments from this WAN

     

   • Customized access - Only administrators and the users in the Customized Access (Enabled) list below can attach, detach, connect, or disconnect environments to or from this WAN.

     

5. If Customized access is enabled:

   1. Click (+) next to Groups, Departments, or Users to specify who can access the WAN.

      

      The Allow access to WAN screen displays and shows all of the groups, departments, and users in your account.

      

6. Click (Allow) next to the groups, departments, and users who should have access to the WAN.

   If no groups, departments, or users are selected, only administrators can use the WAN.

7. Click Done.

Removing access for a select user, group, or department

To remove a group, department, or user from an access list

• Click next to the groups, departments, and users who should not have access to the WAN.