• Administrator overview
• Managing users and permissions
  • User roles and access permissions
  • Creating users
  • Editing users
  • Unlocking a user account
  • Resending a user activation link
  • Deleting or deactivating users
  • Using groups
  • Managing departments
  • Managing passwords and password policies
  • Setting account-wide access policies
  • Changing a resource owner
  • Using Single Sign-On (SSO)
    • Using Single Sign-on (SSO) with Azure Active Directory (AAD)
    • Configuring an ADFS claim rule for SSO
• Managing account-wide settings
  • Adding container registries
• Managing public IP addresses
• Managing WANs
  • Overview: VPNs
    • Creating a VPN
      • VPN configuration parameters
        • AWS VPC: VPN configuration example
        • Azure VPN: VPN configuration example
        • Cisco ASA: VPN configuration example
        • Cisco IOS: VPN configuration example
        • Juniper SRX: VPN configuration example
        • pfSense: VPN configuration example
        • strongSwan: VPN configuration example
  • Overview: Kyndryl Cloud Uplift on Azure ExpressRoute connections
    • Creating a Kyndryl Cloud Uplift on Azure ExpressRoute connection
    • Creating a customer-managed Kyndryl Cloud Uplift on Azure ExpressRoute connection
  • Testing the WAN
    • Troubleshooting VPN test failures
  • Connecting an environment network to a WAN
  • Configuring WAN access controls
  • Editing an existing WAN connection
  • Disable a WAN
• Managing Metered RAM and storage usage
  • How usage is calculated
  • Viewing current usage and enabling pay-as-you-go capacity
  • Reserved capacity for Kyndryl Cloud Uplift on Azure
  • Reserved capacity for Kyndryl Cloud Uplift on IBM Cloud
  • Setting usage limits
  • Setting up notifications
  • VM pinning
• Reporting overview
  • Viewing and exporting user information
  • Viewing and exporting group information
  • Generating department reports
  • Generating audit reports
    • Configuring the webhook service for audit data
  • Viewing usage data
    • Using labels for in-depth reporting
    • Creating usage label categories
    • Configuring the webhook service for usage data
  • Enabling other users to generate reports
• Security best practices
• Other best practices
• Sharing templates with users in other accounts
• Finding the source environment from a sharing portal URL
• Including your logo in the Kyndryl Cloud Uplift interface

Creating and editing a Kyndryl Cloud Uplift on Azure ExpressRoute connection

A Kyndryl Cloud Uplift on Azure ExpressRoute connection is a dedicated, secure network tunnel between a Kyndryl Cloud Uplift environment and an Azure virtual network.

For example, you can use a Kyndryl Cloud Uplift on Azure ExpressRoute connection to connect a environment to your corporate intranet to give your virtual data center access to corporate resources (such as databases, source repositories, and builds).

Your customer account can have up to ten WANs connected at the same time. If you need additional WANs, contact your Kyndryl Cloud Uplift sales representative. A WAN is a VPN or Kyndryl Cloud Uplift on Azure ExpressRoute connection

Before you begin

Before you begin, you’ll need:

• A valid and active Microsoft Azure subscription.
• An Azure region enabled for your Kyndryl Cloud Uplift account.
• An administrator account in Kyndryl Cloud Uplift.

• A Kyndryl Cloud Uplift environment.

  Use Kyndryl Cloud Uplift Subnet from the environment to define the Kyndryl Cloud Uplift subnet for the Kyndryl Cloud Uplift on Azure ExpressRoute connection.

  

• An Azure virtual network.

  The Azure virtual network will define the remote subnet. Included remote subnets can’t overlap with restricted subnets or the Kyndryl Cloud Uplift subnet defined in the VPN settings. For more information, see Remote Subnets settings.

• An unattached Kyndryl Cloud Uplift static public IP address.

  A static public IP address is used as the Kyndryl Cloud Uplift peer IP address for the Kyndryl Cloud Uplift on Azure ExpressRoute connection.

  For instructions, see Adding a static public IP address to your account.

  The static public IP address is dedicated to the Kyndryl Cloud Uplift on Azure ExpressRoute connection; it isn’t accessible via the public internet.

  If you don’t have an available public IP address, contact your Kyndryl Cloud Uplift account representative.

Creating and configuring a Kyndryl Cloud Uplift on Azure ExpressRoute connection

To create a Kyndryl Cloud Uplift on Azure ExpressRoute connection

1. From the navigation bar, click Manage > WANs.

   

   The WANs page displays.

   

2. Click New ExpressRoute. The New WAN page loads.

   

3. Type a Name for the new Kyndryl Cloud Uplift on Azure ExpressRoute connection.
4. Select the Azure Region where the ExpressRoute will be created.
5. Choose the Connection type, either Kyndryl Cloud Uplift-managed circuit or Customer-managed circuit.
6. If this is a Customer-managed circuit, type or paste the ExpressRoute circuit Service key.
7. Choose a Kyndryl Cloud Uplift static public IP address as the Kyndryl Cloud Uplift peer IP.
8. To assign NAT IP addresses to any VMs connected to the ExpressRoute, select Apply NAT for connecting networks. This setting allows you to connect Kyndryl Cloud Uplift environments with overlapping IP addresses to the Kyndryl Cloud Uplift on Azure ExpressRoute connection. For more information, see Apply NAT for connecting networks.
9. Type the Kyndryl Cloud Uplift subnet – the subnet of the environment that will be connected.

10. Click Save. The Details tab displays a summary of the Kyndryl Cloud Uplift on Azure ExpressRoute connection settings, along with the message, We’re waiting for the authorization key so we can finish building your connection.

    Provisioning usually takes only a few minutes but can sometimes take up to an hour.

    

11. After the connection is provisioned by Microsoft, a Resource ID and Authorization Key are displayed.

    

12. Sign into your Azure subscription and follow these steps to connect your ExpressRoute to your virtual network gateway.

    The Resource ID and Authorization Key are displayed on the Details tab of the Kyndryl Cloud Uplift WANs page.

    • For the Authorization key of the Connection object, use the Authorization Key.
    • For the Peer circuit URI of the Connection object, use the Resource ID.

13. Type the Azure virtual network subnet into Remote Subnet. Optionally, you can add remote subnets to exclude. Included remote subnets can’t overlap with restricted subnets or the Kyndryl Cloud Uplift subnet defined in the Kyndryl Cloud Uplift on Azure ExpressRoute connection settings. For more information, see Remote Subnets settings.

    

    1. Enter a subnet range in Remote Subnets.

       The supported remote subnets are within the 3 to 32 bits range.

       1. Select include or exclude.
       2. Click Add.
14. Test the WAN.

15. Connect your Kyndryl Cloud Uplift networks to the Kyndryl Cloud Uplift on Azure ExpressRoute connection. The Kyndryl Cloud Uplift side of the Kyndryl Cloud Uplift on Azure ExpressRoute connection remains inactive until you attach at least one network with a running VM on it.

16. Click Enable to begin sending traffic through the Kyndryl Cloud Uplift on Azure ExpressRoute connection.

    

17. (Optional) Configure access controls for the Kyndryl Cloud Uplift on Azure ExpressRoute connection. For more information, see Configuring access to a WAN.

Editing the name of a Kyndryl Cloud Uplift on Azure ExpressRoute connection

To change the name assigned to a Kyndryl Cloud Uplift on Azure ExpressRoute connection

1. From the navigation bar, click Manage > WANs.

   

   The WANs page displays.

   

2. Click (Edit) next to the name of the Kyndryl Cloud Uplift on Azure ExpressRoute connection connection.
3. Enter a new name in the Rename WAN window.
4. Click Save.

Editing the WAN access control list

See Configuring access to a WAN.

Deleting a Kyndryl Cloud Uplift on Azure ExpressRoute connection

Before you can delete a Kyndryl Cloud Uplift on Azure ExpressRoute connection that uses Global Reach, you must first remove or disable any Global Reach circuits used by the Kyndryl Cloud Uplift on Azure ExpressRoute connection, otherwise deletion of the Kyndryl Cloud Uplift on Azure ExpressRoute connection is likely to fail.