• Administrator overview
• Managing users and permissions
  • User roles and access permissions
  • Creating users
  • Editing users
  • Unlocking a user account
  • Resending a user activation link
  • Deleting or deactivating users
  • Using groups
  • Managing departments
  • Managing passwords and password policies
  • Setting account-wide access policies
  • Changing a resource owner
  • Using Single Sign-On (SSO)
    • Using Single Sign-on (SSO) with Azure Active Directory (AAD)
    • Configuring an ADFS claim rule for SSO
• Managing account-wide settings
  • Adding container registries
• Managing public IP addresses
• Managing WANs
  • Overview: VPNs
    • Creating a VPN
      • VPN configuration parameters
        • AWS VPC: VPN configuration example
        • Azure VPN: VPN configuration example
        • Cisco ASA: VPN configuration example
        • Cisco IOS: VPN configuration example
        • Juniper SRX: VPN configuration example
        • pfSense: VPN configuration example
        • strongSwan: VPN configuration example
  • Overview: Skytap on Azure ExpressRoute connections
    • Creating a Skytap on Azure ExpressRoute connection
    • Creating a customer-managed Skytap on Azure ExpressRoute connection
  • Testing the WAN
    • Troubleshooting VPN test failures
  • Connecting an environment network to a WAN
  • Configuring WAN access controls
  • Editing an existing WAN connection
  • Disable a WAN
• Managing Metered RAM and storage usage
  • How usage is calculated
  • Viewing current usage and enabling pay-as-you-go capacity
  • Reserved capacity for Skytap on Azure
  • Reserved capacity for Skytap on IBM Cloud
  • Setting usage limits
  • Setting up notifications
  • VM pinning
• Reporting overview
  • Viewing and exporting user information
  • Viewing and exporting group information
  • Generating department reports
  • Generating audit reports
    • Configuring the webhook service for audit data
  • Viewing usage data
    • Using labels for in-depth reporting
    • Creating usage label categories
    • Configuring the webhook service for usage data
  • Enabling other users to generate reports
• Security best practices
• Other best practices
• Sharing templates with users in other Skytap accounts
• Finding the source environment from a sharing portal URL
• Including your logo in the Skytap interface

Creating a VPN connection

Skytap Virtual Private Networks (VPNs) use the IPsec protocol suite to create a secure network tunnel between Skytap virtual networks and external networks, like your corporate network or a network from another cloud service provider.

For example, you can use a VPN to connect Skytap virtual environments to your corporate intranet; this would give your virtual data center access to corporate resources (such as databases, source repositories, and builds).

Your customer account can have up to 10 VPNs or Private Network Connections connected at the same time. If you need additional VPNs or Private Network Connections, contact your Skytap sales representative.

Before you begin

Before you begin, you’ll need:

• An administrator account in Skytap.

• The configuration parameters for the network appliance that Skytap needs to connect to.

  For example, to connect your Skytap account to your corporate network, you need configuration parameters for your corporate network endpoint device from your IT organization.

• An unattached Skytap static public IP address.

  A static public IP address is used as the Skytap peer IP address for the VPN connection.

  For instructions, see Adding a static public IP address to your account.

  If you don’t have public IP addresses, contact your Skytap sales representative.

Creating and configuring a VPN

To create a VPN

1. From the navigation bar, click Manage > WANs.

   

   The WANs page displays.

   

2. Click New VPN. The New WAN page loads.

   

3. Enter a Skytap static public IP address as the Skytap peer IP.

4. Enter the remaining VPN configuration parameters based on the settings of the remote VPN endpoint to which you’re connecting.

   Notes

   • The Phase 1 pre-shared key must be entered in plain text. If you later edit the Private Network, the current key isn't visible.
   • Double-quote characters (") aren't supported in pre-shared keys.
5. To assign NAT IP addresses to any VMs connected to the VPN, select Apply NAT for connecting networks. This setting allows you to connect Skytap environments with overlapping IP addresses to the VPN. For more information, see Apply NAT for connecting networks in VPN configuration parameters.
6. Enter the Skytap public IP address as the Remote peer IP on the external network VPN endpoint (for example, a network device on your corporate network). Depending on your level of access, your IT organization may need to do this for you.
7. Click Save. The Details tab displays the details of the VPN you just created.

8. Add at least one included Remote Subnet. Optionally, you can also add remote subnets to exclude. Included remote subnets can’t overlap with restricted subnets or the Skytap subnet defined in the VPN settings. For more information, see Remote Subnets settings.

   

   1. Enter a subnet range in Remote Subnets.

      Notes

      • The supported remote subnets are within the 3 to 32 bits range, as well as the default subnet 0.0.0.0/0.
      • The remote VPN router must be configured to accept the default route.
      • Skytap supports route narrowing only for IKEv2 VPNs.
   2. Select include or exclude.
   3. Click Add.

9. Test the VPN.

10. Connect your Skytap networks to the VPN.

    You must attach a network with a running VM to establish a VPN connection, otherwise the VPN will be inactive.

11. Click Enable to begin sending traffic through the VPN.

    

12. (Optional) Add Private Network Access Controls to limit the users, groups, or departments that can attach environments to the VPN. For more information, see Configuring access to a VPN.