Connectivity to your SAP system landscape

Interconnectivity between IBM Cloud network

• Transit Gateway, handling interconnectivity across the IBM Cloud private backbone between the networks with defined and controlled communication between resources worldwide across the IBM Cloud network or across multiple IBM Cloud accounts (useful for Managed Service Providers of SAP). Transit Gateways are used to support hybrid workloads, frequent data transfers, and private workloads by providing dynamic scalability, high availability, and private, in-transit data between hosts on IBM Cloud.
  • Local routing, connect VPCs in same region
  • Global routing, connect VPCs across regions
  • Classic Infrastructure routing, connect to VLANs on Classic Infrastructure network
  • Cross-account connection (also known as account-to-account routing), connect VPCs across multiple IBM Cloud accounts. See Adding a cross-account connection (VPC only)

Connectivity options within the IBM Cloud Classic Infrastructure network

• Classic SSL VPN, basic SSL Tunnel with user/password to various PoP or Data centers, which is built in to IBM Cloud® Classic Infrastructure, enabled per user account and is a good option for administrators during initial stages of deployments to IBM Cloud. It is not for bulk users due to bandwidth caps.
• Classic IPSecVPN, service from the IBM Cloud catalog, which can be provisioned and has advanced configuration options available for the IPsec Tunnel
• IBM Cloud® Direct Link for Classic Infrastructure, the most robust connection available in varying types from your internal network to IBM Cloud's Availability Zones (also known as data centers) that use Network Service Providers, Point of Presence (PoP), or directly between the data center colocation Room (also called a Meet Me Room). This option is available up to 10 Gbps network throughput as a Routed OSI Layer-2/3 connection, and is designed for enterprise workload connections. Note: If you are using VPC Infrastructure, this option is not necessary as IBM Cloud® Direct Link 2.0 can also connect to Classic Infrastructure
  • More information on Direct Link 1.0. To find from a specified site location to IBM Cloud and which network service providers are available, use Cloud Pathfinder for IBM Cloud (powered by Cloudscene)

IBM Cloud® Classic Infrastructure offers firewalls that can provide your Bare Metal Servers with a layer of security that is provisioned on demand and designed to eliminate service interruptions.

Within the Classic Infrastructure network, there are many Gateway Appliance and Firewalls to help prevent unwanted traffic from hitting your server, help reduce your attack vulnerability, and let your server resource be dedicated for its use. Based on your specific performance and feature requirements, you can choose one of the following options:

• Shared firewall (multiple options, see Getting Started Hardware Shared Firewall),
• Dedicated firewall (multiple options, see Getting Started Hardware Dedicated Firewall),
• Fortinet FortiGate security appliance.

Connectivity options within the IBM Cloud VPC Infrastructure network

• Floating IP, a public internet IPv4 address, which can be configured with Security Groups to allow only certain network connection access on defined protocols and ports from specified source/target addresses. For initial tests option is often used, with more detail in the short guide on Connecting to your Linux Virtual Server instance.
• VPC IPSecVPN, service from the IBM Cloud catalog and deploys a VPN Gateway to a VPC and creating a VPN Connection with advanced configuration options available for the IPsec Tunnel; including integration with authentication strategies such as Microsoft Active Directory.
• IBM Cloud® Direct Link 2.0, the latest enhancement and the most robust connection available, now with access to both Classic Infrastructure network and VPC Infrastructure network simultaneously from your internal network to IBM Cloud's Availability Zones (Data centers) that use Network Service Providers, Point of Presence (PoP), or directly between the data center colocation Room (also called a Meet Me Room). This is available up to 10 Gbps network throughput as a Routed OSI Layer-2/3 connection, and is designed for enterprise workload connections.
  • More information on Direct Link 2.0. To find from a specified site location to IBM Cloud and which network service providers are available, use Cloud Pathfinder for IBM Cloud (powered by Cloudscene)

Connectivity options within the IBM Power Virtual Server network, connection through IBM Cloud

This is a complementary offering from IBM Power Systems, with low latency access to IBM Cloud services

To arrange connection through to IBM Cloud or an on-premises network, a private subnet (and the allocated Private VLAN) must exist for the IBM Power Virtual Server; which is then connected to the subnet in the target network using IBM Cloud Direct Link.

On the target side (IBM Cloud networks or the on-premises network), it is required to perform the necessary configuration of the network security and permit connections to be established to/from IBM Power Virtual Servers. For example:

• With a connection to IBM Cloud Classic Infrastructure, the Gateway Appliance firewall for the Classic Private VLAN (and Primary Subnet, or any other Subnets) must permit the ports where traffic will flow to/from IBM Power Virtual Servers
• With a connection to an on-premises network, the outbound Firewall and DMZ should be configured to permit the ports where traffic will flow to/from IBM Power Virtual Servers

Depending on the subnet range used for the IBM Power Virtual Server private subnet and the default OS routing configuration, manual routes on both sides may be required (e.g. a route added to the NAT Gateway of the target in the on-premises network).