Start offering "VPN as a service" on Power Virtual Server ~ turn IPsec VPN into a service with a connection cost of less than 10 yuan per month (4,000 to 5000 yen per month), which has a devastating impact.

Through Power Systems Virtual Server (hereinafter referred to as PowerVS), an ad hoc billing service adjacent to IBM Cloud, IBM begins to provide "VPN as a Service" (hereinafter referred to as VPNaaS) that services IPsec VPN.

VPNaaS is a service for IBM I (AIX) users that wants a secure, low-cost network connection between local and PowerVS. Compared with the previous methods of IPsec VPN connection through IBM Cloud (classic) and PowerVS, "there are many cases where the connection cost is less than 1/10" (Koichi Yukawa of IBM in Japan, senior IT expert in technology sales of science and technology headquarters), so it is expected to become a service that greatly expands the use of PowerVS.

Yuchuan said: "in the past, when using IPsec VPN to connect locally, you need to set up a virtual router called VRA (Virtual Router Appliance) on IBM Cloud to connect the local and VRA through IPSec. From VRA to PowerVS requires address translation through NAT or the use of GRE tunnels. This approach requires not only the cost of VRA, but also specialized network knowledge. In contrast, VPNaaS costs $0.0565 an hour and about $40 a month (about 4,000 to 5000 yen). It can not only be used cheaply, but also can be set up with general network knowledge, so PowerVS becomes particularly easy to use.

As a method of connecting from local to PowerVS, so far there are five methods.

1 common Internet access

2 install the Internet VPN of the client software on the PC (connect to the shared SSL VPN service on the IBM Cloud side, access PowerVS through the springboard server, etc.)

3 the VRA of IBM Cloud introduced above is carried out through the Internet VPN (IPsec) of the website to.

4 how to make use of the closed-area network and IBM Cloud connection services provided by operators and access them through IBM Cloud (like 3, NAT and GRE are required in IBM Cloud)

5 how to use the closed area network and PowerVS connection service (Megaport) provided by operators (as of January 2022, it can be used in Osaka region in China)

This time VPNaaS can be said to be a 3-change service. Dedicated lines, etc., the carrier provides a closed-area network using 45 lower cost, 1 compared to security. It is a connection mode in which VPN gateways are configured locally and on the PowerVS side respectively, and the gateways (site-to-site) communicate securely through IPsec. The local gateway needs to be prepared by the user, but the Powervs side can choose to be one of the resources of the instance.

Users enter PowerVS from IBM Cloud's management portal, select "VPN Connections" together with virtual server and storage resources, and only need to set the policies of VPN (IKE and IPsec) and the IP address of the relative VPN gateway to configure VPNaaS. Because the VPNaaS uses the Internet, the communication speed is the best possible. "if there is a requirement to send a large amount of data within a specified time, there are also cases in which 45 ways are recommended," Yuchuan said.

PowerVS's VPNaaS is available in Tokyo data Center (TOK04) and Osaka data Center (OSA21) in Japan. There are more than 10 places around the world that can be used.

The fee is only for VPNaaS instances. "there is currently no PowerVS-to-local data transfer fee (as of January 2022)," Yuchuan said. In addition, multiple Power VS subnets can be connected to a VPNaaS instance, but "in this case, the billing object is also an VPNaaS instance, and there is no charge per subnet or application."

There has been a voice among IBM I users that "PowerVS computing resources are low in cost, but the network connection is complex and expensive, so it has to be suspended." For such users, VPNaaS may have a big impact.

[I Magazine IS magazine]