DocsICP FilingConsole
官方文档
首页

Access PrivateZone

更新时间:
复制 MD 格式
产品详情
我的收藏

Alibaba Cloud DNS PrivateZone is a private Domain Name System (DNS) resolution and management service based on the Alibaba Cloud Virtual Private Cloud (VPC) environment. Smart Access Gateway (SAG) can access PrivateZone services through Cloud Enterprise Network (CEN). This topic explains how to configure SAG to access PrivateZone in the CEN console.

Background information

The service allows you to map private domain names to IP addresses in one or more custom VPCs.

With PrivateZone, you can use private domain name records to manage Alibaba Cloud resources in a VPC, such as Elastic Compute Service (ECS) hostnames, Server Load Balancer (SLB) instances, and Object Storage Service (OSS) buckets. These private domain names are not accessible from outside the VPC. You can connect your on-premises network to a VPC by using Smart Access Gateway (SAG) and Cloud Enterprise Network (CEN). After you configure access to PrivateZone in the CEN console, your on-premises network and the Alibaba Cloud VPC can use private domain names to access resources in each other's networks.

访问PrivateZone-1.1.0

Prerequisites

  • You have configured private DNS resolution on Alibaba Cloud DNS PrivateZone. For more information, see Quick start for Alibaba Cloud DNS PrivateZone.

  • You have created a CEN instance. For more information, see Create a CEN instance.

  • You have attached the VPC instance associated with the PrivateZone service and the Cloud Connect Network (CCN) instance associated with your on-premises network to transit routers. For more information, see Create a VPC connection and Create a CCN connection.

  • You have created an inter-region connection between the transit router attached to the VPC instance and the transit router attached to the CCN instance. For more information, see Inter-region connections.

    Note

    If the CCN and VPC instances are in regions within the Chinese mainland, an inter-region connection is automatically created when you attach the instances to the transit routers. By default, the inter-region connection is associated with the default route tables of the transit routers for route learning and forwarding.

Configure access to PrivateZone

  1. Log on to the CEN console.

  2. On the CEN Instance page, click the ID of the CEN instance that you want to manage.

  3. On the Basic Settings > Transit Router tab, click the ID of the transit router that is in the same region as the VPC associated with PrivateZone.

  4. If this is the first time you are configuring the PrivateZone service, click the PrivateZone tab on the details page of the transit router, and then click Authorization. On the RAM Quick Authorization page, click Confirm Authorization.

    The name of the authorized role is AliyunSmartAGAccessingPVTZRole and the permission policy is AliyunSmartAGAccessingPVTZRolePolicy (a system policy).

    After the authorization is complete, the on-premises network associated with the CCN instance (a component of SAG) can access the PrivateZone service.

  5. Return to the Private Zone tab and click Set PrivateZone. In the Set PrivateZone dialog box, set the following parameters and click OK.

    • Service Region: The region where the PrivateZone service is deployed.

    • Service VPC: The VPC instance associated with the PrivateZone service.

    • Access Region: The region of the CCN instance that needs to access PrivateZone.

Previous:Configure PrivateZoneNext:CCN authorization