Rescale VPN Setup Workflow
Connect Rescale with your on-premises resources
This document will guide you through the preparation work and steps to establish a VPN connection to the customer's on-premises network.
Establishing a VPN connection enables Rescale servers to communicate with customer corporate networks. Communication with customer corporate networks is common to connect Rescale to a customer license server, to provide access to a Remote Desktop in the Rescale cloud for remote visualization, or for additional access security to a company's Rescale accounts.
The process for establishing a VPN connection requires access to the VPN Gateway and company firewall administration settings. Rescale recommends that prior to starting the VPN setup, a customer does the following:
Establish a Company Administrator account. To do this, if the administrator already has a Rescale account, simply connect with support via chat or send an email to email@example.com to request Company Administrator rights. To establish a new account, navigate to www.rescale.com, select "Log In" and then select "Sign Up." Once the account is established, either connect with support via chat or send an email to firstname.lastname@example.org to request Company Administrator rights.
Gather the VPN gateway IP address and the private IP address(es) of the license server(s). These will be used in Step 2.
1) Customer primary POC establishes connection with Rescale support
The primary point of contact on the customer side should initiate the VPN setup process by establishing a person-to-person link with a Rescale support engineer that will assist with the setup. The customer primary contact can reach Rescale support via support chat on the Rescale platform or at email@example.com.
2) Rescale proposes a subnet range of customer's Dedicated Company Private Network
The Rescale support engineer will propose a tentative subnet range for the customer's dedicated company private network. The customer should ensure that this subnet range should not overlap with the on-premises infrastructure. If the proposed subnet range overlaps with the customer's on-premises infrastructure, Rescale support and the customer will work together to come up with a range that works for both sides.
3) Customer provides VPN Gateway IP address and License Server's private IP address
If the subnet range is acceptable, the customer will provide: 1) the VPN gateway IP address for the VPN connection and 2) the private IP address(es) of the license server(s). Send the above information directly to the Rescale support engineer or to firstname.lastname@example.org.
4) Rescale provisions the customer resources
Rescale support will provision the VPN related resources stack after receiving the information above. Once the resources stack is provisioned, the Rescale support engineer will send a VPN configuration file or script to the customer via email.
5) Customer retrieves the VPN pre-shared keys
Next, the user designated as the Company Administrator must log in to the Rescale platform to access pre-shared keys. Once logged into the platform, pre-shared keys are available at: Company Administration -> Integrations -> VPN. Navigate to Company Administration by selecting the user name in the upper-right hand corner of the platform:
Please contact the Rescale support engineer, email@example.com, or contact support via chat if you can't access the VPN page or the page is blank.
6) Customer configures the VPN connection
Next, the customer will use the configuration script/file and pre-shared keys to configure the VPN tunnels in the VPN gateway device. With the VPN configuration file and pre-shared keys retrieved, the customer will configure the VPN tunnels and establish the connection in the VPN gateway device.
7) Customer configures on-premises firewall
In order for the nodes launched in the dedicated company private network to checkout licenses from the on-premises license server through the VPN connection, license port and vendor port (aka vendor daemon port) need to be allowed for inbound on customer-side firewall. The customer should update firewall rules to enable this action.
Please note that if the license server is using floating licenses, the floating vendor port needs to be fixed (instructions here). Upon completion of these actions, please send an email to the Rescale support engineer.
8) Rescale tests VPN connectivity and license checkout
After the VPN connection established, the Rescale engineer will launch a test node in dedicated company private network to test the connectivity to customer's on-premises license server. If the license server status can be successfully queried from the test node, the VPN connection is established successfully.