This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud. |
For customers who require that their Appian Cloud environments are accessed over a private connection, such as VPN tunnel or PrivateLink, and through the public internet at the same time, Appian Cloud offers the ability to configure a dual access configuration. This page outlines the steps required to set up an Appian Cloud environment with this configuration.
Appian Cloud also offers the ability to configure inbound web access only over an IPsec VPN tunnel or PrivateLink connection. For more details, see Configuring Inbound Access over VPN or Access an Appian Cloud Environment Using AWS PrivateLink.
Note: Appian Cloud environments running in a high availability configuration will require additional configuration. If you set up static VPN tunnels, you need to set up the necessary network configuration on your infrastructure to forward web requests to a healthy web server. Web servers are accessible on the Appian Network interface IP addresses configured when setting up your VPN tunnel.
Required role: Network Administrator or Authorized support contact
Configure one of the following:
Required role: Authorized support contact
Configure a custom domain for your Appian Cloud Environment. See Using a Custom Domain in Appian Cloud for instructions.
Required role: DNS/Server administrator
Update your DNS infrastructure to resolve the fully qualified domain name (FQDN) of your Appian Cloud environment to one of two values based on the source of the DNS query:
Required role: Authorized support contact
Schedule a maintenance window for the environment by opening a new Support Case with Appian Support.
During the maintenance window, Appian Support will enable the environment to receive inbound HTTPS traffic over VPN and the public internet. Once the maintenance window has completed, the environment will be accessible through both methods.
The diagram below illustrates a sample traffic flow when end users and systems access an Appian Cloud environment over the Internet and the VPN tunnel at the same time. This diagram assumes a customer managed DNS server has been set up to resolve to a private IP address or a public CNAME based on the origin of the request. End users will access the environment using its FQDN.
Traffic Type | Flow Description |
---|---|
Inbound traffic over the internet (blue steps) |
|
Inbound traffic over VPN (red steps) |
|
Outbound traffic (green steps) |
|
Configuring Inbound Dual Access