This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud. |
Note: Customers who are subscribed to Basic Support cannot connect to resources in a self-managed network or in a private cloud environment.
For customers who require that only users and systems within their corporate network can access their Appian Cloud environments, Appian Cloud offers the ability to configure inbound web access only over an IPsec VPN tunnel. With this configuration, all users must first be on their corporate network before navigating to their Appian Cloud environments, as they will not be available over the public internet. This page outlines the steps required to set up an Appian Cloud environment with this configuration.
Appian Cloud also offers support for Inbound Dual Web Access, over both the public internet and a VPN. For more details, see Configuring Inbound Dual Access.
Note: Appian Cloud environments running in a High Availability configuration will require additional configuration. If you set up static VPN tunnels, you need to set up the necessary network configuration on your infrastructure to forward web requests to a healthy web server. Web servers are accessible on the Appian Network interface IP addresses configured when setting up your VPN tunnel.
Required role: Network Administrator or Authorized Support Contact
Configure VPN tunnel(s) from your corporate network to your Appian Cloud environment. See Appian Cloud VPN Integration for instructions.
Required role: Authorized support contact
Configure a custom domain for your Appian Cloud Environment. See Using a Custom Domain in Appian Cloud for instructions.
Required role: DNS/Server administrator
Update your DNS infrastructure to resolve the fully qualified domain name (FQDN) of your Appian Cloud environment to an assigned private IP address (using a DNS Address (A) record).
Required role: Authorized support contact
Schedule a maintenance window for the environment by opening a new Support Case with Appian Support.
During the maintenance window, Appian Support will enable the environment to receive inbound web traffic over the VPN. Once the maintenance window has completed, the environment will only be accessible through the VPN.
The diagram below illustrates a sample traffic flow when end users and systems access an Appian Cloud environment over the VPN tunnel. This diagram assumes your DNS server contains a host record pointing to the private IP address assigned to the environment during the VPN tunnel configuration. End users will access the environment using its FQDN.
Traffic Type | Flow Description |
---|---|
Inbound traffic over VPN |
|
Outbound traffic |
|
Given that inbound access to environments will be restricted to VPN, leveraging the Compare and Deploy Across Connected Environments feature will require additional configurations, as detailed below:
Enable Connected Environments for Private Access between your nominated environments. This is the recommended approach to enable Connected Environments when the environments are only accessed over VPN. For more details, see Configuring Connected Environments for Private Access.
Given a connected system request from a Dev environment to a Test environment in Appian Cloud, the following 3 steps occur:
A visual explanantion of this flow is shown below.
Configuring Inbound Access Over VPN