Skip to content Skip to site navigation Skip to service navigation

Site-to-Site VPN

Site-to-site VPN is virtual private network connectivity for university partners planning to deploy, host, or scale application or service environments to cloud service providers.

A VPC (virtual private cloud) or VNet (virtual network) is cloud vendor-provisioned network connectivity for your applications or services. This connectivity closely resembles a traditional network that you would normally operate in your own data center, with the scalability of various enterprise cloud service providers such as Amazon (AWS), Google (Google Cloud Platform), Microsoft (Azure) as well as additional enterprise-scale providers. 

The connection types available are site-to-site VPN to:

Features

  • Connectivity between Stanford campus and cloud service providers and other third-party sites.
  • Connectivity provides encryption between campus and cloud service providers and other third-party sites.
  • Connectivity is supported via highly available and redundant VPN hardware.

Limitations

  • Cloud providers may impose caps on total bandwidth available.
  • IP address assignments will be provided by UIT Networking, following RFC1918 best practices.
  • Route-Based VPN must be supported by the vendor.
  • Configuration, management and monitoring of the cloud VPCs and third-party sites are the responsibility of the client (application owner).
  • Connectivity to multiple cloud providers for the same application or service does not support hair-pinned routing through SUNet.

Additional guidelines

  • All IP addresses must be registered in NetDB.
  • Networking will not NAT any IP addresses from remote sites.
  • We will not route non-Stanford Public IP addresses across site-to-site VPNs.
  • All IP addresses from remote sites, via the VPN tunnel, will be globally routed on Stanford’s network.
  • Static routing is not supported.

Designed for

Faculty, staff, and students

Requirements

Potential university clients of this service must present both a demonstrated need and justifiable requirements.

Rates

See the UIT rates page.

Get started

To initiate a deployment of cloud services through the site to site VPN infrastructure please copy and paste the following questions (with your completed answers) into a Network Firewall Help request.  

In addition to providing the questions and answers, we require that you also provide a diagram depicting the proposed traffic flow/topology of your cloud application or service deployment. Please attach this diagram (PDF/PNG/JPG) to your request.

The following questions (with completed answers) will serve as the starting point to begin work with the assigned UIT Network Engineer:

  1. What is the PTA to be used for the monthly recurring cost for your Site-to-Site VPN service?
  2. Which cloud provider are you planning to use?
  3. How many hosts IP addresses will you need?
  4. How many VPCs/VNets are you planning to deploy?
  5. How many subnets are you planning to deploy?
  6. Do you have high-availability requirements?
  7. What is the desired name of your VPC/VNet?
  8. Which NetDB group would you like assigned to provisioned IP subnets?

See also

Last modified July 25, 2024