Skip to content Skip to site navigation

Cloud Network Use Cases

Stanford.EDU domain name, service provider manages DNS

For a  cloud provisioned service when <host>.Stanford.EDU domain name is desired but service provider manages DNS for their applications:

  • Open a Network Device Database (NetDB) request to register <host>.stanford.edu name.
  • Services may be registered using either IP addresses or domain names.
  • For web based services, service providers must configure systems to accept <host>.Stanford.EDU urls.

Stanford.EDU domain name, third party manages DNS

For cloud provisioned services when <subdomain>.Stanford.EDU domain name is desired and a third party will manage DNS registration for the entire <subdomain>.Stanford.EDU domain:

Non-Stanford domain name purchased from a third party Internet registry

For a non-Stanford domain name that is purchased from a third party Internet registry:

  • Use the registration service provided by the third party Internet registry where the domain was purchased to register hosts and delegate subdomains.
  • See Internet Domain Name Registration Guidelines for additional information.

Cloud service where encrypted tunnels are required

For a cloud service when ISO or cloud service provider requires encrypted tunnels between Stanford University and service:

  • Submit a request if you want Cloud Gateway service.
  • Submit a request if you want Site-to-Site VPN service.
  • Through encrypted tunnels, systems located at Stanford University can only communicate with systems using globally unique public Internet addresses or Stanford University allocated private Internet addresses. Stanford University will not allocate public Internet addresses for use by cloud services.

Cloud service using private Internet addresses

For cloud services using private Internet addresses:

  • Systems locate at Stanford University campus can communicate with systems in the cloud with Stanford University allocated private Internet addresses through the Cloud Gateway or Site-to-Site VPN service.
  • Third-party provisioned services must be configured to use globally unique public Internet addresses; or Stanford University allocated private Internet addresses through the Cloud Gateway or Site-to-Site VPN service.

Cloud services using public internet addresses

For Cloud services using public Internet addresses with connections initiated by Stanford University systems:

  • For systems located at Stanford University using private Internet addresses:
    • Validate that the network is configured to translate the private addresses by entering the private address in the Network Address Translation (NAT) tool.
    • If the network is not configured to translate the private address:
      • Open a Firewall Service Request to request that NAT be enabled.
      • Note in the request if the cloud service requires address ranges specific to the service (Firewall NAT) or address ranges that can include anyone at Stanford University (CGNAT).
    • Validate the existence of firewall policies to allow connections by using the Host to Host firewall policy tool.
      • If the cloud service uses non-static Internet addresses, look for the FQDN or “any” in the destination address fields in the outbound policies displayed.
    • Open a Firewall Service Request to request the creation of the policy:
      • If the cloud service uses static public Internet addresses: Enter the service’s Internet addresses in the destination address field.
      • If the cloud service uses non-static public Internet addresses: Select the service’s fully qualified domain name (FQDN) from the destination address predefined address pull-down in the create policy dialog. If the FQDN is not available in the predefined pulldown list, enter the FQDN in the destination address field with instructions to add the FQDN service address to the destination addresses as a FQDN in the dialog’s Instructions text box.

Cloud services using public Internet addresses to reach private Stanford Internet addresses

For Cloud services using public Internet addresses with connections initiated by the service to systems at Stanford University using private Internet addresses:

  • If all traffic is encrypted, systems located at Stanford University using private Internet addresses must be reconfigured to use Stanford University public Internet addresses.
  • If all traffic is encrypted and if the cloud service can be configured using IPv6 addresses, it may be advantageous to configure the systems at Stanford University to use IPv6 addresses in addition to the existing IPv4 private addresses rather than reconfiguring the systems’ IPv4 addresses. 
  • IPv4/IPv6 Internet address provisioning for Stanford University networks is requested by opening a Firewall Service Request.

Cloud services using public Internet addresses to reach public Internet addresses behind a Stanford firewall

For cloud services using public Internet addresses with connections initiated by the service to systems at Stanford University using public Internet addresses behind a Stanford University network firewall:

  • Validate the existence of firewall policies to allow connections by using the Host to Host firewall policy tool. If the cloud service uses non-static Internet addresses, look for the FQDN in the source address fields.
  • If there is no firewall policy to allow the connections, open a Firewall Service Request to create a policy:
  • If the cloud service uses static public Internet addresses:
    • Enter the service’s Internet addresses in the source address field.
  • If the cloud service uses non-static public Internet addresses:
    • Select the service’s FQDN from the source address predefined address pull-down in the create policy dialog.
    • If the service’s FQDN is not available in the pre-defined address pull-down, enter the FQDN in the source address field with instructions to add the FQDN service address to the source addresses as a FQDN in the dialog’s Instructions text box.
Last modified August 8, 2023