diff --git a/docs/en-US/site-to-site-vpn.xml b/docs/en-US/site-to-site-vpn.xml
index 034fb42fdd8..a102ebe1bb4 100644
--- a/docs/en-US/site-to-site-vpn.xml
+++ b/docs/en-US/site-to-site-vpn.xml
@@ -3,43 +3,60 @@
%BOOK_ENTITIES;
]>
-
-
- Site-to-Site VPN
-
- To add a Virtual Private Cloud (VPC):
-
- Log in to the &PRODUCT; UI as an administrator or end user.
- In the left navigation, choose Network
- In the Select view, select site-to-site VPN.
- Click Add site-to-site VPN. Provide the following information:
-
- IP Address:.
- Gateway: The IP address of the remote gateway.
- CIDR list: The guest CIDR list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs.
- IPsec Preshared Key: The preshared key of the remote gateway.
- IKE Policy: Internet Key Exchange (IKE) policy for phase 1. Specify it as a combination of the encryption algorithm(aes,3des,des) and hash algorithm(sha1,md5). For example: aes-sha1, 3des-sha1.
- ESP Policy: Encapsulating Security Payload (ESP) policy for phase 2. Specify it as a combination of the encryption algorithm(aes,3des,des) and hash algorithm(sha1,md5). For example: aes-sha1, 3des-sha1.
- Lifetime (seconds): Lifetime of SA in seconds. Default is 86400 seconds(1day).
-
- Click OK.
-
-
+ Setting Up a Site-to-Site VPN Connection
+ A Site-to-Site VPN connection helps you establish a secure connection from an enterprise
+ datacenter to the cloud infrastructure. This allows users to access the guest VMs by
+ establishing a VPN connection to the virtual router of the account from a device in the
+ datacenter of the enterprise. Having this facility eliminates the need to establish VPN
+ connections to individual VMs.
+ The supported endpoints on the remote datacenters are:
+
+
+ Cisco ISR with IOS 12.4 or later
+
+
+ Juniper J-Series routers with JunOS 9.5 or later
+
+
+
+ In addition to the specific Cisco and Juniper devices listed above, the expectation is
+ that any Cisco or Juniper device running on the supported operating systems are able to
+ establish VPN connections.
+
+ To set up a Site-to-Site VPN connection, perform the following:
+
+
+ Create a Virtual Private Cloud (VPC).
+ See .
+
+
+ Create a VPN Customer Gateway.
+
+
+ Create a VPN gateway for the VPC that you created.
+
+
+ Create VPN connection from the VPC VPN gateway to the customer VPN gateway.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/en-US/vpc.xml b/docs/en-US/vpc.xml
index 389910007da..cfa5fe1dd02 100644
--- a/docs/en-US/vpc.xml
+++ b/docs/en-US/vpc.xml
@@ -3,40 +3,181 @@
%BOOK_ENTITIES;
]>
-
-
- Virtual Private Cloud
-
- To add a Virtual Private Cloud (VPC):
-
- Log in to the &PRODUCT; UI as an administrator or end user.
- In the left navigation, choose Network
- In the Select view, select VPC.
- Click Add VPC. Provide the following information:
-
- Name: A short name for the VPC that you are creating.
- Description: A brief description of the VPC.
- Zone: Choose the zone where you want the VPC to be available.
- CIDR: To accept the traffic only from the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.
- Network Domain: If you want to assign a special domain name to this network, specify the DNS suffix.
-
-
-
+ About Virtual Private Clouds
+ &PRODUCT; Virtual Private Cloud is a private, isolated part of &PRODUCT;. A VPC can have its
+ own virtual network topology that resembles a traditional physical network. You can launch VMs
+ in the virtual network that can have private addresses in the range of your choice, for example:
+ 10.0.0.0/16. You can define network tiers within your VPC network range, which in turn enables
+ you to group similar kinds of instances based on IP address range.
+ For example, if a VPC has the private range 10.0.0.0/16, its guest networks can have the
+ network ranges 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, and so on.
+
+ Major Components of a VPC:
+ A VPC is comprised of the following network components:
+
+
+
+ VPC: A VPC acts as a container for multiple isolated
+ networks that can communicate with each other via its virtual router.
+
+
+ Network Tiers: Each tier acts as an isolated network
+ with its own VLANs and CIDR list, where you can place groups of resources, such as VMs. The
+ tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway.
+
+
+ Virtual Router: A virtual router is automatically
+ created and started when you create a VPC. The virtual router connect the tiers and direct
+ traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a
+ corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and
+ DHCP services through its IP.
+
+
+ Public Gateway: The traffic to and from the Internet
+ routed to the VPC through the public gateway. In a VPC, the public gateway is not exposed to
+ the end user; therefore, static routes are not support for the public gateway.
+
+
+ Private Gateway: All the traffic to and from a private
+ network routed to the VPC through the private gateway. For more information, see .
+
+
+ VPN Gateway: The VPC side of a VPN connection.
+
+
+ Site-to-Site VPN Connection: A hardware-based VPN
+ connection between your VPC and your datacenter, home network, or co-location facility. For
+ more information, see .
+
+
+ Customer Gateway: The customer side of a VPN
+ Connection. For more information, see .
+
+
+ NAT Instance: An instance that provides Port Address
+ Translation for instances to access the Internet via the public gateway. For more
+ information, see .
+
+
+
+ Network Architecture in a VPC
+ In a VPC, the following four basic options of network architectures are present:
+
+
+
+ VPC with a public gateway only
+
+
+ VPC with public and private gateways
+
+
+ VPC with public and private gateways and site-to-site VPN access
+
+
+ VPC with a private gateway only and site-to-site VPN access
+
+
+
+ Connectivity Options for a VPC
+ You can connect your VPC to:
+
+
+
+ The Internet through the public gateway.
+
+
+ The corporate datacenter by using a site-to-site VPN connection through the VPN
+ gateway.
+
+
+ Both the Internet and your corporate datacenter by using both the public gateway and a
+ VPN gateway.
+
+
+
+ VPC Network Considerations
+ Consider the following before you create a VPC:
+
+
+
+ A VPC, by default, is created in the enabled state.
+
+
+ A VPC can be created in Advance zone only, and can't belong to more than one zone at a
+ time.
+
+
+ The default number of VPCs an account can create is 20. However, you can change it by
+ using the max.account.vpcs global parameter, which controls the maximum number of VPCs an
+ account is allowed to create.
+
+
+ The default number of tiers an account can create within a VPC is 3. You can configure
+ this number by using the vpc.max.networks parameter.
+
+
+ Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR should be
+ within the VPC CIDR range.
+
+
+ A tier belongs to only one VPC.
+
+
+ All network tiers inside the VPC should belong to the same account.
+
+
+ When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP
+ is released only when the VPC is removed.
+
+
+ A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it
+ cannot be used for StaticNAT or port forwarding.
+
+
+ The instances only have a private IP address that you provision. To communicate with the
+ Internet, enable NAT to an instance that you launch in your VPC.
+
+
+ Only new networks can be added to a VPC. The maximum number of networks per VPC is
+ limited by the value you specify in the vpc.max.networks parameter. The default value is
+ three.
+
+
+ The load balancing service can be supported by only one tier inside the VPC.
+
+
+ If an IP address is assigned to a tier:
+
+
+ That IP can't be used by more than one tier at a time in the VPC. For example, if
+ you have tiers A and B, and a public IP1, you can create a port forwarding rule by using
+ the IP either for A or B, but not for both.
+
+
+ That IP can't be used for StaticNAT, load balancing, or port forwarding rules for
+ another guest network inside the VPC.
+
+
+
+
+ Remote access VPN is not supported in VPC networks.
+
+
+
\ No newline at end of file