Private Peering Options
Imagicle leverages Amazon Web Services (AWS) to host and operate each Imagicle UCX Cloud Suite instance, granting a better security, scalability, reliability, availability and low latency of Imagicle apps.
AWS provide several regional locations and Imagicle can choose the closest to customer premise. See worldwide AWS presence map below (as of Q1 2025):
In this section we describe the list of requisites for a Private Cloud solution, with direct connection between the customer network and the Imagicle cloud.
Device network information
It is very important for Imagicle to identify all customer’s infrastructure equipment: phones, users, workgroup appliances, with relevant IP subnets and addresses. These data allow Imagicle to setup the proper network routes and rules to establish the communications from customer network to Imagicle Cloud services.
Customer’s IP subnet validation for private instance(s) peering
Imagicle implements a specific private IP subnet in its Cloud datacenter, where Imagicle UCX Cloud Suite instance is deployed. Customer must make sure that Imagicle Cloud subnet does not overlap any existing IP subnets in its LAN. If that is the case, customer must promptly provide an alternative private subnet to Imagicle.
Customer’s DNS and Domain
Imagicle requires customer’s DNS IP addresses and domain name(s) to configure the relevant DNS forward rules which enables the resolution of the relevant internal customer servers (email, Active Directory, etc.) from Imagicle Cloud.
Connection type and parameters for customer network peering
The connections between customer’s network and Imagicle Cloud can be established through four different peering options: VPN, SD-WAN, VPC Peering or Equinix ECX. To help customers choosing the best connectivity option, Imagicle UCX Cloud Suite solution integrates a “Private Cloud Subscription”: a single, flat price per month per instance package, including elastic hosting, security, daily backup, unlimited storage and peering. Connectivity is available in any geographic area via any peering option.
Whatever is the chosen peering option, customer should provide own VPN destination IP address or Equinix BGP ASN datacenter identifier or Overlay information of the SD-WAN Fabric or AWS VPC account, to allow Imagicle Cloud to establish the connection from its VPC (Virtual Private Cloud). No NAT mechanism should be enabled in the communications.
Customer routers should be configured to mark all packets to/from the Imagicle instance network as high priority, to ensure these packets grant QoS against other best effort packets.
Network Peering
As mentioned in the previous paragraph, the connections between customer’s network and Imagicle Cloud can be established through four different peering options, detailed in the following paragraphs.
VPN Peering
This is the most common solution to interconnect two sites, when a leased line circuit or an MPLS network is not available in-between. To establish the secure tunnel, some information are required, such as the public IP address of main and secondary customer Internet access equipment.
By default, Imagicle provides two tunnel end-points on two different public IP addresses, each supporting one VPN tunnel, terminated to a single Customer Premise Equipment (CPE) or in two different ones, having same Public IP address. These two tunnels are working in failover mode. See below diagram:
The VPN termination is under customer responsibility, who is providing the following items, for each Imagicle Private Cloud instance to be connected:
A hardware appliance that support VPN IP-sec or BGP
A public IP address assigned to above appliance
BGP-2 (Border Gateway Protocol) must be enabled to announce routes, or static routes
Imagicle Cloud Operation team provides the parameters for phase I and II negotiation, to establish an IPSEC tunnels toward Imagicle Cloud
Additional VPN circuit(s), if HA is required or multiple branches should be peered
Imagicle Cloud (powered by AWS) natively supports the following VPN appliances:
Checkpoint
Cisco
Citrix
Cyberoam
F5 networks
Fortinet
H3C
Juniper Networks
Microsoft
Microtik
Openswan
Palo Alto Networks
pfSense
SonicWall
Strongswan
WatchGuard
Yamaha
Zyxel
About full peering redundancy, if required, customer can provide a redundant VPN tunnel, which is terminated on an additional VPN appliance in Imagicle Cloud. Please contact Imagicle to get this feature quoted in your Imagicle UCX Private Cloud Suite offer.
Equinix ECX Peering
Equinix Cloud Exchange Fabric™ (ECX Fabric™) directly, securely and dynamically connects distributed infrastructure and digital ecosystems on Platform Equinix via global, software-defined interconnection. Available across 45+ locations, ECX Fabric is designed for scalability, agility and connectivity over a self-service portal or API. Through a single web portal, discover and reach anyone on demand, within a metro or at worldwide level.
See below a map with Equinix ECX worldwide presence:
To establish an Equinix ECX virtual circuit, the following items must be available at customer’s side:
Equinix presence (physical or virtual)
A port on Equinix Cloud Exchange
Customer should apply for a virtual circuit toward own Imagicle Cloud instance on AWS
Equinix agreements and costs are directly managed through Equinix. Imagicle is not involved.
The Equinix Virtual Circuit connection to Imagicle Cloud requires:
Bandwidth preference: Equinix ECX offers bandwidth tiers from 50 Mbps up to 10 Gbps. 50 Mbps b/w is normally enough, unless differently specified by Imagicle.
Region: one of the available local AWS region (single or high available)
AWS Account ID: this is released by Imagicle
BGP configurations info: key, IPs and Imagicle AWS ASN, all released by Imagicle
BGP Customer ASN
About full peering redundancy, if required, customer can provide a redundant Equinix VC, which is terminated on an additional Equinix appliance in Imagicle Cloud. Please contact Imagicle to get this feature quoted in your Imagicle UCX Cloud Suite offer.
SD-WAN Peering
SD-WAN peering is supported with different SD-WAN solutions available in the market, including Cisco Meraki and Cisco SD-WAN.
SD-WAN peering option is included ONLY if you have a supported SD-WAN and you have Hub&Spoke configuration or you have full mesh configuration, but you are ok with a point to point connection to the DC hosting your PBX or the on-prem resources that must be connected to Imagicle.
Included option offers a native way to integrate SD-WAN appliances through AWS Transit Gateway Connect. Customer can seamlessly extend their SD-WAN edge into AWS using standard protocols such as Border Gateway Protocol (BGP) and a VPN tunnel with a dedicated subnet for Imagicle private instances. See below diagram:
To establish a Cisco-based SD-WAN connection, the following items must be available at customer’s side:
Cisco Meraki:
An ongoing Cisco Meraki subscription
Overlay information about the fabric to create a new profile to allow connection to SD-WAN devices.
No additional licenses required
Cisco SD-WAN (former Vipela):
vManage v.20 or above system should be in place, for centralized network management
Overlay information for the fabric for the Hubs
Network devices should support Cisco vEdge version 16.12.4 or above.
Imagicle can also provide a full SD-WAN network integration, by adding a SD-WAN Edge node in Imagicle Cloud, connected to the customer’s existing fully-meshed network. Customer owns the license (BYOL) for the Edge node, while Imagicle charges Edge node hosting (2 nodes in HA). The additional Imagicle fee depends on the number of SD-WAN nodes included in the network. See below diagram:
Cloud On Ramp for IaaS and SaaS are not yet supported.
VPC Peering
A virtual private cloud (VPC) is a virtual network dedicated to an AWS account. A VPC peering connection is a networking connection between two VPCs within AWS that enables you to route traffic between them using private IP addressing. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between Imagicle UCX Cloud Suite own VPC and another VPC where your Calling Platform infrastructure is hosted.
The VPCs can be in different AWS regions, but in this case an additional fee is added. This peering method is available on a project base. See below diagram:
More details available here.