Introduction
This guide explains how Varibill securely connects to your private compute instance (VM, database server, application server, etc.) when required for integrations, source data collection, implementation support, or troubleshooting.
Key principle: Varibill connects using a managed VPN model and a static source IP address that your organisation allow-lists. This enables secure, predictable access without exposing services to the public internet.
How Varibill Connects
Varibill establishes a secure connection to customer environments using Varibill’s managed VPN infrastructure. All traffic from Varibill originates from a single static IP address to support controlled firewall configuration on your side.
Key characteristics
- Encrypted VPN connectivity
- Static source IP address (provided by Varibill)
- No public inbound exposure required
- Access restricted to explicitly allow-listed ports and services
- Least-privilege access model
Important: Varibill does not install or use customer-provided VPN clients. A consistent VPN model is used across all customer environments.
When is Private Infrastructure Access Required?
Varibill may require secure access when:
- Connecting to on-premise or private-cloud databases
- Accessing customer-hosted virtual machines
- Collecting data from internal systems
- Accessing internal databases for integration configuration, validation, or agreed troubleshooting activities
- Configuring source collectors or integrations
- Troubleshooting integration or connectivity issues
Customer infrastructure may include:
- Virtual machines
- Databases
- File servers
- API endpoints hosted internally
- Private cloud instances
Prerequisites
Before proceeding, ensure that:
- A target private service (VM, database server, or application host) is provisioned and reachable within your internal network.
- Firewall rules (or cloud security groups / NACLs) explicitly allow inbound access from the Varibill static IP address on the required service ports only.
- Credentials have been created for the required access type.
- Access is approved and provisioned in accordance with your organisation’s internal security policies.
Varibill will provide:
- The static source IP address
- Required ports and services for the specific integration
Varibill Connectivity Details
For firewall configuration, allow inbound access from:
openvpn-za-north-1.varibill.com Copy102.37.112.88 CopyNote: Only this IP address should be allow-listed unless otherwise formally communicated by Varibill.Network Configuration Requirements
Allow-Listing Varibill’s Static IP
On your firewall (or cloud security group), allow inbound access from Varibill’s static IP address only. Do not allow broad access from the internet or unknown IP ranges.
Example firewall rule
Setting | Value |
Source | Varibill Static IP |
Destination | Private compute instance (FQDN or private IP) |
Protocol | TCP |
Port | Depends on service (see below) |
Required Ports by Protocol
Only open ports necessary for your specific integration.
Protocol | Default Port | Purpose |
RDP | 3389 | Windows Remote Desktop |
SSH | 22 | Linux remote shell |
SQL Server | 1433 | Microsoft SQL |
MySQL | 3306 | MySQL |
PostgreSQL | 5432 | PostgreSQL |
Custom App | Varies | As agreed |
Note: Only open the ports required for your integration and scope rules to the Varibill static IP.Security Considerations
The following are recommended when enabling private infrastructure access:
Least Privilege
- Use a dedicated service account
- Avoid admin/root access unless explicitly required
- Limit database access to required schemas or datasets
Encryption
- Use encrypted database connections (TLS/SSL) where supported
- Use SSH keys instead of passwords where possible
- Disable insecure or deprecated protocols
Logging & Monitoring
- Enable login auditing
- Enable connection logging
Credential Rotation
- Rotate passwords in line with your internal organisation's policies
- Revoke unused accounts
- Apply key expiration policies where supported
Information Required by Varibill
To complete setup, please provide:
- Target FQDN or private IP address
- Relevant port number
- Protocol (RDP, SSH, SQL, etc.)
- Environment (preproduction or production)
Validation & Support
Once configuration is complete, email support@varibill.com with:
- Target FQDN or IP address
- Relevant port number
- Protocol
- Environment
Varibill will perform a connection test and confirm the result.
Important! Share credentials using a secure service (e.g., https://pwpush.com).Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article