PingOne Advanced Identity Cloud

Configure Secure Connect with Equinix

For background on Secure Connect in PingOne Advanced Identity Cloud, learn more in Create private network connections with Secure Connect.

You must complete three steps to configure Secure Connect with Equinix:

Each step requires you to co-ordinate with Backstage Support using a support ticket.

Step 1: Set up Equinix Interconnect service

  1. Request Google Cloud pairing keys from Backstage Support:

    1. Go to Backstage Support, and click PingOne Advanced Identity Cloud.

    2. Click Advanced Identity Cloud: Config Request from the PingOne Advanced Identity Cloud options.

    3. In the Request Type section, provide values for the following fields:

      Field Value

      Hostname(s)

      Enter a comma-separated list of FQDNs for your development, UAT[1], staging, and production tenant environments.

      What would you like to do?

      Select Set up Equinix Interconnect service.

      Do you give permission for ForgeRock to access and make changes to your environment?

      Select Yes to allow Backstage Support to access your environments.

    4. Click Submit to create the support ticket.

    5. Backstage Support provides you with the Google Cloud pairing keys for the appropriate region and availability zone.

  2. Set up the Equinix Interconnect service in the Equinix Fabric portal:

    1. Open the Equinix instructions for setting up Google Cloud Interconnect in your browser.

    2. Follow the steps under the heading Create Connection in the Equinix Fabric Portal, using the Google Cloud pairing keys from step 1.1.

  3. Confirm to Backstage Support that you have set up the Equinix Interconnect service:

    1. Update the support ticket you created in step 1.1 to let Backstage Support know you have completed the instructions in step 1.2.

    2. Backstage Support activates a BGP configuration in GCP.

Step 2: Provision Equinix Interconnect connection

  • The minimum lead time for a provisioning request is one week.

  • During the provisioning process there will be approximately one hour of downtime for your environments. Backstage Support will work with you on timeframes in the support ticket.

  1. Send Backstage Support details of your Interconnect connection, including a preferred date and time window for the provisioning process:

    1. Go to Backstage Support, and click PingOne Advanced Identity Cloud.

    2. Click Advanced Identity Cloud: Config Request from the PingOne Advanced Identity Cloud options.

    3. In the Request Type section, provide values for the following fields:

      Field Value

      Hostname(s)

      Enter a comma-separated list of FQDNs for your development, UAT[1], staging, and production tenant environments.

      What would you like to do?

      Select Provision Equinix Interconnect connection.

      Do you give permission for ForgeRock to access and make changes to your environment?

      Select Yes to allow Backstage Support to access your environments.

    4. In the Provision Equinix Interconnect connection section, provide values for the following fields:

      Field Value

      ASN (Autonomous System Number) for your private network router

      Enter an ASN value.

      MTU (Maximum Transmission Unit) for the Interconnect connection

      Select an MTU value.

      Development environment information

      • Enter a CIDR block for the development environment.

      • Enter IP addresses or domain names for testing the development environment.

      Staging environment information

      • Enter a CIDR block for the staging environment.

      • Enter IP addresses or domain names for testing the staging environment.

      Production environment information

      • Enter a CIDR block for the production environment.

      • Enter IP addresses or domain names for testing the production environment.

      Further information and provisioning date/time

      • Describe your use case for this implementation.

      • Enter your preferred date/time for provisioning the Interconnect connection.

    5. Click Submit to create the support ticket.

    6. Backstage Support works with you in the support ticket to agree a suitable date and time window for the provisioning process.

  2. Pre-provisioning steps:

    1. Before the provisioning process, Backstage Support provides you with pairing keys and BGP IP addresses for all tenant environments. The number of pairing keys is dependent on the level of availability you require.

    2. In the Equinix portal, use the pairing keys to create direct connections to the BGP IP addresses, using the BGP ASN of 16550.

    3. Ping Identity accepts the connections.

  3. Provisioning steps:

    1. During the provisioning process, Backstage Support establishes BGP sessions.

    2. After provisioning is complete, the routes advertised by each party are validated and bidirectional network connectivity is tested. Backstage Support provides nodes in each tenant environment that should respond to queries from the private network.

      The routes Ping Identity will advertise with BGP are as follows:

      • The chosen CIDR block for the tenant environment.

      • 35.199.192.0/19 (Google Cloud DNS)

      Ping Identity will allow all traffic from the advertised subnets via BGP. You are responsible for configuring your firewall in your private network to allow traffic from Advanced Identity Cloud.

Step 3: Send internal certificates

For services like SMTP, Ping Identity can add your internal certificate or CA into the trust store of your tenant environments. For assistance with this, learn more in Send Ping Identity a CA or TLS certificate.