--- title: Configure Secure Connect with Equinix description: You can find background information on Secure Connect in PingOne Advanced Identity Cloud in Create private network connections with Secure Connect. component: pingoneaic page_id: pingoneaic:tenants:secure-connect-configure-equinix canonical_url: https://docs.pingidentity.com/pingoneaic/tenants/secure-connect-configure-equinix.html page_aliases: ["tenants:private-network-connections-configure-equinix.adoc"] section_ids: provide-requirements-for-equinix-interconnect-service: "Task 1: Provide requirements for Equinix Interconnect service" enable-equinix-interconnect-service: "Task 2: Enable Equinix Interconnect service" send-internal-certificates: "Task 3: (Optional) Configure support for services in your internal network" --- # Configure Secure Connect with Equinix You can find background information on Secure Connect in PingOne Advanced Identity Cloud in [Create private network connections with Secure Connect](secure-connect.html). To configure Secure Connect with Equinix, you must complete the following tasks. Each task requires you to coordinate with Ping Identity support using a support case: * [Task 1: Provide requirements for Equinix Interconnect service](#provide-requirements-for-equinix-interconnect-service) * [Task 2: Enable Equinix Interconnect service](#enable-equinix-interconnect-service) * [Task 3: (Optional) Configure support for services in your internal network](#send-internal-certificates) | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | - The minimum lead time for a provisioning request is two weeks. - During the provisioning process, there will be approximately one hour of downtime for your environments. Ping Identity support will work with you on timeframes in the support case. | ## Task 1: Provide requirements for Equinix Interconnect service In this task, you provide Ping Identity support with your requirements for the Equinix Interconnect service, including details of your network configuration and your Advanced Identity Cloud tenant environments. 1. Send Ping Identity support your requirements for an Interconnect service: 1. Go to . 2. Click Create a case. 3. Follow the steps in the case submission wizard by selecting your account and contract and answering questions about your tenant environments. 4. On the Please answer the following questions to help us understand the issue you're facing page, enter the following details, and then click Next: | Field | Value | | ---------------------------------------------------- | --------------------------------------------------------------------------- | | What product family is experiencing the issue? | Select PingOne Advanced Identity Cloud | | What specific product is experiencing the issue? | Select Configuration | | What version of the product are you using? | Select NA | | What Hostname(s) or Tenant ID(s) does this apply to? | Enter a comma-separated list of FQDNs for the relevant tenant environments. | 5. On the Tell us about the issue page, enter the following details, and then click Next: | Field | Value | | ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Provide a descriptive title for your issue | Enter `Requirements for Equinix Interconnect service` | | Describe the issue below | Enter the following details:- An ASN (Autonomous System Number) value for your private network router. - An MTU (Maximum Transmission Unit) value for the Interconnect connection. - Development environment information: * A CIDR block for the development environment. The CIDR prefix must be `/27` or numerically smaller. Learn more in [How do I choose CIDR blocks for my tenant environments?](secure-connect.html#how-do-i-choose-cidr-blocks-for-my-tenant-environments) * IP addresses or domain names for testing the development environment. - UAT\[[1](#_footnotedef_1 "View footnote.")] environment information: * CIDR blocks for any UAT environments. Each environment's CIDR prefix must be `/27` or numerically smaller. * IP addresses or domain names for testing any UAT environments. - Staging environment information: * A CIDR block for the staging environment. The CIDR prefix must be `/27` or numerically smaller. * IP addresses or domain names for testing the staging environment. - Production environment information: * A CIDR block for the production environment. The CIDR prefix must be `/27` or numerically smaller. * IP addresses or domain names for testing the production environment. - Your use case for this implementation. - Your preferred date/time for enabling the Interconnect connection. | 6. Click Submit. 2. Ping Identity support works with you in the support case to agree a suitable date and time window for the enablement process. 3. Wait until the start of the enablement process window (agreed in the previous step) before moving to the next task. ## Task 2: Enable Equinix Interconnect service In this task, you'll work with Ping Identity support to enable the Equinix Interconnect service. 1. Create a support case to request Google Cloud pairing keys from Ping Identity support: 1. Go to . 2. Click Create a case. 3. Follow the steps in the case submission wizard by selecting your account and contract and answering questions about your tenant environments. 4. On the Please answer the following questions to help us understand the issue you're facing page, enter the following details, and then click Next: | Field | Value | | ---------------------------------------------------- | --------------------------------------------------------------------------- | | What product family is experiencing the issue? | Select PingOne Advanced Identity Cloud | | What specific product is experiencing the issue? | Select Configuration | | What version of the product are you using? | Select NA | | What Hostname(s) or Tenant ID(s) does this apply to? | Enter a comma-separated list of FQDNs for the relevant tenant environments. | 5. On the Tell us about the issue page, enter the following details, and then click Next: | Field | Value | | ------------------------------------------ | ------------------------------------------- | | Provide a descriptive title for your issue | Enter `Enable Equinix Interconnect service` | | Describe the issue below | Enter `Enable Equinix Interconnect service` | 6. Click Submit to create the support case. 2. Monitor the support case while Ping Identity support performs these actions: 1. Provides you with Google Cloud pairing keys for the appropriate region and availability zone. 2. Provides you with static IP addresses for all Secure Connect environments. 3. Works with you to agree on suitable dates and times for the provisioning process window. 3. Set up the Equinix Interconnect service in the Equinix Fabric portal: 1. Open the [Equinix instructions for setting up Google Cloud Interconnect](https://docs.equinix.com/en-us/Content/Interconnection/Fabric/connections/Fabric-connect-google.htm) in your browser. 2. Follow the steps under the heading Create Connection in the Equinix Fabric Portal, using the Google Cloud pairing keys provided in step 2a. 4. Update the support case to let Ping Identity support know you've completed the instructions in step 3. 5. Monitor the support case while Ping Identity support performs these actions: 1. Activates a BGP configuration in GCP. 2. Provides you with pairing keys and BGP IP addresses for all tenant environments to support Secure Connect. The number of pairing keys is dependent on the [level of availability](secure-connect.html#availability) you require. 6. In the Equinix portal, use the pairing keys to create direct connections to the BGP IP addresses, using the BGP ASN of 16550. Ping Identity accepts the connections. 7. Wait until the start of the provisioning process window (agreed in step 2c). 8. When the provisioning process window starts, monitor the support case while Ping Identity support performs these actions: 1. Establishes BGP sessions. 2. Validates the routes advertised by each party. The routes Ping Identity advertises with BGP are as follows: * The chosen CIDR block for the tenant environment. * 35.199.192.0/19 (Google Cloud DNS) 3. Tests bidirectional network connectivity. 4. Provides nodes in each tenant environment that should respond to queries from the private network. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Ping Identity allows all traffic from the advertised subnets using BGP. You're responsible for configuring your firewall in your private network to allow traffic from Advanced Identity Cloud. | ## Task 3: (Optional) Configure support for services in your internal network To support services in your internal network (for example, SMTP), Ping Identity can optionally perform the following actions: * Create DNS forwarding zones. For assistance with this, create a support case in the [Ping Identity Support Portal](https://support.pingidentity.com). * Add your internal certificate or CA into the trust store of your tenant environments. For assistance with this, refer to [Send Ping Identity a CA or TLS certificate](../realms/server-certificates.html#send-ping-a-ca-or-tls-certificate). *** [1](#_footnoteref_1). A [user acceptance testing (UAT) environment](environments-uat.html) is an [add-on capability](../product-information/add-on-capabilities.html).