The Advanced network option is designed for the most sophisticated networking needs. You connect to your on-premise and cloud-based environments using a secure, private connection, and there is no limit to the number of connections you can have.
With this type of network model, an extension of your network is created and deployed in the private IP space and is fully routable within your network. This option also supports all protocols that will allow you to design a network that meets the unique needs of your organization.
This option is best if you:
- Have multiple data center connections using AWS Site-to-Site VPN or AWS Direct Connect.
- Have multi-cloud connections in your tenant using AWS Site-to-Site VPN, or have dedicated interconnectivity provided by third-party providers to AWS and other cloud environments (Azure, GCP, and Oracle Cloud).
- Use Kerberos and Radius protocols.
- Have redundant connectivity in their cloud or on-premise data centers.
- Require greater amounts of bandwidth than is typically available on a VPN network.
There are several different types of Advanced network options available:
IP requirements
Because of its fully routable nature, the IP requirements will be greater for the Advanced network model than a Simple VPN model. Each VPC deployed in PingOne Advanced Services will require a /22 network CIDR assigned to it from your RFC1918 IP space. The exact number of IPs you will need will vary and depend on the types of environments you have.
Keep in mind that Ping Identity is not just deploying servers into AWS. Each VPN is a self-contained full data center with all the components that go along with it.
Environments required for all deployments:
- Primary production environment
- Primary development environment
- Primary customer hub environment
- Primary staging environment if a child region is also being deployed
Optional environments:
- Primary testing environment
- Primary staging environment for a single region
Learn more in Environments.
If you need a secondary customer hub environment, a secondary staging environment is required if a child region is also being deployed, but a secondary production environment is not. The same is true if you need a tertiary customer hub environment. A tertiary staging environment is required if a child region is also being deployed, but a tertiary production environment is not.
These environments are required because they're needed to handle increases in AWS services and the number of endpoints used, and to provide the elasticity needed to autoscale the environment to meet traffic demands. You can specify which /22 network CIDR goes to each environment, or leave it up to your implementation partners to make these decisions when they build the environments.
Learn more in Data storage considerations.