PingOne Advanced Identity Cloud

Configure Secure Connect with Equinix

For background on Secure Connect in PingOne Advanced Identity Cloud, learn more in Create private network connections with Secure Connect.

You must complete three steps to configure Secure Connect with Equinix:

Each step requires you to co-ordinate with Ping Identity support using a support case.

Step 1: Set up Equinix Interconnect service

  1. Request Google Cloud pairing keys from Ping Identity support:

    1. Go to https://support.pingidentity.com.

    2. Click Create a case.

    3. Follow the steps in the case submission wizard by selecting your account and contract and answering questions about your tenant environments.

    4. On the Please answer the following questions to help us understand the issue you’re facing page, enter the following details, and then click Next:

      Field Value

      What product family is experiencing the issue?

      Select PingOne Advanced Identity Cloud

      What specific product is experiencing the issue?

      Select Configuration

      What version of the product are you using?

      Select NA

    5. On the Tell us about the issue page, enter the following details, and then click Next:

      Field Value

      Provide a descriptive title for your issue

      Enter Set up Equinix Interconnect service

      Describe the issue below

      Enter a comma-separated list of FQDNs for your development, UAT[1], staging, and production tenant environments.

    6. Click Submit.

    7. Ping Identity support provides you with the Google Cloud pairing keys for the appropriate region and availability zone.

  2. Set up the Equinix Interconnect service in the Equinix Fabric portal:

    1. Open the Equinix instructions for setting up Google Cloud Interconnect in your browser.

    2. Follow the steps under the heading Create Connection in the Equinix Fabric Portal, using the Google Cloud pairing keys from step 1.1.

  3. Confirm to Ping Identity support that you have set up the Equinix Interconnect service:

    1. Update the support case you created in step 1.1 to let Ping Identity support know you have completed the instructions in step 1.2.

    2. Ping Identity support activates a BGP configuration in GCP.

Step 2: Provision Equinix Interconnect connection

  • The minimum lead time for a provisioning request is one week.

  • During the provisioning process there will be approximately one hour of downtime for your environments. Ping Identity support will work with you on timeframes in the support case.

  1. Send Ping Identity support details of your Interconnect connection, including a preferred date and time window for the provisioning process:

    1. Go to https://support.pingidentity.com.

    2. Click Create a case.

    3. Follow the steps in the case submission wizard by selecting your account and contract and answering questions about your tenant environments.

    4. On the Please answer the following questions to help us understand the issue you’re facing page, enter the following details, and then click Next:

      Field Value

      What product family is experiencing the issue?

      Select PingOne Advanced Identity Cloud

      What specific product is experiencing the issue?

      Select Configuration

      What version of the product are you using?

      Select NA

    5. On the Tell us about the issue page, enter the following details, and then click Next:

      Field Value

      Provide a descriptive title for your issue

      Enter Provision Equinix Interconnect connection

      Describe the issue below

      Enter the following details:

      • A comma-separated list of FQDNs for your development, UAT[2], staging, and production tenant environments.

      • An ASN (Autonomous System Number) value for your private network router.

      • An MTU (Maximum Transmission Unit) value for the Interconnect connection.

      • Development environment information:

        • A CIDR block for the development environment.

        • IP addresses or domain names for testing the development environment.

      • Staging environment information:

        • A CIDR block for the staging environment.

        • An IP addresses or domain names for testing the staging environment.

      • Production environment information:

        • A CIDR block for the production environment.

        • An IP addresses or domain names for testing the production environment.

      • Your use case for this implementation.

      • Your preferred date/time for provisioning the Interconnect connection.

    6. Click Submit.

    7. Ping Identity support works with you in the support case to agree a suitable date and time window for the provisioning process.

  2. Pre-provisioning steps:

    1. Before the provisioning process, Ping Identity support provides you with pairing keys and BGP IP addresses for all tenant environments. The number of pairing keys is dependent on the level of availability you require.

    2. In the Equinix portal, use the pairing keys to create direct connections to the BGP IP addresses, using the BGP ASN of 16550.

    3. Ping Identity accepts the connections.

  3. Provisioning steps:

    1. During the provisioning process, Ping Identity support establishes BGP sessions.

    2. After provisioning is complete, the routes advertised by each party are validated and bidirectional network connectivity is tested. Ping Identity support provides nodes in each tenant environment that should respond to queries from the private network.

      The routes Ping Identity advertises with BGP are as follows:

      • The chosen CIDR block for the tenant environment.

      • 35.199.192.0/19 (Google Cloud DNS)

      Ping Identity allows all traffic from the advertised subnets via BGP. You are responsible for configuring your firewall in your private network to allow traffic from Advanced Identity Cloud.

Step 3: Send internal certificates

For services like SMTP, Ping Identity can add your internal certificate or CA into the trust store of your tenant environments. For assistance with this, learn more in Send Ping Identity a CA or TLS certificate.