Identity Cloud

Configure Secure Connect with Equinix

You must complete three steps to configure Secure Connect with Equinix:

Each step requires you to co-ordinate with ForgeRock Support using a support ticket.

Step 1: Set up Equinix Interconnect service

  1. Request Google Cloud pairing keys from ForgeRock Support:

    1. Go to ForgeRock Support, and click ForgeRock Identity Cloud.

    2. Click Identity Cloud: Config Request from the ForgeRock Identity Cloud options.

    3. In the Request Type section, provide values for the following fields:

      Field Value

      Hostname(s)

      Enter a comma-separated list of FQDNs for your development, UAT[1], staging, and production tenant environments.

      What would you like to do?

      Select Set up Equinix Interconnect service.

      Do you give permission for ForgeRock to access and make changes to your environment?

      Select Yes to allow ForgeRock Support to access your environments.

    4. Click Submit to create the support ticket.

    5. ForgeRock Support provides you with the Google Cloud pairing keys for the appropriate region and availability zone.

  2. Set up the Equinix Interconnect service in the Equinix Fabric portal:

    1. Open the Equinix instructions for setting up Google Cloud Interconnect in your browser.

    2. Follow the steps under the heading Create Connection in the Equinix Fabric Portal, using the Google Cloud pairing keys from step 1.1.

  3. Confirm to ForgeRock Support that you have set up the Equinix Interconnect service:

    1. Update the support ticket you created in step 1.1 to let ForgeRock Support know you have completed the instructions in step 1.2.

    2. ForgeRock Support activates a BGP configuration in GCP.

Step 2: Provision Equinix Interconnect connection

  • The minimum lead time for a provisioning request is one week.

  • During the provisioning process there will be approximately one hour of downtime for your environments. ForgeRock Support will work with you on timeframes in the support ticket.

  1. Send ForgeRock Support details of your Interconnect connection, including a preferred date and time window for the provisioning process:

    1. Go to ForgeRock Support, and click ForgeRock Identity Cloud.

    2. Click Identity Cloud: Config Request from the ForgeRock Identity Cloud options.

    3. In the Request Type section, provide values for the following fields:

      Field Value

      Hostname(s)

      Enter a comma-separated list of FQDNs for your development, UAT[1], staging, and production tenant environments.

      What would you like to do?

      Select Provision Equinix Interconnect connection.

      Do you give permission for ForgeRock to access and make changes to your environment?

      Select Yes to allow ForgeRock Support to access your environments.

    4. In the Provision Equinix Interconnect connection section, provide values for the following fields:

      Field Value

      ASN (Autonomous System Number) for your private network router

      Enter an ASN value.

      MTU (Maximum Transmission Unit) for the Interconnect connection

      Select an MTU value.

      Development environment information

      • Enter a CIDR block for the development environment.

      • Enter IP addresses or domain names for testing the development environment.

      Staging environment information

      • Enter a CIDR block for the staging environment.

      • Enter IP addresses or domain names for testing the staging environment.

      Production environment information

      • Enter a CIDR block for the production environment.

      • Enter IP addresses or domain names for testing the production environment.

      Further information and provisioning date/time

      • Describe your use case for this implementation.

      • Enter your preferred date/time for provisioning the Interconnect connection.

    5. Click Submit to create the support ticket.

    6. ForgeRock Support works with you in the support ticket to agree a suitable date and time window for the provisioning process.

  2. Pre-provisioning steps:

    1. Before the provisioning process, ForgeRock Support provides you with pairing keys and BGP IP addresses for all tenant environments. The number of pairing keys is dependent on the level of availability you require.

    2. In the Equinix portal, use the pairing keys to create direct connections to the BGP IP addresses, using the BGP ASN of 16550.

    3. ForgeRock accepts the connections.

  3. Provisioning steps:

    1. During the provisioning process, ForgeRock Support establishes BGP sessions.

    2. After provisioning is complete, the routes advertised by each party are validated and bidirectional network connectivity is tested. ForgeRock Support provides nodes in each tenant environment that should respond to queries from the private network.

      The routes ForgeRock will advertise with BGP are as follows:

      • The chosen CIDR block for the tenant environment.

      • 35.199.192.0/19 (Google Cloud DNS)

      ForgeRock will allow all traffic from the advertised subnets via BGP. You are responsible for configuring your firewall in your private network to allow traffic from Identity Cloud.

Step 3: Send internal certificates

For services like SMTP, ForgeRock can add your internal certificate or CA into the trust store of your tenant environments. For assistance with this, refer to Send ForgeRock a CA or TLS certificate.

Copyright © 2010-2024 ForgeRock, all rights reserved.