Forum Widgets
Intro to IAM - Users and Roles:
Users and Roles Administrators will need to assignroles to their users to perform tasks across the various Equinix Portals. If you'd prefer to watch along, here's a quick video demonstrating how to assign and remove roles from users in the IAM Portal: Navigate to the lefthand side of the screen to jump between various equinix portals in the menu. around the middle of the page under "Company Management", click on "Identity and Access Management" here we can manage users and roles Users Usersrepresent individuals allowed to log in to Equinix portals. Assign users to organizations and projects and grant them access to select assets based on predefined or custom roles. Roles Roles Roles are sets of permissions that grant the ability for users to do things like order new digital services like Equinix Fabric Ports or Network Edge Devices, Create Virtual Connections, or edit existing services. Use the Equinix Customer Portal to manage user access to product assets that haven't been onboarded to Identity and Access Management. Note:You will see a list of users who have been assigned a role in the selected project/organization. However, you can search for users that have not been assigned any role in the selected context by searching for First Name/Last Name or username of the user. (you can also search for a user in a different organization within the samerootOrg by searching for the exact username of that user.) Hopefully this discussion post and the video primer helped you get a handle on assigning and removing roles from users, and how to think about how administrators might go about creating sets of custom roles. With all of the administrative stuff out of the way, in these next posts we'll take a look at how a new user would place their first digital services order. Reference Documentation: Equinix Product Documentation Equinix Fabric Equinix Network Edge About Identity and Access Management (equinix.com)joeyditter3 months agoEquinix Employee78Views0likes0CommentsIntro to IAM - Resources
Welcome to Equinix! This discussion post is the first in a short series that I think might help you hit the ground running as you begin your digital transformation journey. Before we get too much further, let’s establish some IAM terminology that we’ll be using a lot in the sections to follow. If you'd prefer to watch along, here's a spotlight video onIAM and here's ashort primer on Resources, Projects, and Organizations Benefits and Features of IAM Our robust IAM framework simplifies access for employees and customers through single credentials and secure authentication, and provides several other benefits: Greater security - Streamlined digital identities reduce risk and exposure to threats like data breaches and phishing. Centralized control -Role-based access control (RBAC) allows for centralized management of authentication and access rules. Regulatory compliance - Enhanced visibility and control help meet regulatory requirements. Customer Resource Hierarchy (CRH)– View and manage the structure of organizations, projects and resources. Access Management (AM)– Add users and grant access to the user in a given resource. Create custom roles that suit your internal organization setup. Identity Management – Manage your access and security settings. Link your accounts and switch between them without having to re-login. Resources Resources, (also known as Assets), are the building blocks that reflect your organization. These include different types of organizations, projects, connections, and virtual devices. Customers can create organizations, projects, and manage billing account assignment to build a resource hierarchy that feels familiar and matches the setup and operations of their organization. Every node in the customer resource hierarchy is a resource which can be accessed and controlled using IAM. A digital resource such as a Fabric port or Virtual connection would be a leaf node in the resource hierarchy and would also be referred to as an asset. Organizations Organizations allow you to model your resource hierarchy so that it matches your actual organizational setup. Organizations can also serve as parent nodes for other organizations or for projects. Projects Projects enable the convenient assignment and management of assets required for your end-customer or internal project's needs. In this example, the reseller has created separate organizations and projects for their end-customers. Each project entity has been assigned a set of product specific assets required to carry out a given end-customer commitment. Default Projects A default project is created by the system whenever a new first level organization is created. Default projects belong under the first level organization and are immutable, which means this organization can’t be deleted, renamed, or moved anywhere in the resource hierarchy. Projects A project is an entity within the customers resource hierarchy, A project is used to group multiple digital assets so that they can manage access rights to users spanning multiple projects. Projects are the second to last node in the resource hierarchy and are also parent of all digital assets. In the example shown above, the Resources/Assets (shown in yellow) are nested inside the Projects (shown in orange), which then fall under two Organizations (shown in red).User Access User Access Users assigned to an organization automaticallyinherit access to organizations and projects nested under the given organization node. This applies to existing organizations and projects as well as future organizations and projects created under this organization. Changes in role assignments on a specific hierarchy level are also reflected in the underlying organizations and projects. In the example Organization above, Joe has been assigned to the "Moonshot International" organization. Through inheritance, he can access all organizations and projects nested under the Moonshot International organization. Joe has also been explicitly assigned to the Nucleus project. Here are some things to consider when an organization or project is moved under a new parent organization: Users explicitly assigned to the organization or project will still be able to access it, and organizations and projects nested under it, after it's moved to a new target organization. Users that inherited access to it from the current parent organization, will no longer be able to access the organization or project. Users that have access to the new parent organization, by being explicitly assigned to it or through inheritance, will gain access to the organization or project being moved. Hopefully this discussion post and the video primers provided helped paint a picture of how customers are structuring their Organizations using IAM and got familiar with some of the "building blocks" in the Equinix IAM Portal. Next time we'll take a look at users and roles! Reference Documentation: Equinix Product Documentation Equinix Fabric Equinix Network Edge About Identity and Access Management (equinix.com)joeyditter3 months agoEquinix Employee62Views0likes0CommentsOrdering your First Fabric Port
In my first two discussion posts (which can be foundhere andhere) we painted a picture of how an Administrator might structure their organization operationally and explainedUsers, Resources,Projects,Organizations, and all of the other nuts and bolts that make up our IAM System. We then went on to showcase deploying a Network Edge Device in the Equinix Fabric Portal, and talked about all the things a user ought to consider while preparing for their first deployment. Here's a quick rundown of everything you'll need to know and/or have from an operational standpoint to start ordering Fabric Ports Checklist Before ordering your first Fabric Port, here are a few things to complete, consider, and have handy: Customer Supplied Details - Everything that you as the customer will determine, such as the port speed, interface type, TPID, etc... as well as details like Patch Panel and Cage information where the Fabric Port services will be connected to and "delivered". In the case of a Remote Port this would also include the provider supplied LOA. Here you can find a list of metros and what speeds they support. User Account – A user account with the appropriate roles to order said Fabric Port, in this case "Fabric Port Manager". High Availability - Fabric comes in a variety of flavors, including Primary and Secondary Ports. If high availability and resiliency are important to you, consider deploying a redundant pair for maximum resiliency. Here I've included a short video demonstrating how to add the "Fabric Port Manager" role: Ready to Order? If you feel prepared to place your first Fabric Port order and you'd like to watch along, here's a video in which I've gone through ordering Fabric Port and two more in which I've discussed ordering Remote Ports. Hopefully this discussion post and the included video primers were able to help you get your organization's first Fabric Port order submitted! As always please feel free to leave any comments or questions down below! Reference Documentation: Equinix Product Documentation Equinix Fabric Equinix Network Edge About Identity and Access Management (equinix.com)joeyditter2 months agoEquinix Employee36Views0likes0CommentsOrdering your First Network Edge Device
In the previous two discussion posts (which can be foundhere andhere) we painted a picture of how an Administrator might structure their organization operationally and explainedUsers, Resources,Projects,Organizations, and all of the other nuts and bolts that make up our IAM System. Here's a quick rundown of everything you'll need to know and/or have from an operational standpoint to empower your users to go forth start deployingNetwork Edge Devices Checklist Before ordering your first Network Edge Device, here are some things to complete/have handy Vendor Specific License - This can also be applied post-deployment, but throughput on devices will be limited until then. Some of these will be "Bring your Own License" or "BYOL", while others are offered with a subscription model at the time of deployment (vendor specific). Take a look here for more info about Network Edge Licenses. Resource Info - Take a look and explore performance options and see what the best fit is for you. Software Version - The version your new device will deploy with "out of the box", this can be updated manually as well by the customer post deployment. Software versions available for specific vendors can be found here. User Account – A useraccount with the appropriate roles to order said Network Edge device, in this case "Network Edge Device Manager". Billing Account – A billing account to complete the order with, either specific to the country the device is being deployed in or a global billing account. SSH Key Pair – An SSH Key Pair that will be uploaded/applied to the device, allowing you to securely connect with and configure the device via CLI. High Availability - Network Edge offers two options for High Availability, click here to learn more about the differences between how we treat active/active and active/standby deployments and how they behave and perform. Here I've included a short video demonstrating how to add the "Network Edge Device Manager" role: Ready to Order? If you feel prepared to place your first Network Edge Device order and you'd like to watch along, here's a video in which I've gone through ordering a Cisco 8000V, and even included the SSH Key Pair creation process with PuttyGen, followed by accessing the device via the public interface: Hopefully this discussion post and the included video primers were able to help you get your organization's first Network Edge Device order submitted and provisioned! As always please feel free to leave any comments or questions down below! Reference Documentation: Equinix Product Documentation Equinix Fabric Equinix Network Edge About Identity and Access Management (equinix.com)joeyditter2 months agoEquinix Employee36Views0likes0Comments
Popular Tags
- IAM2 Topics
- ECP2 Topics
- onboarding2 Topics