Access Management Experience Video
Equinix is enabling an Identity and Access Management (IAM) experience to give you a better understanding of your resource hierarchy, allowing you to manage your resources (virtual devices and connections) with organizationally defined boundaries. IAM also allows you to define and control who and what roles can access your digital resources. It also optimizes resources and billing account mapping. This topic discusses IAM for Network Edge services in detail.
The IAM experience includes Customer Resource Hierarchy (CRH), Access Management (AM), user roles, and project-based grouping in the Identity and Access Management portal. For more information, see the Identity and Access Management documentation.
IAM Experience
IAM includes:
-
Hierarchical structures and boundaries – Organize resources under organization and projects.
-
Projects – Assign and manage assets required for your end-customer or internal project needs.
-
Billing – Flexible association of your billing account at the organization or project level.
-
Access Control – Well-defined role-to-user mapping for accurate and efficient resource access control.
With the IAM experience:
-
Users select the project to create and manage all resources. Resources can be moved to another project by a privileged user if they aren’t created under the intended project.
-
Virtual devices are mapped to a single project at a time. User won’t be able to see devices in other projects.
-
All Network Edge virtual devices and services (VNFs, Device Link Groups, Access Control Templates, SSH Keys, Solution Builder Designs, and BYOC) are considered resources.
For more information, see the Identity and Access Management documentation.
Migration from Existing User and Resource Management to IAM
Equinix will be migrating all customers to IAM with a phased approach. When your account is ready for migration, your administrator will be contacted to schedule the migration.
The migrated assets are placed under a customer organization. Customers can then create additional projects to move and organize resources.
Fabric Portal User Experience with IAM
New Equinix customers or migrated customers will be able to use the IAM framework. After creating a primary administrator as the first user in the organization, follow the existing user onboarding experience as described in New User Registration for Network Edge and Manage Network Edge User Account and Permissions.
Billing Account Creation
When creating a billing account in IAM, select an organization and a project then associate it with billing account you created. You need to be in the Finance Admin role to create a new Billing Account. The Primary Admin, Org Admin, Project Admin, Finance Admin, and Finance Viewer can view the billing account.
To map the billing account to your project:
-
Sign in to the Equinix Fabric portal.
-
From the Administration menu, select Account Management.
-
In the Account Information section, select Equinix Network Edge Virtual Device if this billing account is for a Network Edge product.
-
In the Select a Project section, select a project that needs to be associated to this billing account.
-
In the Select a Country section, select the appropriate country for this billing account.
-
Complete the process following the instructions found in Billing Account Management.
To learn more about assigning, associating, and unassociating a billing account to a specific project, see Billing Accounts in the Identity & Access Management documentation.
User Permissions and Roles
Network Edge user permissions are managed in the Identity and Access Management portal. As soon as a new user is registered and activated in the Fabric portal, the administratorscan manage user permissions to view, create, delete and edit Network Edge virtual device and services.
For information about basic operations for roles, see Roles. There are three types of Network Edge-related roles by default:
-
Network Edge Viewer
-
Device Manager
-
Connections Manager
For a list of the permissions for each role, see Roles and Permissions Reference.
| Role | Permissions |
|---|---|
| Network Edge Viewer |
View:
|
| Network Edge Device Manager |
View:
Create:
Delete:
Modify:
|
| Network Edge Connections Manager |
View:
Create:
Delete:
Modify:
|
Create a Virtual Device (VNF)
When creating VNFs, use the Context Switcher at the top of the Fabric portal page to make sure you are creating the device in the intended project. Once your intended project is selected, click your virtual device vendor and device type in the Network Edge marketplace.
View Virtual Devices in the Inventory
Virtual Device Inventory now includes project information. Use the Project filter to sort project-specific virtual devices. Virtual Device Inventory also includes a Project column to help you quickly identify the specific project for your device.
Move Virtual Devices to a New Project
In order to move a device from one project to another, you must be in one of the following roles:
-
Primary Admin
-
Project Admin
To move your virtual device:
-
Sign in to the Identity and Access Management portal.
-
Select Resources and locate your virtual device.
-
Click the icon next to your device and select Move Resource.
-
In the Select a Project drop-down menu, select a destination project.
-
Click Done.
Verify Virtual Device Project Assignment
The Dashboard summarizes your current project, associated billing account, and resources under the project. From this Dashboard, you can create a virtual device, view device detail, or change the project name. Find your specific virtual device resource and click Resource Details to view the Virtual Device Details. You can find your project ID and project name in the Account Details section.
Access Management (Access Control List Management)
To manage the Access Control List (ACL) created under a specific project, select Access Management in the Network Edge menu, and then select your intended project in the Context Switcher. You can create, view, edit, or delete the ACL template under the specific project name.
Solution Builder
Solution Builder designs are managed under IAM. Users can create, edit, delete and view solution designs. Select a project in Context Switcher at the top of the Fabric portal page. Your solution design will stay in the project where it is created and cannot be shared or moved to other projects.
To create a Solution Design under a specific project:
-
Sign in to the Equinix Fabric portal.
-
From the Build Solutions menu, select Solution Builder.
-
Select your intended project name using the Context Switcher.
-
Click Create New Diagram to start designing your solution.
When you click Pricing Summary, the selected Project Name is listed along with Solution Name. In the downloaded Pricing Summary, you will find the same information.
Note: Solution Design will not be listed on the IAM Dashboard.
Bring Your Own Connection (BYOC)
The creation of BYOC and Remote Fabric Port for BYOC is also managed under the IAM function. The project information for the BYOC port will be comes from the project in which Virtual Device resides.
Device Creation via API
IAM for Network Edge is also supported when a virtual device is created via API. In this case, a project ID needs to be associated with the device. When other Network Edge services are also created via API without a project ID, those service components are assigned to project ID associated with the project in which the Virtual Device resides.
Related Topics