Network Edge Resource Permissions
This topic describes the key permission use cases you need to keep in mind when operating a Network Edge device.
Operating Virtual Devices Across Projects
Any Network Edge virtual device needs to be created in a project. The user needs to have permissions for a given project to view and modify the virtual device. The following describes rules for operating virtual devices across multiple projects.
Billing Account Association
All Billing Accounts are associated with the top level organization. Currently the project-to-billing-account association is not supported.
Create a Virtual Device (VNF)
When creating VNFs, use the Context Switcher at the top of the Customer portal page to make sure you are creating the device in the intended project. You will need to be in Network Edge Device Manager role to create VNFs. Currently, the movement of the virtual device from one project to another project is not supported. Once your intended project is selected, click your virtual device vendor and device type in the Network Edge marketplace.
View Virtual Devices in the Device Inventory
Use the Context Switcher to view your virtual device inventory in a specific project. Virtual Device Inventory includes project information such as Project name and Project ID.
Device Link Group (DLG)
- DLGs can be created by users with the Network Edge Device and Connection Manager role for the projects. Users can select the devices from different projects. The DLG will be visible as a resource in Resource Manager.
- DLGs can be viewed by users with the device viewer permission included as part of the Network Edge Device Manager, Connection Manager, and Viewer role).
- DLGs can be modified by users with the Network Edge Manager role.
- DLGs can be deleted by users with the Network Edge Manager role.
Access Management (Access Control List Management)
To manage the Access Control List (ACL) created under a specific project, select Access Management in the Network Edge menu, and then select your intended project in the Context Switcher. You can create, view, edit, or delete the ACL template under the specific project name.
Connecting Fabric Virtual Connections and Fabric Port
Your Network Edge virtual devices and Fabric ports need to be in the same project in order to connect them with virtual connections. It is best practice to create a Network Edge device in the same project as your Fabric port, as currently the movement of the virtual device from one project to another is not supported.
BYOC (Bring Your Own Connection)
The creation of BYOC and remote Fabric ports for BYOC is managed under the IAM function. The project information for the BYOC port comes from the project in which Virtual Device resides.
Solution Builder
Solution Builder designs are managed under IAM. Users can create, edit, delete and view solution designs. Select a project in Context Switcher at the top of the Customer portal page. Your solution design will stay in the project where it is created and cannot be shared or moved to other projects.
To create a Solution Design under a specific project:
- Sign in to [Equinix Customer Portal: Fabric Dashboard](https://portal.equinix.com/fabric/dashboard.
- From the Build Solutions menu, select Solution Builder.
- Select your intended project name using the Context Switcher.
- Click Create New Diagram to start designing your solution.
When you click Pricing Summary, the selected Project Name is listed along with Solution Name. In the downloaded Pricing Summary, you will find the same information.
Device Creation using APIs
IAM for Network Edge is also supported when a virtual device is created via API. In this case, a project ID needs to be associated with the device. When other Network Edge services are also created via API without a project ID, those service components are assigned to project ID associated with the project in which the Virtual Device resides.