programmable network portal user manual

TELSTRA LIMITED | PRINTED DECEMBER 2017

FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL PAGE 1/96

`

TELSTRA PROGRAMMABLE NETWORK PORTAL USER MANUAL VERSION: November 2018



LEGAL STATEMENT © Telstra Corporation Limited 2018

Copyright, trademark and other intellectual property rights in this document are owned or licensed by Telstra Corporation Limited or its affiliates (Telstra) and protected by law. Information contained in this document is subject to change without notice and does not represent a commitment on the part of Telstra. As this document contains confidential information of Telstra, except as allowed by law or in accordance with your confidentiality agreement with Telstra (if any), it must not be disclosed in whole or part to any third party without Telstra’s consent. No part of this publication may be reproduced in whole or in part, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopied, recorded or otherwise, without the written permission of Telstra. Although Telstra has been careful to ensure that information contained in this document is accurate, it is not guaranteed to be error free. If you have any questions about the information (including its accuracy and completeness), please call your Telstra representative.



Contents 1. Support .................................................................................................................................................................. 5

2. Introduction ............................................................................................................................................................ 6

2.1. Audience ....................................................................................................................................................... 6

2.2. Purpose and Scope ...................................................................................................................................... 6

2.3. Terms & Abbreviations ................................................................................................................................. 6

3. System Requirements ........................................................................................................................................... 6

4. Portal Access ......................................................................................................................................................... 6

4.1. Registration ................................................................................................................................................... 6

4.2. Logging into Portal ........................................................................................................................................ 6

4.2.1. Two-Factor Authentication Login .......................................................................................................... 7

4.2.2. Alternative Login Screen ....................................................................................................................... 8

4.2.3. Forgot Password ................................................................................................................................... 8

4.3. Portal Navigation........................................................................................................................................... 9

4.3.1. Left Side Menu ...................................................................................................................................... 9

4.3.2. Top Menu ............................................................................................................................................ 10

4.4. Getting Started Tips .................................................................................................................................... 12

4.4.1. User Assistant ..................................................................................................................................... 12

5. Dashboard ........................................................................................................................................................... 13

5.1. Flow traffic ................................................................................................................................................... 14

6. PoP Ports............................................................................................................................................................. 14

6.1. Add PoP Port .............................................................................................................................................. 14

7. Global Exchange ................................................................................................................................................. 14

7.1. Accessing Global Exchange ....................................................................................................................... 14

7.2. Add a Telstra Next IP connection ............................................................................................................... 15

7.3. Add a Telstra GWAN connection ................................................................................................................ 16

7.4. Add an AWS connection ............................................................................................................................. 17

7.5. Add a Microsoft Azure connection .............................................................................................................. 17

7.6. Add Other Exchange Partner connection ................................................................................................... 18

8. Marketplace ......................................................................................................................................................... 23

8.1. Add VNF to ‘My Images’ library .................................................................................................................. 23

8.2. Delete a VNF from ‘My Images’ library ....................................................................................................... 26

9. Network Topology ................................................................................................................................................ 26

9.1. Create a New Topology .............................................................................................................................. 26

9.2. Recall an Existing Topology ....................................................................................................................... 27

9.3. Add Item to Network Topology ................................................................................................................... 28

9.3.1. Add a PoP Port to the Canvas ............................................................................................................ 29

9.3.2. Add a Next IP connection to the Canvas ............................................................................................ 29

9.3.3. Add a GWAN connection to the Canvas............................................................................................. 30

9.3.4. Add Internet Access to the Canvas .................................................................................................... 31

9.3.5. Add AWS to the Canvas ..................................................................................................................... 32

9.3.6. Add a VNF to the Canvas ................................................................................................................... 32

10. Layer 2 Flow Service ........................................................................................................................................... 34

10.1. Flow Creation .............................................................................................................................................. 34

10.1.1. Flow Creation between PoP Port and PoP Port ................................................................................. 34



10.1.2. Flow Creation between PoP Port and VNF ........................................................................................ 37

10.1.3. Flow Creation between PoP Port and Internet ................................................................................... 39

10.1.4. Flow Creation between PoP Port and Next IP or Global IPVPN ........................................................ 41

10.1.5. Flow Creation between PoP Port and Exchange Partner ................................................................... 43

10.2. Edit Contract ............................................................................................................................................... 45

10.3. Contract Creation ........................................................................................................................................ 46

11. Gateway Protection ............................................................................................................................................. 47

11.1. Add Gateway Protection to Images Library ................................................................................................ 47

11.1.1. Add Gateway Protection to a Network Topology ................................................................................ 49

11.1.2. Configure Gateway Protection Service ............................................................................................... 50

11.1.3. Connect and Configure Next IP/IPVPN Service ................................................................................. 50

11.1.4. Configure Palo Alto Virtual Firewall .................................................................................................... 51

11.1.5. Create and configure a flow between Next IP/IPVPN Service and Palo Alto Virtual Firewall ............ 51

11.2. Gateway Protection Dashboard .................................................................................................................. 53

11.3. Configure Gateway Protection Firewall Policies ......................................................................................... 54

11.3.1. Summary ............................................................................................................................................. 55

11.3.2. Network Interfaces .............................................................................................................................. 57

11.3.3. Firewall Rules ..................................................................................................................................... 59

11.3.4. NAT Rules ........................................................................................................................................... 60

11.3.5. Static Routes ....................................................................................................................................... 63

11.3.6. DNS Sinkholing ................................................................................................................................... 66

11.3.7. Address Objects .................................................................................................................................. 67

11.3.8. Service Objects ................................................................................................................................... 69

11.3.9. BFD Profile .......................................................................................................................................... 71

11.3.10. BGP Auth Profile ................................................................................................................................. 72

11.3.11. VNF BGP Configuration ...................................................................................................................... 74

11.3.12. Backup ................................................................................................................................................ 75

11.3.13. Debug Tools ........................................................................................................................................ 77

12. Settings ................................................................................................................................................................ 78

12.1. Exchange Settings ...................................................................................................................................... 78

12.2. General Settings ......................................................................................................................................... 78

12.2.1. General ............................................................................................................................................... 78

12.2.2. Identity Provider .................................................................................................................................. 79

12.2.3. Users ................................................................................................................................................... 80

12.2.4. Profiles ................................................................................................................................................ 81

12.2.5. Tariff .................................................................................................................................................... 82

12.2.6. Templates ........................................................................................................................................... 82

13. Notifications ......................................................................................................................................................... 82

14. Manage Customers ............................................................................................................................................. 83

14.1. Graphical View ............................................................................................................................................ 83

14.2. Tabular View ............................................................................................................................................... 83

15. Additional Resources ........................................................................................................................................... 84

15.1. Further Reading .......................................................................................................................................... 84

15.2. Terms & Abbreviations ............................................................................................................................... 84

15.3. PoP Codes and Locations .......................................................................................................................... 85

15.4. Profiles and Permissions ............................................................................................................................ 87



1. SUPPORT Telstra is committed to delivering the highest levels of service and support to our customers. In the unlikely event you do experience an interruption to your service; we will investigate while remaining in contact with you at regular intervals to provide status updates. We will work towards an efficient and complete resolution. If you need to contact Telstra in relation to a Support query, please use the contact details shown below. Email Support (Preferred) If you have any issue using our service, or want to raise a support ticket, you can contact the following inbox: Support: [email protected] Phone Support If your issue is more pressing, you can call the relevant contact number for your region:

Australia: +61-385-941-952

United States of America: +1-585-445-3673

Singapore: +65-315-73803

United Kingdom: +44-289-692-3445

Hong Kong: +852-301-86672

Japan: +81-3452-09650

mailto:[email protected]



2. INTRODUCTION This user manual provides detailed information about different functionalities which the user can perform within the Telstra Programmable Network Portal.

2.1. Audience The document is intended for internal and external users.

2.2. Purpose and Scope The purpose of this document is to cover all the important features of the Telstra Programmable Network Portal.

2.3. Terms & Abbreviations Refer to Section 15.2 for a list of Terms and Abbreviations used throughout this document.

3. SYSTEM REQUIREMENTS The following are the minimum recommended system requirements:

● Operating System and Browser Support:

Browser OS Supported Version

Chrome Window 7 or above 52.0 or above

Firefox Window 7 or above 45.3.0 or above

Internet Explorer Window 7 or above 11 or above

Safari MAC OS Yosemite 10.1.1 or above

Table 1 – Supported Operating Systems and Browsers

● Screen Resolution: 1366 x 768 or greater Note: If your PC is connected with multiple display screens, there are occasions where moving the browser across screens may cause some of the portal elements to fall out of range of display. In such occasion, you can adjust the browser display zoom factor to bring the out-of-range elements back.

4. PORTAL ACCESS

4.1. Registration

Before you will be able to log into the Telstra Programmable Network Portal and access Telstra Programmable Network Platform and Services, you need to register. An existing Telstra Next IP or Global IPVPN customer can simply registration online by navigating to the Telstra Programmable Network section at either:

http://www.telstra.com.au http://www.telstraglobal.com

If you are a new customer, please contact your local Telstra Account Representative for assistance in the registration and on-boarding process.

4.2. Logging into Portal

Once you receive your Telstra Programmable Network credentials, login using the secure URL:

http://www.telstra.com.au/

http://www.telstraglobal.com/



https://www.pn.telstra.com/loginmt.html

HINT: Bookmark this URL in your browser for fast access to the Telstra Programmable Network Portal in future.

Picture 1 – Telstra Programmable Network Login Screen

4.2.1. Two-Factor Authentication Login

If Two-Factor Authentication has been enabled for your TPN tenancy then after completing the above login screen (Picture 1) there will be an additional screen requiring a second level of user authentication, via the “Google Authenticator” Application. If the user has not previously successfully logged into their TPN account using Two-Factory Authentication then they will be presented with the screen shown in Picture 2 – Two-Factor Authentication PIN Setup Screen.

Picture 2 – Two-Factor Authentication PIN Setup Screen

Use mobile “Google Authenticator” Application to read the QR code. This will adds a new entry into list of supported accounts titled “PN(username)”. Users who have setup their “Google Authenticator” Application will automatically be presented with the screen shown in Picture 3 – Two-Factor Authentication PIN Login Screen.

https://www.pn.telstra.com/loginmt.html



Picture 3 – Two-Factor Authentication PIN Login Screen

The current 6 digit PIN from the “Google Authenticator” Application should be populated into the verification field. NOTE: The method for setting up Two-factor Authentication for a TPN tenancy is described in Section 12.2.2 - Identity Provider.

4.2.2. Alternative Login Screen

The portal will automatically log a user out after a period of time, as a result you may be presented with the following slightly different log in screen.

Picture 4 – Telstra Programmable Network alternative Login Screen

If you are presented with the login screen shown in Picture 4 – Telstra Programmable Network alternative Login Screen then complete as follows:

1. In the Username field is a concatenation of your 12-digit domainid and username with a ‘/’ separator: a. That is ‘domainid’/’username’

2. In the Password field enter your password. NOTE: This concatenated ‘username’ format is also used when requesting API access tokens.

4.2.3. Forgot Password

Should you forget your password and need to reset it then referring to the login screen in Picture 1 – Telstra Programmable Network Login Screen, click on “Forgot Password” to be taken to the reset password screen, shown in Picture 5 – Telstra Programmable Network Forgot Password Screen.



Picture 5 – Telstra Programmable Network Forgot Password Screen

To reset your password please provide the following details:

1. “Email ID”: The email address provided with your original account creation request. 2. “Domain ID”: Your 12-digit domainid.

4.3. Portal Navigation

Once logged into the Portal you will be presented with the Dashboard View, as shown in Picture 6 below.

Picture 6 – Dashboard Home Screen

4.3.1. Left Side Menu

Clicking the hamburger menu icon ( ) at the top of the ‘Left Side Menu’ will expand the menu to present the

options described in Table 2 below.

Description

Dashboard: (Refer to Section 5) Graphical representation of your current service topologies. Your current topologies are available from a drop down selection list.

Left Side Menu Top Menu

Sub-Menu



Network: (Refer to Section 9) Provides the canvas for working on your topologies. You can create new topologies and edit existing ones. This is the area where all your service topology creating, modifying and deleting will take place. Sub-Menu: Existing Topologies: Scroll through the list of your currently defined topologies Sub-menu: Create New Topology: This is the starting point for creating a new topology.

Global Exchange: (Refer to Section 7) Provides a directory of current Global Exchange partners, as well as any existing Global Exchange partner connections you may already have in place.

Marketplace: (Refer to Section 8) A central repository of available virtual capabilities. Sub-menu: Marketplace Directory (Default View): A directory of vendors who offer virtual network functions. Sub-menu: My Images: Displays a list of all images you have selected to use. NOTE: Only VNFs that you have added to ‘My Images’ will be available within Network Topologies - Functions ‘Marketplace’ list.

Settings: (Refer to Section 12) Sub-menu: Exchange Settings (Default View): Global Exchange allows you to connect to other providers. To become a Global Exchange provider, complete the Exchange Set Up settings to be listed in the directory. Sub-menu: General Settings: Displays your company details, users, billing and tariff preferences for your company

Notifications: (Refer to Section 13) Displays all Telstra Programmable Network notifications that you have received, including System messages, Global Exchange connection requests, etc.

Manage Customers: (Refer to Section 14) Tabular and graphical views of your current company registered admin representative.

Table 2 – Telstra Programmable Network Portal Navigation – Left Side Menu components

4.3.2. Top Menu



Picture 7 – Telstra Programmable Network Portal Navigation – Top Menu

Menu component Description

User Assistant: This step-by-step wizard will guide you through the steps required to create, configure and even remove a range of TPN capabilities.

Transaction: Provides a chronological list of all transactions that have been actioned on topologies within the tenancy.

Notifications: Display all Telstra Programmable Network notifications that you have received, including System messages, Global Exchange connection requests, etc.

User Settings: Customise your account preferences.

Language and Timezone o Select Language o Timezone

System Settings o Pagination o Receive Notifications o 2 Factor Authentication

Change Password: Change your account password NOTE: Password must contain at least 8 characters, 1 upper case, 1 lower case and 1 special character.

Help: Drop down list of useful documentation and instructions on how to use Telstra Programmable Network, the Portal and its additional functions.



Support: Find out how to contact our support team. Direct link to: https://www.pn.telstra.com/support.html

Logout: Logs the user out of the Telstra Programmable Network portal.

Table 3 – Telstra Programmable Network Portal Navigation – Top Menu components

4.4. Getting Started Tips

To build a service within the Telstra Programmable Network environment the following steps are recommended:

● Create your library of components: o PoP Ports (refer to §6 – ‘PoP Ports’) o Connectivity – Global Exchange (refer to §7 – ‘Global Exchange’) o Network Functions – Marketplace (refer to §8 – ‘Marketplace’)

● Create a Network Topology canvas (refer to §9.1 – ‘Create a New Topology’ and §9.2 – ‘Recall an Existing Topology’)

● Place your different components into the canvas (refer to §9.3 - ‘Add Item to Network Topology’) ● Create your end-to-end service by connecting your component together (refer to §10.1 – ‘Flow Creation’)

If you are not sure how to accomplish a certain outcome, you can use the “User Assistant” feature.

4.4.1. User Assistant

This step-by-step guided tour will guide you through the steps required to create, configure and even remove a range

of TPN capabilities from your tenancy and topologies. To start, click on the User Assistant icon ( ) from the Top menu. The following screen will be displayed.

The “User Assistant” screen presents a search bar, and a list of options for selection. You can type inside the search bar under “What would you like to do?” or select from the list to start a User Assistant guided tour. A guided tour will guide you step by step on the portal to accomplish the outcome you have selected, for example “I want to add/configure/deploy Internet in Topology”. In each step, the immediate needed action is highlighted, and the rest of the portal is greyed out. At any step, you can click on “EXIT” to exit the guided tour.



5. DASHBOARD

The Dashboard is Telstra Programmable Network Portal’s landing page, when a user first log into the Telstra Programmable Network portal it is this page that is presented, as shown in Picture 8 – Dashboard Landing Page. The most recently edited topology will always be presented, along with up to 2 flows and their current traffic flow metrics (if configured).

Picture 8 – Dashboard Landing Page



5.1. Flow traffic

A user can configure up to 2 traffic flows to monitor bandwidth (in Mbps), or traffic volume (in Packets).

6. POP PORTS

The Telstra Programmable Network offers many Point of Presence (PoP) locations globally where you can interconnect your network into the Telstra Programmable Network Platform. This section covers the following use case:

● Add PoP Port

6.1. Add PoP Port

This section describes how to connect a Point of Presence (PoP) Port into your Telstra Programmable Network Platform.

1. You can request physical interconnection Ports into the Telstra Programmable Network Platform via the Telstra Programmable Network Application Form, Appendix 1: Port Request, which can be obtained from your Account Executive.

2. The Appendix 1: Port Request form allows you to nominate a number of Ports. 3. For each Port, the following details need to be provided:

a. Telstra Programmable Network Point of Presence, i.e. site of Port b. Port Type, i.e. physical interface required for your cross-connect or connecting network

infrastructure

7. GLOBAL EXCHANGE

The Global Exchange displays a directory of exchange services that you can create a connection to. By adding the selected services to your ‘Global Exchange’ library you will be able to select their service when we go to create our network topology in section 7 Within this section we are covering the following use cases:

● Add Telstra Next IP connection ● Add Telstra GWAN connection ● Add AWS connection ● Add Microsoft Azure connection ● Add Other Exchange Partner connection

7.1. Accessing Global Exchange

1. The user clicks the ‘Global Exchange’ icon ( ) on the left side menu.

2. The user is redirected to the ‘Global Exchange’ home screen. In the ‘Global Exchange’ home screen all the Global Exchange partners are listed in a grid view where an expandable row for each partner is displayed as shown in Picture 9 - ‘Global Exchange Home Screen’.



Picture 9 – Global Exchange Home Screen

3. Details of each Global Exchange partner offering can be obtained by clicking the company’s logo or Name

as shown in Picture 10.

Picture 10 – Global Exchange partner service details drop down

4. To request a new connection to a ‘Global Exchange’ partner select the New Connection Request icon (

).

5. To track the progress of a new service request, select the Information icon ( ).

NOTE: The following sections demonstrate how new Global Exchange services can be requested.

7.2. Add a Telstra Next IP connection

This section describes how to connect a Next IP IPVPN service into Telstra Programmable Network. NOTE: A Next IP connection is only available for Australian based customers.

6. After completing Steps 1 to 4 in Section 7.1 above.

7. Click on the New Connection Request icon ( ) for the row called ‘Telstra – Next IP’. The row expands

and a slide down section ‘Request Connection to – Telstra Next IP’ appears as shown in Picture 11 - ‘Add New Next IP Connection slidedown section’.



Picture 11 – Add New Telstra Next IP Connection slidedown section

8. The user provides required values for all the fields:

o Telstra Next IP FNN o Name of Contact Requesting o Email of Contact Requesting

9. Click on the ‘Send Request’ button. 10. By clicking ‘Send Request’, the request is sent to Telstra for processing.

11. To track the progress of your request, select the ‘Information’ icon ( ), the current status of your request

will be as shown in Picture 12 – ‘Request Status Information’ below. 12.

Picture 12 – Request Status Information

13. Once the request has been processed, the Status will update to ‘Approved’ and a new entry will be made

available within the ‘Function – Global Exchange’ drop down list – refer to section 9.3.2 – ‘Add a Next IP connection to the Canvas’.

7.3. Add a Telstra GWAN connection

This section describes how to connect a Global WAN (GWAN) service into Telstra Programmable Network. NOTE: Global WAN is available for all Telstra customers outside of Australia who already have a GWAN service on the same SFDC account as their Telstra Programmable Network service. Please speak with your Account Representative if you have any questions.


2. Click on the New Connection Request icon ( ) for the row titled ‘Telstra – IPVPN Connection’. The row

expands and a slidedown section ‘Request Connection to – Telstra GWAN’ appears as shown in Picture 13 - ‘Add New GWAN Connection slidedown section’.



Picture 13 – Add New Telstra GWAN Connection slidedown section

3. The user provides required values for all the fields:

o Master Service ID o Name of Contact Requesting o Email of Contact requesting

4. Click on the ‘Send Request’ button. 5. By clicking ‘Send Request’, the request is sent to Telstra for processing.

7.4. Add an AWS connection


2. Click on the New Connection Request icon ( ) for the row titled ‘Amazon’. The row expands and a

slidedown section “Add New Connection – Amazon” appears as shown in Picture 14 - ‘Add New Connection slidedown section’.

Picture 14 – Add New Connection slidedown section

3. The user provides required values for all the fields and click on the ‘Send Request’ button. 4. By clicking ‘Send Request’, the request is sent to the ‘AWS’ (Amazon) partner.

7.5. Add a Microsoft Azure connection NOTE: This process has some manual steps, expect communications from Telstra throughout the process.

1. The user logs into their Microsoft Azure account 2. Select Equinix as an interconnect partner (NOTE: Telstra will also be in the list but be sure to select

Equinix) 3. Take note of the Azure provided service key, and provide that to Telstra. Telstra will then request ECX

virtual ports on your behalf. ECX will assign requested ports. 4. Complete steps 1 to 4 in Section 7.1 above.

5. Click on the New Connection icon ( ) for the row titled ‘ECX. The row expands and a slidedown section

“Add New Connection – Other” appears as shown in Picture 15 - ‘Add New Connection slidedown section’.



Picture 15 – Add New Connection slidedown section

6. The user provides required values (ensure the VLAN and bandwidth values provided to Equinix match

those provided here) for all the fields and click on the ‘Send Request’ button. 7. By clicking ‘Send Request’, the request is sent to Telstra for processing.

NOTE: This process has some manual steps, expect communications from Telstra throughout the process.

7.6. Add Other Exchange Partner connection

1. Complete Steps 1 to 4 in Section 7.1 above. 2. The user i.e. ‘Consumer’ clicks any Global Exchange partners New Connection Request icon (other than

those already discussed above). The row expands and a slide-down section “Add New Connection – Other” appears as shown in Picture 16 - ‘Add New Connection slide-down section’.

Picture 16 – Add New Connection slide-down section

3. The user provides the required values for all the fields and click on the ‘Send Request’ button. 4. By clicking ‘Send Request’, the request is sent to the respective Global Exchange partner i.e. ‘provider’. 5. Once the request is sent, it is received at respective Global Exchange partners i.e. provider’s Message

Centre Screen in ‘Request Initiated’ status and same request is visible in ‘Consumer’ Message Centre Screen in ‘Pending’ status as shown in Picture 17 - ‘Respective Global Exchange partners (providers) Message Centre Screen’.



Picture 17 – Respective Global Exchange partners (providers) Message Center Screen

6. When the provider clicks the request listed in its Message Centre grid a ‘Request Initiated’ slide-down

section appears between the rows containing the request details along with ‘Accept, Cancel and Modify’ buttons as shown in Picture 18 - ’Provider’s Request initiated slide-down section’.

Picture 18 – Provider’s Request initiated slide-down section

7. If the provider clicks the ‘Accept’ button, an ‘Accept Exchange Request’ pop-up opens along with ‘Cancel’

and ‘Accept’ buttons as shown in Picture 19 - ‘Accept Exchange Request pop-up’.

Picture 19 – Accept Exchange Request pop-up



8. To accept the request, the Provider clicks the ‘Accept’ button. 9. By clicking ‘Accept’, the request status is updated from ‘Request Initiated’ to ‘Approved’ and the ‘Request

Initiated’ slide-down section is updated to ‘Approved’ along with the disabled ‘Approved’ button as shown in Picture 20 - ‘Provider’s Approved slide-down section’. The ‘Consumer’s’ Message Centre screen will now also show the new approval status.

Picture 20 – Provider’s approved slide-down section

10. If the Provider clicks the ‘Cancel’ button, a ‘Confirmation’ pop-up opens along with ‘Cancel’ and ‘OK’ buttons as shown in Picture 21 - ‘Confirmation pop-up’.

Picture 21 – Confirmation pop-up

11. To cancel the request, the Provider clicks the ‘Cancel’ button. 12. By clicking ‘Cancel’, the request status is updated from ‘Request Initiated’ to ‘Closed’ and the ‘Request

Initiated’ slide-down section is changed to ‘Closed’ along with the disabled ‘Closed’ button as shown in Picture 22 - ‘Provider’s Closed slide-down section’. The ‘Consumer’s’ Message Centre screen will now also show the new approval status.



Picture 22 – Provider’s Closed slide-down section

13. If the Provider clicks the ‘Modify’ button, the ‘Modify Connection Request’ pop-up opens along with ‘Cancel’ and ‘Send Request’ buttons as shown in Picture 23 - ‘Modify Connection Request pop-up’.

Picture 23 – Modify Connection Request pop-up

14. The ‘Provider’ updates the fields as required and clicks the ‘Send Request’ button. 15. By clicking ‘Send Request’, the request status is updated from ‘Request Initiated’ to ‘Request Modified’

and the ‘Request Modified’ slide-down section is updated to ‘Request Modified’ along with disabled ‘Pending’ button as shown in Picture 24 - ‘Provider’s Request Modified slide-down section’.



Picture 24 – Provider’s Request Modified slide-down section

16. In ‘Modify’ request case on ‘Consumer’s’ Message Centre screen the request status is updated from

‘Request Initiated’ to ‘Request Modified’ and the ‘Request Initiated’ slide-down sections is updated to ‘Request Modified’ slide-down section along with ‘Accept, Cancel, Modify’ buttons.

17. If the ‘Consumer’ accepts the modified request by clicking ‘Accept’, the request status remains as ‘Request Modified’ and the ‘Request Modified’ slide-down section is updated to ‘Request Modified’ along with the disabled ‘Pending’ button as shown in Picture 25 - ‘Consumer’s Request Accepted slide-down section’.

Picture 25 – Consumer’s Request Accepted slide-down section

18. In the Provider Message centre screen, the request status is updated from ‘Request Modified’ to ‘Request

Accepted’ and the ‘Request Modified’ slide-down section is updated to ‘Request Accepted’ along with the ‘Confirm’ button as shown in Picture 26 - ‘Provider’s Request Accepted slide-down section’.



Picture 26 – Provider’s Request Accepted slide-down section

8. MARKETPLACE The Marketplace is a central repository of virtual network appliances (vAppliances), such as Switches, Routers and Firewall from selected vendors. You will be required to Bring-You-Own-Licence (BYOL) for the vAppliances from these vendors, by obtaining these directly from those third parties as per your agreement with them. Before any VNF objects can be added to your Network Topologies the user must select them from the ‘Marketplace Directory’ and add them to your ‘My Image’ library. Within this section we cover the following use cases:

● Add VNF to ‘My Images’ library ● Delete VNF from ‘My Images’ library

8.1. Add VNF to ‘My Images’ library

1. User must be logged in as “Customer” in the Portal 2. The ‘Dashboard’ screen will display, as shown in Picture 27 - ‘Dashboard Home Screen’.



Picture 27 – Dashboard Home Screen

3. Click on the ‘Marketplace’ icon ( ) present on the left side menu.

4. Once the user clicks ‘Marketplace’ the user is redirected to ‘Marketplace Directory’ Screen and following options appear on the bottom left side menu:

o Marketplace Directory o My Images

5. The ‘Marketplace Directory’ screen contains the list of vendors with their shared (VNF) images and details.

The following details are covered in that list as shown in Picture 28 - ‘Marketplace Directory Screen’. 6.

o Company Logo o Name o Website o Categories

Picture 28 – Marketplace Directory Screen

7. By clicking ‘Name’ or ‘Company Logo’ fields, the row expands to show the details of that vendor as shown

in Picture 29 - ‘Marketplace directory with expanded row’:

o Category o Model o Description

Picture 29 – Marketplace directory with expanded row



8. Click on the row of a virtual function type, its respective model details are displayed with ‘Cancel’ and ‘Add to My Images’ button as shown in Picture 30 - ‘Marketplace Directory expanded row with model details table‘.

Picture 30 – Marketplace Directory expanded row with model details table

9. The table contains the following details (note these details may vary between different VNFs):

o Version o Maximum Number of Interfaces o Support Zero Day o USD/HR o EOS o EOL

10. The user selects the appliance by clicking the corresponding checkbox displayed at the end of the row 11. Once the checkbox is selected, the user clicks ‘Add to My image’ button. This will add the image to ‘My

Images’ section and the ‘Network’ screen under ‘Add Items’.

12. To view the newly added image in the ‘My Images’ grid, the user clicks the ‘My Images’ icon ( ) present

on the left side menu. 13. The user is redirected to the ‘My Images’ screen where a list of all images that have been added appear. 14. The following details for each image is displayed on the ‘My Images’ screen as shown in Picture 31 - ’My

Images Screen’: o Vendor o Category o Version o EOS o EOL



Picture 31 – My Images Screen

8.2. Delete a VNF from ‘My Images’ library

1. Click on the ‘Marketplace’ icon ( ) present on the left-hand menu.

2. Click on the ‘My Images’ icon ( ) present on the left hand sub-menu.

3. A ‘Delete’ icon ( ) is present against each VNF image.

4. By clicking ‘Delete’ against an image a ‘Confirmation’ pop-up along with ‘OK’ and ‘Cancel’ buttons opens for that respective image.

5. The user clicks ‘OK’ and the image is deleted from the list and will no longer be available via ‘Add Items’ on the ‘Network’ Screen.

9. NETWORK TOPOLOGY

Within this section we will be creating topology using the Global Exchange partner connections and VNF Images that have been setup. We will cover the following use cases:

● Create a New Topology ● Recall an Existing Topology ● Add Item to Network Topology

o Next IP connection o GWAN connection o Internet connection o AWS connection o VNF

The Network Topology area within the Portal is where a customer is able to create and then modify both draft, as well as live, Telstra Programmable Network architectures. The area in which we work with each Topology is also referred to as the canvas.

9.1. Create a New Topology

1. Click on the ‘Network’ icon ( ) in the left side menu.

2. The user is redirected to blank ‘Network’ screen and the following options appear in the bottom left side menu:

o Existing Topologies o Create New Topology



3. The user clicks the ‘Create New Topology’ icon ( ) and the ‘New Topology’ pop-up opens as shown in

Picture 32 - ‘New Topology Pop-up’.

Picture 32 – New Topology Pop-up

4. In the ‘New Topology’ pop-up, the user provides values for the required fields i.e. ‘Topology Name’ and

‘Topology Description’ and clicks the ‘Save’ button. 5. Once the user clicks ‘Save’, the topology is created and the user is redirected to a blank canvas for the

newly created topology as shown in Picture 33 - ‘Newly Created Topology Canvas Screen’.

Picture 33 – Newly Created Topology Canvas Screen

6. The ‘Newly Created Topology’ screen contains the Name and Description of the topology with ‘Edit’ and

‘Delete’ icons, blank canvas, ‘Add Items’ and ‘Deploy’ buttons as shown in Picture 3 - ’Newly Created Topology Canvas Screen’.

7. To update the topology Name and Description the user can click on the ‘Edit’ icon ( ).

8. To delete a topology (canvas) the user can click the ‘Delete’ icon ( ). NOTE: Before a canvas can be

deleted all flows and objects must first be individually deleted. 9. To add new items to a topology the user can click on the ‘Add Items’ icon – refer to §9.3 below. 10. To deploy a topology the user can click the ‘Deploy’ icon.

9.2. Recall an Existing Topology

1. Click on the ‘Network’ icon ( ) in the bottom left side menu.

2. Once the user clicks ‘Network’ the user is redirected to blank ‘Network’ Screen and the following options get added to the left side menu:




3. The user clicks ‘Existing Topologies’ ( ) and the ‘Existing Topologies’ list is displayed at the bottom of

the left-hand side of the screen as shown in Picture 34 - ‘Network Screen with Existing Topologies Option’.

Picture 34 – Network Screen with Existing Topologies Option

4. The user selects the existing topology to which they want to view or add the items. By selecting topology,

the user is redirected to the selected topology screen. 5. The ‘Existing Topology’ screen contains the name and description of the topology with ‘Edit’ and ‘Delete’

icons, canvas along with ‘Add Items’ and ‘Deploy’ buttons.

6. To update the topology Name and Description the user can click on the ‘Edit’ icon ( ).

7. To delete a topology (canvas) the user can click the ‘Delete’ icon ( ). NOTE: Before a canvas can be

deleted all flows and objects must first be individually deleted. 8. To add new items to a topology the user can click on the ‘Add Items’ icon – refer to section 9.3 below. 9. To deploy a topology the user can click the ‘Deploy’ icon.

9.3. Add Item to Network Topology Once you have completed section 9.1 – ‘Create a New Topology’ or section 9.2 – ‘Recall an Existing Topology’ you are now ready to add, edit and delete items within your Network Topology.

1. Click on the ‘Add Items’ icon to add new items to the canvas of the topology. 2. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’

buttons, as shown in Picture 35 - ‘Add Item Screen along with Function sub menu’.



Picture 35 – Add Item Screen along with Function sub menu

3. The ‘Function’ sub menu contains following types of Items which the user can add to a canvas while creating a topology:

o PoP – Refer to section 6 o Global Exchange – Refer to section 7 o Marketplace – Refer to Section 8

9.3.1. Add a PoP Port to the Canvas Prerequisite: Before you will be able to add PoP Ports onto your canvas you must first request your physical connection requirements. Refer to Section 6.1 – ‘Add PoP Port’ for initial request procedure. Once you receive a successful deployment acknowledgement then you are ready to proceed.

1. To add a ‘PoP’ to the canvas, from the ‘Functions’ list click on ‘PoP’ and the submenus of POPs and their respective endpoints are displayed as shown in Picture 36 - ‘Add Item Screen while adding PoP’.

Picture 36 – Add Item Screen while adding PoP

2. The user selects the respective ‘Endpoint’ and clicks the ‘Done’ button.

NOTE: A single PoP Port can be used many time, by using unique VLANs for each flow from the Port.

3. The ‘End Point’ is added to the canvas.

9.3.2. Add a Next IP connection to the Canvas Prerequisite: Before you will be able to add a Next IP connection onto your canvas you must first register your Next IP IPVPN through the Global Exchange. Refer to Section 7.2 – ‘Add a Telstra Next IP connection’ for initial setup details. Once you receive a successful deployment acknowledgement then you are ready to proceed.

1. To add a Next IP connection to the canvas, from the ‘Functions’ list click on ‘Global Exchange’ to display the submenus for the ‘Global Exchange’ and their locations with respective connections.

2. The user selects ‘Telstra’ from ‘Global Exchange’, then selects ‘Next IP’ from “Products’ 3. Next IP offers connections in Sydney and Melbourne. Select ‘AMTC’ for Melbourne or ‘SYTS’ for ‘Sydney’

interconnect, then ‘ADD NEXT IP’ or an already deployed Next IP connect from the ‘Deployed Next IP’ list. 4. Click the ‘Done’ button as shown in Picture 37 ‘– Add Item Screen while adding a Next IP connection’



Picture 37 – Add Item Screen while adding a Next IP connection

5. The Next IP connection is added to the canvas.

9.3.3. Add a GWAN connection to the Canvas Prerequisite: Before you will be able to add a GWAN (Global IPVPN) connection onto your canvas you must first register your GWAN service through the Global Exchange. Refer to Section 7.3 – ‘Add a Telstra GWAN connection’ for initial setup details. Once you receive a successful deployment acknowledgement then you are ready to proceed.

1. To add a GWAN connection to the canvas, from the ‘Functions’ list click on ‘Global Exchange’ to display the submenus for the ‘Global Exchange’ and their locations with respective connections.

2. The user selects ‘Telstra’ from ‘Global Exchange’, then selects ‘IPVPN’ from “Products’ as shown in Picture 38 ‘– Add Item Screen while adding a GWAN connection’.

Picture 38 – Add Item Screen while adding a GWAN connection

3. The user can then either select ‘ADD IPVPN’ to deploy a new GWAN connection, or select an already deployed GWAN connection from the ‘Deployed IPVPN’ list.

4. If ‘ADD IPVPN’ is selected then a configuration ‘Add IPVPN’ pop-up will be presented, as shown in Picture 39 – Configure 'Add IPVPN’ pop-up



Picture 39 – Configure 'Add IPVPN’ pop-up

5. Select the ‘IPVPN Location’ where you would like to interconnect your GWAN with Telstra Programmable Network.

6. Select the ‘Master Service ID’ for your GWAN service that is connecting to Telstra Programmable Network.

7. Click on ‘Save & Continue 8. Click the ‘DONE’ button, and the GWAN connection is added to the canvas.

9.3.4. Add Internet Access to the Canvas

1. To add ‘Internet’ to a canvas, the user clicks ‘Global Exchange’ and then ‘Telstra’ from ‘Exchange Partner’ list, then ‘Internet’ from ‘Product’ list and then select the required ‘Locations’ from the sub menus as shown in Picture 40 - ‘Add Items Screen while adding Internet’.

Picture 40 – Add Item Screen while adding Internet

2. The user selects the required Internet connection or clicks ‘Add Internet’ and then clicks ‘Done’ button. 3. The ‘Internet’ is added to the canvas.

4. Click on newly added ‘Internet’ object, the ‘Configure’ icon ( ) and ‘Information’ icon ( ) appear. The

user clicks the ‘Configure’ icon. 5. By clicking ‘Configure’, the ‘Configure Internet’ pop-up opens up where the user enters field values present

under the following tabs as shown in Picture 41 - ‘Configure Internet Pop-up’. o General o IP Allocation o IP Allocation Forecast



Picture 41 – Configure Internet Pop-up

6. Once the user enters values for all the required fields and click ‘Save’ button, the ‘Internet’ object is configured.

9.3.5. Add AWS to the Canvas Prerequisite: Before you will be able to add an AWS connection onto your canvas you must first register for an AWS port through the Global Exchange. Refer to Section 7.4 – ‘Add an AWS connection’ for initial setup details. Once you receive a successful deployment acknowledgement then you are ready to proceed.

1. To add an AWS connection to a canvas, within your Topology from the ‘Functions’ list click on ‘Global Exchange’ and then ‘AWS EP Location’, and ‘EndPoints’ sub menus are displayed as shown in Picture 43 - ‘Add Items Screen while adding VNF’.

Picture 42 – Add Item Screen while adding AWS

2. Click the ‘DONE’ button, and the AWS connection is added to the canvas.

9.3.6. Add a VNF to the Canvas Prerequisite: Before you will be able to add a VNF onto your canvas, you must first add an image into your Marketplace ‘My Images” library. Refer to Section 8.1 – ‘Add VNF to ‘My Images’ library’ for initial setup steps.

1. To add a ‘VNF’ to a canvas, within your Topology from the ‘Functions’ list click on ‘Marketplace’ and then ‘Type’, ‘Vendor’ and ‘Model’ sub menus are displayed as shown in Picture 43 - ‘Add Items Screen while adding VNF’.



Picture 43 – Add Item Screen while adding VNF

2. The user selects the respective ‘Model’ and the ‘Add VNF’ pop-up opens as shown in Picture 44 - ‘Add VNF Pop-up’.

Picture 44 – Add VNF Pop-up

3. The user enters the required details in the pop-up and clicks the ‘Save & Continue’ button. 4. The user finally clicks the ‘Done’ button and the ‘VNF’ is added to the canvas and deployment immediately

begins. NOTE: Billing for the VNF resources will commence as soon it is up and running on your canvas.

5. When the VNF is successfully deployed, the circle around the VNF turns green.

6. On clicking the ‘VNF Settings’ icon ( ), a ‘VNC Console’ to the VNF opens in another window as shown

in Picture 45 - ‘VNC Console’.



Picture 45 – VNC Console

10. LAYER 2 FLOW SERVICE Within this section we are covering the following use cases:

● Flow Creation ● Deploy ● Contract Creation ● Edit Flow

10.1. Flow Creation The user can create a flow between following combinations of different object:

● PoP Port and PoP Port ● PoP Port and VNF ● PoP Port and Internet ● PoP Port and Next IP ● PoP Port and Global Exchange connection

10.1.1. Flow Creation between PoP Port and PoP Port

1. Click on the ‘Network’ icon ( ) present on the left side menu.

2. By clicking ‘Network’, the user is redirected to blank ‘Network’ Screen and the following options are added to the bottom left side menu:


3. After the successful creation of new topology, the user clicks ‘Add Items’ icon to add new objects to the

canvas of the topology. 4. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’

button as shown in Picture 46 - ‘Add Item Screen along with Function sub menu’.




5. The ‘Function’ sub menu contains the following types of objects which the user can add to a canvas while

creating a topology:

o PoP o Global Exchange o Marketplace

6. The user now adds two ‘PoP Ports’ to the canvas (Refer to section 9.3 for details). 7. The user then drags one of the ‘PoP Port’ objects (A-END) over the other (Z-END) and, the ‘New Flow

Configuration’ pop-up opens. 8. In ‘New Flow Configuration’ pop-up the user must define values for following parameters as shown in

Picture 47 – New Flow Configuration pop-up – PoP to PoP.

o Flow Name o Description: Provide details of the flow, up to 252 characters supported. o VLAN (A-END) o VLAN (Z-END) o Bandwidth o Duration o Latency o Billing Account o Renewal Option

NOTE: A-END is where you start dragging your Flow FROM.

Z-END is where you finish dragging your Flow TO.



Picture 47 – New Flow Configuration pop-up – PoP to PoP

9. In the ‘New Flow Configuration’ pop-up, the following field are mandatory:

o ‘Flow Name’ o VLAN (A-END) o VLAN (Z-END)

The rest of the fields are prefilled with the following default values:

o Bandwidth as 1 Mbps o Latency as ‘Standard’ o Duration as 1 Hours o Renewal Option as ‘Auto Renewal’ o Billing Account as the first billing account present in the dropdown

10. The user enters the required values and clicks ‘Save’. 11. Once a link is created successfully, a blue coloured line will show between the two endpoints, and a grey

coloured dot containing a numeric value is displayed (this represents that the flow is in a drafted state) as shown in Picture 48 - ’Flow in Draft State’.



Picture 48 – Flow in Draft State

12. The number shown within the coloured dot represents the number of flows currently configured between the two connected objects.

13. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully, the blue coloured line and the grey coloured dot turns green as shown in Picture 49 - ‘Canvas after successful deployment of the flow’.

Picture 49 – Canvas after successful deployment of the flow

14. In case of deployment failure the grey coloured dot turn red.

10.1.2. Flow Creation between PoP Port and VNF


2. By clicking ‘Network’, the user is redirected to a blank ‘Network’ Screen and the following options are added to the bottom left side menu:


3. After the successful creation of new topology, the user clicks the ‘Add Items’ icon to add new objects to

the canvas of the topology. 4. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’

buttons as shown in Picture 50 - ‘Add Item Screen along with Function sub menu’.


5. The ‘Function’ sub menu contains following types of objects which the user can add to a canvas while


o PoP o Global Exchange



o Marketplace

6. The user now adds a ‘PoP Port’ and a ‘VNF’ to the canvas. 7. The user then drags the ‘PoP Port’ object (A-END) over the ‘VNF’ object (Z-END) and the ‘New Flow

Configuration’ pop-up opens. 8. In ‘New Flow Configuration’ pop-up the user must define values for the following parameters as shown in

Picture 51 – New Flow Configuration pop-up – PoP to VNF.

o Flow Name o Description: Provide details of the flow, up to 252 characters supported. o VLAN (A-END) o Interface (Z-END) o Bandwidth o Duration o Latency o Billing Account o Renewal Option

Picture 51 – New Flow Configuration pop-up – PoP to VNF

9. In the ‘New Flow Configuration’ pop-up, the following fields are mandatory:

o ‘Flow Name’ o VLAN (A-END) o Interface (Z-END)

The rest of the fields are prefilled with the following default values


10. The user enters the required values and clicks ‘Save’. 11. Once the link is created successfully, a blue coloured line appears between the PoP Port and the VNF and

a grey coloured dot with a numeric value is displayed. This represents the flow is in drafted state. 12. The number shown within the coloured dot represents the number of flows currently configured between

the two connected objects.



13. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue coloured line and the grey coloured dot turns green as shown in Picture 52 - ‘Canvas after successful deployment of the flow’


14. In case of deployment failure the grey coloured dot turns red.

10.1.3. Flow Creation between PoP Port and Internet


2. By clicking ‘Network’, the user is redirected to a blank ‘Network’ Screen and the following options are added to the left side menu:


3. After the successful creation of new topology, the user clicks the ‘Add Items’ icon to add new objects to

the canvas of the topology. 4. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’



5. The ‘Function’ sub menu contains following types of objects which the user can add to a canvas while creating a topology:


6. The user now adds an ‘PoP Port’ and an ‘Internet’ to the canvas. 7. Once ‘Internet’ is added to the canvas, the user configures the ‘Internet’ object.



8. The user then drags the ‘PoP Port’ object (A-END) over the ‘Internet’ object (Z-END) and the ‘New Flow Configuration’ pop-up opens.

9. In ‘New Flow Configuration’ pop-up the user defines the values for the following parameters as shown in Picture 54 – New Flow Configuration pop-up – PoP to Internet.

o Flow Name (mandatory): Short description of the flow o Description (mandatory): Provide details of the flow, up to 252 characters supported. o VLAN (A-END) (mandatory): The VLAN tag value for the ingress/egress traffic at the A-End o VLAN (Z-END) – NOTE: No VLAN is required for Internet connection o Bandwidth o Duration o Latency o Billing Account o Renewal Option

Picture 54 – New Flow Configuration pop-up – PoP to Internet

10. In ‘New Flow Configuration’ pop-up, the following fields are mandatory:


The rest of the fields are prefilled with the following default values:


NOTE: You cannot set a VLAN for the Internet

11. The user enters the required values and clicks the ‘Save’ button. 12. Once the link is created successfully a blue coloured line is drawn between the two endpoints and a grey

coloured dot with a numeric value appears. This represents the flow is in drafted state. 13. The number shown within the coloured dot represents the number of flows currently configured between




14. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue coloured line and the grey coloured dot turns green as shown in Picture 55 - ‘Canvas after successful deployment of the flow’.


15. In case of deployment failure the grey coloured dot turns red.

10.1.4. Flow Creation between PoP Port and Next IP or Global IPVPN


2. By clicking ‘Network’, the user is redirected to blank ‘Network’ Screen and the following options are added to the left side menu:


3. After the successful creation of new topology the user clicks the ‘Add Items’ icon to add new objects to the







6. The user now adds a ‘PoP Port’ and a ‘Next IP’ (or a “Global IPVPN”) object to the canvas. 7. The user then drags the ‘PoP Port’ object (A-END) over the ‘Next IP’ (or “Global IPVPN”) object (Z-END)

and the ‘New Flow Configuration’ pop-up opens.



8. In ‘New Flow Configuration’ pop-up the user must insert values for the following parameters as shown in Picture 57 – New Flow Configuration pop-up – PoP to NextIP.

o Flow Name (mandatory): Short description of the flow o Description (mandatory): Provide details of the flow, up to 252 characters supported. o VLAN (A-END) (mandatory): The VLAN tag value for the ingress/egress traffic at the A-End o IP Range to be used (Z-END) (mandatory): Provide a /30 IP subnet that is not used in your

network. Note that when setting up BGP in your router, the first useable address of the /30 subnet is the PE address, while the second useable address is the CE address.

o CE ASN (Z-END) (mandatory): Provide a private ASN number for this BGP peering between the Telstra Next IP/ Global IPVPN and your router. Note that you need to use the following ASN as the PE when setting up BGP in your router:

ASN for Next IP: Local connections – any AS number outside of the reserved numbers listed below and any IP address of your choice may be used. Remote connections – 65423 (Clayton, Melbourne), 65424 (St. Leonards, Sydney)

Telstra has reserved the following private AS numbers within the Next IP MPLS VPN. You shall not use any of these private AS numbers: 65001, 65478, 65502, 65503, 65506, 65507, 65508, 65509, 65513, 65518, 65530

ASN for Global IPVPN: 4637 o Bandwidth (mandatory): Default 1Mbps: select the bandwidth from 1Mbps up to 10Gbps

required for the duration of the term. NOTE: The selected bandwidth can NOT be reduced during the chosen duration period. o Duration (mandatory): Default 1 Hour: Select the duration for the flow contract term. o Latency (mandatory): Default Standard: The indicated Latency value represents the end-to-end

data transfer flow time in milliseconds. The Latency options Low and Standard include SLAs, the Best Effort Latency option does not.

o Renewal Option (mandatory): Default Auto Renewal: o Billing Account (mandatory):

Picture 57 – New Flow Configuration pop-up – PoP to NextIP

9. The user enters the required values and clicks the ‘Save’ button. 10. Once the link is created successfully, a blue coloured line is drawn between the two endpoints and a grey

coloured dot with a numeric value appears. This represents that the flow is in drafted state. 11. The number shown within the coloured dot represents the number of flows currently configured between




12. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue coloured line and grey coloured dot turns green.

13. In case of deployment failure the grey coloured dot will turns red.

10.1.5. Flow Creation between PoP Port and Exchange Partner


15. By clicking ‘Network’, the user is redirected to blank ‘Network’ Screen and the following options are added to the left side menu:


16. After the successful creation of new topology the user clicks the ‘Add Items’ icon to add new objects to the







19. The user now adds a ‘PoP Port’ and an ‘Exchange Partner’ object to the canvas. 20. The user then drags the ‘PoP Port’ object over the ‘Exchange Partner’ object and the ‘New Flow

Configuration’ pop-up opens. 21. In ‘New Flow Configuration’ pop-up the user must insert values for the following parameters as shown in

Picture 59 - ‘New Flow Configuration’ pop-up.

o Flow Name o Description: Provide details of the flow, up to 252 characters supported. o Bandwidth o Duration o Latency o Billing Account o Renewal Option



Picture 59 – New Flow Configuration pop-up

22. In the ‘New Flow Configuration’ pop-up, the following fields are mandatory:


The rest of the fields are prefilled with the following values:


23. The user enters the required values and clicks the ‘Save’ button. 24. Once the link is created successfully, a blue coloured line is drawn between the two endpoints and a grey

coloured dot with a numeric value appears. This represents that the flow is in drafted state. 25. The number shown within the coloured dot represents the number of flows currently configured between

the two connected objects. 26. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue

coloured line and grey coloured dot turns green as shown in Picture 60 - ‘Canvas after successful deployment of the flow’.



Picture 60 – Canvas after successful deployment of the flow – Pop to Cloud

27. In case of deployment failure the grey coloured dot will turns red.

10.2. Edit Contract Edit contract allows the user to change the renewal option of a successfully-deployed flow. In all the above-mentioned flow creation scenarios, once the flow is deployed successfully the user has the option of changing the renewal option of any contract attached to the flow using following steps:


2. By clicking ‘Network’, the user is redirected to a blank ‘Network’ Screen and the following options are added to the bottom left side menu:


3. In ‘Create New Topology’ and ‘Existing Topologies’, the user can either create or open any existing topology. Once the topology is opened, the user clicks the green coloured icon (as can be seen in Picture 60) between the two objects which are connected through the green coloured line.

4. Once the user clicks the green icon, the ‘Flow Information’ pop-up opens. In the ‘Flow Information’ pop-up the user selects the ‘Flow ID’ whose contract’s renewal option the user wants to edit.

5. After the Flow ID is selected, the flow details along with its ‘Contracts’ grid is displayed.

6. The user clicks the ‘Edit’ icon ( ) present against every contract in the ‘Contract List’. The slide-down

section for that contract appears, containing its ‘Renewal Option’ along with ‘Close’ and ‘Save’ buttons as shown in Picture 61 – ‘Flow Information pop-up with edit contract section’.



Picture 61 – Flow Information pop-up with edit contract section

7. The user updates the required renewal option and clicks the ‘Save’ button and the ‘Start’ and ‘Expiry’ date is updated as per its updated renewal option.

10.3. Contract Creation

1. Login as ‘Customer’ in the application. 2. To add a contract to the flow, the user clicks the green coloured dot and the ‘Flow Information’ pop-up

opens as shown in Picture 62 - ‘Flow Information Pop-up’.

Picture 62 – Flow Information Pop-up

3. The number in the green coloured dot represents the number of flows created between those objects.

When the ‘Flow Information’ pop-up opens the user can select the flow ID from the ‘Flow ID’ dropdown to which the user wants to add the contract.

4. Once the flow ID is selected its details are displayed in the pop-up and the user clicks the ‘Add New Contract’ button.



5. On clicking ‘Add New Contract’ the ‘Contracts’ sections expands as shown in Picture 63 - ‘Flow Information pop-up with expanded contract section’.

Picture 63 – Flow Information pop-up with expanded contract section

6. The user enters the required details in the ‘Contracts’ section and clicks the ‘Add’ button. 7. By clicking ‘Add’, the contract is added to that respective flow. 8. The user is able to add multiple contracts to a flow.

11. GATEWAY PROTECTION Gateway Protection is an advanced virtual network function and is the primary global cloud security interconnection for current and future network and multi-cloud services. The service is made up of a Next IP/IPVPN service, a Palo Alto Firewall VNF, and the connecting Layer 2 flow between them.

11.1. Add Gateway Protection to Images Library From the Dashboard, select Marketplace.



On the Marketplace page locate and select Telstra to expand it.

Select Gateway Protection from the available options. Select the Gateway Protection configuration you wish to order, ensure the checkbox is checked and click Add to my Images. This will add Gateway Protection to your Image Library, ready to be used on a Network Topology.



11.1.1. Add Gateway Protection to a Network Topology From the Network Topology Canvas, select Add Items. Locate Gateway Protection and click Add GP.

During the deployment of Gateway Protection, you will configure 4 individual components:

Gateway Protection Service

Next IP/IPVPN Service

Palo Alto Virtual Firewall

Flow between your Next IP/IPVPN Service and the Palo Alto Virtual Firewall Instance



11.1.2. Configure Gateway Protection Service You can customise Gateway Protection to your requirements by modifying the options on the Service Parameters pop up. Configure the following details and click Next.

Name This is a user-defined name/label.

Feature Package Standard – A single firewall will be deployed in the selected location

Contract Term 1 hour, 1/12/24/36 months

Renewal Option Auto Renewal – the service will automatically be renewed for the same contract term

11.1.3. Connect and Configure Next IP/IPVPN Service Connect and configure a Next IP/IPVPN service to Gateway Protection, then click Next.

Select VPN Next IP for Australian Domestic MPLS or IPVPN for International MPLS

Network FNN/Master Service ID

Select a service ID from the list

IP Address Specify an interconnect subnet. This subnet must not be used in another Next IP/IPVPN service already.

Primary Region Select the primary region of you VPN

AS No. Specify a private AS number for the peering between your Next IP/IPVPN service and the Gateway Protection instance. Please use an AS number within this range: 64512 & 65534

Please note: Telstra has reserved the following BGP private AS numbers within the Next IP MPLS VPN service: 65001, 65423, 65424, 65530, 65502, 65503, 65506, 65507, 65508, 65509, 65513, 65518 and 65478. You are unable to use these AS numbers during the configuration of Gateway Protection.

| Your Next IP/IPVPN service is identified by a Master Service ID or Network FNN.



11.1.4. Configure Palo Alto Virtual Firewall Configure this specific Palo Alto Virtual Firewall instance by choosing from the following options:

Primary VM Name This is a user-defined name/label

Primary VM Region Select from the available locations

License Size VM 50 License

VM 100 License

VM 300 License

The license chosen will affect the features available. Please see the below table for a list of throughput per license size. Note that the throughput is the aggregate of the outbound traffic on all ports. For example: a VM 50 can support 50Mbps towards the internet and 50Mbps towards NextIP.

VM 50 License Maximum Throughput: 100Mbps

VM 100 License Maximum Throughput: 1Gbps

VM 300 License Maximum Throughput: 2Gbps

11.1.5. Create and configure a flow between Next IP/IPVPN Service and Palo Alto Virtual Firewall



Finally, configure a flow between the Next IP/IPVPN Service and the Palo Alto Virtual Firewall. You can customise the elements of the flow for your requirements as per the standard process:

Flow Name This is a user-defined name/label

Description A short description to describe the purpose of this flow

Bandwidth (Mbps) The bandwidth of the flow in Mbps

Latency Low/Standard/Best Effort

Billing Account Select a billing account for this service

Based on your configurations and requirements throughout the process, you’ll be provided with a pricing summary of your order information. If you are happy with your configuration and the price summary, select Submit to add and deploy Gateway Protection to your Network Topology Canvas.

Please note: This pricing summary is an estimate only. Charges are rated hourly, as such the monthly charge will vary according to the number of hours in a particular month. Gateway Protection billing will commence once it has been deployed and is functioning.



Click Done to add to your Topology.

11.2. Gateway Protection Dashboard The Gateway Protection Dashboard can be accessed either from the Dashboard page or the Network Topology Canvas that has a Gateway Protection instance deployed. From the Network page, select the Topology that contains your Gateway Protection instance. Select the Gateway Protection icon on the canvas and the select the Dashboard icon.



The Gateway Protection Dashboard shows network and security status information with up to 12 months of historical data. The Gateway Protection Dashboard can be arranged to include up to 6 graphs, including:

Traffic Bytes sent and received

Traffic Top 20 applications by bytes

Traffic Top 10 source IP with correspond top 5 applications

Traffic Top 10 URL categories with their top 5 applications

Threat prevention data Displays information related to threat detection

Traffic Destination locations (with map)

11.3. Configure Gateway Protection Firewall Policies Gateway Protection includes the ability to configure Palo Alto firewall policies via a streamlined interface. To configure firewall policies, select the settings icon by selecting a deployed and active Gateway Protection Instance.



A configuration panel will open with a summary and a range of options to configure:

Interface Management

Firewall Rules

NAT

Routing

DNS

Address Object

Service Object

BFD Profile

BGP Auth Profile

VNF BGP Configuration

VNF Configuration

Debug Tools

It should be noted that any changes made will not be applied to the virtual firewall until the Commit Changes button is clicked.

11.3.1. Summary



The Summary page provides information on the Gateway Protection instance:

Category Constructed

Renewal Option Auto Renewal or Auto Disconnect

Contract Term The contract term selected during configuration

High Availability Yes or No

Feature Package Standard

Security Management Self-Served

Description The name given to the Gateway Protection instance

IPVPN The IPVPN tab displays the IPVPN or NextIP details configured for the Gateway Protection instance:

Network FNN/Master Service ID

Primary ASN No

IP Address Flow The Flow tab displayed information about the flow from your IPVPN or Next IP service to the Palo Alto Networks VM Series VNF. The following information is shown:

Flow Name

Description

Bandwidth

Latency

Billing Account

Flow Contracts Just like other Telstra Programmable Network components that are connected via flows, additional contracts can be added to extend or boost bandwidth between the IPVPN or NextIP Service and the Palo Alto Networks VW Services VNF within the Gateway Protection service.



Existing contracts will show on the Contacts section of the Flow tab.

New contracts can be added by selecting the Add New Contract button, configuring the flow contract and selecting Add.

11.3.2. Network Interfaces The Network Interfaces Management tab shows a list of all existing interfaces as well as the status of the interface and the ability to and configure new interfaces. Network Interfaces defined here can be used in the configuration of NAT Rules or Remote VPN Configurations.



Add a Network Interface To add a Network Interface, click Add Tunnel Interface and specify the following parameters:

Interface Description A short description to describe the purpose of this interface

IP Address The IP Address of the interface. Depending on where the connection is made – to the network or the internet, the IP address may be the 1st or 2nd usable address in the IP allocated range respectively.

Security Zone Trust or Untrusted Trusted refers to an interface connection to an internal network (e.g. NextIP/IPVPN). Untrusted refers to an interface connection to an external network (e.g. Internet)

Status You can set the interface manually as Up or Down or Auto

Set your required parameters and click Save Changes.

Modify an existing Network Interface To modify an existing Network Interface, select the Edit icon for the Interface row you would like to modify.



11.3.3. Firewall Rules

Add a Firewall Rule To add a new Firewall Rule, click Add New Rule and define the following parameters:

Rule Name This is a user-defined name/label

Rule Description This is a user-defined description for the functionality of the rule

Action Deny or Allow

Source IP Address/Subnet Specify a CIDR IP Address, or select from a list of address objects or address groups

Destination IP Address/Subnet Specify a CIDR IP Address, or select from a list of address objects or address groups

Service Select the relevant service to apply the rule to.

Once set, click the Save button to save the rule. To apply the changes to the Virtual Firewall, click Commit Changes.



Modify an existing Firewall Rule To modify an existing firewall rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Re-ordering existing Firewall Rules You can change the order of the firewall rules by clicking and dragging the rules into the desired order. Delete an existing Firewall Rule To delete an existing firewall rule, select the delete icon.

11.3.4. NAT Rules Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. Gateway Protection allows configuration of both SNAT and DNAT rules via the Telstra Programmable Network Portal.



Add a new SNAT Rule To add a new SNAT rule, click Add NAT Rule and define the following parameters:



Service This is the service or application the rule will be applied to

Source Zone Trusted, Untrusted or Any

Destination Zone Trusted, Untrusted or Any

Source IP Address/Subnet The Source IP address/range

Destination IP Address/Subnet The Destination IP address/range

VNF Name Select the VNF Instance

Interface Select the required interface

Translate IP Address Not Required

VNF Name Select the relevant VNF you would like to apply this rule to

Interface Select the relevant interface you would like to apply this rule to

Translate IP Address to The IP address you want to translate to. This is the IP address of the external interface and must include the subnet mask




Modify an existing SNAT rule To modify an existing NAT rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Delete an existing SNAT rule To delete an existing NAT rule, select the delete icon. Add a new DNAT rule To add a new DNAT Rule, click Add New NAT Rule and define the following parameters:



Service This is the service or application the rule will be applied to

Source Zone Trusted, Untrusted or Any

Destination Zone Trusted, Untrusted or Any

Source IP Address/Subnet The Source IP address/range

Destination IP Address/Subnet The Destination IP address/range

VNF Name Select the VNF Instance

Interface Select the required interface

Translate IP Address The IP address you want to translate to.

VNF Name Not Required

Interface Not Required

Translate IP Address to Not Required




Modify an existing DNAT Rule To modify an existing NAT Rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Delete an existing DNAT Rule To delete an existing DNAT Rule, select the delete icon.

11.3.5. Static Routes Gateway Protection allows the configuration of Static and Dynamic Routes.

Add a new Static Route To add a Static Route, click the Add New Route under the Static Route section and configure the following parameters:



Name Used to identify the static route

Subnet/CIDR The subnet you want to route to eg:0.0.0.0/0

Gateway The next hop address


Modify an existing Static Route To modify an existing Static Route, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.

Delete an existing Static Route To delete an existing Static Route, select the delete icon. Add a new Dynamic Route



To add a Static Route, click the Add New Route under the Static Route section and configure the following parameters:

Name This is a user-defined name/label used to identify the static route

Device Name Select from a dropdown list of options

Network Interface The required Network Interface

Max prefixes 1 - 100000

Local IP Address The local IP Address

Local A S Number Specify a private AS number for the firewall

Local IP Address Specify a .1 IP address for the firewall

Peer Group Name This is a user-defined name/label

Peer Name: This is a user-defined name/label

Peer IP Address Specify a .2 IP address for the BGP peer

Peer AS Number Specify the AS number for the BGP peer

This value depends on the BGP peer and can either be a private or public AS number

Peer Auth Profile Select from a pre-defined Auth profile

Peer BFD Profile Select from a pre-defined BFD profile

Type Ebgp or ibgp


Modify an existing Dynamic Route To modify an existing Dynamic Route, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.



Delete an existing Dynamic Route To delete an existing Dynamic Route, select the delete icon.

11.3.6. DNS Sinkholing DNS Sinkholing helps the user identify infected hosts on its protected network using DNS traffic in situations where the firewall cannot see the infected client’s DNS query. Sinkholing malware DNS queries forges responses to the client host queries directed at malicious domains so that users attempting to connect to malicious domains will instead attempt to connect to the user-defined IP address.

Gateway Protection allows the configuration of DNS Sinkholing.

Enable DNS Sinkholing To enable DSN Sinkholing, click the Enable DNS button and configure the following parameters:

Name This is a user defined name/label

IPv4 Sinkhole Address Specify a IPv4 address



IPv6 Sinkhole Address Specify a IPv6 address

Please note: It is highly recommended to use an IP address that is not in your network.

Disable DNS Sinkholing To Disable DSN Sinkholing, click the Disable DNS button.

11.3.7. Address Objects Address objects can include an IPv4 address, IPv6 address or a FQDN. It allows the user to reuse the same object as a source or destination address across all the policy rule bases without having to add it manually each time. Additionally, to simplify the creation of security policies, addresses that require the same security settings may be combined into address groups.

Gateway Protection allows the configuration of Address Objects and Address Groups. Address Objects or Address Groups can be used in firewall rule configuration so that the firewall rules can maintain an indirect reference of the absolute addresses. Multiple Address Objects and be grouped into Address Groups.



Add a new Address Object To add a new Address Object, click the Add Address Object button and configure the following parameters:

Name Used to identify the Address Object

Description Used to describe Address Object

Type Ip_netmask, ip_range or FQDN

Address The relevant address based on the type you have selected

Modify an existing Address Object To modify an existing Address Object, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Delete an existing Address Object To delete an existing Address Object, select the delete icon.

Add a new Address Group To add a new Address Group, click the Add Address Group button and configure the following parameters:

Name Used to identify the Address Object

Description Used to describe Address Object

Type Static

Address Select a previously created Address Object



Modify an existing Address Group To modify an existing Address Group, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Delete an existing Address Group To delete an existing Address Group, select the delete icon.

11.3.8. Service Objects When defining a security policy for specific applications, the user may select one or more services to limit the port numbers the applications can use. The current default service allows all TCP and UDP ports. While the HTTP and HTTPS services are pre-defined, the user may add additional service definitions. Additionally, to simplify the creation of security policies, the user may combine services that have the same security settings into service groups.

Gateway Protection allows the configuration of Service Objects and Service Groups. Service Objects or Service Groups can be used in firewall rule configuration so that the firewall rules can maintain an indirect reference of the absolute addresses. Multiple Service Objects and be grouped into Service Groups. Add a new Service Object To add a new Service Group, click the Add Service Object button and configure the following parameters:

Name Used to identify the Service Object

Description Used to describe the Service Object

Protocol TCP or UDP

Source Port The Source Port of the Service Object

Destination Port The Destination Port of the Service Object



Modify an existing Service Object To modify an existing Service Object, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Delete an existing Service Object To delete an existing Service Object, select the delete icon. Add a new Service Group To add a new Service Group, click the Add Service Group button and configure the following parameters:

Name Used to identify the Service Group

Services Select a previously created Service Object

Modify an existing Service Group To modify an existing Service Group, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.



Delete an existing Service Group To delete an existing Service Group, select the delete icon.

11.3.9. BFD Profile BFD is a protocol that recognizes a failure in the bidirectional path between two forwarding engines, such as interfaces, data links, or the actual forwarding engines. In the PAN-OS implementation, one of the forwarding engines is an interface on the firewall and the other is an adjacent configured BFD peer. After BFD detects a failure, it notifies the routing protocol to switch to an alternate path to the peer. If BFD is configured for a static route, the firewall removes the affected routes from the RIB and FIB tables. BFD is supported on the following interface types—physical Ethernet, AE, VLAN, tunnel (Site-to-Site VPN and LSVPN), and subinterfaces of Layer 3 interfaces. For each static route or dynamic routing protocol, you can enable or disable BFD, select the default BFD profile, or configure a BFD profile.

Add a new BFD Profile To add a new BFD Profile, select the Add button and configure the following parameters:

Name Used to identify the BFD Profile

Detection Multiplier Between 2 - 50

Hold Time Time, in seconds before forward (0 – 120000)

Min. TX Interval

Min RX. Interval

Mode Active or Passive

Multihop 1 - 254



Modify an existing BFD Profile To modify an existing BFD Profile, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Delete an existing BFD Profile To delete an existing BFD Profile, select the delete icon.

11.3.10. BGP Auth Profile Border Gateway Protocol (BGP) is the primary internet routing protocol. BGP determines network reachability based on IP prefixes that are available within autonomous systems (AS), where an AS is a set of IP prefixes that a network provider has designated to be part of a single routing policy. BGP Redistribution Rules are used to redistribute host routes and unknown routes that are not on the local RIB to the peers routers. Add a new BGP Redistribution Rule To add a new BGP Redistribution Rule, select the Add button and configure the following parameters:

Name Used to identify the BGP Redistribution Rule

Address Family Type Ipv4

VNF UUID Select a Palo Alto VM Series Gateway Protection instance

Enable True or False



Modify an existing BGP Redistribution Rule To modify an existing BGP Redistribution Rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes. Note: Redistributing a Default Route requires the configuration of a static default route, a redistribution rule for the 0.0.0.0/0 subnet as well as checking the tickbox for Redistribute Default Route. Delete an existing BGP Redistribution Rule To delete an existing BGP Redistribution Rule, select the delete icon. Add a new BGP Auth Profile To add a new BGP Auth Profile, select the Add button and configure the following parameters:

Name Used to identify the BGP Auth Profile

Secret A unique string used to access the BGP Profile



11.3.11. VNF BGP Configuration The VNF BGP Configuration tab displays the stats of a BGP Auth Profile assigned to a Palo Alto VM Series VNF for a Gateway Protection instance.

VNF Configuration The VNF Configuration tab displays the current configuration for the Palo Alto VM Series VNF assigned to the Gateway Protection instance. Summary Tab The Summary Tab displays various information about the Palo Alto VM Series VNF:

Endpoint Name Used to identify the VNF instance

Region The region the VNF is deployed in

Billing Account The billing account for the VNF

VM Size The VNF’s license or size

Max Interfaces The maximum interfaces on the VNF instance

Cost Per Hour – VM The cost per hour for the Virtual Machine

Cost Per Hour – Software The cost per hour for the software

Total The total cost per hour

Interfaces Tab The Interfaces Tab displays the available interfaces for the VNF, it also allows you reorder the interfaces if required.



Logs Tab The Logs tab displays the VNF’s logs.

11.3.12. Backup The Backup tab allows you to created one off backups for a single point in time, or create a schedule for backups to happen automatically. Existing backups can also be restored to the VNF in the event incorrect changes are made.



Create a One-Off Backup To create a One-Off backup, enter a backup name and select the Create button. A back up will be created.

Schedule a backup To schedule a recurring backup, select the Schedule option and select the frequency you would like a back up to automatically be created and click the Create button.



Restore an existing backup To restore an existing Backup, select the Restore icon on the backup you would like to restore. Delete an existing backup To delete an existing Backup, select the Delete icon on the backup you would like to delete.

11.3.13. Debug Tools The Debug Tools tab allows you to perform various actions to test whether the Palo Alto VM Series VNF is functionality correctly. You can:

Ping from the VNF via an interface to a specific IP Address

Fetch a routing table from the VNF

Perform a traceroute from the VNF via an interface to a specific IP Address



12. SETTINGS 12.1. Exchange Settings The Global Exchange is a powerful capability of the Telstra Programmable Network ecosystem. It permits individual customers to advertise a PoP Port interconnect into their tenancy. This feature in turn can enable community networking services, complementary network infrastructure, data centre and cloud services are just a few possibilities. If you are considering leveraging this feature please reach out to your Telstra Programmable Network Technical Account Representative for professional advice and guidance.

12.2. General Settings 12.2.1. General The “General” screen, shown in Picture 64 – General Settings; General, provides a static view of the current TPN tenancy account settings.

Picture 64 – General Settings; General

Click on “Edit” to modify settings, as shown in Picture 65 – General Settings; General - Edit.

Picture 65 – General Settings; General - Edit



● Company Name: Name to be appear in the top right corner of portal screen ● Address: ● City: ● Country: ● State: ● Phone: ● Domain ID: NOTE: Cannot be edited once account has been setup. ● Partner Code: ● Website: ● Currency: NOTE: Cannot be edited once account has been setup. ● Customer Account No.: NOTE: Cannot be edited once account has been setup. ● Billing Account Id.: NOTE: Cannot be edited once account has been setup. ● Postal Code: ● Customer Type: Default Internal. Select either “Internal” or “External” ● Partner Channel: Select either “Australia” or “International”

Add Sub-Account A Sub-Account, or Child Account, can be created when an organisation wants to separate network topologies and users across different parts of their own business, or a partner managing separate TPN instances.

1. Click on the “ADD SUB-ACCOUNT” button to bring up “Add New Customer” pop-up screen, as shown in Picture 66 – General Settings; General – Add Sub-Account, where the user can add a sub-account within the current account/tenancy.

Picture 66 – General Settings; General – Add Sub-Account

NOTE: When adding a sub-account the following conditions will apply:

● Currency will automatically be set to the parent accounts currently.

2. Once the new account has been create, user accounts then need to be added to the new tenancy.

3. Select the “Manage Customers” ( ) option from the Left Hand Menu (refer to §14), the select “Graphic

View”. The new tenancy should now be shown as a child account. 4. Click on the new tenancy to configure new user accounts (refer to §12.2.3).

12.2.2. Identity Provider Identity protection and authentication management is a critical security element of any public facing portal environment. This section allows users to configure Two-Factor Authentication, providing an increased level of access security into the TPN Portal and their tenancy.



Picture 67 – General Settings; Identity Provider

1. Select “Edit” 2. Authentication Scheme:

o Default is the default setting. Uses domainid, username/password to login to portal o Oath 2.0 is a future capability, currently disabled

3. 2 Factor Authentication: o Optional is the default setting. o Mandatory will require all users logging into this tenancy to utilise Two-Factor Authentication.

NOTE: Refer to §4.2.1 for details on setting up and use of 2FA for logging into the TPN Portal.

12.2.3. Users Setting user access and allocating a Profile (set of permissions) is achieved within the Users area.

Picture 68 – General Settings; Users

Add New User

1. Click on the “ADD NEW USER” button to bring up “Add New User” edit line, as shown in Picture 69 – General Settings; General – Add New UserPicture 66 – General Settings; General – Add Sub-Account.



Picture 69 – General Settings; General – Add New User

2. Complete the following details:

o First Name (mandatory): user’s first name o Last Name (mandatory): user’s surname name o Email ID (mandatory): user’s email address o Username (mandatory): create a unique (within this tenancy) username for the new user o Profile (mandatory): check the permissions based on available Profiles. o Job Title: user’s job title o IDP: Default default: first name o Reset/Change Password: initiate a password reset for the user o Reset 2FA: initiate a Two Factor Authentication reset for the user o Notifications: Default ON: enable email notification – NOTE: Future feature. o Actions: Default ON: mark user as active/inactive. Only active users will be able to login in

portal. o Default Identity: Default ON: If enabled, user will log into the TPN identity provider (IdP, i.e. 3rd

party authentication) web application. - NOTE: Future feature.

3. Click “Save” icon ( ) to save and create the new user accounts.

NOTE: Two emails will be send immediately to the new user’s provided email address. a. Titled “TPN User Creation” – containing DomainID, username and URL to login screen b. Titled “TPN User Password” – containing Temporary Password

12.2.4. Profiles When adding new Users it’s important to ensure that they can only access the features and functions that the tenancy administrator wishes them to have.

Picture 70 – General Settings; Profiles

Each Profile that is created is given a unique name and set of permissions from the extensive list of available capabilities. Refer to Section 15.4 for a list of available Permissions.



Add Profile 1. Click on the “ADD PROFILE” button to bring up “Add Profile” edit line, as shown in Picture 71 – General

Settings; General – Add ProfilePicture 69 – General Settings; General – Add New User.

Picture 71 – General Settings; General – Add Profile

2. Complete the following details:

o Profile Name (mandatory): a unique name for the new Profile o Description (mandatory): a description of the profile

3. Click “Save” icon ( ) to save and create the new Profile.

4. To modify the permissions within the new (or any) Profile, click on the “Profile Name”. By default all permissions will be disabled. Refer to Section 15.4 for details of available Permissions.

5. Once all permissions settings done, select “UPDATE” to save changes.

12.2.5. Tariff Future feature.

12.2.6. Templates A number of email templates are available for the account administrator to use to notify their users.

Picture 72 – General Settings; Templates

13. NOTIFICATIONS Displays all Telstra Programmable Network notifications that you have received, including System messages, Global Exchange connection requests, etc.



14. MANAGE CUSTOMERS Within in this section we’ll look at Manage Customers ( )

14.1. Graphical View If more than a single tenancy exists within the customer’s environment then they’ll be shown in a hierarchical graphical layout. NOTE: If the customer only has a single tenancy within their environment then nothing will be shown – select

Tabular View icon ( ) to preview your tenancy account details.

14.2. Tabular View This view provides information on tenancy owner and contact details, as shown in Picture 73 – Manage Customers - Tabular View.

Picture 73 – Manage Customers - Tabular View



15. ADDITIONAL RESOURCES

15.1. Further Reading Table 4 below provides a list of additional Telstra Programmable Network reading materials.

Reference Description / Location

Telstra Programmable Network @ Telstra.com

https://www.telstra.com.au/programmable-network

General Telstra Programmable Network Information

Telstra Programmable Network interactive eBook

https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/programmable-network-ebook.pdf

Telstra Programmable Network Animation https://youtu.be/agzA6WbXYxw

Technical Telstra Programmable Network Documentation

Telstra Programmable Network Technical Guide

<Please ask your Telstra Technical Account Rep for a copy>

Market Positioning

Network Transformation – The Next Frontier in Digital Transformation

https://insight.telstra.com.au/idc-market-spotlight

Use Case Data Sheets

Secure Internet Access https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/secure-internet-access-datasheet.pdf

Global Exchange https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/global-exchange-datasheet.pdf

Marketplace https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/vnf-marketplace-datasheet.pdf

Data Centre Interconnect https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/data-centre-Interconnect-datasheet.pdf

Table 4 – Additional Telstra Programmable Network Resources

15.2. Terms & Abbreviations The software enablement of network services has introduced a plethora of new terms and abbreviations, Table 5 below outlines a selection used throughout this document.

Term / Acronym /

Abbreviation Definition

2FA Two Factor Authentication

API Application Programmable Interface

ASN Autonomous System Number Private autonomous system (AS) numbers which range from 64512 to 65534 are used to conserve globally unique AS numbers. Globally unique AS numbers (1 - 64511) are assigned by IANA

BYOL Bring Your Own License

CIDN Customer ID (identifier) Number A unique 10- digit customer identification number assigned to each customer

DIA Direct Internet Access

Domain ID Domain ID

A unique 12-digit numeric identifier provided to each registered TPN Portal account holder.

https://www.telstra.com.au/programmable-network



https://youtu.be/agzA6WbXYxw

https://insight.telstra.com.au/idc-market-spotlight

https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/secure-internet-access-datasheet.pdf



https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/global-exchange-datasheet.pdf

https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/global-exchange-datasheet.pdf

https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/vnf-marketplace-datasheet.pdf

https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/vnf-marketplace-datasheet.pdf

https://www.telstra.com.au/content/dam/tcom/business-enterprise/network-services/pdf/data-centre-Interconnect-datasheet.pdf





Term / Acronym /

Abbreviation Definition

ECX Equinix Cloud Exchange

EOL End Of Life The date when the offered appliance is no longer supported.

EOS End Of Sales

EP Exchange Partner

Flow An abstraction of implementation-agnostic network connectivity between network entities.

Flow (A-End) Flow (Z-End)

When dragging a Flow between two objects on the canvas the A-End is the starting point of the drag operation and Z-end is the final end of the dragged flow/circuit.

Flow ID Flow Identifier Unique Service identifier for the Layer 2 Flow Service.

FNN Full National Number An alpha numeric code that uniquely identifies a service.

GWAN Global Wide Area Network

IPVPN service offered to customers outside of Australia

Mbps Megabits per second

Next IP IPVPN solution available within Australia

PoP Point of Presence

A PoP (Point of Presence) is a location in which customers can physically connect to the Telstra Programmable Network access point (port) that enables customers to enter the Telstra Programmable Network Platform.

SDN Software Defined Network

SLA Service Level Agreement Contracted service level performance metric

TCV Total Contract Value

Tenancy The current TPN environment that the user’s login credentials permits them to access.

TPN Telstra Programmable Network

Topology A logical segment/branch subnet of the user’s customer’s global network. A topology may include:

● Endpoints ● Flows

USD/HR US Dollars per Hour

VLAN Virtual Local Area Network

VNC Virtual Network Computing

A utility to remotely cone t to a VNF console VNF Virtual Network Function

Table 5 – Terms and Abbreviations

15.3. PoP Codes and Locations Telstra Programmable network offer a range of PoP (Points of Presence) around the world, Table 5 below lists the PoP Codes and Locations for currently available facilities.

PoP Code Country Location Address

SYEQ Australia Sydney

(Equinix SY1) Unit B, 639 Gardners Road, Mascot, NSW

SYE3 Australia Sydney

(Equinix SY3) 47, Bourke Road, Alexandria NSW 2015

SYGS Australia Sydney

(Global Switch) 400 Harris St, Ultimo, NSW, 2007

SYNE Australia Sydney

(NextDC S1) 4 Eden Park Road, Macquarie Park NSW 2113

ASES Australia Sydney

(Silverwater) Metronode DC - 8-14 Egerton Street, Silverwater NSW 2264




SYTS Australia Sydney

(Telstra St Leonards) 4a Herbert Street, St Leonards NSW 2065

SYLP Australia Sydney (Telstra Pacnet

Cloudspace SYCS1 ) Level 1-2, 133 Liverpool Street, Sydney, NSW

AMEQ Australia Melbourne

(Equinix) Equinix - 600 Lorimer St, Port Melbourne VIC 3207

AMLS Australia Melbourne (NextDC- Cloudspace MECS1)

NEXTDC - 826-830 Lorimer St, Port Melbourne, VIC 3207

AMTC Australia Melbourne

(Telstra Clayton) 1822 Dandenong Road Clayton, VIC 3168

ISTT Singapore Singapore

(Equinix SG1) SG IBX Center - Block 20, Ayer Rajah Crescent, Ayer Rajah Industrial Park, Singapore 139964

SGCN Singapore Singapore (Telstra - Cloudspace SGCS1)

Singapore EAC DLS - 1 Changi North Rise, Singapore 498817

SGGS Singapore Singapore

(Global Switch) 6/F Suite F1 & F4 and 5/F Suite E2, 2 Tai Seng Avenue, Singapore 534408

SGPL Singapore Singapore (Telstra - Cloudspace SGCS2)

Pacnet - 110 Paya Lebar Road Singapore 409009

SKDI Singapore Singapore (Keppel)

Telstra Singapore Pte Ltd, c/o Keppel Digihub NOC, 25 Serangoon North Ave 5, Level 3, Keppel Digihub, Singapore 554914

HKAT Hong Kong Hong Kong (Asia Tone)

5th Floor, 1 Wang Wo Tsai Street, Tsuen Wan, New Territories, Hong Kong

HKCK Hong Kong Hong Kong

(Telstra) Pacnet - 11 Chun Kwong Street, Tseung Kwan O Industrial, Estate, New Territories

HKGG Hong Kong Hong Kong (Equinix)

Equinix, 13/F Global Gateway, 168 Yeung Uk Road, Tseun Wan, Hong Kong

HKMI Hong Kong Hong Kong (Mega-I) Mega I - 12/F & 29/F Mega iAdvantage, 399 Chai Wan Road, Chai Wan

TPEI Taiwan Taipei

(DYXnet) 6/F 248 Yangguang St, Neihu Taipei 114

CBDH China Beijing

(Telstra) Pacnet - Electrical City, Building 10, North Road of JiuXian, Bridge, Chaoyang District, Beijing, China

CTHH China Tianjin

(Telstra Cloudspace) Pacnet - No. 8, Hui Hoi Road, Wuqing Business District, Tianjin, City 301700

EQHS Japan Tokyo

(Equinix) 4th Floor, Shinsyu-Meitetsu-Shinagawa building, 3-8-21 Higashi Shinagawa, Shinagawa-ku, Tokyo 140-0002

JTHA Japan Tokyo

(NPOP) NPOP - 1-5-3 Horitomecho Nihonbashi, Chuoku, Tokyo 103-0012 Comspace 4F

TBA France Paris (TH2) TH2: Telehouse Paris Voltaire - 137, Boulevard Voltaire, 75011 Paris, France

FRAN Germany Frankfurt (Germany) Ancotel, Kleyerstrasse 88-90 , 60326 Frankfurt am Main, Germany

UDDM United Arab

Emirates Dubai (Datamena) Datamena, Dubai International Media Production Zone

ULCO UK London

(Telehouse East) TFM50 2nd floor &TFM71 4th floor, Telehouse East, Coriander Avenue, London E14 2AA

ULHC UK London (Telstra - London

Hosing Centre) Telstra, c/o London Hosting Centre, 6 Greenwich View Place, London E14 9NN, UK

ULHX UK London

(Telecity) 3/F, 8-9 Harbour Exchange Square, Isle of Dogs, London E14 9GE, UK

1WMR USA Los Angeles

(Coresite 1 – Wilshire) CoreSite, 27/F, One Wilshire Building, 624 South Grand Ave., Los Angeles, CA 90017, USA

EQNX USA San Jose (Equinix)

Telstra, c/o Equinix, 11 Great Oaks Blvd , cage 1180, San Jose, CA 95119, USA

NY8A USA New York (Telstra)

Telstra, c/o Level 3 Co-Lo facility , 111 8th Avenue SUITE 304, CAGE S009, New York, NY 10011, USA




UNSE USA New Jersey

(Telstra - Secaucus) 1st floor, 2 Emerson Lane, Secaucus, NJ07094

USWB USA Seattle (Westin Building

Exchange) 2001 6th Ave, 19th Fl MMR, Seattle, 98121

Table 6 – Point of Presence – Codes and Locations

15.4. Profiles and Permissions The below Table 7 through to Table 18 lists available permissions that can be assigned to TPN account holders within your tenancy and sub-tenancies. Refer to §12.2.4 for details on how to set up Profiles and assigning Permissions.

CHILD CUSTOMER MANAGEMENT

This permission group contains permissions related to activation/deactivation of child customer accounts, fetching and update of child customer account details, getting permissions of child customer account role and changing of child customer's parent.

ActivateChildCustomer This permission allows parent users to activate their deactivated child customer account, so that the customer users are able to use the TPN system again. One should also have UpdateChildCustomer permission to perform this action. NOTE: Parent users can activate their child customer account on Manage customer screen by using slider under Actions tab.

DeactivateChildCustomer This permission allows parent users to deactivate their child customer accounts. Afterwards, Child customer account user will not be able to access TPN system. Parent users can deactivate their child customer accounts on Manage customer screen by using slider under Actions tab. One will be able to perform this action only if Child customer account status is active. One should also have UpdateChildCustomer permission to perform this action. One will not be able to perform this action if there are active child customer users under Child Customer account which is intended to be deactivated.

GetChildCustomerPermissions This permission allows parent users to view permission for a child customer user (based on the role). Child customer users can perform operations according to the assigned permissions of the role.

GetChildCustomers This permission allows parent users to view all child customer account details that are present in the TPN system.

UpdateChildCustomer This permission allows parent users to update details of their child customer account. One will be able to perform this action only if Child customer account status is active.

Table 7 – Profile and Permission Options: Child Customer Management

CHILD PERMISSION GROUP MANAGEMENT

This permission group contains permissions related to management of child customer account roles by assigning/unassigning permissions to/from them.

ManagePermissionsForChildCustomerRole This permission allows parent users to assign and unassign multiple permissions from/to the role of their child customer users. One can assign permission to other role only if customer admin role has that permission. One can only unassign permission from customer admin role if no other child role has that specific permission.



Table 8 – Profile and Permission Options: Child Permission Group Management

CHILD PRICING MANAGEMENT

This permission group contains permissions related to creation, deletion, get and update of exchange rates for child customer accounts. The permissions also allow to fetch existing exchange currencies of child customer accounts.

CreateChildExchangeRates This permission allows parent users to create exchange rates for their child customer accounts. Exchange rates will be applied for billing of child customer accounts if parent customer user sets different currency for them. Exchange rate can be defined between parent customer currency and any other currency. Exchange rates can be added from 'Tariff' tab under General Settings screen.

DeleteChildExchangeRate This permission allows parent users to delete exchange rates set for their child customer account. One cannot delete exchange rates which are being used by child customer accounts.

GetChildExchangeCurrencies This permission allows parent users to view the list of currencies that were used while creating exchange rates for their child customer accounts. With this permission, one can view the exchange currencies available for child customer accounts.

GetChildExchangeRates This permission allows parent users to get the list of exchange rates created for their child customers.

UpdateChildExchangeRates This permission allows parent users to update exchange rates of their child customer accounts. Updated exchange rates will be used for future billing of child accounts. Exchange rates can be updated from 'Tariff' tab under General Settings screen. One cannot update exchange rate if it is already being used.

Table 9 – Profile and Permission Options: Child Pricing Management

CHILD ROLE MANAGEMENT

This permission group allows to create, assign, view, delete and update roles of child customer accounts. It also allows to manage role by assigning/unassigning permissions for child customer role.

AssignPermissionsToChildCustomerRole This permission allows parent users to assign permissions to the role of their child customers. One can assign permission to other role only if customer admin role has that permission.

AssignRoleToChildCustomerUser This permission allows parent users to assign role to user(s) of their child customer accounts. Parent user can assign roles to multiple child customer users at a time.

CreateFoleForChildCustomer This permission allows parent users to create role for their child customer users. After creating role, parent users can assign permissions to it. Role name can be anything except Customer_Admin.

DeleteChildCustomerRole This permission allows parent users to delete the role created for their child customer users. Role will be no longer in use/unassigned after deletion. One can delete all roles except Customer_Admin role.

GetChildCustomerRoles This permission allows parent users to view roles created for their child customer users. It also allows parent users to fetch roles assigned to specific user.

UnassignRoleFromChildCustomerUser This permission allows parent users to unassign role from user(s) of their child customers.

UpdateChildCustomerRole This permission allows parent users to update roles of their child customers. One cannot update default customer-admin role.

Table 10 – Profile and Permission Options: Child Role Management



CHILD USER MANAGEMENT

This permission group contains permissions related to management of customer child user such as to create/update, unlock, activate/deactivate & unlock child customer users. The permission also allow to change password and fetch detailed information of child customer users.

ActivateChildCustomerUser This permission allows parent users to activate their child customer users which are in inactive state, so that they can use the TPN system again. Users can activate their child customer user from customer screen by using Slider under Actions tab. One should have UpdateChildCustomer user or UpdateCustomerUser permission for performing this action.

ChangeChildUserPassword This permission allows parent users to change password of their child customer users, so that the child customer user can login with new password and resume using the TPN system. Parent users can change password of their child customer user in Customer screen from 'Users' tab under reset password head. One should have UpdateChildCustomer user or UpdateCustomerUser permission for performing this action. One can update password of only active child customer users.

CreateChildCustomerUser This permission allows parent users to create users' for their child customer accounts. Created user(s) will be able to use TPN system. One can only create child customer user if customer account status is active.

DeactivateChildCustomerUser This permission allows parent users to deactivate their child customer user which will stop their access to TPN system. User can deactivate their child customer user from Customer screen by using Slider under Actions tab. One should have UpdateChildCustomer user or UpdateCustomerUser permission for performing this action. One can deactivate child customer user only if child customer account status is active. One cannot deactivate themselves by their own.

GetChildCustomerUsers This permission allows parent users to view details of all child customer users or information of any specific child customer user.

UnlockChildCustomerUser This permission allow parent users to unlock their child customer user which got locked due to multiple login attempts failure.

UpdateChildCustomerUser This permission allow parent users to update details of their child customer users. One can update details of only active child customer users.

Table 11 – Profile and Permission Options: Child User Management

CUSTOMER MANAGEMENT

This permission group contains various permissions related to customer account management such as creation of billing account, customer account deactivation/activation, management of customer account role and permissions, update and fetching of customer account details.

CreateCustomerAccount This permission allow parent users to create child customer account in the TPN system. A customer-admin role and billing account are created while creating a child customer account.

DeactivateCustomer This permission allows users to deactivate their customer account. User can deactivate their customer account from General Settings screen by using slider under Actions tab. One should have UpdateCustomer to perform this action.



GetChildCustomerRolePermissionsGroup This permission allows parent users to fetch all the groups with their corresponding permissions assigned to their child customer users.

GetCustomerPermissions This permission allows users to fetch permissions assigned to a particular role of the user of their customer account.

GetCustomerRolePermissions This permission allows users to fetch permissions assigned to all roles of their customer account.

GetCustomerRolePermissionsGroups This permission allow parent users to fetch all the groups with their corresponding permissions assigned to their customer accounts.

ManageChildGroupRolePermissions This permission allows parent users to assign/unassign permissions to/from child customer role. This permission is GUI specific allowing user to check/uncheck permission groups in GUI

ManageGroupRolePermissions This permission allows users to assign/unassign permissions to/from customer role. This permission is GUI specific allowing user to check/uncheck permission groups in GUI

ManagePermissionsForCustomerRole This permission allow users to manage permissions assigned to their customer roles. The users can assign/unassign permissions from the role created in their customer account.

UpdateCustomer This permission allows users to update details of their customer account.

Table 12 – Profile and Permission Options: Customer Management

DEFAULT GROUP

This permission group contains minimum set of permissions which should be assigned to user.

AddIdentityProvider This permission allow parent users to add identity provider for their own account which will define the authentication (Oauth 2.0 or default) to be used.

ChangeUserPassword This permission allows users to change password for their customer users. User can change customer user password in customer screen from 'Users' tab under reset password head. One should have UpdateCustomerUser permission to perform this action.

Create Generic Link This permission allow user to create generic links. Generic links are links created with CPE device and have no contracts.

CreateContract This permission allows users to create a contract for an already created Link. Data used for creating a contract is link with duration, bandwidth and renewal-option as its attributes.

CreateEndpoint This permission allows user to create an endpoint for the customer account which is further used to create vports and ultimately Link.

CreateLink This permission allows users to create a Link for the customers.

CreateTopology This permission allows users to create a topology tag Topology tag will be used to combine TPN objects under one topology

Create Vport This permission allows user to create vports for the customers which is further used as connections to create a Link.

Delete 2FA This permission allows users to disable 2FA authentication for their customer account.

Delete Generic Link This permission allow user to delete generic link.



DeleteEndpoint This permission allows user to delete/unprovision an endpoint for the customers. An endpoint can only be deleted if there are no links attached to it.

DeleteTopology This permission allows users to delete a topology tag which is used to combining objects. Objects themselves will not deleted.

DeleteVport This permission allow user to delete vport.

Enable 2FA This permissions allow users to enable 2FA authentication for their customer account.

Get 2FA This permission allows users to fetch the list of 2FA authentications enabled for their customer account.

Get Generic Link This permission allow user to get generic link details.

Get ActivityCustomerPermissions This permission allow user to fetch all roles and assigned permissions based on customer.

GetActivityPermissions This permission allow user to fetch permissions categorized within groups.

GetContract This permission allows users to get link inventory details of a particular contract.

GetCustomerAccount This permission allows users to fetch their customer account details.

GetCustomerIdentityProvider This permission allow parent users to view identity provider for their own account.

GetEndpointInformation This permission allows users to get the endpoint details.

GetLink This permission allows users to get the link details Need to define the details

GetMasterData This permission allows users to fetch all the master data present in the system.

GetRoles This permission allows users to fetch all the roles of their customer account.

GetTag This permission allows parent users to view all the tags created for their child customers so that they can be used for further associating the child customers or for filtering them.

GetTopology This permission allows users to get all objects under the specified topology tag

GetUsers This permission allows users to view their customer user's information.

ReadAllBillingAccount This permission allows user to fetch all the billing accounts of his customer account.

ReadBillingAccount This permission allows user to fetch a particular billing account of his customer account.

ReadEndpointScreen This permission allow user to access Endpoint screen in GUI.

ReadMessageCenter This permission allow users to get list of messages that are addressed to user. One should have access to portal to perform this action.

Register 2FA This permission allows users to register 2FA authentication for their customer account.

TagCustomerAccount This permission allows parent users to associate a tag while creating child customers. A single tag can be associated with multiple immediate child customers. One should have create customer account permission to perform this action.

UnprovisionEndpoint This permission allow user to delete/un-provision an endpoint for the customers. An endpoint can only be deleted if there are no links attached to it.

Update Generic Link This permission allow user to update name and description of a generic link.



UpdateContract This permission allows user to update contract so that he can modify it. The data that can be 'renewal-option' which can be auto-disconnect, auto-renew, pay-per-hour.

UpdateCustomerUser This permission allows users to update details of their customer’s users. Customer status should be active to perform this action.

UpdateLink This permission allows users to update Link information for the customers.

UpdateMessageCenter This permission allow system to publish message to specific user and user can update message status as read/delete etc.

UpdateVport This permission allows users to update a linkId on provided vport which is used while creation of a Link. The data required for vport updating is linkuuid, vport, customeruuid.

Table 13 – Profile and Permission Options: Default Group

IPVPN SERVICE

This permission group allows to perform actions on mapping requests and mappings. Mapping must be created if customer would like to use services that require external service ID parameter such as NextIP. Mapping record contains customer uuid and its corresponding external service id (FNN in case of NextIP). The permissions in this group allow to create, delete, update and fetch details of mappings via APIs. Also they allow to create, update and fetch details of requests for mapping sent by users of TPN.

ApproveMappingRequests This permission allows to approve mapping request sent by user. Mapping request contains customer uuid and external service ID (FNN) that would be required to use by NextIP service. By approving of the request the mapping of customer uuid to external service ID (FNN) will be created and users of this customer uuid will be able to use NextIP service.

GetAccountMapping This permission allows to get mapping of customer uuid to external service ID (FNN) used for NextIP service

GetAllMappingRequests This permission allows to get all requests created for mapping of customer uuid to external service ID (FNN) used for NextIP service

RejectMappingRequests This permission allows to reject mapping request sent by the user. By rejection of the mapping request the mapping will not be created and user will not be able to use NextIP service

UpdateMappingRequest This permission allows customer user to update parameters of mapping request to map customer uuid to external service ID (FNN) used for NextIP service.

Table 14 – Profile and Permission Options: IPVPN Service

PRICING MANAGEMENT

This permission group contains permissions related to pricing operations such as adding and fetching details of default or markup percentage, and management of exchange rates of a customer account.

AddDefaultPercentage This permission allows parent users to add default percentage to their customer accounts so that the default percentage can be applied to their child customer account only if they are not assigned any markup percentage. Default percentage can be added from 'Tariff' tab under General Settings screen.

AddMarkupPercentage This permission allow parent users to add markup percentage for their direct child customers so that markup percentage can be applied to their child customers. Markup percentage can be added from 'Tariff' tab under general settings screen.



CreateExchangeRates This permission allow parent users to create exchange rates for their customer account so that exchange rates can be used while creating child customers. It is also used while converting from one currency to another and can be applied in their billings. Exchange rates can be added from 'Tariff' tab under general settings screen.

DeleteExchangeRate This permission allow parent users to delete the existing exchange rates of their customer accounts. One cannot delete those exchange rates which are already in use.

GetDefaultPercentage This permission allow parent users to fetch default percentage of their customer accounts.

GetExchangeCurrencies This permission allow parent users to get the currencies list which were created while creating exchange rates for their customer accounts.

GetExchangeRates This permission allow parent users to get the exchange rates of their customer accounts.

GetMarkupPercentage This permission allow parent users to fetch markup percentages for their direct child customers.

UpdateExchangeRates This permission allow parent users to update exchange rates for their customer account so that the updated exchange rate can be used in their child customer’s billings. Exchange rates can be updated from 'Tariff' tab under general settings screen.

Table 15 – Profile and Permission Options: Pricing Management

ROLE MANAGEMENT

This permission group contains permissions related to role management for a customer account. It allows to create role, assign/unassign role to customer user and assign/unassign permissions to a customer role. One can update and delete roles. It also possible to fetch details of a customer role.

AssignRole This permission allows users to assign role to their customer users.

CreateRole This permission allows users to create role for their own customer account. The created role can further be assigned to any user of that customer.

DeleteRole This permission allows users to delete role of their customer account. One cannot delete customer-admin role.

GetCustomerRolePermissions This permission allows users to fetch all roles and assigned permissions of their customer account.

ManagePermissionsForCustomerRole This permission allows users to assign/unassign permissions from/to their customer account roles. One can assign permission only if customer-admin role has that permission. One can unassign permission from customer-admin role only if the specific permission is not assigned to any other role.

UnassignRole This permission allows users to unassign role from their customer user.

UpdateRole This permission allows users to update role of their customer accounts. One cannot update customer-admin role.

Table 16 – Profile and Permission Options: Role Management

TAB MANAGEMENT

This permission group contains UI specific permissions related to Settings tabs availability in GUI. Specifically, having these permission one can view and perform actions on General tab, Pricing (Tariff) tab, Profile (Role) tab, General setting screen, Tag tab and User tabs for child accounts and customer accounts in TPN GUI.



ViewGeneralSettingGeneralTab This permission allow user to view and edit his own customer account details. It also allows to add sub-account. One should have general setting screen permission to perform this action.

ViewGeneralSettingIdpTab This permission allow user to view and edit his own authentication scheme. One should have general setting screen permission to perform this action.

ViewGeneralSettingNotificationsTab This Permission allow user to view email templates created for their users. One can update email templates with this permission. One should have general setting screen permission to perform this action.

ViewGeneralSettingPricingTab This permission allows users to update markup percentage and Add/Edit/Delete exchange rates. One should have ViewGeneralSettingScreen permission to perform this action.

ViewGeneralSettingProfileTab This permission allows users to create, update and delete role of his own account. One can update permissions of a role too. One should have ViewGeneralSettingScreen permission to perform this action.

ViewGeneralSettingScreen This permission allows users to manage their account details, pricing, tags, users and roles.

ViewGeneralSettingUserTab This permission allows users to manage users of their customer account. One can add/edit/delete users with this permission. One should have ViewGeneralSettingScreen permission to perform this action.

ViewManageCustomerGeneralTab This permission allows parent users to view and edit child customer account details. It also allows to add sub-account. One should have ViewManageCustomerScreen permission to perform this action.

ViewManageCustomerIdpTab This permission allow parent user to view and edit child customers authentication scheme. One should have view manage customer screen permission to perform this action.

ViewManageCustomerPricingTab This permission allows parent user to update markup percentage and Add/Edit/Delete exchange rates for their child customer accounts. One should have ViewManageCustomerScreen permission to perform this action.

ViewManagerCustomerProfileTab This permission allows parent user to create, update and delete roles of their child customer accounts. One can update permissions of a role too. One should have ViewManageCustomerScreen permission to perform this action.

ViewManageCustomersScreen This permission allows parent users to manage their child customer's account details, pricing, tags, users and roles.

ViewManagerCustomerUserTab This permission allows parent users to manage users of their child customer accounts. One can add/edit/delete users with this permission. One should have ViewManageCustomerScreen permission to perform this action.

Table 17 – Profile and Permission Options: Tab Management

USER MANAGEMENT

This permission group contains permissions related to customer user management. One can create, activate/deactivate, unlock, update, upload, change password of customer user(s) and fetch user details.



ActivateCustomerUser This permission allows users to activate their customer users so that they can use the TPN system. One can activate their customer user in Customer screen by using Slider under Actions tab. One should have UpdateCustomerUser permission to perform this action.

CreateCustomerUser This permission allows users to create user(s) of their customer accounts. Customer status should be active to perform this action.

DeactivateCustomerUser This permission allows users to deactivate their customer user. User can deactivate their customer user in Customer screen by using slider under Actions tab. One should have UpdateCustomerUser permission to perform this action. Customer status should be active to perform this action.

UnlockCustomerUser This permission allows users to unlock their customer users so that they can resume using the TPN system.

Table 18 – Profile and Permission Options: User Management



Contact your Telstra representative now or email [email protected] for more details. Asia: + 852 2827 0066 • Americas: + 1 877 835 7872 • EMEA: + 44 20 7965 0000 • Australia: + 61 2 8202 5134

30102017

mailto:[email protected]

programmable network portal user manual

Documents