`
TELSTRA PROGRAMMABLE NETWORK PORTAL
USER MANUAL
VERSION: November 2018
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 1/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
LEGAL STATEMENT
© Telstra Corporation Limited 2018
Copyright, trademark and other intellectual property rights in this document are owned or licensed by Telstra Corporation Limited or its affiliates (Telstra) and protected by law. Information contained in this document is subject to change without notice and does not represent a commitment on the part of Telstra. As this document contains confidential information of Telstra, except as allowed by law or in accordance with your confidentiality agreement with Telstra (if any), it must not be disclosed in whole or part to any third party without Telstra’s consent. No part of this publication may be reproduced in whole or in part, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopied, recorded or otherwise, without the written permission of Telstra. Although Telstra has been careful to ensure that information contained in this document is accurate, it is not guaranteed to be error free. If you have any questions about the information (including its accuracy and completeness), please call your Telstra representative.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 2/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Contents 1. Support ...... 5 2. Introduction ...... 6 2.1. Audience ...... 6 2.2. Purpose and Scope ...... 6 2.3. Terms & Abbreviations ...... 6 3. System Requirements ...... 6 4. Portal Access ...... 6 4.1. Registration ...... 6 4.2. Logging into Portal ...... 6 4.2.1. Two-Factor Authentication Login ...... 7 4.2.2. Alternative Login Screen ...... 8 4.2.3. Forgot Password ...... 8 4.3. Portal Navigation...... 9 4.3.1. Left Side Menu ...... 9 4.3.2. Top Menu ...... 10 4.4. Getting Started Tips ...... 12 4.4.1. User Assistant ...... 12 5. Dashboard ...... 13 5.1. Flow traffic ...... 14 6. PoP Ports...... 14 6.1. Add PoP Port ...... 14 7. Global Exchange ...... 14 7.1. Accessing Global Exchange ...... 14 7.2. Add a Telstra Next IP connection ...... 15 7.3. Add a Telstra GWAN connection ...... 16 7.4. Add an AWS connection ...... 17 7.5. Add a Microsoft Azure connection ...... 17 7.6. Add Other Exchange Partner connection ...... 18 8. Marketplace ...... 23 8.1. Add VNF to ‘My Images’ library ...... 23 8.2. Delete a VNF from ‘My Images’ library ...... 26 9. Network Topology ...... 26 9.1. Create a New Topology ...... 26 9.2. Recall an Existing Topology ...... 27 9.3. Add Item to Network Topology ...... 28 9.3.1. Add a PoP Port to the Canvas ...... 29 9.3.2. Add a Next IP connection to the Canvas ...... 29 9.3.3. Add a GWAN connection to the Canvas...... 30 9.3.4. Add Internet Access to the Canvas ...... 31 9.3.5. Add AWS to the Canvas ...... 32 9.3.6. Add a VNF to the Canvas ...... 32 10. Layer 2 Flow Service ...... 34 10.1. Flow Creation ...... 34 10.1.1. Flow Creation between PoP Port and PoP Port ...... 34
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 3/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
10.1.2. Flow Creation between PoP Port and VNF ...... 37 10.1.3. Flow Creation between PoP Port and Internet ...... 39 10.1.4. Flow Creation between PoP Port and Next IP or Global IPVPN ...... 41 10.1.5. Flow Creation between PoP Port and Exchange Partner ...... 43 10.2. Edit Contract ...... 45 10.3. Contract Creation ...... 46 11. Gateway Protection ...... 47 11.1. Add Gateway Protection to Images Library ...... 47 11.1.1. Add Gateway Protection to a Network Topology ...... 49 11.1.2. Configure Gateway Protection Service ...... 50 11.1.3. Connect and Configure Next IP/IPVPN Service ...... 50 11.1.4. Configure Palo Alto Virtual Firewall ...... 51 11.1.5. Create and configure a flow between Next IP/IPVPN Service and Palo Alto Virtual Firewall ...... 51 11.2. Gateway Protection Dashboard ...... 53 11.3. Configure Gateway Protection Firewall Policies ...... 54 11.3.1. Summary ...... 55 11.3.2. Network Interfaces ...... 57 11.3.3. Firewall Rules ...... 59 11.3.4. NAT Rules ...... 60 11.3.5. Static Routes ...... 63 11.3.6. DNS Sinkholing ...... 66 11.3.7. Address Objects ...... 67 11.3.8. Service Objects ...... 69 11.3.9. BFD Profile ...... 71 11.3.10. BGP Auth Profile ...... 72 11.3.11. VNF BGP Configuration ...... 74 11.3.12. Backup ...... 75 11.3.13. Debug Tools ...... 77 12. Settings ...... 78 12.1. Exchange Settings ...... 78 12.2. General Settings ...... 78 12.2.1. General ...... 78 12.2.2. Identity Provider ...... 79 12.2.3. Users ...... 80 12.2.4. Profiles ...... 81 12.2.5. Tariff ...... 82 12.2.6. Templates ...... 82 13. Notifications ...... 82 14. Manage Customers ...... 83 14.1. Graphical View ...... 83 14.2. Tabular View ...... 83 15. Additional Resources ...... 84 15.1. Further Reading ...... 84 15.2. Terms & Abbreviations ...... 84 15.3. PoP Codes and Locations ...... 85 15.4. Profiles and Permissions ...... 87
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 4/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
1. SUPPORT
Telstra is committed to delivering the highest levels of service and support to our customers. In the unlikely event you do experience an interruption to your service; we will investigate while remaining in contact with you at regular intervals to provide status updates. We will work towards an efficient and complete resolution. If you need to contact Telstra in relation to a Support query, please use the contact details shown below.
Email Support (Preferred) If you have any issue using our service, or want to raise a support ticket, you can contact the following inbox:
Support: [email protected]
Phone Support If your issue is more pressing, you can call the relevant contact number for your region:
Australia: +61-385-941-952 United States of America: +1-585-445-3673 Singapore: +65-315-73803 United Kingdom: +44-289-692-3445 Hong Kong: +852-301-86672 Japan: +81-3452-09650
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 5/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
2. INTRODUCTION
This user manual provides detailed information about different functionalities which the user can perform within the Telstra Programmable Network Portal.
2.1. Audience
The document is intended for internal and external users.
2.2. Purpose and Scope
The purpose of this document is to cover all the important features of the Telstra Programmable Network Portal.
2.3. Terms & Abbreviations
Refer to Section 15.2 for a list of Terms and Abbreviations used throughout this document.
3. SYSTEM REQUIREMENTS
The following are the minimum recommended system requirements:
● Operating System and Browser Support:
Browser OS Supported Version Chrome Window 7 or above 52.0 or above Firefox Window 7 or above 45.3.0 or above Internet Explorer Window 7 or above 11 or above Safari MAC OS Yosemite 10.1.1 or above Table 1 – Supported Operating Systems and Browsers
● Screen Resolution: 1366 x 768 or greater Note: If your PC is connected with multiple display screens, there are occasions where moving the browser across screens may cause some of the portal elements to fall out of range of display. In such occasion, you can adjust the browser display zoom factor to bring the out-of-range elements back.
4. PORTAL ACCESS
4.1. Registration
Before you will be able to log into the Telstra Programmable Network Portal and access Telstra Programmable Network Platform and Services, you need to register.
An existing Telstra Next IP or Global IPVPN customer can simply registration online by navigating to the Telstra Programmable Network section at either:
http://www.telstra.com.au http://www.telstraglobal.com
If you are a new customer, please contact your local Telstra Account Representative for assistance in the registration and on-boarding process.
4.2. Logging into Portal
Once you receive your Telstra Programmable Network credentials, login using the secure URL:
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 6/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
https://www.pn.telstra.com/loginmt.html
HINT: Bookmark this URL in your browser for fast access to the Telstra Programmable Network Portal in future.
Picture 1 – Telstra Programmable Network Login Screen
4.2.1. Two-Factor Authentication Login
If Two-Factor Authentication has been enabled for your TPN tenancy then after completing the above login screen (Picture 1) there will be an additional screen requiring a second level of user authentication, via the “Google Authenticator” Application.
If the user has not previously successfully logged into their TPN account using Two-Factory Authentication then they will be presented with the screen shown in Picture 2 – Two-Factor Authentication PIN Setup Screen.
Picture 2 – Two-Factor Authentication PIN Setup Screen
Use mobile “Google Authenticator” Application to read the QR code. This will adds a new entry into list of supported accounts titled “PN(username)”.
Users who have setup their “Google Authenticator” Application will automatically be presented with the screen shown in Picture 3 – Two-Factor Authentication PIN Login Screen.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 7/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 3 – Two-Factor Authentication PIN Login Screen
The current 6 digit PIN from the “Google Authenticator” Application should be populated into the verification field. NOTE: The method for setting up Two-factor Authentication for a TPN tenancy is described in Section 12.2.2 - Identity Provider.
4.2.2. Alternative Login Screen
The portal will automatically log a user out after a period of time, as a result you may be presented with the following slightly different log in screen.
Picture 4 – Telstra Programmable Network alternative Login Screen
If you are presented with the login screen shown in Picture 4 – Telstra Programmable Network alternative Login Screen then complete as follows:
1. In the Username field is a concatenation of your 12-digit domainid and username with a ‘/’ separator: a. That is ‘domainid’/’username’ 2. In the Password field enter your password.
NOTE: This concatenated ‘username’ format is also used when requesting API access tokens.
4.2.3. Forgot Password
Should you forget your password and need to reset it then referring to the login screen in Picture 1 – Telstra Programmable Network Login Screen, click on “Forgot Password” to be taken to the reset password screen, shown in Picture 5 – Telstra Programmable Network Forgot Password Screen.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 8/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 5 – Telstra Programmable Network Forgot Password Screen
To reset your password please provide the following details:
1. “Email ID”: The email address provided with your original account creation request. 2. “Domain ID”: Your 12-digit domainid.
4.3. Portal Navigation
Once logged into the Portal you will be presented with the Dashboard View, as shown in Picture 6 below.
Top Menu Left Side Menu
Sub-Menu
Picture 6 – Dashboard Home Screen
4.3.1. Left Side Menu
Clicking the hamburger menu icon ( ) at the top of the ‘Left Side Menu’ will expand the menu to present the options described in Table 2 below.
Description
Dashboard: (Refer to Section 5) Graphical representation of your current service topologies. Your current topologies are available from a drop down selection list.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 9/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Network: (Refer to Section 9) Provides the canvas for working on your topologies. You can create new topologies and edit existing ones. This is the area where all your service topology creating, modifying and deleting will take place. Sub-Menu: Existing Topologies: Scroll through the list of your currently defined topologies Sub-menu: Create New Topology: This is the starting point for creating a new topology.
Global Exchange: (Refer to Section 7) Provides a directory of current Global Exchange partners, as well as any existing Global Exchange partner connections you may already have in place. Marketplace: (Refer to Section 8) A central repository of available virtual capabilities. Sub-menu: Marketplace Directory (Default View): A directory of vendors who offer virtual network functions. Sub-menu: My Images: Displays a list of all images you have selected to use. NOTE: Only VNFs that you have added to ‘My Images’ will be available within Network Topologies - Functions ‘Marketplace’ list.
Settings: (Refer to Section 12) Sub-menu: Exchange Settings (Default View): Global Exchange allows you to connect to other providers. To become a Global Exchange provider, complete the Exchange Set Up settings to be listed in the directory. Sub-menu: General Settings: Displays your company details, users, billing and tariff preferences for your company
Notifications: (Refer to Section 13) Displays all Telstra Programmable Network notifications that you have received, including System messages, Global Exchange connection requests, etc. Manage Customers: (Refer to Section 14) Tabular and graphical views of your current company registered admin representative. Table 2 – Telstra Programmable Network Portal Navigation – Left Side Menu components
4.3.2. Top Menu
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 10/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 7 – Telstra Programmable Network Portal Navigation – Top Menu
Menu component Description User Assistant: This step-by-step wizard will guide you through the steps required to create, configure and even remove a range of TPN capabilities. Transaction: Provides a chronological list of all transactions that have been actioned on topologies within the tenancy.
Notifications: Display all Telstra Programmable Network notifications that you have received, including System messages, Global Exchange connection requests, etc.
User Settings: Customise your account preferences. Language and Timezone o Select Language o Timezone System Settings o Pagination o Receive Notifications o 2 Factor Authentication Change Password: Change your account password NOTE: Password must contain at least 8 characters, 1 upper case, 1 lower case and 1 special character. Help: Drop down list of useful documentation and instructions on how to use Telstra Programmable Network, the Portal and its additional functions.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 11/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Support: Find out how to contact our support team. Direct link to: https://www.pn.telstra.com/support.html Logout: Logs the user out of the Telstra Programmable Network portal. Table 3 – Telstra Programmable Network Portal Navigation – Top Menu components
4.4. Getting Started Tips
To build a service within the Telstra Programmable Network environment the following steps are recommended:
● Create your library of components: o PoP Ports (refer to §6 – ‘PoP Ports’) o Connectivity – Global Exchange (refer to §7 – ‘Global Exchange’) o Network Functions – Marketplace (refer to §8 – ‘Marketplace’) ● Create a Network Topology canvas (refer to §9.1 – ‘Create a New Topology’ and §9.2 – ‘Recall an Existing Topology’) ● Place your different components into the canvas (refer to §9.3 - ‘Add Item to Network Topology’) ● Create your end-to-end service by connecting your component together (refer to §10.1 – ‘Flow Creation’)
If you are not sure how to accomplish a certain outcome, you can use the “User Assistant” feature.
4.4.1. User Assistant
This step-by-step guided tour will guide you through the steps required to create, configure and even remove a range of TPN capabilities from your tenancy and topologies. To start, click on the User Assistant icon ( ) from the Top menu. The following screen will be displayed.
The “User Assistant” screen presents a search bar, and a list of options for selection. You can type inside the search bar under “What would you like to do?” or select from the list to start a User Assistant guided tour. A guided tour will guide you step by step on the portal to accomplish the outcome you have selected, for example “I want to add/configure/deploy Internet in Topology”.
In each step, the immediate needed action is highlighted, and the rest of the portal is greyed out. At any step, you can click on “EXIT” to exit the guided tour.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 12/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
5. DASHBOARD
The Dashboard is Telstra Programmable Network Portal’s landing page, when a user first log into the Telstra Programmable Network portal it is this page that is presented, as shown in Picture 8 – Dashboard Landing Page.
The most recently edited topology will always be presented, along with up to 2 flows and their current traffic flow metrics (if configured).
Picture 8 – Dashboard Landing Page
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 13/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
5.1. Flow traffic
A user can configure up to 2 traffic flows to monitor bandwidth (in Mbps), or traffic volume (in Packets).
6. POP PORTS
The Telstra Programmable Network offers many Point of Presence (PoP) locations globally where you can interconnect your network into the Telstra Programmable Network Platform.
This section covers the following use case:
● Add PoP Port
6.1. Add PoP Port
This section describes how to connect a Point of Presence (PoP) Port into your Telstra Programmable Network Platform.
1. You can request physical interconnection Ports into the Telstra Programmable Network Platform via the Telstra Programmable Network Application Form, Appendix 1: Port Request, which can be obtained from your Account Executive. 2. The Appendix 1: Port Request form allows you to nominate a number of Ports. 3. For each Port, the following details need to be provided: a. Telstra Programmable Network Point of Presence, i.e. site of Port b. Port Type, i.e. physical interface required for your cross-connect or connecting network infrastructure
7. GLOBAL EXCHANGE
The Global Exchange displays a directory of exchange services that you can create a connection to. By adding the selected services to your ‘Global Exchange’ library you will be able to select their service when we go to create our network topology in section 7
Within this section we are covering the following use cases:
● Add Telstra Next IP connection ● Add Telstra GWAN connection ● Add AWS connection ● Add Microsoft Azure connection ● Add Other Exchange Partner connection
7.1. Accessing Global Exchange
1. The user clicks the ‘Global Exchange’ icon ( ) on the left side menu. 2. The user is redirected to the ‘Global Exchange’ home screen. In the ‘Global Exchange’ home screen all the Global Exchange partners are listed in a grid view where an expandable row for each partner is displayed as shown in Picture 9 - ‘Global Exchange Home Screen’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 14/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 9 – Global Exchange Home Screen
3. Details of each Global Exchange partner offering can be obtained by clicking the company’s logo or Name as shown in Picture 10.
Picture 10 – Global Exchange partner service details drop down
4. To request a new connection to a ‘Global Exchange’ partner select the New Connection Request icon ( ). 5. To track the progress of a new service request, select the Information icon ( ).
NOTE: The following sections demonstrate how new Global Exchange services can be requested.
7.2. Add a Telstra Next IP connection
This section describes how to connect a Next IP IPVPN service into Telstra Programmable Network.
NOTE: A Next IP connection is only available for Australian based customers.
6. After completing Steps 1 to 4 in Section 7.1 above. 7. Click on the New Connection Request icon ( ) for the row called ‘Telstra – Next IP’. The row expands and a slide down section ‘Request Connection to – Telstra Next IP’ appears as shown in Picture 11 - ‘Add New Next IP Connection slidedown section’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 15/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 11 – Add New Telstra Next IP Connection slidedown section
8. The user provides required values for all the fields: o Telstra Next IP FNN o Name of Contact Requesting o Email of Contact Requesting 9. Click on the ‘Send Request’ button. 10. By clicking ‘Send Request’, the request is sent to Telstra for processing. 11. To track the progress of your request, select the ‘Information’ icon ( ), the current status of your request will be as shown in Picture 12 – ‘Request Status Information’ below. 12.
Picture 12 – Request Status Information
13. Once the request has been processed, the Status will update to ‘Approved’ and a new entry will be made available within the ‘Function – Global Exchange’ drop down list – refer to section 9.3.2 – ‘Add a Next IP connection to the Canvas’.
7.3. Add a Telstra GWAN connection
This section describes how to connect a Global WAN (GWAN) service into Telstra Programmable Network.
NOTE: Global WAN is available for all Telstra customers outside of Australia who already have a GWAN service on the same SFDC account as their Telstra Programmable Network service. Please speak with your Account
Representative if you have any questions.
1. After completing Steps 1 to 4 in Section 7.1 above. 2. Click on the New Connection Request icon ( ) for the row titled ‘Telstra – IPVPN Connection’. The row expands and a slidedown section ‘Request Connection to – Telstra GWAN’ appears as shown in Picture 13 - ‘Add New GWAN Connection slidedown section’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 16/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 13 – Add New Telstra GWAN Connection slidedown section
3. The user provides required values for all the fields: o Master Service ID o Name of Contact Requesting o Email of Contact requesting 4. Click on the ‘Send Request’ button. 5. By clicking ‘Send Request’, the request is sent to Telstra for processing.
7.4. Add an AWS connection
1. After completing Steps 1 to 4 in Section 7.1 above. 2. Click on the New Connection Request icon ( ) for the row titled ‘Amazon’. The row expands and a slidedown section “Add New Connection – Amazon” appears as shown in Picture 14 - ‘Add New Connection slidedown section’.
Picture 14 – Add New Connection slidedown section
3. The user provides required values for all the fields and click on the ‘Send Request’ button. 4. By clicking ‘Send Request’, the request is sent to the ‘AWS’ (Amazon) partner.
7.5. Add a Microsoft Azure connection
NOTE: This process has some manual steps, expect communications from Telstra throughout the process.
1. The user logs into their Microsoft Azure account 2. Select Equinix as an interconnect partner (NOTE: Telstra will also be in the list but be sure to select Equinix) 3. Take note of the Azure provided service key, and provide that to Telstra. Telstra will then request ECX virtual ports on your behalf. ECX will assign requested ports. 4. Complete steps 1 to 4 in Section 7.1 above. 5. Click on the New Connection icon ( ) for the row titled ‘ECX. The row expands and a slidedown section “Add New Connection – Other” appears as shown in Picture 15 - ‘Add New Connection slidedown section’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 17/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 15 – Add New Connection slidedown section
6. The user provides required values (ensure the VLAN and bandwidth values provided to Equinix match those provided here) for all the fields and click on the ‘Send Request’ button. 7. By clicking ‘Send Request’, the request is sent to Telstra for processing.
NOTE: This process has some manual steps, expect communications from Telstra throughout the process.
7.6. Add Other Exchange Partner connection
1. Complete Steps 1 to 4 in Section 7.1 above. 2. The user i.e. ‘Consumer’ clicks any Global Exchange partners New Connection Request icon (other than those already discussed above). The row expands and a slide-down section “Add New Connection – Other” appears as shown in Picture 16 - ‘Add New Connection slide-down section’.
Picture 16 – Add New Connection slide-down section
3. The user provides the required values for all the fields and click on the ‘Send Request’ button. 4. By clicking ‘Send Request’, the request is sent to the respective Global Exchange partner i.e. ‘provider’. 5. Once the request is sent, it is received at respective Global Exchange partners i.e. provider’s Message Centre Screen in ‘Request Initiated’ status and same request is visible in ‘Consumer’ Message Centre Screen in ‘Pending’ status as shown in Picture 17 - ‘Respective Global Exchange partners (providers) Message Centre Screen’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 18/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 17 – Respective Global Exchange partners (providers) Message Center Screen
6. When the provider clicks the request listed in its Message Centre grid a ‘Request Initiated’ slide-down section appears between the rows containing the request details along with ‘Accept, Cancel and Modify’ buttons as shown in Picture 18 - ’Provider’s Request initiated slide-down section’.
Picture 18 – Provider’s Request initiated slide-down section
7. If the provider clicks the ‘Accept’ button, an ‘Accept Exchange Request’ pop-up opens along with ‘Cancel’ and ‘Accept’ buttons as shown in Picture 19 - ‘Accept Exchange Request pop-up’.
Picture 19 – Accept Exchange Request pop-up
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 19/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
8. To accept the request, the Provider clicks the ‘Accept’ button. 9. By clicking ‘Accept’, the request status is updated from ‘Request Initiated’ to ‘Approved’ and the ‘Request Initiated’ slide-down section is updated to ‘Approved’ along with the disabled ‘Approved’ button as shown in Picture 20 - ‘Provider’s Approved slide-down section’. The ‘Consumer’s’ Message Centre screen will now also show the new approval status.
Picture 20 – Provider’s approved slide-down section
10. If the Provider clicks the ‘Cancel’ button, a ‘Confirmation’ pop-up opens along with ‘Cancel’ and ‘OK’ buttons as shown in Picture 21 - ‘Confirmation pop-up’.
Picture 21 – Confirmation pop-up
11. To cancel the request, the Provider clicks the ‘Cancel’ button. 12. By clicking ‘Cancel’, the request status is updated from ‘Request Initiated’ to ‘Closed’ and the ‘Request Initiated’ slide-down section is changed to ‘Closed’ along with the disabled ‘Closed’ button as shown in Picture 22 - ‘Provider’s Closed slide-down section’. The ‘Consumer’s’ Message Centre screen will now also show the new approval status.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 20/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 22 – Provider’s Closed slide-down section
13. If the Provider clicks the ‘Modify’ button, the ‘Modify Connection Request’ pop-up opens along with ‘Cancel’ and ‘Send Request’ buttons as shown in Picture 23 - ‘Modify Connection Request pop-up’.
Picture 23 – Modify Connection Request pop-up
14. The ‘Provider’ updates the fields as required and clicks the ‘Send Request’ button. 15. By clicking ‘Send Request’, the request status is updated from ‘Request Initiated’ to ‘Request Modified’ and the ‘Request Modified’ slide-down section is updated to ‘Request Modified’ along with disabled ‘Pending’ button as shown in Picture 24 - ‘Provider’s Request Modified slide-down section’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 21/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 24 – Provider’s Request Modified slide-down section
16. In ‘Modify’ request case on ‘Consumer’s’ Message Centre screen the request status is updated from ‘Request Initiated’ to ‘Request Modified’ and the ‘Request Initiated’ slide-down sections is updated to ‘Request Modified’ slide-down section along with ‘Accept, Cancel, Modify’ buttons. 17. If the ‘Consumer’ accepts the modified request by clicking ‘Accept’, the request status remains as ‘Request Modified’ and the ‘Request Modified’ slide-down section is updated to ‘Request Modified’ along with the disabled ‘Pending’ button as shown in Picture 25 - ‘Consumer’s Request Accepted slide-down section’.
Picture 25 – Consumer’s Request Accepted slide-down section
18. In the Provider Message centre screen, the request status is updated from ‘Request Modified’ to ‘Request Accepted’ and the ‘Request Modified’ slide-down section is updated to ‘Request Accepted’ along with the ‘Confirm’ button as shown in Picture 26 - ‘Provider’s Request Accepted slide-down section’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 22/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 26 – Provider’s Request Accepted slide-down section
8. MARKETPLACE
The Marketplace is a central repository of virtual network appliances (vAppliances), such as Switches, Routers and Firewall from selected vendors.
You will be required to Bring-You-Own-Licence (BYOL) for the vAppliances from these vendors, by obtaining these directly from those third parties as per your agreement with them.
Before any VNF objects can be added to your Network Topologies the user must select them from the ‘Marketplace Directory’ and add them to your ‘My Image’ library.
Within this section we cover the following use cases:
● Add VNF to ‘My Images’ library ● Delete VNF from ‘My Images’ library
8.1. Add VNF to ‘My Images’ library
1. User must be logged in as “Customer” in the Portal 2. The ‘Dashboard’ screen will display, as shown in Picture 27 - ‘Dashboard Home Screen’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 23/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 27 – Dashboard Home Screen
3. Click on the ‘Marketplace’ icon ( ) present on the left side menu. 4. Once the user clicks ‘Marketplace’ the user is redirected to ‘Marketplace Directory’ Screen and following options appear on the bottom left side menu:
o Marketplace Directory o My Images
5. The ‘Marketplace Directory’ screen contains the list of vendors with their shared (VNF) images and details. The following details are covered in that list as shown in Picture 28 - ‘Marketplace Directory Screen’. 6. o Company Logo o Name o Website o Categories
Picture 28 – Marketplace Directory Screen
7. By clicking ‘Name’ or ‘Company Logo’ fields, the row expands to show the details of that vendor as shown in Picture 29 - ‘Marketplace directory with expanded row’:
o Category o Model o Description
Picture 29 – Marketplace directory with expanded row
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 24/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
8. Click on the row of a virtual function type, its respective model details are displayed with ‘Cancel’ and ‘Add to My Images’ button as shown in Picture 30 - ‘Marketplace Directory expanded row with model details table‘.
Picture 30 – Marketplace Directory expanded row with model details table
9. The table contains the following details (note these details may vary between different VNFs):
o Version o Maximum Number of Interfaces o Support Zero Day o USD/HR o EOS o EOL
10. The user selects the appliance by clicking the corresponding checkbox displayed at the end of the row 11. Once the checkbox is selected, the user clicks ‘Add to My image’ button. This will add the image to ‘My Images’ section and the ‘Network’ screen under ‘Add Items’. 12. To view the newly added image in the ‘My Images’ grid, the user clicks the ‘My Images’ icon ( ) present on the left side menu. 13. The user is redirected to the ‘My Images’ screen where a list of all images that have been added appear. 14. The following details for each image is displayed on the ‘My Images’ screen as shown in Picture 31 - ’My Images Screen’: o Vendor o Category o Version o EOS o EOL
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 25/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 31 – My Images Screen
8.2. Delete a VNF from ‘My Images’ library
1. Click on the ‘Marketplace’ icon ( ) present on the left-hand menu. 2. Click on the ‘My Images’ icon ( ) present on the left hand sub-menu. 3. A ‘Delete’ icon ( ) is present against each VNF image. 4. By clicking ‘Delete’ against an image a ‘Confirmation’ pop-up along with ‘OK’ and ‘Cancel’ buttons opens for that respective image. 5. The user clicks ‘OK’ and the image is deleted from the list and will no longer be available via ‘Add Items’ on the ‘Network’ Screen.
9. NETWORK TOPOLOGY
Within this section we will be creating topology using the Global Exchange partner connections and VNF Images that have been setup. We will cover the following use cases:
● Create a New Topology ● Recall an Existing Topology ● Add Item to Network Topology o Next IP connection o GWAN connection o Internet connection o AWS connection o VNF
The Network Topology area within the Portal is where a customer is able to create and then modify both draft, as well as live, Telstra Programmable Network architectures.
The area in which we work with each Topology is also referred to as the canvas.
9.1. Create a New Topology
1. Click on the ‘Network’ icon ( ) in the left side menu. 2. The user is redirected to blank ‘Network’ screen and the following options appear in the bottom left side menu: o Existing Topologies o Create New Topology
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 26/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
3. The user clicks the ‘Create New Topology’ icon ( ) and the ‘New Topology’ pop-up opens as shown in Picture 32 - ‘New Topology Pop-up’.
Picture 32 – New Topology Pop-up
4. In the ‘New Topology’ pop-up, the user provides values for the required fields i.e. ‘Topology Name’ and ‘Topology Description’ and clicks the ‘Save’ button. 5. Once the user clicks ‘Save’, the topology is created and the user is redirected to a blank canvas for the newly created topology as shown in Picture 33 - ‘Newly Created Topology Canvas Screen’.
Picture 33 – Newly Created Topology Canvas Screen
6. The ‘Newly Created Topology’ screen contains the Name and Description of the topology with ‘Edit’ and ‘Delete’ icons, blank canvas, ‘Add Items’ and ‘Deploy’ buttons as shown in Picture 3 - ’Newly Created Topology Canvas Screen’. 7. To update the topology Name and Description the user can click on the ‘Edit’ icon ( ). 8. To delete a topology (canvas) the user can click the ‘Delete’ icon ( ). NOTE: Before a canvas can be deleted all flows and objects must first be individually deleted. 9. To add new items to a topology the user can click on the ‘Add Items’ icon – refer to §9.3 below. 10. To deploy a topology the user can click the ‘Deploy’ icon.
9.2. Recall an Existing Topology
1. Click on the ‘Network’ icon ( ) in the bottom left side menu. 2. Once the user clicks ‘Network’ the user is redirected to blank ‘Network’ Screen and the following options get added to the left side menu:
o Existing Topologies o Create New Topology
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 27/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
3. The user clicks ‘Existing Topologies’ ( ) and the ‘Existing Topologies’ list is displayed at the bottom of the left-hand side of the screen as shown in Picture 34 - ‘Network Screen with Existing Topologies Option’.
Picture 34 – Network Screen with Existing Topologies Option
4. The user selects the existing topology to which they want to view or add the items. By selecting topology, the user is redirected to the selected topology screen. 5. The ‘Existing Topology’ screen contains the name and description of the topology with ‘Edit’ and ‘Delete’ icons, canvas along with ‘Add Items’ and ‘Deploy’ buttons. 6. To update the topology Name and Description the user can click on the ‘Edit’ icon ( ). 7. To delete a topology (canvas) the user can click the ‘Delete’ icon ( ). NOTE: Before a canvas can be deleted all flows and objects must first be individually deleted. 8. To add new items to a topology the user can click on the ‘Add Items’ icon – refer to section 9.3 below. 9. To deploy a topology the user can click the ‘Deploy’ icon.
9.3. Add Item to Network Topology
Once you have completed section 9.1 – ‘Create a New Topology’ or section 9.2 – ‘Recall an Existing Topology’ you are now ready to add, edit and delete items within your Network Topology.
1. Click on the ‘Add Items’ icon to add new items to the canvas of the topology. 2. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’ buttons, as shown in Picture 35 - ‘Add Item Screen along with Function sub menu’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 28/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 35 – Add Item Screen along with Function sub menu 3. The ‘Function’ sub menu contains following types of Items which the user can add to a canvas while creating a topology:
o PoP – Refer to section 6 o Global Exchange – Refer to section 7 o Marketplace – Refer to Section 8
9.3.1. Add a PoP Port to the Canvas
Prerequisite: Before you will be able to add PoP Ports onto your canvas you must first request your physical connection requirements. Refer to Section 6.1 – ‘Add PoP Port’ for initial request procedure. Once you receive a successful deployment acknowledgement then you are ready to proceed.
1. To add a ‘PoP’ to the canvas, from the ‘Functions’ list click on ‘PoP’ and the submenus of POPs and their respective endpoints are displayed as shown in Picture 36 - ‘Add Item Screen while adding PoP’.
Picture 36 – Add Item Screen while adding PoP
2. The user selects the respective ‘Endpoint’ and clicks the ‘Done’ button.
NOTE: A single PoP Port can be used many time, by using unique VLANs for each flow from the Port.
3. The ‘End Point’ is added to the canvas.
9.3.2. Add a Next IP connection to the Canvas
Prerequisite: Before you will be able to add a Next IP connection onto your canvas you must first register your Next IP IPVPN through the Global Exchange. Refer to Section 7.2 – ‘Add a Telstra Next IP connection’ for initial setup details. Once you receive a successful deployment acknowledgement then you are ready to proceed.
1. To add a Next IP connection to the canvas, from the ‘Functions’ list click on ‘Global Exchange’ to display the submenus for the ‘Global Exchange’ and their locations with respective connections. 2. The user selects ‘Telstra’ from ‘Global Exchange’, then selects ‘Next IP’ from “Products’ 3. Next IP offers connections in Sydney and Melbourne. Select ‘AMTC’ for Melbourne or ‘SYTS’ for ‘Sydney’ interconnect, then ‘ADD NEXT IP’ or an already deployed Next IP connect from the ‘Deployed Next IP’ list. 4. Click the ‘Done’ button as shown in Picture 37 ‘– Add Item Screen while adding a Next IP connection’
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 29/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 37 – Add Item Screen while adding a Next IP connection 5. The Next IP connection is added to the canvas.
9.3.3. Add a GWAN connection to the Canvas
Prerequisite: Before you will be able to add a GWAN (Global IPVPN) connection onto your canvas you must first register your GWAN service through the Global Exchange. Refer to Section 7.3 – ‘Add a Telstra GWAN connection’ for initial setup details. Once you receive a successful deployment acknowledgement then you are ready to proceed.
1. To add a GWAN connection to the canvas, from the ‘Functions’ list click on ‘Global Exchange’ to display the submenus for the ‘Global Exchange’ and their locations with respective connections. 2. The user selects ‘Telstra’ from ‘Global Exchange’, then selects ‘IPVPN’ from “Products’ as shown in Picture 38 ‘– Add Item Screen while adding a GWAN connection’.
Picture 38 – Add Item Screen while adding a GWAN connection 3. The user can then either select ‘ADD IPVPN’ to deploy a new GWAN connection, or select an already deployed GWAN connection from the ‘Deployed IPVPN’ list. 4. If ‘ADD IPVPN’ is selected then a configuration ‘Add IPVPN’ pop-up will be presented, as shown in Picture 39 – Configure 'Add IPVPN’ pop-up
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 30/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 39 – Configure 'Add IPVPN’ pop-up 5. Select the ‘IPVPN Location’ where you would like to interconnect your GWAN with Telstra Programmable Network. 6. Select the ‘Master Service ID’ for your GWAN service that is connecting to Telstra Programmable Network. 7. Click on ‘Save & Continue 8. Click the ‘DONE’ button, and the GWAN connection is added to the canvas.
9.3.4. Add Internet Access to the Canvas
1. To add ‘Internet’ to a canvas, the user clicks ‘Global Exchange’ and then ‘Telstra’ from ‘Exchange Partner’ list, then ‘Internet’ from ‘Product’ list and then select the required ‘Locations’ from the sub menus as shown in Picture 40 - ‘Add Items Screen while adding Internet’.
Picture 40 – Add Item Screen while adding Internet
2. The user selects the required Internet connection or clicks ‘Add Internet’ and then clicks ‘Done’ button. 3. The ‘Internet’ is added to the canvas. 4. Click on newly added ‘Internet’ object, the ‘Configure’ icon ( ) and ‘Information’ icon ( ) appear. The user clicks the ‘Configure’ icon. 5. By clicking ‘Configure’, the ‘Configure Internet’ pop-up opens up where the user enters field values present under the following tabs as shown in Picture 41 - ‘Configure Internet Pop-up’. o General o IP Allocation o IP Allocation Forecast
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 31/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 41 – Configure Internet Pop-up 6. Once the user enters values for all the required fields and click ‘Save’ button, the ‘Internet’ object is configured.
9.3.5. Add AWS to the Canvas
Prerequisite: Before you will be able to add an AWS connection onto your canvas you must first register for an AWS port through the Global Exchange. Refer to Section 7.4 – ‘Add an AWS connection’ for initial setup details. Once you receive a successful deployment acknowledgement then you are ready to proceed.
1. To add an AWS connection to a canvas, within your Topology from the ‘Functions’ list click on ‘Global Exchange’ and then ‘AWS EP Location’, and ‘EndPoints’ sub menus are displayed as shown in Picture 43 - ‘Add Items Screen while adding VNF’.
Picture 42 – Add Item Screen while adding AWS 2. Click the ‘DONE’ button, and the AWS connection is added to the canvas.
9.3.6. Add a VNF to the Canvas
Prerequisite: Before you will be able to add a VNF onto your canvas, you must first add an image into your Marketplace ‘My Images” library. Refer to Section 8.1 – ‘Add VNF to ‘My Images’ library’ for initial setup steps.
1. To add a ‘VNF’ to a canvas, within your Topology from the ‘Functions’ list click on ‘Marketplace’ and then ‘Type’, ‘Vendor’ and ‘Model’ sub menus are displayed as shown in Picture 43 - ‘Add Items Screen while adding VNF’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 32/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 43 – Add Item Screen while adding VNF 2. The user selects the respective ‘Model’ and the ‘Add VNF’ pop-up opens as shown in Picture 44 - ‘Add VNF Pop-up’.
Picture 44 – Add VNF Pop-up 3. The user enters the required details in the pop-up and clicks the ‘Save & Continue’ button. 4. The user finally clicks the ‘Done’ button and the ‘VNF’ is added to the canvas and deployment immediately begins.
NOTE: Billing for the VNF resources will commence as soon it is up and running on your canvas.
5. When the VNF is successfully deployed, the circle around the VNF turns green. 6. On clicking the ‘VNF Settings’ icon ( ), a ‘VNC Console’ to the VNF opens in another window as shown in Picture 45 - ‘VNC Console’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 33/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 45 – VNC Console 10. LAYER 2 FLOW SERVICE
Within this section we are covering the following use cases:
● Flow Creation ● Deploy ● Contract Creation ● Edit Flow
10.1. Flow Creation
The user can create a flow between following combinations of different object:
● PoP Port and PoP Port ● PoP Port and VNF ● PoP Port and Internet ● PoP Port and Next IP ● PoP Port and Global Exchange connection
10.1.1. Flow Creation between PoP Port and PoP Port
1. Click on the ‘Network’ icon ( ) present on the left side menu. 2. By clicking ‘Network’, the user is redirected to blank ‘Network’ Screen and the following options are added to the bottom left side menu:
o Existing Topologies o Create New Topology
3. After the successful creation of new topology, the user clicks ‘Add Items’ icon to add new objects to the canvas of the topology. 4. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’ button as shown in Picture 46 - ‘Add Item Screen along with Function sub menu’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 34/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 46 – Add Item Screen along with Function sub menu
5. The ‘Function’ sub menu contains the following types of objects which the user can add to a canvas while creating a topology:
o PoP o Global Exchange o Marketplace
6. The user now adds two ‘PoP Ports’ to the canvas (Refer to section 9.3 for details). 7. The user then drags one of the ‘PoP Port’ objects (A-END) over the other (Z-END) and, the ‘New Flow Configuration’ pop-up opens. 8. In ‘New Flow Configuration’ pop-up the user must define values for following parameters as shown in Picture 47 – New Flow Configuration pop-up – PoP to PoP.
o Flow Name o Description: Provide details of the flow, up to 252 characters supported. o VLAN (A-END) o VLAN (Z-END) NOTE: A-END is where you start o Bandwidth dragging your Flow FROM. o Duration Z-END is where you finish o Latency o Billing Account dragging your Flow TO. o Renewal Option
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 35/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 47 – New Flow Configuration pop-up – PoP to PoP 9. In the ‘New Flow Configuration’ pop-up, the following field are mandatory:
o ‘Flow Name’ o VLAN (A-END) o VLAN (Z-END)
The rest of the fields are prefilled with the following default values:
o Bandwidth as 1 Mbps o Latency as ‘Standard’ o Duration as 1 Hours o Renewal Option as ‘Auto Renewal’ o Billing Account as the first billing account present in the dropdown
10. The user enters the required values and clicks ‘Save’. 11. Once a link is created successfully, a blue coloured line will show between the two endpoints, and a grey coloured dot containing a numeric value is displayed (this represents that the flow is in a drafted state) as shown in Picture 48 - ’Flow in Draft State’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 36/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 48 – Flow in Draft State 12. The number shown within the coloured dot represents the number of flows currently configured between the two connected objects. 13. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully, the blue coloured line and the grey coloured dot turns green as shown in Picture 49 - ‘Canvas after successful deployment of the flow’.
Picture 49 – Canvas after successful deployment of the flow 14. In case of deployment failure the grey coloured dot turn red.
10.1.2. Flow Creation between PoP Port and VNF
1. Click on the ‘Network’ icon ( ) present on the left side menu. 2. By clicking ‘Network’, the user is redirected to a blank ‘Network’ Screen and the following options are added to the bottom left side menu:
o Existing Topologies o Create New Topology
3. After the successful creation of new topology, the user clicks the ‘Add Items’ icon to add new objects to the canvas of the topology. 4. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’ buttons as shown in Picture 50 - ‘Add Item Screen along with Function sub menu’.
Picture 50 – Add Item Screen along with Function sub menu
5. The ‘Function’ sub menu contains following types of objects which the user can add to a canvas while creating a topology:
o PoP o Global Exchange
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 37/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
o Marketplace
6. The user now adds a ‘PoP Port’ and a ‘VNF’ to the canvas. 7. The user then drags the ‘PoP Port’ object (A-END) over the ‘VNF’ object (Z-END) and the ‘New Flow Configuration’ pop-up opens. 8. In ‘New Flow Configuration’ pop-up the user must define values for the following parameters as shown in Picture 51 – New Flow Configuration pop-up – PoP to VNF.
o Flow Name o Description: Provide details of the flow, up to 252 characters supported. o VLAN (A-END) o Interface (Z-END) o Bandwidth o Duration o Latency o Billing Account o Renewal Option
Picture 51 – New Flow Configuration pop-up – PoP to VNF 9. In the ‘New Flow Configuration’ pop-up, the following fields are mandatory:
o ‘Flow Name’ o VLAN (A-END) o Interface (Z-END)
The rest of the fields are prefilled with the following default values
o Bandwidth as 1 Mbps o Latency as ‘Standard’ o Duration as 1 Hours o Renewal Option as ‘Auto Renewal’ o Billing Account as the first billing account present in the dropdown
10. The user enters the required values and clicks ‘Save’. 11. Once the link is created successfully, a blue coloured line appears between the PoP Port and the VNF and a grey coloured dot with a numeric value is displayed. This represents the flow is in drafted state. 12. The number shown within the coloured dot represents the number of flows currently configured between the two connected objects.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 38/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
13. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue coloured line and the grey coloured dot turns green as shown in Picture 52 - ‘Canvas after successful deployment of the flow’
Picture 52 – Canvas after successful deployment of the flow 14. In case of deployment failure the grey coloured dot turns red.
10.1.3. Flow Creation between PoP Port and Internet
1. Click on the ‘Network’ icon ( ) present on the left side menu. 2. By clicking ‘Network’, the user is redirected to a blank ‘Network’ Screen and the following options are added to the left side menu:
o Existing Topologies o Create New Topology
3. After the successful creation of new topology, the user clicks the ‘Add Items’ icon to add new objects to the canvas of the topology. 4. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’ buttons as shown in Picture 53 - ‘Add Item Screen along with Function sub menu’.
Picture 53 – Add Item Screen along with Function sub menu 5. The ‘Function’ sub menu contains following types of objects which the user can add to a canvas while creating a topology:
o PoP o Global Exchange o Marketplace
6. The user now adds an ‘PoP Port’ and an ‘Internet’ to the canvas. 7. Once ‘Internet’ is added to the canvas, the user configures the ‘Internet’ object.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 39/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
8. The user then drags the ‘PoP Port’ object (A-END) over the ‘Internet’ object (Z-END) and the ‘New Flow Configuration’ pop-up opens. 9. In ‘New Flow Configuration’ pop-up the user defines the values for the following parameters as shown in Picture 54 – New Flow Configuration pop-up – PoP to Internet. o Flow Name (mandatory): Short description of the flow o Description (mandatory): Provide details of the flow, up to 252 characters supported. o VLAN (A-END) (mandatory): The VLAN tag value for the ingress/egress traffic at the A-End o VLAN (Z-END) – NOTE: No VLAN is required for Internet connection o Bandwidth o Duration o Latency o Billing Account o Renewal Option
Picture 54 – New Flow Configuration pop-up – PoP to Internet 10. In ‘New Flow Configuration’ pop-up, the following fields are mandatory:
o ‘Flow Name’ o VLAN (A-END) o VLAN (Z-END)
The rest of the fields are prefilled with the following default values:
o Bandwidth as 1 Mbps o Latency as ‘Standard’ o Duration as 1 Hours o Renewal Option as ‘Auto Renewal’ o Billing Account as the first billing account present in the dropdown
NOTE: You cannot set a VLAN for the Internet
11. The user enters the required values and clicks the ‘Save’ button. 12. Once the link is created successfully a blue coloured line is drawn between the two endpoints and a grey coloured dot with a numeric value appears. This represents the flow is in drafted state. 13. The number shown within the coloured dot represents the number of flows currently configured between the two connected objects.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 40/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
14. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue coloured line and the grey coloured dot turns green as shown in Picture 55 - ‘Canvas after successful deployment of the flow’.
Picture 55 – Canvas after successful deployment of the flow 15. In case of deployment failure the grey coloured dot turns red.
10.1.4. Flow Creation between PoP Port and Next IP or Global IPVPN
1. Click on the ‘Network’ icon ( ) present on the left side menu. 2. By clicking ‘Network’, the user is redirected to blank ‘Network’ Screen and the following options are added to the left side menu:
o Existing Topologies o Create New Topology
3. After the successful creation of new topology the user clicks the ‘Add Items’ icon to add new objects to the canvas of the topology. 4. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’ buttons as shown in Picture 58 - ‘Add Item Screen along with Function sub menu’.
Picture 56 – Add Item Screen along with Function sub menu
5. The ‘Function’ sub menu contains following types of objects which the user can add to a canvas while creating a topology:
o PoP o Global Exchange o Marketplace
6. The user now adds a ‘PoP Port’ and a ‘Next IP’ (or a “Global IPVPN”) object to the canvas. 7. The user then drags the ‘PoP Port’ object (A-END) over the ‘Next IP’ (or “Global IPVPN”) object (Z-END) and the ‘New Flow Configuration’ pop-up opens.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 41/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
8. In ‘New Flow Configuration’ pop-up the user must insert values for the following parameters as shown in Picture 57 – New Flow Configuration pop-up – PoP to NextIP. o Flow Name (mandatory): Short description of the flow o Description (mandatory): Provide details of the flow, up to 252 characters supported. o VLAN (A-END) (mandatory): The VLAN tag value for the ingress/egress traffic at the A-End o IP Range to be used (Z-END) (mandatory): Provide a /30 IP subnet that is not used in your network. Note that when setting up BGP in your router, the first useable address of the /30 subnet is the PE address, while the second useable address is the CE address. o CE ASN (Z-END) (mandatory): Provide a private ASN number for this BGP peering between the Telstra Next IP/ Global IPVPN and your router. Note that you need to use the following ASN as the PE when setting up BGP in your router: . ASN for Next IP: Local connections – any AS number outside of the reserved numbers listed below and any IP address of your choice may be used. Remote connections – 65423 (Clayton, Melbourne), 65424 (St. Leonards, Sydney) Telstra has reserved the following private AS numbers within the Next IP MPLS VPN. You shall not use any of these private AS numbers: 65001, 65478, 65502, 65503, 65506, 65507, 65508, 65509, 65513, 65518, 65530 . ASN for Global IPVPN: 4637 o Bandwidth (mandatory): Default 1Mbps: select the bandwidth from 1Mbps up to 10Gbps required for the duration of the term. NOTE: The selected bandwidth can NOT be reduced during the chosen duration period. o Duration (mandatory): Default 1 Hour: Select the duration for the flow contract term. o Latency (mandatory): Default Standard: The indicated Latency value represents the end-to-end data transfer flow time in milliseconds. The Latency options Low and Standard include SLAs, the Best Effort Latency option does not. o Renewal Option (mandatory): Default Auto Renewal: o Billing Account (mandatory):
Picture 57 – New Flow Configuration pop-up – PoP to NextIP
9. The user enters the required values and clicks the ‘Save’ button. 10. Once the link is created successfully, a blue coloured line is drawn between the two endpoints and a grey coloured dot with a numeric value appears. This represents that the flow is in drafted state. 11. The number shown within the coloured dot represents the number of flows currently configured between the two connected objects.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 42/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
12. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue coloured line and grey coloured dot turns green. 13. In case of deployment failure the grey coloured dot will turns red.
10.1.5. Flow Creation between PoP Port and Exchange Partner
14. Click on the ‘Network’ icon ( ) present on the left side menu. 15. By clicking ‘Network’, the user is redirected to blank ‘Network’ Screen and the following options are added to the left side menu:
o Existing Topologies o Create New Topology
16. After the successful creation of new topology the user clicks the ‘Add Items’ icon to add new objects to the canvas of the topology. 17. By clicking ‘Add Items’, the ‘Functions’ sub menu slides up along with ‘Summary’, ‘Cancel’ and ‘Done’ buttons as shown in Picture 58 - ‘Add Item Screen along with Function sub menu’.
Picture 58 – Add Item Screen along with Function sub menu
18. The ‘Function’ sub menu contains following types of objects which the user can add to a canvas while creating a topology:
o PoP o Global Exchange o Marketplace
19. The user now adds a ‘PoP Port’ and an ‘Exchange Partner’ object to the canvas. 20. The user then drags the ‘PoP Port’ object over the ‘Exchange Partner’ object and the ‘New Flow Configuration’ pop-up opens. 21. In ‘New Flow Configuration’ pop-up the user must insert values for the following parameters as shown in Picture 59 - ‘New Flow Configuration’ pop-up.
o Flow Name o Description: Provide details of the flow, up to 252 characters supported. o Bandwidth o Duration o Latency o Billing Account o Renewal Option
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 43/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 59 – New Flow Configuration pop-up
22. In the ‘New Flow Configuration’ pop-up, the following fields are mandatory:
o ‘Flow Name’ o VLAN (A-END) o VLAN (Z-END)
The rest of the fields are prefilled with the following values:
o Bandwidth as 1 Mbps o Latency as ‘Standard’ o Duration as 1 Hours o Renewal Option as ‘Auto Renewal’ o Billing Account as the first billing account present in the dropdown
23. The user enters the required values and clicks the ‘Save’ button. 24. Once the link is created successfully, a blue coloured line is drawn between the two endpoints and a grey coloured dot with a numeric value appears. This represents that the flow is in drafted state. 25. The number shown within the coloured dot represents the number of flows currently configured between the two connected objects. 26. The user clicks the ‘Deploy’ button to deploy the flow. Once the link is deployed successfully the blue coloured line and grey coloured dot turns green as shown in Picture 60 - ‘Canvas after successful deployment of the flow’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 44/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 60 – Canvas after successful deployment of the flow – Pop to Cloud
27. In case of deployment failure the grey coloured dot will turns red.
10.2. Edit Contract
Edit contract allows the user to change the renewal option of a successfully-deployed flow.
In all the above-mentioned flow creation scenarios, once the flow is deployed successfully the user has the option of changing the renewal option of any contract attached to the flow using following steps:
1. Click on the ‘Network’ icon ( ) present on the left side menu. 2. By clicking ‘Network’, the user is redirected to a blank ‘Network’ Screen and the following options are added to the bottom left side menu:
o Existing Topologies o Create New Topology
3. In ‘Create New Topology’ and ‘Existing Topologies’, the user can either create or open any existing topology. Once the topology is opened, the user clicks the green coloured icon (as can be seen in Picture 60) between the two objects which are connected through the green coloured line. 4. Once the user clicks the green icon, the ‘Flow Information’ pop-up opens. In the ‘Flow Information’ pop-up the user selects the ‘Flow ID’ whose contract’s renewal option the user wants to edit. 5. After the Flow ID is selected, the flow details along with its ‘Contracts’ grid is displayed. 6. The user clicks the ‘Edit’ icon ( ) present against every contract in the ‘Contract List’. The slide-down section for that contract appears, containing its ‘Renewal Option’ along with ‘Close’ and ‘Save’ buttons as shown in Picture 61 – ‘Flow Information pop-up with edit contract section’.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 45/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 61 – Flow Information pop-up with edit contract section 7. The user updates the required renewal option and clicks the ‘Save’ button and the ‘Start’ and ‘Expiry’ date is updated as per its updated renewal option.
10.3. Contract Creation
1. Login as ‘Customer’ in the application. 2. To add a contract to the flow, the user clicks the green coloured dot and the ‘Flow Information’ pop-up opens as shown in Picture 62 - ‘Flow Information Pop-up’.
Picture 62 – Flow Information Pop-up
3. The number in the green coloured dot represents the number of flows created between those objects. When the ‘Flow Information’ pop-up opens the user can select the flow ID from the ‘Flow ID’ dropdown to which the user wants to add the contract. 4. Once the flow ID is selected its details are displayed in the pop-up and the user clicks the ‘Add New Contract’ button.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 46/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
5. On clicking ‘Add New Contract’ the ‘Contracts’ sections expands as shown in Picture 63 - ‘Flow Information pop-up with expanded contract section’.
Picture 63 – Flow Information pop-up with expanded contract section
6. The user enters the required details in the ‘Contracts’ section and clicks the ‘Add’ button. 7. By clicking ‘Add’, the contract is added to that respective flow. 8. The user is able to add multiple contracts to a flow.
11. GATEWAY PROTECTION
Gateway Protection is an advanced virtual network function and is the primary global cloud security interconnection for current and future network and multi-cloud services. The service is made up of a Next IP/IPVPN service, a Palo Alto Firewall VNF, and the connecting Layer 2 flow between them.
11.1. Add Gateway Protection to Images Library
From the Dashboard, select Marketplace.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 47/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
On the Marketplace page locate and select Telstra to expand it.
Select Gateway Protection from the available options.
Select the Gateway Protection configuration you wish to order, ensure the checkbox is checked and click Add to my Images. This will add Gateway Protection to your Image Library, ready to be used on a Network Topology.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 48/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
11.1.1. Add Gateway Protection to a Network Topology
From the Network Topology Canvas, select Add Items. Locate Gateway Protection and click Add GP.
During the deployment of Gateway Protection, you will configure 4 individual components:
Gateway Protection Service Next IP/IPVPN Service Palo Alto Virtual Firewall Flow between your Next IP/IPVPN Service and the Palo Alto Virtual Firewall Instance
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 49/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
11.1.2. Configure Gateway Protection Service
You can customise Gateway Protection to your requirements by modifying the options on the Service Parameters pop up. Configure the following details and click Next.
Name This is a user-defined name/label.
Feature Package Standard – A single firewall will be deployed in the selected location
Contract Term 1 hour, 1/12/24/36 months
Renewal Option Auto Renewal – the service will automatically be renewed for the same contract term
11.1.3. Connect and Configure Next IP/IPVPN Service
Connect and configure a Next IP/IPVPN service to Gateway Protection, then click Next.
Select VPN Next IP for Australian Domestic MPLS or IPVPN for International MPLS Network FNN/Master Select a service ID from the list Service ID IP Address Specify an interconnect subnet. This subnet must not be used in another Next IP/IPVPN service already. Primary Region Select the primary region of you VPN AS No. Specify a private AS number for the peering between your Next IP/IPVPN service and the Gateway Protection instance. Please use an AS number within this range: 64512 & 65534
Please note: Telstra has reserved the following BGP private AS numbers within the Next IP MPLS VPN service: 65001, 65423, 65424, 65530, 65502, 65503, 65506, 65507, 65508, 65509, 65513, 65518 and 65478. You are unable to use these AS numbers during the configuration of Gateway Protection.
| Your Next IP/IPVPN service is identified by a Master Service ID or Network FNN.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 50/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
11.1.4. Configure Palo Alto Virtual Firewall
Configure this specific Palo Alto Virtual Firewall instance by choosing from the following options:
Primary VM Name This is a user-defined name/label Primary VM Region Select from the available locations License Size VM 50 License VM 100 License VM 300 License
The license chosen will affect the features available. Please see the below table for a list of throughput per license size. Note that the throughput is the aggregate of the outbound traffic on all ports. For example: a VM 50 can support 50Mbps towards the internet and 50Mbps towards NextIP.
VM 50 License Maximum Throughput: 100Mbps VM 100 License Maximum Throughput: 1Gbps VM 300 License Maximum Throughput: 2Gbps 11.1.5. Create and configure a flow between Next IP/IPVPN Service and Palo Alto Virtual Firewall
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 51/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Finally, configure a flow between the Next IP/IPVPN Service and the Palo Alto Virtual Firewall. You can customise the elements of the flow for your requirements as per the standard process:
Flow Name This is a user-defined name/label
Description A short description to describe the purpose of this flow
Bandwidth (Mbps) The bandwidth of the flow in Mbps
Latency Low/Standard/Best Effort
Billing Account Select a billing account for this service
Based on your configurations and requirements throughout the process, you’ll be provided with a pricing summary of your order information. If you are happy with your configuration and the price summary, select Submit to add and deploy Gateway Protection to your Network Topology Canvas.
Please note: This pricing summary is an estimate only. Charges are rated hourly, as such the monthly charge will vary according to the number of hours in a particular month. Gateway Protection billing will commence once it has been deployed and is functioning.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 52/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Click Done to add to your Topology.
11.2. Gateway Protection Dashboard
The Gateway Protection Dashboard can be accessed either from the Dashboard page or the Network Topology Canvas that has a Gateway Protection instance deployed.
From the Network page, select the Topology that contains your Gateway Protection instance. Select the Gateway Protection icon on the canvas and the select the Dashboard icon.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 53/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
The Gateway Protection Dashboard shows network and security status information with up to 12 months of historical data. The Gateway Protection Dashboard can be arranged to include up to 6 graphs, including:
Traffic Bytes sent and received
Traffic Top 20 applications by bytes
Traffic Top 10 source IP with correspond top 5 applications
Traffic Top 10 URL categories with their top 5 applications
Threat prevention data Displays information related to threat detection
Traffic Destination locations (with map)
11.3. Configure Gateway Protection Firewall Policies
Gateway Protection includes the ability to configure Palo Alto firewall policies via a streamlined interface.
To configure firewall policies, select the settings icon by selecting a deployed and active Gateway Protection Instance.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 54/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
A configuration panel will open with a summary and a range of options to configure:
Interface Management Firewall Rules NAT Routing DNS Address Object Service Object BFD Profile BGP Auth Profile VNF BGP Configuration VNF Configuration Debug Tools
It should be noted that any changes made will not be applied to the virtual firewall until the Commit Changes button is clicked.
11.3.1. Summary
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 55/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
The Summary page provides information on the Gateway Protection instance:
Category Constructed
Renewal Option Auto Renewal or Auto Disconnect
Contract Term The contract term selected during configuration
High Availability Yes or No
Feature Package Standard
Security Management Self-Served
Description The name given to the Gateway Protection instance
IPVPN
The IPVPN tab displays the IPVPN or NextIP details configured for the Gateway Protection instance:
Network FNN/Master Service ID Primary ASN No IP Address
Flow
The Flow tab displayed information about the flow from your IPVPN or Next IP service to the Palo Alto Networks VM Series VNF. The following information is shown:
Flow Name Description Bandwidth Latency Billing Account
Flow Contracts
Just like other Telstra Programmable Network components that are connected via flows, additional contracts can be added to extend or boost bandwidth between the IPVPN or NextIP Service and the Palo Alto Networks VW Services VNF within the Gateway Protection service.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 56/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Existing contracts will show on the Contacts section of the Flow tab.
New contracts can be added by selecting the Add New Contract button, configuring the flow contract and selecting Add.
11.3.2. Network Interfaces
The Network Interfaces Management tab shows a list of all existing interfaces as well as the status of the interface and the ability to and configure new interfaces. Network Interfaces defined here can be used in the configuration of NAT Rules or Remote VPN Configurations.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 57/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Add a Network Interface
To add a Network Interface, click Add Tunnel Interface and specify the following parameters:
Interface Description A short description to describe the purpose of this interface IP Address The IP Address of the interface. Depending on where the connection is made – to the network or the internet, the IP address may be the 1st or 2nd usable address in the IP allocated range respectively. Security Zone Trust or Untrusted Trusted refers to an interface connection to an internal network (e.g. NextIP/IPVPN). Untrusted refers to an interface connection to an external network (e.g. Internet) Status You can set the interface manually as Up or Down or Auto
Set your required parameters and click Save Changes.
Modify an existing Network Interface
To modify an existing Network Interface, select the Edit icon for the Interface row you would like to modify.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 58/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
11.3.3. Firewall Rules
Add a Firewall Rule
To add a new Firewall Rule, click Add New Rule and define the following parameters:
Rule Name This is a user-defined name/label
Rule Description This is a user-defined description for the functionality of the rule
Action Deny or Allow
Source IP Address/Subnet Specify a CIDR IP Address, or select from a list of address objects or address groups
Destination IP Address/Subnet Specify a CIDR IP Address, or select from a list of address objects or address groups
Service Select the relevant service to apply the rule to.
Once set, click the Save button to save the rule. To apply the changes to the Virtual Firewall, click Commit Changes.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 59/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Modify an existing Firewall Rule
To modify an existing firewall rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Re-ordering existing Firewall Rules
You can change the order of the firewall rules by clicking and dragging the rules into the desired order.
Delete an existing Firewall Rule
To delete an existing firewall rule, select the delete icon.
11.3.4. NAT Rules
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
Gateway Protection allows configuration of both SNAT and DNAT rules via the Telstra Programmable Network Portal.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 60/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Add a new SNAT Rule
To add a new SNAT rule, click Add NAT Rule and define the following parameters:
Rule Name This is a user-defined name/label Rule Description This is a user-defined description for the functionality of the rule Service This is the service or application the rule will be applied to Source Zone Trusted, Untrusted or Any Destination Zone Trusted, Untrusted or Any Source IP Address/Subnet The Source IP address/range Destination IP Address/Subnet The Destination IP address/range VNF Name Select the VNF Instance Interface Select the required interface Translate IP Address Not Required VNF Name Select the relevant VNF you would like to apply this rule to Interface Select the relevant interface you would like to apply this rule to Translate IP Address to The IP address you want to translate to. This is the IP address of the external interface and must include the subnet mask
Once set, click the Save button to save the rule. To apply the changes to the Virtual Firewall, click Commit Changes.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 61/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Modify an existing SNAT rule
To modify an existing NAT rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Delete an existing SNAT rule
To delete an existing NAT rule, select the delete icon.
Add a new DNAT rule
To add a new DNAT Rule, click Add New NAT Rule and define the following parameters:
Rule Name This is a user-defined name/label Rule Description This is a user-defined description for the functionality of the rule Service This is the service or application the rule will be applied to Source Zone Trusted, Untrusted or Any Destination Zone Trusted, Untrusted or Any Source IP Address/Subnet The Source IP address/range Destination IP Address/Subnet The Destination IP address/range VNF Name Select the VNF Instance Interface Select the required interface Translate IP Address The IP address you want to translate to. VNF Name Not Required Interface Not Required Translate IP Address to Not Required
Once set, click the Save button to save the rule. To apply the changes to the Virtual Firewall, click Commit Changes.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 62/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Modify an existing DNAT Rule
To modify an existing NAT Rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Delete an existing DNAT Rule
To delete an existing DNAT Rule, select the delete icon.
11.3.5. Static Routes
Gateway Protection allows the configuration of Static and Dynamic Routes.
Add a new Static Route
To add a Static Route, click the Add New Route under the Static Route section and configure the following parameters:
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 63/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Name Used to identify the static route Subnet/CIDR The subnet you want to route to eg:0.0.0.0/0 Gateway The next hop address
Once set, click the Save button to save the rule. To apply the changes to the Virtual Firewall, click Commit Changes.
Modify an existing Static Route
To modify an existing Static Route, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Delete an existing Static Route
To delete an existing Static Route, select the delete icon.
Add a new Dynamic Route
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 64/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
To add a Static Route, click the Add New Route under the Static Route section and configure the following parameters:
Name This is a user-defined name/label used to identify the static route
Device Name Select from a dropdown list of options
Network Interface The required Network Interface
Max prefixes 1 - 100000
Local IP Address The local IP Address
Local A S Number Specify a private AS number for the firewall
Local IP Address Specify a .1 IP address for the firewall
Peer Group Name This is a user-defined name/label
Peer Name: This is a user-defined name/label
Peer IP Address Specify a .2 IP address for the BGP peer
Peer AS Number Specify the AS number for the BGP peer This value depends on the BGP peer and can either be a private or public AS number
Peer Auth Profile Select from a pre-defined Auth profile
Peer BFD Profile Select from a pre-defined BFD profile
Type Ebgp or ibgp
Once set, click the Save button to save the rule. To apply the changes to the Virtual Firewall, click Commit Changes.
Modify an existing Dynamic Route
To modify an existing Dynamic Route, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 65/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Delete an existing Dynamic Route
To delete an existing Dynamic Route, select the delete icon.
11.3.6. DNS Sinkholing
DNS Sinkholing helps the user identify infected hosts on its protected network using DNS traffic in situations where the firewall cannot see the infected client’s DNS query.
Sinkholing malware DNS queries forges responses to the client host queries directed at malicious domains so that users attempting to connect to malicious domains will instead attempt to connect to the user-defined IP address.
Gateway Protection allows the configuration of DNS Sinkholing.
Enable DNS Sinkholing
To enable DSN Sinkholing, click the Enable DNS button and configure the following parameters:
Name This is a user defined name/label IPv4 Sinkhole Address Specify a IPv4 address
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 66/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
IPv6 Sinkhole Address Specify a IPv6 address
Please note: It is highly recommended to use an IP address that is not in your network.
Disable DNS Sinkholing
To Disable DSN Sinkholing, click the Disable DNS button.
11.3.7. Address Objects
Address objects can include an IPv4 address, IPv6 address or a FQDN. It allows the user to reuse the same object as a source or destination address across all the policy rule bases without having to add it manually each time.
Additionally, to simplify the creation of security policies, addresses that require the same security settings may be combined into address groups.
Gateway Protection allows the configuration of Address Objects and Address Groups. Address Objects or Address Groups can be used in firewall rule configuration so that the firewall rules can maintain an indirect reference of the absolute addresses. Multiple Address Objects and be grouped into Address Groups.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 67/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Add a new Address Object
To add a new Address Object, click the Add Address Object button and configure the following parameters:
Name Used to identify the Address Object Description Used to describe Address Object Type Ip_netmask, ip_range or FQDN Address The relevant address based on the type you have selected
Modify an existing Address Object
To modify an existing Address Object, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Delete an existing Address Object
To delete an existing Address Object, select the delete icon.
Add a new Address Group
To add a new Address Group, click the Add Address Group button and configure the following parameters:
Name Used to identify the Address Object Description Used to describe Address Object Type Static Address Select a previously created Address Object
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 68/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Modify an existing Address Group
To modify an existing Address Group, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Delete an existing Address Group
To delete an existing Address Group, select the delete icon.
11.3.8. Service Objects
When defining a security policy for specific applications, the user may select one or more services to limit the port numbers the applications can use. The current default service allows all TCP and UDP ports.
While the HTTP and HTTPS services are pre-defined, the user may add additional service definitions. Additionally, to simplify the creation of security policies, the user may combine services that have the same security settings into service groups.
Gateway Protection allows the configuration of Service Objects and Service Groups. Service Objects or Service Groups can be used in firewall rule configuration so that the firewall rules can maintain an indirect reference of the absolute addresses. Multiple Service Objects and be grouped into Service Groups.
Add a new Service Object
To add a new Service Group, click the Add Service Object button and configure the following parameters:
Name Used to identify the Service Object Description Used to describe the Service Object Protocol TCP or UDP Source Port The Source Port of the Service Object Destination Port The Destination Port of the Service Object
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 69/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Modify an existing Service Object
To modify an existing Service Object, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Delete an existing Service Object
To delete an existing Service Object, select the delete icon.
Add a new Service Group
To add a new Service Group, click the Add Service Group button and configure the following parameters:
Name Used to identify the Service Group Services Select a previously created Service Object
Modify an existing Service Group
To modify an existing Service Group, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 70/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Delete an existing Service Group
To delete an existing Service Group, select the delete icon.
11.3.9. BFD Profile
BFD is a protocol that recognizes a failure in the bidirectional path between two forwarding engines, such as interfaces, data links, or the actual forwarding engines. In the PAN-OS implementation, one of the forwarding engines is an interface on the firewall and the other is an adjacent configured BFD peer.
After BFD detects a failure, it notifies the routing protocol to switch to an alternate path to the peer. If BFD is configured for a static route, the firewall removes the affected routes from the RIB and FIB tables.
BFD is supported on the following interface types—physical Ethernet, AE, VLAN, tunnel (Site-to-Site VPN and LSVPN), and subinterfaces of Layer 3 interfaces. For each static route or dynamic routing protocol, you can enable or disable BFD, select the default BFD profile, or configure a BFD profile.
Add a new BFD Profile
To add a new BFD Profile, select the Add button and configure the following parameters:
Name Used to identify the BFD Profile Detection Multiplier Between 2 - 50 Hold Time Time, in seconds before forward (0 – 120000) Min. TX Interval Min RX. Interval Mode Active or Passive Multihop 1 - 254
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 71/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Modify an existing BFD Profile
To modify an existing BFD Profile, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Delete an existing BFD Profile
To delete an existing BFD Profile, select the delete icon.
11.3.10. BGP Auth Profile
Border Gateway Protocol (BGP) is the primary internet routing protocol. BGP determines network reachability based on IP prefixes that are available within autonomous systems (AS), where an AS is a set of IP prefixes that a network provider has designated to be part of a single routing policy.
BGP Redistribution Rules are used to redistribute host routes and unknown routes that are not on the local RIB to the peers routers.
Add a new BGP Redistribution Rule
To add a new BGP Redistribution Rule, select the Add button and configure the following parameters:
Name Used to identify the BGP Redistribution Rule Address Family Type Ipv4 VNF UUID Select a Palo Alto VM Series Gateway Protection instance Enable True or False
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 72/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Modify an existing BGP Redistribution Rule
To modify an existing BGP Redistribution Rule, select the edit icon. Modify the available parameters and click Save. To apply to changes to the Virtual Firewall, click Commit Changes.
Note: Redistributing a Default Route requires the configuration of a static default route, a redistribution rule for the 0.0.0.0/0 subnet as well as checking the tickbox for Redistribute Default Route.
Delete an existing BGP Redistribution Rule
To delete an existing BGP Redistribution Rule, select the delete icon.
Add a new BGP Auth Profile
To add a new BGP Auth Profile, select the Add button and configure the following parameters:
Name Used to identify the BGP Auth Profile Secret A unique string used to access the BGP Profile
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 73/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
11.3.11. VNF BGP Configuration
The VNF BGP Configuration tab displays the stats of a BGP Auth Profile assigned to a Palo Alto VM Series VNF for a Gateway Protection instance.
VNF Configuration
The VNF Configuration tab displays the current configuration for the Palo Alto VM Series VNF assigned to the Gateway Protection instance.
Summary Tab
The Summary Tab displays various information about the Palo Alto VM Series VNF:
Endpoint Name Used to identify the VNF instance Region The region the VNF is deployed in Billing Account The billing account for the VNF VM Size The VNF’s license or size Max Interfaces The maximum interfaces on the VNF instance Cost Per Hour – VM The cost per hour for the Virtual Machine Cost Per Hour – Software The cost per hour for the software Total The total cost per hour
Interfaces Tab
The Interfaces Tab displays the available interfaces for the VNF, it also allows you reorder the interfaces if required.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 74/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Logs Tab
The Logs tab displays the VNF’s logs.
11.3.12. Backup
The Backup tab allows you to created one off backups for a single point in time, or create a schedule for backups to happen automatically.
Existing backups can also be restored to the VNF in the event incorrect changes are made.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 75/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Create a One-Off Backup
To create a One-Off backup, enter a backup name and select the Create button. A back up will be created.
Schedule a backup
To schedule a recurring backup, select the Schedule option and select the frequency you would like a back up to automatically be created and click the Create button.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 76/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Restore an existing backup
To restore an existing Backup, select the Restore icon on the backup you would like to restore.
Delete an existing backup
To delete an existing Backup, select the Delete icon on the backup you would like to delete.
11.3.13. Debug Tools
The Debug Tools tab allows you to perform various actions to test whether the Palo Alto VM Series VNF is functionality correctly. You can:
Ping from the VNF via an interface to a specific IP Address Fetch a routing table from the VNF Perform a traceroute from the VNF via an interface to a specific IP Address
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 77/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
12. SETTINGS 12.1. Exchange Settings The Global Exchange is a powerful capability of the Telstra Programmable Network ecosystem. It permits individual customers to advertise a PoP Port interconnect into their tenancy. This feature in turn can enable community networking services, complementary network infrastructure, data centre and cloud services are just a few possibilities. If you are considering leveraging this feature please reach out to your Telstra Programmable Network Technical Account Representative for professional advice and guidance.
12.2. General Settings 12.2.1. General The “General” screen, shown in Picture 64 – General Settings; General, provides a static view of the current TPN tenancy account settings.
Picture 64 – General Settings; General
Click on “Edit” to modify settings, as shown in Picture 65 – General Settings; General - Edit.
Picture 65 – General Settings; General - Edit
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 78/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
● Company Name: Name to be appear in the top right corner of portal screen ● Address: ● City: ● Country: ● State: ● Phone: ● Domain ID: NOTE: Cannot be edited once account has been setup. ● Partner Code: ● Website: ● Currency: NOTE: Cannot be edited once account has been setup. ● Customer Account No.: NOTE: Cannot be edited once account has been setup. ● Billing Account Id.: NOTE: Cannot be edited once account has been setup. ● Postal Code: ● Customer Type: Default Internal. Select either “Internal” or “External” ● Partner Channel: Select either “Australia” or “International”
Add Sub-Account A Sub-Account, or Child Account, can be created when an organisation wants to separate network topologies and users across different parts of their own business, or a partner managing separate TPN instances. 1. Click on the “ADD SUB-ACCOUNT” button to bring up “Add New Customer” pop-up screen, as shown in Picture 66 – General Settings; General – Add Sub-Account, where the user can add a sub-account within the current account/tenancy.
Picture 66 – General Settings; General – Add Sub-Account
NOTE: When adding a sub-account the following conditions will apply: ● Currency will automatically be set to the parent accounts currently.
2. Once the new account has been create, user accounts then need to be added to the new tenancy. 3. Select the “Manage Customers” ( ) option from the Left Hand Menu (refer to §14), the select “Graphic View”. The new tenancy should now be shown as a child account. 4. Click on the new tenancy to configure new user accounts (refer to §12.2.3).
12.2.2. Identity Provider Identity protection and authentication management is a critical security element of any public facing portal environment. This section allows users to configure Two-Factor Authentication, providing an increased level of access security into the TPN Portal and their tenancy.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 79/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 67 – General Settings; Identity Provider 1. Select “Edit” 2. Authentication Scheme: o Default is the default setting. Uses domainid, username/password to login to portal o Oath 2.0 is a future capability, currently disabled 3. 2 Factor Authentication: o Optional is the default setting. o Mandatory will require all users logging into this tenancy to utilise Two-Factor Authentication. NOTE: Refer to §4.2.1 for details on setting up and use of 2FA for logging into the TPN Portal. 12.2.3. Users Setting user access and allocating a Profile (set of permissions) is achieved within the Users area.
Picture 68 – General Settings; Users
Add New User 1. Click on the “ADD NEW USER” button to bring up “Add New User” edit line, as shown in Picture 69 – General Settings; General – Add New UserPicture 66 – General Settings; General – Add Sub-Account.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 80/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Picture 69 – General Settings; General – Add New User
2. Complete the following details: o First Name (mandatory): user’s first name o Last Name (mandatory): user’s surname name o Email ID (mandatory): user’s email address o Username (mandatory): create a unique (within this tenancy) username for the new user o Profile (mandatory): check the permissions based on available Profiles. o Job Title: user’s job title o IDP: Default default: first name o Reset/Change Password: initiate a password reset for the user o Reset 2FA: initiate a Two Factor Authentication reset for the user o Notifications: Default ON: enable email notification – NOTE: Future feature. o Actions: Default ON: mark user as active/inactive. Only active users will be able to login in portal. o Default Identity: Default ON: If enabled, user will log into the TPN identity provider (IdP, i.e. 3rd party authentication) web application. - NOTE: Future feature. 3. Click “Save” icon ( ) to save and create the new user accounts. NOTE: Two emails will be send immediately to the new user’s provided email address. a. Titled “TPN User Creation” – containing DomainID, username and URL to login screen b. Titled “TPN User Password” – containing Temporary Password
12.2.4. Profiles When adding new Users it’s important to ensure that they can only access the features and functions that the tenancy administrator wishes them to have.
Picture 70 – General Settings; Profiles
Each Profile that is created is given a unique name and set of permissions from the extensive list of available capabilities. Refer to Section 15.4 for a list of available Permissions.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 81/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Add Profile 1. Click on the “ADD PROFILE” button to bring up “Add Profile” edit line, as shown in Picture 71 – General Settings; General – Add ProfilePicture 69 – General Settings; General – Add New User.
Picture 71 – General Settings; General – Add Profile
2. Complete the following details: o Profile Name (mandatory): a unique name for the new Profile o Description (mandatory): a description of the profile 3. Click “Save” icon ( ) to save and create the new Profile. 4. To modify the permissions within the new (or any) Profile, click on the “Profile Name”. By default all permissions will be disabled. Refer to Section 15.4 for details of available Permissions. 5. Once all permissions settings done, select “UPDATE” to save changes.
12.2.5. Tariff Future feature.
12.2.6. Templates A number of email templates are available for the account administrator to use to notify their users.
Picture 72 – General Settings; Templates
13. NOTIFICATIONS Displays all Telstra Programmable Network notifications that you have received, including System messages, Global Exchange connection requests, etc.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 82/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
14. MANAGE CUSTOMERS Within in this section we’ll look at Manage Customers ( )
14.1. Graphical View If more than a single tenancy exists within the customer’s environment then they’ll be shown in a hierarchical graphical layout. NOTE: If the customer only has a single tenancy within their environment then nothing will be shown – select Tabular View icon ( ) to preview your tenancy account details.
14.2. Tabular View This view provides information on tenancy owner and contact details, as shown in Picture 73 – Manage Customers - Tabular View.
Picture 73 – Manage Customers - Tabular View
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 83/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
15. ADDITIONAL RESOURCES
15.1. Further Reading Table 4 below provides a list of additional Telstra Programmable Network reading materials.
Reference Description / Location
Telstra Programmable Network @ https://www.telstra.com.au/programmable-network Telstra.com General Telstra Programmable Network Information Telstra Programmable Network interactive https://www.telstra.com.au/content/dam/tcom/business- eBook enterprise/network-services/pdf/programmable-network-ebook.pdf Telstra Programmable Network Animation https://youtu.be/agzA6WbXYxw Technical Telstra Programmable Network Documentation Telstra Programmable Network Technical
15.2. Terms & Abbreviations The software enablement of network services has introduced a plethora of new terms and abbreviations, Table 5 below outlines a selection used throughout this document.
Term / Acronym / Definition Abbreviation 2FA Two Factor Authentication API Application Programmable Interface ASN Autonomous System Number Private autonomous system (AS) numbers which range from 64512 to 65534 are used to conserve globally unique AS numbers. Globally unique AS numbers (1 - 64511) are assigned by IANA BYOL Bring Your Own License CIDN Customer ID (identifier) Number A unique 10- digit customer identification number assigned to each customer DIA Direct Internet Access Domain ID Domain ID A unique 12-digit numeric identifier provided to each registered TPN Portal account holder.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 84/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Term / Acronym / Definition Abbreviation ECX Equinix Cloud Exchange EOL End Of Life The date when the offered appliance is no longer supported. EOS End Of Sales EP Exchange Partner Flow An abstraction of implementation-agnostic network connectivity between network entities. Flow (A-End) When dragging a Flow between two objects on the canvas the A-End is Flow (Z-End) the starting point of the drag operation and Z-end is the final end of the dragged flow/circuit. Flow ID Flow Identifier Unique Service identifier for the Layer 2 Flow Service. FNN Full National Number An alpha numeric code that uniquely identifies a service. GWAN Global Wide Area Network IPVPN service offered to customers outside of Australia Mbps Megabits per second Next IP IPVPN solution available within Australia PoP Point of Presence A PoP (Point of Presence) is a location in which customers can physically connect to the Telstra Programmable Network access point (port) that enables customers to enter the Telstra Programmable Network Platform. SDN Software Defined Network SLA Service Level Agreement Contracted service level performance metric TCV Total Contract Value Tenancy The current TPN environment that the user’s login credentials permits them to access. TPN Telstra Programmable Network Topology A logical segment/branch subnet of the user’s customer’s global network. A topology may include: ● Endpoints ● Flows USD/HR US Dollars per Hour VLAN Virtual Local Area Network VNC Virtual Network Computing A utility to remotely cone t to a VNF console VNF Virtual Network Function Table 5 – Terms and Abbreviations
15.3. PoP Codes and Locations Telstra Programmable network offer a range of PoP (Points of Presence) around the world, Table 5 below lists the PoP Codes and Locations for currently available facilities.
PoP Code Country Location Address
Sydney SYEQ Australia Unit B, 639 Gardners Road, Mascot, NSW (Equinix SY1) Sydney SYE3 Australia 47, Bourke Road, Alexandria NSW 2015 (Equinix SY3) Sydney SYGS Australia 400 Harris St, Ultimo, NSW, 2007 (Global Switch) Sydney SYNE Australia 4 Eden Park Road, Macquarie Park NSW 2113 (NextDC S1) Sydney ASES Australia Metronode DC - 8-14 Egerton Street, Silverwater NSW 2264 (Silverwater)
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 85/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
PoP Code Country Location Address
Sydney SYTS Australia 4a Herbert Street, St Leonards NSW 2065 (Telstra St Leonards) Sydney (Telstra Pacnet SYLP Australia Level 1-2, 133 Liverpool Street, Sydney, NSW Cloudspace SYCS1 ) Melbourne AMEQ Australia Equinix - 600 Lorimer St, Port Melbourne VIC 3207 (Equinix) Melbourne (NextDC- AMLS Australia NEXTDC - 826-830 Lorimer St, Port Melbourne, VIC 3207 Cloudspace MECS1) Melbourne AMTC Australia 1822 Dandenong Road Clayton, VIC 3168 (Telstra Clayton) Singapore SG IBX Center - Block 20, Ayer Rajah Crescent, Ayer Rajah Industrial ISTT Singapore (Equinix SG1) Park, Singapore 139964 Singapore (Telstra - SGCN Singapore Singapore EAC DLS - 1 Changi North Rise, Singapore 498817 Cloudspace SGCS1) Singapore 6/F Suite F1 & F4 and 5/F Suite E2, 2 Tai Seng Avenue, Singapore SGGS Singapore (Global Switch) 534408 Singapore (Telstra - SGPL Singapore Pacnet - 110 Paya Lebar Road Singapore 409009 Cloudspace SGCS2) Singapore Telstra Singapore Pte Ltd, c/o Keppel Digihub NOC, 25 Serangoon SKDI Singapore (Keppel) North Ave 5, Level 3, Keppel Digihub, Singapore 554914 Hong Kong 5th Floor, 1 Wang Wo Tsai Street, Tsuen Wan, New Territories, HKAT Hong Kong (Asia Tone) Hong Kong Hong Kong Pacnet - 11 Chun Kwong Street, Tseung Kwan O Industrial, Estate, HKCK Hong Kong (Telstra) New Territories Hong Kong Equinix, 13/F Global Gateway, 168 Yeung Uk Road, Tseun Wan, HKGG Hong Kong (Equinix) Hong Kong Mega I - 12/F & 29/F Mega iAdvantage, 399 Chai Wan Road, Chai HKMI Hong Kong Hong Kong (Mega-I) Wan Taipei TPEI Taiwan 6/F 248 Yangguang St, Neihu Taipei 114 (DYXnet) Beijing Pacnet - Electrical City, Building 10, North Road of JiuXian, Bridge, CBDH China (Telstra) Chaoyang District, Beijing, China Tianjin Pacnet - No. 8, Hui Hoi Road, Wuqing Business District, Tianjin, City CTHH China (Telstra Cloudspace) 301700 Tokyo 4th Floor, Shinsyu-Meitetsu-Shinagawa building, 3-8-21 Higashi EQHS Japan (Equinix) Shinagawa, Shinagawa-ku, Tokyo 140-0002 Tokyo NPOP - 1-5-3 Horitomecho Nihonbashi, Chuoku, Tokyo 103-0012 JTHA Japan (NPOP) Comspace 4F TH2: Telehouse Paris Voltaire - 137, Boulevard Voltaire, 75011 Paris, TBA France Paris (TH2) France FRAN Germany Frankfurt (Germany) Ancotel, Kleyerstrasse 88-90 , 60326 Frankfurt am Main, Germany United Arab UDDM Dubai (Datamena) Datamena, Dubai International Media Production Zone Emirates London TFM50 2nd floor &TFM71 4th floor, Telehouse East, Coriander ULCO UK (Telehouse East) Avenue, London E14 2AA London (Telstra - London Telstra, c/o London Hosting Centre, 6 Greenwich View Place, ULHC UK Hosing Centre) London E14 9NN, UK London ULHX UK 3/F, 8-9 Harbour Exchange Square, Isle of Dogs, London E14 9GE, UK (Telecity) Los Angeles CoreSite, 27/F, One Wilshire Building, 624 South Grand Ave., Los 1WMR USA (Coresite 1 – Wilshire) Angeles, CA 90017, USA San Jose Telstra, c/o Equinix, 11 Great Oaks Blvd , cage 1180, San Jose, CA EQNX USA (Equinix) 95119, USA New York Telstra, c/o Level 3 Co-Lo facility , 111 8th Avenue SUITE 304, CAGE NY8A USA (Telstra) S009, New York, NY 10011, USA
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 86/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
PoP Code Country Location Address
New Jersey UNSE USA 1st floor, 2 Emerson Lane, Secaucus, NJ07094 (Telstra - Secaucus) Seattle (Westin Building USWB USA 2001 6th Ave, 19th Fl MMR, Seattle, 98121 Exchange) Table 6 – Point of Presence – Codes and Locations
15.4. Profiles and Permissions The below Table 7 through to Table 18 lists available permissions that can be assigned to TPN account holders within your tenancy and sub-tenancies. Refer to §12.2.4 for details on how to set up Profiles and assigning Permissions. CHILD CUSTOMER MANAGEMENT This permission group contains permissions related to activation/deactivation of child customer accounts, fetching and update of child customer account details, getting permissions of child customer account role and changing of child customer's parent. ActivateChildCustomer This permission allows parent users to activate their deactivated child customer account, so that the customer users are able to use the TPN system again. One should also have UpdateChildCustomer permission to perform this action. NOTE: Parent users can activate their child customer account on Manage customer screen by using slider under Actions tab. DeactivateChildCustomer This permission allows parent users to deactivate their child customer accounts. Afterwards, Child customer account user will not be able to access TPN system. Parent users can deactivate their child customer accounts on Manage customer screen by using slider under Actions tab. One will be able to perform this action only if Child customer account status is active. One should also have UpdateChildCustomer permission to perform this action. One will not be able to perform this action if there are active child customer users under Child Customer account which is intended to be deactivated. GetChildCustomerPermissions This permission allows parent users to view permission for a child customer user (based on the role). Child customer users can perform operations according to the assigned permissions of the role. GetChildCustomers This permission allows parent users to view all child customer account details that are present in the TPN system. UpdateChildCustomer This permission allows parent users to update details of their child customer account. One will be able to perform this action only if Child customer account status is active. Table 7 – Profile and Permission Options: Child Customer Management
CHILD PERMISSION GROUP MANAGEMENT This permission group contains permissions related to management of child customer account roles by assigning/unassigning permissions to/from them. ManagePermissionsForChildCustomerRole This permission allows parent users to assign and unassign multiple permissions from/to the role of their child customer users. One can assign permission to other role only if customer admin role has that permission. One can only unassign permission from customer admin role if no other child role has that specific permission.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 87/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Table 8 – Profile and Permission Options: Child Permission Group Management
CHILD PRICING MANAGEMENT This permission group contains permissions related to creation, deletion, get and update of exchange rates for child customer accounts. The permissions also allow to fetch existing exchange currencies of child customer accounts. CreateChildExchangeRates This permission allows parent users to create exchange rates for their child customer accounts. Exchange rates will be applied for billing of child customer accounts if parent customer user sets different currency for them. Exchange rate can be defined between parent customer currency and any other currency. Exchange rates can be added from 'Tariff' tab under General Settings screen. DeleteChildExchangeRate This permission allows parent users to delete exchange rates set for their child customer account. One cannot delete exchange rates which are being used by child customer accounts. GetChildExchangeCurrencies This permission allows parent users to view the list of currencies that were used while creating exchange rates for their child customer accounts. With this permission, one can view the exchange currencies available for child customer accounts. GetChildExchangeRates This permission allows parent users to get the list of exchange rates created for their child customers. UpdateChildExchangeRates This permission allows parent users to update exchange rates of their child customer accounts. Updated exchange rates will be used for future billing of child accounts. Exchange rates can be updated from 'Tariff' tab under General Settings screen. One cannot update exchange rate if it is already being used. Table 9 – Profile and Permission Options: Child Pricing Management
CHILD ROLE MANAGEMENT This permission group allows to create, assign, view, delete and update roles of child customer accounts. It also allows to manage role by assigning/unassigning permissions for child customer role. AssignPermissionsToChildCustomerRole This permission allows parent users to assign permissions to the role of their child customers. One can assign permission to other role only if customer admin role has that permission. AssignRoleToChildCustomerUser This permission allows parent users to assign role to user(s) of their child customer accounts. Parent user can assign roles to multiple child customer users at a time. CreateFoleForChildCustomer This permission allows parent users to create role for their child customer users. After creating role, parent users can assign permissions to it. Role name can be anything except Customer_Admin. DeleteChildCustomerRole This permission allows parent users to delete the role created for their child customer users. Role will be no longer in use/unassigned after deletion. One can delete all roles except Customer_Admin role. GetChildCustomerRoles This permission allows parent users to view roles created for their child customer users. It also allows parent users to fetch roles assigned to specific user. UnassignRoleFromChildCustomerUser This permission allows parent users to unassign role from user(s) of their child customers. UpdateChildCustomerRole This permission allows parent users to update roles of their child customers. One cannot update default customer-admin role. Table 10 – Profile and Permission Options: Child Role Management
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 88/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
CHILD USER MANAGEMENT This permission group contains permissions related to management of customer child user such as to create/update, unlock, activate/deactivate & unlock child customer users. The permission also allow to change password and fetch detailed information of child customer users. ActivateChildCustomerUser This permission allows parent users to activate their child customer users which are in inactive state, so that they can use the TPN system again. Users can activate their child customer user from customer screen by using Slider under Actions tab. One should have UpdateChildCustomer user or UpdateCustomerUser permission for performing this action. ChangeChildUserPassword This permission allows parent users to change password of their child customer users, so that the child customer user can login with new password and resume using the TPN system. Parent users can change password of their child customer user in Customer screen from 'Users' tab under reset password head. One should have UpdateChildCustomer user or UpdateCustomerUser permission for performing this action. One can update password of only active child customer users. CreateChildCustomerUser This permission allows parent users to create users' for their child customer accounts. Created user(s) will be able to use TPN system. One can only create child customer user if customer account status is active. DeactivateChildCustomerUser This permission allows parent users to deactivate their child customer user which will stop their access to TPN system. User can deactivate their child customer user from Customer screen by using Slider under Actions tab. One should have UpdateChildCustomer user or UpdateCustomerUser permission for performing this action. One can deactivate child customer user only if child customer account status is active. One cannot deactivate themselves by their own. GetChildCustomerUsers This permission allows parent users to view details of all child customer users or information of any specific child customer user. UnlockChildCustomerUser This permission allow parent users to unlock their child customer user which got locked due to multiple login attempts failure. UpdateChildCustomerUser This permission allow parent users to update details of their child customer users. One can update details of only active child customer users. Table 11 – Profile and Permission Options: Child User Management
CUSTOMER MANAGEMENT This permission group contains various permissions related to customer account management such as creation of billing account, customer account deactivation/activation, management of customer account role and permissions, update and fetching of customer account details. CreateCustomerAccount This permission allow parent users to create child customer account in the TPN system. A customer- admin role and billing account are created while creating a child customer account. DeactivateCustomer This permission allows users to deactivate their customer account. User can deactivate their customer account from General Settings screen by using slider under Actions tab. One should have UpdateCustomer to perform this action.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 89/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
GetChildCustomerRolePermissionsGroup This permission allows parent users to fetch all the groups with their corresponding permissions assigned to their child customer users. GetCustomerPermissions This permission allows users to fetch permissions assigned to a particular role of the user of their customer account. GetCustomerRolePermissions This permission allows users to fetch permissions assigned to all roles of their customer account. GetCustomerRolePermissionsGroups This permission allow parent users to fetch all the groups with their corresponding permissions assigned to their customer accounts. ManageChildGroupRolePermissions This permission allows parent users to assign/unassign permissions to/from child customer role. This permission is GUI specific allowing user to check/uncheck permission groups in GUI ManageGroupRolePermissions This permission allows users to assign/unassign permissions to/from customer role. This permission is GUI specific allowing user to check/uncheck permission groups in GUI ManagePermissionsForCustomerRole This permission allow users to manage permissions assigned to their customer roles. The users can assign/unassign permissions from the role created in their customer account. UpdateCustomer This permission allows users to update details of their customer account. Table 12 – Profile and Permission Options: Customer Management
DEFAULT GROUP This permission group contains minimum set of permissions which should be assigned to user. AddIdentityProvider This permission allow parent users to add identity provider for their own account which will define the authentication (Oauth 2.0 or default) to be used. ChangeUserPassword This permission allows users to change password for their customer users. User can change customer user password in customer screen from 'Users' tab under reset password head. One should have UpdateCustomerUser permission to perform this action. Create Generic Link This permission allow user to create generic links. Generic links are links created with CPE device and have no contracts. CreateContract This permission allows users to create a contract for an already created Link. Data used for creating a contract is link with duration, bandwidth and renewal- option as its attributes. CreateEndpoint This permission allows user to create an endpoint for the customer account which is further used to create vports and ultimately Link. CreateLink This permission allows users to create a Link for the customers. CreateTopology This permission allows users to create a topology tag Topology tag will be used to combine TPN objects under one topology Create Vport This permission allows user to create vports for the customers which is further used as connections to create a Link. Delete 2FA This permission allows users to disable 2FA authentication for their customer account. Delete Generic Link This permission allow user to delete generic link.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 90/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
DeleteEndpoint This permission allows user to delete/unprovision an endpoint for the customers. An endpoint can only be deleted if there are no links attached to it. DeleteTopology This permission allows users to delete a topology tag which is used to combining objects. Objects themselves will not deleted. DeleteVport This permission allow user to delete vport. Enable 2FA This permissions allow users to enable 2FA authentication for their customer account. Get 2FA This permission allows users to fetch the list of 2FA authentications enabled for their customer account. Get Generic Link This permission allow user to get generic link details. Get ActivityCustomerPermissions This permission allow user to fetch all roles and assigned permissions based on customer. GetActivityPermissions This permission allow user to fetch permissions categorized within groups. GetContract This permission allows users to get link inventory details of a particular contract. GetCustomerAccount This permission allows users to fetch their customer account details. GetCustomerIdentityProvider This permission allow parent users to view identity provider for their own account. GetEndpointInformation This permission allows users to get the endpoint details. GetLink This permission allows users to get the link details Need to define the details GetMasterData This permission allows users to fetch all the master data present in the system. GetRoles This permission allows users to fetch all the roles of their customer account. GetTag This permission allows parent users to view all the tags created for their child customers so that they can be used for further associating the child customers or for filtering them. GetTopology This permission allows users to get all objects under the specified topology tag GetUsers This permission allows users to view their customer user's information. ReadAllBillingAccount This permission allows user to fetch all the billing accounts of his customer account. ReadBillingAccount This permission allows user to fetch a particular billing account of his customer account. ReadEndpointScreen This permission allow user to access Endpoint screen in GUI. ReadMessageCenter This permission allow users to get list of messages that are addressed to user. One should have access to portal to perform this action. Register 2FA This permission allows users to register 2FA authentication for their customer account. TagCustomerAccount This permission allows parent users to associate a tag while creating child customers. A single tag can be associated with multiple immediate child customers. One should have create customer account permission to perform this action. UnprovisionEndpoint This permission allow user to delete/un-provision an endpoint for the customers. An endpoint can only be deleted if there are no links attached to it. Update Generic Link This permission allow user to update name and description of a generic link.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 91/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
UpdateContract This permission allows user to update contract so that he can modify it. The data that can be 'renewal-option' which can be auto-disconnect, auto-renew, pay-per- hour. UpdateCustomerUser This permission allows users to update details of their customer’s users. Customer status should be active to perform this action. UpdateLink This permission allows users to update Link information for the customers. UpdateMessageCenter This permission allow system to publish message to specific user and user can update message status as read/delete etc. UpdateVport This permission allows users to update a linkId on provided vport which is used while creation of a Link. The data required for vport updating is linkuuid, vport, customeruuid. Table 13 – Profile and Permission Options: Default Group
IPVPN SERVICE This permission group allows to perform actions on mapping requests and mappings. Mapping must be created if customer would like to use services that require external service ID parameter such as NextIP. Mapping record contains customer uuid and its corresponding external service id (FNN in case of NextIP). The permissions in this group allow to create, delete, update and fetch details of mappings via APIs. Also they allow to create, update and fetch details of requests for mapping sent by users of TPN. ApproveMappingRequests This permission allows to approve mapping request sent by user. Mapping request contains customer uuid and external service ID (FNN) that would be required to use by NextIP service. By approving of the request the mapping of customer uuid to external service ID (FNN) will be created and users of this customer uuid will be able to use NextIP service. GetAccountMapping This permission allows to get mapping of customer uuid to external service ID (FNN) used for NextIP service GetAllMappingRequests This permission allows to get all requests created for mapping of customer uuid to external service ID (FNN) used for NextIP service RejectMappingRequests This permission allows to reject mapping request sent by the user. By rejection of the mapping request the mapping will not be created and user will not be able to use NextIP service UpdateMappingRequest This permission allows customer user to update parameters of mapping request to map customer uuid to external service ID (FNN) used for NextIP service. Table 14 – Profile and Permission Options: IPVPN Service
PRICING MANAGEMENT This permission group contains permissions related to pricing operations such as adding and fetching details of default or markup percentage, and management of exchange rates of a customer account. AddDefaultPercentage This permission allows parent users to add default percentage to their customer accounts so that the default percentage can be applied to their child customer account only if they are not assigned any markup percentage. Default percentage can be added from 'Tariff' tab under General Settings screen. AddMarkupPercentage This permission allow parent users to add markup percentage for their direct child customers so that markup percentage can be applied to their child customers. Markup percentage can be added from 'Tariff' tab under general settings screen.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 92/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
CreateExchangeRates This permission allow parent users to create exchange rates for their customer account so that exchange rates can be used while creating child customers. It is also used while converting from one currency to another and can be applied in their billings. Exchange rates can be added from 'Tariff' tab under general settings screen. DeleteExchangeRate This permission allow parent users to delete the existing exchange rates of their customer accounts. One cannot delete those exchange rates which are already in use. GetDefaultPercentage This permission allow parent users to fetch default percentage of their customer accounts. GetExchangeCurrencies This permission allow parent users to get the currencies list which were created while creating exchange rates for their customer accounts. GetExchangeRates This permission allow parent users to get the exchange rates of their customer accounts. GetMarkupPercentage This permission allow parent users to fetch markup percentages for their direct child customers. UpdateExchangeRates This permission allow parent users to update exchange rates for their customer account so that the updated exchange rate can be used in their child customer’s billings. Exchange rates can be updated from 'Tariff' tab under general settings screen. Table 15 – Profile and Permission Options: Pricing Management
ROLE MANAGEMENT This permission group contains permissions related to role management for a customer account. It allows to create role, assign/unassign role to customer user and assign/unassign permissions to a customer role. One can update and delete roles. It also possible to fetch details of a customer role. AssignRole This permission allows users to assign role to their customer users. CreateRole This permission allows users to create role for their own customer account. The created role can further be assigned to any user of that customer. DeleteRole This permission allows users to delete role of their customer account. One cannot delete customer-admin role. GetCustomerRolePermissions This permission allows users to fetch all roles and assigned permissions of their customer account. ManagePermissionsForCustomerRole This permission allows users to assign/unassign permissions from/to their customer account roles. One can assign permission only if customer-admin role has that permission. One can unassign permission from customer-admin role only if the specific permission is not assigned to any other role. UnassignRole This permission allows users to unassign role from their customer user. UpdateRole This permission allows users to update role of their customer accounts. One cannot update customer- admin role. Table 16 – Profile and Permission Options: Role Management
TAB MANAGEMENT This permission group contains UI specific permissions related to Settings tabs availability in GUI. Specifically, having these permission one can view and perform actions on General tab, Pricing (Tariff) tab, Profile (Role) tab, General setting screen, Tag tab and User tabs for child accounts and customer accounts in TPN GUI.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 93/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
ViewGeneralSettingGeneralTab This permission allow user to view and edit his own customer account details. It also allows to add sub- account. One should have general setting screen permission to perform this action. ViewGeneralSettingIdpTab This permission allow user to view and edit his own authentication scheme. One should have general setting screen permission to perform this action. ViewGeneralSettingNotificationsTab This Permission allow user to view email templates created for their users. One can update email templates with this permission. One should have general setting screen permission to perform this action. ViewGeneralSettingPricingTab This permission allows users to update markup percentage and Add/Edit/Delete exchange rates. One should have ViewGeneralSettingScreen permission to perform this action. ViewGeneralSettingProfileTab This permission allows users to create, update and delete role of his own account. One can update permissions of a role too. One should have ViewGeneralSettingScreen permission to perform this action. ViewGeneralSettingScreen This permission allows users to manage their account details, pricing, tags, users and roles. ViewGeneralSettingUserTab This permission allows users to manage users of their customer account. One can add/edit/delete users with this permission. One should have ViewGeneralSettingScreen permission to perform this action. ViewManageCustomerGeneralTab This permission allows parent users to view and edit child customer account details. It also allows to add sub-account. One should have ViewManageCustomerScreen permission to perform this action. ViewManageCustomerIdpTab This permission allow parent user to view and edit child customers authentication scheme. One should have view manage customer screen permission to perform this action. ViewManageCustomerPricingTab This permission allows parent user to update markup percentage and Add/Edit/Delete exchange rates for their child customer accounts. One should have ViewManageCustomerScreen permission to perform this action. ViewManagerCustomerProfileTab This permission allows parent user to create, update and delete roles of their child customer accounts. One can update permissions of a role too. One should have ViewManageCustomerScreen permission to perform this action. ViewManageCustomersScreen This permission allows parent users to manage their child customer's account details, pricing, tags, users and roles. ViewManagerCustomerUserTab This permission allows parent users to manage users of their child customer accounts. One can add/edit/delete users with this permission. One should have ViewManageCustomerScreen permission to perform this action. Table 17 – Profile and Permission Options: Tab Management
USER MANAGEMENT This permission group contains permissions related to customer user management. One can create, activate/deactivate, unlock, update, upload, change password of customer user(s) and fetch user details.
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 94/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
ActivateCustomerUser This permission allows users to activate their customer users so that they can use the TPN system. One can activate their customer user in Customer screen by using Slider under Actions tab. One should have UpdateCustomerUser permission to perform this action. CreateCustomerUser This permission allows users to create user(s) of their customer accounts. Customer status should be active to perform this action. DeactivateCustomerUser This permission allows users to deactivate their customer user. User can deactivate their customer user in Customer screen by using slider under Actions tab. One should have UpdateCustomerUser permission to perform this action. Customer status should be active to perform this action. UnlockCustomerUser This permission allows users to unlock their customer users so that they can resume using the TPN system. Table 18 – Profile and Permission Options: User Management
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 95/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL
Contact your Telstra representative now or email [email protected] for more details. Asia: + 852 2827 0066 • Americas: + 1 877 835 7872 • EMEA: + 44 20 7965 0000 • Australia: + 61 2 8202 5134
TELSTRA LIMITED | PRINTED DECEMBER 2017 PAGE 96/96 FINAL | TELSTRA UNRESTRICTED | TELSTRA PROGRAMMABLE NETWORK PORTAL - USER MANUAL 30102017