Step Owner Description Preparation 1 Customer and Verizon You must be a Verizon Private IP customer to complete this activation process.
If not, a Private IP connection must be established to at least one of your locations. As this component is probably the one with the longest deliverable timeframe, you should not proceed with the rest of the activation process until this step is completed.
2 Verizon Verizon Account Team will work with you to create entitlements for Verizon Enterprise Center/Dynamic Network Manager which provides access to your Secure Cloud Interconnect service.
This step shall be completed once the Secure Cloud Interconnect order is entered.
3 Customer and Verizon Verizon Account Team to work with you to provide you with a clear understating of Secure Cloud Interconnect NATing.
Please review the Secure Cloud Interconnect NAT section at the end of this document.
4 Customer and Verizon If you plan to use MSS Cloud Firewall as an addition to your Secure Cloud Interconnect service needs, check the section on MSS Cloud Firewall for information on how to provision that service.
MSS Cloud Firewall has to be ordered at the same time as the Secure Cloud Interconnect port and cannot be added to an existing Secure Cloud Interconnect service.
Ordering and Provisioning 1 Customer You must create an account with Salesforce if you do not have one already.
Salesforce will provide you with an Account ID
2 Customer Select the location where the Secure Cloud Interconnect port will be provisioned.
Note: Salesforce operates all its facilities as a single “domain” so you can access any of Salesforce facilities from a single Secure Cloud Interconnect port. However, more ports can be ordered for redundancy and operation reasons.
3 Customer Provide the Salesforce Account ID to the Verizon Account Team along with the desired location for the Secure Cloud Interconnect port. 4 Customer and Verizon The Verizon Account Team, in consultation with you, identifies the appropriate time for activating the Secure Cloud Interconnect connection.
IMPORTANT: It is important to note that once the order is completed, the Secure Cloud Interconnect port is automatically activated and live traffic could pass between your Private IP VPN and Salesforce. If, for some reason, the order needs to be completed, but the port not activated (because you are not ready yet), the Verizon Account Team should ensure that you have access to Dynamic Network Manager prior to the order being completed. Dynamic Network Manager can then be used to deactivate the Secure Cloud Interconnect port and re-activate it when you are ready.See the section on “Shutting Down the Secure Cloud Interconnect Port” at the end of this document.
5 Verizon At the appropriate time, Verizon Account Team places the Secure Cloud Interconnect order using your Salesforce Account ID.
The Account ID is entered in the “CSP Customer ID” field and the Service Key is left empty.
6 Customer By default, the Private IP VPN entered with the Secure Cloud Interconnect order is connected to the Secure Cloud Interconnect port. If you want to add additional VPNs, you can use the Dynamic Network Manager to add one or more of your Private IP VPNs to the Secure Cloud Interconnect port (using the Add/Remove VPN menu).
PLEASE NOTE: When you add or remove Private IP VPNs to a Secure Cloud Interconnect port, it is important to ensure that the IP addresses of the Private IP VPNs don’t overlap and the total number of Private IP prefixes do not exceed the MAX number specified in the VPNs. In the latter case, you must contact the Verizon Account Team and request an increase to that MAX number.If you are using non-standard Secure Cloud Interconnect designs reach out and coordinate with your Verizon Account Team before proceeding with this step.
Secure Cloud Interconnect NAT 1 Verizon and Customer All of your traffic to Salesforce will be NATed by Verizon. 2 Customer You should ensure with Salesforce that the following IP addresses (based on the location of your Secure Cloud Interconnect port) are whitelisted on your Salesforce account.
Cloud Provider Location Secure Cloud Interconnect IP Ranges to add to the Salesforce Whitelist
Chicago, IL 184.108.40.206/24
San Jose, CA 220.127.116.11/24
London (Slough UK) 18.104.22.168/24
Tokyo (Yokohama JP) 22.214.171.124/24
3 Verizon At the time of Secure Cloud Interconnect provisioning, Verizon will select a unique /32 address from the aforementioned pools (based on the Secure Cloud Interconnect location) and assign it to you.
The assigned address will be used to identify you with Salesforce and can be retrieved by you or your account team from Dynamic Network Manager.
MSS Cloud 1 Verizon MSS Cloud has to be ordered at the same time as the Secure Cloud Interconnect port. MSS Cloud cannot be added to Secure Cloud Interconnect once the Secure Cloud Interconnect port is activated. 2 Verizon and Customer Verizon will create the Secure Cloud Interconnect port but not activate the connection. Once you create the Secure Cloud Interconnect port, the MSS Cloud order will be processed, and Verizon will configure the MSS Cloud instance with the Firewall rules which you provide. Once the MSS Cloud is configured, the Secure Cloud Interconnect port can be activated. 3 Verizon Verizon account team engages the MSS Cloud team (email@example.com) to validate the MSS Cloud design. 4 Customer You have ”Read” privilege to MSS Cloud but not “Write” privilege. Changes to the Firewall rules have to be either sent to your Verizon Account Team or entered in the MSS Cloud portal. Activation of the Secure Cloud Interconnect Port 1 Customer or Verizon *By default the Secure Cloud Interconnect port is set to “shutdown” to prevent advertisement of all routes to Salesforce.
You or your Verizon Account Team logs into Dynamic Network Manager and select the Secure Cloud Interconnect port.
As highlighted, click on the pen following the “Modify Admin Status” field.
2 Verizon and Customer The following screen shot shows the page that will open once the “Modify Admin Status” pen is clicked on.
In order to activate your service, select “no-shutdown” as shown above. Then click “Process Order”. This process will deploy within minutes. Please check the “Order History” displayed at the bottom of the Secure Cloud Interconnect Details for your order and use the refresh icon to confirm this has deployed properly.
*Remember - The Activation and/or De-Activation of the port can be done through the “New Admin Status” drop down menu.