SlideShare a Scribd company logo

Dev Ops Geek Fest: Automating the ForgeRock Platform

Download as PPTX, PDF
ForgeRock, profile picture
ForgeRock

This document discusses using DevOps tools and practices with ForgeRock identity platforms. It begins by explaining the needs of different roles that DevOps aims to address. It then covers topics like elastic scaling of ForgeRock, different DevOps tools available, and ForgeRock's role in supporting DevOps. The document demonstrates configuring all ForgeRock components like OpenIDM, OpenAM, OpenDJ and OpenIG using Ansible. It discusses experiences using tools like Docker and the benefits of containers. Finally, it presents a proposal to run OpenAM on Kubernetes and leverage its capabilities for container orchestration.

Technology
1 of 18
Downloaded 40 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Adventures in DevOps Warren Strange Director, Sales Engineering warren.strange@forgerock.com
DevOps in a nutshell…. source: HTTP://XKCD.COM/974/
Why DevOps? Copyright © Identity Summit 2015, all rights reserved. • Developer: “I want a development box” • QA tester: “I want to test a complex configuration that mirrors production” • Sys Admin: “I want a reliable, repeatable production configuration” • Potential Customer: “I want a demonstration of how your product works” • ForgeRock University “I want to quickly create lab environments for 30 students”
Elasticity Copyright © Identity Summit 2015, all rights reserved. • The ForgeRock platform scales extremely well vertically with a small number of nodes • Easy to scale up / down through virtualization, adding more CPU, RAM, etc • OpenAM 13 stateless sessions provide new horizontal scaling options
Which tool?
What role can ForgeRock Play? • Make our products more “DevOps” friendly. E.g: – OpenAM 13 REST configuration service – Reduce file system dependencies – Commons project to implement keystore in OpenDJ – More flexible logging options (e.g. syslog) • Longer term: move towards 12factor architecture • What we can’t do is pick a “winner” in the DevOps tools game • Community: How can we facilitate more sharing?
Enough Talk. Let’s see some DevOps • https://github.com/ForgeRock/frstack • Ansible / Vagrant project to install all of the ForgeRock components – OpenIDM - identity lifecycle management – OpenAM - access management – OpenDJ - directory services – OpenIG - identity gateway – OpenAM Agent - policy enforcement point J
Demo of frstack ( 5 min)
Things I learned so far... • Normalizing environments is painful e.g. Apache on CentOS/RHEL is not quite the same as Ubuntu/Debian • More flexible == more brittle e.g. OpenDJ CLI arguments changed slightly from 2.x to 3.x. • Not a lot of sharing right now... – Are DevOps assets too specific to an organization? – Takes too much time to clean up and document DevOps assets?
Containers gone wild J • Docker = “Micro VMs” – Includes all dependencies – One process per container – Similar to BSD Jails, Solaris Zones • Docker in Production? – Still not for the faint of heart...
Kubernetes J • Containers alone are not sufficient. They need orchestration, container networking, service lookup, rolling upgrades, placement (affinity / non-affinity) • Created by Google, based on 10+ years of experience running containers at scale • Container agnostic (Docker, Rocket, etc) • Open source project
Dev Ops Geek Fest: Automating the ForgeRock Platform
Demo of Docker (5 min)
Docker - What I learned • Great for developers and “throw away” environments • Docker fits best for 12factor, stateless applications • Externalize persistence - it’s a lot of work to “pull apart” applications • Docker “data volumes”: How do you guarantee your container is running on a node that has the data? • Kubernetes data volumes are a higher level abstraction. They are a network resource, not tied to a node implemented using Google Persistent Disk, NFS, iSCSI J
Questions? J
DevOps Resources Ansible http://www.ansible.com/resources Jake’s Amazing OpenIDM Vagrant project https://github.com/jakefeasel/openidm- boilerplate/ frstack project https://github.com/ForgeRock/frstack Puppet Module https://github.com/ConductAS/puppet- openam Kubernetes http://kubernetes.io
Thank You! Warren Strange Director, Sales Engineering warren.strange@forgerock.com
Big Idea: OpenAM on Kubernetes • Strategy – Vanilla OpenAM / Tomcat Docker container, with no “personality” – External OpenDJ config/CTS store – K8 data volume holds ~/openam configuration directory • Keystore, logs, bootstrap, service definitions – Bootstrap script tweaks .openamcfg/ to point to the above k8 volume • Use static DNS names for cluster networking – openam-hosta.localdomain wired for SFO to openam- hostb.localdomain • Use realms, DNS aliases to “personalize” for target environment – realm /acme, dns alias: acme.com J

More Related Content

PDF
The ForgeRock Deployment for Cloud Readiness
ForgeRock
 
PPTX
OpenDJ: An Introduction
ForgeRock
 
PPTX
Mastering Secrets Management in Rundeck
Rundeck
 
PDF
JavaCro'15 - Service Discovery in OSGi Beyond the JVM using Docker and Consul...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Red Hat Developers
 
PPTX
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
Red Hat Developers
 
PDF
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
Markus Eisele
 
PPT
Open Source KMIP Implementation
sedukull
 
The ForgeRock Deployment for Cloud Readiness
ForgeRock
 
OpenDJ: An Introduction
ForgeRock
 
Mastering Secrets Management in Rundeck
Rundeck
 
JavaCro'15 - Service Discovery in OSGi Beyond the JVM using Docker and Consul...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Red Hat Developers
 
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
Red Hat Developers
 
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
Markus Eisele
 
Open Source KMIP Implementation
sedukull
 

What's hot (20)

PDF
WSO2Con USA 2015: End-to-end Microservice Architecture with WSO2 Identity Ser...
WSO2
 
PDF
A Walk through SSO
WSO2
 
PDF
CBDW2014 - Intro to ContentBox Modular CMS for Java and ColdFusion
Ortus Solutions, Corp
 
PDF
Deep Dive into dockerized Microservices
inovex GmbH
 
PPTX
Microservices from operations aspect
David Papp
 
PPTX
Microservices environment in production
David Papp
 
PDF
Microservices with WildFly Swarm - JavaSI 2016
Charles Moulliard
 
PPTX
Continuous Deployment with Containers
David Papp
 
PDF
Empowering Development Governance with WSO2 Products
WSO2
 
PPTX
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Lohika_Odessa_TechTalks
 
PPTX
Web application I have always dreamt of
Victor_Cr
 
PDF
JavaCro'15 - Secure Web Services Development - Askar Akhmerov
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Introduction to microservices Jornada Microservices
Roan Brasil Monteiro
 
PDF
Community and Java EE @ DevConf.CZ
Markus Eisele
 
PDF
WSO2 Quarterly Technical Update
WSO2
 
PDF
Introduction to event based microservices
Grigoris Grigoriadis
 
PDF
Microservices with Spring
Software Infrastructure
 
PPTX
Argentesting 2017 - Workshop Webdriver.io
Argentesting
 
PDF
Writing Java EE microservices using WildFly Swarm
Comsysto Reply GmbH
 
PDF
Rundeck Office Hours: Best Practices for Access Control Policies
TraciMyers6
 
WSO2Con USA 2015: End-to-end Microservice Architecture with WSO2 Identity Ser...
WSO2
 
A Walk through SSO
WSO2
 
CBDW2014 - Intro to ContentBox Modular CMS for Java and ColdFusion
Ortus Solutions, Corp
 
Deep Dive into dockerized Microservices
inovex GmbH
 
Microservices from operations aspect
David Papp
 
Microservices environment in production
David Papp
 
Microservices with WildFly Swarm - JavaSI 2016
Charles Moulliard
 
Continuous Deployment with Containers
David Papp
 
Empowering Development Governance with WSO2 Products
WSO2
 
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Lohika_Odessa_TechTalks
 
Web application I have always dreamt of
Victor_Cr
 
JavaCro'15 - Secure Web Services Development - Askar Akhmerov
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Introduction to microservices Jornada Microservices
Roan Brasil Monteiro
 
Community and Java EE @ DevConf.CZ
Markus Eisele
 
WSO2 Quarterly Technical Update
WSO2
 
Introduction to event based microservices
Grigoris Grigoriadis
 
Microservices with Spring
Software Infrastructure
 
Argentesting 2017 - Workshop Webdriver.io
Argentesting
 
Writing Java EE microservices using WildFly Swarm
Comsysto Reply GmbH
 
Rundeck Office Hours: Best Practices for Access Control Policies
TraciMyers6
 
Ad

Viewers also liked (20)

PPTX
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
ForgeRock
 
PDF
Taking Flexibility to the Next Level
ForgeRock
 
PDF
Entitlements: Taking Control of the Big Data Gold Rush
ForgeRock
 
PPTX
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
ForgeRock
 
PPTX
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
ForgeRock
 
PPTX
Identity Summit 2015: 2Keys Canadian Digital Identity
ForgeRock
 
PDF
ForgeRock and the Graph: A Match Made for IRM
ForgeRock
 
PPTX
Provisioning IoT...Oh Baby You Know Meeee!
ForgeRock
 
PDF
Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)
ForgeRock
 
PPTX
Digital Consent: Taking UMA from Concept to Reality
ForgeRock
 
PPTX
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
ForgeRock
 
PDF
DevOps Unleashed: Strategies that Speed Deployments
ForgeRock
 
PPTX
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
ForgeRock
 
PPTX
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
ForgeRock
 
PPTX
Identity Summit 2015: Connect.gov and Identity Management Systems
ForgeRock
 
PDF
The Future is Now: What’s New in ForgeRock Identity Management
ForgeRock
 
PPT
A Common API & UI for Building Next Generation Identity Services
ForgeRock
 
PDF
Groovy Tutorial
Paul King
 
PDF
Opensource Authentication and Authorization
ConFoo
 
PPTX
Azure vnet connectivity solutions
swapnilrkambli
 
Customer Scale: Stateless Sessions and Managing High-Volume Digital Services
ForgeRock
 
Taking Flexibility to the Next Level
ForgeRock
 
Entitlements: Taking Control of the Big Data Gold Rush
ForgeRock
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
ForgeRock
 
Identity Summit 2015: Aol Case Study. Multi-Tenancy in the Enterprise.
ForgeRock
 
Identity Summit 2015: 2Keys Canadian Digital Identity
ForgeRock
 
ForgeRock and the Graph: A Match Made for IRM
ForgeRock
 
Provisioning IoT...Oh Baby You Know Meeee!
ForgeRock
 
Using Identity to Empower CIOs (Mike Ellis, CEO ForgeRock, Keynote)
ForgeRock
 
Digital Consent: Taking UMA from Concept to Reality
ForgeRock
 
Identity Summit 2015: CONTINUOUS IDENTITY PROTECTION FOR THE IDENTITY PLATFORM
ForgeRock
 
DevOps Unleashed: Strategies that Speed Deployments
ForgeRock
 
Identity Summit 2015: AAMC Case Study: The top 5 challenges to a successful I...
ForgeRock
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
ForgeRock
 
Identity Summit 2015: Connect.gov and Identity Management Systems
ForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Management
ForgeRock
 
A Common API & UI for Building Next Generation Identity Services
ForgeRock
 
Groovy Tutorial
Paul King
 
Opensource Authentication and Authorization
ConFoo
 
Azure vnet connectivity solutions
swapnilrkambli
 
Ad

Similar to Dev Ops Geek Fest: Automating the ForgeRock Platform (20)

PPTX
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
ForgeRock
 
PDF
Introduction to Dev Ops and Containerisation with Docker
Shakthi Weerasinghe
 
PDF
Meetup devops
Leonard Moustacchis
 
PDF
The Return of the Dull Stack Engineer
Kris Buytaert
 
PDF
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
CodeOps Technologies LLP
 
PPTX
Ep keyote slides
OpenEBS
 
PPTX
Ep keyote slides
Niti Suryawanshi
 
PDF
Docker enables agile_devops
Boyd Hemphill
 
PPTX
Get the Exact Identity Solution You Need - In the Cloud - Overview
ForgeRock
 
PDF
Introduction to DevOps and the Practical Use Cases at Credit OK
Kriangkrai Chaonithi
 
PPTX
DevOps State of the Union 2015
Ernest Mueller
 
PPTX
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
Daniel Bryant
 
PDF
Dev ops lessons learned - Michael Collins
Devopsdays
 
PPTX
Webinar by ZNetLive & Plesk- Winning the Game for WebOps and DevOps
ZNetLive
 
PPTX
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
Daniel Bryant
 
PPTX
DevOps 101
Donnie Berkholz
 
PDF
56k.cloud training
Brian Christner
 
PPTX
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
JAXLondon_Conference
 
PPTX
Container DevOps in Azure
Microsoft Tech Community
 
PPTX
DevOps Roadmap.pptx
HARSH MANVAR
 
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
ForgeRock
 
Introduction to Dev Ops and Containerisation with Docker
Shakthi Weerasinghe
 
Meetup devops
Leonard Moustacchis
 
The Return of the Dull Stack Engineer
Kris Buytaert
 
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
CodeOps Technologies LLP
 
Ep keyote slides
OpenEBS
 
Ep keyote slides
Niti Suryawanshi
 
Docker enables agile_devops
Boyd Hemphill
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
ForgeRock
 
Introduction to DevOps and the Practical Use Cases at Credit OK
Kriangkrai Chaonithi
 
DevOps State of the Union 2015
Ernest Mueller
 
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
Daniel Bryant
 
Dev ops lessons learned - Michael Collins
Devopsdays
 
Webinar by ZNetLive & Plesk- Winning the Game for WebOps and DevOps
ZNetLive
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
Daniel Bryant
 
DevOps 101
Donnie Berkholz
 
56k.cloud training
Brian Christner
 
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
JAXLondon_Conference
 
Container DevOps in Azure
Microsoft Tech Community
 
DevOps Roadmap.pptx
HARSH MANVAR
 

More from ForgeRock (20)

PDF
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
PPTX
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
ForgeRock
 
PDF
Identity Live Sydney: Identity Management - A Strategic Opportunity
ForgeRock
 
PDF
Identity Live Singapore: Transform Your Cybersecurity Capability
ForgeRock
 
PDF
Identity Live Singapore 2018 Keynote Presentation
ForgeRock
 
PDF
Identity Live Sydney 2018 Keynote Presentation
ForgeRock
 
PDF
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
PDF
Identity Live Singapore: Building Trust & Privacy in a Connected Society
ForgeRock
 
PDF
Identity Live Sydney: Intelligent Authentication
ForgeRock
 
PDF
Identity Live Sydney: Building Trust and Privacy in a Connected Society
ForgeRock
 
PDF
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
ForgeRock
 
PDF
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 
PDF
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
PDF
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
ForgeRock
 
PDF
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
ForgeRock
 
PDF
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
ForgeRock
 
PDF
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
ForgeRock
 
PDF
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
PDF
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
PDF
Customer Safeguarding, Fraud and GDPR: Manah Khalil
ForgeRock
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
ForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
ForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
ForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
ForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
ForgeRock
 
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
ForgeRock
 
Identity Live Sydney: Intelligent Authentication
ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
ForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
ForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
Customer Safeguarding, Fraud and GDPR: Manah Khalil
ForgeRock
 

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
Teaching material agriculture food technology
LiaRayya
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Cloud computing and distributed systems.
kkkkkhan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Approach and Philosophy of On baking technology
30anthuong17
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 

Dev Ops Geek Fest: Automating the ForgeRock Platform

  • 1. Adventures in DevOps Warren Strange Director, Sales Engineering warren.strange@forgerock.com
  • 2. DevOps in a nutshell…. source: HTTP://XKCD.COM/974/
  • 3. Why DevOps? Copyright © Identity Summit 2015, all rights reserved. • Developer: “I want a development box” • QA tester: “I want to test a complex configuration that mirrors production” • Sys Admin: “I want a reliable, repeatable production configuration” • Potential Customer: “I want a demonstration of how your product works” • ForgeRock University “I want to quickly create lab environments for 30 students”
  • 4. Elasticity Copyright © Identity Summit 2015, all rights reserved. • The ForgeRock platform scales extremely well vertically with a small number of nodes • Easy to scale up / down through virtualization, adding more CPU, RAM, etc • OpenAM 13 stateless sessions provide new horizontal scaling options
  • 6. What role can ForgeRock Play? • Make our products more “DevOps” friendly. E.g: – OpenAM 13 REST configuration service – Reduce file system dependencies – Commons project to implement keystore in OpenDJ – More flexible logging options (e.g. syslog) • Longer term: move towards 12factor architecture • What we can’t do is pick a “winner” in the DevOps tools game • Community: How can we facilitate more sharing?
  • 7. Enough Talk. Let’s see some DevOps • https://github.com/ForgeRock/frstack • Ansible / Vagrant project to install all of the ForgeRock components – OpenIDM - identity lifecycle management – OpenAM - access management – OpenDJ - directory services – OpenIG - identity gateway – OpenAM Agent - policy enforcement point J
  • 8. Demo of frstack ( 5 min)
  • 9. Things I learned so far... • Normalizing environments is painful e.g. Apache on CentOS/RHEL is not quite the same as Ubuntu/Debian • More flexible == more brittle e.g. OpenDJ CLI arguments changed slightly from 2.x to 3.x. • Not a lot of sharing right now... – Are DevOps assets too specific to an organization? – Takes too much time to clean up and document DevOps assets?
  • 10. Containers gone wild J • Docker = “Micro VMs” – Includes all dependencies – One process per container – Similar to BSD Jails, Solaris Zones • Docker in Production? – Still not for the faint of heart...
  • 11. Kubernetes J • Containers alone are not sufficient. They need orchestration, container networking, service lookup, rolling upgrades, placement (affinity / non-affinity) • Created by Google, based on 10+ years of experience running containers at scale • Container agnostic (Docker, Rocket, etc) • Open source project
  • 13. Demo of Docker (5 min)
  • 14. Docker - What I learned • Great for developers and “throw away” environments • Docker fits best for 12factor, stateless applications • Externalize persistence - it’s a lot of work to “pull apart” applications • Docker “data volumes”: How do you guarantee your container is running on a node that has the data? • Kubernetes data volumes are a higher level abstraction. They are a network resource, not tied to a node implemented using Google Persistent Disk, NFS, iSCSI J
  • 16. DevOps Resources Ansible http://www.ansible.com/resources Jake’s Amazing OpenIDM Vagrant project https://github.com/jakefeasel/openidm- boilerplate/ frstack project https://github.com/ForgeRock/frstack Puppet Module https://github.com/ConductAS/puppet- openam Kubernetes http://kubernetes.io
  • 17. Thank You! Warren Strange Director, Sales Engineering warren.strange@forgerock.com
  • 18. Big Idea: OpenAM on Kubernetes • Strategy – Vanilla OpenAM / Tomcat Docker container, with no “personality” – External OpenDJ config/CTS store – K8 data volume holds ~/openam configuration directory • Keystore, logs, bootstrap, service definitions – Bootstrap script tweaks .openamcfg/ to point to the above k8 volume • Use static DNS names for cluster networking – openam-hosta.localdomain wired for SFO to openam- hostb.localdomain • Use realms, DNS aliases to “personalize” for target environment – realm /acme, dns alias: acme.com J