Get the Exact Identity Solution You Need - In the Cloud - Overview

Editor's Notes

• #4: Founded in 1999 - 18 years implementing and maintaining broad spectrum of IAM solutions All Employees located in NJ Headquarters 80+ Advisory and MSS Employees solely focused on IAM No Contractors - Full-time employees only U.S. Citizens Nationwide IAM Clients Dedicated Service Center Highly Specialized Support Engineers 24 x 7 x 365 Resource Availability Individually Tailored Support Solutions
• #5: Definition: Taking a vendor product, containerizing it and deploying it as your IAM infrastructure (e.g. taking FR products and assets and deploying FR as a set of Docker images into a Kubernetes cluster)
• #6: BULLET 1: Containerization as a deployment technology is booming right now It’s the way clients are starting to deploy software as a practice BULLET 2: Identity infrastructure isn’t different – everything can be deployed this way (applications, systems that support these apps –same characteristics) Repeatable builds Trend of deploying software reliably, systematically using a containerized approach
• #7: Three Options for deploying your IAM Infrastructure: IdaaS, Deploy traditionally, Containerized So WHY containerized IAM? 1. Get EXACTLY the system that you want – can be customized and there’s no need to settle for OOTB functionality 2. Operational characteristics of an IDaaS (customization capabilities of an on premise deployment, operational functionality of an IDaaS 3. Docker / Kubernetes – Extension of what is already being done on the app / dev side – Deploy whole infrastructure this way (needs to be supported by a third party or supported by you) *as companies modernize their infrastructure, they want to use this strategy; consistent software delivery methodology
• #8: Implications Vendor products need to support containerization (not every one can be done this way) Need to change thinking about how applications are deployed (DevOps mentaility) or third party; What do you need to get here? – transition to Warren
• #9: Back in the dark ages, before DevOps, there was the Run Book! Documented procedures on how to make changes in production Deployment cadence: yearly Servers were “Pets” (Snowflake servers) and “Mutable”.
• #10: Demand from customers and partners for increased deployment velocity, lower deployment cost, public cloud IaaS Began by looking at scripted deployments using Ansible (frstack project) Moderate success Automated the complexity. Didn’t fix it Conclusions: Significant product changes needed to simplify deployment Solve for complexity - don’t automate it Move from java war files to containers as the delivery vehicle Kubernetes as the orchestration platform
• #11: Cloud agnostic. Any Cloud + Bare Metal Think of Kubernetes as AWS in a box Broad Industry Support - CNCF project The “linux” of container management The container orchestration wars are over…
• #14: Core engineering required to make products “12Factor” like Prefer Stateless vs. Stateful Kubernetes/Container friendly Support Infrastructure as Code (A.K.A configuration as an artifact) Support for Immutable deployment models (no snowflake servers)
• #15: Kubernetes is not magic pixie dust. It enables ease of use, but does not guarantee it
• #16: ForgeRock Access Manager Import / Export configuration as json Autonomous servers. AM servers are “Cattle” - no server identity. Stateless sessions - improved horizontal scalability Platform Commons configuration - Template json configuration using common expressions. Use environment variables, system properties (12 factor practice) Evaluation docker images available on bintray docker pull forgerock-docker-public.bintray.io/forgerock/opendj:6.0.0 Sample Helm charts / Kubernetes manifests
• #19: What makes AWS an ideal environment to deploy a containerized model? 1. Maturity; widely used by most organizations; market leader in cloud 2. Breadth of services available is unparalleled in the cloud vendor market; 3. Can be spread throughout organization Downside – good environment to run containerized solutions – up until recently, not much native support for Docker and Kubernetes – but clusters can be built on top of their platform
• #23: REQUIREMENTS / ISSUES Multiple legacy vendor products deployed as a result of failed migrations Spending a lot of money managing and modernizing their platform Wanted to go to an IDaaS solution No single IDaaS vendor that would satisfy their needs – proposed to deploy FR in the cloud, in a containerized deployment in a public cloud environemtn using both FR and HCM products – satisfy all sue cases for the cleint (AM, Gov, etc) COMPLEXITY Can implement any use case required by the client Not constrained by a lowest common denominator IDaaS solution Nothing off the table Client controlled – not dependent on vendor COST
• #24: Break down on a per user basis (what did they spend previously?) Custom solution below what Okta can provide Fully customized – all software – cloud – multiple stages of implementation (IDM, AM, DS, Governance) Price with PS Per user per month – FR products, gold support from fr, PS, Governance Stack, HCM Tier 3 support, Three phase project implementing OpenIDM, OpenAccess and subsequent phases, Managed CloudService on AWS (average)
• #26: We’ve focused on AWS today, but this solution can work on many other cloud providers. That being said, AWS is a strong provider to utilize This is the future of how software will be deployed. The individual tech vendor may change, but the concept of containerization and orchestration is the way to get internet scale It’s definitely worth moving this direction, especially if you are building something that requires these characteristics
• #28: Note for following two webcasts and quick summaries #2- Deeper dive into the architecture behind running containerized IAM on AWS and what your team needs for a successful deployment #3- The benefits and challenges of running containerized Identity systems in the cloud and what it’s like to run and operate You can sign up for them now. The links to registration are here and will also be sent out in the follow up email.