SlideShare a Scribd company logo

Get the Exact Identity Solution you Need in the Cloud - Deep Dive

ForgeRock, profile picture
ForgeRock

This document outlines a webcast on containerized Identity and Access Management (IAM) solutions using Amazon Web Services, focusing on Kubernetes architecture and ForgeRock product deployment. It discusses configuration management strategies, deployment flows, and future plans for simplifying access manager deployment. The document emphasizes the importance of customization, continuous integration, and monitoring strategies in a cloud environment.

Technology
1 of 23
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
HUBCITYMEDIA! Get the Exact IAM Solution You Need ! In the Cloud Deep Dive - Containerized IAM on Amazon Web Services (Webcast 2 of 3) ! HUBCITYMEDIA!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 2! Introductions
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 3! Webcast 1 Recap Why Containerized IAM Customize the solution to meet ALL of your needs! ! ! Why Kubernetes Architecture, Deployment Landscape, ForgeRock DevOps! ! ! Containerized IAM on AWS Infrastructure, Product Configuration, Client Use Case ! ! ! Check out the recording of Webcast 1 - Link in Attachments! ! !
HUBCITYMEDIA! ForgeOps Recap: What is it?! Platform Configuration Strategy and Helm ! Demo: Deploying ForgeRock AM! Architecture Review: Cloud Deployments! Continuous Integration Strategies! ! Q&A! Monitoring Strategies! Kops and ForgeOps Customizations!
HUBCITYMEDIA! ForgeOps Recap The ForgeOps Repository provides demonstration Dockerfiles and Kubernetes / Helm artifacts ●  You will need to modify these files for your environment Open Source - https://github.com/ForgeRock Yes - ForgeRock supports our products running in Docker / Kubernetes! (*) - ForgeRock provides commercial support for the platform (AM, DS, IDM, IG). We expect our partners / clients to have Kubernetes experience! 5 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! DevOps Guide https://backstage.forgerock.com/docs/platform/6/ devops-guide/ Read the Fine Manual! Now with task flowcharts! 6 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! ForgeOps Configuration Configuration is in json (a human-ish readable format)! Configuration needs to be provided to Amster / AM somehow...! ●  We think production users will want to manage configuration in a git repo! ○  Allows for versioning, audit, rollback, etc.! ○  Potential for “gitOps” - deploy a new configuration when a git PR is merged! ●  But other strategies are possible...! ○  Bake configuration files into the Docker container ! ○  Put them on an S3 bucket, NFS volume, etc.! ! 7 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! Configuration Options 8 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! 9 Copyright © 2018 ForgeRock. All rights reserved Helm Helm - A “package” manager for Kubernetes ! •  Packages up Kubernetes manifests for an application! •  Example: helm install wordpress Some helm commands: helm list - show the “releases” deployed to your cluster helm install - install a package. Creates a “release” helm delete - deletes a release
HUBCITYMEDIA! ForgeRock Access Manager Deployment Flow 1.  Deploy frconfig chart (one time activity)! a.  Holds the URLs and credentials needed to pull from a git repository! b.  We might extend this chart in the future with other pre-requisites! 2.  Deploy directories for configuration, CTS and user store! 3.  Deploy Access Manager! a.  It has a dependency on the config store ! b.  Waits for config store to be available, then checks to see if there is a valid configuration! i.  Create a bootstrap if there is an existing configuration. Otherwise - boot into configurator.! 4.  Deploy Amster container! a.  Amster spins waiting for AM to come up. If it is already configured, it does not reapply configuration.! b.  Optional: Take exports from AM, commit them to git! For development: Iterate steps 2 > 4! Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! Demo
HUBCITYMEDIA! Sneak Peak: Our plans to simplify deployment Boot Access Manager directly from json configuration files! ●  Eliminates the requirement for an amster bootstrap pod! ●  Simplifies sequencing of bootstrap: No need to wait for a configuration store to be provisioned! ●  No more “Install” Phase - there is just a “run” phase! Easier Secrets Management with Commons Secrets integration! ●  Manage key material, admin credentials using commons secrets! ●  Allow for “attaching” secrets per environment, instead of migrating them! ●  Pluggable backend architecture! ○  Future support for Hashicorp Vault, or other secret backends! !
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Architecture Review 13! Automated Cluster Build! •  AWS VPC! •  Supporting AWS Infrastructure! •  Kubernetes! •  CI System! •  Monitoring Infrastructure!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Architecture Review 14! Continuous Integration! •  IG/AM! •  IDM! •  DS via Config. Mgmt.!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Core Infrastructure Build Processes 15! Stage 1 VPC! ! Parameterized CF Stack! ! Maps to Regional AMIs and Machine Types! ! Monitoring Stack! ! ! Stage 2 Kubernetes! ! Multi-AZ! ! Full Cluster Deployment! ! Customized AMIs! ! Stage 3 Applications! ! First CI run deploys apps! supporting AWS Svcs! ! !
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 16! Node AMIs ! Customized for additional monitoring telemetry- Disk, CPU, etc.! ! NGINX Gateways! ! ! Docker Files ! Customized for additional monitoring telemetry – primarily JVM Stats! Sizing for production! ! K8s Deployments! ! Fully customized! ! No Helm! ! No Auto-scaling! ! ! MCS Ops Guide Tailored per client environment! ! ! HCM Kops and ForgeOps Customizations
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Continuous Integration Strategies 17! IG ! Fully Immutable! ! All config in Docker Image! ! Deployment and Roll back ! ! Elastically Scalable! ! ! AM ! Partially Immutable! ! Config in DS and Files! ! Elastically Scalable - Stateless! ! ! IDM ! Partially Immutable! ! Config DB/Files! ! Elastically Scalable! ! ! DS ! Not Containerized! ! Config. Mgmt. Approach! ! Ansible Automated build and updates! ! !
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Monitoring Strategies 18!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Challenges 19! Networking and Kops Running Kops without Internet Gateway ! (one year ago)! ! ! Kubernetes plumbing can leak…or burst ! Proxies! ! Networking! ! Load balancers! ! ! Non TCP/ IP Services (RADIUS) NGINX! ! ! Managing configuration without consoles ! Big shift in thinking for application user! ! What is immutable vs. application data?! ! !
HUBCITYMEDIA! What you need before taking this on in AWS! FINAL WORDS!
HUBCITYMEDIA! Questions and Answers HUBCITYMEDIA!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Webcast Series POSSIBILITIES! ARCHITECTURE! DEVOPS! Thank you for joining us!! September 12, 2018! 2:00pm-3:00pm EST! 22!
HUBCITYMEDIA! Thank you! HUBCITYMEDIA!

More Related Content

PPTX
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
ForgeRock
 
PDF
Managing serverless workloads with knative
GDG Cloud Bengaluru
 
PDF
8.cncf en
Juraj Hantak
 
PDF
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
PDF
Cloud Native Development
Manuel Garcia
 
PDF
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
VMware Tanzu
 
PDF
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
VMware Tanzu
 
PDF
Kubernetes für Workstations Edge und IoT Devices
QAware GmbH
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
ForgeRock
 
Managing serverless workloads with knative
GDG Cloud Bengaluru
 
8.cncf en
Juraj Hantak
 
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
Cloud Native Development
Manuel Garcia
 
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
VMware Tanzu
 
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
VMware Tanzu
 
Kubernetes für Workstations Edge und IoT Devices
QAware GmbH
 

What's hot (20)

PDF
Kubecon seattle 2018 workshop slides
Weaveworks
 
PDF
DCEU 18: Designing a Global Centralized Container Platform for a Multi-Cluste...
Docker, Inc.
 
PDF
Anthos Application Modernization Platform
GDG Cloud Bengaluru
 
PPTX
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
Matt McNeeney
 
PPTX
Deploying Spring Boot apps on Kubernetes
VMware Tanzu
 
PPTX
PKS Networking with NSX-T: You Focus on your App, We'll Take Care of the Rest!
VMware Tanzu
 
PDF
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
cornelia davis
 
PDF
KubeCon + CloudNativeCon Barcelona and Shanghai 2019 - Highlights
Krishna-Kumar
 
PDF
How we can do Multi-Tenancy on Kubernetes
Opsta
 
PDF
DevSecOps with Confidence
VMware Tanzu
 
PDF
Delivering Quality at Speed with GitOps
Weaveworks
 
PDF
K8s at Scale in the Enterprise: Self-Service Through the View of Personas
VMware Tanzu
 
PDF
Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...
Kangaroot
 
PPTX
Cloud Native Apps with GitOps
Weaveworks
 
PPTX
GitLab, AWS and Terraform: The Perfect Combination
Will Hall
 
PDF
Putting microservices on a diet with Istio
QAware GmbH
 
PDF
Http Services in Rust on Containers
Anton Whalley
 
PDF
Introduction to Spring Cloud Kubernetes
VMware Tanzu
 
PDF
Running CI/CD with VMWare Cloud PKS and Jenkins X
Cojan van Ballegooijen
 
PPTX
[Konveyor] adding security to dev ops for your kubernetes native applications
Konveyor Community
 
Kubecon seattle 2018 workshop slides
Weaveworks
 
DCEU 18: Designing a Global Centralized Container Platform for a Multi-Cluste...
Docker, Inc.
 
Anthos Application Modernization Platform
GDG Cloud Bengaluru
 
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
Matt McNeeney
 
Deploying Spring Boot apps on Kubernetes
VMware Tanzu
 
PKS Networking with NSX-T: You Focus on your App, We'll Take Care of the Rest!
VMware Tanzu
 
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
cornelia davis
 
KubeCon + CloudNativeCon Barcelona and Shanghai 2019 - Highlights
Krishna-Kumar
 
How we can do Multi-Tenancy on Kubernetes
Opsta
 
DevSecOps with Confidence
VMware Tanzu
 
Delivering Quality at Speed with GitOps
Weaveworks
 
K8s at Scale in the Enterprise: Self-Service Through the View of Personas
VMware Tanzu
 
Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...
Kangaroot
 
Cloud Native Apps with GitOps
Weaveworks
 
GitLab, AWS and Terraform: The Perfect Combination
Will Hall
 
Putting microservices on a diet with Istio
QAware GmbH
 
Http Services in Rust on Containers
Anton Whalley
 
Introduction to Spring Cloud Kubernetes
VMware Tanzu
 
Running CI/CD with VMWare Cloud PKS and Jenkins X
Cojan van Ballegooijen
 
[Konveyor] adding security to dev ops for your kubernetes native applications
Konveyor Community
 
Ad

Similar to Get the Exact Identity Solution you Need in the Cloud - Deep Dive (20)

PPTX
Get the Exact Identity Solution You Need - In the Cloud - Overview
ForgeRock
 
PPTX
414: Build an agile CI/CD Pipeline for application integration
Trevor Dolby
 
PDF
introduction to kubernetes slide deck by Roach
ZiyanMaraikar1
 
PDF
M10: How to implement mq in a containerized architecture ITC 2019
Robert Parker
 
PPTX
CI/CD with AWS Code Services
Pulkit Gupta
 
PPTX
Csa container-security-in-aws-dw
Cloud Security Alliance, UK chapter
 
PDF
Docker, Cloud Foundry, Bosh & Bluemix
IBM
 
PDF
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
PDF
Docker and IBM Integration Bus
Geza Geleji
 
PPTX
IBM MQ in Containers - Think 2018
Robert Parker
 
PDF
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
PDF
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
PDF
IBM Messaging in the Cloud
matthew1001
 
PPTX
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptx
Anurag Dwivedi
 
PDF
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
Animesh Singh
 
PDF
bol.com Dutch Container Day presentation
Maarten Dirkse
 
PDF
Meetup devops
Leonard Moustacchis
 
PPTX
Pipelining DevOps with Jenkins and AWS
Jimmy Ray
 
PDF
Cloud Native Camel Design Patterns
Bilgin Ibryam
 
PPTX
Oscon 2017: Build your own container-based system with the Moby project
Patrick Chanezon
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
ForgeRock
 
414: Build an agile CI/CD Pipeline for application integration
Trevor Dolby
 
introduction to kubernetes slide deck by Roach
ZiyanMaraikar1
 
M10: How to implement mq in a containerized architecture ITC 2019
Robert Parker
 
CI/CD with AWS Code Services
Pulkit Gupta
 
Csa container-security-in-aws-dw
Cloud Security Alliance, UK chapter
 
Docker, Cloud Foundry, Bosh & Bluemix
IBM
 
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
Docker and IBM Integration Bus
Geza Geleji
 
IBM MQ in Containers - Think 2018
Robert Parker
 
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
IBM Messaging in the Cloud
matthew1001
 
Toronto MuleSoft_Meetup_Run Time Fabric - Self Managed Kubernetes.pptx
Anurag Dwivedi
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
Animesh Singh
 
bol.com Dutch Container Day presentation
Maarten Dirkse
 
Meetup devops
Leonard Moustacchis
 
Pipelining DevOps with Jenkins and AWS
Jimmy Ray
 
Cloud Native Camel Design Patterns
Bilgin Ibryam
 
Oscon 2017: Build your own container-based system with the Moby project
Patrick Chanezon
 
Ad

More from ForgeRock (20)

PDF
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
PDF
Identity Live Sydney: Identity Management - A Strategic Opportunity
ForgeRock
 
PDF
Identity Live Singapore: Transform Your Cybersecurity Capability
ForgeRock
 
PDF
Identity Live Singapore 2018 Keynote Presentation
ForgeRock
 
PDF
Identity Live Sydney 2018 Keynote Presentation
ForgeRock
 
PDF
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
PDF
Identity Live Singapore: Building Trust & Privacy in a Connected Society
ForgeRock
 
PDF
Identity Live Sydney: Intelligent Authentication
ForgeRock
 
PDF
Identity Live Sydney: Building Trust and Privacy in a Connected Society
ForgeRock
 
PDF
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 
PDF
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
PDF
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
ForgeRock
 
PDF
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
ForgeRock
 
PDF
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
ForgeRock
 
PDF
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
ForgeRock
 
PDF
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
PDF
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
PDF
Customer Safeguarding, Fraud and GDPR: Manah Khalil
ForgeRock
 
PDF
Applying Innovative Tools for GDPR Success
ForgeRock
 
PDF
What the Internet of Things Means for Consumer Privacy: Veronica Lara
ForgeRock
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
ForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
ForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
ForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
ForgeRock
 
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
ForgeRock
 
Identity Live Sydney: Intelligent Authentication
ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
ForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
Customer Safeguarding, Fraud and GDPR: Manah Khalil
ForgeRock
 
Applying Innovative Tools for GDPR Success
ForgeRock
 
What the Internet of Things Means for Consumer Privacy: Veronica Lara
ForgeRock
 

Recently uploaded (20)

PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Approach and Philosophy of On baking technology
30anthuong17
 

Get the Exact Identity Solution you Need in the Cloud - Deep Dive

  • 1. HUBCITYMEDIA! Get the Exact IAM Solution You Need ! In the Cloud Deep Dive - Containerized IAM on Amazon Web Services (Webcast 2 of 3) ! HUBCITYMEDIA!
  • 2. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 2! Introductions
  • 3. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 3! Webcast 1 Recap Why Containerized IAM Customize the solution to meet ALL of your needs! ! ! Why Kubernetes Architecture, Deployment Landscape, ForgeRock DevOps! ! ! Containerized IAM on AWS Infrastructure, Product Configuration, Client Use Case ! ! ! Check out the recording of Webcast 1 - Link in Attachments! ! !
  • 4. HUBCITYMEDIA! ForgeOps Recap: What is it?! Platform Configuration Strategy and Helm ! Demo: Deploying ForgeRock AM! Architecture Review: Cloud Deployments! Continuous Integration Strategies! ! Q&A! Monitoring Strategies! Kops and ForgeOps Customizations!
  • 5. HUBCITYMEDIA! ForgeOps Recap The ForgeOps Repository provides demonstration Dockerfiles and Kubernetes / Helm artifacts ●  You will need to modify these files for your environment Open Source - https://github.com/ForgeRock Yes - ForgeRock supports our products running in Docker / Kubernetes! (*) - ForgeRock provides commercial support for the platform (AM, DS, IDM, IG). We expect our partners / clients to have Kubernetes experience! 5 Copyright © 2018 ForgeRock. All rights reserved
  • 6. HUBCITYMEDIA! DevOps Guide https://backstage.forgerock.com/docs/platform/6/ devops-guide/ Read the Fine Manual! Now with task flowcharts! 6 Copyright © 2018 ForgeRock. All rights reserved
  • 7. HUBCITYMEDIA! ForgeOps Configuration Configuration is in json (a human-ish readable format)! Configuration needs to be provided to Amster / AM somehow...! ●  We think production users will want to manage configuration in a git repo! ○  Allows for versioning, audit, rollback, etc.! ○  Potential for “gitOps” - deploy a new configuration when a git PR is merged! ●  But other strategies are possible...! ○  Bake configuration files into the Docker container ! ○  Put them on an S3 bucket, NFS volume, etc.! ! 7 Copyright © 2018 ForgeRock. All rights reserved
  • 8. HUBCITYMEDIA! Configuration Options 8 Copyright © 2018 ForgeRock. All rights reserved
  • 9. HUBCITYMEDIA! 9 Copyright © 2018 ForgeRock. All rights reserved Helm Helm - A “package” manager for Kubernetes ! •  Packages up Kubernetes manifests for an application! •  Example: helm install wordpress Some helm commands: helm list - show the “releases” deployed to your cluster helm install - install a package. Creates a “release” helm delete - deletes a release
  • 10. HUBCITYMEDIA! ForgeRock Access Manager Deployment Flow 1.  Deploy frconfig chart (one time activity)! a.  Holds the URLs and credentials needed to pull from a git repository! b.  We might extend this chart in the future with other pre-requisites! 2.  Deploy directories for configuration, CTS and user store! 3.  Deploy Access Manager! a.  It has a dependency on the config store ! b.  Waits for config store to be available, then checks to see if there is a valid configuration! i.  Create a bootstrap if there is an existing configuration. Otherwise - boot into configurator.! 4.  Deploy Amster container! a.  Amster spins waiting for AM to come up. If it is already configured, it does not reapply configuration.! b.  Optional: Take exports from AM, commit them to git! For development: Iterate steps 2 > 4! Copyright © 2018 ForgeRock. All rights reserved
  • 12. HUBCITYMEDIA! Sneak Peak: Our plans to simplify deployment Boot Access Manager directly from json configuration files! ●  Eliminates the requirement for an amster bootstrap pod! ●  Simplifies sequencing of bootstrap: No need to wait for a configuration store to be provisioned! ●  No more “Install” Phase - there is just a “run” phase! Easier Secrets Management with Commons Secrets integration! ●  Manage key material, admin credentials using commons secrets! ●  Allow for “attaching” secrets per environment, instead of migrating them! ●  Pluggable backend architecture! ○  Future support for Hashicorp Vault, or other secret backends! !
  • 13. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Architecture Review 13! Automated Cluster Build! •  AWS VPC! •  Supporting AWS Infrastructure! •  Kubernetes! •  CI System! •  Monitoring Infrastructure!
  • 14. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Architecture Review 14! Continuous Integration! •  IG/AM! •  IDM! •  DS via Config. Mgmt.!
  • 15. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Core Infrastructure Build Processes 15! Stage 1 VPC! ! Parameterized CF Stack! ! Maps to Regional AMIs and Machine Types! ! Monitoring Stack! ! ! Stage 2 Kubernetes! ! Multi-AZ! ! Full Cluster Deployment! ! Customized AMIs! ! Stage 3 Applications! ! First CI run deploys apps! supporting AWS Svcs! ! !
  • 16. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 16! Node AMIs ! Customized for additional monitoring telemetry- Disk, CPU, etc.! ! NGINX Gateways! ! ! Docker Files ! Customized for additional monitoring telemetry – primarily JVM Stats! Sizing for production! ! K8s Deployments! ! Fully customized! ! No Helm! ! No Auto-scaling! ! ! MCS Ops Guide Tailored per client environment! ! ! HCM Kops and ForgeOps Customizations
  • 17. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Continuous Integration Strategies 17! IG ! Fully Immutable! ! All config in Docker Image! ! Deployment and Roll back ! ! Elastically Scalable! ! ! AM ! Partially Immutable! ! Config in DS and Files! ! Elastically Scalable - Stateless! ! ! IDM ! Partially Immutable! ! Config DB/Files! ! Elastically Scalable! ! ! DS ! Not Containerized! ! Config. Mgmt. Approach! ! Ansible Automated build and updates! ! !
  • 18. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Monitoring Strategies 18!
  • 19. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Challenges 19! Networking and Kops Running Kops without Internet Gateway ! (one year ago)! ! ! Kubernetes plumbing can leak…or burst ! Proxies! ! Networking! ! Load balancers! ! ! Non TCP/ IP Services (RADIUS) NGINX! ! ! Managing configuration without consoles ! Big shift in thinking for application user! ! What is immutable vs. application data?! ! !
  • 20. HUBCITYMEDIA! What you need before taking this on in AWS! FINAL WORDS!
  • 22. HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Webcast Series POSSIBILITIES! ARCHITECTURE! DEVOPS! Thank you for joining us!! September 12, 2018! 2:00pm-3:00pm EST! 22!