SlideShare a Scribd company logo

BYOIDaaS - Automating IAM Infrastructure & Operations

Download as PPTX, PDF
J
Jon Lehtinen

This document discusses Thomson Reuters' journey to automating their identity and access management infrastructure and operations (IAM) using a bring your own identity as a service (IDaaS) approach. It outlines their current state with multiple usernames and logon experiences across different systems. It then details how they built out IDaaS capabilities in AWS using Docker containers, load balancers, and networking to provide single sign-on and multifactor authentication across 35,000 users and 4000 applications globally. This resulted in significant cost savings compared to traditional on-premise or commercial IDaaS solutions while providing strategic and operational benefits.

Technology
1 of 47
BYOIDaaS: Automating IAM Infrastructure & Operations European Identity & Cloud Conference 2019 May 15, 2019 Jon Lehtinen @jonlehtinen REUTERS / Yves Herman REUTERS / Yves Herman
2
3
4 Separation Identity Governance Directory Services Network Single Sign-on PKI MFA PAM Datacenters
5
6
7 Thomson Reuter’s internal landscape • ~35,000 workers • ~4000 apps • Large user populations on most continents • Access from anywhere • Datacenter exit • Cloud strategy REUTERS / Jose Miguel Gomez
8 Current state Multiple usernames • t212360886 • domaint212360886 • jon.lehtinen • 212360886 • jon.lehtinen@tr.com Multiple logon experiences Proprietary authentication protocols
9 Desired state • OpenID connect • SAML • OAuth
10 Multifactor as an extension of SSO
11 Build, buy, or cloudify? On-prem Cloud-hosted IDaaS Self-service Strategically aligned Globally available Operational effort
12 BYO… IDaaS? Host OS Host Hardware Hypervisor Guest OS App Guest OS App VM1 VM2 Host OS Host Hardware Container Engine App Container App Container Virtual Machines ContainersNative Cloud Services
13 The First Day -8 Months Remain- Dawn of
14 Anatomy of a dockerfile FROM image:version RUN some commands && install –y things WORKDIR /opt COPY java.tar.gz /opt ADD pingfederate.zip /opt RUN unzip pingfederate.zip RUN tar –xf java.tar.gz USER pingfed:pingfed ENTRYPOINT [“/usr/bin/startup.sh”] Base image OS prep Work directory Binaries Commands User & Group Process to Launch
15 Birth of a docker image FROM image:version RUN some commands && install –y things WORKDIR /opt COPY java.tar.gz /opt ADD pingfederate.zip /opt RUN unzip pingfederate.zip RUN tar –xf java.tar.gz USER pingfed:pingfed ENTRYPOINT [“/usr/bin/startup.sh”] docker build docker image
16 Networking & node considerations pfadmin:latest pfengine:latest 7600 7601 7700 9999 9031 Internet Docker Swarm Admin
17 AWS ECS clusters & networking • awsvpc – 169.254.x.x – Difficult to map internal/external network interfaces – Precluded Fargate • host – Pass-though IP from EC2 host to container – Must create and manage EC2 ECS cluster – Size ECS task to EC2 instance
18 VPC networking security ECS Hosts = SG-2222222 Admin ALB = SG-4444444 Engine ALB = SG-7777777 From To Port SG-4444444 SG-2222222 9999 SG-7777777 SG-2222222 9031 SG-2222222 SG-2222222 7600 SG-2222222 SG-2222222 7601 SG-2222222 SG-2222222 7700
19 Security groups don’t work across peered VPCs
20 Whitelist VPC CIDR range Type Protocol Port Source Custom TCP 7600 3.3.4.0/27 Custom TCP 7601 3.3.4.0/27 Custom TCP 7700 3.3.4.0/27 Custom TCP 7600 3.3.3.0/27 Custom TCP 7601 3.3.3.0/27 Custom TCP 7700 3.3.3.0/27 Type Protocol Port Source Custom TCP 7600 3.3.3.0/27 Custom TCP 7601 3.3.3.0/27 Custom TCP 7700 3.3.3.0/27 Custom TCP 7600 3.3.4.0/27 Custom TCP 7601 3.3.4.0/27 Custom TCP 7700 3.3.4.0/27
21 Defense in depth AWS Access Controls AWS Environment Security Docker Image Hardening Application Access Controls Infrastructure Design Application Hardening Attacker ”The Goods”
22 Ship of Theseus
23 La persistencia de la memoria
24 Logs SOC/CIRT stdout stdout aws s3 cp aws s3 cp adminnode_use2_ip-3-3-3-3 enginenode_use2_ip-3-3-3-4 enginenode_use2_ip-3-3-3-5 enginenode_use2_ip-3-3-3-6 enginenode_euw4_ip-3-3-4-3 enginenode_euw4_ip-3-3-4-4 enginenode_euw4_ip-3-3-4-5 enginenode_apsw3_ip-3-3-5-3 enginenode_apsw3_ip-3-3-5-4 enginenode_apsw3_ip-3-3-5-5
25 Persistent data stores
26 Persistent data stores Connections stored as this ID string based on connection DNS name
27 “What is SSO doing to mitigate their dependency on DNS?” –Some clueless, but well-meaning person who was just trying really, really hard during an outage call, February 2014
28 Route 53 aliases Connection string remains constant based on Route53 alias
29 Bridging enterprise DNS and AWS Route53 ssoadmin.tr.com sso.tr.com a369876-esso-adminalb-28364637-us-east- 2.elb.amazonaws.com:443 a369876-esso-enginealb-183674563-us-east- 2.elb.amazonaws.com:443 ssoadmin-prod.trawsenv.int.aws.tr.com sso-prod.trawsenv.int.aws.tr.com
30 Multi-region, one environment
31 Location-aware routing & regional sub-clusters
32 Hey dawg, I heard you liked Route53
33 Auto-scaling
34 High availability & disaster recovery
35 Operational support • Dashboard shows service is up • Check the test apps • Can you get a token using curl? • Attach proof or L2 will reject the ticket
36 Managing the environment
37 100% infrastructure as code
38 One codebase to rule them all create.py dockerfile esso_all_env.yaml
39 Paramaterizations dockerfile esso_all_env.yaml
40 Continuous integration, continuous deployment
41 Product upgrades Diff the new version Update impacted files Repackage files Update “PFVERSION” in create.py
42 Challenges • Trial and error, limited cloud/development knowledge • Endless tinkering – refinements continue (now under change control) to this day • Operational handoff is more difficult • Kubernetes for transportability REUTERS / Carlos Jasso
43 Mission accomplished?
44 I think so. On-prem Cloud-hosted IDaaS BYOIDaaS Self-service Strategic Globally available Operational effort Cost
45 Total cost of ownership • Saves $1.2mm per year over existing TR SSO & MFA systems • $2.2mm less per year compared to retail commercial enterprise IDaaS • $700,000 less per year compared to “best & final” rate commercial enterprise IDaaS REUTERS / Dado Ruvic
46 We open-sourced it. https://github.com/thomsonreuters/tr-aws-pingfederate
47 Questions? @jonlehtinen jon.lehtinen@thomsonreuters.com jon.lehtinen@gmail.com jlehtinen@idpro.org https://github.com/thomsonreuters/tr-aws-pingfederate

Recommended

Forging a Modern Cloud-first Identity Ecosystem for a 125-year-old Startup
Forging a Modern Cloud-first Identity Ecosystem for a 125-year-old StartupForging a Modern Cloud-first Identity Ecosystem for a 125-year-old Startup
Forging a Modern Cloud-first Identity Ecosystem for a 125-year-old Startup
Steve Hutchinson
 
Providing NextGen Identity Solutions in a Legacy World - CIS 2014
Providing NextGen Identity Solutions in a Legacy World - CIS 2014Providing NextGen Identity Solutions in a Legacy World - CIS 2014
Providing NextGen Identity Solutions in a Legacy World - CIS 2014
Steve Hutchinson
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael Dowling
ForgeRock
 
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on KubernetesIBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
IBM France Lab
 
In-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain TechnologiesIn-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain Technologies
dsapps
 
IBM Blockchain 101
IBM Blockchain 101IBM Blockchain 101
IBM Blockchain 101
Alexander Al Basosi
 
IBM Blockchain PoV: Hyperledger genesis block
IBM Blockchain PoV: Hyperledger genesis blockIBM Blockchain PoV: Hyperledger genesis block
IBM Blockchain PoV: Hyperledger genesis block
Luca Comparini
 
Ibm announces upgrades to its multicloud blockchain
Ibm announces upgrades to its multicloud blockchainIbm announces upgrades to its multicloud blockchain
Ibm announces upgrades to its multicloud blockchain
Blockchain Council
 

Recommended

Forging a Modern Cloud-first Identity Ecosystem for a 125-year-old Startup
Forging a Modern Cloud-first Identity Ecosystem for a 125-year-old StartupForging a Modern Cloud-first Identity Ecosystem for a 125-year-old Startup
Forging a Modern Cloud-first Identity Ecosystem for a 125-year-old Startup
Steve Hutchinson
 
Providing NextGen Identity Solutions in a Legacy World - CIS 2014
Providing NextGen Identity Solutions in a Legacy World - CIS 2014Providing NextGen Identity Solutions in a Legacy World - CIS 2014
Providing NextGen Identity Solutions in a Legacy World - CIS 2014
Steve Hutchinson
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael Dowling
ForgeRock
 
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on KubernetesIBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
IBM France Lab
 
In-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain TechnologiesIn-Memory Computing Driving Edge Computing and Blockchain Technologies
In-Memory Computing Driving Edge Computing and Blockchain Technologies
dsapps
 
IBM Blockchain 101
IBM Blockchain 101IBM Blockchain 101
IBM Blockchain 101
Alexander Al Basosi
 
IBM Blockchain PoV: Hyperledger genesis block
IBM Blockchain PoV: Hyperledger genesis blockIBM Blockchain PoV: Hyperledger genesis block
IBM Blockchain PoV: Hyperledger genesis block
Luca Comparini
 
Ibm announces upgrades to its multicloud blockchain
Ibm announces upgrades to its multicloud blockchainIbm announces upgrades to its multicloud blockchain
Ibm announces upgrades to its multicloud blockchain
Blockchain Council
 
How to use Microsoft Azure Virtual Desktop
How to use Microsoft Azure Virtual DesktopHow to use Microsoft Azure Virtual Desktop
How to use Microsoft Azure Virtual Desktop
Abdulghani Alkhateeb
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Alexander Al Basosi
 
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
blockchainexe
 
Swisscom
Swisscom Swisscom
Swisscom
Cisco Case Studies
 
Blockchain in iot: from connecting things to make them trustworthy
Blockchain in iot: from connecting things to make them trustworthyBlockchain in iot: from connecting things to make them trustworthy
Blockchain in iot: from connecting things to make them trustworthy
José Luis Núñez Díaz
 
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Kai Wähner
 
Microservices integration
Microservices integration Microservices integration
Microservices integration
Ballerina
 
Cloud Customer Architecture for IoT
Cloud Customer Architecture for IoTCloud Customer Architecture for IoT
Cloud Customer Architecture for IoT
Cloud Standards Customer Council
 
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
blockchainexe
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
VMware Tanzu
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
ForgeRock
 
FIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductionFIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introduction
gesslers
 
ブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリング
Hyperleger Tokyo Meetup
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE
 
Citrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix Synergy: Opening Keynote with CEO Mark TempletonCitrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix
 
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
OW2
 
Hermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
Hermann Wimmer - ForgeRock Identity Live 2017 - DusseldorfHermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
Hermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
ForgeRock
 
Why Microservices
Why MicroservicesWhy Microservices
Why Microservices
Amazon Web Services
 
Internet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchainInternet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchain
David Wood
 
Cloud signature chatbot
Cloud signature chatbotCloud signature chatbot
Cloud signature chatbot
Paolo Montrasio
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 
The enterprise differentiator of mq on zos
The enterprise differentiator of mq on zosThe enterprise differentiator of mq on zos
The enterprise differentiator of mq on zos
Matt Leming
 

More Related Content

What's hot

How to use Microsoft Azure Virtual Desktop
How to use Microsoft Azure Virtual DesktopHow to use Microsoft Azure Virtual Desktop
How to use Microsoft Azure Virtual Desktop
Abdulghani Alkhateeb
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Alexander Al Basosi
 
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
blockchainexe
 
Swisscom
Swisscom Swisscom
Swisscom
Cisco Case Studies
 
Blockchain in iot: from connecting things to make them trustworthy
Blockchain in iot: from connecting things to make them trustworthyBlockchain in iot: from connecting things to make them trustworthy
Blockchain in iot: from connecting things to make them trustworthy
José Luis Núñez Díaz
 
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Kai Wähner
 
Microservices integration
Microservices integration Microservices integration
Microservices integration
Ballerina
 
Cloud Customer Architecture for IoT
Cloud Customer Architecture for IoTCloud Customer Architecture for IoT
Cloud Customer Architecture for IoT
Cloud Standards Customer Council
 
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
blockchainexe
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
VMware Tanzu
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
ForgeRock
 
FIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductionFIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introduction
gesslers
 
ブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリング
Hyperleger Tokyo Meetup
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE
 
Citrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix Synergy: Opening Keynote with CEO Mark TempletonCitrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix
 
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
OW2
 
Hermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
Hermann Wimmer - ForgeRock Identity Live 2017 - DusseldorfHermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
Hermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
ForgeRock
 
Why Microservices
Why MicroservicesWhy Microservices
Why Microservices
Amazon Web Services
 
Internet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchainInternet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchain
David Wood
 
Cloud signature chatbot
Cloud signature chatbotCloud signature chatbot
Cloud signature chatbot
Paolo Montrasio
 

What's hot (20)

How to use Microsoft Azure Virtual Desktop
How to use Microsoft Azure Virtual DesktopHow to use Microsoft Azure Virtual Desktop
How to use Microsoft Azure Virtual Desktop
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
 
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
Blockchain EXE #12:海外遠征を含む最新事情共有(Jim Maricondo | ConsenSys)
 
Swisscom
Swisscom Swisscom
Swisscom
 
Blockchain in iot: from connecting things to make them trustworthy
Blockchain in iot: from connecting things to make them trustworthyBlockchain in iot: from connecting things to make them trustworthy
Blockchain in iot: from connecting things to make them trustworthy
 
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
 
Microservices integration
Microservices integration Microservices integration
Microservices integration
 
Cloud Customer Architecture for IoT
Cloud Customer Architecture for IoTCloud Customer Architecture for IoT
Cloud Customer Architecture for IoT
 
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
Blockchain EXE #10:Ocean ProtocolとBigchainDB: 分散型データエコシステムの実現(Dimitri De Jong...
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
 
FIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introductionFIWARE-IoT-Broker-introduction
FIWARE-IoT-Broker-introduction
 
ブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリングブロックチェーンの実用化に向けたネットワーク・スケーリング
ブロックチェーンの実用化に向けたネットワーク・スケーリング
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
 
Citrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix Synergy: Opening Keynote with CEO Mark TempletonCitrix Synergy: Opening Keynote with CEO Mark Templeton
Citrix Synergy: Opening Keynote with CEO Mark Templeton
 
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
Blockchain: a disruptive technology, governance and usage, OW2con'18, June 7-...
 
Hermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
Hermann Wimmer - ForgeRock Identity Live 2017 - DusseldorfHermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
Hermann Wimmer - ForgeRock Identity Live 2017 - Dusseldorf
 
Why Microservices
Why MicroservicesWhy Microservices
Why Microservices
 
Internet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchainInternet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchain
 
Cloud signature chatbot
Cloud signature chatbotCloud signature chatbot
Cloud signature chatbot
 

Similar to BYOIDaaS - Automating IAM Infrastructure & Operations

apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 
The enterprise differentiator of mq on zos
The enterprise differentiator of mq on zosThe enterprise differentiator of mq on zos
The enterprise differentiator of mq on zos
Matt Leming
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Black Duck by Synopsys
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Amazon Web Services
 
Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM
Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBMData Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM
Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM
mfrancis
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Cohesive Networks
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
Amazon Web Services
 
Cloud Native 下的應用網路設計
Cloud Native 下的應用網路設計Cloud Native 下的應用網路設計
Cloud Native 下的應用網路設計
inwin stack
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
Mark Argent
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
Amazon Web Services
 
Workshop AWS IoT @ SIDO
Workshop AWS IoT @ SIDOWorkshop AWS IoT @ SIDO
Workshop AWS IoT @ SIDO
Julien SIMON
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
Amazon Web Services
 
The Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformThe Sysdig Secure DevOps Platform
The Sysdig Secure DevOps Platform
Ashnikbiz
 
Understanding AWS security
Understanding AWS securityUnderstanding AWS security
Understanding AWS security
Amazon Web Services
 
Dynamic Server Provisioning With Ops Manager and Hyper-V
Dynamic Server Provisioning With Ops Manager and Hyper-VDynamic Server Provisioning With Ops Manager and Hyper-V
Dynamic Server Provisioning With Ops Manager and Hyper-V
Amit Gatenyo
 
VMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Developer-Ready Transformation
VMware Developer-Ready Transformation
VMware Tanzu
 

Similar to BYOIDaaS - Automating IAM Infrastructure & Operations (20)

apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
 
The enterprise differentiator of mq on zos
The enterprise differentiator of mq on zosThe enterprise differentiator of mq on zos
The enterprise differentiator of mq on zos
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM
Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBMData Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM
Data Capture in IBM WebSphere Premises Server - Aldo Eisma, IBM
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Cloud Native 下的應用網路設計
Cloud Native 下的應用網路設計Cloud Native 下的應用網路設計
Cloud Native 下的應用網路設計
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Workshop AWS IoT @ SIDO
Workshop AWS IoT @ SIDOWorkshop AWS IoT @ SIDO
Workshop AWS IoT @ SIDO
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
 
The Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformThe Sysdig Secure DevOps Platform
The Sysdig Secure DevOps Platform
 
Understanding AWS security
Understanding AWS securityUnderstanding AWS security
Understanding AWS security
 
Dynamic Server Provisioning With Ops Manager and Hyper-V
Dynamic Server Provisioning With Ops Manager and Hyper-VDynamic Server Provisioning With Ops Manager and Hyper-V
Dynamic Server Provisioning With Ops Manager and Hyper-V
 
VMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Developer-Ready Transformation
VMware Developer-Ready Transformation
 

Recently uploaded

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 

Recently uploaded (20)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 

BYOIDaaS - Automating IAM Infrastructure & Operations

Editor's Notes

  1. So IDaaS seems like the right tool for the job here? I agree.
  2. IDaaS is the easy way out, and one we were looking into. Retail cost for IDaaS for our org was $2.5mm, negotiated price ~1.2mm/yr. Whatever I did not spend on licensing costs I could spend on burst resources to migrate the app portfolio in 2019/2020, so I wanted to see if I could do it cheaper.
  3. 5) Began researching containers, cloud services. Did lots of iterative work containerizing an on-prem IDP tool.
  4. IDaaS is the easy way out, and one we were looking into. Retail cost for IDaaS for our org was $2.5mm, negotiated price ~1.2mm/yr. Whatever I did not spend on licensing costs I could spend on burst resources to migrate the app portfolio in 2019/2020, so I wanted to see if I could do it cheaper.