ForgeRock, profile picture
Uploaded byForgeRock
PPTX, PDF464 views

Get the Exact Identity Solution You Need - In the Cloud - Overview

The document outlines Hub City Media's expertise in implementing containerized Identity and Access Management (IAM) solutions using ForgeRock technology on cloud platforms like Amazon Web Services (AWS). It discusses the shift from traditional IAM to containerized architectures, emphasizing benefits such as customization, automation, and flexibility. Additionally, it provides insights into deployment processes, DevOps practices, and future development roadmaps for IAM solutions.

Embed presentation

Downloaded 16 times
HUBCITYMEDIA Get the Exact IAM Solution You Need In the Cloud Containerized IAM on Amazon Web Services (Webcast 1 of 3) HUBCITYMEDIA
HUBCITYMEDIA Introduction – Warren Strange  With ForgeRock Since 2013  Responsible for DevOps Strategy  Previously with Sun Microsystems and Oracle Founded in Norway in 2010, ForgeRock technology is based on Sun Microsystem's IAM products. We are focused on Digital Identity and Access Management. • ForgeRock Access Manager • ForgeRock Identity Manager • ForgeRock Identity Gateway • ForgeRock Directory Services Copyright © 2018 ForgeRock. All rights reserved 2
HUBCITYMEDIA Introduction – Steve Giovannetti  CTO and Founder of Hub City Media  Identity since 2001  Focus on containerized solutions for 2 years Hub City Media has over 18 years of experience implementing IAM solutions, and particularly specializes in ForgeRock deployments in the cloud and on premise. Equipped with full-time, US-Based Professional Services and Managed Support Services teams, we have the ability to partner with clients in any location or time zone. 3Copyright © 2018 HUBCITYMEDIA. All rights reserved.
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. What is Containerized IAM? IAM Infrastructure Vendor Product > Containerize > Deploy Copyright © 2018 HUBCITYMEDIA. All rights reserved. 4
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. 5 Containerized IAM in the Industry The Containerizatio n Boom Deploy Everything Reliable Systematic Repeatable
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Why Containerized IAM? Settling vs. Success Operationally IDaaS Customization Capabilities of an On-Premise Deployment Operational Functionality of an IDaaS Consistent Software Delivery Method As companies modernize their infrastructure, this strategy is preferred Traditional IDaaS Containerized IAM No need to settle for an OOTB solution Customize to meet all of your needs 6
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Implications? Support from Vendor Products Containerized IAM 7
HUBCITYMEDIA Old School Deployment Back in the dark ages (before DevOps), there was the Run Book! Documented Procedures How to make changes in production Deployment Cadence Yearly Servers “Pets” (Snowflake Servers) “Mutable” 8Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA 2015 - The ForgeRock DevOps Journey Begins Demand Clients and Partners were looking for increased deployment velocity Lower deployment cost Public Cloud IaaS The Beginning Started looking at scripted deployments using Ansible frstack project Moderate success Automated complexity, but didn’t fix it Conclusions Significant product changes needed to simplify deployment (solve for complexity – don’t automate) Move from Java war files to containers Kubernetes as the orchestration platform 9Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA Why Kubernetes? • Cloud agnostic: Any Cloud + Bare Metal • Think of Kubernetes as AWS in a box • Broad Industry Support - CNCF project • The “linux” of container management • The container orchestration wars are over… 10Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA OpenAMOpenAM AM DJ DJ DS OpenIDM OpenIDM IDM OpenIGIG PV SSD kind: Deployment spec: replicas: 1 template: metadata: name: openig labels: name: openig spec: containers: - name: openig image: forgerock/openig volumes: - name: keystore secret: secretName: openig manifest describes components and their relationships kind: Service name: opendj ports: - port: 389 name: ldap targetPort: 389 persistent volumes abstract storage Kubernetes Manifest Describes a “Virtual” ForgeRock Deployment Architecture The same manifest works on any cloud! AWS, Azure, Google, VMware, etc. 11Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA Deployment Landscape • Deploy a war file • Bring your own infrastructure • Maximum flexibility • “Build it your way” • Higher operational complexity / cost On-premise • Limited flexibility • Infrastructure is fixed • Lower Operational Costs • Fastest deployment • Hybrid deployment on Kubernetes • Flexibility: less than custom, greater than SaaS • Lower operational costs through automation • Faster deployment • Semi-opinionated infrastructure: o Bring your own cloud 12Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA Key DevOPs Focus Areas Core Engineering to make products “12Factor” like Prefer Stateless vs. Stateful Kubernetes / Container Friendly Support Infrastructure as Code AKA configuration as an artifact Support for Immutable Deployment No snowflake servers The 12 factors circa 200 BC 13Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. ForgeRock DevOps The cool stuff Where most of the effort is
HUBCITYMEDIA Current DevOps Enhancements ForgeRock Access Manager Import / Export configuration as json Autonomous servers; AM servers are “cattle” – no server identity Stateless Sessions – improved horizontal scalability Commons configuration – Template json configuration using common expressions. Use environment variables, system properties (12 factor practice) Evaluation docker images available on bintray docker pull forgerock-docker-public.bintray.io/forgerock/opendj:6.0.0 Sample Helm charts / Kubernetes manifests Platform 15Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA ForgeOps Repository The ForgeOps Repository provides demonstration Dockerfiles and Kubernetes / Helm artifacts ● You will need to modify these files for your environment Open Source - https://github.com/ForgeRock DevOps Reference Examples - https://github.com/ForgeRock/forgeops Yes - ForgeRock supports our products running in Docker / Kubernetes! (*) - ForgeRock provides commercial support for the platform (AM, DS, IDM, IG). We expect our partners / clients to have Kubernetes experience! 16Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA DevOps Guide Read the Fine Manual! Now with task flowcharts! 17Copyright © 2018 ForgeRock. All rights reserved https://backstage.forgerock.com/docs/ DevOps Guide https://backstage.forgerock.com/docs/platf orm/6/devops-quick-start-guide/
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Power of AWS with Containerization Maturity Market Leader in Cloud Widely Used Breadth of Services Unparalleled in the Cloud Vendor market Flexibility Can be spread throughout organization 18
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Containerized IAM on AWS – The Journey Automated Infrastructure Build VPC, Networking, Monitoring, CI/CD System Kubernetes Automated ForgeRock Product Project Configuration Kubernetes Namespace / Product Dependencies Integrated Monitoring and Management Cloud Watch Alerts and Monitors - Elastisearch Continuous Integration / Deployment Templates 19
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Infrastructure Build Jenkins Kub Master Kub Master Kub Master Kub Node Kub Node Kub Node 1. CF VPC Creation Script • Creates VPC • AZs and Subnets • NAT Gateways • S3 Endpoint • Customer Gateway • VPN Gateway • Internet Gateway • Routing Tables • Cloudwatch • ElasticSearch • Route53 2. CF Jenkins Host Creation • Kicks off Kops Script 3. Kops Script • Creates Master Nodes • Creates Kub Nodes 20
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Product Configuration ForgeRock IDM 1. Create Dependencies • RDS Multi-AZ 2. Create Namespace 3. Create Deployment • Images / Pods • ELBs – Multi-AZ ForgeRock AM 1. Create Dependencies • DJ 2. Create Namespace 3. Create Deployment • Images / Pods • ELBs – Multi-AZ Jenkins Kub Master Kub Master Kub Master DS DS DS Kubernetes Cluster Multi-AZ RDS IDM Namespace AM Namespace 21
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. HCM – Client Use Case Multiple legacy vendor products High costs to manage and modernize Initiative to go IDaaS No single IDaaS vendor to satisfy all needs Implement ANY use case No constrictions Client controlled Extremely cost effective in comparison to other options REQUIREMENTS COMPLEXITY COST 22
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Client Use Case ForgeRock Platform Custom, multi-phase IDM, AM, DS, IDG implementation Hub City Media Governance (IDG) HCM Tier 3 Support Managed Cloud Services on AWS $2.61 Per User Per Month 23
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Containerized IAM on AWS – Roadmap 1.0 GA – May 2017 Released to Internal Team Automated Infrastructure Product / Namespace Config Monitoring Jenkins Templates Client Go Live – July 2017 1.2 – Winter 20181.1 – Fall 2018 Internal Dev Cutover Dockerize Jenkins Addt’l Deployment Strategies Containerization of DS Improved Encryption for Secrets Google Cloud Platform Stackdriver Integration Kube Federation AMI Configuration Tooling Improved Monitoring 24
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Other Cloud Providers The Future of Software Deployment Considerations for the Future / Documentation FINAL WORDS
HUBCITYMEDIA Questions and Answers HUBCITYMEDIA
HUBCITYMEDIACopyright © 2018 HUBCITYMEDIA. All rights reserved. Webcast Series POSSIBILITIES ARCHITECTURE DEVOPS August 15, 2018 2:00pm-3:00pm EST September 12, 2018 2:00pm-3:00pm EST Thank you for joining us! 27
HUBCITYMEDIA Thank you! HUBCITYMEDIA

More Related Content

PDF
Introducing HiveMQ Cloud
byMargarethaErber
 
PDF
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
byNGINX, Inc.
 
PDF
What's New in HiveMQ: Inside the upcoming HiveMQ 4.7 release
byGeorg Held
 
PDF
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
byKai Wähner
 
PPTX
Empowering developers and operators through Gitlab and HashiCorp
byMitchell Pronschinske
 
PPTX
2015 cloud trend and cloud DR
bybizmerce
 
PDF
Blockchain - The Next Big Thing for Middleware
byKai Wähner
 
PDF
Dynamic Azure Credentials for Applications and CI/CD Pipelines
byMitchell Pronschinske
 
Introducing HiveMQ Cloud
byMargarethaErber
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
byNGINX, Inc.
 
What's New in HiveMQ: Inside the upcoming HiveMQ 4.7 release
byGeorg Held
 
TIBCO BWCE and Netflix' Hystrix Circuit Breaker for Cloud Native Middleware M...
byKai Wähner
 
Empowering developers and operators through Gitlab and HashiCorp
byMitchell Pronschinske
 
2015 cloud trend and cloud DR
bybizmerce
 
Blockchain - The Next Big Thing for Middleware
byKai Wähner
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
byMitchell Pronschinske
 

What's hot

PDF
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
byITCamp
 
PPTX
Istio - A Service Mesh for Microservices as Scale
byRam Vennam
 
PDF
Case Study: How to move from a Monolith to Cloud, Containers and Microservices
byKai Wähner
 
PPTX
DEVNET-1010 Using Cisco pxGrid for Security Platform Integration
byCisco DevNet
 
PPTX
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
byMitchell Pronschinske
 
PDF
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
byNGINX, Inc.
 
PDF
Using Cisco pxGrid for Security Platform Integration: a deep dive
byCisco DevNet
 
PDF
Api Management and Demo
byDevOps Indonesia
 
PPTX
wisecloud based open cloud implementation guide
bybizmerce
 
PDF
Demystifying AuthN/AuthZ Using OIDC & OAuth2
byNGINX, Inc.
 
PDF
Cisco at v mworld 2015 shipped-vmworld
byldangelo0772
 
PPTX
Introduction to Kubernetes
byAlexander Al Basosi
 
PDF
IBM Bluemix Nice meetup #5 - 20170504 - Orchestrer Docker avec Kubernetes
byIBM France Lab
 
PDF
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
byCisco DevNet
 
PDF
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
byIBM France Lab
 
PDF
Kubernetes - Cloud Native Application Orchestration - Catalin Jora
byITCamp
 
PDF
IBM Bluemix Paris Meetup #21-20170131 Meetup @Ingima - MangOH to AirVantage t...
byIBM France Lab
 
PDF
The Microsoft Cloud and Server Strategy - Ben Armstrong
byITCamp
 
PDF
Driving Success In The Cloud With NGINX
byNGINX, Inc.
 
PPTX
Revolutionising IT Agility
byNGINX, Inc.
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
byITCamp
 
Istio - A Service Mesh for Microservices as Scale
byRam Vennam
 
Case Study: How to move from a Monolith to Cloud, Containers and Microservices
byKai Wähner
 
DEVNET-1010 Using Cisco pxGrid for Security Platform Integration
byCisco DevNet
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
byMitchell Pronschinske
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
byNGINX, Inc.
 
Using Cisco pxGrid for Security Platform Integration: a deep dive
byCisco DevNet
 
Api Management and Demo
byDevOps Indonesia
 
wisecloud based open cloud implementation guide
bybizmerce
 
Demystifying AuthN/AuthZ Using OIDC & OAuth2
byNGINX, Inc.
 
Cisco at v mworld 2015 shipped-vmworld
byldangelo0772
 
Introduction to Kubernetes
byAlexander Al Basosi
 
IBM Bluemix Nice meetup #5 - 20170504 - Orchestrer Docker avec Kubernetes
byIBM France Lab
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
byCisco DevNet
 
IBM Bluemix Nice meetup #5 - 20170504 - Container Service based on Kubernetes
byIBM France Lab
 
Kubernetes - Cloud Native Application Orchestration - Catalin Jora
byITCamp
 
IBM Bluemix Paris Meetup #21-20170131 Meetup @Ingima - MangOH to AirVantage t...
byIBM France Lab
 
The Microsoft Cloud and Server Strategy - Ben Armstrong
byITCamp
 
Driving Success In The Cloud With NGINX
byNGINX, Inc.
 
Revolutionising IT Agility
byNGINX, Inc.
 

Similar to Get the Exact Identity Solution You Need - In the Cloud - Overview

PPTX
Csa container-security-in-aws-dw
byCloud Security Alliance, UK chapter
 
PPTX
Dev Ops Geek Fest: Automating the ForgeRock Platform
byForgeRock
 
PPTX
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
byForgeRock
 
PDF
Deploy 22 microservices from scratch in 30 mins with GitOps
byOpsta
 
PPTX
Identity Summit UK: KEEP TALKING: LESSONS LEARNED DURING OUR MIGRATION FROM L...
byForgeRock
 
PPTX
Scaling production grade EKS Multi-Cluster environments using GitOps
byCarlos Santana
 
PDF
The ForgeRock Deployment for Cloud Readiness
byForgeRock
 
PPTX
Introduction to DevOps on AWS
byShiva Narayanaswamy
 
PDF
DevOps Unleashed: Strategies that Speed Deployments
byForgeRock
 
PDF
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
byForgeRock
 
PDF
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
byForgeRock
 
PDF
Overpowered Kubernetes: CI/CD for K8s on Enterprise IaaS
byJ On The Beach
 
PPTX
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
byForgeRock
 
PDF
Meetup devops
byLeonard Moustacchis
 
PPTX
Oscon London 2016 - Docker from Development to Production
byPatrick Chanezon
 
PPTX
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
byFwdays
 
PDF
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
byKublr
 
PPTX
Kubernetes for .NET Developers
byLorenzo Barbieri
 
PPTX
Overcoming Security Challenges in DevOps
byAlert Logic
 
PDF
Scaling Without Expanding: a DevOps Story
byAtlassian
 
Csa container-security-in-aws-dw
byCloud Security Alliance, UK chapter
 
Dev Ops Geek Fest: Automating the ForgeRock Platform
byForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
byForgeRock
 
Deploy 22 microservices from scratch in 30 mins with GitOps
byOpsta
 
Identity Summit UK: KEEP TALKING: LESSONS LEARNED DURING OUR MIGRATION FROM L...
byForgeRock
 
Scaling production grade EKS Multi-Cluster environments using GitOps
byCarlos Santana
 
The ForgeRock Deployment for Cloud Readiness
byForgeRock
 
Introduction to DevOps on AWS
byShiva Narayanaswamy
 
DevOps Unleashed: Strategies that Speed Deployments
byForgeRock
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
byForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
byForgeRock
 
Overpowered Kubernetes: CI/CD for K8s on Enterprise IaaS
byJ On The Beach
 
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
byForgeRock
 
Meetup devops
byLeonard Moustacchis
 
Oscon London 2016 - Docker from Development to Production
byPatrick Chanezon
 
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
byFwdays
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
byKublr
 
Kubernetes for .NET Developers
byLorenzo Barbieri
 
Overcoming Security Challenges in DevOps
byAlert Logic
 
Scaling Without Expanding: a DevOps Story
byAtlassian
 

More from ForgeRock

PDF
Identity Live Sydney: Building Trust and Privacy in a Connected Society
byForgeRock
 
PDF
Identity Live Singapore: Building Trust & Privacy in a Connected Society
byForgeRock
 
PDF
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
byForgeRock
 
PDF
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
byForgeRock
 
PDF
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
byForgeRock
 
PDF
Customer Safeguarding, Fraud and GDPR: Manah Khalil
byForgeRock
 
PDF
Intelligent Authentication (Identity Live Berlin 2018)
byForgeRock
 
PDF
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
PDF
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
byForgeRock
 
PDF
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
byForgeRock
 
PDF
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
byForgeRock
 
PDF
Identity Live Singapore 2018 Keynote Presentation
byForgeRock
 
PDF
Identity Live Sydney 2018 Keynote Presentation
byForgeRock
 
PDF
Applying Innovative Tools for GDPR Success
byForgeRock
 
PDF
Opening Keynote (Identity Live Berlin 2018)
byForgeRock
 
PDF
Identity Live Singapore: Just Ask 'Em
byForgeRock
 
PDF
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
PDF
Shift from GDPR readiness to sustained compliance to improve your business an...
byForgeRock
 
PDF
Identity Live Sydney: Identity Management - A Strategic Opportunity
byForgeRock
 
PDF
What the Internet of Things Means for Consumer Privacy: Veronica Lara
byForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
byForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
byForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
byForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
byForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
byForgeRock
 
Customer Safeguarding, Fraud and GDPR: Manah Khalil
byForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
byForgeRock
 
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
byForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
byForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
byForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
byForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
byForgeRock
 
Applying Innovative Tools for GDPR Success
byForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
byForgeRock
 
Identity Live Singapore: Just Ask 'Em
byForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
byForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
byForgeRock
 
What the Internet of Things Means for Consumer Privacy: Veronica Lara
byForgeRock
 

Recently uploaded

PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PPTX
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
PDF
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PPTX
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PDF
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
PDF
How Much Does It Cost To Build Software
bycollinmishell2
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
How Much Does It Cost To Build Software
bycollinmishell2
 

Get the Exact Identity Solution You Need - In the Cloud - Overview

  • 1.
    HUBCITYMEDIA Get the ExactIAM Solution You Need In the Cloud Containerized IAM on Amazon Web Services (Webcast 1 of 3) HUBCITYMEDIA
  • 2.
    HUBCITYMEDIA Introduction – WarrenStrange  With ForgeRock Since 2013  Responsible for DevOps Strategy  Previously with Sun Microsystems and Oracle Founded in Norway in 2010, ForgeRock technology is based on Sun Microsystem's IAM products. We are focused on Digital Identity and Access Management. • ForgeRock Access Manager • ForgeRock Identity Manager • ForgeRock Identity Gateway • ForgeRock Directory Services Copyright © 2018 ForgeRock. All rights reserved 2
  • 3.
    HUBCITYMEDIA Introduction – SteveGiovannetti  CTO and Founder of Hub City Media  Identity since 2001  Focus on containerized solutions for 2 years Hub City Media has over 18 years of experience implementing IAM solutions, and particularly specializes in ForgeRock deployments in the cloud and on premise. Equipped with full-time, US-Based Professional Services and Managed Support Services teams, we have the ability to partner with clients in any location or time zone. 3Copyright © 2018 HUBCITYMEDIA. All rights reserved.
  • 4.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. What is Containerized IAM? IAM Infrastructure Vendor Product > Containerize > Deploy Copyright © 2018 HUBCITYMEDIA. All rights reserved. 4
  • 5.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. 5 Containerized IAM in the Industry The Containerizatio n Boom Deploy Everything Reliable Systematic Repeatable
  • 6.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Why Containerized IAM? Settling vs. Success Operationally IDaaS Customization Capabilities of an On-Premise Deployment Operational Functionality of an IDaaS Consistent Software Delivery Method As companies modernize their infrastructure, this strategy is preferred Traditional IDaaS Containerized IAM No need to settle for an OOTB solution Customize to meet all of your needs 6
  • 7.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Implications? Support from Vendor Products Containerized IAM 7
  • 8.
    HUBCITYMEDIA Old School Deployment Backin the dark ages (before DevOps), there was the Run Book! Documented Procedures How to make changes in production Deployment Cadence Yearly Servers “Pets” (Snowflake Servers) “Mutable” 8Copyright © 2018 ForgeRock. All rights reserved
  • 9.
    HUBCITYMEDIA 2015 - TheForgeRock DevOps Journey Begins Demand Clients and Partners were looking for increased deployment velocity Lower deployment cost Public Cloud IaaS The Beginning Started looking at scripted deployments using Ansible frstack project Moderate success Automated complexity, but didn’t fix it Conclusions Significant product changes needed to simplify deployment (solve for complexity – don’t automate) Move from Java war files to containers Kubernetes as the orchestration platform 9Copyright © 2018 ForgeRock. All rights reserved
  • 10.
    HUBCITYMEDIA Why Kubernetes? • Cloudagnostic: Any Cloud + Bare Metal • Think of Kubernetes as AWS in a box • Broad Industry Support - CNCF project • The “linux” of container management • The container orchestration wars are over… 10Copyright © 2018 ForgeRock. All rights reserved
  • 11.
    HUBCITYMEDIA OpenAMOpenAM AM DJ DJ DS OpenIDM OpenIDM IDM OpenIGIG PV SSD kind: Deployment spec: replicas:1 template: metadata: name: openig labels: name: openig spec: containers: - name: openig image: forgerock/openig volumes: - name: keystore secret: secretName: openig manifest describes components and their relationships kind: Service name: opendj ports: - port: 389 name: ldap targetPort: 389 persistent volumes abstract storage Kubernetes Manifest Describes a “Virtual” ForgeRock Deployment Architecture The same manifest works on any cloud! AWS, Azure, Google, VMware, etc. 11Copyright © 2018 ForgeRock. All rights reserved
  • 12.
    HUBCITYMEDIA Deployment Landscape • Deploya war file • Bring your own infrastructure • Maximum flexibility • “Build it your way” • Higher operational complexity / cost On-premise • Limited flexibility • Infrastructure is fixed • Lower Operational Costs • Fastest deployment • Hybrid deployment on Kubernetes • Flexibility: less than custom, greater than SaaS • Lower operational costs through automation • Faster deployment • Semi-opinionated infrastructure: o Bring your own cloud 12Copyright © 2018 ForgeRock. All rights reserved
  • 13.
    HUBCITYMEDIA Key DevOPs FocusAreas Core Engineering to make products “12Factor” like Prefer Stateless vs. Stateful Kubernetes / Container Friendly Support Infrastructure as Code AKA configuration as an artifact Support for Immutable Deployment No snowflake servers The 12 factors circa 200 BC 13Copyright © 2018 ForgeRock. All rights reserved
  • 14.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. ForgeRock DevOps The cool stuff Where most of the effort is
  • 15.
    HUBCITYMEDIA Current DevOps Enhancements ForgeRockAccess Manager Import / Export configuration as json Autonomous servers; AM servers are “cattle” – no server identity Stateless Sessions – improved horizontal scalability Commons configuration – Template json configuration using common expressions. Use environment variables, system properties (12 factor practice) Evaluation docker images available on bintray docker pull forgerock-docker-public.bintray.io/forgerock/opendj:6.0.0 Sample Helm charts / Kubernetes manifests Platform 15Copyright © 2018 ForgeRock. All rights reserved
  • 16.
    HUBCITYMEDIA ForgeOps Repository The ForgeOpsRepository provides demonstration Dockerfiles and Kubernetes / Helm artifacts ● You will need to modify these files for your environment Open Source - https://github.com/ForgeRock DevOps Reference Examples - https://github.com/ForgeRock/forgeops Yes - ForgeRock supports our products running in Docker / Kubernetes! (*) - ForgeRock provides commercial support for the platform (AM, DS, IDM, IG). We expect our partners / clients to have Kubernetes experience! 16Copyright © 2018 ForgeRock. All rights reserved
  • 17.
    HUBCITYMEDIA DevOps Guide Read theFine Manual! Now with task flowcharts! 17Copyright © 2018 ForgeRock. All rights reserved https://backstage.forgerock.com/docs/ DevOps Guide https://backstage.forgerock.com/docs/platf orm/6/devops-quick-start-guide/
  • 18.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Power of AWS with Containerization Maturity Market Leader in Cloud Widely Used Breadth of Services Unparalleled in the Cloud Vendor market Flexibility Can be spread throughout organization 18
  • 19.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Containerized IAM on AWS – The Journey Automated Infrastructure Build VPC, Networking, Monitoring, CI/CD System Kubernetes Automated ForgeRock Product Project Configuration Kubernetes Namespace / Product Dependencies Integrated Monitoring and Management Cloud Watch Alerts and Monitors - Elastisearch Continuous Integration / Deployment Templates 19
  • 20.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Infrastructure Build Jenkins Kub Master Kub Master Kub Master Kub Node Kub Node Kub Node 1. CF VPC Creation Script • Creates VPC • AZs and Subnets • NAT Gateways • S3 Endpoint • Customer Gateway • VPN Gateway • Internet Gateway • Routing Tables • Cloudwatch • ElasticSearch • Route53 2. CF Jenkins Host Creation • Kicks off Kops Script 3. Kops Script • Creates Master Nodes • Creates Kub Nodes 20
  • 21.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Product Configuration ForgeRock IDM 1. Create Dependencies • RDS Multi-AZ 2. Create Namespace 3. Create Deployment • Images / Pods • ELBs – Multi-AZ ForgeRock AM 1. Create Dependencies • DJ 2. Create Namespace 3. Create Deployment • Images / Pods • ELBs – Multi-AZ Jenkins Kub Master Kub Master Kub Master DS DS DS Kubernetes Cluster Multi-AZ RDS IDM Namespace AM Namespace 21
  • 22.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. HCM – Client Use Case Multiple legacy vendor products High costs to manage and modernize Initiative to go IDaaS No single IDaaS vendor to satisfy all needs Implement ANY use case No constrictions Client controlled Extremely cost effective in comparison to other options REQUIREMENTS COMPLEXITY COST 22
  • 23.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Client Use Case ForgeRock Platform Custom, multi-phase IDM, AM, DS, IDG implementation Hub City Media Governance (IDG) HCM Tier 3 Support Managed Cloud Services on AWS $2.61 Per User Per Month 23
  • 24.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Containerized IAM on AWS – Roadmap 1.0 GA – May 2017 Released to Internal Team Automated Infrastructure Product / Namespace Config Monitoring Jenkins Templates Client Go Live – July 2017 1.2 – Winter 20181.1 – Fall 2018 Internal Dev Cutover Dockerize Jenkins Addt’l Deployment Strategies Containerization of DS Improved Encryption for Secrets Google Cloud Platform Stackdriver Integration Kube Federation AMI Configuration Tooling Improved Monitoring 24
  • 25.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Other Cloud Providers The Future of Software Deployment Considerations for the Future / Documentation FINAL WORDS
  • 26.
  • 27.
    HUBCITYMEDIACopyright © 2018HUBCITYMEDIA. All rights reserved. Webcast Series POSSIBILITIES ARCHITECTURE DEVOPS August 15, 2018 2:00pm-3:00pm EST September 12, 2018 2:00pm-3:00pm EST Thank you for joining us! 27
  • 28.

Editor's Notes

  • #4 Founded in 1999 - 18 years implementing and maintaining broad spectrum of IAM solutions All Employees located in NJ Headquarters 80+ Advisory and MSS Employees solely focused on IAM No Contractors - Full-time employees only U.S. Citizens Nationwide IAM Clients Dedicated Service Center Highly Specialized Support Engineers 24 x 7 x 365 Resource Availability Individually Tailored Support Solutions
  • #5 Definition: Taking a vendor product, containerizing it and deploying it as your IAM infrastructure (e.g. taking FR products and assets and deploying FR as a set of Docker images into a Kubernetes cluster)
  • #6 BULLET 1: Containerization as a deployment technology is booming right now It’s the way clients are starting to deploy software as a practice BULLET 2: Identity infrastructure isn’t different – everything can be deployed this way (applications, systems that support these apps –same characteristics) Repeatable builds Trend of deploying software reliably, systematically using a containerized approach
  • #7 Three Options for deploying your IAM Infrastructure: IdaaS, Deploy traditionally, Containerized So WHY containerized IAM? 1. Get EXACTLY the system that you want – can be customized and there’s no need to settle for OOTB functionality 2. Operational characteristics of an IDaaS (customization capabilities of an on premise deployment, operational functionality of an IDaaS 3. Docker / Kubernetes – Extension of what is already being done on the app / dev side – Deploy whole infrastructure this way (needs to be supported by a third party or supported by you) *as companies modernize their infrastructure, they want to use this strategy; consistent software delivery methodology
  • #8 Implications Vendor products need to support containerization (not every one can be done this way) Need to change thinking about how applications are deployed (DevOps mentaility) or third party; What do you need to get here? – transition to Warren
  • #9 Back in the dark ages, before DevOps, there was the Run Book! Documented procedures on how to make changes in production Deployment cadence: yearly Servers were “Pets” (Snowflake servers) and “Mutable”.
  • #10 Demand from customers and partners for increased deployment velocity, lower deployment cost, public cloud IaaS Began by looking at scripted deployments using Ansible (frstack project) Moderate success Automated the complexity. Didn’t fix it Conclusions: Significant product changes needed to simplify deployment Solve for complexity - don’t automate it Move from java war files to containers as the delivery vehicle Kubernetes as the orchestration platform
  • #11 Cloud agnostic. Any Cloud + Bare Metal Think of Kubernetes as AWS in a box Broad Industry Support - CNCF project The “linux” of container management The container orchestration wars are over…
  • #14 Core engineering required to make products “12Factor” like Prefer Stateless vs. Stateful Kubernetes/Container friendly Support Infrastructure as Code (A.K.A configuration as an artifact) Support for Immutable deployment models (no snowflake servers)
  • #15 Kubernetes is not magic pixie dust. It enables ease of use, but does not guarantee it
  • #16 ForgeRock Access Manager Import / Export configuration as json Autonomous servers. AM servers are “Cattle” - no server identity. Stateless sessions - improved horizontal scalability Platform Commons configuration - Template json configuration using common expressions. Use environment variables, system properties (12 factor practice) Evaluation docker images available on bintray docker pull forgerock-docker-public.bintray.io/forgerock/opendj:6.0.0 Sample Helm charts / Kubernetes manifests
  • #19 What makes AWS an ideal environment to deploy a containerized model? 1. Maturity; widely used by most organizations; market leader in cloud 2. Breadth of services available is unparalleled in the cloud vendor market; 3. Can be spread throughout organization Downside – good environment to run containerized solutions – up until recently, not much native support for Docker and Kubernetes – but clusters can be built on top of their platform
  • #23 REQUIREMENTS / ISSUES Multiple legacy vendor products deployed as a result of failed migrations Spending a lot of money managing and modernizing their platform Wanted to go to an IDaaS solution No single IDaaS vendor that would satisfy their needs – proposed to deploy FR in the cloud, in a containerized deployment in a public cloud environemtn using both FR and HCM products – satisfy all sue cases for the cleint (AM, Gov, etc) COMPLEXITY Can implement any use case required by the client Not constrained by a lowest common denominator IDaaS solution Nothing off the table Client controlled – not dependent on vendor COST
  • #24 Break down on a per user basis (what did they spend previously?) Custom solution below what Okta can provide Fully customized – all software – cloud – multiple stages of implementation (IDM, AM, DS, Governance) Price with PS Per user per month – FR products, gold support from fr, PS, Governance Stack, HCM Tier 3 support, Three phase project implementing OpenIDM, OpenAccess and subsequent phases, Managed CloudService on AWS (average)
  • #26 We’ve focused on AWS today, but this solution can work on many other cloud providers. That being said, AWS is a strong provider to utilize This is the future of how software will be deployed. The individual tech vendor may change, but the concept of containerization and orchestration is the way to get internet scale It’s definitely worth moving this direction, especially if you are building something that requires these characteristics
  • #28 Note for following two webcasts and quick summaries #2- Deeper dive into the architecture behind running containerized IAM on AWS and what your team needs for a successful deployment #3- The benefits and challenges of running containerized Identity systems in the cloud and what it’s like to run and operate You can sign up for them now. The links to registration are here and will also be sent out in the follow up email.