ForgeRock, profile picture
Uploaded byForgeRock
254 views

Get the Exact Identity Solution you Need in the Cloud - Deep Dive

This document outlines a webcast on containerized Identity and Access Management (IAM) solutions using Amazon Web Services, focusing on Kubernetes architecture and ForgeRock product deployment. It discusses configuration management strategies, deployment flows, and future plans for simplifying access manager deployment. The document emphasizes the importance of customization, continuous integration, and monitoring strategies in a cloud environment.

Embed presentation

Downloaded 12 times
HUBCITYMEDIA! Get the Exact IAM Solution You Need ! In the Cloud Deep Dive - Containerized IAM on Amazon Web Services (Webcast 2 of 3) ! HUBCITYMEDIA!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 2! Introductions
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 3! Webcast 1 Recap Why Containerized IAM Customize the solution to meet ALL of your needs! ! ! Why Kubernetes Architecture, Deployment Landscape, ForgeRock DevOps! ! ! Containerized IAM on AWS Infrastructure, Product Configuration, Client Use Case ! ! ! Check out the recording of Webcast 1 - Link in Attachments! ! !
HUBCITYMEDIA! ForgeOps Recap: What is it?! Platform Configuration Strategy and Helm ! Demo: Deploying ForgeRock AM! Architecture Review: Cloud Deployments! Continuous Integration Strategies! ! Q&A! Monitoring Strategies! Kops and ForgeOps Customizations!
HUBCITYMEDIA! ForgeOps Recap The ForgeOps Repository provides demonstration Dockerfiles and Kubernetes / Helm artifacts ●  You will need to modify these files for your environment Open Source - https://github.com/ForgeRock Yes - ForgeRock supports our products running in Docker / Kubernetes! (*) - ForgeRock provides commercial support for the platform (AM, DS, IDM, IG). We expect our partners / clients to have Kubernetes experience! 5 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! DevOps Guide https://backstage.forgerock.com/docs/platform/6/ devops-guide/ Read the Fine Manual! Now with task flowcharts! 6 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! ForgeOps Configuration Configuration is in json (a human-ish readable format)! Configuration needs to be provided to Amster / AM somehow...! ●  We think production users will want to manage configuration in a git repo! ○  Allows for versioning, audit, rollback, etc.! ○  Potential for “gitOps” - deploy a new configuration when a git PR is merged! ●  But other strategies are possible...! ○  Bake configuration files into the Docker container ! ○  Put them on an S3 bucket, NFS volume, etc.! ! 7 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! Configuration Options 8 Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! 9 Copyright © 2018 ForgeRock. All rights reserved Helm Helm - A “package” manager for Kubernetes ! •  Packages up Kubernetes manifests for an application! •  Example: helm install wordpress Some helm commands: helm list - show the “releases” deployed to your cluster helm install - install a package. Creates a “release” helm delete - deletes a release
HUBCITYMEDIA! ForgeRock Access Manager Deployment Flow 1.  Deploy frconfig chart (one time activity)! a.  Holds the URLs and credentials needed to pull from a git repository! b.  We might extend this chart in the future with other pre-requisites! 2.  Deploy directories for configuration, CTS and user store! 3.  Deploy Access Manager! a.  It has a dependency on the config store ! b.  Waits for config store to be available, then checks to see if there is a valid configuration! i.  Create a bootstrap if there is an existing configuration. Otherwise - boot into configurator.! 4.  Deploy Amster container! a.  Amster spins waiting for AM to come up. If it is already configured, it does not reapply configuration.! b.  Optional: Take exports from AM, commit them to git! For development: Iterate steps 2 > 4! Copyright © 2018 ForgeRock. All rights reserved
HUBCITYMEDIA! Demo
HUBCITYMEDIA! Sneak Peak: Our plans to simplify deployment Boot Access Manager directly from json configuration files! ●  Eliminates the requirement for an amster bootstrap pod! ●  Simplifies sequencing of bootstrap: No need to wait for a configuration store to be provisioned! ●  No more “Install” Phase - there is just a “run” phase! Easier Secrets Management with Commons Secrets integration! ●  Manage key material, admin credentials using commons secrets! ●  Allow for “attaching” secrets per environment, instead of migrating them! ●  Pluggable backend architecture! ○  Future support for Hashicorp Vault, or other secret backends! !
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Architecture Review 13! Automated Cluster Build! •  AWS VPC! •  Supporting AWS Infrastructure! •  Kubernetes! •  CI System! •  Monitoring Infrastructure!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Architecture Review 14! Continuous Integration! •  IG/AM! •  IDM! •  DS via Config. Mgmt.!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Core Infrastructure Build Processes 15! Stage 1 VPC! ! Parameterized CF Stack! ! Maps to Regional AMIs and Machine Types! ! Monitoring Stack! ! ! Stage 2 Kubernetes! ! Multi-AZ! ! Full Cluster Deployment! ! Customized AMIs! ! Stage 3 Applications! ! First CI run deploys apps! supporting AWS Svcs! ! !
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. 16! Node AMIs ! Customized for additional monitoring telemetry- Disk, CPU, etc.! ! NGINX Gateways! ! ! Docker Files ! Customized for additional monitoring telemetry – primarily JVM Stats! Sizing for production! ! K8s Deployments! ! Fully customized! ! No Helm! ! No Auto-scaling! ! ! MCS Ops Guide Tailored per client environment! ! ! HCM Kops and ForgeOps Customizations
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Continuous Integration Strategies 17! IG ! Fully Immutable! ! All config in Docker Image! ! Deployment and Roll back ! ! Elastically Scalable! ! ! AM ! Partially Immutable! ! Config in DS and Files! ! Elastically Scalable - Stateless! ! ! IDM ! Partially Immutable! ! Config DB/Files! ! Elastically Scalable! ! ! DS ! Not Containerized! ! Config. Mgmt. Approach! ! Ansible Automated build and updates! ! !
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Monitoring Strategies 18!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Challenges 19! Networking and Kops Running Kops without Internet Gateway ! (one year ago)! ! ! Kubernetes plumbing can leak…or burst ! Proxies! ! Networking! ! Load balancers! ! ! Non TCP/ IP Services (RADIUS) NGINX! ! ! Managing configuration without consoles ! Big shift in thinking for application user! ! What is immutable vs. application data?! ! !
HUBCITYMEDIA! What you need before taking this on in AWS! FINAL WORDS!
HUBCITYMEDIA! Questions and Answers HUBCITYMEDIA!
HUBCITYMEDIA!Copyright © 2018 HUBCITYMEDIA. All rights reserved. Webcast Series POSSIBILITIES! ARCHITECTURE! DEVOPS! Thank you for joining us!! September 12, 2018! 2:00pm-3:00pm EST! 22!
HUBCITYMEDIA! Thank you! HUBCITYMEDIA!

More Related Content

PPTX
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
byForgeRock
 
PDF
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
byVMware Tanzu
 
PDF
8.cncf en
byJuraj Hantak
 
PDF
Kubernetes für Workstations Edge und IoT Devices
byQAware GmbH
 
PDF
Cloud Native Development
byManuel Garcia
 
PDF
Weave GitOps Core Overview (Free GitOps Workshop)
byWeaveworks
 
PDF
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
byVMware Tanzu
 
PDF
Managing serverless workloads with knative
byGDG Cloud Bengaluru
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
byForgeRock
 
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
byVMware Tanzu
 
8.cncf en
byJuraj Hantak
 
Kubernetes für Workstations Edge und IoT Devices
byQAware GmbH
 
Cloud Native Development
byManuel Garcia
 
Weave GitOps Core Overview (Free GitOps Workshop)
byWeaveworks
 
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
byVMware Tanzu
 
Managing serverless workloads with knative
byGDG Cloud Bengaluru
 

What's hot

PDF
Kubecon seattle 2018 workshop slides
byWeaveworks
 
PDF
Http Services in Rust on Containers
byAnton Whalley
 
PPTX
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
byMatt McNeeney
 
PPTX
PKS Networking with NSX-T: You Focus on your App, We'll Take Care of the Rest!
byVMware Tanzu
 
PDF
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
bycornelia davis
 
PDF
K8s at Scale in the Enterprise: Self-Service Through the View of Personas
byVMware Tanzu
 
PDF
Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...
byKangaroot
 
PPTX
Deploying Spring Boot apps on Kubernetes
byVMware Tanzu
 
PPTX
[Konveyor] adding security to dev ops for your kubernetes native applications
byKonveyor Community
 
PDF
How we can do Multi-Tenancy on Kubernetes
byOpsta
 
PDF
Anthos Application Modernization Platform
byGDG Cloud Bengaluru
 
PDF
DCEU 18: Designing a Global Centralized Container Platform for a Multi-Cluste...
byDocker, Inc.
 
PPTX
GitLab, AWS and Terraform: The Perfect Combination
byWill Hall
 
PDF
Introduction to Spring Cloud Kubernetes
byVMware Tanzu
 
PDF
Putting microservices on a diet with Istio
byQAware GmbH
 
PDF
Running CI/CD with VMWare Cloud PKS and Jenkins X
byCojan van Ballegooijen
 
PDF
Delivering Quality at Speed with GitOps
byWeaveworks
 
PPTX
Cloud Native Apps with GitOps
byWeaveworks
 
PDF
DevSecOps with Confidence
byVMware Tanzu
 
PDF
KubeCon + CloudNativeCon Barcelona and Shanghai 2019 - Highlights
byKrishna-Kumar
 
Kubecon seattle 2018 workshop slides
byWeaveworks
 
Http Services in Rust on Containers
byAnton Whalley
 
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
byMatt McNeeney
 
PKS Networking with NSX-T: You Focus on your App, We'll Take Care of the Rest!
byVMware Tanzu
 
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
bycornelia davis
 
K8s at Scale in the Enterprise: Self-Service Through the View of Personas
byVMware Tanzu
 
Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...
byKangaroot
 
Deploying Spring Boot apps on Kubernetes
byVMware Tanzu
 
[Konveyor] adding security to dev ops for your kubernetes native applications
byKonveyor Community
 
How we can do Multi-Tenancy on Kubernetes
byOpsta
 
Anthos Application Modernization Platform
byGDG Cloud Bengaluru
 
DCEU 18: Designing a Global Centralized Container Platform for a Multi-Cluste...
byDocker, Inc.
 
GitLab, AWS and Terraform: The Perfect Combination
byWill Hall
 
Introduction to Spring Cloud Kubernetes
byVMware Tanzu
 
Putting microservices on a diet with Istio
byQAware GmbH
 
Running CI/CD with VMWare Cloud PKS and Jenkins X
byCojan van Ballegooijen
 
Delivering Quality at Speed with GitOps
byWeaveworks
 
Cloud Native Apps with GitOps
byWeaveworks
 
DevSecOps with Confidence
byVMware Tanzu
 
KubeCon + CloudNativeCon Barcelona and Shanghai 2019 - Highlights
byKrishna-Kumar
 

Similar to Get the Exact Identity Solution you Need in the Cloud - Deep Dive

PPTX
Get the Exact Identity Solution You Need - In the Cloud - Overview
byForgeRock
 
PPTX
Csa container-security-in-aws-dw
byCloud Security Alliance, UK chapter
 
PPTX
Devops Boise - Israel Shirk - Pragmatic Migration to Infrastructure As Code
byIsrael Shirk
 
PDF
Slide DevSecOps Microservices
byHendri Karisma
 
PDF
Deploy 22 microservices from scratch in 30 mins with GitOps
byOpsta
 
PDF
EKS Workshop
byAWS Germany
 
PDF
The ForgeRock Deployment for Cloud Readiness
byForgeRock
 
PDF
DevOps Unleashed: Strategies that Speed Deployments
byForgeRock
 
PDF
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
byVMware Tanzu
 
PPTX
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
byAWS Germany
 
PPTX
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
byYong Feng
 
PPTX
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
byForgeRock
 
PDF
[AWS Container Service] Getting Started with Kubernetes on AWS
byAmazon Web Services Korea
 
PPTX
Kubernetes Manchester - 6th December 2018
byDavid Stockton
 
PPTX
Oscon London 2016 - Docker from Development to Production
byPatrick Chanezon
 
PDF
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
byKublr
 
PPTX
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
byDevOpsDaysJKT
 
PPTX
DevOps with Kubernetes and Helm - OSCON 2018
byJessica Deen
 
PDF
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
byDevOpsDays Riga
 
PPTX
AWS User Group 5/12 meetup - ECS
byShimon Tolts
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
byForgeRock
 
Csa container-security-in-aws-dw
byCloud Security Alliance, UK chapter
 
Devops Boise - Israel Shirk - Pragmatic Migration to Infrastructure As Code
byIsrael Shirk
 
Slide DevSecOps Microservices
byHendri Karisma
 
Deploy 22 microservices from scratch in 30 mins with GitOps
byOpsta
 
EKS Workshop
byAWS Germany
 
The ForgeRock Deployment for Cloud Readiness
byForgeRock
 
DevOps Unleashed: Strategies that Speed Deployments
byForgeRock
 
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
byVMware Tanzu
 
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
byAWS Germany
 
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
byYong Feng
 
NYC Identity Summit Tech Day: ForgeRock DevOps/Cloud Strategy
byForgeRock
 
[AWS Container Service] Getting Started with Kubernetes on AWS
byAmazon Web Services Korea
 
Kubernetes Manchester - 6th December 2018
byDavid Stockton
 
Oscon London 2016 - Docker from Development to Production
byPatrick Chanezon
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
byKublr
 
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
byDevOpsDaysJKT
 
DevOps with Kubernetes and Helm - OSCON 2018
byJessica Deen
 
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
byDevOpsDays Riga
 
AWS User Group 5/12 meetup - ECS
byShimon Tolts
 

More from ForgeRock

PDF
Identity Live Sydney: Building Trust and Privacy in a Connected Society
byForgeRock
 
PDF
Identity Live Singapore: Building Trust & Privacy in a Connected Society
byForgeRock
 
PDF
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
byForgeRock
 
PDF
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
byForgeRock
 
PDF
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
byForgeRock
 
PDF
Customer Safeguarding, Fraud and GDPR: Manah Khalil
byForgeRock
 
PDF
Intelligent Authentication (Identity Live Berlin 2018)
byForgeRock
 
PDF
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
PDF
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
byForgeRock
 
PDF
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
byForgeRock
 
PDF
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
byForgeRock
 
PDF
Identity Live Sydney 2018 Keynote Presentation
byForgeRock
 
PDF
Applying Innovative Tools for GDPR Success
byForgeRock
 
PDF
Identity Live Singapore 2018 Keynote Presentation
byForgeRock
 
PDF
Identity Live Singapore: Just Ask 'Em
byForgeRock
 
PDF
Opening Keynote (Identity Live Berlin 2018)
byForgeRock
 
PDF
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
PDF
Shift from GDPR readiness to sustained compliance to improve your business an...
byForgeRock
 
PDF
Identity Live Sydney: Identity Management - A Strategic Opportunity
byForgeRock
 
PDF
What the Internet of Things Means for Consumer Privacy: Veronica Lara
byForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
byForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
byForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
byForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
byForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
byForgeRock
 
Customer Safeguarding, Fraud and GDPR: Manah Khalil
byForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
byForgeRock
 
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
byForgeRock
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
byForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
byForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
byForgeRock
 
Applying Innovative Tools for GDPR Success
byForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
byForgeRock
 
Identity Live Singapore: Just Ask 'Em
byForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
byForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
byForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
byForgeRock
 
What the Internet of Things Means for Consumer Privacy: Veronica Lara
byForgeRock
 

Recently uploaded

PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PPTX
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PPTX
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
PDF
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 

Get the Exact Identity Solution you Need in the Cloud - Deep Dive

  • 1.
    HUBCITYMEDIA! Get the ExactIAM Solution You Need ! In the Cloud Deep Dive - Containerized IAM on Amazon Web Services (Webcast 2 of 3) ! HUBCITYMEDIA!
  • 2.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. 2! Introductions
  • 3.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. 3! Webcast 1 Recap Why Containerized IAM Customize the solution to meet ALL of your needs! ! ! Why Kubernetes Architecture, Deployment Landscape, ForgeRock DevOps! ! ! Containerized IAM on AWS Infrastructure, Product Configuration, Client Use Case ! ! ! Check out the recording of Webcast 1 - Link in Attachments! ! !
  • 4.
    HUBCITYMEDIA! ForgeOps Recap: What is it?! Platform Configuration Strategyand Helm ! Demo: Deploying ForgeRock AM! Architecture Review: Cloud Deployments! Continuous Integration Strategies! ! Q&A! Monitoring Strategies! Kops and ForgeOps Customizations!
  • 5.
    HUBCITYMEDIA! ForgeOps Recap The ForgeOpsRepository provides demonstration Dockerfiles and Kubernetes / Helm artifacts ●  You will need to modify these files for your environment Open Source - https://github.com/ForgeRock Yes - ForgeRock supports our products running in Docker / Kubernetes! (*) - ForgeRock provides commercial support for the platform (AM, DS, IDM, IG). We expect our partners / clients to have Kubernetes experience! 5 Copyright © 2018 ForgeRock. All rights reserved
  • 6.
    HUBCITYMEDIA! DevOps Guide https://backstage.forgerock.com/docs/platform/6/ devops-guide/ Readthe Fine Manual! Now with task flowcharts! 6 Copyright © 2018 ForgeRock. All rights reserved
  • 7.
    HUBCITYMEDIA! ForgeOps Configuration Configuration isin json (a human-ish readable format)! Configuration needs to be provided to Amster / AM somehow...! ●  We think production users will want to manage configuration in a git repo! ○  Allows for versioning, audit, rollback, etc.! ○  Potential for “gitOps” - deploy a new configuration when a git PR is merged! ●  But other strategies are possible...! ○  Bake configuration files into the Docker container ! ○  Put them on an S3 bucket, NFS volume, etc.! ! 7 Copyright © 2018 ForgeRock. All rights reserved
  • 8.
    HUBCITYMEDIA! Configuration Options 8 Copyright ©2018 ForgeRock. All rights reserved
  • 9.
    HUBCITYMEDIA! 9 Copyright ©2018 ForgeRock. All rights reserved Helm Helm - A “package” manager for Kubernetes ! •  Packages up Kubernetes manifests for an application! •  Example: helm install wordpress Some helm commands: helm list - show the “releases” deployed to your cluster helm install - install a package. Creates a “release” helm delete - deletes a release
  • 10.
    HUBCITYMEDIA! ForgeRock Access ManagerDeployment Flow 1.  Deploy frconfig chart (one time activity)! a.  Holds the URLs and credentials needed to pull from a git repository! b.  We might extend this chart in the future with other pre-requisites! 2.  Deploy directories for configuration, CTS and user store! 3.  Deploy Access Manager! a.  It has a dependency on the config store ! b.  Waits for config store to be available, then checks to see if there is a valid configuration! i.  Create a bootstrap if there is an existing configuration. Otherwise - boot into configurator.! 4.  Deploy Amster container! a.  Amster spins waiting for AM to come up. If it is already configured, it does not reapply configuration.! b.  Optional: Take exports from AM, commit them to git! For development: Iterate steps 2 > 4! Copyright © 2018 ForgeRock. All rights reserved
  • 11.
  • 12.
    HUBCITYMEDIA! Sneak Peak: Ourplans to simplify deployment Boot Access Manager directly from json configuration files! ●  Eliminates the requirement for an amster bootstrap pod! ●  Simplifies sequencing of bootstrap: No need to wait for a configuration store to be provisioned! ●  No more “Install” Phase - there is just a “run” phase! Easier Secrets Management with Commons Secrets integration! ●  Manage key material, admin credentials using commons secrets! ●  Allow for “attaching” secrets per environment, instead of migrating them! ●  Pluggable backend architecture! ○  Future support for Hashicorp Vault, or other secret backends! !
  • 13.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. Architecture Review 13! Automated Cluster Build! •  AWS VPC! •  Supporting AWS Infrastructure! •  Kubernetes! •  CI System! •  Monitoring Infrastructure!
  • 14.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. Architecture Review 14! Continuous Integration! •  IG/AM! •  IDM! •  DS via Config. Mgmt.!
  • 15.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. Core Infrastructure Build Processes 15! Stage 1 VPC! ! Parameterized CF Stack! ! Maps to Regional AMIs and Machine Types! ! Monitoring Stack! ! ! Stage 2 Kubernetes! ! Multi-AZ! ! Full Cluster Deployment! ! Customized AMIs! ! Stage 3 Applications! ! First CI run deploys apps! supporting AWS Svcs! ! !
  • 16.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. 16! Node AMIs ! Customized for additional monitoring telemetry- Disk, CPU, etc.! ! NGINX Gateways! ! ! Docker Files ! Customized for additional monitoring telemetry – primarily JVM Stats! Sizing for production! ! K8s Deployments! ! Fully customized! ! No Helm! ! No Auto-scaling! ! ! MCS Ops Guide Tailored per client environment! ! ! HCM Kops and ForgeOps Customizations
  • 17.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. Continuous Integration Strategies 17! IG ! Fully Immutable! ! All config in Docker Image! ! Deployment and Roll back ! ! Elastically Scalable! ! ! AM ! Partially Immutable! ! Config in DS and Files! ! Elastically Scalable - Stateless! ! ! IDM ! Partially Immutable! ! Config DB/Files! ! Elastically Scalable! ! ! DS ! Not Containerized! ! Config. Mgmt. Approach! ! Ansible Automated build and updates! ! !
  • 18.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. Monitoring Strategies 18!
  • 19.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. Challenges 19! Networking and Kops Running Kops without Internet Gateway ! (one year ago)! ! ! Kubernetes plumbing can leak…or burst ! Proxies! ! Networking! ! Load balancers! ! ! Non TCP/ IP Services (RADIUS) NGINX! ! ! Managing configuration without consoles ! Big shift in thinking for application user! ! What is immutable vs. application data?! ! !
  • 20.
    HUBCITYMEDIA! What you need beforetaking this on in AWS! FINAL WORDS!
  • 21.
  • 22.
    HUBCITYMEDIA!Copyright © 2018HUBCITYMEDIA. All rights reserved. Webcast Series POSSIBILITIES! ARCHITECTURE! DEVOPS! Thank you for joining us!! September 12, 2018! 2:00pm-3:00pm EST! 22!
  • 23.