OIS Deployment Best Practices

Steve FerrisVP Services and Co-Founder

3

Why are we here?• We want to see customers and partners succeed

• Best practice is easier, cheaper and safer in the long term

• The goal should be a stable supportable production platform, the question is how best to get there…

• Based on our experience in services and consulting in both ForgeRock and Sun

4

Project Initiation• Project scope

• The 3 R’s; Resources, Responsibilities, Roles

• Planning; critical path; dependencies; expectations

• To PoC or not to PoC; a PoC helps you to trial functionality and features; hit issues early!

• Plan for Training and Professional Services

5

Architecture• Correct use of the products• Mapping requirements to features• Ensuring architecture meets both functional and non-

functional requirements; especially scale and security

• Implement for ease of management and scale; try to keep it simple• Simple does not mean basic; it should mean enough

complexity to meet requirements, but no more.• Cost of ownership is directly proportion to the complexity

of the deployment

6

Implementation■Source Code Revision; even for configuration– IAM deployments tend to be long lived; maintaining

history and consistency across the project will yield long term benefits.

■Leverage the products rather than custom code– Plenty of plug-in points in the products; work with rather

than against the product. – Work with ForgeRock to raise improvements and/or

changes

■Understand and record what's been configured/customised and why; you will not be there forever!

7

Automation, CI and DevOps■CI is Continuous Integration– Use a tools such as Jenkins to ensure your unit tests are

run, maven artifacts are published, builds are consistent and everything is automated

■Depends on customisations– If you do not have many or any customisations (in terms

of code) then CI isn’t appropriate/overkill

■Unit testing; determining you've not broken anything– If you are developing customisations then ensure you

include unit tests to ensure you’ve not broken anything

8

Functional Testing■What constitutes a good test plan– Should encompass all functionality relied upon to deliver

the solution– You want to ensure that nothing breaks as your extend

and build on your IAM deployment

■Ensure your configuration/customisations are in covered in the test plan– Remember you are only ensuring your use of the

product is functional rather than the product itself.

9

Non Functional Testing■Testing failover and DR procedures– Always best not to leave these until the P1 hits!

■Load testing; the benefits of a load testing framework– Don’t just do this once; integrate load testing into your

general test plan– If you have not load tested how can you be sure any

changes will not have effected the scale

11

Go live■Tested process with a rollback procedure– also tested– the joy of cloud

■Tell us! (Especially if it’s the weekend…)– Preferably not with 4 hours’ notice!– If you are a ForgeRock subscription customer with 24x7

support– Enough notice will ensure we can arrange the most

appropriate out-of-hours cover

■Go-Live PS Package for maximum protection

12

Supportability■Puppet not Word– We are not living in the 20th century; puppet does the

work, not you!

■Effective Runbook– Stable product – install and forget!– The runbook is the operational team’s procedure manual

and your safety net

■Basic debugging procedures– Should be in the runbook so everyone knows the basics

13

Leverage the Cloud■Cloud changes the

way in which we can work

■Plan for a transient production environment

■Tactical solutions no longer become stuck as strategic

14

IRM US Summit 2014

Thanks for coming!

15

Meet the Panel■ Jim McDonald; Engagement Manager, Identropy

■ Harish Ramachandran; VP of Global Pre-Sales and Co-Founder, CIGNEX Datamatics

■ Nicolas Seigneur, Sr. Identity Architect, Indigo Consulting

■ Rogério A. Rondini; Chief Architect, Smart Software

■ Michael Seaver; Chief of Staff, TriVir