Deployment Best Practices: Open Identity Stack
Transcript of Deployment Best Practices: Open Identity Stack
OIS Deployment Best Practices
Steve FerrisVP Services and Co-Founder
3
Why are we here?• We want to see customers and partners succeed
• Best practice is easier, cheaper and safer in the long term
• The goal should be a stable supportable production platform, the question is how best to get there…
• Based on our experience in services and consulting in both ForgeRock and Sun
4
Project Initiation• Project scope
• The 3 R’s; Resources, Responsibilities, Roles
• Planning; critical path; dependencies; expectations
• To PoC or not to PoC; a PoC helps you to trial functionality and features; hit issues early!
• Plan for Training and Professional Services
5
Architecture• Correct use of the products• Mapping requirements to features• Ensuring architecture meets both functional and non-
functional requirements; especially scale and security
• Implement for ease of management and scale; try to keep it simple• Simple does not mean basic; it should mean enough
complexity to meet requirements, but no more.• Cost of ownership is directly proportion to the complexity
of the deployment
6
Implementation■Source Code Revision; even for configuration– IAM deployments tend to be long lived; maintaining
history and consistency across the project will yield long term benefits.
■Leverage the products rather than custom code– Plenty of plug-in points in the products; work with rather
than against the product. – Work with ForgeRock to raise improvements and/or
changes
■Understand and record what's been configured/customised and why; you will not be there forever!
7
Automation, CI and DevOps■CI is Continuous Integration– Use a tools such as Jenkins to ensure your unit tests are
run, maven artifacts are published, builds are consistent and everything is automated
■Depends on customisations– If you do not have many or any customisations (in terms
of code) then CI isn’t appropriate/overkill
■Unit testing; determining you've not broken anything– If you are developing customisations then ensure you
include unit tests to ensure you’ve not broken anything
8
Functional Testing■What constitutes a good test plan– Should encompass all functionality relied upon to deliver
the solution– You want to ensure that nothing breaks as your extend
and build on your IAM deployment
■Ensure your configuration/customisations are in covered in the test plan– Remember you are only ensuring your use of the
product is functional rather than the product itself.
9
Non Functional Testing■Testing failover and DR procedures– Always best not to leave these until the P1 hits!
■Load testing; the benefits of a load testing framework– Don’t just do this once; integrate load testing into your
general test plan– If you have not load tested how can you be sure any
changes will not have effected the scale
11
Go live■Tested process with a rollback procedure– also tested– the joy of cloud
■Tell us! (Especially if it’s the weekend…)– Preferably not with 4 hours’ notice!– If you are a ForgeRock subscription customer with 24x7
support– Enough notice will ensure we can arrange the most
appropriate out-of-hours cover
■Go-Live PS Package for maximum protection
12
Supportability■Puppet not Word– We are not living in the 20th century; puppet does the
work, not you!
■Effective Runbook– Stable product – install and forget!– The runbook is the operational team’s procedure manual
and your safety net
■Basic debugging procedures– Should be in the runbook so everyone knows the basics
13
Leverage the Cloud■Cloud changes the
way in which we can work
■Plan for a transient production environment
■Tactical solutions no longer become stuck as strategic
14
IRM US Summit 2014
Thanks for coming!
15
Meet the Panel■ Jim McDonald; Engagement Manager, Identropy
■ Harish Ramachandran; VP of Global Pre-Sales and Co-Founder, CIGNEX Datamatics
■ Nicolas Seigneur, Sr. Identity Architect, Indigo Consulting
■ Rogério A. Rondini; Chief Architect, Smart Software
■ Michael Seaver; Chief of Staff, TriVir