Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 2

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Organizations that want to install EmpowerID locally using modern architectures can leverage EmpowerID’s DevOps resources containerization to lessen the footprint associated with a full on-premise or cloud-hosted installation. To facilitate this, EmpowerID provides Docker OCI-compliant images of the product in Docker containers. Each container is , allowing a fully functional instance of EmpowerID that can to be easily deployed as a standalone container lab on a single desktop or as an orchestrated set enterprise-ready environment using Kubernetes . When you opt for this approach, you are ensured to have immediate access to the latest versions of EmpowerID and can go back to a previous version at any time by pulling the appropriate image.

Similarities and Differences

EmpowerID DevOps or other modern container orchestrators.

A containerized environment provides organizations with the full EmpowerID experience, but differs only in how the product is delivered. Instead of an MSI that needs to be installed on servers or accessing the platform via the cloud, EmpowerID DevOps delivers the product to you as containers running on “nodes.”

Advantages of the DevOps Approach

The DevOps approach to EmpowerID provides many advantages over on-premise following the standard EmpowerID installation detailed in the Admin Guide, it can be deployed via containers and EmpowerID components can be rapidly scaled up or down as required.

Benefits for developers

Containers help client developers build and ship customizations faster. With containers, developers can create a container image that deploys in seconds, identically across environments. Containers act as an easy mechanism to share code across teams and to bootstrap a development environment without impacting your host.

Benefits for IT professionals

Containers help system admins create infrastructure that's easier to update and maintain, and that more fully utilizes hardware resources. IT professionals can use containers to provide standardized EmpowerID instances for their development, QA, and production environments. By using containers, systems administrators abstract away differences in operating system installations and the underlying infrastructure.

Advantages

The containerized deployment of EmpowerID provides many advantages over classic installations to include the following:

  • Multiple installation options available

    • Fully managed SaaS from EmpowerID

    • Can be hosted in Azure Kubernetes Services (AKS), OpenshiftOpenShift, etc., cloud Kubernetes platforms that are easily deployed and managedcontainerization platforms

    • Can be deployed in an on-premise clustercontainerization platform

  • Easier patching without interruption to users; the product is delivered as one component (“image”) versus installing and patching filesmodern containerization platforms have the ability for non-disruptive rollouts as new component revisions become available

  • Ability to scale up or down; there is no need to install anything EmpowerID-related software requirements on nodes

  • Ability to auto-scale on demand

  • Provides for better use of resources, by running more components across hardware (vs more dedicated hardware for each component)

...

EmpowerID Components

  • Worker Role

    • The Worker Role containers make up the application tier of the system and are used for back-end processing of system integration processes such as inventory, synchronization, security management, and internal web service processes. The number of required running containers depends on the number and types of applications and integration processes being managed. These containers do not service Web user requests.

  • Web Role

    • The Web Role containers serve as the front-end user interface for the Web applications used by users. These containers serve up the Web pages and perform any interactive workflow processing initiated by users.

  • IT Shop

    • The IT Shop provides a shopping cart experience which empowers end-users to request access for themselves and to allow designated managers or coordinators to request access for others with flexible workflow approvals

  • MyIdentity

  • Azure Analytics

    • The Azure Analytic Microservice provides organizations with intelligent, real-time visual feedback on the drivers of their Azure expenses and the number of licenses being consumed by their organization at any given data point.

  • MyTasks

  • Azure AD SCIM (Deployed as an Azure App Service)

    • The Azure AD SCIM microservice provides organizations with the tools to manage Azure AD users, roles and licenses

  • Azure Exchange Mailbox (Deployed as Azure App Service)

  • Role Mining (Deployed as Azure Functions)

    • EmpowerID Role Mining provides intelligence and insights with real-time authorization, in-depth visibility, and the automating of role-mining and optimization, while maintaining speed, reducing redundancy and staying compliant.

  • Privileged Session Manager (PSM)

    • EmpowerID Privileged Session Manager (PSM) is an application cluster that allows you to access, record, and monitor privileged sessions. With PSM, users can be issued privileged access to computers while meeting audit requirements. It enables granting access to users for a specific amount of time, capability to monitor live and terminate session at any point and replaying sessions. It also includes time constrained access to credentials and automatic termination of sessions after time limit expiry.

Requirements

To run EmpowerID images, the following requirements must be met:

Container orchestrator / cluster WITH WINDOWS NODE SUPORTwith Windows node support

Container Orchestrator

Any modern OCI-compliant orchestrator with support for Windows nodes and workloads


Windows Node Requirements

  • Windows Server 1809 (LTSC)

  • 8 Cores

  • 64gb mem

  • 250gb drive

Linux Node Requirements (May vary depending on optional components chosen)

  • Kubernetes standards

LoggingAncillary Requirements

  • Log aggregation capabilities within cluster (for diagnostics and support)

  • Cluster monitoring

  • Git Repo (for customization management)

SQL Requirements


Processor


12 8 processor cores required, more recommended based on usage scenario.


Memory



64 GB required, more recommended based on usage scenario.

Aggressive Enterprise Disk Subsystem

  • Fast SSD-Based Disks

  • Separate Drive for OS

  • Separate Drive for Application

Memory

64 GB required, more recommended based on usage scenario.

Hard Drive Space

Note

Each SQL server should follow Microsoft’s best practice design, utilizing different disk spindles for OS, Logs, Data, and backups. At a minimum, EmpowerID needs the log drive and data drive to have the below available space. Depending on the number of objects in your environment, disk space needs may be significantly higher.

  • Log Drive: 200 GB. This is to accommodate large transaction log growth in the event of extended processes.

  • Data Drive: 200 GB. We anticipate the database will be 5-10 GB on initial creation. The growth rate will depend on actual use and transaction level.

Provided by EmpowerID

The following are components provided by EmpowerID for deployment needs:

  • Container Images

    • EmpowerID will provide OCI-compliant images for the base components of the EmpowerID suite and other microservices that the client has licensed for use

  • Deployment Templates

    • Kubernetes YAML files will be provided, along with documentation describing various common environmental variables and required secrets.

  • Database

    • A Microsoft SQL Server BAC file (or BACPAC file) will be provided to help initialize the primary EmpowerID data store

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue