Versions Compared

Old Version 4

changes.mady.by.user Patrick Parker

Saved on

compared with

New Version Current

changes.mady.by.user Nirav Patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Containerization allows EmpowerID to be deployed in three primary ways:

  1. The EmpowerID SaaS option alleviates all infrastructure concerns, allowing you to focus on solving business needs with EmpowerID on day one. EmpowerID SaaS runs on a fully redundant Microsoft Azure infrastructure in the region of your choice, with all aspects of management and monitoring handled by our infrastructure team. EmpowerID SaaS deployments are appropriately sized to balance your organization’s demanding SLAs with costs and scaled as and when needed. Additional service options are available for SaaS customers to offload all EmpowerID management tasks, including configuration management, converting their SaaS EmpowerID into a fully managed service. All managed service offerings can be phased out as a customer develops their own internally trained support staff.

  2. Organizations can self-host EmpowerID in their own private Microsoft Azure tenant. Our team can provide any level of support, ranging from consulting to assist your engineers in designing your infrastructure to offering a full-managed service to run and manage your EmpowerID installation. Support for other public cloud platforms such as Amazon Web Services (AWS) is in beta now.

  3. An on-premise installation of EmpowerID allows an organization to manage Cloud and on-premise systems but run EmpowerID from their own data centers. If these organizations run Kubernetes clusters today to host other services, then running EmpowerID containers on-premises is easily accomplished.

...

Organizations that want to install EmpowerID using modern architectures can leverage containerization to lessen the footprint associated with a full on-premise or cloud-hosted installation. To facilitate this, EmpowerID provides OCI-compliant images of the product, allowing a fully functional instance of EmpowerID to be easily deployed as a standalone lab on a single desktop or as an orchestrated enterprise-ready environment using Kubernetes or other modern container orchestrators.

...

  • Worker Role

    • The Worker Role containers make up the application tier of the system and are used for back-end processing of system integration processes such as inventory, synchronization, security management, and internal web service processes. The number of required running containers depends on the number and types of applications and integration processes being managed. These containers do not service Web user requests.

  • Web Role

    • The Web Role containers serve as the front-end user interface for the Web applications used by users. These containers serve up the Web pages and perform any interactive workflow processing initiated by users.

  • IT Shop

    • The IT Shop provides a shopping cart experience that empowers end-users to request access for themselves and to allow designated managers or coordinators to request access for others with flexible workflow approvals

  • MyIdentity

    • The My Identity microservice provides a central location from which users can view relative information about themselves, create permanent delegations for business requests tasks for which they are an approver that route those tasks to others for approval, as well as allows them to personalize the number and frequency of email notifications they receive about those business tasks.

  • Azure Analytics

    • The Azure Analytic Microservice provides organizations with intelligent, real-time visual feedback on the drivers of their Azure expenses and the number of licenses being consumed by their organization at any given data point.

  • MyTasks

    • The My Tasks microservice provides a central location from which users can view the status of their access requests, make and respond to comments about those requests, and in situations where they are designated approvers, approve or reject access requests submitted by other users.

  • Role Mining (Deployed as Azure Functions)

    • EmpowerID Role Mining provides intelligence and insights with real-time authorization, in-depth visibility, and the automating of role-mining and optimization while maintaining speed, reducing redundancy, and staying compliant.

  • SCIM Virtual Directory Server

    • XXX

  • LDAP Virtual Directory Server

    • XXX

  • RADIUS Server

    • XXX

    SCIM Virtual Directory Server

    • XXX

EmpowerID Per Tenant or Environment Components

...

To run EmpowerID images, the following requirements must be met:

Container orchestrator / cluster with Windows node support

Container Orchestrator

Any existing modern OCI-compliant orchestrator with support for Windows nodes and workloads


Windows Node Requirements

  • Windows Server 1809 (LTSC)

  • 8 Cores

  • 64gb mem

  • 250gb drive

Linux Node Requirements (May vary depending on optional components chosen)

  • Kubernetes standards

Ancillary Requirements

  • Log aggregation capabilities within cluster (for diagnostics and support)

  • Cluster monitoring

  • Git Repo (for customization management)

SQL Requirements (typically not containerized)


Processor


8 processor cores required, more recommended based on usage scenario.


Memory



64 GB required, more recommended based on usage scenario.

Disk

  • Fast SSD-Based Disks

  • Separate Drive for OS

  • Separate Drive for Application

Note

Each SQL server should follow Microsoft’s best practice design, utilizing different disk spindles for OS, Logs, Data, and backups. At a minimum, EmpowerID needs the log drive and data drive to have the below available space. Depending on the number of objects in your environment, disk space needs may be significantly higher.

  • Log Drive: 200 GB. This is to accommodate large transaction log growth in the event of extended processes.

  • Data Drive: 200 GB. We anticipate the database will be 5-10 GB on initial creation. The growth rate will depend on actual use and transaction level.

Provided by EmpowerID

The following are components provided by EmpowerID for deployment needs:

...