Skip to end of banner
Go to start of banner

Containers and Microservices

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

EmpowerID offers multiple deployment models, allowing IT teams to select the best fit based on their IT standards and expertise. While the traditional deployment model of installing EmpowerID software on Virtual Machines remains available, EmpowerID has fully adopted Cloud and DevOps principles. All components are now containerized, enabling them to run on modern container orchestration platforms.

EmpowerID can be deployed in three primary ways:

  1. EmpowerID SaaS: This option eliminates infrastructure concerns, enabling you to concentrate on addressing business needs with EmpowerID from day one. It runs on a fully redundant Microsoft Azure infrastructure in your chosen region, with management and monitoring handled by our team. EmpowerID SaaS deployments are optimally sized to balance your organization's stringent SLAs with costs and can be scaled as needed. Additional service options allow SaaS customers to offload all management tasks, converting their SaaS EmpowerID into a fully managed service. Customers can gradually phase out these offerings as they develop their own internal support staff.

  2. Self-hosted on Microsoft Azure: Organizations can host EmpowerID on their private Microsoft Azure tenant. Our team can provide various support levels, from consulting to assisting your engineers with infrastructure design to offering a fully managed service to run and maintain your EmpowerID installation. Support for other public cloud platforms, such as Amazon Web Services (AWS), is currently in beta.

  3. On-premise installation: EmpowerID enables organizations to manage Cloud and on-premise systems while running EmpowerID from their data centers. If they already host Kubernetes clusters for other services, deploying EmpowerID containers on-premises is straightforward. Although the traditional installation model is available for organizations lacking Kubernetes expertise, EmpowerID is currently testing a lightweight Kubernetes Virtual Appliance technology to provide the advantages of containerized deployment without the complexities of implementing a new Kubernetes infrastructure.

EmpowerID Worker Containers

Worker containers constitute the application tier of the system, handling back-end system integration tasks such as inventory, synchronization, security management, and internal web service processes. The quantity and specifications of these containers depend on the number and types of applications and integration processes being managed. Notably, these containers do not handle User Interface requests. The EmpowerID Worker container role also performs the same functions as the on-premise Worker Role Service.

  • The Worker container has no inbound connections, meaning it doesn't listen on a port or require SSL port bindings.

  • It necessitates the use of IIS and is responsible for processing the EmpowerID Web Service Garden (utilized for all Worker Process functions).

  • The Worker container is accountable for executing scheduled jobs and extensive tasks such as:

    • RBAC Security Compilation

    • Inventory processing

    • Resource entitlement processing

    • Rights enforcement


EmpowerID UI Containers

UI containers act as the front-end user interface servers for the web applications utilized by users. These containers deliver web pages and handle any interactive workflow processing initiated by users. By default, access to all web resources is strictly via HTTPS, and the UI is stateless. The EmpowerID UI container role also performs the same functions as the on-premise Web Role Service.

  • The UI container has no inbound connections, meaning it doesn't listen on a port or require SSL port bindings.

  • It is included on all EmpowerID UI container roles and on-premise web servers.

  • The UI container manages workflow-related services such as:

    • Event publication and subscriptions

    • Heartbeat

    • Alerts processing

EmpowerID SCIM Virtual Directory Service

The EmpowerID SCIM Virtual Directory service offers a unified SCIM-compliant API for the EmpowerID Identity Warehouse and all associated systems.

EmpowerID RADIUS Server

The EmpowerID RADIUS server provides RADIUS authentication for routers, switches, and other RADIUS-compliant devices.

EmpowerID LDAP Virtual Directory Server

The EmpowerID LDAP Virtual Directory server delivers LDAP virtual directory authentication and data services, enabling the exposure of EmpowerID Identity Warehouse data and connected directory objects as a single, unified LDAP directory with a versatile schema.


EmpowerID API Gateway / Reverse Proxy

The EmpowerID API Gateway / Reverse Proxy facilitates single sign-on and authorization for users accessing an organization's web applications. The reverse proxy service operates in front of web applications and handles end-user requests.

Features of the EmpowerID API Gateway / Reverse Proxy include:

  • API Gateway

  • Reverse Web Proxy

  • Docker Container

  • Capability to run multiple instances as sidecars in your microservice environment (Docker Swarm/Kubernetes)

  • Free for protecting EmpowerID (applicable to on-premise customers)

  • No labels