Overview of EmpowerID On-Premise Infrastructure

Owned by Phillip Hanegan
Last updated: Aug 04, 2020
3 min read

The EmpowerID enterprise system is built on a tiered architecture including Web, Application, and Database tiers. EmpowerID is designed to be an N+1 processing system with each process and job configurable to run on a single host or to automatically balance across multiple hosts for a fully redundant processing capability. Each server communicates an "I'm alive" heartbeat with the database to verify its availability to process requests. All jobs operate in a process claim mode which allows any server to process any job or perform any role that it is configured to perform in concert with the other servers and services.Jobs and processes leverage queues so processes aren't interrupted when servers go offline and changes can be batched up and retried. The EmpowerID web servers are all stateless front-ends supporting any external load balancing appliances or methodologies for distributing the Web traffic to the front-end servers. EmpowerID also has its own reverse proxy server that can function as a load balancer to provide native web load balancing. The database also supports SQL mirroring, clustering,and log shipping for database availability. Communication Zones can also be setup to automatically target local resources during processing. EmpowerID supports virtualization for all servers.

The below image depicts a typical representation of the EmpowerID on-premise Application and Process Architecture. All systems and components listed are internal components of the EmpowerID on-premise platform. The components listed as required are specific workflows and functions relevant to organizational requirements. The optional components includes functionality within provided module licensing.





Major Components of the EmpowerID System

  • EmpowerID Enterprise Identity Warehouse — The Identity Warehouse provides the central identity store for SSO identities and federation to the various on premise and cloud-based applications with which EmpowerID integrates. The Identity Warehouse should be installed onto a high availability SQL cluster to serve as the enterprise identity hub for the EmpowerID system. Mirroring can also be established to facilitate Microsoft SQL's Always-on availability group capability.

  • EmpowerID Worker Role Servers — Worker Role servers make up the application tier of the system and are used for back-end processing of system integration processes such as inventory, synchronization, security management, and internal web service processes. The number and specifications of these back-end servers depends on the number and types of applications and integration processes being managed. These servers do not service User Interface requests.

  • EmpowerID Web Role Servers — Web Role servers serve as the front-end user interface servers for the Web applications used by users. These servers serve up the Web pages and perform any interactive workflow processing initiated by users. These serves can be installed in an isolated DMZ environment or on the internal LAN. By default, access to all Web resources is strictly through HTTPS. If desired, firewall and load balancing can be configured to allow the HTTPS requests to terminate on a front-end appliance and then pass through as HTTP to the Web servers.