Skip to end of banner
Go to start of banner

Containers and Microservices

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

EmpowerID supports multiple deployment models that IT teams can choose between based on their IT standards and skillset. EmpowerID still supports the traditional deployment model where the EmpowerID software is installed on Virtual Machines. However, EmpowerID has fully embraced Cloud and DevOps paradigms. All EmpowerID components are now containerized and can run on modern container orchestration platforms. 

Containerization allows EmpowerID to be deployed in three primary ways:

  1. The EmpowerID SaaS option alleviates all infrastructure concerns, allowing you to focus on solving business needs with EmpowerID on day one. EmpowerID SaaS runs on a fully redundant Microsoft Azure infrastructure in the region of your choice, with all aspects of management and monitoring handled by our infrastructure team. EmpowerID SaaS deployments are appropriately sized to balance your organization’s demanding SLAs with costs and scaled as and when needed. Additional service options are available for SaaS customers to offload all EmpowerID management tasks, including configuration management, converting their SaaS EmpowerID into a fully managed service. Customers can phase out all managed service offerings as they develop their own internally trained support staff.

  2. Organizations can self-host EmpowerID in their own private Microsoft Azure tenant. Our team can provide any level of support, ranging from consulting to assist your engineers in designing your infrastructure to offering a full-managed service to run and manage your EmpowerID installation. Support for other public cloud platforms such as Amazon Web Services (AWS) is in beta now.

  3. An on-premise installation of EmpowerID allows an organization to manage Cloud and on-premise systems but run EmpowerID from their own data centers. If these organizations run Kubernetes clusters today to host other services, running EmpowerID containers on-premises is easily accomplished. While the traditional installation model is an option for organizations without the know-how to run Kubernetes clusters, EmpowerID is currently testing a lightweight Kubernetes Virtual Appliance technology to offer the benefits of a containerized deployment without all the complexity involved with rolling out a new Kubernetes infrastructure.

EmpowerID Worker Containers

Worker containers make up the application tier of the system. They are used for back-end system integration processes such as inventory, synchronization, security management, and internal web service processes. The number and specifications of these depend on the number and types of applications and integration processes being managed. These containers do not service User Interface requests. The EmpowerID Worker container role also performs the same functions as the on-premise Worker Role Service.

  • It has no inbound connections, so it does not listen on a port or require SSL port bindings.

  • It requires IIS and is used to process EmpowerID Web Service Garden (used for all its Worker Process functions).

  • Responsible for running scheduled jobs and long-running tasks such as

    • RBAC Security Compilation

    • Inventory processing

    • Resource entitlement processing

    • Rights enforcement

EmpowerID UI Containers

UI containers serve as the front-end user interface servers for the Web applications used by users. These containers serve up the Web pages and perform any interactive workflow processing initiated by users. By default, access to all Web resources is strictly through HTTPS, and the UI is stateless. The EmpowerID UI container role also performs the same functions as the on-premise Web Role Service.

  • It has no inbound connections, so it does not listen on a port or require SSL port bindings.

  • Included on all EmpowerID UI container roles and on-premise web servers.

  • Manages workflow-related services

    • Event publication and subscriptions

    • Heartbeat

    • Alerts processing

EmpowerID SCIM Virtual Directory Service

The EmpowerID SCIM Virtual Directory service provides a single SCIM-compliant API for the EmpowerID Identity Warehouse and all connected systems.

EmpowerID RADIUS Server

The EmpowerID RADIUS server provides RADIUS authentication for routers, switches, and other RADIUS-compliant devices.

EmpowerID LDAP Virtual Directory Server

The EmpowerID LDAP Virtual Directory server provides LDAP virtual directory authentication and data services for exposing EmpowerID Identity Warehouse data and connected directories objects as a single unified LDAP directory with a flexible schema.

EmpowerID API Gateway / Reverse Proxy

The EmpowerID API Gateway / Reverse Proxy provides single sign-on and authorization for users accessing an organization's web applications. The reverse proxy service stands in front of the web applications and services end-user requests.

  • API Gateway

  • Reverse Web Proxy

  • Docker Container

  • Can run many instances as sidecars in your Microservice environment (Docker Swarm/Kubernetes)

  • Free when used to protect EmpowerID (on-premise customers)

Related Docs Topics:

Containers and Microservices

  • No labels