Getting Started for Architects and Deployers

  • Learn about AM. You can access online information, meet with your ForgeRock Sales representative, go to a seminar, or call ForgeRock about AM's capabilities.

    The following are some general questions that you may want to have answered:

    Initial Questions
    Initial TasksDone ?
    Understand the access management problems that AM helps to solve YN
    Learn how to protect a Web site with AMYN
    Get to know the AM software deliverablesYN
    Get to know the tools for administering AMYN
    Get to know the APIs for AM client applicationsYN
    Find out how to get help and support from ForgeRock and partnersYN
    Find out how to get training from ForgeRock and partnersYN
    Find out how to keep up to date on new development and new releasesYN
    Find out how to report problemsYN

  • Set up a Demo or Pilot. View an AM demo or set up a pilot to determine how you want to use AM to protect your site(s). ForgeRock Sales representatives can assist you with a demo or pilot.

  • Attend a Training Class. ForgeRock presents effective training classes to deploy AM in your environment. See ForgeRock University for more information.

  • Complete the Accreditation Program. Complete the product-specific ForgeRock Accreditation Program to gain in-depth design and deployment expertise or seek partners who are ForgeRock Accredited Partners.

  • Determine Your Service Level Agreements. ForgeRock provides a set of standard service level agreements that you can sign up for. ForgeRock also provides custom service level agreements if the standard set does not meet your needs.

    Standard SLAs
    Urgent (P1)2 Hour4 HourNext Business Day
    High (P2)4 Hour8 Hour2 Business Days
    Normal (P3)6 HourNext Business Day3 Business Days
    Low (P4)Next Business Day2 Business Days4 Business Days

  • Determine Your Services. ForgeRock provides a full, proven-production Identity Management stack to meet your requirements.

    Services TaskDone ?
    Understand the services AM software providesYN
    Determine which services to deployYN
    Determine which services the deployment consumes (load balancing, application container, authentication services, configuration storage, profile storage, token/session storage, policy storage, log storage) YN
    Determine which services the deployment provides (SSO, CDSSO, SAML Federation IDP/SP, XACML PDP, REST STS, OAuth 2.0/OpenID Connect 1.0, and so forth) YN
    Determine which resources AM protects (who consumes AM services)YN

  • Determine Your Deployment Objectives. AM provides proven performance and security in many production deployments. You should determine your overall deployment objectives.

    Deployment Objectives
    Deployment ObjectivesDone ?
    Define deployment objectives in terms of service levels (expectations for authentication rates, active sessions maintained, session life cycles, policies managed, authorization decision rates, response times, throughput, and so forth) YN
    Define deployment objectives in terms of service availability (AM service availability, authentication availability, authorization decision availability, session availability, elasticity) YN
    Understand how AM services scale for high availabilityYN
    Understand the restrictions in an AM deployment that uses client-based sessions YN
    Plan for availability (number of sites and servers, load balancing and AM software configuration) YN
    Define the domains managed and domains involved in the deploymentYN
    Define deployment objectives for delegated administration YN
    Agree with partners for federated deployments on circles of trust and termsYN

  • Plan Sizing. At this stage, you should determine the sizing estimates for your deployment. ForgeRock Sales Engineers can assist you in this task.

    SizingDone ?
    Derive sizing estimates from service levels and availabilityYN
    Understand how to test sizing estimates (load generation tools?)YN
    Size servers for AM deployment: CPUYN
    Size servers for AM deployment: MemoryYN
    Size servers for AM deployment: NetworkYN
    Size servers for AM deployment: I/OYN
    Size servers for AM deployment: StorageYN
    Quantify impact on external services consumed (LDAP, other auth services, load balancing, and so forth)YN
    Plan testing and acceptance criteria for sizingYN

  • Plan the Topology. Plan your logical and physical deployment.

    Topology Planning
    TopologyDone ?
    Specify the logical and physical deployment topology (show examples of each)YN
    Determine how many external stores you need (configuration, CTS, application, policy, UMA...)YN
    Plan installation of AM services (including external dependencies)YN
    Plan installation of AM web and Java agents, Fedlets, and IG (might be done by partner service providers)YN
    Plan integration with client applicationsYN
    Plan customization of AM (UI, user profile attributes, authentication modules, identity repositories, OAuth 2.0 scope handling, OAuth 2.0 response types, post-authentication actions, policy evaluation, session quota exhaustion actions, policy evaluation, identity data storage, AM service, custom logger, custom policy enforcement points or agents). YN

  • Plan Security. At this stage, you must plan how to secure your deployment.

    SecurityDone ?
    Understand security guidelines, including legal requirementsYN
    Change default settings and administrative user credentialsYN
    Protect service ports (Firewall, Dist Auth UI, reverse proxy)YN
    Turn off unused service endpointsYN
    Separate administrative access from client accessYN
    Secure communications (HTTPS, LDAPS, secure cookies, cookie hijacking protection, key management for signing and encryption) YN
    Determine if components handle SSL acceleration or termination YN
    Securing processes and files (e.g. with SELinux, dedicated non-privileged user and port forwarding, and so forth) YN

  • Post-Deployment Tasks. At this stage, you should plan your post-deployment tasks to sustain and monitor your system.

    Post-Deployment Tasks
    Post Deployment TasksDone ?
    Plan administration following AM deployment (services, agents/IG, delegated administration)YN
    Plan monitoring following deploymentYN
    Plan how to expand the deploymentYN
    Plan how to upgrade the deploymentYN

Read a different version of :