Access Management 7.3.1

Getting started for architects and deployers

  • Learn about AM. You can access online information, meet with your ForgeRock Sales representative, go to a seminar, or call ForgeRock about AM’s capabilities.

    The following are some general questions that you may want to have answered:

    Initial questions
    Initial tasks Done ?

    Understand the access management problems that AM helps to solve

    Y

    N

    Learn how to protect a website with AM

    Y

    N

    Get to know the AM software deliverables

    Y

    N

    Get to know the tools for administering AM

    Y

    N

    Get to know the APIs for AM client applications

    Y

    N

    Find out how to get help and support from ForgeRock and partners

    Y

    N

    Find out how to get training from ForgeRock and partners

    Y

    N

    Find out how to keep up to date on new development and new releases

    Y

    N

    Find out how to report problems

    Y

    N

  • Set up a demo or pilot. View an AM demo or set up a pilot to determine how you want to use AM to protect your site(s). ForgeRock Sales representatives can assist you with a demo or pilot.

  • Attend a training class. ForgeRock presents effective training classes to deploy AM in your environment. See ForgeRock University for more information.

  • Complete the accreditation program. Complete the product-specific ForgeRock Accreditation Program to gain in-depth design and deployment expertise or seek partners who are ForgeRock Accredited Partners.

  • Determine your service level agreements. ForgeRock provides a set of standard service level agreements that you can sign up for. ForgeRock also provides custom service level agreements if the standard set does not meet your needs.

    Standard SLAs
    Priority Gold Silver Bronze

    Urgent (P1)

    2 Hour

    4 Hour

    Next Business Day

    High (P2)

    4 Hour

    8 Hour

    2 Business Days

    Normal (P3)

    6 Hour

    Next Business Day

    3 Business Days

    Low (P4)

    Next Business Day

    2 Business Days

    4 Business Days

  • Determine your services. ForgeRock provides a full, proven-production Identity Management stack to meet your requirements.

    Services
    Services task Done ?

    Understand the services AM software provides

    Y

    N

    Determine which services to deploy

    Y

    N

    Determine which services the deployment consumes (load balancing, application container, authentication services, configuration storage, profile storage, token/session storage, policy storage, log storage)

    Y

    N

    Determine which services the deployment provides (SSO, CDSSO, SAML Federation IDP/SP, XACML PDP, REST STS, OAuth 2.0/OpenID Connect 1.0, and so forth)

    Y

    N

    Determine which resources AM protects (who consumes AM services)

    Y

    N

  • Determine your deployment objectives. AM provides proven performance and security in many production deployments. You should determine your overall deployment objectives.

    Deployment Objectives
    Deployment objectives Done ?

    Define deployment objectives in terms of service levels (expectations for authentication rates, active sessions maintained, session life cycles, policies managed, authorization decision rates, response times, throughput, and so forth)

    Y

    N

    Define deployment objectives in terms of service availability (AM service availability, authentication availability, authorization decision availability, session availability, elasticity)

    Y

    N

    Understand how AM services scale for high availability

    Y

    N

    Understand the restrictions in an AM deployment that uses client-side sessions

    Y

    N

    Plan for availability (number of sites and servers, load balancing and AM software configuration)

    Y

    N

    Define the domains managed and domains involved in the deployment

    Y

    N

    Define deployment objectives for delegated administration

    Y

    N

    Agree with partners for federated deployments on circles of trust and terms

    Y

    N

  • Plan sizing. At this stage, you should determine the sizing estimates for your deployment. ForgeRock Sales Engineers can assist you in this task.

    Sizing
    Sizing Done ?

    Derive sizing estimates from service levels and availability

    Y

    N

    Understand how to test sizing estimates (load generation tools?)

    Y

    N

    Size servers for AM deployment: CPU

    Y

    N

    Size servers for AM deployment: Memory

    Y

    N

    Size servers for AM deployment: Network

    Y

    N

    Size servers for AM deployment: I/O

    Y

    N

    Size servers for AM deployment: Storage

    Y

    N

    Quantify impact on external services consumed (LDAP, other auth services, load balancing, and so forth)

    Y

    N

    Plan testing and acceptance criteria for sizing

    Y

    N

  • Plan the topology. Plan your logical and physical deployment.

    Topology Planning
    Topology Done ?

    Specify the logical and physical deployment topology (show examples of each)

    Y

    N

    Determine how many external stores you need (configuration, CTS, application, policy, UMA…​)

    Y

    N

    Plan installation of AM services (including external dependencies)

    Y

    N

    Plan installation of AM web and Java agents, Fedlets, and IG (might be done by partner service providers)

    Y

    N

    Plan integration with client applications

    Y

    N

    Plan customization of AM (UI, user profile attributes, authentication modules, identity repositories, OAuth 2.0 scope handling, OAuth 2.0 response types, post-authentication actions, policy evaluation, session quota exhaustion actions, policy evaluation, identity data storage, AM service, custom logger, custom policy enforcement points or agents).

    Y

    N

  • Plan security. At this stage, you must plan how to secure your deployment.

    Security
    Security Done ?

    Understand security guidelines, including legal requirements

    Y

    N

    Change default settings and administrative user credentials

    Y

    N

    Protect service ports (Firewall, Dist Auth UI, reverse proxy)

    Y

    N

    Turn off unused service endpoints

    Y

    N

    Separate administrative access from client access

    Y

    N

    Secure communications (HTTPS, LDAPS, secure cookies, cookie hijacking protection, key management for signing and encryption)

    Y

    N

    Determine if components handle SSL acceleration or termination

    Y

    N

    Securing processes and files (e.g. with SELinux, dedicated non-privileged user and port forwarding, and so forth)

    Y

    N

  • Post-deployment tasks. At this stage, you should plan your post-deployment tasks to sustain and monitor your system.

    Post-deployment Tasks
    Post deployment tasks Done ?

    Plan administration following AM deployment (services, agents/IG, delegated administration)

    Y

    N

    Plan monitoring following deployment

    Y

    N

    Plan how to expand the deployment

    Y

    N

    Plan how to upgrade the deployment

    Y

    N

Copyright © 2010-2024 ForgeRock, all rights reserved.