Consider the following when preparing the high-level project plan.
Needs assessment is prerequisite to developing a comprehensive deployment plan. An accurate needs assessment is critical to ensuring that your directory services implementation meets your business needs and objectives.
As part of the needs assessment, make sure you answer the following questions:
- What are your business objectives?
Clarify and quantify your business goals for directory services.
- Why do you want to deploy directory services?
Consider at least the following list when answering this question:
Is this a greenfield deployment?
Do you need to transition an existing deployment to the cloud?
Do you need to scale existing deployment for more users, devices, or things?
- If you have an existing deployment, how do you upgrade?
Consider at least the following list when answering this question:
Do you require a graceful upgrade?
What obsolete components need a graceful transition?
What should their replacements be?
What are the costs related to the change?
How can you save cost by making the transition?
Define objectives based on your needs assessment. State your objective so that all stakeholders agree on the same goals and business objectives.
Deployment planning is critical to ensuring that your directory services are properly implemented within the time frame determined by your requirements. The more thoroughly you plan your deployment, the more solid your configuration will be, and you will meet timelines and milestones while staying within budget.
A deployment plan defines the goals, scope, roles, and responsibilities of key stakeholders, architecture, implementation, and testing of your DS deployment. A good plan ensures that a smooth transition to a new product or service is configured and all possible contingencies are addressed to quickly troubleshoot and solve any issue that may occur during the deployment process. The deployment plan also defines a training schedule for your employees, procedural maintenance plans, and a service plan to support your directory services.
What key applications does your system serve? Understand how key client applications will use your directory service and what they require. Based on this understanding, you can match service level objectives (SLOs) to operational requirements. This ensures that you focus on what is critical to your primary customers.
What directory data does your system serve? Directory data can follow standard schema and be shared by many applications. Alternatively, it can be dedicated to a single application such as AM CTS or IDM repository. Key applications can impose how they access directory data, or the directory data definition can be your decision.
In addition, know where you will obtain production data, and in what format you will obtain it. You might need to maintain synchronization between your directory service and existing data services.
What are your SLOs? In light of what you know about key and other applications, determine your SLOs. An SLO is a target for a directory service level that you can measure quantitatively.
What objectives will you set for your service? How will you measure the following?
What are your availability requirements? DS services are designed to run continuously, without interruption even during upgrade. Providing a highly available service of course comes with operational complexities and costs.
If your deployment must be highly available, take care in your planning phase to avoid single points of failure. You will need to budget for redundancy in all cases, and good operational policies, procedures, and training to avoid downtime as much as possible.
If your deployment does not require true high availability, however, you will benefit from taking this into account during the planning stages of your deployment as well. You may be able to find significant cost savings as a trade for lower availability.
What are your security requirements? DS services build in security in depth as described in the Security Guide.
Understand the specific requirements of your deployment in order to use only the security features you really need. If you have evaluated DS software by setting up servers with the evaluation setup profile, be aware that access control settings for Example.com data in the evaluation setup profile are very lenient.
Are all stakeholders engaged starting in the planning phase? This effort includes but is not limited to delivery resources, such as project managers, architects, designers, implementers, testers, and service resources, such as service managers, production transition managers, security, support, and sustaining personnel. Input from all stakeholders ensures all viewpoints are considered at project inception, rather than downstream, when it may be too late.
Follow these steps to a successful deployment.
The project initiation phase begins by defining the overall scope and requirements of the deployment. Plan the following items:
Determine the scope, roles and responsibilities of key stakeholders and resources required for the deployment.
Determine critical path planning including any dependencies and their assigned expectations.
Run a pilot to test the functionality and features of AM and uncover any possible issues early in the process.
Determine training for administrators of the environment and training for developers, if needed.
The design phase involves defining the deployment architecture. Plan the following items:
Determine the use of products, map requirements to features, and ensure the architecture meets the functional requirements.
Ensure that the architecture is designed for ease of management and scale. TCO is directly proportional to the complexity of the deployment.
Define the directory data model.
Determine how client applications will access directory data, and what data they have access to.
Determine which, if any, custom DS server plugins must be developed. Derive specifications and project plans for each plugin.
Determine the replication configuration.
Define backup and recovery procedures, including how to recover all the servers, should disaster occur.
Define monitoring and audit procedures, and how the directory service integrates with your tools.
Determine how to harden DS servers for a secure deployment.
Define the change management process for configurations and custom plugins.
Define the test criteria to validate that the service meets your objectives.
Define the operations required to maintain and support the running service.
Define how you will roll out the service into production.
Determine how many of each DS server type to deploy in order to meet SLOs In addition, define the systems where each of the servers will run.
The implementation phase involves deploying directory services. Plan the following items:
Provision the DS servers.
Maintain a record and history of the deployment for consistency across the project.
Monitor and maintain the running service.
Automation and Testing
The automation and continuous integration phase involves using tools for testing. Plan the following items:
Use a continuous integration server, such as Jenkins, to ensure that changes have the expected impact, and no change causes any regressions.
Ensure your custom plugins follow the same continuous integration process.
Test all functionality to deliver the solution without any failures. Ensure that all customizations and configurations are covered in the test plan.
Non-functionally test failover and disaster recovery procedures. Run load testing to determine the demand of the system and measure its responses. During this phase, anticipate peak load conditions.
The supportability phase involves creating the runbook for system administrators and operators. This includes procedures for backup and restore operations, debugging, change control, and other processes.
If you have a ForgeRock Support contract, it ensures everything is in place prior to your deployment.