Product Q&As

ForgeRock Identity Platform

Does not apply to Identity Cloud

Do ForgeRock products run on Google Cloud?

Last updated Jan 23, 2023

Google Cloud (sometimes referred to as Google Cloud Platform or GCP) is a set of cloud computing services provided by Google. ForgeRock products work well with many Google Cloud services.

1 reader recommends this article

Overview

Google Cloud provides over 100 different cloud computing services covering a wide range of products and solutions. This article considers five of the main services that ForgeRock gets asked about:

Google Kubernetes Engine (GKE)
Cloud Load Balancing
Cloud HSM
Google Key Management Service (KMS)
Google Secret Manager (GSM)

Google Kubernetes Engine (GKE)

GKE is a managed Kubernetes service that provides a simple way of deploying and managing a Kubernetes cluster using the Google Cloud Platform. See GKE Overview for further information.

ForgeOps (ForgeRock DevOps) enables you to deploy the ForgeRock Identity Platform in a Kubernetes containerized environment, including GKE.

See the following resources for further information:

Cloud Load Balancing

Google Cloud Load Balancing is a managed service that distributes traffic across multiple instances of your applications to improve performance. Google offers eight different Cloud Load Balancing products: Cloud Load Balancing overview.

See the following resources for further information:

Load balancing (AM)
On load balancers (DS)
Proxy Protocol (DS)
IDM in a cluster
Prepare for load balancing and failover (IG)
Configure load balancers and reverse proxies (Web Agents)
Configure load balancers and reverse proxies (Java Agents)

Cloud HSM

Cloud HSM is a cloud-hosted, standards-compliant hardware security module (HSM) that enables you to manage your encryption keys in Google Cloud. Cloud HSM uses the Google Key Management Service (KMS) for its front end to provide additional functionality. See Cloud HSM for further information.

ForgeRock products support the PKCS#11 standard interface and you can choose which HSM you want to use to implement this interface, providing the chosen HSM conforms to the PKCS#11 standard v2.20 or later. The PKCS#11 library provided in the Google Cloud HSM is compliant with v2.40 of the PKCS#11 standard, which means you can use this HSM with the PKCS#11 interface and ForgeRock products.

See the following resources for further information:

There are a couple of known issues with early versions of Java 11 and PKCS#11, so you should ensure you are using Java 11.0.6 or later if you're implementing a HSM. See SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products for further information.

Google Key Management Service (KMS)

Cloud KMS is a cloud service that enables you to manage your symmetric and asymmetric cryptographic keys in Google Cloud. This encompasses the full lifecycle, including creating, rotating and destroying the keys. You can do this directly using Cloud KMS or via other Google services. See Cloud Key Management Service for further information.

AM can retrieve secrets from the Cloud KMS.

See the following resources for further information:

Google Secret Manager (GSM)

GSM is a cloud service for storing and managing secrets. Secrets stored within GSM are encrypted; by default they are encrypted with a Google-managed key, but you can use Cloud KMS to encrypt the secrets instead (Customer-managed encryption keys (CMEK)), giving you control over the encryption keys. See Secret Manager conceptual overview for further information.

AM can retrieve secrets from GSM.

See the following resources for further information:

See Also

ForgeRock Identity Cloud: Powered by Google Cloud

Cloud storage (DS)

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.