Does the ForgeRock solution provide high availability and scalability?
This article provides answers to frequently asked questions when evaluating the ForgeRock solution for high availability and scalability. For ForgeRock Identity Cloud, the answers address the platform itself and not the hosting of it.
Questions
-
D oes ForgeRock offer performance benchmarking across transactions per authentication, loading of identity data, and syncing of identity data? - Can the solution scale the identity registration, authentication and authorization service by many orders of magnitude to respond to predicted peaks?
- Does the solution support session availability, stateful availability, and stateless protocols?
- Does ForgeRock support redundant services, load balancers, and HA deployments with n-way multi-master replication? Does the solution extend horizontally in multi-tenant environments?
Does ForgeRock offer performance benchmarking across transactions per authentication, loading of identity data, and syncing of identity data?
Yes. The ForgeRock solution can support millions of users performing thousands of transactions at the same time on the service.
ForgeRock has performance benchmarks that we will be happy to share with you if selected during the RFP process. Our team can also work closely with you on understanding your specific needs around performance (some customers have large data syncs, some have large seasonal user create/deletes, others have a large number of external IdPs, or a complex registration process and not just peak authentications during busy seasons).
Can the solution scale the identity registration, authentication and authorization service by many orders of magnitude to respond to predicted peaks?
Yes. Globally ForgeRock is managing over four billion identities, with many customers across all industries using ForgeRock to manage identities in the tens of millions.
From day one, the ForgeRock platform was designed for the high scale required by CIAM and IoT solutions, and the deep understanding that identity was not confined to users but extends to devices, services and things. Where other platforms might be challenged by hundreds of thousands of identities, the ForgeRock platform can effortlessly scale to many millions of identities. Our average customer is leveraging our solution for one million user identity requirements, with several customers approaching or exceeding 100 million.
The ForgeRock platform was designed from the ground up to provide scalability and availability for high volume in Financial Services and Telecommunications companies. By adhering to open standards, modular architecture, and best practice design principles, ForgeRock products have proven to be extremely robust, lightweight and highly scalable, and simple to deploy in highly-available environments spanning multiple data centers, hosting platforms and geographies.
Does the solution support session availability, stateful availability, and stateless protocols?
Yes. ForgeRock supports both Core Token Store (CTS)-based (stateful) and client-based (stateless) sessions. The session type is configured per-realm, meaning that a ForgeRock deployment can offer both session types simultaneously. With client-based sessions, the load balancing infrastructure is much simpler, since any ForgeRock Access Management (AM) server can use and validate any session JWT token from any client. All servers need to be configured with the same encryption keys in this case. Where stateful CTS-based sessions are required, the CTS will be utilized. Underpinned by ForgeRock Directory Services (DS), the CTS has been engineered for performance, availability and scale.
See Introducing Sessions for further information on authentication session models.
Does Identity Cloud support redundant services, load balancers, and HA deployments with n-way multi-master replication? Does the solution extend horizontally in multi-tenant environments?
Yes. Identity Cloud supports redundant services, load balancers, and a highly-available architecture. It is deployed globally within 17 regions and each region provides redundancy within regions. Regional clusters provide protection by distributing Kubernetes resources across multiple zones within a region. Identity Cloud uses regional clusters to increase the redundancy and availability of both a cluster control master and its nodes. Replicating both the master and its nodes across zones within a region optimizes service high availability.
Identity Cloud's unique tenant isolation architecture within a multi-tenant cloud environment enables it to scale both horizontally and vertically for a single customer based on their unique needs without impacting anyone else. This architecture also prevents any noisy customer situations where one customer's sudden spike in traffic does not impact your service performance.
See High availability & disaster recovery and Data residency for further information.
See Also
Can the ForgeRock Identity Platform be deployed to provide high availability (HA) and failover?