Getting started for architects and deployers
-
Learn about AM. You can access online information, meet with your Ping Identity Sales representative, go to a seminar, or call Ping Identity about AM’s capabilities.
The following are some general initial tasks you might want to resolve:
Initial questions Initial tasks Done ? Understand the access management problems that AM helps to solve
Y
N
Learn how to protect a website with AM
Y
N
Get to know the AM software deliverables
Y
N
Get to know the tools for administering AM
Y
N
Get to know the APIs for AM client applications
Y
N
Find out how to get help and support from Ping Identity and partners
Y
N
Find out how to get training from Ping Identity and partners
Y
N
Find out how to keep up to date on new development and new releases
Y
N
Find out how to report problems
Y
N
-
Set up a demo or pilot. View an AM demo or set up a pilot to determine how you want to use AM to protect your site(s). Ping Identity Sales representatives can assist you with a demo or pilot.
-
Attend a training class. Ping Identity presents effective training classes to deploy AM in your environment. Learn more at Ping Identity Training.
-
Become a certified professional. Complete the product-specific Certified Professional exams to gain in-depth design and deployment expertise or find a partner to help you from the Ping Identity Partner Directory.
-
Determine your service level agreements. Ping Identity provides different Customer Care packages you can sign up for.
-
Determine your services. Ping Identity provides a complete Identity Management stack to meet your requirements.
Services Services task Done ? Understand the services AM software provides
Y
N
Determine which services to deploy
Y
N
Determine which services the deployment consumes (load balancing, application container, authentication services, configuration storage, profile storage, token/session storage, policy storage, log storage)
Y
N
Determine which services the deployment provides (SSO, CDSSO, SAML Federation IdP/SP, XACML PDP, STS, OAuth 2.0/OpenID Connect 1.0, and so on)
Y
N
Determine which resources AM protects (who consumes AM services)
Y
N
-
Determine your deployment objectives. AM provides proven performance and security in many production deployments. You should determine your overall deployment objectives.
Deployment Objectives Deployment objectives Done ? Define deployment objectives in terms of service levels (expectations for authentication rates, active sessions maintained, session life cycles, policies managed, authorization decision rates, response times, throughput, and so on)
Y
N
Define deployment objectives in terms of service availability (AM service availability, authentication availability, authorization decision availability, session availability, elasticity)
Y
N
Understand how AM services scale for high availability
Y
N
Understand the restrictions in an AM deployment that uses client-side sessions
Y
N
Plan for availability (number of sites and servers, load balancing and AM software configuration)
Y
N
Define the domains managed and domains involved in the deployment
Y
N
Define deployment objectives for delegated administration
Y
N
Agree with partners for federated deployments on circles of trust and terms
Y
N
-
Plan sizing. At this stage, you should determine the sizing estimates for your deployment. Ping Identity Sales Engineers can assist you in this task.
Sizing Sizing Done ? Derive sizing estimates from service levels and availability
Y
N
Understand how to test sizing estimates (load generation tools?)
Y
N
Size servers for AM deployment: CPU
Y
N
Size servers for AM deployment: Memory
Y
N
Size servers for AM deployment: Network
Y
N
Size servers for AM deployment: I/O
Y
N
Size servers for AM deployment: Storage
Y
N
Quantify the impact on external services consumed (LDAP, other auth services, load balancing, and so on)
Y
N
Plan testing and acceptance criteria for sizing
Y
N
-
Plan the topology. Plan your logical and physical deployment.
Topology Planning Topology Done ? Specify the logical and physical deployment topology (show examples of each)
Y
N
Determine how many datastores you need (configuration, CTS, application, policy, UMA…)
Y
N
Plan installation of AM services (including external dependencies)
Y
N
Plan installation of AM web and Java agents, Fedlets, and PingGateway (might be done by partner service providers)
Y
N
Plan integration with client applications
Y
N
Plan customization of AM (UI, user profile attributes, authentication nodes, identity repositories, OAuth 2.0 scope handling, OAuth 2.0 response types, post-authentication actions, policy evaluation, session quota exhaustion actions, policy evaluation, identity data storage, AM service, custom logger, custom policy enforcement points or agents).
Y
N
-
Plan security. At this stage, you must plan how to secure your deployment.
Security Security Done ? Understand security guidelines, including legal requirements
Y
N
Change default settings and administrative user credentials
Y
N
Protect service ports (Firewall, Dist Auth UI, reverse proxy)
Y
N
Turn off unused service endpoints
Y
N
Separate administrative access from client access
Y
N
Secure communications (HTTPS, LDAPS, secure cookies, cookie hijacking protection, key management for signing and encryption)
Y
N
Determine if components handle SSL acceleration or termination
Y
N
Securing processes and files (e.g. with SELinux, dedicated non-privileged user and port forwarding, and so forth)
Y
N
-
Post-deployment tasks. At this stage, you should plan your post-deployment tasks to sustain and monitor your system.
Post-deployment Tasks Post deployment tasks Done ? Plan administration following AM deployment (services, agents/PingGateway, delegated administration)
Y
N
Plan monitoring following deployment
Y
N
Plan how to expand the deployment
Y
N
Plan how to upgrade the deployment
Y
N