Configuring the ForgeRock Identity Platform™ in a DevOps Environment- Shared screen with speaker view
00:00:02/01:06:31
Speed
Audio Transcript
Chat Messages
Search transcript
user avatar
Michelle Coppens :: Webinar Producer
00:00:02
Hello everyone and welcome to today's webinar titled manage configuring the for drunk identity platform in a DevOps environment.
00:00:12
My name is Michelle, I'm here to kick off the webinar. And we are so excited to have you here.
00:00:18
equally excited that earlier this month. Exit certified tech data was honored to receive the outstanding authorized training partner award from for jock for 2019. It's always a pleasure to partner with for jock.
00:00:34
Our speaker today is the TS lead instructor at Ford truck videos grew up in Germany, when he started his career as an IT instructor for Netscape and son before he moved to Norway.
00:00:46
There he met the founders of for jack and subsequently joined the company Mathias has has held several positions since then and now spends his time as for drugs principal instructor
00:00:59
Before we get started with the webinar. Let's cover the functionalities.
00:01:03
during the session. Everyone's microphones will be muted. So if you have any questions, please enter them in the Q AMP a box at the bottom of your screen.
00:01:14
post questions whenever they come up, we'll try to address them in that moment, but we're also going to have a dedicated question and answer session at the end of the presentation.
00:01:25
We're recording this session. And we're going to send a copy out to everyone. By early next week.
00:01:31
Also, I'm going to share a really amazing promo code at the end of the webinar, where you can save 50% on your for job training yes 50% stick around to look to learn a little bit more about that. Now let's get started with the webinar Mathias, you can take it away.
user avatar
Matthias Tristl
00:01:49
Yeah, very warm welcome from my side as well congratulations to exit certified as well for receiving this award. Well, very
00:01:59
Well oriented and I can say that from my side, I'm going to switch to my presentation now. Yeah. Thank you, Michelle.
00:02:07
My name is Mathias I am the instructor, the lead instructor from for truck.
00:02:13
I'd like to give you an introduction into how to configure for truck identity platform in a DevOps environment and of course the class, which we have developed over webinar.
00:02:23
What we call it the class, which we have developed for that. We just finished. Actually, it's the vision be of the class. We already run a class for almost
00:02:33
More than a year now in version eight but it has changed quite a bit, because for drug change their strategy on how to deploy into a Cuban 80s environment.
00:02:44
And therefore, we had to almost rewrite the entire class or I just showed you the legal page which is important, of course, here's my welcome page again.
00:02:52
And a little agenda. And so we're first going to look into the photo identity platform where a quick one. I assume most of you are very familiar with it anyway.
00:03:01
Then look into the photo cloud offering and the tools which are used there which will spend most of the time here.
00:03:09
And then I'd like to introduce you the classy or 4523 class, which basically covers the fortress cloud offering and the tools used in the various very similar way as I'm going to show it here just in much much more details, of course.
00:03:23
If there should be enough time after that. And then I also like to go into commercial mode of course and goofy a lot short introduction into what fortress university can also offer you, and you just heard about it. There is a promo code running right now.
00:03:39
Yeah, the fortress identity platform is comprised of access management identity management identity governance directory services identity gateway and edge security.
00:03:50
In our cloud offering. We are focusing on access management identity management and the directory services because those are the most critical components we have for deploying into the cloud.
00:04:03
The identity gateway, of course, is also very popular to be deployed in the cloud reschedule it is very straightforward.
00:04:10
The easiest property to do so if you are managing access management identity management that directory services in the cloud and
00:04:17
Using the identity gateway in the cloud is also pretty straight forward. The identity governance product is part of the Identity Manager. So if you manage to run the Identity Manager in the cloud and the identity governance is also there is just
00:04:33
Mentioned next to hear because it's the newest achievement. We have got an edge security. I guess that is an area which is not that interesting in the crowd in all for the cloud. So we're not going to handle that.
00:04:46
Now what does DevOps mean because in the documentation. We talked about it at food truck, we mostly just call it DevOps DevOps and what we mean. With that is Cooper natives. There are many
00:04:58
Cloud or even out of the cloud DevOps technologies around as a whole variety of tools and methodologies. But I said, in our case,
00:05:09
When we talk about DevOps or when you talk when you said, therefore, we mean communities. I believe one of the reason to call it DevOps sister that it is categorized in the right order or in the right places.
00:05:22
So I can definitely has a wide topic in for truck. It means communities came, it could have Cooper natives on Google Cloud on the Google Cloud platform on the Amazon Web Services in the Microsoft assure environment or mini cute.
00:05:38
There are other communities providers around as well. And we look into some of them and play with some of them, but this is the official list of supported coordinate is providers.
00:05:52
Well, good fortune DevOps also means, of course, is Docker well like Cuban 80s. We also decided that the only containerization software, we're using a Docker.
00:06:02
You also, of course, need to look into a load balancer into a DNS or public key infrastructure, when you want to go in production with your environment.
00:06:11
Having said that these are not the topics we're going to focus on here or in the class. We do a little bit of Docker because we're going to also create or
00:06:20
create our own Docker images which sooner or later you probably have to do but load balancers DNS and public infrastructure is not what we're going to talk to, to address there and I'll talk a little bit more about what we're not covering all what you have to be aware of.
00:06:39
A little bit later. So the food truck cloud offering
00:06:45
If you follow for trucks cloud offering for a while, then you are already familiar, probably with the cloud deployment model.
00:06:52
Which we have kind of extended with the cloud developer's kit. Now, and this is actually what you usually start with its wide is in the list on top of the list here.
00:07:01
We also provide our customers are interested people with some sample configuration.
00:07:06
We'll talk about tools and scripts. I will also show you where you can get all the good stuff because most of it is kind of open source in the sense that it is available through a good app repository, and you can just download and start playing with it.
00:07:23
You might want to start with documentation on the documentation is maybe not that easy to find, as it could be.
00:07:31
Well, depending on your background, maybe. So that's why I'm mentioning hit here. If you go to our famous backslash server and you can find the documentation. You can also find it product downloads there.
00:07:43
In the documentation part. There's documentation for am an IBM and all the other products and one area there is called for truck identity platform. And this is where you can also find the DevOps documentation.
00:07:55
So on the food truck identity platform, you will find DevOps, which is currently available in the version six five, which of course goes parallel with the version of the product. And there are a couple of slides. There is a start here guide a DevOps release notes.
00:08:11
Then results guides and then for cloud for the cloud developer's kit we have two guides the DevOps developer's kit using mini cube and the DevOps developers get using a shared cluster. Let me just have a
00:08:26
quick word about that will mini cube. If you're familiar with Cooper natives. You probably also know what mini cube is
00:08:32
We produced an extra guide for that. And if you want to run everything locally and have it just quick installed, that's perfectly fine.
00:08:40
Environment to play around with our offering when we also have the guide for the using a shared cluster. Why do we call it the shared cluster.
00:08:48
I believe we call the shared cluster, because the idea here might be that you have a couple of developers.
00:08:53
For which you create one pretty large maybe cluster in the Google Cloud environment for instance communities cluster.
00:09:01
And then the different developers can share that cluster for that develop meant work. And that's why we call the guide or the situation, the DevOps Developer's Guide for using a shared cluster.
00:09:14
If you want to get more serious on you're working towards going to production, then you definitely want to also look into the cloud deployment model, we had the cloud deployment model before and we have
00:09:29
Changed non so really changed, but we're even more emphasizing that
00:09:35
Deploying fortress, or any other software. This is not for specific deploying your services into the cloud is like deploying it on your operating system which is actually on that.
00:09:49
Machine under your desk. You also have to know what if you do that, you have to know
00:09:54
The features of your machine, you have to know the features of the operating system and a lot of things which are completely for drug independent
00:10:00
And the same is of course also true if you deploy as a communities or into a cooper natives environment only there's a big difference. And that is everybody's aware that, of course, for truck does not support the operating system you deploying to
00:10:16
With the cloud or with communities. This is a little bit different because it is so new, for a lot of us and it is so highly promoted.
00:10:25
In our industry and everybody says it's so simple, which it is, after a while, but you have to be
00:10:32
Aware that you don't get rid of the knowledge of the infrastructure. So you still have to have the knowledge about the infrastructure. If you're deploying your operating systems that is totally clear, you have to
00:10:44
Make sure that you're working system is secure enough and all this stuff around if you do that in a competitive environment similar requirements are there now with our first cloud deployment model, we might have concept to foreign so yeah we promote everything we
00:11:04
We support everything we didn't say that. But this was expectation, which we have created. So we have stepped a little bit back there. Its so called the cloud deployment model, but
00:11:16
It's the expectations which we right let's say it's a little bit less. Just do it, go into production and tomorrow and it fails.
00:11:26
While it's self healing. Yeah, it might be, but it may also not be okay. Having said that, we have an extra the deployment model guide for the Google offering for the Amazon offering and for the
00:11:39
Microsoft offering and we have a guide, which used to be called the site reliability guide and we used to have one extra one for Google, Amazon and
00:11:48
Microsoft, which is now renamed in the cloud, cloud deployment guide, because this is more what the guide is about and we only have one guide anymore for all the free environments.
00:12:03
Yeah, here's an actual other introduction about the CD k and the CDN on. Yeah. And what it is.
00:12:09
It comes actually as or if you want to look at it, you can download or clone a get repository get repository, which is called for jobs.
00:12:19
You can find it easily on GitHub. For instance, GitHub slash for truck and then you find a lot of quite a few
00:12:26
Repositories from fortress, obviously, and one is called forge ops. It has got some simple configuration all the new the Cooper natives manifest files all there and all. What you need to build your cloud deployment your communities deployment.
00:12:44
We also built a strategy for password handling, as I call it here on the slide.
00:12:49
What it is is another part which randomly creates passwords and it's actually more than one possible to create certificates for the different components to talk
00:12:57
To each other and also for the administrators, like the AM admin or the open item admin users to authenticate against am or IBM. So we automatically creating
00:13:08
Random password. So if you deployed into the cloud, they are kind of secure with random passwords and it should be only you, who should be able to get access to those paths with exactly what you mean here with a strategy for all password handling.
00:13:21
We decided to go away from home and instead use scaffold and customize. So there are scaffold configuration files as one for the six five deployment and one for the 7:30pm. This, of course, again, is referring to product releases from for truck.
00:13:40
And there is sample customization file to Joel's also partly split into six, five, and seven.
00:13:46
Why do I talk about seven seven is only released in a couple of weeks, but
00:13:51
The cloud strategy or the communities deployment is very, very similar now between 6.5 and seven.
00:13:57
So if you follow us on our coordinators deployment strategy for a while, then you may remember that we started with helm. But for some reason, we wanted to get rid of helm.
00:14:06
And so when they did the plot development for seven that decided to do everything we scuffle and customize that was so successful that our engineers decided that we kind of backed poor that strategy also to six, five, and therefore 6565 strategy was moved from LM into scaffold and customization.
00:14:27
And I'll have a word about what is scaffold and what is customization, just in a few minutes before that I'd like to give you a short overview. What is the CD clay. The cloud developer's kit.
00:14:38
Versus the cloud deployment model. So, as the name says the cloud developer's kit is for developers. And really, to start with, and start developing and you should very quickly have an environment
00:14:51
Which is already looking like for truck and it's for truck and you can connect to and you can start playing with it.
00:14:58
testing it out as well as starting to develop it.
00:15:02
And as I mentioned before, there is two strategies you can actually have it on the shared cluster here or you can even have it smaller or cheaper if you want in by deploying it into your mini cube cluster which you have running on your laptop, for instance.
00:15:19
So, you first need to create a cluster there. Once that is done. And this is kind of a prerequisite for the CD kV assume that somebody may be yourself or an administrator has created the cluster already
00:15:29
And you only need to deploy the for rock identity platform, which means basically you just download. The Four Tops get repository change directory into it run scaffold death.
00:15:41
If you run it against 6.5 you also have to specifically mentioned the scaffold F 6.5 PM, a file.
00:15:47
And then it deploys everything and everything should be fine and everything should be working. If you closer is big enough, let's say, and then you can access the platform, the UI and start playing with it.
00:15:59
So it's a minimal sample deployment for deployment purposes for development purposes. It includes that's mentioned
00:16:06
worth making includes fully integrated, am I meant directory server installs I go into the components, a little bit later as well. You may also find it there.
00:16:16
But it is only actually we basically only create the Docker image and we have commented out from the customization files already deployment of it.
00:16:27
But it is really straightforward. The question is just how do you use it and then you also need to have a resource usually which you want to protect with your it and therefore we took it out of that simple or straightforward deployment is big enough.
00:16:41
Is employed by developers who then access Am's and items you go a console and REST API's to configure the platform or to just play with the platform.
00:16:51
And the emphasizes really playing with the platform. This is way not production, not even benchmark ready now you don't run benchmarks on mini cube.
00:17:03
If you talk about the CDN. The main difference. Actually, I would say is we is this step here running light white benchmark. So the CDN is really an environment. Now, which should be good enough.
00:17:16
To run benchmarks against it. Now of course if you run benchmarks against it, then you probably also want to change the configuration.
00:17:24
You wouldn't want to rely on the configuration that comes in for drug, you of course have to get a configuration which is as close as possible to your configuration, the one you want to go into production with so
00:17:36
We need to set up or we need to have set up a cluster, maybe an administrator has set up a cluster for you already. If not, we provide you with some gloomy scripts, this time.
00:17:47
Which will create a cluster and we have three different clusters. And you may also again be familiar with that from the older model that is small, medium and large
00:17:56
Or small used to focus on 1 million entries medium and 10 million entries and large on 100 million entries
00:18:05
We don't use these words anymore or these dimensions anymore for small, medium and large, but you can roughly estimate that is what we have in focus.
00:18:14
For those three different sizes. So you need to create a cluster. And when you run your script to create the cluster, be careful because gloomy script you can feed actually can even start with the Mini. That is what we use in training honestly always small or with medium or with large
00:18:33
You might say, why not going large have everything have everything deployed and then you don't have a problem with sizing. Well, your credit card may have a problem with sizing or your bosses credit card because
00:18:44
The Google the Google all the other cloud providers will charge you quite a bit for that to be a bit careful when you run the script and look into maybe the
00:18:53
Gloomy script and check what is the size of the cluster, it will create for you. So having the cluster created
00:18:59
There's also an ingress controller, you have to take care and maybe a certain message you want to take care of. And then you can deploy the fortress around the platform. Again, which is
00:19:08
practically the same thing as we had in the cloud developer's kit. Just a configuration going to use is a little bit different. Again, but there's not that configuration, how
00:19:18
I am and am I configured is more about how much resources do you allow your part to occupy all the processes in your part to occupy and
00:19:28
Then the same next step is the same. You just access to us if you want or rest interfaces, if you want, and then you can start
00:19:35
Running little benchmark tests against them. We also have provided by the way with some sample benchmark testing tools as well.
00:19:44
And while you go into customization and end probably start here by deploying again on
00:19:50
To your testing can continue with your testing. And again, the CDMA School of course available for TK ek as an aka as the main differences. Anyway, how you create the cluster, but we provided with the blooming strips for GK e KS and aka es
00:20:08
I've got a bit of this comparison here between the CD and CD M.
00:20:14
Just very quickly, fully integrated am IBM and directory server installs yes true for both randomly generated secrets. Yes, true for both
00:20:24
Resource requirement well in names in the city. K. We expect you to work a lot with namespace. Because remember, we expect that you share the cluster with different developers and then the namespace concept of communities makes a lot of sense here.
00:20:41
And you can deploy it on GK IC s or ek is on mini cube which is a little bit different in this EDM. You probably also use namespace is of course a namespace, but it's not for separating different environments.
00:20:55
And then you use a dedicated GK IC s or aka so you don't share it with other developers, usually, otherwise you might face that noisy noisy neighbor effect.
00:21:06
Which you don't want when you do your benchmark tests, right, that will run a mini Cube City yes CM know
00:21:13
Mighty sound high availability world with a city K you want to save money. Right. You don't want to spend as much money as you might do for your production or your benchmark environments so
00:21:23
We don't do that with the city K with a CDN. Absolutely.
00:21:27
Replicate directory services with a CD chi. No, we don't expect that there is anything in your directory service which you need to have replicated Ohio available.
00:21:36
We want to save costs here. So no replication in the CD M. Of course, we want to have a high available environment and it's highly scalable environment. So definitely, yes.
00:21:46
Ingress configuration. Honestly, I don't exactly understand why the CD K would not need an ingress controller. It definitely needs an ingress controller. So I would give that a yes as well.
00:21:57
And the CDN. Yes, of course. Maybe you don't need an official Ingress controller, but I'll leave it up to you. Certificate management in the city. K. We usually use self signed certificates, which are just much easier when you deploy everything on
00:22:14
There. A little bit less easy. Of course, when the accident because your browser is actually complaining and it's more and more difficult with a browser these days to
00:22:23
Ask them, or well to to convince them that you know what you're doing and that they should accept those self signed certificates.
00:22:31
You don't have to handle it, you can handle it. But you don't have to handle it in the city K in the CPM, of course, you need to handle it.
00:22:36
Maybe providing your own certificates and finally Prometheus monitoring the funnel reporting and alert management, which is definitely something you
00:22:44
Want in your production environment so CDN yes of course city K, maybe not just because you want to save the space on the cluster. You could have intimacy DK as well, of course, and if it is just a test and develop your strategy on premium monitoring and reporting and alert management.
00:23:06
Here's something which might sound like a little bit too detailed for this kind of webinar here.
00:23:13
But if one or another of you would like to download and start playing with it without reading hours in of documentation. First, you might overlook that very easily and therefore I'm going to
00:23:27
Emphasize it will mention it here. I have seen it quite often that people forget that or not aware of that step and then you get errors when you try it out so
00:23:36
What we provide you in that forge ops gets downloaded or get cloud, which you may want to do is two parts where you can have for truck.
00:23:48
Directory for configuration and I'm talking about the AM configuration like adding a wrong or the IBM configuration like adding a connector and so on.
00:23:59
So there is actually I under the config. And then the version of the software and then CD K
00:24:06
Path. There is a complete set of configuration in the Identity Manager for instance.
00:24:11
It already has a connector configured to talk to one of the directory server that is also deployed, which we expect to have some or which is to be used as a user directory
00:24:21
That is actually a shared use the directory, the Identity Manager will provision, the users in there and the Access Manager will read the users from there to allow them to authenticate.
00:24:30
Via the Access Manager and that is especially important for seven because in seven the Access Manager and the Identity Manager will be automatically integrated when you deploy them as the CD clay.
00:24:43
Or in the context of the JDK, but this is actually the past which we expect to be under get control.
00:24:50
On the path. I'm showing here is actually the part that you get downloaded from fortress. In other words, there is evening and a good control of fortress. Well, you probably know
00:25:00
How you can change that by creating your own brand yourself. But this is not the path from where the scaffold deployment.
00:25:10
Would use the configuration because you may that orange part here called CD k, this is only one version that's come from photo but you might say,
00:25:19
I want to have my own configuration. I call it my CD clay or you might have different developers and they have different versions and they actually
00:25:27
At different stages. You want to deploy different versions or as we call them different profiles, where you get from for drugs at K profile and an hour to profile and then you can add your own profiles for testing different things and so
00:25:42
Now, how do you tell scaffold which profile, you want to use MVP. Be careful.
00:25:48
Those people of you who know scaffold already. You can also have profiles in scaffold. But that's not the profiles or exactly the prophets were talking
00:25:57
About technically they are independent. Those are kind of fortress profiles. Now you need a strategy to get to make them available for scaffold and this is what you do by copying them into the second part here, which is the
00:26:09
Path called Docker bicycle Docker because there you will also find the Docker false if you're familiar with scaffold, which a lot of you probably are, then you know scaffold is automatically creating
00:26:22
Docker images from Docker files. Now in contrast to our own strategy with Helm were the images would be deployed without configuration and then download when they
00:26:36
Are running as a part in Cooper natives, they would download the configuration about rooms and connected resources and so on from a get repository. That was the old version and the new version we bake the
00:26:49
configuration data rounds connectors and so on into the image and deployed with the image, and I believe that is much more the Cuban 80s style of especially Docker images style of doing things.
00:27:04
Now, in other words scuffled needs to have a Docker file that has the description, how to build a Docker container or the Docker image precisely on where to get this configuration. This is a key. What happens in that second path here and this is why the starting with Docker.
00:27:21
We have a command line tool which also get from the food ops repository, which can help you to maintain the copy here copy there between those two.
00:27:35
Paths where you can have your configuration. There is an in it or I call it initialize command here or an object to the command to the script which initialize is your Docker.
00:27:49
Configuration from one of the profiles you specify. Once you have done that you have it here and here. It may change. I will see him in white my change. And then you want to copy it back. And this is actually, we're done with the safe option.
00:28:05
You can also export from your cluster. And this is a provide may change here because if you want to, as a developer, if you want to use the admin UI of a Mr. IBM
00:28:15
You can still do so and you can configure a new realm through the admin UI. But then of course it is in Cuba natives in the cloud. Now you need to get it downloaded into that staging area as we as we also call it
00:28:28
And you can do that again with that little script which you get with the export command. Now you have it in staging area and then you would apply safe to copy it back or save it back into your profile where these and get control.
00:28:41
And if you want to combine the two commands, then you would just use a sink or the sync option so very convenient command.
00:28:49
Some more information about deploying the default CD came in the cloud developer's kit we have four different profiles scaffold profiles, actually.
00:29:02
One is called all the psyche, what you would do what you would use with the cloud developer's kit, the cloud, whether they're all profile is a profile which actually a can is done is done by default.
00:29:15
In the scaffold file or is used by default the default profile actually have the scaffold file.
00:29:21
And it has consequences on the customization strategy actually it has its path through the customization file where everything starts and it creates all the Cooper natives manifest files, all the communities objects.
00:29:34
And I said, the old profile is the one which is focusing on the CD K, you have a slide on. Yes, yes I do. If you look in the CDN well from left on the left hand side you already see
00:29:46
We're talking big now actually what we see here is the. It says here, the medium, but I believe it's the large profile the large profile has free sounds free aims to it, EMS
00:30:00
Free replica of the ID repo. It's a directory server or the CTS directory server. Well, I can't go into what's the difference between the idea or a pool and the CTS that would be Access Manager and Identity Manager stuff.
00:30:19
Which is not the focus, we have here. And I have to hold my own horses and not to go there because we don't have the time where we're not that bad. In time, actually.
00:30:28
So if you would run the medium profile, then you better have bigger bit of a bigger cluster because I said it will deploy.
00:30:38
Several am several IDs. By the way, the Postgres database here. It's called IBM Postgres. But it is fact. And while it is a is a more standard Postgres deployment, which we just uses a repository for IBM just to have them mentioned it also
00:30:58
Be ready to deploy Promethean escrow fauna and the alert manager. We don't do that automatically through the profile, but that cluster has been mentioned to also
00:31:10
Yeah, be ready for for deploying those
00:31:13
The cluster for you. Cloud developer's kit may not have the capacity to do that.
00:31:20
Yeah, and also is mainly always more or less automatic if you run the scaffold command, you can specify a profile under or
00:31:29
Couple of profiles in your scuffled Yama files as a default profile which is good for the cloud developer's kit. And then there are profiles, which you can use for small, medium, or large deployments.
00:31:45
prerequisites and key takeaways are now coming back to our
00:31:52
Can I call it the warning. Yeah, probably. So do not ignore the prerequisites outlined in the start here page, which is a whole guide these days.
00:32:02
They're not attempt to deploy for for guided path for them to production until you fully understand the DevOps technology.
00:32:09
Experience with the DevOps technology is critical to success and help is available for complex DevOps deployments of fortress software from for drug and for drug certified professionals.
00:32:22
Again, I'd like to compare that with the old days when we still had our own hardware and our own operating systems and
00:32:31
Had to maintain them and nobody actually would take would would would have a question about that this has to be done and that of course
00:32:36
For your hardware. You have to know somebody or you have to have somebody who knows a little bit about hardware and for your operating system. You know, it's
00:32:43
An administrator who knows quite a lot about operating systems and how to secure them and how to maintain them and how to make sure that they are working nicely.
00:32:53
With Cuba natives. It's still somebody needs to have that knowledge.
00:33:00
Good. If you have an in house if you don't have it in house, then you should definitely ask somebody. It's just if you download the food ops get repository. If you have a little bit of a cluster or you just read how to run the gloomy script.
00:33:17
On Monday, deploying and everything is fine. You might be happy.
00:33:21
And you go into production. And you might be happy.
00:33:24
Until something is not working anymore. And then you're in deep trouble. If you don't have the knowledge to debug it. We try to help you a little bit in the class. We have an extra lesson about troubleshooting.
00:33:36
But this is by far not enough to really enable you to run for truck or any other software in a kuvan it is environment and
00:33:52
Why do we emphasize so much on that because we just have had the experience that people are so tempted to try it. And then they expect
00:34:01
That for truck would support their communities environment which we just can't do. And we don't want you to be disappointed and only then find out that we are not supporting it. Okay.
00:34:16
Tools. I'm going to talk a little bit about communities Docker and Docker well very, very little scaffold customize Helm for meteors in Corona and Polo me
00:34:27
Of course, we don't have much time here. So I'm just actually mentioning. I hope you're all familiar
00:34:33
With containers, why we went from hardware to wait till operating systems to containerization. What's the difference between a Docker file a docker image and a Docker container maybe what we provide you with is the Docker files and some sample images. So we have a image repository.
00:34:59
Where you can download those scaffold automatically actually download those Docker images with am with IBM with the directory server installed ready to use in a development environment.
00:35:13
Not in a production environment. I heard in seven we might even provide you images which you can use in production, while you can use the existing images in production as well. But it really depends on your requirements.
00:35:27
If you expect that you have the latest security patches of Java of Tomcat and so on in the image right then I'm afraid you need to
00:35:38
Create your own images we are not doing that because there is very different requirements from different customers and how secure those images need to be
00:35:50
Inside. I heard in seven we may even go there that we provide support it images from our side but seven is not released yet. I can't tell you. I can only for, for me, it's, it's just and
00:36:04
How do you say, well, it's, it's just, let's call it rumors.
00:36:11
What we do support, interesting enough, is the Docker files. So if you need to know how to create those images and then it's your responsibility to make sure you use a Java version which is according to your let's say security requirements then
00:36:28
The Docker file which we gave you for all the products will help you to easily create those images and it is so easy that we can even do it in the class, we can handle it in class and this is one little lesson in the class, which only takes maybe I don't know 2030 minutes
00:36:46
Then we build our Docker files, sorry we build a docker image our own Docker images. So from that point of view, it is really straightforward.
00:36:54
It is just what exactly is in the image and is that something you can use in production, according to your own requirement. That's the big question that is left
00:37:06
Introducing scaffold scaffolding is a fantastic tool for continuous integration, continuous deployment, you can run scuffled even in a way that you say
00:37:17
Watch this directory contains my configurations and whenever a file in that folder. When that directory changes, then just really play everything I would almost say dangerous. The easy because I little control asked to safe.
00:37:34
A configuration from your editor.
00:37:37
Already causes everything to be redeployed which could be a bit
00:37:42
A lot for just actually saving something in between. And also, be careful when you do that, saving between you may even create your may even save
00:37:49
Configuration, which is not even ready to be deployed might not even be the correct syntax for that current configuration files in question here.
00:37:58
But people love it that you just actually plays a file there and everything's redeployed and you don't have to care about it.
00:38:05
You can also run scaffold in and run mode where he deploys everything and then he would wait for you to deploy it again.
00:38:14
You can look into the scaffold configuration files which we give you and he will find is comprised of three different areas if you want. There's build area. There's a deploy area. And there's a profile area.
00:38:29
The build area actually tells the scaffold itself, how to build those Docker images because this is what scaffold does whenever it finds a configuration change or whenever you tell it to do it, it will
00:38:43
Copy all the configuration from your configuration folder into the image, create a new image deploy the new image. By the way, if you want to accelerate the process. Highly recommended that for Google, for instance.
00:38:54
You can configure the whole thing so that it does the building of the images on Google. So you don't have to download the base image locally, create a new image and upload it into the cloud, everything happens in Google which accelerates the process a lot
00:39:11
Scaffold can be used to do the deployment with different tools but scuffle itself is not going to take care of the deployment, it will hand it over to another tool you can use home you can I believe you can use cube cuddled
00:39:24
As well directly, or you can use customized and that is actually what we have chosen to do this and then you configure actually in the deploy part
00:39:34
In the profile part you have the typical of build and deploy again.
00:39:40
And then when you run scuffled you can just tell it. Use this profile or your risk profile or another profile and will actually use those.
00:39:48
Instead of the default profile which is in build and deploy. Why not having that those profiles and extra scaffold files because in the profile section you can kind of refer to the default part. So if everything is the same except a different customization.
00:40:06
file you want to use. But the built part is exactly the same. You can just for the build part referred to the default and in the deploy part you can have a different deploy a part because you want to do it with a different customization talking about customization. What is customization.
00:40:21
Well, when you have those
00:40:25
Carbonate is manifest files.
00:40:28
Then they may be working totally fine. So you can deploy those customization files and everything is fine. Except you might say, well, wait a minute. In my case, I have a development environment, a test environment, the QA environment.
00:40:43
Some even have a production environment and should all be the same with little differences. For instance, the size of the VM for my directory service should be different or a couple of other configuration should be different.
00:40:58
Then customization or customize is the tool to use. By the way, this is not a typing error. It was already here, not a
00:41:04
typing error to spell scaffold with a K. The K probably comes because it is very closely related to Cuba natives and not to scaffold. Like, you may know the English word that is spelled with the sea.
00:41:17
Same is fully customized other case probably stands for communities and not for customized like in English word customization. Well, anyhow. This just actually side remark.
00:41:29
Yeah, customize. I said, can be run again with different customizations. And you just actually specify different customization files or different so called over lace and then almost the same configuration will be used to create those communities manifest files with just some small differences.
00:41:48
Because most people had one requirement when they built customers. And that is, it should be template free so the basis on which you create your real configuration is
00:42:01
Not a template like it would be in Ellen, for instance, but is a complete full working configuration you just overwriting parts of it.
00:42:13
And you do that by using a technology. It's a little bit similar to expose except of course in Yarmouth file and well as possible and work, but from the idea. It is actually you have a an exact
00:42:25
Path like a your I even the customers in the coordinate is manifest photos or hierarchical files. So you can have a UI that exactly points to one particular parameter and you can just override the value instead of having a variable name which is replaced during the build process.
00:42:45
Why is that so smart, because sometimes you want to go in the other direction, you have something deployed already a configuration deployed on the server where the
00:42:52
Variables are replaced by the default. And when you export it. It will not reverse and replace the values with the variable names again. Right.
00:43:03
Which would actually destroy your customization, this time with the sea spelled with the sea idea of replacing variables during deployment. So
00:43:14
Very, very cool tool. Um, I would almost say it's it's unfortunate that it only works with yellow files because I would like to use it in almost everything.
00:43:23
Now, okay, Tony, very quickly about polygamy polygamy is a script language and I'm really very brief here which we use to create clusters in our coordinators environments.
00:43:37
There are two steps to have to do you first use what we call infra which actually kind of prepares the infrastructure. So it will create a CPV I and was CPB stands for virtual
00:43:53
Okay, sorry. I have a bit of a blackout. Now we're to a private cloud. I guess that's what it translates into
00:43:58
So it's a bit like like a virtual private network runs over the internet. But you likely do it in a way that it is virtually private and the same exactly true with a virtual private cloud.
00:44:09
It of course runs in the cloud provided by Google or Amazon or Microsoft, which is everything else than private but via truly it is private.
00:44:18
And you have to create that kind of infrastructure first before you can create a cluster. And this is what the second
00:44:24
part does. It's called stack. But what it does, mainly it creates a cluster and that cluster can then be distributed over def different regions and sound. This is why you need the Virtual Private cluster.
00:44:37
Technology here if we also reserve that IP address for ingress controller very convenient and it creates storage which some may need and the last slide of this section already is.
00:44:52
Some other component while summarizing everything which will be deployed the others answer.
00:44:56
I'm sorry, using actually this is six, five, and six five is still need to answer to, if you're familiar enough with am to import the configuration into the directory server for the
00:45:07
Access Manager and we use our own command line tool for that answer, then there's am there is I am there to directory servers as a Postgres database for IBM and that there's a report which is creating those random
00:45:22
Secrets passwords for some of the objects we need persistent volumes. So we have the persistent volumes here.
00:45:30
In addition, you need an ingress controller. We are using engine x here with a particular configuration.
00:45:38
And a certain managers or the ingress controller is so we have a front end the reverse proxy. If you don't know what an ingress controller is in Cuba natives. So it works. Kind of like a reverse proxy.
00:45:50
And you need that to access it from outside and the CERT manager you need if you want to not use self signed certificates, but
00:45:59
Let's Encrypt certificates or real certificate from a certificate authority self signed certificates. You don't necessarily need it because I believe the English would also that engine x, we are using for the English would also do it for monitoring, you can use primitives and
00:46:16
This is important dimension because from the footer point of view. So all of this here is customized deploy deploy using customize
00:46:28
for monitoring the service manager and the engine x we use standard deployments and they are so easy to get through existing Helm charts. Right.
00:46:41
We give you more help. We created scripts, which deploy all of that. But what those scripts do they're still referring to those Helm charts.
00:46:52
And that's the only reason why you find the key word Helm still in our documentation, not for any for truck deployment. That is all customized now but for that port.
00:47:07
Michelle How much time do I have minus five minutes already.
user avatar
Michelle Coppens :: Webinar Producer
00:47:12
We have 10 minutes
user avatar
Matthias Tristl
00:47:14
Okay, good. I thought I should
00:47:17
leave some time for questions.
00:47:20
But okay 10 minutes for my presentation or 10 minutes for the whole webinar.
user avatar
Michelle Coppens :: Webinar Producer
00:47:25
10 minutes total and we have about five questions queued up
user avatar
Matthias Tristl
00:47:28
Okay, good. That's five minutes. So I have five minutes for the class well
00:47:33
It can be done very quickly because what I explained actually most of the slides were just taken from the class right
00:47:40
So I don't have to talk too much about the class because we just do all that in the class. What I just tried to explain. Let's go to the summary, we have a description about the class and target audience. Some prerequisites. And what's the use case. So
00:47:56
Transcription successfully deploy and manage the force for good ad platform software in a coordinated cloud environment running on Google coordinators environment using DevOps techniques.
00:48:06
This is what we do in the class or lead is the goal of the class. Honestly, it happens in the first couple of hours that everything is deployed.
00:48:14
It could actually be done in 10 minutes because we give you an environment where you basically have to run one command and then everything is deployed. But of course, this is not
00:48:24
Where you learn a lot. If you just run a command and everything is deployed automatically. So it is we have to go into the details, a little bit. And at the end of the first
00:48:35
Day we already have a chapter which is called troubleshooting so good for the instructor, because if things go wrong. Oh, go go go go south in the in the first deployment attempt
00:48:47
Just the better because then everybody's looking forward to the troubleshooting chapter where honestly. Usually, it doesn't happen so
00:48:56
What happens is everything just runs smoothly. Not always. I just run a class like last week. We're we did have trouble, which was actually due to some
00:49:06
Things we don't have under control and basically the interesting part. It's called instructor led workshop
00:49:13
It is a little bit different from the structure than the classes you may have visited with for truck so far, where you have a student guide.
00:49:21
Which is the instructors presentation and the student workbook, which is very detailed instructions on what you should do in the labs and it's totally separated. There is
00:49:32
A presentation and then you have an hour or 30 minutes or however long
00:49:37
It may take for doing the labs and you're doing the labs, pretty much on your own, with the help of the instructor. Of course, if you need it.
00:49:44
Now, we call this a instructor led workshop, because there is only one presentation and the labs happen within that same presentation and for the labs, there is only the presentation. So there's not that much detailed
00:49:56
Instructions honestly the instructions or detail enough that you only have to type or even copy paste. What is on the slides, but there's not all the explanations are around it. This is actually what we expect those instructors to give you a while or in between you, or doing the labs.
00:50:16
And that makes it much more interactive and other classes.
00:50:20
Because there is no defense lab guide on then people are much more
00:50:26
Open to ask questions.
00:50:29
Target Audience developers who customize and deploy a food truck, the platform. Remember, it's the Access Manager, the identity mentioned directory server. And if you want the identity gateway as well.
00:50:41
Deployment engineers who routinely set up communities clusters and deploy integrated software in the cloud. So
00:50:48
Those people who are already familiar with playing with Cooper natives side engineers who configure the Cooper natives cluster and who launched the platform into production might also be interested to know what they are going to put into production here.
00:51:04
We do expect some knowledge about Docker communities.
00:51:10
Chica de, why not Amazon or Microsoft because we run everything on GK II, but since it is Cooper natives. Most of the commands or agnostic of the cloud provider anyway.
00:51:23
scuffled customize skit. Follow me remember Helm is needed if and we do that do that. You want to deploy an ingress controller and a Certificate Manager and the monitoring infrastructure.
00:51:37
You don't have to have a lot of knowledge of all of this, it is just if you are very new to all of these. It's a lot. It's just
00:51:48
Really a lot to learn in three days and then you may end up in an information overflow situation if you are familiar with.
00:51:57
Docker, but not scaffold. You will pick up scaffold probing during the class. If you're familiar with scaffold, but no customization or customized you will pick up customized
00:52:06
During the class, so I'm not worried that you will get through the class or that you won't learn anything. It's just said it might you might if you're
00:52:13
pretty new to everything of the you might pretty much certainly end up in a information overflow situation. What we of course also expect is that you have a little bit of of knowledge about our own software. So ideally, you have visited or similar knowledge like is provided through the
00:52:34
And IBM 400 clauses and of course if you have been to the it for the class not harmful little
00:52:43
Bit about Linux could be interesting, or could be useful, because we are running the commands from a Linux environment.
00:52:52
The commands that while this is all the cluster client commands like cube cuddle or in our case G Cloud is the Google Cloud SDK.
00:53:05
Or scaffold and all that all these programs or all these programs have to be on the client side also installed with a client.
00:53:12
And we provide you with a Linux machine where everything is installed. If you don't like that will be our guest install it on your own laptop, but that is not part of the class.
00:53:24
And that's actually why we would like everybody to have a little bit of Linux knowledge.
00:53:30
They use goes will understand how for drug software can be deployed using DevOps techniques which basically means communities. Right.
00:53:37
Determine which requirements are necessary before deploying for for software, you will learn that learn the overall process for deploying fortress after using different techniques. Again, mainly communities. We do do a little bit of kit and have a little bit of hints on how you can
00:53:55
Organize Your get repositories for development.
00:54:00
Testing QA hands on.
00:54:03
And then quickly deploy the full truck identity platform software for evaluation purposes.
00:54:09
The agenda, we have five chapters and I'd like to
00:54:16
Well, as far as I remember, without going through the chapters in detail, chapter one, introducing the photo galanti platform and deploy a death of example we are basically following the
00:54:28
Cloud developer's guide here. In other words, we're deploying everything. It's a really poignant moment, but we don't care about
00:54:36
Am configuration or IBM configuration here, but this is remember the chapter where we also do a little bit of troubleshooting.
00:54:44
Then chapter number to configure the fortress identity platform sounds very similar, doesn't it, but here we are now more focusing on the CDN. We want to introduce our own configurations like rooms and connectors and all this stuff.
00:54:58
Then deploying a VM configuration of the platform. Here we are going, actually.
00:55:06
Put that together with deploying a platform to multiple environments topics here are create your own cluster monitoring.
00:55:15
How we create those secrets that in that and how you can deal with these randomly created passwords. So those are the topics we're going here. So we're going really a bit into the details of what we are deploying and what we're doing and some topics around it.
00:55:33
And finally, migrating and application to communities and application is if you have been to one of our other classes, you know that very well. The food truck entertainment company, they have that application.
00:55:44
Where you can stream movies and stuff and they have at the end of those classes. Everything is deployed it. Mm hmm. And I G and everything is ready to go into production.
00:55:55
For streaming movies with the customers and that is all on premises. Now they had the idea to also move that into the cloud. And this is what we are handling in chapter number five, chapter number five. We handling all the topics.
00:56:10
Which you have to think about when you want to move from on premises into cloud deployment. Well, if I said all the topics, the FCC topics. Right.
00:56:19
Your installation might be a little bit different. And you might have requirements which don't cover here. So it is really a start. For those who want to know what might have to be done when you move from on premise into
00:56:34
The cloud. And then of course it depends on how customized solution is whether everything you need, you will learn here or whether there are some extra steps. Okay. Having said that,
00:56:45
Last slide.
00:56:48
About future university we have those kind of four different levels as the 100 level class which we are currently rewriting and they will be re recorded. They actually are provided for exit certified in the future. And you can actually, yeah.
00:57:05
Just visit the class there. The 400 level classes or the deployment classes where you learn the basics was not so basic but five days for each product. How you deploy.
00:57:17
Them the 500 level classes or these expect a instructor led expert led workshops
00:57:24
We have to the one we're talking about here, and the one about identity governance and finally the 600 level class, we only have one at the moment. And this is a combination of the AM and the ID and plus. With that, thank you very much. We're not done because there are questions.
user avatar
Michelle Coppens :: Webinar Producer
00:57:41
There are a ton of questions in the Q AMP. A but just looking at the time. I want to let everyone know that I posted a few really useful links in the chat window for everyone.
00:57:54
If you are. I mean, you're here for FR 523 right now I want to let you know that our July six classes guaranteed to run. So not only will you be able to enroll at 50%
00:58:05
Off, but you can also guaranteed to get your training in on July 6 I've linked all of our other for job training classes when you're looking at the schedule look for that GT R symbol to know that your classes guaranteed to run from now through the end of July, we have
00:58:24
At least one class for each course guaranteed to run. And I also shared the 50% off promo code as well as the details, you can find all of those useful links in the chat MTS is sharing
00:58:37
A similar slide to but find the clickable links in the chat window. Alright Mathias, do you have the Q AMP a box open
00:58:46
I do awesome
user avatar
Matthias Tristl
00:58:48
First one is Oracle Cloud support it to support it. No, we have looked into it.
00:58:58
But we also found it a little bit difficult, as far as I know.
00:59:04
So I said, we have looked into it, but I don't think it's well I know it is not so officially supported it might be, but not at the moment.
00:59:13
Just the deployment is supported and recommended even in client environment.
00:59:22
Or didn't require a dedicated to when it is cluster.
00:59:28
I don't think you want to share the cluster with some other software.
00:59:35
I wouldn't know why it shouldn't be supported. I guess he would rather easily run out of resources or unexpectedly running out of CSS is because
00:59:45
You know how it is incriminated you really give the authority to organize which process is running on which node.
00:59:53
To Cuban 80s. Right. And then if you mix it with other software. It could be. Well, I would say it's isn't it complicated enough to to have a cluster, just for for truck what complicated enough is not the right way to say, of course, but
01:00:09
challenging enough. But if you don't install the, the, the full stack. I wouldn't know why you shouldn't do that.
01:00:21
hybrid model.
01:00:24
We are definitely supporting that we are a lot of our customers want to do that. And I believe, in many cases, it should be the way to do because we're talking about identity management, which means personalized data of your users or your employees.
01:00:42
What we have for instance created as a little Goodie, you might be interested in, in which will come out in seven
01:00:49
Is a new connector server. If you're familiar with IBM there's a connect to server, which you can run in IBM or you can run as a remote server. So usually
01:00:57
IBM uses the connector server to connect to external systems. Now if you run a non a hybrid situation you might have IBM in the cloud, but it needs to connect to your directory server.
01:01:09
On the on premises and that would mean you have to allow somebody from outside to penetrate your firewall, which is not really popular with the firewall people so
01:01:21
We have looked into what we can do here. And we actually created a connector server that would run on premises and from the connector server.
01:01:28
Open the connection to IBM so IBM can access your Active Directory, for instance, I just mentioned Active Directory, because it's a popular one for the situation.
01:01:37
So this just as a that might answer your question, I can't talk more about it, but it is definitely on our
01:01:45
One of our focuses the hybrid cloud is very important for us because we know that many customers want to do that. We also see the fully see the reason why you want to do that and we taking care of that on. I just mentioned one example for that.
01:02:00
What is all profile meant. Yeah, I am. I like the question because I also almost wondering if if you go to a restaurant and order a pizza with everything. Does it mean, nobody else will get a pizza.
01:02:12
Because you've got everything. And that's a little bit with the also all precisely means am IBM to directory servers and a Postgres database.
01:02:26
And then you could of course could also strip it down to say I'm don't need an Identity Manager. I only need an Access Manager. Oh, I only need an Identity Manager, but no Access Manager or I only needed directory server.
01:02:38
And there's another question. What about deploy on AWS instead of Google as our production is neither yes yes AWS, I believe we have minimum as many customers on AWS or interested in AWS then Google
01:02:54
I agree. Oh, I accept my slides were a little bit Google centric just for the simple reason that the training runs in the Google Cloud, right, but from fortress point of view, we support AWS and Google in exactly the same way.
01:03:14
As sure we have a little bit more difficulties because I believe Asia is a little bit behind in the communities deployment world, right, at least, it used to be. I don't have to
01:03:27
admit, I haven't looked into it for the next couple of weeks, a month, but I had the impression. They were a little bit being and we had a little bit of extra trouble with them getting every thing sorted, but I believe a lot of things are definitely sorted now.
01:03:43
Yeah but AWS. Absolutely.
01:03:46
Equal to Google.
01:03:51
Well, why the CDMA advises the CDMA is a robot sample deployment for the inspiration and exploration purposes only. It is not a product deployment in this deployment document.
01:04:02
The reason or can I try to have a short answer with out. I already tried to mention it. The point is, we, we, and we still say that the CD M is a blueprint.
01:04:18
Or a reference model, but we called it ready for production and unfortunately a few customers with not enough knowledge in Cuba natives said okay
01:04:34
If this is what I need for production, then I don't need all the knowledge and I just do it right and you know how it is in our industry, you can
01:04:43
Still run into trouble. And then you have to have that background knowledge. So we just want to avoid that people believe it is that easy as it can be. In the first run well by following the CD and and therefore we just started to avoid mentioning production.
01:05:04
But the only reason is that we want to avoid that people be if this is all they need to go into production and they don't need to have all the background knowledge and you also know how it is in our industry.
01:05:17
Especially our software we try to go by not go away for it, but make it easier
01:05:23
To deploy our software with less customizations. But this is what. On the other hand, people love with our software as well because you can customize it so much.
01:05:33
And then of course you have your customized am and deploy with a CDN and it suddenly beliefs or suddenly you find situations which we didn't think about maybe when we created the CDN.
01:05:47
Or tested the CMO so so that's the the the background for that.
01:05:54
Oh no open questions anymore.
user avatar
Michelle Coppens :: Webinar Producer
01:05:56
It looks like. That's where we're at, for questions. Once again, thank you so much Mathias. Thank you.
01:06:02
For everyone for attending today. As a reminder, we've recorded this session. And we're going to send a copy out to everyone early next week. I do take advantage of those classes on a schedule that are guaranteed to run and if you have any more questions. Now's a great time.
01:06:22
Otherwise, I hope you all enjoy the rest of your day. Thank you much, yes.
user avatar
Matthias Tristl
01:06:27
Thank you, Michelle.
Powered by Otter.aiTM