Configuring the ForgeRock Identity Platform™ in a DevOps Environment

Configuring the ForgeRock Identity Platform™ in a DevOps Environment (FR-523 Revision B)

 

Description

This expert-led workshop guides students through the deployment of the ForgeRock Identity Platform™ (the Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE).

The workshop initially describes how to use the ForgeRock Cloud Developer’s Kit (CDK) to deploy a sample configuration of the Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store.

The CDK is used to configure the Platform and redeploy the updated configuration in an existing Kubernetes cluster.

Students then create a new cluster using Pulumi tools and deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.

The last chapter of the workshop explores how to migrate the ForgeRock Entertainment Company (FEC) portal configuration from the IDM Core Concepts course to Kubernetes.

This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs instead of providing a dedicated Student Workbook, as offered with the Core Concepts courses. You will work with the instructor to improvise any steps that are necessary for the given lab environment.

Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools.

Note: Revision B of this course is based on the DevOps 6.5 documentation.

Target Audiences

This workshop is aimed at technical audiences who are responsible for deploying and managing the Platform on Kubernetes. This includes, but is not limited to, those with the following responsibilities:

  • Developers who are responsible for deploying and configuring the Platform in a DevOps development environment, and helping others migrate those deployments to production.
  • Other technical audiences, such as system integrators, consultants, architects, administrators, and sales/support engineers who need to learn how to plan deployments and configure clusters suitable for deploying the Platform in the cloud.

Objectives

Upon completion of this course, you should be able to:

  • Introduce the Platform and deploy a default configuration using DevOps techniques.
  • Configure the Platform using the Cloud Developer Kit (CDK).
  • Deploy a configuration of the Platform based on the Cloud Deployment Model (CDM).
  • Prepare the Platform for deployment to multiple environments.
  • Migrate the FEC Portal sample application to Kubernetes.

Prerequisites

The following are the prerequisites for successfully completing this course:

  • Completion of the ForgeRock University [AM-400, IDM-400, DS-400, IG-400 (optional)] Core Concept courses, to ensure that you know:
    • How to configure and administer DS, AM, Amster, IDM, and (optionally) ForgeRock® Identity Gateway (IG).
    • How to use the appropriate commands and user interfaces for each component.
  • Students should already be familiar with the following technologies and be able to use the related commands to deploy and manage software in a DevOps environment:

Note: To deploy the Platform on Kubernetes, ForgeRock has simplified its reference cloud deployment, based on a new tool set that includes Git, Skaffold, and Kustomize, to simplify deployment to Kubernetes. The CDK and CDM examples can be used by your DevOps team to deploy and start up the Platform in a public cloud such as Amazon, Google, or Microsoft Azure.

Duration

3 days

 


Course Contents

 

Chapter 1: Introducing the ForgeRock Identity Platform and Deploying a DevOps Example

This chapter shows you how to access and configure your CloudShare VM development environment, access your GKE cluster in a GCP account, and deploy the Platform to the GKE cluster by following the CDK documentation and using software provided with the ForgeRock/forgeops repository.

Lesson 1: Introducing ForgeRock DevOps Documentation and Examples

  • Describe the Platform and related DevOps techniques for deploying the Platform to Kubernetes
  • Access your Cloudshare lab environment and developer desktop
  • Access your associated GCP account for deploying the Platform
  • Describe the DevOps documentation and the CDK and CDM methods of deployment
  • Describe the DevOps tools for deployment, and deploy a simple application to validate the environment

Lesson 2: Deploying the ForgeRock Identity Platform to GKE

  • Prepare your DevOps environment
  • Deploy the Platform to a GKE cluster
  • Verify that the Platform is deployed and accessible
  • Work with basic DevOps commands to explore the Platform
  • Remove the Platform deployment and clean up the environment
  • Compare the deployment of the Platform to other cloud providers, such as Amazon Elastic Cloud Services for Kubernetes (Amazon EKS) and Azure Kubernetes Service (AKS)

Lesson 3: Troubleshooting When Problems Arise

  • Approach troubleshooting of common issues in Kubernetes systematically
  • Run commands for troubleshooting environment issues, containerization issues, and orchestration issues
  • Identify resources for getting additional support

 

Chapter 2: Configuring the ForgeRock Identity Platform

This chapter shows you how to build and use your own base Docker image for deploying the Platform, and how to deploy a custom configuration using the CDM approach.

Lesson 1: Deploying the Platform with Custom Docker Images

  • Navigate the forgeops repository
  • Describe data used during the deployment of the Platform
  • Customize Docker images for the Platform
  • Work with Kubernetes manifests and objects
  • Manage the configuration life cycle with Skaffold

Lesson 2: Preparing Your Environment for Deployment Based on the CDM

  • Describe the ForgeRock Cloud Deployment Model (CDM)
  • Describe the requirements for creating and setting up the deployment environment for the CDM
  • Create a Kubernetes cluster using Pulumi
  • Deploy an ingress controller on the cluster
  • Deploy the certificate manager on the cluster
  • Set up your local environment to push Docker images

 

Chapter 3: Monitoring, Backing Up, and Restoring the Environment

This chapter describes how to add monitoring to an already deployed CDK or CDM environment using the Prometheus-deploy.sh script provided in the forgeops repository. The chapter will also describe how you can use the provided benchmarking tools to generate a load on the environment for monitoring purposes.

In addition, the chapter covers how to back up and restore the Platform using the provided scripts in the forgeops repository.

Lesson 1: Monitoring Your Deployment

  • Describe the monitoring infrastructure for the CDM
  • Deploy the monitoring tools on a cluster
  • Monitor the CDM deployment
  • Benchmark the CDM deployment for monitoring

Lesson 2: Backing Up and Restoring the Platform

Upon completion of this lesson, you should be able to:

  • Describe backup and restore with CDM
  • Enable CDM backup
  • Manage the backup schedule
  • Initiate backups manually
  • Use CDM restoration features
  • Initiate restoration manually

 

Chapter 4: Deploying the Platform to Multiple Environments

This chapter covers how to manage additional environments with Skaffold and Kustomize profiles, and prepare to move the deployment configuration to other environments for deployment, such as test and production.

Lesson 1: Managing Multiple Deployment Environments

  • Manage multiple environments with Skaffold and Kustomize profiles
  • Prepare for deployment to multiple environments
  • Move from development to other environments

Lesson 2: Building Your Own Docker Base Images

  • Prepare ForgeRock software for your own base Docker images
  • Create your own base Docker images
  • Deploy with your own Docker base images

Lesson 3: Handling Secrets

  • Provide an overview of the forgeops secret generation functionality
  • Manage and override generated secrets

 

Chapter 5: Migrating an Application to Kubernetes

This chapter discusses how to migrate the existing FEC Portal solution from the IDM-400 Rev B course, which is using non-DevOps techniques for installation and configuration, to Kubernetes using DevOps techniques as presented in the DevOps documentation.

Lesson 1: Migrating an Existing DS Configuration to Kubernetes

  • Discuss how you can migrate an existing DS configuration to Kubernetes
  • Migrate the DS configuration and sample user data using the CDK

Lesson 2: Migrating an Existing AM Configuration to Kubernetes

  • Discuss how you can migrate an existing AM configuration to Kubernetes
  • Migrate an existing AM configuration to Kubernetes
  • Customize the AM web application during deployment

Lesson 3: Migrating an Existing IDM Configuration to Kubernetes

  • List the challenges of migrating IDM to Kubernetes
  • Implement the required changes to IDM to update IDM from a previous release
  • Migrate the configuration from a previous version of IDM to the CDK
  • Migrate data from a previous version of IDM to Kubernetes (Optional)
Available Courses
Configuring the ForgeRock Identity Platform™ in a DevOps Environment
(FR-523-BVP Rev B)
Red Education - Singapore, Virtual
Oct 12, 2020 - Oct 14, 2020

Configuring the ForgeRock Identity Platform™ in a DevOps Environment
(FR-523-BVP Rev B)
Tech Data UK - Europe Various
Guaranteed to Run
Oct 13, 2020 - Oct 15, 2020

Configuring the ForgeRock Identity Platform™ in a DevOps Environment
(FR-523-BVP Rev B)
ExitCertified - Americas Various
Guaranteed to Run
Nov 23, 2020 - Nov 25, 2020

Configuring the ForgeRock Identity Platform™ in a DevOps Environment
(FR-523-BVP Rev B)
Tech Data UK - Europe Various
Jan 27, 2021 - Jan 29, 2021
Language: en

Configuring the ForgeRock Identity Platform™ in a DevOps Environment
(FR-523-BVP Rev B)
Tech Data UK - Europe Various
Mar 8, 2021 - Mar 10, 2021
Language: en

Configuring the ForgeRock Identity Platform™ in a DevOps Environment
(FR-523-BVP Rev B)
Tech Data UK - Europe Various
Jun 23, 2021 - Jun 25, 2021
Language: en