IBM has published a Helm chart which can be used to easily deploy an IBM Security Access Manager environment within a Kubernetes infrastructure.
What is Helm?
In simple terms Helm is a management layer which sits in front of Kubernetes and can be used to manage the various elements of a Kubernetes environment (e.g. deployments / pods / secrets / etc). It uses a macro’ing language so that the Kubernetes yaml files can be dynamically constructed based on configuration parameters passed into Helm.
“Helm helps you manage Kubernetes applications — Helm Charts helps you define, install, and upgrade even the most complex Kubernetes application.Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste.”
The ISAM Helm chart can be used to deploy the various Docker containers which make up the ISAM environment, as depicted in the following figure:
There are a few points to note about the helm chart, namely:
The postgresql database container is for Proof-of-Concept and testing purposes. In a production environment an external DB2/Oracle/PostgreSQL database should be used;
Multiple Web Reverse Proxy instances, and multiple replicas of each instance, can be created;
Multiple replicas of the Runtime Profile can be created;
The Distributed Session Cache will support a primary/secondary instance for high availability (active-passive);
The persistent volume is used to store logging and configuration information;
Each of the containers will retrieve configuration information directly from the configuration service.
Please note that the Helm chart is used to deploy the various containers/services. Once the environment has been deployed the administrator still needs to use the configuration service in order to configure the environment.
“IBM Cloud Private is an application platform for developing and managing on-premises, containerized applications. It is an integrated environment that includes the container orchestrator Kubernetes, a private image registry, a management console, and monitoring frameworks.”
The ISAM Helm chart is now available in the IBM Cloud Private catalog:
A YouTube recording is available on the IBM Security Channel which provides some further information on the ISAM Helm chart, and also demonstrates the deployment of an ISAM environment using IBM Cloud Private:
IBM Security zSecure suite V2.4 was announced on July 23, 2019 with a planned availability date of September 30, 2019. You can read the US announcement letter here. RACF has made new JSON Web Token functionality in support of Multi-Factor Authentication also available for z/OS V2.2 and V2.3. Details about zSecure compatibility fixes can be […]
On July 19, 2019 we made IF001 on top of IGI 188.8.131.52 publicly available on FixCentral. This iFix include some strong performance improvements especially within the Access Certification module. Improvements are made in the following areas: a. Time to launch Campaign Summary Page (Especially in the event of a high number of campaigns). This improves by […]
In this part of our series we are taking a deeper look on how the LDAP reverse proxy works and what is needed to be done to make it work. Enable CI In this part we look at what needs to be done on the CI side and what information needs to be collected. We […]