Commissioned by Avatier
1 Introduction
IAM (Identity and Access Management) in general and IGA (Identity Governance & Administration, integrated solutions for Identity Provisioning and Access Governance) in specific are cornerstones of today’s IT Infrastructures, well beyond serving security and regulatory compliance requirements. However, most IAM solutions as of today are still built in a very traditional style. They are rather complex, monolithic applications that aren’t easy to deploy. They run on premises and it is hard to impossible to shift them to an as-a-service model. Shifiting to containerized IAM can help in overcoming many of the challenges that traditional IAM infrastructures bear.
Over the past decade, we have observed massive changes in the way applications are developed and operated. Agile development, DevOps, microservices, containers, container orchestration and even Serverless Computing became popular, either extending what has been there (such as APIs) or replacing formerly prominent concepts such as virtualization. These provide massive benefits, such as support for flexible deployment models; increased elasticity, scalability, and availability; continuous innovation, development, and deployment; ubiquitous APIs for integration and customization; and simplified operations.
This results in many specific benefits for IAM and IDaaS deployments, such as greater security, reduced preacquisitions of technology such as middleware before deployment, lower cost of operations, faster time to value, agile IAM deployments, faster quick-wins, and continuous innovation.
Avatier, an US-based vendor of IAM solutions, has decided a while ago to consequently move to a containerized approach for IAM. Their IAM and IDaaS offering is now named Avatier Identity Anywhere, built in a microservice architecture, and delivered in Docker containers with Docker Swarm or Kubernetes for orchestration.
Based on that approach, the solution can run in the respective environments that support Docker containers, from running Docker Swarm or Kubernetes on premises for load balancing and continous deliverly to running the environment as a service. The solution supports preparation of shifting Avatier Identity Anywhere workloads to other environments such as AWS, Microsoft Azure, Google Cloud, even private clouds or country specific data centers. It includes an agent to connect back to the remaining business workloads that the IAM solution must manage on premises.
Consequently, the solution comes with a pay-per-use, subscription based pricing model for both hosted and non-hosted deployments. Even though Avatier prides itself on offering a low-code/no-code solution, another element that is essential to containerized IAM and to be found in the Avatier Identity Anywhere solution is a comprehensive set of REST APIs.
However, shifting to such an approach on-premise isn’t a no-brainer. The organization must be prepared for working with paradigms such as DevOps, continuous delivery, and agile development, and for an environment that is based on microservices, containers, and APIs. Your tools for managing, monitoring, and securing servers do not work on containers. But that also means most hackers tools won’t work on contianers eithers. That changes the way IAM is done, but it changes it positively. Anyway, before moving to a containerized IAM, ensure that your business is ready for dealing with these modern new technologies that are changing the role of IT forever. Avatier helps by providing a pre-configured solution on premises, that overcomes most of the challenges of managing this new type of IAM deployment, but also can run as a full IDaaS in a completely managed manner in the cloud.