IV Deploying Identity Manager Containers on Microsoft Azure

This release allows you to deploy Identity Manager containers on Azure cloud service provider. The deployment of Identity Manager containers is automated with the help of Terraform and Helm charts.

The following figure provides an architectural view of deploying containers on Azure.

  • ACRcreate.sh file creates a new Azure container registry and allows users to upload/store the docker images on the Azure portal.

  • The Identity Manager Configuration Generator image is used to accomplish the tasks listed below:

    • Generate Configuration files (Terraform files and Helm charts).

    • Create an Azure Resource Group.

    • Create a Key Vault under Azure Resource Group.

    • Push all the sensitive information to the Key Vault.

  • Using Terraform scripts, users can set up infrastructure such as:

    • Identity manager engine docker VM.

    • Network creation.

    • Azure PostgreSQL (optional).

    • Azure Kubernetes Service (AKS).

  • Using Helm charts, users can deploy the Identity Manager Containers inside the Azure Kubernetes cluster.

  • NGINX Ingress Controller acts as a reverse proxy to access the identity manager web applications (Includes Identity applications, Identity Reporting, and Identity Console etc.) that are running inside the AKS cluster.

    • A single domain (For example, identitymanager.eastus.cloudapp.azure.com) needs to be purchased.

    • The same domain is assigned to the Nginx ingress controller.

  • Internal load balancer is used for internal communications between engine docker host and Kubernetes cluster.

  • Persistent storage is dynamically created and mounted in the overall infrastructure.

  • Identity Applications and Reporting can be configured to use the Azure PostgreSQL database provided by Azure.

  • Designer and Sentinel Log Management (SLM) for Identity Governance Administration should be manually deployed by the user after Terraform execution.