Identity Manager components can be deployed on MicroSoft Azure and Amazon Web Services EC2. While deploying the Identity Manager components on these cloud platforms, administrator must consider the following security recommendations:
Identity Manager components should be configured on a private network with no public access
Web applications such as Identity Applications, Identity Reporting, or iManager should be accessed through an application gateway
Identity Manager components should be configured to use a secured communication channel
The following ports should be made available on the Identity Manager servers to use within the subnet for MS Azure:
|
Component |
Port |
Description |
|---|---|---|
|
LDAP for Identity Vault |
TCP 636 |
Required for the secured LDAP communication. |
|
Identity Applications |
TCP 8543 |
Required for the HTTPS communication to access Identity Applications. |
|
Identity Reporting |
TCP 8643 |
Required for the HTTPS communication to access Identity Reporting. |
|
iManager |
8443 |
Required for the HTTPS communication to access iManager. |
The following ports should be made available on the Identity Manager servers to use within the subnet for AWS EC2:
|
Component |
Port |
Description |
|---|---|---|
|
LDAP for Identity Vault |
TCP 636 |
Required for the secured LDAP communication. |
|
Identity Applications |
TCP 8543 |
Required for the HTTPS communication to access Identity Applications. |
|
Identity Reporting |
TCP 8643 |
Required for the HTTPS communication to access Identity Reporting. |
|
iManager |
8443 |
Required for the HTTPS communication to access iManager. |
|
PostgreSQL Database |
TCP 5432 |
Required for the secured database communication to access PostgreSQL. |