2.1 Selecting an Appropriate Deployment

Self Service Password Reset provides multiple options for deploying the product. You must choose the options that work best for your environment. You must make the decisions about where you want to deploy Self Service Password Reset and what other systems you want to use with it. Self Service Password Reset requires the following items:

  1. A location to install

  2. A back-end user store (LDAP directory)

  3. A location to store the challenge-response information (LDAP directory or database)

Self Service Password Reset provides many different options for these main components. You must decide which components you want to use before installing Self Service Password Reset. Each choice you make changes the available options on the next choice. The following graphic depicts the optional available that Self Service Password Reset supports.

Figure 2-1 Self Service Password Reset Deployment Decision Options

The following provides more details about each choice you make.

What version?

There are two different versions of Self Service Password Reset: a full version and a trial version. The trial is only for testing purposes.For more information, see Obtaining Self Service Password Reset.

What platform?

Select where and what platform you want to use to install Self Service Password Reset. The supported locations and platforms are:

  • On-Premise: You can install and deploy Self Service Password Reset on-premise in your own IT environment. The support platforms for on-premise are:

    • Virtual: You can deploy the Self Service Password Reset appliance in Hyper-V or in VMware.

    • Linux: You can deploy the Self Service Password Reset WAR file on SUSE Linux Enterprise Server or Red Hat Enterprise Linux.

    • Microsoft Windows Server: You can install Self Service Password Reset with the .msi file on a Microsoft Windows Server.

  • In the Cloud: You can deploy Self Service Password Reset in the following Cloud environments:

    • Amazon Web Service: You can deploy the Self Service Password Reset WAR file on SUSE Linux Enterprise Server.

    • Microsoft Azure Marketplace Platform: You can deploy the Self Service Password Reset .msi file on a Windows Server 2016 running in Azure.

Where are your users?

Self Service Password Reset can manage users’ credentials as long the information is in an LDAP directory. Select the LDAP directory that contains the users account that Self Service Password Reset manages. The supported LDAP directories are:

  • Active Directory

  • Azure Active Directory and you must store the users’ information in a supported database

  • eDirectory

    NOTE:eDirectory is currently not supported on the Amazon Web Server or in Microsoft Azure Marketplace.

  • Oracle Directory Server and use an Oracle database to store the users’ challenge-response information

You must have the LDAP directory installed and running before deploying Self Service Password Reset. Any of the users that you want to use the features available in Self Service Password Reset must reside in the LDAP directory you choose. For more information, see Installing Self Service Password Reset.

Where do you want to store the users’ challenge-response information?

Self Service Password Reset must have access to either a database or an LDAP directory to stores the users’ challenge-response information. If you select an LDAP directory, it must be the same LDAP directory that contains the users. Select the location where you want to save the users’ information:

  • Local Database: Self Service Password Reset contains a local database you can use to store the users’ challenge-responses information.

    WARNING:Do not use the local database in a production environment as there are no methods to make the local database storage redundant, nor are there optimal backup methods available for the local database.

  • External Database: Best practice is to use an external database to store the users challenge-response information. The external database provides the ability to cluster to the database and easily backup the database. The supported databases are:

    • Microsoft SQL Server

    • PostgreSQL

    • Oracle database

    For more information, see Installing Self Service Password Reset.

    NOTE:If your users reside in Azure Active Directory, you must use a Microsoft SQL Server database or a PostgreSQL database.

  • LDAP: You can securely store the users challenge-responses in the following LDAP directories:

    • Active Directory: If you choose to use Active Directory, it must be the same Active Directory domain where your users’ accounts reside.

    • eDirectory: If you choose to eDirectory, it must be the same eDirectory tree that contains your users’ accounts.

      NOTE:eDirectory is currently not supported on the Amazon Web Server or in Microsoft Azure Marketplace.platforms.

    • eDirectory with NMAS You can securely store the users challenge-responses in eDirectory using NMAS. Self Service Password Reset can read password and challenge policies from eDirectory. After saving a user’s challenge-response answers, Self Service Password Reset can optionally write the challenge-response answers to the NMAS challenge-response format in addition to the configured methods. This enables interoperability of Self Service Password Reset with other products.

    For more information, see Installing Self Service Password Reset.