There are several key factors that an organization should consider when planning for an Access Manager deployment. These considerations generally deal with risk assessment and a growth strategy. For example:
How many users is your deployment expected to support, and what is your projected growth rate?
It is critical that user growth and system usage are monitored and that this data is compared with the projected data to ensure that the current capacity is capable of handling the projected growth.
Do you have plans to add additional services that might impact the current design?
The architecture being developed now is optimized for the current service. Your future plans should also be examined.
In addition, the architecture should provide a foundation for the objectives detailed in the following sections.
Consider the following options when you are planning for a secure internal and external networking environment:
Server-based firewalls provide an additional layer of security by locking down port-level access to the servers. As with standard firewalls, server-based firewalls lock down incoming and outgoing TCP/IP traffic.
Minimization refers to removing all unnecessary software and services from the server in order to minimize the opportunity for exploitation of the vulnerabilities of a system.
A Split-DNS infrastructure has two zones that are created in one domain. One zone is used by an organization’s internal network clients, and the other is used by external network clients. This approach is recommended to ensure a higher level of security. The DNS servers can also use load balancers to improved performance.
Deployments strive for no single point of failure (SPOF) as well as continuos availability to its users. Different products achieve availability in different ways; for example, clustering or multi-master replication. The desired high availability refers to a system or component that is continuously operational for a specified length of time. It is generally accomplished with multiple host servers that appear to the user as a single highly available system. In a deployment that meets the minimal requirements (all applications on a single server), the SPOFs might include:
Access manager web container
Directory Server
Java Virtual Machine (JVM)
Directory Server hard disk
Access Manager hard disk
Policy agents
Planning for high availability centers around backup and failover processing as well as data storage and access. For storage, a redundant array of independent disks (RAID) is one approach. For any system to be highly available, the parts of the system should be well-designed and thoroughly tested before they are used. For example, a new application program that has not been thoroughly tested is likely to become a frequent point-of-breakdown in a production system.
Clustering is the use of multiple computers to form a single, highly available system. Clustering is often crucial for the Sun Java System Directory Server data store. For example, a clustered multi-master replication (MMR) server pair can increase the availability of each master instance by ensuring availability.
Horizontal scaling is achieved by connecting multiple host servers so they work as one unit. A load balanced service is considered horizontally scaled because it increases the speed and availability of the service. Vertical scaling, on the other hand, is increasing the capacity of existing hardware by adding resources within a single host server. The types of resources that can be scaled include CPUs, memory, and storage. Horizontal scaling and vertical scaling are not mutually exclusive; they can work together for a deployment solution. Typically, servers in an environment are not installed at full capacity, so vertical scaling is used to improve performance. When a server approaches full capacity, horizontal scaling can be used to distribute the load among other servers.