Orchestration overview

Purpose

The purpose of using orchestration is to manage the PhenixID server configuration without using the Configuration Manager GUI and manual copy-paste of template files to apply changes. Instead, script execution is used to manage the configuration. This is also called infrastructure-as-code.

Orchestration can be applied to the products:

- PhenixID Authentication Services

- PhenixID Password Self Services

- PhenixID Signing Services

- PhenixID Multi-factor authentication

 

Using orchestration, the PhenixID administrator can easily:

- Spin up new instances with the exact same configuration.

- Apply new functionality, through configuration, to multiple servers and environments in a quick manner

- Distribute files, such as template, language settings, images and stylesheets to multiple servers.

 

 

Overview

Orchestration tool

Use any orchestration tool of your choice, such as Ansible or Powershell.

The orchestration tool is not part of the PhenixID products!

Methodology

The methodology to use for orchestration:

1. Use a development environment to install and configure the PhenixID server according to the use cases you would like to fulfill.

2. Extract the configuration store (phenix-store.json).

3. Fetch parameters that will change in different environments. In the example below, the LDAP user database connection contains X parameters that will differ depending on environment (dev, test, prod etc).

 

{
		"id": "MyAD",
		"type": "ldap",
		"name": "AD",
		"description": "User store connection",
		"config": {
			"host": "192.168.0.8", //Will differ based on env
			"port": "636",
			"bind_dn": "CN=service_account_test,CN=Users,DC=dev,DC=phenixid,DC=net", //Will differ based on env.
			"password": "{enc}G9x", //Will differ based on env. Secrets can be handled using your orchestration tool.
			"use_ssl": "true",
			"ssl_trust_all": "true",
			"follow_referrals": "false",
			"auto_reconnect": "true",
			"use_keep_alive": "true",
			"response_timeout_ms": "30000",
			"pool_initial_size": "1",
			"pool_max_size": "2",
			"pool_max_age": "10"
		},
		"modified": "2017-12-08T14:04:21.274Z"
	},

4. The different configuration parts are stored as templates with parameterized variables. The orchestration tool used must be programmed to fetch template config, replace variable params and the use the configuration api to create/update/read/delete the PhenixID configuration. More details can be found here.