Hi
I was going to share that indeed some in this community are very successful, including ourselves, in the deployment/automation of ISAM Virtual Appliances with the open source ibmsecurity project along with Ansible/Git. Then I realized that question is geared towards ISAM for Docker which we have no experience as for now.
But let me say that irrespective of the underlying platform of your choice (Docker or Virtual Appliance), we are managing our ISAM VA infrastructure from the ground-up with Ansible. We have an internal Manifesto policy of not allowing any change using the LMI and we try at all cost to stick with that. Also, everything is in Git: Our deployment topology architecture, WRP topologies, baseline configuration (Virtual Appliance, PS, WRP, Liberty), and various platform contents (SAML, OAuth, Junctions, ACL), just name it.
We did have to build a bit of "framework" on top to fit our needs, but we are using the published IBM Security Python code and Ansible roles pretty much un-modified, in addition to some custom roles that we maintain on our end for needs specific to us.
And with now Docker boing a focus on the ibmsecurity open source community, it can only get better.
------------------------------
Sylvain Gilbert
------------------------------
Original Message:
Sent: Fri January 03, 2020 05:05 AM
From: Jon Harry
Subject: Infrastructure as Code
Hi Mikael,
Access Manager has a REST interface for configuration and we have an (OpenSource) Ansible framework to drive this for declarative configuration model. A number of advocates of this are members of this community and I'm sure they will pitch in with their view on the effectiveness of this deployment approach (spoiler: it is very positive ;).
Access Manager supports deployment in containers. I have created blogs and cookbooks for deployment on Native Docker, Kubernetes (with and without Helm), and on Red Hat OpenShift. Have a look in the Blogs section of this site.
One final item related to this. IBM has recently released a Tech Preview of an "IBM Application Gateway" which is a lightweight application proxy based on the Access Manager Reverse Proxy. This only runs as a container. Configuration is via YAML. It is designed to work with our IBM Cloud Identity product. I have started on some assets for this which you can find here: https://github.com/jonpharry/iag. A cookbook is coming...
Cheers... Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
Original Message:
Sent: Fri January 03, 2020 04:46 AM
From: Mikael Lindblad
Subject: Infrastructure as Code
Hi,
The trend seems to be IaC, Automation, Ansible and Cloud right now.
It would be interesting if anyone in the community has done something in this area around ISAM.
The f5 product has the possibility to use a declarative model for managing the software. Is that coming to ISAM?
https://www.f5.com/company/blog/in-container-land-declarative-configuration-is-king
------------------------------
Regards Mikael
------------------------------