IBM Security Verify

 View Only

IBM Security Verify Directory Operator

By Scott Exton posted Tue February 14, 2023 01:33 AM

  

Introduction

At the end of 2022 the IBM Security Verify Directory v10.0 product was released.  This release saw the name of the product changed from IBM Security Directory Server to IBM Security Verify Directory, but more importantly introduced support for containers.  The directory server and directory proxy elements can now be run in a containerized (e.g. Kubernetes) environment.  Information on running the product in a containerized environment is available in the official containers guide.

One the benefits of using a containerized environment is that it makes it much easier to scale the environment up and down, as the demand increases or decreases.  Unfortunately, the directory server container is not stateless, which means that a manual process must be followed to add or remove replicas from the environment.  This process is highlighted in the following diagram.

The steps to be followed to add a new replica into the environment.
A new Kubernetes operator has now been released which helps to manage the entire lifecycle of a Verify Directory deployment, including the ability to easily scale up and down the number of replicas.

Kubernetes Operator

The IBM Security Verify Directory operator provides lifecycle management of a scalable directory server environment in a Kubernetes environment.

The operator will manage the deployment of the replicated directory server containers, the initialisation of the replicated data, and will also manage the directory proxy which acts as a front-end to the environment. The environment is depicted in the following figure.

The components of a Verify Directory operator-controlled environment.
The 'operator controller' is responsible for receiving events from the Kubernetes infrastructure, and then processing these events, creating and configuring the directory server environment.  The directory server environment itself consists of:
  1. a proxy, which is the entry point into the environment and is used to ensure data consistency across the environment;
  2. one or more replicated directory servers.  

Once the operator has been deployed into your environment you can easily create a Verify Directory deployment by creating a new document of the 'IBMSecurityVerifyDirectory' kind.  The following figure illustrates how to create a single directory server deployment without the operator, and also illustrates how to create a new Verify Directory deployment using the operator.  As you can see the deployment descriptor becomes much simpler when using the operator to manage your environment.

The differences in deploying a Verify Directory server when using the operator.

Further Information

The documentation for the new operator is available in the project repository on GitHub: https://github.com/IBM-Security/verify-directory-operator#readme

In addition to this a video which provides an overview of the operator, along with a demonstration of the operator, is available in the community: https://community.ibm.com/community/user/security/viewdocument/ibm-security-verify-operator-1?CommunityKey=e7c36119-46d7-42f2-97a9-b44f0cc89c6d&tab=librarydocuments


#Highlights-home
#Highlights
0 comments
640 views

Permalink