IAM DevOps in Capgemini
Blog: Capgemini CTO Blog
Modern Digital business has ever-increasing demands on ‘next-generation’ IAM services that can be scalable, flexible and easily and quickly changeable. This is particularly important for IAM services, as they lie at the very core of the Digital Infrastructure, supporting and enabling all other services across the Extended Enterprise. The industry is increasingly looking towards a DevOps approach to IAM to help achieve this higher level of service through ‘continuous delivery’.
This is an area in which we have invested significantly within Capgemini, and I was recently asked to present to a global Capgemini IAM conference on this topic. The focus was on how we as a Capgemini capability help our customers save time and money within the project lifecycle through:
- A higher degree of automation with software delivery
- Embracing Open Standards/Open Source – not tied into one technology; using community-maintained software
- Microservices – precise scalability of resources – Pay for what you use.
This can be expressed simply through the following approach: DevOps.
Now for those who don’t know, DevOps is a software engineering culture and practice that (as the name suggests) aims at unifying software development (Dev) and software operation (Ops). The main characteristic of DevOps is of automation and testing at all steps of software development, from integration, testing, releasing to deployment and infrastructure management.
Typically orchestration software is utilised to create an automated pipeline of work, allowing software to be built when checked into an appropriate version control environment, verified through a series of unit tests, then deployed into an environment. As such, the pipeline enables the practices of Continuous Integration, Continuous Delivery and Continuous Deployment. Within Capgemini, we use this approach to provide shorter development cycles with a higher deployment frequency, and more dependable releases, in close alignment with business objectives.
We have also found Agile project management to be a common and complementary methodology for DevOps. Typically, it is defined on our projects by the production and delivery of work in short bursts (or sprints) of anything up to a few weeks. These are repeated to refine the working deliverable until it meets the client’s requirements. Where our clients require a DevOps approach (and are organised internally to facilitate this), we are able to work in a way that allows continuous development, testing and integration.
Our projects have often been enhanced by the use of containerisation, a technology that can further assist a DevOps approach by allowing the hosting of applications inside portable environments. The benefits of this are the ability to deploy in consistent environments, continuous delivery by simpler updates to microservices and the support for multiple programming frameworks within containers.
Using microservices in containers has also allowed us greater flexibility when deploying IAM solutions. Typically IAM solutions have featured larger, more monolithic services that are harder to scale and upgrade. Microservices allow the structuring of an application as a collection of loosely coupled services. This architecture then enables the continuous deployment of complex applications, as it is less complicated to update smaller services incrementally than larger ones. It also allows the scaling of particular components (e.g. databases, LDAP servers, etc.) to meet demand as required. If using a platform such as AWS or Azure it then becomes easier to ensure the solution uses only the resources it requires, and that carries a financial benefit.
At one of our current clients, we learnt from the challenges of working without containers using ForgeRock technology; and progressed to using ForgeRock AM and DS deployed as Docker images within Kubernetes. Utilising a container-based solution, we were able to deploy our ForgeRock IAM technology components consistently across our environments, assisting the speed of development across the project.
Our vision for the future continues to encompass the development of both our people and our processes. We have developed a strong, technology-focussed team with capabilities in major IAM technologies such as Ping, ForgeRock and RSA. However, we have the capability to adapt to other Open Source products, such as KeyCloak/Red Hat SSO, and deliver them as part of an Open Source based, Agile approach to technology. Our IAM consultants are therefore encouraged to increase their knowledge of Open Source products and experiment with their deployment. This breadth of knowledge and adoption of DevOps approach, alongside the IAM technical knowledge, ensures for a more effective skill set.
We also have our FastTrack approach, which enables us to help customers complete an IAM transformation quickly. It provides an overview of their current IAM situation as soon as possible and uses the actual data from this to establish immediate IAM improvements, a vision, roadmap and benefits case. We use this to dovetail with iterative, DevOps focused development and delivery cycles to provide maximum value to our customers.
In conclusion, the Agile methodology has been gaining traction in its adoption throughout the business world. This means that the approach to systems integration has had to change accordingly. We have found that embracing the integration of Agile methodology, DevOps and the associated technology has enabled us to provide flexible IAM solutions to our customers quickly and effectively.