Identity Management Architecture
Identity Management Software
Avatier Identity AnywhereTM Architecture
with Docker Containers
Don’t bet your future on last century architecture.
Outdated architecture. It’s the root of the problems that plague identity management platforms. By leveraging the latest Docker container technology
our solutions are cloud agnostic and unlike cloud-only solution providers, each customer receives their own independently secured identity platform.
The architecture for existing identity management
platforms are limited in key ways:
Hard to Adopt
Requires complex hardware, software and infrastructure installations
Labor Intensive
Time consuming to upgrade and maintain. Must copy existing directory attributes, users, groups, etc. to the cloud.
Bound by Platform
Stuck with vendor architecture on-prem or cloud dependency
Avatier is different
Avatier is built for the next century, not the last.
The Avatier Identity Anywhere architecture takes a unique and patented approach to identity management architecture. Built for the demands of highly distributed,
complex, and modern identity management platforms, the Avatier architecture turns adoption, maintenance and platform flexibility into the ultimate business advantage.
Future proof your Enterprise with Containerized Application Management
Portable Freedom
Future-proof your enterprise with Identity AnywhereTM. Hosted Identity Management in the cloud from Avatier or locally administered by your staff, on-premise or with any cloud provider.
Native Login
Eliminate dual-administration by authenticating using native directories without synchronization and redundant replication of users, passwords and groups in the cloud or on-premise.
Hyper Scalability
Instantly adds memory and larger cpu's to your Identity Management solution upon demand on-premise or in the cloud. Automatically spin-up new Identity Management servers instances as users and API sessions increase.
Maximum Security
Operate confidently and pass audits knowing that your Identity Management solution and data are privately encrypted and secured to your own instance without any co-mingling. Reduce your surface of cybersecurity vulnerability by running on a single function minified operating system.
Continuous Delivery
Save upgrade time and cost regardless of on-premise or in the cloud. Automatic delivery of the latest Identity Management features and security updates without downtime.
Easy Recovery
Rollback ensures you can always get back to a previous version.
Identity Management Docker Container
Hosted Architecture
Identity Management Docker Container
On-Premise Architecture
Identity Management Docker Swarm
Hosted Architecture
Identity Management Docker Swarm
On-Premise Architecture
Identity Management Docker Swarm
Bring Your Own Cloud Architecture
Reverse Proxy Server Architecture
DNS Notes
- Internal: Point requests for Password Station to the AIMS server — the default.htm will redirect users to the SSL version of the site.
- External: Point requests to the public IP of the Reverse Proxy Server. The Reverse Proxy will send that to the default.htm page. Once configured, the Reverse proxy handles the link translation from internal to external naming.
Config Notes
- Publish AIMS Website to public at the /AIMS directory level.
- Configure link translation, mod-proxy-html, etc., in the web-publishing rule.
- Configure the public cert on the Reverse Proxy server for the site.
Server Notes
- Add a default.htm page at the root of the AIMS site, which redirects to the /PS/ directory using SSL. This link should be the internal DNS name of the site. It will be replaced with the public name when called via the Reverse Proxy server.
- Make default.htm the default page for the site.
- Ensure the server is configured for 80 and 443 traffic and that the cert is installed.
Single Data Center High Availability (HA) Solution
| Legend Reference | Purpose | Traffic Direction |
|---|---|---|
| User requests for Password Management Service | Bi-directional:
| |
| Avatier Secondary Server in Data Center 2. | Inbound Only:
| |
| Avatier Server communication with Active Directory | Outbound Only:
| |
| Avatier Server communication SQL Cluster | Outbound Only:
| |
| Avatier Server SMTP communication | Outbound Only:
| |
| On-Premise Apps | Bi-directional depending on App. |
Dual Data Center High Availability (HA) Solution
| Legend Reference | Purpose | Traffic Direction |
|---|---|---|
| User requests for Avatier Identity Management Service | Bi-directional:
| |
| Avatier Primary and Secondary Servers in Data Center 1. | Inbound Only:
| |
| Avatier Secondary Server in Data Center 2. | Inbound Only:
| |
| Active Directory Replication | Bi-directional:
| |
| SQL Server Replication | Bi-directional:
| |
| Avatier Server communication with Active Directory | Outbound Only:
| |
| Avatier Server communication SQL Cluster | Outbound Only:
| |
| Avatier Server SMTP communication | Outbound Only:
| |
| On-Premise Apps | Bi-directional depending on App. |
Phone Reset Password Management
| Legend Reference | Purpose | Traffic Direction |
|---|---|---|
| User requests for Avatier Identity Management Service | Bi-directional:
| |
| Avatier Primary and Secondary Servers in Data Center 1. | Inbound Only:
| |
| Avatier Secondary Server in Data Center 2. | Inbound Only:
| |
| Active Directory Replication | Inbound Only:
| |
| SQL Server Replication | Bi-directional:
| |
| Avatier Server communication with Active Directory | Bi-directional:
| |
| Avatier Server communication SQL Cluster | Outbound Only:
| |
| Avatier Server SMTP communication | Outbound Only:
| |
| On-Premise Apps | Bi-directional depending on App. | |
| PBX | Inbound Only:
| |
| Non-Prod Environment | Inbound Only:
|