Why AvatierProductsSolutionsCustomersPartners
PricingRequest DemoResourcesSupport(925) 217-5170

Identity Management Architecture

Identity Management Software

Evolution

Avatier Identity AnywhereTM Architecture
with Docker Containers
Don’t bet your future on last century architecture.

Outdated architecture. It’s the root of the problems that plague identity management platforms. By leveraging the latest Docker container technology

our solutions are cloud agnostic and unlike cloud-only solution providers, each customer receives their own independently secured identity platform.

Limited

The architecture for existing identity management
platforms are limited in key ways:

Hard to Adopt

Hard to Adopt

Requires complex hardware, software and infrastructure installations

Labor Intensive

Labor Intensive

Time consuming to upgrade and maintain. Must copy existing directory attributes, users, groups, etc. to the cloud.

Bound by Platform

Bound by Platform

Stuck with vendor architecture on-prem or cloud dependency

Avatier is different
Avatier is built for the next century, not the last.

The Avatier Identity Anywhere architecture takes a unique and patented approach to identity management architecture. Built for the demands of highly distributed,

complex, and modern identity management platforms, the Avatier architecture turns adoption, maintenance and platform flexibility into the ultimate business advantage.

Avatier Identity Anywhere

Future proof your Enterprise with Containerized Application Management

Total Freedom

Portable Freedom

Future-proof your enterprise with Identity AnywhereTM. Hosted Identity Management in the cloud from Avatier or locally administered by your staff, on-premise or with any cloud provider.

Native Login

Native Login

Eliminate dual-administration by authenticating using native directories without synchronization and redundant replication of users, passwords and groups in the cloud or on-premise.

Scaleability

Hyper Scalability

Instantly adds memory and larger cpu's to your Identity Management solution upon demand on-premise or in the cloud. Automatically spin-up new Identity Management servers instances as users and API sessions increase.

Maximum Security

Maximum Security

Operate confidently and pass audits knowing that your Identity Management solution and data are privately encrypted and secured to your own instance without any co-mingling. Reduce your surface of cybersecurity vulnerability by running on a single function minified operating system.

Continuous Delivery

Continuous Delivery

Save upgrade time and cost regardless of on-premise or in the cloud. Automatic delivery of the latest Identity Management features and security updates without downtime.

Easy Recovery

Easy Recovery

Rollback ensures you can always get back to a previous version.

Identity Management Docker Container
Hosted Architecture


Identity Management Docker Container Hosted Architecture

Identity Management Docker Container
On-Premise Architecture


Identity Management Docker Container On-Premise Architecture

Identity Management Docker Swarm
Hosted Architecture


Identity Management Docker Swarm Hosted Architecture

Identity Management Docker Swarm
On-Premise Architecture


Identity Management Docker Swarm On-Premise Architecture

Identity Management Docker Swarm
Bring Your Own Cloud Architecture


Identity Management Docker Swarm Bring Your Own Cloud Architecture
Identity Anywhere

Reverse Proxy Server Architecture


Reverse Proxy Server DNS Notes Config Notes Server Notes

DNS Notes

  • Internal: Point requests for Password Station to the AIMS server — the default.htm will redirect users to the SSL version of the site.
  • External: Point requests to the public IP of the Reverse Proxy Server. The Reverse Proxy will send that to the default.htm page. Once configured, the Reverse proxy handles the link translation from internal to external naming.

Config Notes

  • Publish AIMS Website to public at the /AIMS directory level.
  • Configure link translation, mod-proxy-html, etc., in the web-publishing rule.
  • Configure the public cert on the Reverse Proxy server for the site.

Server Notes

  • Add a default.htm page at the root of the AIMS site, which redirects to the /PS/ directory using SSL. This link should be the internal DNS name of the site. It will be replaced with the public name when called via the Reverse Proxy server.
  • Make default.htm the default page for the site.
  • Ensure the server is configured for 80 and 443 traffic and that the cert is installed.

Single Data Center High Availability (HA) Solution


Single Data Center High Availability (HA) Solution
Legend Reference Purpose Traffic Direction
User requests for Password Management Service Bi-directional:
  • Inbound traffic routed to Reverse Proxies in Data Center 1 or Data Center 2 based on Global Traffic Management Service or system (F5, Akamai, etc.)
  • Outbound traffic will only be necessary if using Cloud-based applications like Office 365, Salesforce, etc.
Avatier Secondary Server in Data Center 2. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 2.
Avatier Server communication with Active Directory Outbound Only:
  • Outbound to Active Directory domain controllers.
Avatier Server communication SQL Cluster Outbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
Avatier Server SMTP communication Outbound Only:
  • Outbound SMTP communication.
On-Premise Apps Bi-directional depending on App.

Dual Data Center High Availability (HA) Solution


Dual Data Center High Availability (HA) Solution
Legend Reference Purpose Traffic Direction
User requests for Avatier Identity Management Service Bi-directional:
  • Inbound traffic routed to Reverse Proxies in Data Center 1 or Data Center 2 based on Global Traffic Management Service or system (F5, Akamai, etc.)
  • Outbound traffic will only be necessary if using Cloud-based applications like Office 365, Salesforce, etc.
Avatier Primary and Secondary Servers in Data Center 1. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 1.
Avatier Secondary Server in Data Center 2. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 2.
Active Directory Replication Bi-directional:
  • Outbound to all Active Directory domain controllers in the forest.
  • Inbound from all Active Directory domain controllers in the forest.
SQL Server Replication Bi-directional:
  • Outbound replication traffic between SQL Clusters in Data Center 1 and 2.
  • Inbound replication traffic between SQL Clusters in Data Center 1 and 2.
Avatier Server communication with Active Directory Outbound Only:
  • Outbound to Active Directory domain controllers.
Avatier Server communication SQL Cluster Outbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
Avatier Server SMTP communication Outbound Only:
  • Outbound SMTP communication.
On-Premise Apps Bi-directional depending on App.

Phone Reset Password Management


Single Data Center High Availability (HA) Solution
Legend Reference Purpose Traffic Direction
User requests for Avatier Identity Management Service Bi-directional:
  • Inbound traffic routed to Reverse Proxies in Data Center 1 or Data Center 2 based on Global Traffic Management Service or system (F5, Akamai, etc.)
  • Outbound traffic will only be necessary if using Cloud-based applications like Office 365, Salesforce, etc.
Avatier Primary and Secondary Servers in Data Center 1. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 1.
Avatier Secondary Server in Data Center 2. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 2.
Active Directory Replication Inbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
  • Inbound from all Active Directory domain controllers in the forest.
SQL Server Replication Bi-directional:
  • Outbound replication traffic between SQL Clusters in Data Center 1 and 2.
  • Inbound replication traffic between SQL Clusters in Data Center 1 and 2.
Avatier Server communication with Active Directory Bi-directional:
  • Outbound to Active Directory domain controllers.
Avatier Server communication SQL Cluster Outbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
Avatier Server SMTP communication Outbound Only:
  • Outbound SMTP communication
On-Premise Apps Bi-directional depending on App.
PBX Inbound Only:
  • Inbound traffic routed to the IVR server
Non-Prod Environment Inbound Only:
  • Inbound traffic routed through the Non-Prod environment.