Why AvatierProductsSolutionsCustomersPartners
PricingRequest DemoResourcesSupport(925) 217-5170

Identity Management Architecture

Identity Management Software


Avatier identity management software supports universal assignment management for all assets, application access, subscriptions, and physical access for every business user and administrator across your enterprise.

Avatier's identity and access management software architecture is built on the principle of IT automation, configuration rather than development, universal integration and self-service delegated administration to the fullest. Our identity governance and administration (IGA) software adapts to the needs of the business user to deliver a unified framework for business processes across an enterprise.

Avatier's identity access management software architecture illustrates the universal assignment management of:

  • Physical assets of any type including BYOD and mobile equipment
  • Enterprise application access certification and IT governance
  • SaaS, cloud subscriptions and enterprise licenses
  • Physical access to facilities, computers, and networks

Avatier's identity and access management solutions take a radically different approach, because our software puts control of single sign-on (SSO), password management, user provisioning, group management, and compliance management accountability in the hands of business users through workflow automation and self-service request management approval systems.

Reverse Proxy Server Architecture


Reverse Proxy Server DNS Notes Config Notes Server Notes

DNS Notes

  • Internal: Point requests for Password Station to the AIMS server — the default.htm will redirect users to the SSL version of the site.
  • External: Point requests to the public IP of the Reverse Proxy Server. The Reverse Proxy will send that to the default.htm page. Once configured, the Reverse proxy handles the link translation from internal to external naming.

Config Notes

  • Publish AIMS Website to public at the /AIMS directory level.
  • Configure link translation, mod-proxy-html, etc., in the web-publishing rule.
  • Configure the public cert on the Reverse Proxy server for the site.

Server Notes

  • Add a default.htm page at the root of the AIMS site, which redirects to the /PS/ directory using SSL. This link should be the internal DNS name of the site. It will be replaced with the public name when called via the Reverse Proxy server.
  • Make default.htm the default page for the site.
  • Ensure the server is configured for 80 and 443 traffic and that the cert is installed.

Single Data Center High Availability (HA) Solution


Single Data Center High Availability (HA) Solution
Legend Reference Purpose Traffic Direction
User requests for Password Management Service Bi-directional:
  • Inbound traffic routed to Reverse Proxies in Data Center 1 or Data Center 2 based on Global Traffic Management Service or system (F5, Akamai, etc.)
  • Outbound traffic will only be necessary if using Cloud-based applications like Office 365, Salesforce, etc.
Avatier Secondary Server in Data Center 2. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 2.
Avatier Server communication with Active Directory Outbound Only:
  • Outbound to Active Directory domain controllers.
Avatier Server communication SQL Cluster Outbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
Avatier Server SMTP communication Outbound Only:
  • Outbound SMTP communication.
On-Premise Apps Bi-directional depending on App.

Dual Data Center High Availability (HA) Solution


Dual Data Center High Availability (HA) Solution
Legend Reference Purpose Traffic Direction
User requests for Avatier Identity Management Service Bi-directional:
  • Inbound traffic routed to Reverse Proxies in Data Center 1 or Data Center 2 based on Global Traffic Management Service or system (F5, Akamai, etc.)
  • Outbound traffic will only be necessary if using Cloud-based applications like Office 365, Salesforce, etc.
Avatier Primary and Secondary Servers in Data Center 1. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 1.
Avatier Secondary Server in Data Center 2. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 2.
Active Directory Replication Bi-directional:
  • Outbound to all Active Directory domain controllers in the forest.
  • Inbound from all Active Directory domain controllers in the forest.
SQL Server Replication Bi-directional:
  • Outbound replication traffic between SQL Clusters in Data Center 1 and 2.
  • Inbound replication traffic between SQL Clusters in Data Center 1 and 2.
Avatier Server communication with Active Directory Outbound Only:
  • Outbound to Active Directory domain controllers.
Avatier Server communication SQL Cluster Outbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
Avatier Server SMTP communication Outbound Only:
  • Outbound SMTP communication.
On-Premise Apps Bi-directional depending on App.

Phone Reset Password Management


Single Data Center High Availability (HA) Solution
Legend Reference Purpose Traffic Direction
User requests for Avatier Identity Management Service Bi-directional:
  • Inbound traffic routed to Reverse Proxies in Data Center 1 or Data Center 2 based on Global Traffic Management Service or system (F5, Akamai, etc.)
  • Outbound traffic will only be necessary if using Cloud-based applications like Office 365, Salesforce, etc.
Avatier Primary and Secondary Servers in Data Center 1. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 1.
Avatier Secondary Server in Data Center 2. Inbound Only:
  • Inbound traffic routed from reverse proxy in Data Center 2.
Active Directory Replication Inbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
  • Inbound from all Active Directory domain controllers in the forest.
SQL Server Replication Bi-directional:
  • Outbound replication traffic between SQL Clusters in Data Center 1 and 2.
  • Inbound replication traffic between SQL Clusters in Data Center 1 and 2.
Avatier Server communication with Active Directory Bi-directional:
  • Outbound to Active Directory domain controllers.
Avatier Server communication SQL Cluster Outbound Only:
  • Outbound to all Active Directory domain controllers in the forest.
Avatier Server SMTP communication Outbound Only:
  • Outbound SMTP communication
On-Premise Apps Bi-directional depending on App.
PBX Inbound Only:
  • Inbound traffic routed to the IVR server
Non-Prod Environment Inbound Only:
  • Inbound traffic routed through the Non-Prod environment.