--- title: Getting started for architects and deployers description: Learn about AM. You can access online information, meet with your Ping Identity Sales representative, go to a seminar, or call Ping Identity about AM's capabilities. component: pingam version: 8.1 page_id: pingam:deployment-planning:deploy-highlevel-start canonical_url: https://docs.pingidentity.com/pingam/8.1/deployment-planning/deploy-highlevel-start.html keywords: ["deployment", "planning", "sla", "training", "security"] page_aliases: ["deployment-planning-guide:deploy-highlevel-start.adoc"] --- # Getting started for architects and deployers * **Learn about AM**. You can access online information, meet with your Ping Identity Sales representative, go to a seminar, or call Ping Identity about AM's capabilities. The following are some general initial tasks you might want to resolve: **Initial questions** | Initial tasks | Done ? | | | -------------------------------------------------------------------- | ------ | - | | Understand the access management problems that AM helps to solve | Y | N | | Learn how to protect a website with AM | Y | N | | Get to know the AM software deliverables | Y | N | | Get to know the tools for administering AM | Y | N | | Get to know the APIs for AM client applications | Y | N | | Find out how to get help and support from Ping Identity and partners | Y | N | | Find out how to get training from Ping Identity and partners | Y | N | | Find out how to keep up to date on new development and new releases | Y | N | | Find out how to report problems | Y | N | * **Set up a demo or pilot**. View an AM demo or set up a pilot to determine how you want to use AM to protect your site(s). Ping Identity Sales representatives can assist you with a demo or pilot. * **Attend a training class**. Ping Identity presents effective training classes to deploy AM in your environment. Learn more at [Ping Identity Training](https://www.pingidentity.com/en/support/customer-care.html#training). * **Become a certified professional**. Complete the product-specific Certified Professional exams to gain in-depth design and deployment expertise or find a partner to help you from the [Ping Identity Partner Directory](https://support.pingidentity.com/s/partner-directory-home-page). * **Determine your service level agreements**. Ping Identity provides different [Customer Care](https://www.pingidentity.com/en/support/customer-care.html) packages you can sign up for. * **Determine your services**. Ping Identity provides a complete Identity Management stack to meet your requirements. **Services** | Services task | Done ? | | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | - | | Understand the services AM software provides | Y | N | | Determine which services to deploy | Y | N | | Determine which services the deployment consumes (load balancing, application container, authentication services, configuration storage, profile storage, token/session storage, policy storage, log storage) | Y | N | | Determine which services the deployment provides (SSO, CDSSO, SAML Federation IdP/SP, XACML PDP, STS, OAuth 2.0/OpenID Connect 1.0, and so on) | Y | N | | Determine which resources AM protects (who consumes AM services) | Y | N | * **Determine your deployment objectives**. AM provides proven performance and security in many production deployments. You should determine your overall deployment objectives. **Deployment Objectives** | Deployment objectives | Done ? | | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | - | | Define deployment objectives in terms of service levels (expectations for authentication rates, active sessions maintained, session life cycles, policies managed, authorization decision rates, response times, throughput, and so on) | Y | N | | Define deployment objectives in terms of service availability (AM service availability, authentication availability, authorization decision availability, session availability, elasticity) | Y | N | | Understand how AM services scale for high availability | Y | N | | Understand the restrictions in an AM deployment that uses client-side sessions | Y | N | | Plan for availability (number of sites and servers, load balancing and AM software configuration) | Y | N | | Define the domains managed and domains involved in the deployment | Y | N | | Define deployment objectives for delegated administration | Y | N | | Agree with partners for federated deployments on circles of trust and terms | Y | N | * **Plan sizing**. At this stage, you should determine the sizing estimates for your deployment. Ping Identity Sales Engineers can assist you in this task. **Sizing** | Sizing | Done ? | | | -------------------------------------------------------------------------------------------------------- | ------ | - | | Derive sizing estimates from service levels and availability | Y | N | | Understand how to test sizing estimates (load generation tools?) | Y | N | | Size servers for AM deployment: CPU | Y | N | | Size servers for AM deployment: Memory | Y | N | | Size servers for AM deployment: Network | Y | N | | Size servers for AM deployment: I/O | Y | N | | Size servers for AM deployment: Storage | Y | N | | Quantify the impact on external services consumed (LDAP, other auth services, load balancing, and so on) | Y | N | | Plan testing and acceptance criteria for sizing | Y | N | * **Plan the topology**. Plan your logical and physical deployment. **Topology Planning** | Topology | Done ? | | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | - | | Specify the logical and physical deployment topology (show examples of each) | Y | N | | Determine how many datastores you need (configuration, CTS, application, policy, UMA…​) | Y | N | | Plan installation of AM services (including external dependencies) | Y | N | | Plan installation of AM web and Java agents, Fedlets, and PingGateway (might be done by partner service providers) | Y | N | | Plan integration with client applications | Y | N | | Plan customization of AM (UI, user profile attributes, authentication nodes, identity stores, OAuth 2.0 scope handling, OAuth 2.0 response types, post-authentication actions, policy evaluation, session quota exhaustion actions, policy evaluation, identity data storage, AM service, custom logger, custom policy enforcement points or agents). | Y | N | * **Plan security**. At this stage, you must plan how to secure your deployment. **Security** | Security | Done ? | | | ---------------------------------------------------------------------------------------------------------------------------- | ------ | - | | Understand security guidelines, including legal requirements | Y | N | | Change default settings and administrative user credentials | Y | N | | Protect service ports (Firewall, Dist Auth UI, reverse proxy) | Y | N | | Turn off unused service endpoints | Y | N | | Separate administrative access from client access | Y | N | | Secure communications (HTTPS, LDAPS, secure cookies, cookie hijacking protection, key management for signing and encryption) | Y | N | | Determine if components handle SSL acceleration or termination | Y | N | | Securing processes and files (e.g. with SELinux, dedicated non-privileged user and port forwarding, and so forth) | Y | N | * **Post-deployment tasks**. At this stage, you should plan your post-deployment tasks to sustain and monitor your system. **Post-deployment Tasks** | Post deployment tasks | Done ? | | | ---------------------------------------------------------------------------------------------------- | ------ | - | | Plan administration following AM deployment (services, agents/PingGateway, delegated administration) | Y | N | | Plan monitoring following deployment | Y | N | | Plan how to expand the deployment | Y | N | | Plan how to upgrade the deployment | Y | N |