PingAuthorize

Deploy policies in a production environment

After developing and testing policies in external policy decision point (PDP) mode, you should configure PingAuthorize Server in embedded PDP mode for other pre-production or production environments.

Embedded PDP mode is much more performant than external PDP mode when making authorization decisions. This improvement in performance happens because in embedded PDP mode, the PingAuthorize Server doesn’t make an additional call to the Policy Editor to retrieve the authorization decision.

In embedded PDP mode, the PingAuthorize Server’s decision engine uses a file called a deployment package to handle all decision requests. A deployment package includes the set of policies and Trust Framework elements evaluated by the decision engine when making decisions. You can load the deployment package into the server in two ways:

  • Export a deployment package from the Policy Editor and load it into the decision engine. Learn more in Exporting a policy deployment package.

  • Export the deployment package to a central deployment package store, which is in turn polled by the decision engine at a configurable interval. Learn more in Using the Deployment Manager.

    If you expect policies to change in production, use the Deployment Manager instead of exporting deployment packages manually.