PingAuthorize

Using the Deployment Manager

The Deployment Manager simplifies policy updates by enabling policy writers to deploy new policies to a central deployment package store to be read by the PingAuthorize server running in embedded mode.

About this task

This process is two-fold:

  • Policy writers use the Policy Editor to publish policies in a deployment package to a deployment package store.

  • Updated deployment packages are picked up by the PingAuthorize Policy Decision Service from the deployment package store.

    You configure the interval that the server checks for updates in the store during setup.

This allows a policy writer to deploy new policies without the manual process of exporting a deployment package that is then uploaded into the server through the administrative console.

The Deployment Manager can use deployment package stores that are based on:

  • A directory in the filesystem

  • An Amazon Simple Storage Service (Amazon S3) bucket

  • Azure Blob storage

Package stores hold deployment packages in a central location that the Policy Editor publishes to and the PingAuthorize server reads from, as illustrated in the following diagram:

Screen capture of the policy deployment package flow from the Policy Editor, which publishes to a Deployment Package Store, to PingAuthorize Server, which polls the store for new deployment packages at a user-configured interval

To use the Deployment Manager:

Steps

  1. Define a deployment package store.

    • For a filesystem store, you must have a directory on the filesystem that the Policy Editor has read-write access to.

    • Amazon S3 buckets must be configured with a secret key and an access key for use. See Setting up an Amazon S3 deployment package store for more information.

    • For Azure storage, you must set up an Azure storage account and a container. For later use, record the Connection string value found in your account’s Access key settings.

  2. Use an options file to configure the Policy Editor to publish policies to a store.

  3. Create and deploy deployment packages to the deployment package store.

  4. Add the deployment package store for read access to the PingAuthorize Server:

  5. Configure the Policy Decision Service to read from your deployment package store.