The Deployment Manager simplifies policy updates by enabling policy writers to deploy new policies to a central deployment package store to be read by the PingAuthorize server running in embedded mode.
This process is two-fold:
- Policy writers use the Policy Editor to publish policies in a deployment package to a deployment package store.
- Updated deployment packages are picked up by the PingAuthorize Policy Decision Service from the
deployment package store.Note:
You configure the interval that the server checks for updates in the store during setup.
This allows a policy writer to deploy new policies without the manual process of exporting a deployment package that is then uploaded into the server through the administrative console.
The Deployment Manager can use deployment package stores that are based on:
- A directory in the filesystem
- An Amazon Simple Storage Service (Amazon S3) bucket
- Azure Blob storage
Package stores hold deployment packages in a central location that the Policy Editor publishes to and the PingAuthorize server reads from, as illustrated in the following diagram:
To use the Deployment Manager:
Define a deployment package store.
- For a filesystem store, you must have a directory on the filesystem that the Policy Editor has read-write access to.
- Amazon S3 buckets must be configured with a secret key and an access key for use. See Setting up an Amazon S3 deployment package store for more information.
- For Azure storage, you must set up an Azure storage account and a container. For later use, record the Connection string value found in your account's Access key settings.
- Use an options file to configure the Policy Editor to publish policies to a store.
- Create and deploy deployment packages to the deployment package store.
- Add the deployment package store for read access to the PingAuthorize Server:
- Configure the Policy Decision Service to read from your deployment package store.