Symantec Access Management

 View Only
  • 1.  Questions on architecture using Docker

    Posted Oct 11, 2019 08:52 AM
    Hi,

    We are currently investigating and prototyping out how we will use docker in our current architecture. We are trying to accomplish several goals by doing so, such as making our CM process smoother, making the deployments easier, and making the upgrades faster.  We are looking for some recommendations and suggestions as to how we would go about setting this up based on what we are currently thinking.

    The plan right now is to have 2 database servers that will host mySQL to allow for replication/failover, neither of which will be containerized.  The reason being, we have seen that it is not recommended to have DBs within docker containers.  So the first question would be, since most of the data within the mySQL DB seems to be static, should we follow this approach, or do you recommend containerizing the DBs as well?

    We also plan to have 2 separate servers that will host the containerized "gateway" which will then connect to those external mySQL databases.  Does this setup seem reasonable?  How do you recommend administering a cluster of N number of docker images of gateways?

    Thank you in advance!

    Chris


  • 2.  RE: Questions on architecture using Docker
    Best Answer

    Broadcom Employee
    Posted Oct 18, 2019 11:34 AM
    Chris,

    Siteminder has published some information regarding dynamically scaled environments such as Docker containers.
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/release-notes/release-comparison.html

    To put DBs within docker containers or not, really is 3rd party vendor's recommendation. Some product can, but others are not ready for it.
    For policy store, I recommend CA directory as first choice for policy store, not because it is Broadcom product, but personally have seen so many DB problems in term of performance and data corruption for no reason. CA directory is free to use as policy store anyway.

    Siteminder has NOT officially published any guide line on containerizing "gateway" or "policy server", but I do see people experimenting with it in labs and seems working.
    Or maybe they had worked out some issues but we simply do not know about it.
    You may search or publish a new IDEA within this same community to get a more affirmative answer from product management on that.

    Thank you.

    Hongxu