5 tips to get started with DevOps in IAM projects
When you think of DevOps, you often think of developing applications and services, but DevOps’ strategies can bring much more. Applying DevOps strategies in Identity & Access Management (IAM) implementations is not such a bad idea at all. You can take a lot of advantage of DevOps are adjusting configuration items, automating object creation and performing tests.
Some of the advantages of DevOps that apply to software development can also be used in IAM projects: • Automation makes the environment more stable; configurations are stored in code repositories, which has several advantages: o the change or setting is documented o the chance of typos or incorrect input is minimized o versioning makes it easy to roll back a change
Various strategies are possible to reduce risks. Consider, for example, automating backups of necessary settings before a change is made or automatically performing regression tests after an adjustment.
As changes occur more often, and automation becomes routine, the cold-water fear of making changes disappears, especially if a change is demonstrably easy to reverse. To give you some tips on where you can start with DevOps in IAM projects, we have listed five tips.
Try not to aim for the sky, and demanding too much for one session. Automating tasks sometimes requires a slightly different mindset, and it also takes time to get used to the tools. Use these first steps to discover, for example, which naming conventions work best, how large the projects within a source repository must be to remain manageable, and how to report changes status.
Don’t think too quickly that a specific action cannot be automated, because it is too complicated. Often some challenges need to be overcome once. To overcome them could take extra time, but the investment is quickly regained by reusing the solution found.
It pays to build knowledge of a few tools, such as GitLab, Ansible and Python. In this example, GitLab takes care of versioning and deployment via pipelines to the different environments; Ansible orchestrates processes and clusters, and Python is used as a glue tool to execute API calls. The choice of platform or language does not matter, as long as they offer enough flexibility and possibilities, and above all are widely supported.
Do not compromise on security (for example, by distinguishing between dev/test and production environments). By building in security right from the start, both for ‘data at rest’ and ‘data in transit’ (also think of application passwords or secrets in installation files), the chance of security issues is much smaller at a later stage. There are also many solutions to this. Security must be included in the solution from the start.
For DevOps teams to use solutions, they must be “consumable”, which means that they are secure and easy, but also that they match their working method. For DevOps and Continuous Integration / Continuous Delivery (CI / CD), solutions that are invoked by calling a piece of standardized code are an excellent example of this.
Automatic testing gives confidence in the proper functioning of the environment and also serves as an early warning system for changes. By including as much functionality as possible in tests, and running these tests daily, it quickly becomes apparent that a change has unwanted effects, and it is easy to reverse this change.
Do you want to discuss the possibilities and get to know us?