Automating the route to live with ProofID ConfigMigrator -

In the second of our series of blogs focusing on how to optimize the management of Ping Identity products in run, we will focus on the automation of staging configuration between environments on the ‘Route to Live’.

In our previous blog, we explained how most organizations maintain multiple replicated Ping environments, usually incorporating one or more development environments, a pre-production environment and finally production itself. One of the biggest challenges in managing Ping in run is migrating configuration changes between environments as the environment evolves.

Consider the following example

An organization has a complex PingFederate deployment managing authentication against multiple back end directories, with a complex series of authentication selection rules. With this backdrop, the organization wants to incorporate a new application for SSO. Whilst this is a seemingly simple change, in reality the configuration is quite involved; the SSO configuration, typically involving setting up a SAML connection, is only the start; we also need to map in the authentication backend and set up authentication rules. All told, this will involve working through multiple configuration screens and setting many tens of configuration options and parameters.

Typically, organizations will carry out this configuration in the development environment first, and following testing, will be faced with the challenge of transitioning the configuration through the subsequent environments on the ‘route to live’. Unfortunately, this is not as simple as simply exporting the configuration from the development system and importing it into the next environment; this is because each environment has local configuration including URLs, entity ID and certificates, to name but a few, which must be incorporated into the configuration. This means that the configuration is similar, yet different in each environment.

A manual approach to staging the configuration is likely to include producing detailed, step by step procedural documentation as to how to implement the change. ProofID has worked in this manner with many customers in the past, and such documents can stretch to upwards of fifty pages. And with any manual approach such as this, human error can be introduced – either in production of the documentation or in execution of the documented procedure. Humans lead to typos, and typos lead to errors!

ProofID ConfigMigrator

The way to avoid these issues is to automate the staging of configuration between the environments. ProofID ConfigMigrator does just this. Working with the admin APIs for PingFederate and PingAccess, ConfigMigrator is able to treat configuration like code; essentially the configuration can be extracted from the development environment, stored in a version control system such as Git, and then ‘pushed’ into the next environment with required substitutions being made on the fly to address the local configuration variations outlined above. In this way, the configuration can be staged at the click of a button, with complete elimination of human error and related delays and outages. Regardless of the length of the ‘route to live’, ConfigMigrator can be used to stage the configuration from one environment to the next, until the required change has been staged into production with the minimum of fuss.

Other benefits of ConfigMigrator include the ability to build a cloned environment in minutes – this is very useful if an additional environment needs to be added to the route to live, or if a sandbox environment is required for initial development activities.

Furthermore, as a java based command line utility, ConfigMigrator is highly portable and can be integrated with common devops toolsets such as Puppet, Ansible and Chef, falling within the organization’s existing approach to automation of infrastructure configuration.

For a ConfigMigrator free demo and trial contact us.

In our next blog, we will take a look at ProofID Dashboard and describe how you can gain proactive insight into your Ping environment in production.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_47704508_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
_zcsr_tmp	session	No description available.
663a60c55d	session	No description available.
ac09458e72	session	No description
AnalyticsSyncHistory	1 month	No description
CookieLawInfoConsent	1 year	No description
fd6b13af5c	session	No description available.
li_gc	2 years	No description
proofidltd-_zldp	2 years	No description
proofidltd-_zldt	1 day	No description
visitorId	1 year	No description
zc_consent	1 year	No description available.
zc_cu	1 year	No description available.
zc_cu_exp	1 year	No description available.
zc_loc	session	No description available.
zc_show	1 year	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.