ForgeRock Directory Services 6.5 is Available

The ForgeRock Identity Platform was released and publicly announced early December this year (also here).

As you may guess from the announcement, an important part of the new features has to do with DevOps, running in Docker, automated with Kubernetes.

The underlying datastore for the ForgeRock Identity Platform is ForgeRock Directory Services, and the new 6.5 release comes with a set of new features and improvements, that are detailed in the Release Notes, but here’s some highlights:

Ease of use has always been important for us, and DS 6.5 brings it to a new level for the customers that are deploying other ForgeRock products. Starting with this version, you can now select, at the time of installation, one or more profiles. A profile contains the complete configuration for a specific use, from base DN, backend, indexes, schema, specific configuration parameters, administrative users, ACI and privileges.. Out of the box, we are delivering 3 profiles for ForgeRock Access Management: Identity Store, Configuration Store and the Core Token Service Store; 1 profile for ForgeRock Identity Management: Managed Object Store; and 1 profile for Directory Services evaluation, that contains the data and configuration that is used through our documentation, and allows you to copy and paste the command examples of the guides and replay them against a running server.

To learn more about profiles, get DS 6.5, and run

setup –help-profiles

. To learn about a specific profile, you can run

setup –help-profile am-cts:6.5.0

With regards to DevOps, containers and automation in the cloud, we’ve continued the efforts that we had started with previous releases.

  • DS 6.5 now supports a method to run post upgrade tasks to the data, such as rebuilding indexes.
  • The server has 2 new HTTP endpoints to poke about its status. /isReady indicates that the server is up and running. /isHealty indicates if its current state is optimal, or if there are some temporary limitations, such as a database backend is offline for maintenance, or the replication is lagging too much (with too much being fully configurable).
  • The Grafana sample dashboard has been updated
  • Like all ForgeRock Identity Platform’s products, DS comes with a Common Audit handler that published log messages to stdout, a common practice when working with Docker containers.

Directory Proxy Server 6.5 now supports “sharding”, i.e. distributing data into multiple discrete replicated directory services. Such deployments make very large amount of data easier to manage and give better write scalability. In this version, the number of “shards” is fixed, but we are working on making the service dynamically scaling as the data grows, in future versions.

Directory Services 6.5 now supports limiting the number of connections that can be opened from a single client application. By IP address, a client may be denied, fully allowed or restricted in its number of opened connections, offering a greater protection against misbehaving applications.

The product also now supports the LDAP Relax Rules Control, that allow an administrator to add or modify attributes that are normally read-only. This feature can be used when having to synchronise data between different LDAP products, so they have the same timestamps for their creation or modification dates.

We’ve made the “cn=Changelog” suffix and data available on servers that are only acting as Replication hubs (RS), since they are persisting all the changes to replicate them.

We’ve added a couple of troubleshooting tools with the release. One tool, changelogstat) allows to list and dump the content of the replication changelog databases. The supportextract tool allows an administrator to capture the state and logs of a Directory Services instance and make the file available to ForgeRock support quickly.

Java 11 is now fully supported, both Oracle JVM and OpenJDK builds (from Oracle, Red-Hat or Azul Systems).

Finally, like with all releases of Directory Services, we have enhanced the performance and the reliability of the server in many areas. But most importantly, we have fully tested that you can upgrade to 6.5 without any service interruption: from 2.6 to 6.0, you can upgrade an instance and let it replicate with the other instances, then start upgrading the next one, until all instances are on the latest and greatest version. If you use VMs or containers, you can stop an existing instance and replace it with a new one. Or add a new one and then stop an old one… Your choice, but both scenarios are supported.

For further details, read the complete Release Notes. I’m looking forward to your feedback on the features and improvements of the Directory Services 6.5 release!

Après Londres, Identity Live arrive à Paris

Le ForgeRock Identity Live de Londres vient tout juste de se terminer, et déjà je suis impatient du prochain, le dernier pour l’année 2018: Identity Live Paris.

parissummitsocial_01

Venez nous retrouver, rencontrer des clients, des leaders d’opinions, des experts technique et autres professionnels de l’identité numérique. Pour la première fois, cette année, vous aurez aussi la possibilité, le 14 Novembre, de rencontrer et de discuter avec les experts techniques des produits, les développeurs, sous un format “UnConference” : agenda mouvant, discussions interactives sur les nouvelles fonctionnalités, sur les bonnes pratiques avec les containeurs Docker et Kubernetes…

Il est encore temps de s’inscrire !

En espérant vous retrouver à Paris les 13 et 14 Novembre…

[Mise à jour post-évenement]:
Vous pouvez trouver les quelques photos que j’ai faites ici.

Untitled

Identity Live London is over, Paris is next…

It’s been a couple of intense days in London with over 200 attendees at the London stop of the ForgeRock Identity Live world tour.

Untitled

In London, we’ve had 3 important customers that explained how they are innovating with the help of digital identities, each of them providing online services to over 30 millions users: The BBC, Maerks and Pearson. And we’ve had 3 major UK banks that joined a panel to discuss OpenBanking and APIs in the banking industry. I have particularly enjoyed the well mastered presentations by Bianca Lopes about the data that we leave online and that ties back to our identity, and by Spencer Kelly, technology presenter of the BBC show “Click”.

UntitledToday, we had our “unConference” day, where the engineering team is joining the product management one and discuss with our customers and partners on how to leverage the newest features of the ForgeRock Identity Platform, whether already released or soon to be.

My photos of the Identity Live London are now publicly visible here: https://www.flickr.com/photos/ludovicpoitou/albums/72157701508676261

And now, on to the next and last stop for 2018: Paris, November 13 and 14. Register and join us!

parissummitsocial_01

[Post Event Update]

You can find the few photos that I’ve taken on the Flickr album.

Untitled

ForgeRock IdentityLive APAC

Last month, ForgeRock hosted two IdentityLive events in the Asia-Pacific region.

One in Sydney on August 7 and 8

Sydney Australia

And the second one in Singapore the week after.

Singapore

This was my first participation to the events in this region (somehow I managed to convince my family to move our vacation earlier so I could attend), and it was great meeting in person with many customers and prospects I’ve interacted with over the phone, as well as meeting the ForgeRock colleagues I hadn’t seen for a while. As usual, the conversations around our products and the customers solutions were very rich and open, and I came back with great inputs and confirmations for our roadmaps.

You can find my photos of the events in the following Flickr albums:

The next IdentityLive events will take place in London on October 30-31, and Paris on November 13-14. I hope to see you there!

ForgeRock Identity Live Berlin

The second show of the ForgeRock worldwide tour of Identity Live events took place last week in the beautiful city of Berlin.LP0_4079

My colleagues from the Marketing team have already put a summary of the event with an highlight video and links to slides, videos of the sessions.

And my photo album of the event is also visible online here:

ForgeRock Identity Live Berlin 2018

See you at the next Identity Live in Sydney or in Singapore in August.

Open Provisioning ToolKit phoenix moment

OpenPTKI’m sitting in training this week with our Solution Architects team and was talking to my long time colleague Scott Fehrman about a customer I recently met and a mention of the Open Provisioning ToolKit (OpenPTK) in one of the slides. OpenPTK is an open source project that Scott, Terry Sigle and Derrick Harcey founded at Sun Microsystems some years ago.

As we’re talking Scott realized that the website that hosted OpenPTK source code, issues and downloads (java.net) is gone. As he had a copy of the latest version, he put it back online on his github account.

If anyone is using OpenPTK and would like to get the code, or even better work on it, it has raised from the hashes and is now publicly available:

https://github.com/sfehrman/openptk

ForgeRock Directory Services 6.0 is now available

frIdentityPlatformI am delighted to announce the general availability of the ForgeRock Identity Platform 6.0, and part of it, of ForgeRock Directory Services 6.0.

This major release of Directory Services is a consolidation of the current product, bringing even more reliability and performances to a very robust product. But it also brings a number of new features and improvements.

The main change in this version is around monitoring. With a common set of services, APIs and libraries for the whole Identity Platform, we’ve refined and optimised the monitoring metrics of the Directory Services, organising them in a more logical and hierarchical way. When searching the monitoring data over LDAP, all entries now have a proper schema (objectClasses and AttributeTypes) and many metrics have been consolidated into a single attribute with a JSON. But in addition to also exposing the metrics via JMX, we are now offering 2 endpoints to directly collect them with Prometheus or Graphite and visualise them using Grafana. We’re delivering a sample Grafana dashboard to illustrate their use:

DS6_dashboard

I will write a more in depth post to describe the new monitoring capabilities of ForgeRock Directory Services 6.0.

Amongst the other improvements of the new release, I can mention:

  • Support for Time To Live (TTL) indexes at the backend level. When entries reach their TTL date, they are automatically removed from the data store.
  • Ability to sort entries based on JSON attributes and specific fields, and also ability to sort entries when using Simple Paged results (and a page size smaller than the server side index limit).
  • Support for configuring the server offline, using dsconfig (–offline).
  • Support for expressions in the configuration file
  • Support for defining a global server ID for replication, which will be used by all replicated suffixes of that server.
  • Initial separation of what is static read-only configuration from what is more dynamic in deployments.
  • A new option to ldapmodify and ldapdelete to do bulk load operations.
  • More optimisations of disk space usage with entries and logs, as well as more optimisations of performances.

You can find more details in the Release Notes.

Directory Services 6.0 can upgrade instances of OpenDJ starting with version 2.6.0 or ForgeRock Directory Services 5.x, and it has been tested to be replicating with these versions as well, allowing a smooth upgrade of a replicated service with no downtime, nor change in configuration or replication. For a rolling upgrade, stop one of the servers, take a backup, install DS 6 and upgrade, restart the server, and move to the next one.

You can get and try the new version of the ForgeRock Identity Platform, or if you are a customer, you can go directly to backstage.forgerock.com.

I’m looking forward to your feedback about the new release.

ForgeRock Identity Live Austin

The season for the ForgeRock Identity Live events has opened earlier in May with the first of a series of 6 worldwide events in 2018, the Identity Live Austin.

LP0_3097With the largest audience since we’ve started these events, this was an absolutely great event, with as usual, passionate and in depth discussions with customers and partners.

You can find highlights, session videos and selected decks on the event website.

And here is my summary of the 2 days conference in pictures.

The next event will take place in Europe, in Berlin on June 12-13. It is still time to register, and you can look at the whole agenda of the summits to find one closer to your home. I’m looking forward to meet you there.

SnowCamp.io 2018

2017-sticker_peppercarrot_snowcamp2018_exportI’m one of the organisers of a developers’ conference here in Grenoble, France, the SnowCamp. The 3rd edition took place last week at Minatec. During 3 days, we hosted 10 University workshops, 40 presentations, 3 keynotes, and welcomed 375 attendees. And on the Saturday, we ran a smaller unconference with some of the speakers on the snowy slopes of Chamrousse, the closest ski resort to Grenoble.

Untitled

It has been 4 very intense days, but I’m really happy with how smooth the event went, and I’m excited to help organising it again next year (no spoiler, but it should take place end of January 2019).

My photos of the event are on my Flickr account, but they are also aggregated with other photographers’ shots on the SnowCamp Flickr Album.
SnowCamp 2018

We have a new office…

ForgeRock France office buildingYes, the picture looks familiar for those who have already come to visited us. In fact, we haven’t changed address, we’ve just moved the ForgeRock Grenoble Engineering Center to a new office space, in the same building, doubling in size, building our lab in the facilities.

 
With now 23 employees based in the Grenoble area, the expansion was long due. We now have more space for everyone, more meeting rooms, a creative area with huge white board, and a dedicated kitchen area.

Last Thursday, Mike Ellis, ForgeRock CEO, and Jonathan Scudder, co-founder were in the office for the opening party.

We also had visitors from the Bristol engineering team, the Vancouver WA engineering team and the Czech republic ProfiQ team, truly showing our diversity and international presence.

I hope that we will continue to grow as we’ve been doing in these first 7 years… We have an amazing team and a great culture. Let’s keep rocking on!
Thanks to Bruno Lavit Photography for the photo coverage!

Additional photos of the office can be found on my Flickr account.
Untitled

ForgeRock Identity Live is coming to Paris

Paris Identity Summit 2016
On November 21st, we will be hosting the ForgeRock Identity Live summit in Paris. The list of confirmed speakers is impressive, with Fleur Pellerin, Ian Sorbello from HSBC, Marko Orenius from Amer Sports and of course Mike Ellis, ForgeRock CEO.

Registration is here, and I hope to see you then.

Last week, we hosted our London Identity Live summit. The gallery of pictures from the event is available here.
London Identity Live

ForgeRock Trajectory…

frhqEarlier this week, ForgeRock announced an $88M series D funding, ahead of planned IPO.
I’ve been working with ForgeRock for 7 years, starting the first R&D engineering center in Grenoble, France, and building our Directory Services product. And I’m just amazed by the incredible journey we’ve accomplished since the beginning. I’m just thrilled to be part of this great adventure!

If you want to understand its foundation, take a look at this video with Mike Ellis, CEO and Steve Ferris, SVP Services and Founder.

ForgeRock Identity Live Events.

The ForgeRock 2017 Identity Live Summits are well underway but there are more to come in London (October 19) and Paris (November 21). Join us and register.

I was part of the Austin and the Dusseldorf ones in May. It’s a little late to make a summary of the events; you can find highlights, presentations on ForgeRock.com. But I thought I’d share photo albums of both events:

ForgeRock #IdentityLive 2017

ForgeRock #IdentityLive DE 2017