Skip navigation
All Places > CA Security > CA Single Sign-On > Blog > 2018 > September
2018

Deploying CA Single Sign-On (CA SSO) Web Agents in dynamically scaled and containerized environments, such as OpenShift or other PaaS platforms, has been a hot topic.

The good news is that CA SSO supports registration that allow web agents to run in containerized environments since the release of CA SSO 12.6.

 

What is a Container After All?

In basic terms, a container is a form of virtualization and a packaging format for a unit of software that ships together. A container image is a form factor that encapsulates a set of software and its dependencies, the minimal set of runtime libraries that the software needs to do its function.

Enterprises running containers will need container orchestration solutions such as Kubernetes and other components for container management, either running in their own or in a public cloud. 

 

The Role of Docker in Containers

The adoption of Docker in organizations deploying containers has fueled an active ecosystem, with thousands of “Dockerized" applications in the Docker Hub registry. Cloud service providers such as Amazon Web Services (AWS), Google and Azure have embraced Docker and rolled out offerings of their own related to the ecosystem.

Here are some key factors as to why our customers are starting to embrace Docker:

 

  • Docker gels well with DevOps practices at scale. They are easy to deploy and accelerate application delivery coupled with immutability.
  • Portability is another key benefit of Docker because all required application dependencies can be packaged within the container's layers. Vendors can ensure that the application payload will execute on any node with the same operating system (OS) kernel type (Windows or Linux), that the application was compiled for. This also enables easy migration of workloads to public cloud services and across public cloud services. Therefore, Docker enables cloud-agnostic based practices and can help in avoiding vendor lock-ins.
  • Container orchestration platforms enable auto-scaling of containers and coupled with rapid startup and shutdown times, makes it well-suited for architectures requiring on-demand scale up and down, which improves the total cost of ownership of deployments.
  • Containers result in efficient resource usage, as the packaging model eliminates redundancies with higher application density, also improving TCO. 

 

CA Single Sign-On Web Agents and Docker

When Web agents are used in Docker containers or other dynamically scaled environments like OpenShift, scenarios can occur where containers with Web Agents are frequently initiated or destroyed, as they are scaling up or down based on the load that is caused by incoming requests. These scenarios require a different approach when registering those Web Agent instances.

To handle the rapid registration and removal of containers that are running web servers with the Web Agents, the instances of the same Web Agent must use the same trusted host. To do this, you must assign a trusted host to each logical application (rather than to each agent instance) and use the shared secret of the trusted host whenever you are initializing a new Web Agent container of that application.

The below documentation link explains in greater detail the approach of running Web Agents in dynamically scaled environments:

https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/policy-server-configuration/agents-and-agent-groups/use-web-agent-in-dynamically-scaled-environment/

The CA SSO product team is also continuing to improve and optimize this approach. Keep watching this space for hearing more about what we are working towards or let us know your thoughts. If there are any topics you’d like additional tech tips on, please let us know!

 

CA SSO Product Team