3.2 Deployment Scenarios

Advanced Edition installation is supported on the Microsoft Azure cloud. It supports the following deployment approaches. Use a deployment strategy that fits the needs of your company.

3.2.1 Basic Deployment Flow

  1. Log in to the Microsoft Azure portal.

  2. Create an application. For example, app A.

  3. Configure role-based access and token validation. See Enabling Role-based Access and Token Validation.

  4. Take a note of client ID, client secret, tenant name, and tenant ID. Deploy the Advanced Edition server using these details. For more information, Installing Advanced Edition.

    NOTE:To get the tenant name, navigate to Home > Subscription > Subscription name. The value of Directory excluding the bracket is the tenant name. For example, NSL Directory.

  5. Configure an identity store on the web console. For information about adding an identity store, see Configuring Identity Storein the SecureLogin CE 24.3 (v9.2) Advanced Edition Installation and Configuration Guide.

  6. Ensure that your device is connected to Azure AD. For more information, see Microsoft documentation.

  7. Install the SecureLogin client in the Advanced Edition mode. For information about the installation steps, see Installing and Deploying in the SecureLogin Advanced Edition Environment in the SecureLogin CE 24.3 (v9.2) Installation Guide.

  8. Configure the passphrase for the new user. For more information, see Setting Up a Passphrase in the SecureLogin CE 24.3 (v9.2) Installation Guide.

    A connection is established between the SecureLogin client and Advanced Edition.

  9. To confirm that the connection is established, right-click the SecureLogin icon in the system tray, click About. The value for Primary must be Primary-Available.

3.2.2 Cloud-only Deployment

In this deployment model, Advanced Edition is deployed on the Azure cloud, user groups are managed in Azure AD, and the SecureLogin client is deployed in the Advanced Edition mode to manage the Azure AD joined devices.

This model suits best when you are deploying SecureLogin for the first time for your company and want to use Azure AD as the identity provider. Figure 3-1 illustrates this scenario.

Figure 3-1 Advanced Edition Cloud-Only Deployment

You can perform only a fresh installation in the cloud-only deployment model.

The high-level steps are as follows:

  1. Install Advanced Edition on Azure Kubernetes Services. See Installing Advanced Edition.

  2. Configure Advanced Edition. See Configuring Advanced Edition.

  3. Install and configure the SecureLogin client in the Advanced Edition mode. See Installing and Deploying in the SecureLogin Advanced Edition Environment.

3.2.3 Hybrid Deployment

In the hybrid deployment model, Advanced Edition is deployed on the Azure cloud, user groups are managed in Active Directory, Azure AD or both, and the SecureLogin client is deployed in the Advanced Edition mode to manage the Azure AD joined devices. Figure 3-2 illustrates this deployment model.

Figure 3-2 Advanced Edition Hybrid Deployment

Using this model, you can deploy SecureLogin to achieve one of the following scenarios:

Manage some user groups in Active Directory and some in Azure AD

If you are already using SecureLogin in the Active Directory mode, you can migrate your user groups from Active Directory to Azure AD. You can choose to migrate only a certain user groups to Azure AD. The remaining user groups can be managed in Active Directory. This can be useful when you have many user groups, and the number of users in each user group is enormous. Migrating and managing all the user groups at once can be a complex task. Therefore, you can migrate the groups in phases.

Manage all user groups in both Active Directory and Azure AD

This scenario is similar to the previous one. However, you can choose to maintain all your user groups in both Active Directory and Azure AD. This can be useful when the number of users and user groups are less.

The following are the high-level steps of the hybrid deployment model. You can perform a fresh installation or migration.

Fresh Installation

Perform a fresh installation when you are deploying SecureLogin for the first time.

  1. Install Advanced Edition on Azure Kubernetes Services. See Installing Advanced Edition.

  2. Configure Advanced Edition. See Configuring Advanced Edition.

  3. Sync the Active Directory users to Azure AD using the Azure AD connect tool. See Synchronizing Active Directory Users with Azure AD.

  4. Install and configure the SecureLogin client in the Advanced Edition mode. See Installing and Deploying in the SecureLogin Advanced Edition Environment.

Migration

Migration is applicable when you have an existing SecureLogin deployment.

  1. Install Advanced Edition on Azure Kubernetes Services. See Installing Advanced Edition.

  2. Configure Advanced Edition. See Configuring Advanced Edition.

  3. Sync the Active Directory users to Azure AD using the Azure AD connect tool. See Synchronizing Active Directory Users with Azure AD.

  4. Install and configure the SecureLogin client in the Active Directory mode. See Installing and Configuring in an Active Directory Environment in the SecureLogin CE 24.3 (v9.2) Installation Guide.

  5. Migrate the datastore using the slMigrationHelper tool. See Migrating the Data Through the slMigrationHelper Tool.