The Secret Features of Okta Access Gateway: Part 1: Multi-data Center and Multi-Tenancy
At Okta, we love to secure access to everything, from cloud apps, to consumer apps, to servers, and infrastructure—from a single platform. And that, of course, includes on-premises apps. In our new series The Secret Features of Okta Access Gateway, we’re going to explore some of the best secret features of Okta Access Gateway (OAG) to secure access to on-prem web apps, at scale.
Each post in this 5-part series will be delivered by a specialist with strong experience using these secrets in the field. And to help you navigate through all the information, we’re framing the posts based on the following key areas:
In this post, Part 1: Multi-data center and Multi-Tenancy, we’ll explore OAG's seamless support for multiple data centers and Okta tenants.
The Challenge: Secure applications deployed in multiple places
Organizations in real life can have multiple data centers and multiple tenants
Most organizations host their apps and IT in multiple data centers and Infrastructure as a Service (IaaS) providers. This happens due to several factors, ranging from compliance (some countries require environments deployed within their territory), to resiliency (organizations who have environments in different data centers for disaster recovery), to IT modernization (organizations on the "lift-and-shift" state, moving from physical data centers to IaaS providers like Amazon AWS, Azure, and GCP.)
Organizations may also rely on independent identity tenants. This is typically found in companies with independent tenants for development, test, and production, and in larger conglomerates, like Yamaha, GE, Amazon, or Hitachi, with independent businesses in multiple sectors.
For these companies, the large number of environments and tenants add an extra layer of complexity, since controlling access to apps consistently, independent of where the app is hosted, is a challenge.
The Solution: Seamless support for multi-data center and multi-tenancy
Companies with multiple environments and tenants want to secure their apps the same way, using the same policies, from a real “single pane of glass”. More than that, they want seamless integration. In this case, seamless means not having to jump through hoops and jerry-rig solutions to keep things together.
Okta and OAG deliver seamless support for complex company environments through its native multi-data center and multi-tenancy capabilities.
What does it look like?
Multi-data center: OAG is provided as a virtual appliance, and it can run in any place that supports Virtual Machines (VMs). VMs are the basic building block for any data center. From physical data centers managed through Hypervisors and Hyper Converged Infrastructure (HCI) solutions such as VMWare, all the way through IaaS providers like Amazon AWS, they allow you to secure apps with Okta in multiple data centers, without the hassle.
With multi-data center, you can connect your Okta tenant to OAG instances running in
multiple independent IaaS platforms and data centers.
Multi-Tenancy: In addition to multi-data center, each OAG appliance can connect to multiple Okta tenants in the cloud. With this capability, you support as many independent tenants as you need, whether it’s for development/QA/production or differing business units. The multi-tenancy configuration is done the same way for any org, without special steps required, as shown below.
With multi-tenancy, you can connect the same OAG instance (and data center)
to multiple Okta tenants.
With multi-data center and multi-tenancy, you can secure on-prem apps with Okta and OAG in the most complex of environments. These features are native and do not require that you jump through hoops or trick the system to keep things together.
So, if you want to really dig deep into how Access Gateway works, check out this on-demand webinar—there's a cool demo in it. ;-) And if you liked this post, look out for the next 4 secret features of Okta Access Gateway! In Part 2: On-Prem Data Sources, our senior OAG specialist, Mark Wilcox, covers how Access Gateway connects to on-prem data sources to complement sessions with local data.