Alternatives to FreeIPA logo

Alternatives to FreeIPA

Keycloak, Centrify, OpenLDAP, Postman, and Postman are the most popular alternatives and competitors to FreeIPA.
42
3

What is FreeIPA and what are its top alternatives?

FreeIPA is an open-source identity management solution that provides centralized authentication, authorization, and account information by combining LDAP (Lightweight Directory Access Protocol), Kerberos, DNS, PKI (Public Key Infrastructure), and other services. It offers features such as single sign-on, user and group management, role-based access control, certificate management, and more. However, some limitations of FreeIPA include limited support for non-Linux systems, complex setup and configuration, and less flexibility for customization compared to other solutions.

  1. Keycloak: Keycloak is an open-source identity and access management solution that provides single sign-on, social login, user federation, identity brokering, and more. Pros include easy integration with third-party services, strong security features, and support for multiple protocols. Cons include a steeper learning curve for beginners and potentially complex setup for larger deployments.

  2. Samba: Samba is a software suite that provides file and print services for various Microsoft Windows operating systems. It can also be used for centralized authentication and user management in a networked environment. Pros include seamless integration with Windows environments, strong support for Active Directory compatibility, and robust file sharing capabilities. However, Samba may require additional configuration and maintenance compared to FreeIPA.

  3. LDAP (Lightweight Directory Access Protocol): LDAP is a lightweight directory access protocol used for accessing and maintaining distributed directory information services. It is commonly used for centralized authentication, user account management, and directory services. Pros of LDAP include simplicity, flexibility, and wide industry support. However, LDAP may require additional tools and services to build a comprehensive identity management solution compared to FreeIPA.

  4. Red Hat Identity Management: Red Hat Identity Management is a commercial offering based on FreeIPA that provides enterprise-level identity and access management services. Pros include professional support, integration with Red Hat ecosystem, and robust security features. However, the commercial version may come with licensing costs and additional features that may not be necessary for all users.

  5. Shibboleth: Shibboleth is an open-source identity federation solution that enables secure single sign-on across multiple organizations. It is widely used in higher education and research institutions for federated access management. Pros include strong support for SAML (Security Assertion Markup Language), federated identity management, and scalable architecture. However, Shibboleth may have a steeper learning curve and limited feature set compared to FreeIPA.

  6. OpenIAM: OpenIAM is an open-source identity and access management platform that provides user provisioning, single sign-on, access governance, and identity federation capabilities. Pros include a user-friendly interface, integration with various systems and applications, and support for multi-factor authentication. However, OpenIAM may have a smaller community compared to FreeIPA, which could affect support and updates.

  7. Gluu: Gluu is an open-source identity and access management platform that provides authentication, authorization, federation, and user management services. Pros include strong security features, integration with popular protocols and standards, and a flexible architecture. However, Gluu may require additional customization and configuration compared to FreeIPA, which could be challenging for beginners.

  8. FreeRADIUS: FreeRADIUS is an open-source RADIUS server that provides centralized authentication, authorization, and accounting for network users. It is commonly used for WiFi authentication, VPN access, and other network services. Pros include flexibility, scalability, and support for various authentication methods. However, FreeRADIUS may require additional configuration and integration with other tools for comprehensive identity management compared to FreeIPA.

  9. Duo Security: Duo Security is a cloud-based multi-factor authentication platform that provides secure access to applications and services. Pros include ease of use, strong authentication methods, and support for various platforms and devices. However, Duo Security may focus more on authentication rather than user management and directory services, which could be a limitation compared to FreeIPA.

  10. Okta: Okta is a cloud-based identity and access management platform that provides single sign-on, multi-factor authentication, user provisioning, and other services. Pros include a user-friendly interface, seamless integration with various applications and services, and strong security features. However, Okta may come with subscription fees and costs that could be higher than self-hosted solutions like FreeIPA.

Top Alternatives to FreeIPA

  • Keycloak
    Keycloak

    It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box. ...

  • Centrify
    Centrify

    It is privileged identity management and identity as a service solutions stop the breach by securing access to hybrid enterprises through the power of identity services. ...

  • OpenLDAP
    OpenLDAP

    It is a free, open-source implementation of the Lightweight Directory Access Protocol. Lightweight Directory Access is an application protocol that is used to crosscheck information on the server end. ...

  • Postman
    Postman

    It is the only complete API development environment, used by nearly five million developers and more than 100,000 companies worldwide. ...

  • Postman
    Postman

    It is the only complete API development environment, used by nearly five million developers and more than 100,000 companies worldwide. ...

  • Stack Overflow
    Stack Overflow

    Stack Overflow is a question and answer site for professional and enthusiast programmers. It's built and run by you as part of the Stack Exchange network of Q&A sites. With your help, we're working together to build a library of detailed answers to every question about programming. ...

  • Google Maps
    Google Maps

    Create rich applications and stunning visualisations of your data, leveraging the comprehensiveness, accuracy, and usability of Google Maps and a modern web platform that scales as you grow. ...

  • Elasticsearch
    Elasticsearch

    Elasticsearch is a distributed, RESTful search and analytics engine capable of storing data and searching it in near real time. Elasticsearch, Kibana, Beats and Logstash are the Elastic Stack (sometimes called the ELK Stack). ...

FreeIPA alternatives & related posts

Keycloak logo

Keycloak

736
1.3K
102
An open source identity and access management solution
736
1.3K
+ 1
102
PROS OF KEYCLOAK
  • 33
    It's a open source solution
  • 24
    Supports multiple identity provider
  • 17
    OpenID and SAML support
  • 12
    Easy customisation
  • 10
    JSON web token
  • 6
    Maintained by devs at Redhat
CONS OF KEYCLOAK
  • 7
    Okta
  • 6
    Poor client side documentation
  • 5
    Lack of Code examples for client side

related Keycloak posts

Shared insights
on
OktaOktaKeycloakKeycloakGitHubGitHub

Hello,

I'm trying to implement a solution for this situation:

There is a restaurant in which users can access RestAPI, using Google, Facebook, GitHub. There is even the possibility to login inside using the SPID authentication. In the first case I was considering Keycloak as a better solution for this case, but then i've read about Okta and its pros.

I cannot understand reading and searching on Google if SPID authentication is supported by OKTA. Looks like to be, because it should be using SAML, but I haven't found a clear solution.

See more
Joshua Dean Küpper
CEO at Scrayos UG (haftungsbeschränkt) · | 7 upvotes · 843.2K views

As the access to our global REST-API "Charon" is bound to OAuth2, we use Keycloak inside Quarkus to authenticate and authorize users of our API. It is not possible to perform any un-authenticated requests against this API, so we wanted to make really sure that the authentication/authorization component is absolutely reliable and tested. We found those attributes within Keycloak, so we used it.

See more
Centrify logo

Centrify

13
31
0
Leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises
13
31
+ 1
0
PROS OF CENTRIFY
    Be the first to leave a pro
    CONS OF CENTRIFY
      Be the first to leave a con

      related Centrify posts

      OpenLDAP logo

      OpenLDAP

      95
      132
      0
      An open source implementation of the Lightweight Directory Access Protocol
      95
      132
      + 1
      0
      PROS OF OPENLDAP
        Be the first to leave a pro
        CONS OF OPENLDAP
          Be the first to leave a con

          related OpenLDAP posts

          Postman logo

          Postman

          94.5K
          81K
          1.8K
          Only complete API development environment
          94.5K
          81K
          + 1
          1.8K
          PROS OF POSTMAN
          • 490
            Easy to use
          • 369
            Great tool
          • 276
            Makes developing rest api's easy peasy
          • 156
            Easy setup, looks good
          • 144
            The best api workflow out there
          • 53
            It's the best
          • 53
            History feature
          • 44
            Adds real value to my workflow
          • 43
            Great interface that magically predicts your needs
          • 35
            The best in class app
          • 12
            Can save and share script
          • 10
            Fully featured without looking cluttered
          • 8
            Collections
          • 8
            Option to run scrips
          • 8
            Global/Environment Variables
          • 7
            Shareable Collections
          • 7
            Dead simple and useful. Excellent
          • 7
            Dark theme easy on the eyes
          • 6
            Awesome customer support
          • 6
            Great integration with newman
          • 5
            Documentation
          • 5
            Simple
          • 5
            The test script is useful
          • 4
            Saves responses
          • 4
            This has simplified my testing significantly
          • 4
            Makes testing API's as easy as 1,2,3
          • 4
            Easy as pie
          • 3
            API-network
          • 3
            I'd recommend it to everyone who works with apis
          • 3
            Mocking API calls with predefined response
          • 2
            Now supports GraphQL
          • 2
            Postman Runner CI Integration
          • 2
            Easy to setup, test and provides test storage
          • 2
            Continuous integration using newman
          • 2
            Pre-request Script and Test attributes are invaluable
          • 2
            Runner
          • 2
            Graph
          • 1
            <a href="http://fixbit.com/">useful tool</a>
          CONS OF POSTMAN
          • 10
            Stores credentials in HTTP
          • 9
            Bloated features and UI
          • 8
            Cumbersome to switch authentication tokens
          • 7
            Poor GraphQL support
          • 5
            Expensive
          • 3
            Not free after 5 users
          • 3
            Can't prompt for per-request variables
          • 1
            Import swagger
          • 1
            Support websocket
          • 1
            Import curl

          related Postman posts

          Noah Zoschke
          Engineering Manager at Segment · | 30 upvotes · 3M views

          We just launched the Segment Config API (try it out for yourself here) — a set of public REST APIs that enable you to manage your Segment configuration. A public API is only as good as its #documentation. For the API reference doc we are using Postman.

          Postman is an “API development environment”. You download the desktop app, and build API requests by URL and payload. Over time you can build up a set of requests and organize them into a “Postman Collection”. You can generalize a collection with “collection variables”. This allows you to parameterize things like username, password and workspace_name so a user can fill their own values in before making an API call. This makes it possible to use Postman for one-off API tasks instead of writing code.

          Then you can add Markdown content to the entire collection, a folder of related methods, and/or every API method to explain how the APIs work. You can publish a collection and easily share it with a URL.

          This turns Postman from a personal #API utility to full-blown public interactive API documentation. The result is a great looking web page with all the API calls, docs and sample requests and responses in one place. Check out the results here.

          Postman’s powers don’t end here. You can automate Postman with “test scripts” and have it periodically run a collection scripts as “monitors”. We now have #QA around all the APIs in public docs to make sure they are always correct

          Along the way we tried other techniques for documenting APIs like ReadMe.io or Swagger UI. These required a lot of effort to customize.

          Writing and maintaining a Postman collection takes some work, but the resulting documentation site, interactivity and API testing tools are well worth it.

          See more
          Simon Reymann
          Senior Fullstack Developer at QUANTUSflow Software GmbH · | 27 upvotes · 5.1M views

          Our whole Node.js backend stack consists of the following tools:

          • Lerna as a tool for multi package and multi repository management
          • npm as package manager
          • NestJS as Node.js framework
          • TypeScript as programming language
          • ExpressJS as web server
          • Swagger UI for visualizing and interacting with the API’s resources
          • Postman as a tool for API development
          • TypeORM as object relational mapping layer
          • JSON Web Token for access token management

          The main reason we have chosen Node.js over PHP is related to the following artifacts:

          • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
          • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
          • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
          • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
          See more
          Postman logo

          Postman

          94.5K
          81K
          1.8K
          Only complete API development environment
          94.5K
          81K
          + 1
          1.8K
          PROS OF POSTMAN
          • 490
            Easy to use
          • 369
            Great tool
          • 276
            Makes developing rest api's easy peasy
          • 156
            Easy setup, looks good
          • 144
            The best api workflow out there
          • 53
            It's the best
          • 53
            History feature
          • 44
            Adds real value to my workflow
          • 43
            Great interface that magically predicts your needs
          • 35
            The best in class app
          • 12
            Can save and share script
          • 10
            Fully featured without looking cluttered
          • 8
            Collections
          • 8
            Option to run scrips
          • 8
            Global/Environment Variables
          • 7
            Shareable Collections
          • 7
            Dead simple and useful. Excellent
          • 7
            Dark theme easy on the eyes
          • 6
            Awesome customer support
          • 6
            Great integration with newman
          • 5
            Documentation
          • 5
            Simple
          • 5
            The test script is useful
          • 4
            Saves responses
          • 4
            This has simplified my testing significantly
          • 4
            Makes testing API's as easy as 1,2,3
          • 4
            Easy as pie
          • 3
            API-network
          • 3
            I'd recommend it to everyone who works with apis
          • 3
            Mocking API calls with predefined response
          • 2
            Now supports GraphQL
          • 2
            Postman Runner CI Integration
          • 2
            Easy to setup, test and provides test storage
          • 2
            Continuous integration using newman
          • 2
            Pre-request Script and Test attributes are invaluable
          • 2
            Runner
          • 2
            Graph
          • 1
            <a href="http://fixbit.com/">useful tool</a>
          CONS OF POSTMAN
          • 10
            Stores credentials in HTTP
          • 9
            Bloated features and UI
          • 8
            Cumbersome to switch authentication tokens
          • 7
            Poor GraphQL support
          • 5
            Expensive
          • 3
            Not free after 5 users
          • 3
            Can't prompt for per-request variables
          • 1
            Import swagger
          • 1
            Support websocket
          • 1
            Import curl

          related Postman posts

          Noah Zoschke
          Engineering Manager at Segment · | 30 upvotes · 3M views

          We just launched the Segment Config API (try it out for yourself here) — a set of public REST APIs that enable you to manage your Segment configuration. A public API is only as good as its #documentation. For the API reference doc we are using Postman.

          Postman is an “API development environment”. You download the desktop app, and build API requests by URL and payload. Over time you can build up a set of requests and organize them into a “Postman Collection”. You can generalize a collection with “collection variables”. This allows you to parameterize things like username, password and workspace_name so a user can fill their own values in before making an API call. This makes it possible to use Postman for one-off API tasks instead of writing code.

          Then you can add Markdown content to the entire collection, a folder of related methods, and/or every API method to explain how the APIs work. You can publish a collection and easily share it with a URL.

          This turns Postman from a personal #API utility to full-blown public interactive API documentation. The result is a great looking web page with all the API calls, docs and sample requests and responses in one place. Check out the results here.

          Postman’s powers don’t end here. You can automate Postman with “test scripts” and have it periodically run a collection scripts as “monitors”. We now have #QA around all the APIs in public docs to make sure they are always correct

          Along the way we tried other techniques for documenting APIs like ReadMe.io or Swagger UI. These required a lot of effort to customize.

          Writing and maintaining a Postman collection takes some work, but the resulting documentation site, interactivity and API testing tools are well worth it.

          See more
          Simon Reymann
          Senior Fullstack Developer at QUANTUSflow Software GmbH · | 27 upvotes · 5.1M views

          Our whole Node.js backend stack consists of the following tools:

          • Lerna as a tool for multi package and multi repository management
          • npm as package manager
          • NestJS as Node.js framework
          • TypeScript as programming language
          • ExpressJS as web server
          • Swagger UI for visualizing and interacting with the API’s resources
          • Postman as a tool for API development
          • TypeORM as object relational mapping layer
          • JSON Web Token for access token management

          The main reason we have chosen Node.js over PHP is related to the following artifacts:

          • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
          • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
          • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
          • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
          See more
          Stack Overflow logo

          Stack Overflow

          69K
          61K
          893
          Question and answer site for professional and enthusiast programmers
          69K
          61K
          + 1
          893
          PROS OF STACK OVERFLOW
          • 257
            Scary smart community
          • 206
            Knows all
          • 142
            Voting system
          • 134
            Good questions
          • 83
            Good SEO
          • 22
            Addictive
          • 14
            Tight focus
          • 10
            Share and gain knowledge
          • 7
            Useful
          • 3
            Fast loading
          • 2
            Gamification
          • 1
            Knows everyone
          • 1
            Experts share experience and answer questions
          • 1
            Stack overflow to developers As google to net surfers
          • 1
            Questions answered quickly
          • 1
            No annoying ads
          • 1
            No spam
          • 1
            Fast community response
          • 1
            Good moderators
          • 1
            Quick answers from users
          • 1
            Good answers
          • 1
            User reputation ranking
          • 1
            Efficient answers
          • 1
            Leading developer community
          CONS OF STACK OVERFLOW
          • 3
            Not welcoming to newbies
          • 3
            Unfair downvoting
          • 3
            Unfriendly moderators
          • 3
            No opinion based questions
          • 3
            Mean users
          • 2
            Limited to types of questions it can accept

          related Stack Overflow posts

          Tom Klein

          Google Analytics is a great tool to analyze your traffic. To debug our software and ask questions, we love to use Postman and Stack Overflow. Google Drive helps our team to share documents. We're able to build our great products through the APIs by Google Maps, CloudFlare, Stripe, PayPal, Twilio, Let's Encrypt, and TensorFlow.

          See more
          Google Maps logo

          Google Maps

          41.5K
          28.9K
          567
          Build highly customisable maps with your own content and imagery
          41.5K
          28.9K
          + 1
          567
          PROS OF GOOGLE MAPS
          • 253
            Free
          • 136
            Address input through maps api
          • 82
            Sharable Directions
          • 47
            Google Earth
          • 46
            Unique
          • 3
            Custom maps designing
          CONS OF GOOGLE MAPS
          • 4
            Google Attributions and logo
          • 1
            Only map allowed alongside google place autocomplete

          related Google Maps posts

          Tom Klein

          Google Analytics is a great tool to analyze your traffic. To debug our software and ask questions, we love to use Postman and Stack Overflow. Google Drive helps our team to share documents. We're able to build our great products through the APIs by Google Maps, CloudFlare, Stripe, PayPal, Twilio, Let's Encrypt, and TensorFlow.

          See more

          A huge component of our product relies on gathering public data about locations of interest. Google Places API gives us that ability in the most efficient way. Since we are primarily going to be using as google data as a source of information for our MVP, we might as well start integrating the Google Places API in our system. We have worked with Google Maps in the past and we might take some inspiration from our previous projects onto this one.

          See more
          Elasticsearch logo

          Elasticsearch

          34.5K
          26.9K
          1.6K
          Open Source, Distributed, RESTful Search Engine
          34.5K
          26.9K
          + 1
          1.6K
          PROS OF ELASTICSEARCH
          • 328
            Powerful api
          • 315
            Great search engine
          • 231
            Open source
          • 214
            Restful
          • 200
            Near real-time search
          • 98
            Free
          • 85
            Search everything
          • 54
            Easy to get started
          • 45
            Analytics
          • 26
            Distributed
          • 6
            Fast search
          • 5
            More than a search engine
          • 4
            Great docs
          • 4
            Awesome, great tool
          • 3
            Highly Available
          • 3
            Easy to scale
          • 2
            Potato
          • 2
            Document Store
          • 2
            Great customer support
          • 2
            Intuitive API
          • 2
            Nosql DB
          • 2
            Great piece of software
          • 2
            Reliable
          • 2
            Fast
          • 2
            Easy setup
          • 1
            Open
          • 1
            Easy to get hot data
          • 1
            Github
          • 1
            Elaticsearch
          • 1
            Actively developing
          • 1
            Responsive maintainers on GitHub
          • 1
            Ecosystem
          • 1
            Not stable
          • 1
            Scalability
          • 0
            Community
          CONS OF ELASTICSEARCH
          • 7
            Resource hungry
          • 6
            Diffecult to get started
          • 5
            Expensive
          • 4
            Hard to keep stable at large scale

          related Elasticsearch posts

          Tim Abbott

          We've been using PostgreSQL since the very early days of Zulip, but we actually didn't use it from the beginning. Zulip started out as a MySQL project back in 2012, because we'd heard it was a good choice for a startup with a wide community. However, we found that even though we were using the Django ORM for most of our database access, we spent a lot of time fighting with MySQL. Issues ranged from bad collation defaults, to bad query plans which required a lot of manual query tweaks.

          We ended up getting so frustrated that we tried out PostgresQL, and the results were fantastic. We didn't have to do any real customization (just some tuning settings for how big a server we had), and all of our most important queries were faster out of the box. As a result, we were able to delete a bunch of custom queries escaping the ORM that we'd written to make the MySQL query planner happy (because postgres just did the right thing automatically).

          And then after that, we've just gotten a ton of value out of postgres. We use its excellent built-in full-text search, which has helped us avoid needing to bring in a tool like Elasticsearch, and we've really enjoyed features like its partial indexes, which saved us a lot of work adding unnecessary extra tables to get good performance for things like our "unread messages" and "starred messages" indexes.

          I can't recommend it highly enough.

          See more
          Tymoteusz Paul
          Devops guy at X20X Development LTD · | 23 upvotes · 9.8M views

          Often enough I have to explain my way of going about setting up a CI/CD pipeline with multiple deployment platforms. Since I am a bit tired of yapping the same every single time, I've decided to write it up and share with the world this way, and send people to read it instead ;). I will explain it on "live-example" of how the Rome got built, basing that current methodology exists only of readme.md and wishes of good luck (as it usually is ;)).

          It always starts with an app, whatever it may be and reading the readmes available while Vagrant and VirtualBox is installing and updating. Following that is the first hurdle to go over - convert all the instruction/scripts into Ansible playbook(s), and only stopping when doing a clear vagrant up or vagrant reload we will have a fully working environment. As our Vagrant environment is now functional, it's time to break it! This is the moment to look for how things can be done better (too rigid/too lose versioning? Sloppy environment setup?) and replace them with the right way to do stuff, one that won't bite us in the backside. This is the point, and the best opportunity, to upcycle the existing way of doing dev environment to produce a proper, production-grade product.

          I should probably digress here for a moment and explain why. I firmly believe that the way you deploy production is the same way you should deploy develop, shy of few debugging-friendly setting. This way you avoid the discrepancy between how production work vs how development works, which almost always causes major pains in the back of the neck, and with use of proper tools should mean no more work for the developers. That's why we start with Vagrant as developer boxes should be as easy as vagrant up, but the meat of our product lies in Ansible which will do meat of the work and can be applied to almost anything: AWS, bare metal, docker, LXC, in open net, behind vpn - you name it.

          We must also give proper consideration to monitoring and logging hoovering at this point. My generic answer here is to grab Elasticsearch, Kibana, and Logstash. While for different use cases there may be better solutions, this one is well battle-tested, performs reasonably and is very easy to scale both vertically (within some limits) and horizontally. Logstash rules are easy to write and are well supported in maintenance through Ansible, which as I've mentioned earlier, are at the very core of things, and creating triggers/reports and alerts based on Elastic and Kibana is generally a breeze, including some quite complex aggregations.

          If we are happy with the state of the Ansible it's time to move on and put all those roles and playbooks to work. Namely, we need something to manage our CI/CD pipelines. For me, the choice is obvious: TeamCity. It's modern, robust and unlike most of the light-weight alternatives, it's transparent. What I mean by that is that it doesn't tell you how to do things, doesn't limit your ways to deploy, or test, or package for that matter. Instead, it provides a developer-friendly and rich playground for your pipelines. You can do most the same with Jenkins, but it has a quite dated look and feel to it, while also missing some key functionality that must be brought in via plugins (like quality REST API which comes built-in with TeamCity). It also comes with all the common-handy plugins like Slack or Apache Maven integration.

          The exact flow between CI and CD varies too greatly from one application to another to describe, so I will outline a few rules that guide me in it: 1. Make build steps as small as possible. This way when something breaks, we know exactly where, without needing to dig and root around. 2. All security credentials besides development environment must be sources from individual Vault instances. Keys to those containers should exist only on the CI/CD box and accessible by a few people (the less the better). This is pretty self-explanatory, as anything besides dev may contain sensitive data and, at times, be public-facing. Because of that appropriate security must be present. TeamCity shines in this department with excellent secrets-management. 3. Every part of the build chain shall consume and produce artifacts. If it creates nothing, it likely shouldn't be its own build. This way if any issue shows up with any environment or version, all developer has to do it is grab appropriate artifacts to reproduce the issue locally. 4. Deployment builds should be directly tied to specific Git branches/tags. This enables much easier tracking of what caused an issue, including automated identifying and tagging the author (nothing like automated regression testing!).

          Speaking of deployments, I generally try to keep it simple but also with a close eye on the wallet. Because of that, I am more than happy with AWS or another cloud provider, but also constantly peeking at the loads and do we get the value of what we are paying for. Often enough the pattern of use is not constantly erratic, but rather has a firm baseline which could be migrated away from the cloud and into bare metal boxes. That is another part where this approach strongly triumphs over the common Docker and CircleCI setup, where you are very much tied in to use cloud providers and getting out is expensive. Here to embrace bare-metal hosting all you need is a help of some container-based self-hosting software, my personal preference is with Proxmox and LXC. Following that all you must write are ansible scripts to manage hardware of Proxmox, similar way as you do for Amazon EC2 (ansible supports both greatly) and you are good to go. One does not exclude another, quite the opposite, as they can live in great synergy and cut your costs dramatically (the heavier your base load, the bigger the savings) while providing production-grade resiliency.

          See more