Edge Authorizer with Local Directory and Console

For advanced scenarios, the Edge Authorizer can be deployed with a stand alone directory backed by a Postgres DB, and a console. When deploying this way, there are no dependencies on externally hosted components nor will your local Aserto environment share any data externally. Optionally, you can configure the Edge Authorizer to pull down container images from an OCI v2 Registry (such as Github), and you can import data from an IDP (Auth0, Azure AD, etc.) using the ds-load CLI.

Scenarios

There are a few scenarios where this type of deployment is advantageous:

Scaling data size beyond what fits in the embedded database

For deployments that have hundreds of thousands / millions of users, some partitioning strategy may be required.

Alternatively, a Postgres-backed directory provide a more scalable solution. Additionally, the cloud-specific mechanisms that are used to scale and manage Postgres databases can be applied to the directory database as well.

Stateless authorizers and a single directory

Some organizations may prefer to have all their authorizers connect to a single directory instead of keeping their own cache of the subject, object, and relation data.

Running a separate directory enables this scenario. In this type of deployment, the Edge Authorizers are completely stateless, and therefore are guaranteed to see exactly the same authorization data.

Self-hosting

Some organizations want or need to self-host all of the components in their authorization solution. The smallest Aserto deployment is the Edge Authorizer, but for organizations that want to use a relational directory without relying on the hosted Aserto Directory, this model is appropriate.

Deployment

The easiest way to deploy the Local Directory is via the Aserto helm chart described next.