Skip to main content

Local Directory Overview

The Aserto Directory can be run as a standalone container, backed by a Postgres DB.

In addition, a local management console experience is provided for this deployment option.

Scenarios

There are a few scenarios where running a separate, local directory instance is advantageous:

Scaling data size beyond what fits in the embedded database

For deployments that have hundreds of thousands / millions of users, some partitioning strategy may be required.

Alternatively, a Postgres-backed directory provide a more scalable solution. Additionally, the cloud-specific mechanisms that are used to scale and manage Postgres databases can be applied to the directory database as well.

Stateless authorizers and a single directory

Some organizations may prefer to have all their authorizers connect to a single directory instead of keeping their own cache of the subject, object, and relation data.

Running a separate directory enables this scenario. In this type of deployment, the edge authorizers are completely stateless, and therefore are guaranteed to see exactly the same authorization data.

Self-hosting

Some organizations want or need to self-host all of the components in their authorization solution. The smallest Aserto deployment is the Aserto Sidecar, but for organizations that want to use a relational directory without relying on the hosted Aserto Directory, this model is appropriate.

Deployment

The easiest way to deploy the Local Directory is via a helm chart that includes a Sidecar as well as a Local Console, described next.