Overview

Aserto authorizers can be deployed right next to your application, in your cloud, these are known as Edge Authorizers. Edge Authorizers are Topaz Instances which are configured to connect to the Aserto Control Plane.

Edge Authorizer only

The simplest local deployment is in the form of a single Topaz container that is configured as an Aserto Edge Authorizer.

You can deploy it either as a local microservice (and scale it horizontally), or if you're running in Kubernetes, you can deploy it as a sidecar in your application pod.

The Edge Authorizer includes an Aserto Directory that is implemented using an embedded database, based on BoltDB. It scales up to a couple of GB of data (which could house 10k's of users, depending on how many properties each user contains).

The Edge Authorizers documentation describes the Edge Authorizer and its deployment and management in more detail.

Edge Authorizer with Self-hosted Directory and Console

The second flavor of a local authorizer deployment adds a separate Aserto Directory running locally in its own container, as well as a self-hosted Console for adminstering. This implementation of the Aserto Directory uses Postgres as a back-end relational store, and can scale to larger data sizes than can fit in the embedded store.

The Local Directory documentation describes the scenarios where running A self-hosted directory is advantageous, and how to deploy it in your local Kubernetes environment.