Success Stories

Customer Challenge – Large-Scale IAM Implementation

One of PPS’ Federal customers had a business need to modernize on their Identity and Access Management (IAM) platform from a legacy Oracle-based solution to a modern IAM platform that can:

  • Integrate with multiple back-end technologies (WebSphere, Mainframe, Drupal, SalesForce etc.)
  • Scale to support more than 80 Million users
  • Operate in a multi-datacenter environment
  • Federate identity with other systems and/or Federal agencies

PPS’ Solution

To achieve the scalability and performance goals of the IAM system, PPS demonstrated technical and architectural leadership by:

  1. Architected a solution based on the IBM IAM product stack that is extensible, scalable and interoperable
  2. Collaborating with IBM to peer-review the solution architecture
  3. Performing extensive performance and stress testing of the solution

The result was that PPS implemented an IAM solution is benchmarked to support more than 80 million users, with 30 authentications per second and 100,000 concurrent sessions. At present, our solution has more than 45 Million users registered and we have performed over 225 Million authentications without any significant performance issues or degradation of service.

Customer Challenge – Log Aggregation and Reporting

One of PPS’ Federal customers has multiple applications in the public domain that support millions of users. These applications have logs distributed over multiple servers with vast amounts of log data being accumulated on a daily basis. Our customer needed a solution that can aggregate logs, query the log data and generate meaningful reports to support security incidents and fraud investigations.

PPS’ Solution

PPS fully understands our client’s needs for a cost effective, extensible and easy to use log analytics tool and successfully implemented tools, including IBM QRadar, and Elastic Stack and to meet the customer’s business need. Our solution aggregated the logs and implemented reporting through real-time monitoring of these logs and historical reports. Our solution is capable of capturing all application related activity for applications that sit behind our IAM reverse proxy and applications that are integrated with our IAM solution using identity federation.

Customer Challenge – HPS-12 Integration with PIV Cards

HSPD-12 compliance was a high-priority goal for one of PPS’ Federal customers. Our customer needed to comply with the HSPD-12 mandate to meet Level of Assurance (LOA) 4 for their Oracle security application.

PPS’ Solution

PPS has in-depth expertise in designing and implementing enterprise IAM solutions and understands the complexity involved in integrating new IAM solutions with legacy systems using different security frameworks. To solve our customer’s problem, PPS created a federated authentication solution using assurance profiles that allows privileged users the option to select login via PIV cards to establish LOA 4 authentication and identity. The solution seamlessly integrated with our customer’s legacy Oracle security application to ensure that our customer is compliant with OMB’s HSPD-12 mandate.

Customer Challenge – IAM in Multi-Datacenter Environment

One of PPS’ Federal customers had a business need to test out the architecture and performance characteristics of implementing a IAM solution in a complete high availability (HA) fashion using two geographically separate datacenters.

PPS’ Solution

PPS successfully implemented a series of proof of concept tests to demonstrate the feasibility of hosting our customer’s IAM solution in multi-datacenter environment in an active-active configuration. The tests successfully demonstrate data replication and session management across the two datacenters. We successfully achieved data replication using LDAP replication across the two datacenters. We also achieved session management using the F5 global traffic manager (GTM) that provided DNS load balancing across the two datacenters. The GTM provided the ability to sense if a problem existed at a datacenter such that the datacenter could be taken offline and have all user requests targeted to the alternate datacenter. The GTM was also tested successfully to load balance users in round robin fashion to either datacenter but persist the user to that particular data center once the user was routed there.