Virtual Appliance (VA) – A typical Sailpoint Managed Linux Container custom built, immutable appliance which can act as Gateway between client sources, Sailpoint, container and security patch repository, IdentityNow Microservice Infrastructure. This appliance is built based on FlatCar Container Linux which was derived from CoreOS . The community linux distribution is designed for high security and low maintenance.
Role of this Virtual Appliance:
1. Communicate with the Identity Now Microservices
2. To support secure communication between Sailpoint and your systems
3. Connect with different sources for the client in the public cloud (example: Salesforce, Box, ServiceNow, Office365, GoogleApps, GoToMeeting, WebEx, and Workday)
4. Connect with different sources and applications for the client with in the internal network (Active Directory, Exchange Servers, etc.,)
5. Receive updates from Sailpoint to keep the Virtual Appliance latest and secure with updated features
Key features of the virtual appliance:
a. Contains low footprint tools built for specifically for Sailpoint
b. Immutable filesystem which eliminates various security vulnerabilities
c. Automated atomic updates to keep the container secure- This can be managed update on schedule.
d. Compatible and can be deployed with AWS, Azure, Local for vSphere, Hyper-V
e. Local deployment can be made on Virtual Machine available on Bare Metal
f. Updates are managed by Sailpoint
g. Monitoring are done by Sailpoint
Important things to understand about this virtual appliance:
- This appliance does not allow to Deep Packet Inspection (DPI)
- Only inbound connection allowed via SSH can be done by the Tenant Infrastructure Administrators
- Outbound connections to be allowed for DNS (53), HTTPS (443) and NTP (123)
- Not recommended to be deployed under DMZ