FAQ - Keycloak Fast Track

What is it?

Keycloak Fast Track is a project that allows you to have a highly-available Keycloak domain mode cluster in your own infrastructure within one week after Puppeteers has gained sufficient access to your Cloud or on-premise infrastructure. Keycloud can be integrated with your user directory, e.g. Active Directory, LDAP or FreeIPA, if you have one available.

What is included in the delivery?

The fixed price (€999 excluding VAT 24%) includes deployment of all the resources required for the Keycloak domain mode cluster. For example in AWS or Azure this consists of:

  • Load balancer instance
  • Database instance
  • Two or more virtual machine instances for hosting Keycloak domain controller and domain slaves
  • Security groups
  • DNS entries
  • Integration with a pre-existing user directory (e.g. AD, LDAP, FreeIPA)

All the resources will be configured to work seamless as a highly-available Keycloak domain-mode cluster.

The delivery includes all the infrastructure code (Terraform, Puppet) used to build the domain mode cluster. This prevents vendor lock-in: you can at any time take over the maintenance of your domain mode cluster if you wish.

What is excluded from the delivery?

The following services are not included by default:

  • Integrating web applications to Keycloak with SAML or OIDC for web-SSO (€499 each, excluding VAT 24%)
  • Support and maintenance (€499 excluding VAT 24%, billed monthly)
    • Being on call (service desk)
    • Managing security updates every month for the Keycloak and its host operating system
    • Backups, monitoring and disaster recovery (if you don't have or wish to use your own)
  • Development of Keycloak client adapters (hourly billing)
  • Consulting services (hourly billing)

Why this service?

The increased usage of "easy to get started with" SaaS services in the recent years has resulted in a credentials management nightmare. Employees have to login to <x> systems every day to get work done and operations has to remember to create and delete <x> accounts every time a new person comes in or an old one leaves. Moreover, two-factor authentication authorization needs to handled separately in each of those <x> accounts. As such trying to enforce any security or compliance  policies is an exercise in madness. This is where Keycloak, and this service, comes in.

Keycloak is the best application for providing web-SSO, or more generally "Identity and Access Management", for modern applications. While setitng up a standalone Keycloak is fairly easy, such a setup is not highly available and therefore not really suitable for critical workloads. This is where Keycloak domain mode comes in: it allows keeping multiple identical Keycloak instances in different data centers to stay synchronized with data and user sessions. That said, setting up a Keycloak domain mode cluster is technically very challenging. You need to understand not just Keycloak, but also the underlying software: Wildfly application runtime, Infinispan caches, JGroups and jboss-cli, among other things. This is where our service comes in: you can get highly-available Keycloak set up now, not at some distant point in the future.

To make things as easy as possible for you  we also offer support and maintenance.  We can also help you integrate your web applications to use Keycloak for authentication and authorization using SAML and OIDC.

Our recommendation is to get the full package (deployment, support and maintenance, integrations). If you're starting from scratch with Keycloak, SAML and OIDC it will, in our experience, take at least a couple of years to build what we can build for you in a couple of months.

Who is this service for?

This service is primarily aimed for organizations that want to have a highly-available Keycloak setup with supporting services.

If you have already know what makes a Keycloak domain mode cluster tick then you're unlikely to need us.

How do I order?

Please schedule a meeting, fill in the contact form or send email. We'll take it from there.
Have a look at the order/delivery process

I have questions and/or want to talk to you

Please send us a message using our contact form or schedule a meeting.

Can I trust you?

You don't really have to, because:

  • We are bound by our one-sided NDA when you order this service. That prevents us from disclosing any information about your infrastructure to external parties.
  • You can lose only about two hours of your working time (initial discussion and granting us access).
  • We offer a 100% money-back guarantee, no questions asked. If you're not happy, we won't charge you.
  • We gain nothing by misusing your trust.