With the support model structure how are customer ensuring that they are staying on supported versions?
As an example, Identity Gateways 2024.03 was released in late March and this renders all versions prior to 2023.11 to an UNSUPPORTED state.
How do customers ensure that they stay on supported version of all the Forge Products?
Simply upgrading the product every quarter is an onerous task and does not provide value to the organizations as the teams will be focussed on building features and functionality that provide business value.
Interested to see how customers are approaching this?
Most large enterprises wouldn’t be keen on risking their Identity stack running on un-supported versions?
Thank you for this message. From a Ping|ForgeRock perspective I can provide some background. I certainly want to encourage other customers to provide their points of view as well on this topic.
A quarterly release cadence for Identity Gateway helps customers stay within their security SLAs. There is a steady flow of security vulnerabilities flagged in 3rd party libraries (although often not exploitable in IG) and a regular train is a way to keep you up-to-date. Note that we introduced drop-in-upgrade to move from 2023.3 to any later 2023.x release without the need to change configuration, just drop in the software. This only works 2023.x to 2023.y, not between major version upgrades.
At this point, IG 2024.3, IG 2023.11 and IG 7.2 are supported versions. In particular, IG 7.2 is still supported until February 2025 with the option to ELS (extended limited support) to 2027.
You may consider the last minor release of a major branch (i.e. year since calendar versioning) a LTS (long-term support) release. 2023.11 is supported until 2026 with ELS to 2028. 2024.11/2024.12 will be supported until 2027 with ELS until 2029. And so forth.
If you can do 1 upgrade a year, I would recommend to move to an LTS release. This would always be the last release of a year, i.e. 2023.11, 2024.last, etc.
It is a question of balance between your security SLA, appetite for new functionality and capacity to upgrade. Keen to hear what others think.
As you mentioned, keen to hear from other customers (large and small) and what they do. Though this conversation used IGs as an example, the question is generic and applies to all the ForgeRock (Ping Identity) products.
Glad to hear that 2023.x to 2023.y is a “drop-in” upgrade.
Checking to see if this implies customers can perform light-weight sanity tests (instead of the typical heavy-weight full release cycle) to perform these upgrades (for 2023.x → 2023.y type minor upgrades)
If the LTS release is release late in the year (e.g. 2023.11) and recommendation is to move to them, that will not be easy for most enterprises which typically have a freeze period towards the end of the year.
IMHO, If the LTS release (for the year) is October or earlier, then this recommendation MAY work for a large number of customers.