Executive Summary
Grouper at Georgia Tech will be a place to define roles/groups for authorization, and they will be provisioned into GTED (campus LDAP) as LDAP attributes that any application can read at authentication time to decide if a user should be allowed to access an application.
Grouper Loader, PSPNG, UI, and Web Services will be running in Docker containers managed by vSphere Integrated Container Engine. The Grouper Database will be built in an external Oracle Database. Source data will be loaded from an Enterprise Data Warehouse in Oracle and data will be provisioned to an LDAP Person Registry. External applications will access Grouper Data directly via Georgia Tech API’s (BuzzAPI) which interfaces with Grouper Web Services.
Organization Description
The Georgia Institute of Technology is a leading research university committed to improving the human condition through advanced science and technology. More than 25,000 undergraduate and graduate students attend Georgia Tech in fields ranging from engineering, computing, and sciences, to business, design, and liberal arts. Our main campus is in Atlanta, Georgia. International campuses are located in Metz, France and Shenzhen, China.
Containerized TIER Component(s) to be implemented
- Grouper Access Management Software
Short Management-Level Use Case Description of Your Project
Georgia Tech’s IAM team decided to install Grouper in Docker containers due to a desire to gain efficiencies in development, ease of deployment, and enhanced control over orchestration. While we are currently running Grouper Daemon, UI and Web Services in Docker containers successfully, we have a lot to learn and build on based on our past experiences and plans for future growth.
Scope
Deliver a Grouper solution to campus that allows for more central and flexible group and permission management with the capability to integrate with many cloud systems through apis.
Phase I - Support groups for Campus Services’ Door Management project
Phase II - Expand Grouper to include more reference data and flexible account profiles
Phase III - Promote Grouper use to wider campus audience
Phase IV - Replace existing legacy group/role management system
Key Stakeholders
Sponsor | John Wilson, Director of Enterprise Information Systems |
Campus Success Program Contact(s) | Dusty Edenfield, Systems/IT Architect Sr, dusty.edenfield@oit.gatech.edu Bert Bee-Lindgren, Systems/IT Architect Principal, bert.bee-lindgren@oit.gatech.edu John Bryson, Systems/IT Architect Mgt Sr, john.bryson@oit.gatech.edu |
Communications contact | Dusty Edenfield |
Project team members | Dusty Edenfield Bert Bee-Lindgren John Bryson |
Deployment Partners/Contractors | N/A |
Project Milestones
Activity | Assigned Resources | Start Date | End Date |
Load Balancing of Containerized Grouper | Dusty Edenfield | 9/1/2017 | 10/31/2017 |
Transition to vSphere Integrated Containers | Dusty Edenfield | 11/1/2017 | 11/30/2017 |
Separation of Prod/Test/Dev Grouper | Dusty Edenfield | 12/1/2017 | 12/15/2017 |
Expand reference data loaded into Grouper | Dusty Edenfield | 12/18/2017 | 1/31/2017 |
Integration of user accounts into Grouper | Dusty Edenfield | 2/1/2017 | 2/28/2107 |
Synergistic Projects
Door Control Project by Campus Services IT Group
A collaboration between Georgia Tech’s IAM team and Campus Services IT to solve the problem of group management in distributed door control systems
IAM was tasked with installing Grouper and integrating campus identity data sources. IAM has also built custom api’s that layer Georgia Tech’s established access controls and load balancing on top of Grouper Web Services.
ITG is responsible for building custom web UI’s that allow end uses to view and maintain Grouper Data using IAM’s API framework.
Constraints, Assumptions, Risks and Dependencies
Constraints | Lack of experience with Docker Orchestration. |
Assumptions | Implementation of Grouper remaining a top priority for GT’s Identity Management strategy |
Risks and Dependencies | Level of reliability of a Docker hosted solution. Degree to which other projects take away from focus due to management directives. |