Versions Compared

Old Version 6

changes.mady.by.user Jim Jokl (virginia.edu)

Saved on

compared with

New Version 7

changes.mady.by.user Scott Koranda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Initial Draft

 


A production deployment of COmanage that is designed to support a large-scale virtual organization typically consists of (a) a web server to operate the application itself, (b) the application's database, (c) LDAP infrastructure, and (d) a ProxySAML IdP/SP proxy.  Many other environments are possible.  Of these elements, LDAP and the Proxy SAML proxy are typically operated in high availability mode since they are usually directly involved with most authorization flows.  COmanage itself is operated in standard availability mode .  The since enrollment flows and organization management activities are not usually needed to be highly available.  The database needs backups but not high availability.

...

  1. Logistics
    1. Leverage the Docker container provided by the COmanage team
      1. https://github.com/Internet2/comanage-registry-docker
      2. Includes
        1. Basic application on apache web server
        2. Shibboleth Service Provider
      3. Note for initial build build: export COMANAGE_REGISTRY_VERSION=3.0.0-rc1
      4. Pre-built containers in DockerHub - https://hub.docker.com/r/sphericalcowgroup/comanage-registry/https://hub.docker.com/r/sphericalcowgroup/comanage-registry-slapd/
        1. Initial version to use the Release Candidate versions: 3.0.0-rc1-shibboleth-sp/sphericalcowgroup/comanage-registry:3.0.0-rc1-shibboleth-sp
        2. Look at: https://github.com/Internet2/comanage-registry-docker/blob/master/docs/advanced-configuration.md for configuration options, examples, defaults, etc.
    2. Database – MARIA DB
      1. We will use the “TIER” MARIA DB container
    3. LDAP
      1. OpenLDAP
      2. Either the TIER OpenLDAP or COmanage OpenLDAP container will work
      3. The COmanage LDAP includes eduPerson and openssh-lpk.ldif (as does a version of the TIER LDAP)
    4. IdP/SP SAML Proxy
      1. We will use SATOSA
  2. High Availability
    1. Typically done for Proxy the SAML proxy and LDAP only
      1. OpenLDAP (master/slave)
      2. Two SATOSA containers
    2. The early TIER distribution will not focus on this
  3. Post Install
    1. Send the users to a URL with “what is next”.
    2. TIER to draft site, COmanage team will help with the “what” is we can do the writing.
  4. Discussion - Demonstration/documentation of other provisioners
    1. TIER COmanage will leverage the LDAP provisioner
    2. TIER COmanage may provide some setup support for the Grouper provisioner
    3. TIER COmanage will likely provide no additional assistance for the other COmanage provisoners
      1. Github
      2. Home Directory (experimental – create homdirs on new user)
      3. Mailman
      4. Mediawiki (should we bundle this as a demo?)
      5. Changelog