...
- The Shibboleth IdP must operate in high-availability mode, supporting multiple containers running on diverse hardware.
- Local, cloud, and hybrid local/cloud deployments should be possible with the deployment.
- As with the other TIER Shibboleth releases, Shibboleth is delivered to scale horizontally. No database or provisions for cross-node state are made.
- Load Balancing
- External load balancing configuration is out of scope, but a high-level discussion and/or pointers to what a campus will need to do (e.g., sticky sessions) is in-scope.
- Note that Shibboleth requests can be sent to any node of a Swarm and the Swarm will direct the requests to an appropriate container.
- Shibboleth keying material and other commonly changed configuration data are stored as Docker Swarm Secrets and made available to the Shibboleth containers as needed. The Swarm encrypts this data both in transit and at rest.
- Assumption: school will provide docker host(s) configured for swarm mode.
- Logging
- Via stdout with Docker capturing via syslog?
- Shibboleth logging directly via syslog, (feels natural - need to touch the Shib logging config anyway)?
...