Versions Compared

Old Version 36

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 154


This page has been deprecated and active content has been moved to this page.

Info

The three-year TIER program reached a successful conclusion at the end of 2018. The program, funded by 49 investor schools, involved containerizing and connecting the Internet2 Community’s key open-source Identity and Access Management software components, significantly reducing the time and effort needed for installation, configuration, and upgrades. The result is the new InCommon Trusted Access Platform, an IAM suite meeting the specific needs of research and education. Please visit the InCommon Trusted Access Platform wiki for more information, including links to software downloads.




Image Added     

TIER: Production Releases

The TIER team is grateful for everyone who evaluates and uses these releases.

Docker Containers


Info
titleDocker Containers


Shibboleth IdP Docker Linux Container (3.4.3)Shibboleth IdP Docker Windows Container (3.4.3)Shibboleth IdP Config Builder Container

Shibboleth SP Linux httpd Container (3.0.3)

Shibboleth SP Windows IIS Container (3.0.3)

  • Current release: 181201

  • Container Image Name: tier/shib-sp-windows-iis:latest

  • Status: New container

  • Container Source Code

Grouper Linux Container (2.4.0)

Grouper Linux Container (2.3.0)

COmanage Linux Container (3.2.0)

midPoint Linux Container (3.9 Preview)

  • Coming soon...

Virtual Machine Images

The links below are to virtual machine images, which are designed to be Docker build/run machines and are

Image Removed     

TIER: Production Candidate

December 19, 2016
(Continuous Release Pipeline)

Internet2 Report TIER Release Production Candidate.V20161219

Synopsis of Trust and Identity in Education and Research (TIER) Package Delivery

The ultimate goal of TIER is the integration of community-developed open-source trust and identity software components into a manageable and complete identity and access management suite, supported by common campus practices.

Need Basic Information?

Visit the TIER 101 page.

Standard TIER Component Distributions

These are the standard production distributions for the three TIER components. These are recommended for production environments.

April 2016 TIER Release Report

If you wish, you can review the comprehensive report on the April 2016 TIER release.

Who's Trying TIER?

Image RemovedSeveral campuses are TIER tire kickers; downloading and testing the container-based versions of the software. If you'd like contact information for the appropriate folks at these institutions, or if you want to add your organization to the tire-kicking list, email emily@internet2.edu

  • Duke University

  • Indiana University

  • The Ohio State University

  • University of California, Berkeley

  • University of Illinois

  • University of Michigan

  • University of Pennsylvania

  • University of Virginia

  • University of Wisconsin-Madison

Virtual Machine Images

These are virtual machine images preloaded with the appropriate set of Docker containers. These are made available for testing and for your feedback to the TIER component architects. The  The VMs are intended primarily for campuses that do not currently operate container-based applications or are new to container-based applications. Production deployment of these virtual machines is not recommended at this time.  
The TIER team appreciates everyone who downloads and "kicks the TIER tires." Please provide your feedback using the links here.AMIs, for running in AWS, are also available here.  

Info
titleVirtual Machine Images and Documentation

COmanage Registry (3.1.1)

Grouper (2.3.0)

Shibboleth IdP VM (3.3.1)

Amazon Machine Images (AMIs)

Info
titleAmazon Machine Images (AMIs)

COmanage Registry (3.1.0)

Grouper (2.3.0)

Shibboleth IdP VM (3.3.1)

If you will be using the released VMs, below are If you intend to download these VMs, a few suggestions:

  • The VMs are designed to be run in VirtualBox.  If you are not familiar with VirtualBox, you can read the documentation and download the software from

    the

    the Oracle's web site.

  • AMIs, for running in AWS, are also available here.

  • Once VirtualBox is installed and running, you import the .ova distribution using the File / Import Appliance function.

  • The default network connection for some of the Virtual Machines is NAT.

    This

     This works well

    for the case logging

    if you want to log into and

    examing

    examine the VM and containers.

    To

    But to connect to services hosted by the VM, you'll likely want to switch the network to bridged mode. This will give the VM an IP address from your network's DHCP server and provide you with the ability to access services from a browser.

  • Please review the Release Notes for installation instructions and additional information on VirtualBox setup.

  • Remember to change the login password(s) before you place the VMs on a public network.

 

 

TIER - Current State of Components 

This document, TIER Accomplishments by Thematic Groups, provides the current state of the component portions of the TIER program and planned future activities. It draws from initial documentation of TIER program requirements and subsequent working group accomplishments. It also includes items flagged “[Must2018]” which have been identified by the component architects as being required to be completed before the end of 2018.

Need Basic Information?

Visit the TIER 101 page.

TIER Release Reports

Campus Practices Included in the TIER Program


NOTE:

Starting with the 17040 release,  the TIER components contains functionality from phase 1 of the TIER Instrumentation work.  If you need to disable this functionality, you can configure a manual setting in the local Dockerfile on the VM.  There is a commented section near the top of the file that instructs you to uncomment a single line below which will disable the TIER Instrumentation functionality.



    

Structures of the Container-Based Files

Image Removed

The structures generally follow the pattern shown on the image to the left.

Each container has its own start-up configuration requirements but the team’s goals have been to provide as consistent an experience as possible. Because of the zero-cost and highly versatile deployment choices available in Oracle’s Virtualization Software (VirtualBox), we chose to describe installation and configuration in those terms. For more information about VirtualBox, please refer to the information on Oracle’s website: https://www.virtualbox.org/wiki/Downloads

Packaging is delivered in the Open Virtualization Format (OVF) and the container is called an Open Virtual Appliance (sometimes also called Open Virtual Application, but we prefer the use of “Appliance”) (OVA).

The OVF format standard was formed by the Distributed Management Task Force, or DMTF, which is an industry working group comprised of over 160 member companies and organizations. The DMTF board is comprised of 15 technology companies and includes Dell, EMC, VMware, Oracle, and Microsoft. As announced at VMworld 2010, DMTF’s OVF standard was adopted as a National Standard by ANSI.

An OVF package structure consists of a number of files: a descriptor file, optional manifest and certificate files, optional disk images, and optional resource files (such as ISOs). The optional disk image files can be VMware vmdk’s, or any other supported disk image file. More information about the OVF format standard can be found at DMTF.Org’s web site (http://www.dmtf.org/standards/ovf).

Formative Work

In order to package and deliver the software in the TIER Production Candiate, considerable work had to be coordinated across myriad constituencies and disciplines. To meet the primary objective of Durable Standards and Practices identified by the community, campus practitioners and Internet2 staff produced the comprehensive set of work packages and convened the necessary conversations to ensure that needs of the primary recipients (campus adopters) would be met.

To properly align the efforts, resources such as assigned university staff, contractors and consultants had to be properly engaged. Levels of engagement range from one-third time to full-time equivalents.  Additional partner relationships and resources will be retained as funding and a persistent scope of work evolves throughout the course of the program.

TIER relies heavily on several working groups to get the specification work done, involving more than 100 active, contributing participants from the community. These teams work to ensure complete and comprehensive software development, documentation, partner engagement, and campus engagement. Internet2 has also hired software developers, a project manager, and a vice president for trust and identity thanks to the funds provided by the 49 TIER investor institutions.