This is a sample planning guide for Grouper Installation and Deployment, with content contributed by New York University. It is intended to provide a framework as you are getting started implementing Grouper at your site. There are three primary stages:
- Developing Integration Materials
Note that as of 2019, the preferred Grouper installation approach is using InCommon Trusted Access Platform Docker Containers
I - Planning Stage
Gain a basic understanding of Grouper
- Review Grouper introductory/overview documentation, including the glossary.
- The "Grouper Training for Managers" video series provides an overview of both access management at large, as well as Grouper's core concepts and features
- Review the TIER Grouper Deployment Guide (as of October 2019, being updated on the wiki here)
- Imagine how you expect Grouper to fit into your identity and application architecture
- Check out the Grouper Demo
- Install Grouper in a test environment to familiarize yourself with Grouper.
Set initial goals
Establish a set of specific goals for your initial project.
- Are you planning an exploratory investigation of Grouper for possible future use, or have you settled on implementing Grouper in production for, at least, an initial set of purposes?
- What applications or application uses will be integrated with Grouper?
- What Grouper software components need to be installed for initial use?
- Will Grouper manage ALL your groups, or will some group data be managed by other means?
- Do you have existing groups data and groups management software from which you need to migrate?
- Can you install, and begin to use, Grouper in phases?
Plan hardware and software environments
- Review InCommon Trusted Access Platform Docker Containers. This is the suggested installation as of 2019.
- What Grouper environments will you initially install? A development instance? A test (Q/A) instance? A production instance? All three or just one or two?
- For your software environments, what host machines will you run on? What ports will be used, what firewall settings might need to be made?
- Will you run Grouper software "as root" or as another user?
Plan groups data hierarchy and naming
- What basic categories of groups do you wish to manage? (e.g. classes, committees, workgroups, groups that share an entitlement, major subsets of your community, such as students/freshman/faculty/IT staff, etc. etc. etc.)
- Determine a basic stem / folder structure that supports two or more initial categories of groups. See examples from other sites.
- Determine your groups naming scheme. Example here.
- Flat or bushy?
- Will you use the template wizard for creating folders and groups?
Determine application and data components to use
The Grouper software consists of a number of major application and data components, not all of which you may wish to install and run from the beginning....
- What database (existing or new) will form your Grouper database repository?
- What database (existing) will provide you with subject data
- Do you plan to replicate groups data out to LDAP or some other database? (for LDAP, see this training video)
- Do you plan to automate groups management (for some or all groups) based on one or more data sources (and using the Grouper Loader)?
- Should you use just an application server or an application server + web server to enable web access?
- Which interfaces to groups data do plan to initially implement and support? Web browser access? Web services access? Grouper shell access? How do you expect end-users and applications to interface for read-only and for read-write purposes to groups data? See this training video on integration
- Security considerations (e.g. wheel group, externalizing and encrypting database/ldap passwords)
- How will you structure configuration files?
II - Installation, Testing, Rollout
Sketch out your actual installation, testing, and rollout process, including:
- Confirm access to hardware/software environments, data sources and destinations
- Outline steps for installation and configuration of Grouper software elements
- Finalize initial stems/folders to create, authentication approach, initial groups to create and populate (see examples)
- Plan basic testing of functionality
- Plan for ongoing operations, considering your desired approach to such duties as
- Monitoring / Management / Maintenance (see the section on Ongoing Admin Tasks)
- Support for Application developers/managers integrating their apps with Grouper
- Support for any end-users
- Plan to document your installation and configuration as you go along. Please share your experience so other sites can benefit.
Install & Test
III - Develop integration materials
Develop documentation, sample code, examples for use by app developers who wish to integrate their software with your Grouper installation.
To help other sites and facilitate the success of the Grouper community, please contribute your documents to the Grouper Community Contributions area.
Grouper Training slides (including group naming best practices)