You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Grouper*Table of Contents*Introduction1
Part 1 – Introductory Information2
What is Grouper and what can it do?2
SQL database4
Grouper API4
Web Interface4
Provisioning4
How could Grouper be useful to me? Typical use-cases4
What is Internet2 and where does Grouper fit into it?5
Part 2 - Grouper core5
Case studies5
Getting started5
Getting the Quickstart5
Installing the quickstart - Linux5
Installing a JDK5
Installing the RPM version of the JDK6
Installing the self-extracting version of the JDK6
Installing Tomcat6
Installing Apache Ant7
Setting up the quick start 7
Starting the quickstart 8
Installing the quickstart - Windows8
Installing a JDK8
Installing Tomcat10
Installing Apache Ant14
Setting up the quick start 20
Starting the quick start23
Exploring Grouper24
Moving to production24
Running in production 25
Upgrading Grouper25
Part 3 - Getting more from Grouper 25
Web service25
Accessing data/provisioning from Grouper 26
Provisioning to Grouper26
Other services26
Integrating Grouper26
Community contributions26
Part 4 - Deep dive into Grouper26
Inside Grouper26
High availability27
Developing for Grouper27

Part 1 – Introductory Information

What is Grouper and what can it do?

So, lets get started with a few fundamental questions.
Grouper is, at it's simplest, a toolkit to put entities into groups. These entities could be people, computers or other assets, but in most implementations are people. The groups can be of any size, with memberships from one to tens of thousands or more. Grouping entities together is an essential part of a process of simplification which helps to make sense of complex environments. Many people create groups in their personal email clients so that they can quickly send mail to a defined set of individual email addresses without having to worry about mis-sending the email to a wrong person.
Typically all members of a group share one of more common characteristics that means it makes sense to group them together. These characteristics can be defined corporately (members of an academic school), or personally (my friends with a good sense of humour). Typically a group which is defined corporately will make sense and be of use to a larger number of people than one defined personally. This is because the characteristics are a product of the environment, and the more common the environment the more widely the group will be of use.
Grouper can be used to manage groups in small, even personal, environments and large common environments. Groups can be made visible only to people to whom they will make sense and be of use, but all will be contained in central group registry. Having a single registry makes it far easier to manage how the groups interact with other systems than if there were multiple, fragmented registries (such as in many individual mail clients). It also means that disconnected groups in multiple locations no longer need to exist, and membership only needs to be managed in one place.
Many applications and directories offer facilities to create and manage groups, and these groups are normally simple groups, where entities have to be directly made members of a group. Some go further than this, and allow groups to be added as members of other groups (known as nesting). Imagine that there are 2 groups: "All My Friends" and "My friends who live near me"; Bob and Sue are direct members of "My friends who live near me"; "All My Friends" has no direct members.
Now, "My friends who live near me" is added as a member to "All My Friends" and immediately Bob and Sue appear as members of "All My Friends", which they have inherited via their membership of "My friends who live near me". "My friends who live near me" is "nested" inside "All My Friends".
Grouper supports "nested" groups and more; using what is termed Group Math, Grouper can define Groups by including or excluding members from any number of other groups. So a "Friends I sail with" group could be defined as including those members of "All my friends" who are also members of "Sailors", but not members of "Non-sailors".

This encourages groups to be managed efficiently and effectively, avoiding a the common problem of Group sprawl occurs when existing Groups do not quite fit a requirement, resulting in the creation of a new group and assigning entities direct membership of. Creating a new self-contained Group will always create a larger administrative and management load than defining a group in terms of other groups which already exist.
Grouper stores data about groups and membership of those groups in an SQL database. An application programming interface (API) is provided to interact with this data in order to add, delete, query or modify the data. A web interface is also provided as an easy way to view and manipulate data. Grouper allows administrators to give users rights to manage certain groups, thus allowing for delegated management and putting the power to manage groups in the hands of the people who are best placed to manage them. Various methods are also provided for provisioning groups from Grouper to other systems, including LDAP directories. Advanced features such as role and permissions management are also included as part of Grouper. In short, it is a richly-featured group management toolkit.
Grouper can get information about the entities who can be members of groups (subjects in Grouper-terminology) either from its own database, or from an existing external database or LDAP directory.

SQL database

Grouper stores all its data in the SQL database, which can be any one of:

    • MySQL
    • Oracle
    • Postgres
    • Microsoft SQL Server
    • HSQL (an embedded Java database)
Grouper API

The API is a set of Java classes that provide functionality to manipulate data within the database. For example, methods exist to create groups and modify their membership. These classes are distributed as a library which can be called from Java code.

Web Interface

A full-function administrative web interface is available which enables you to view and modify Grouper data in a browser. It uses the API, but no programming is necessary to use it. It is written in Java and runs in an application server, such as Apache Tomcat. A "lite" UI is also available which provides a subset of functionality targeted at end-users rather than administrators.

Provisioning

Functionality is built into Grouper that makes it relatively easy to provision groups created and managed by Grouper into external data stores and applications. This enables you to keep groups synchronised across different stores and removed the need for all applications to interface directly with Grouper to consume groups.

  • No labels