April 16, 2016
(Containerization)

Synopsis of
Trust and Identity in Education and Research
Package Delivery

The ultimate goal of TIER is the integration of community-developed open-source trust and identity software components into a manageable and complete identity and access management suite, supported by common campus practices.

PLEASE NOTE: THIS IS OPEN-BETA PACKAGING

Although the distribution contains generally-available software components that have been tested and released by their respective engineering teams, this release should be considered an “open beta” as the containers themselves must be tested and refined through iterative adoption and feedback cycles from the campus practitioners.  Unlike commercial software with broad user bases, the package requires careful, on-campus testing, and production deployment is not recommended at this time.

Formative Work

In order to package and deliver the software in TIER Release One, considerable work had to be coordinated across myriad constituencies and disciplines. To meet the primary objective of Durable Standards and Practices identified by the community, campus practitioners and Internet2 staff produced the comprehensive set of work packages and convened the necessary conversations to ensure that needs of the primary recipients (campus adopters) would be met.

To properly align the efforts, resources such as assigned university staff, contractors and consultants had to be properly engaged. Levels of engagement range from one-third time to full-time equivalents.  Additional partner relationships and resources will be retained as funding and a persistent scope of work evolves throughout the course of the program.

TIER relies heavily on several working groups to get the specification work done, involving more than 100 active, contributing participants from the community. These teams work to ensure complete and comprehensive software development, documentation, partner engagement, and campus engagement. Internet2 has also hired software developers, a project manager, and a vice president for trust and identity thanks to the funds provided by the 49 TIER investor institutions.

The TIER Component deliverables are roughly organized along the boundaries prescribed by the Model / View / Controller (MVC) Architectural pattern.  The packaging team has had to make informed choices about where the operating system-level container boundaries must lie with respect to the layout in the virtual machine containers. Some components do not currently have a “View” element (such as Shibboleth) but will in the future. Exceptions are also made to the container choices where separation of the components cannot be reasonably accomplished at the “container” level. An example of this is the case with COmanage where View and Controller are combined in ONE container, while the Model is instantiated in another.

Despite the previous practical considerations, the structures generally follow this pattern:

Each open beta container has its own start-up configuration requirements but the team’s goals have been to provide as consistent an experience as possible. Because of the zero-cost and highly versatile deployment choices available in Oracle’s Virtualization Software (VirtualBox), we chose to describe installation and configuration in those terms. For more information about VirtualBox, please refer to the information on Oracle’s website: https://www.virtualbox.org/wiki/Downloads

Packaging is delivered in the Open Virtualization Format (OVF) and the container is called an Open Virtual Appliance (sometimes also called Open Virtual Application, but we prefer the use of “Appliance”) (OVA).

The OVF format standard was formed by the Distributed Management Task Force, or DMTF, which is an industry working group comprised of over 160 member companies and organizations. The DMTF board is comprised of 15 technology companies and includes Dell, EMC, VMware, Oracle, and Microsoft. As announced at VMworld 2010, DMTF’s OVF standard was adopted as a National Standard by ANSI.

An OVF package structure consists of a number of files: a descriptor file, optional manifest and certificate files, optional disk images, and optional resource files (such as ISOs). The optional disk image files can be VMware vmdk’s, or any other supported disk image file. More information about the OVF format standard can be found at DMTF.Org’s web site (http://www.dmtf.org/standards/ovf).