TIER Reference Implementations are designed to enable rapid evaluation of a component or set of interconnected components and provide a starting point for a full campus deployment. Reference Implementations are developed for Docker Swarm but dependencies are minimized within the containers in order to facilitate the use of other container orchestration mechanisms.
Like the other TIER distributions for large-scale production environments, the TIER Shibboleth deployment is targeted for use with Docker Swarm. TIER will link to references on how to set up the Docker environment for this solution but will not provide pre-built virtual machines. Schools needing a vm-based solution should focus on the TIER Shibboleth Appliance instead. The use of Docker Swarm provides a mechanism to manage secrets, handle internal routing of requests, container orchestration, and facilitates hybrid campus-cloud deployments. Container orchestration frameworks other than Docker Swarm (e.g., Amazon ECS) may be evaluated in the future. The TIER Shibboleth Docker distribution itself is designed to support a variety of usage scenarios and has capabilities beyond those used here.
The configuration present at the start of this larger-scale deployment methodology is that which is generated by the Shibboleth IdP installer. This IdP Installer configuration is burned into the container, including newly-generated certificates, private keys, and other associated material. TIER's configuration mechanism enables you to overlay these default secrets. The Configuration Builder assists with greenfield deployments while other scripts and documentation assist with the migration of existing campus configurations into the Docker Swarm environment.
Upgrades to new minor releases of the TIER Shibboleth Docker container are implemented using the same tooling described above. The campus is effectively maintaining a copy of its Shibboleth configuration tree and this configuration, coupled with the provided scripts and documentation, is used with updated versions of the container. Changes to the Shibboleth application that introduce new or significantly changed configuration files will be dealt with as needed.