Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.canarie.cawww.canarie.ca | www.swamid.se Presenters: Chris Phillips – CANARIE, Canada Anders Lördal– SWAMID, Sweden Think Globally, Act Locally: Simplifying.

Published byJob Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.canarie.cawww.canarie.ca | www.swamid.se Presenters: Chris Phillips – CANARIE, Canada Anders Lördal– SWAMID, Sweden Think Globally, Act Locally: Simplifying."— Presentation transcript:

1 www.canarie.cawww.canarie.ca | www.swamid.se Presenters: Chris Phillips – CANARIE, Canada Anders Lördal– SWAMID, Sweden Think Globally, Act Locally: Simplifying Federated Technologies May 18,2014| TNC2014 | Dublin, Ireleand

2 www.canarie.cawww.canarie.ca | www.swamid.se About CANARIE 2

3 www.canarie.cawww.canarie.ca | www.swamid.se About CAF & SWAMID CAFSWAMID Size of Community 89 Universities, ~120 colleges 52 Institutions Size of Federation 103 SAML IdP:24 Shib,1 SSPHP, 33 SPs eduroam: 78 IdPs 78+ campus’ 333 SAML IdP: 45 Shib,1 SSPHP 4 ADFS, 1 pysaml, 278 SP eduroam: 39 IdPs 773 locations Coverage>48%> 98% Participate in eduGAIN? ✔✔ Challenge Uptake parity between eduroam & SAML related to time and skills Participants ability to remain current & maintain skills Shib=Shibboleth, SSPHP= SimpleSAMLPHP Even at different stages and coverage, we encounter similar challenges Opportunity to collaborate & leverage each others investments

4 www.canarie.cawww.canarie.ca | www.swamid.se Response to the challenge Evolved approach to better match campus IT reality Reduced cost/effort implement & support Simplifies installation experience http://www.flickr.com/photos/madison_guy/3386919046/sizes/o/in/photostream/ Madison Guy Choose RADIUS server Install & Configure Test & Connect Preferred Server installed Pre-configured Tested Classic Approach IdP Installer Approach Preferred platform installed Pre-Configured Tested Choose platform Install & Configure Test & Connect

5 www.canarie.cawww.canarie.ca | www.swamid.se Chris Phillips Origin of the collaborative work We both came to the table with something: SWAMID: original SAML installer & was refactoring CAF adopted paradigm for eduroam automation work Critical piece  bootstrapped collaboration with ½ day in person session identifying key principles & mechanics

6 www.canarie.cawww.canarie.ca | www.swamid.se Chris Phillips Origin of the collaborative work We both came to the table with something: SWAMID: original SAML installer & was refactoring CAF adopted paradigm for eduroam automation work Critical piece  bootstrapped collaboration with ½ day in person session identifying key principles & mechanics Simple as possible, complex as needed Core Principle

7 www.canarie.cawww.canarie.ca | www.swamid.se https://www.flickr.com/photos/75905404@N00/7126146307https://www.flickr.com/photos/75905404@N00/7126146307 OZinOH Principle Drives Design It’s not just the tool, but the techniques applied in the tool: Highly Extensible – be Federation aware, be tech agnostic.. Internalize complexity to simplify end users experience Internationalize by default instead of retrofit Embody best practices to avoid error in implementations

8 www.canarie.cawww.canarie.ca | www.swamid.se The Results – The IDP Installer What is it? –Installation script with HTML configuration to image a blank VM What does it do? –Auto installs and configures IdP server components –Configures entire system, not just software –Supports eduroam and Shibboleth Benefits –Fewer steps –Hides technical complexity from user VMVM Shibboleth Identity Provider (2.4.0) freeRADIUS(2.1.12)freeRADIUS(2.1.12) Apache Tomcat (6.0) Java (openjdk 1.7) Operating System (centOS6.4+ or Ubuntu 12.0.4)

9 www.canarie.cawww.canarie.ca | www.swamid.se Installation Improvements Outcomes Install effort reduced from 2 discrete projects to 1 on participant site Automated configuration reduces installation complexity and editing needs Speeds up installation Reduces errors

10 www.canarie.cawww.canarie.ca | www.swamid.se Installation Overview Plan & Prepare installation Review System Requirements to prepare your environment. Prepare your network Prepare your environment (settings for Directory, Certificates, etc) Review and choose a preferred deployment approach Review your federation specific post install steps Do Installation Create a configuration from your federations' configuration builder Save configuration as 'config' in this directory on your server Run the script./deploy_idp.sh Answer any inline questions (password creation for keystores) Post installation tailoring Based on items previously identified, finalize the installation Identity steps needed to be repeated in production Local acceptance testing Contact FedOp to complete registration [1] From installer document in distribution: https://collaboration.canarie.ca/elgg/groups/profile/847/idp-installer

11 www.canarie.cawww.canarie.ca | www.swamid.se Configuration Demo & Walk Through http://youtu.be/7DpHL9akgrg

12 www.canarie.cawww.canarie.ca | www.swamid.se https://www.flickr.com/photos/julia_manzerova/4748112382/https://www.flickr.com/photos/julia_manzerova/4748112382/ Julia Mnazernova Weighing the Options A lot of great tools and techniques out there  had to choose wisely Driven by Principles and Requirements. How closely do these match yours?

13 www.canarie.cawww.canarie.ca | www.swamid.se Contrasting Implementation Styles ModelBenefitDrawbackExample? Centralized/Co mmand & Control Centralized control Remote management capabilities Complexity is high for backend Not easily hosted locally May not meet needs for hands off remote operation GAAR Download VM preconfigured Quick, good degree of consistency Reliable troubleshooting Large binary distribution (is it necessary?) Expectation of responsibility for patching VM may not have all components & site wants access to root. Hard to scale variants. Cost of maintaining unwieldy Eduroam in a box VM Installer tool (implemented) Pre-existing code base Least complexity Smallest footprint Knowledge readily available Interface translation friendly Keeping current with dependencies takes effort Testing complexity is higher SWAMID original installer DevOps tools

14 www.canarie.cawww.canarie.ca | www.swamid.se Contrasting Implementation Techniques TechniqueBenefitsDrawbacks Puppet/Chef based In Producton Scales nationally Command and control with puppet Command and control required, some rigidity dilutes autonomy of sites Ansible based Able to get support DevOps friendly Not a broad skill set in the target community Various languages(java,perl, Expect) Various reasons (choose your favorite) Skill set hit and miss in the field. Existing investment in bash for installer Configuration in standalone HTML+javascript Ubiquiteous - Available inherent in system shell Maintainable Sophisticated or as primitive as you would like to use Easily tweaked because we know it will be Internationalization(i18n) friendly It’s bash & there’s a bit of baggage with that. HTML interface for cross browser compatibility

15 www.canarie.cawww.canarie.ca | www.swamid.se Usage & Feedback CAFSWAMID Status to respective community Available as ‘Beta’. Awaiting feedback from handful of sites so we may transition to ‘General Availability’ Widely available for sites to use and test Community feedback Positive. One pilot site: Found deploying eduroam easier and are transitioning to eduroam as the only campus SSID for Fall 2014. Positive. At least four sites running One with active/standby config.

16 www.canarie.cawww.canarie.ca | www.swamid.se Collaboration – Managing Change GitHub public repository used https://github.com/idp-installer-manager Core codebase in ‘idp-installer-global’ repo To use, strongly encouraged to fork your own ‘idp- installer- ’ Loosely couples code management Enables isolation for feature development (push) to global for review & promote to community. Other forks can retrieve (pull) from global at their own pace– as quick or as slowly as needed idp-installer-global idp-installer-CAF idp-installer- SWAMID ipd-installer- YOUR_FED_HERE

17 www.canarie.cawww.canarie.ca | www.swamid.se Your Invited! Code base in use at CAF and SWAMID. Clone one of ours now to try it out (http://bit.ly/caf-idp / http://bit.ly/swamid-idp )http://bit.ly/caf-idphttp://bit.ly/swamid-idp Want your own? Come talk with us or fork your own from: http://bit.ly/global-idp http://bit.ly/global-idp http://www.flickr.com/photos/shutter/105497713/sizes/l/in/photostream/ Chris Owens

18 www.canarie.cawww.canarie.ca | www.swamid.se Thank you! Contact: Chris Phillips Chris.Phillips@canarie.ca Anders Lördal Anders.lordal@hig.se Chris & Anders in the hotel lobby IdP Installer hack-a-thon in San Francisco Nov’13 Identity week. Photo by Nicole Harris

19 www.canarie.ca

Download ppt "Www.canarie.cawww.canarie.ca | www.swamid.se Presenters: Chris Phillips – CANARIE, Canada Anders Lördal– SWAMID, Sweden Think Globally, Act Locally: Simplifying."

Similar presentations

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.
Test Automation Success: Choosing the Right People & Process

Test Automation Success: Choosing the Right People & Process
® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan

® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan
Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
MC365 Ant. Today We Will Cover: Overview of Ant Installing Ant Using the Ant command line tool Various Ant commands available Using Ant in Eclipse.

MC365 Ant. Today We Will Cover: Overview of Ant Installing Ant Using the Ant command line tool Various Ant commands available Using Ant in Eclipse.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.

Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.
Installing software on personal computer

Installing software on personal computer
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Version Control with git. Version Control Version control is a system that records changes to a file or set of files over time so that you can recall.

Version Control with git. Version Control Version control is a system that records changes to a file or set of files over time so that you can recall.
Express Deployment Tool. Introducing the Express Deployment Tool! The Solution: The Express Deployment Tool (EDT) leverages a wizard-based graphical user.

Express Deployment Tool. Introducing the Express Deployment Tool! The Solution: The Express Deployment Tool (EDT) leverages a wizard-based graphical user.
Section 13.1 Add a hit counter to a Web page Identify the limitations of hit counters Describe the information gathered by tracking systems Create a guest.

Section 13.1 Add a hit counter to a Web page Identify the limitations of hit counters Describe the information gathered by tracking systems Create a guest.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Automation Fundamental Concepts &

© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Automation Fundamental Concepts &
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Erlware For Managing Distribution and Build Erlang User Conference 2007.

Erlware For Managing Distribution and Build Erlang User Conference 2007.

Similar presentations

Ads by Google