Executive Summary
The University of Illinois at Urbana-Champaign is a premier research and teaching university. The university is a strong supporter of Internet2; we were part of its creation, and we heavily depend on its work today to support our missions of research, teaching, and outreach.
The members of our senior management are firm believers in TIER and its purpose, and have encouraged staff time trying out the TIER packages and offering feedback. Mark Henderson, CIO, and Tracy Tolliver, Director of Application Services, have been particularly passionate about TIER, sharing opportunities posted to the TIER investors list and often sharing our feedback with such groups as RUCC and Internet2.
We are also excited about the packaging of TIER products. These products, packaged in Docker containers, could not have come at a better time as we embark on a strong cloud-first initiative. As we work to deploy TIER packages in the cloud, we hope to create geographically distributed, automatic scalable services based on TIER-community driven best practices. We also hope, as an early adopter of TIER software, to gain experience in cloud deployments of the software that we can share with the community. We believe that this work will allow us to better manage identity and federation services and better collaborate with peer institutions.
Organization Description
The University of Illinois at Urbana-Champaign is one of the original 37 public land-grant institutions created after President Abraham Lincoln signed the Morrill Act in 1862. As of fall, 2016, we had an undergrad enrollment of 33,467 students from all 50 states and an additional 5,537 international undergraduate students from 82 countries. We also had 11,413 students in our graduate and professional programs. We have approximately 2,700 faculty members and 8,000 staff members. Our students can earn degrees in more than 150 academic programs in our fifteen colleges, including professional colleges for law and veterinary medicine.
Our library is one of the largest public university libraries in the world with a collection of more than 24 million items. We have twenty area-studies libraries, including one of the largest engineering libraries in the country, a state-of-the-art agricultural library, and a world-renowned rare book and manuscript library.
The University of Illinois at Urbana-Champaign is a major research institution. In fiscal year 2016, we had research and development expenditures of $620 million. We are the top recipient among all universities in National Science Foundation award funding for six years running.
Such an extensive community of learning and research leads to increased needs for federation, international multi-institution collaboration, and scalable authorization mechanisms. In addition, in our current tight economic climate, we must do all of this efficiently.
(Source: Facts about University of Illinois at Urbana-Champaign, http://illinois.edu/about/facts.html)
Containerized TIER Component(s) to be implemented
Illinois plans to implement two of the initial TIER packages: the Shibboleth IdP and Grouper. We also are considering eventual implementations of midPoint and CARMA.
Our Shibboleth IdP is currently running in-house and was identified as one of our first services to move to Amazon AWS as part of our cloud-first initiative. We are focusing on Amazon's Elastic Beanstalk, which is Amazon's version of Docker, making the TIER-packaged IdP perfect for our needs. We plan to have a production IdP running in the cloud this fall and, after a brief trial period, will replace our in-house IdP nodes with additional cloud nodes. Our project plan is attached to this proposal.
We are also preparing to deploy our first production instance of Grouper, branded as Authorization Manager. We plan to deploy this to the cloud from the start and hope to have it in production later this fall. Again, the TIER-packaged software will make our work deploying Grouper to AWS much easier. A project plan for our Grouper rollout is also attached.
Our university administration that oversees the three University of Illinois campuses currently runs midPoint for multi-campus password synchronization. We have seen what this software can do and could use it to replace some of our person registry functions, currently handled by a commercial product. Add to it what TIER is doing with it as a registry and provisioning engine, and it could be a good option for us. We will continue to explore.
We are currently using the built-in Shibboleth attribute user consent. We are very excited, though, by what CARMA can do to take attribute consent to a new level and centralize it. We hope to replace the attribute consent in our IdP with CARMA and let other services benefit from its use, too. We have no timeline for this yet but would like to do it in the next year or two.
Short Management-Level Use Case Description of Your Project
As previously mentioned, our cloud-first initiative aims to migrate many campus IT services to the cloud. This work has an aggressive 18-month timeframe, targeted for completion in 2018. The releases of TIER packages that can be deployed to Amazon Elastic Beanstalk could not have been better timed for our work. We hope to gain experience moving our Shib IdP would like to offer resources and documentation on deploying TIER software to AWS in addition to our general lessons learned deploying TIER software. Even if not selected, we will certainly have documentation to contribute.
Scope
This project will deliver cloud-hosted implementations of both the Shibboleth IdP and Grouper in production using TIER packages. Internally to UIUC, these will be managed as two separate sub-projects within our project management structure: PROJ-0171 is the rollout of our “Authorization Manager” service, powered by Grouper. PROJ-0179 is our migration of our Shibboleth IdP to Amazon Web Services.
This project scope centers on the TIER package delivery and testing, which are subcomponents of the existing projects at Illinois.
Key Stakeholders
Sponsor | Tracy Tolliver, Director of Application Services (ttollive@illinois.edu) |
Campus Success Program Contacts | Keith Wessel, Senior App Integration Pro (kwessel@illinois.edu) Erik Coleman, Identity Tech Lead (ecc@illinois.edu) |
Communications Contact | Ester Cha, Senior App Specialist (estercha@illinois.edu) |
Project Manager | Erik Coleman (ecc@illinois.edu) |
Project Team Members | Ester Cha (estercha@illinois.edu) Erik Coleman (ecc@illinois.edu) Devin Gengelbach (deving@illinois.edu) Jon Gillen (jgillen@illinois.edu) Keith Wessel (kwessel@illinois.edu) |
Deployment Partners | None at this time |
Project Milestones
Activity | Resources | Start Date | End Date |
Configure Shibboleth IdP Docker Images | Keith Wessel, David Riddle | 8/1/17 | 10/13/17 |
Test Shibboleth IdP images in hybrid test config | Keith Wessel | 10/13/17 | 10/23/17 |
Deploy and beta-test hybrid Shib IdP with select SPs | Keith Wessel | 10/23/17 | 11/17/17 |
Fully incorporate hybrid Shib IdP in production (mix of docker and traditional nodes) | Keith Wessel | 11/17/17 | 11/18/17 |
Migrate all Shib IdP nodes to cloud/docker TIER images | Keith Wessel | 11/19/17 | 1/15/18 |
Configure Grouper Docker Images | Erik Coleman, Keith Wessel, David Riddle | 10/29/17 | 11/30/17 |
Build, deploy, test a beta test environment for dockerized Grouper in AWS | Erik Coleman | 11/30/17 | 1/15/18 |
Production rollout of dockerized Grouper | Erik Coleman, Keith Wessel | 1/15/18 | 2/28/18 |
Synergistic Projects
As previously mentioned, our cloud-first initiative aims to add many campus IT services to the cloud. This work has an aggressive 18-month timeframe, targeted for completion in 2018. The releases of TIER packages that can be deployed to Amazon Elastic Beanstalk could not have been better timed for our work. If selected as part of this program, we would like to offer resources and documentation on deploying TIER software to AWS in addition to our general lessons learned deploying TIER software. Even if not selected, we will certainly have documentation to contribute.
Constraints, Assumptions, Risks and Dependencies
| Constraints | We have a bit of a resource constraint with a limited amount of people, which has caused problems for projects being completed in a timely manner. Budgets are limiting us to the amount of external vendor or consultant time we can use, if any. |
| Assumptions | The Shib IdP project will continue to use an agile method of project management that is used by the software development team. The Grouper project will continue to use the waterfall method of project management. It is assumed that most of the Grouper docker image configuration will be based largely on the process and success of the Shib IdP images. Grouper is currently not in production in any capacity at Illinois, while the Shib IdP is in production. Appropriate change control measures will be performed to bring in functionality. |
| Risks and Dependencies | The Grouper work depends largely on the completion of the Shib IdP work as far as docker configuration and AWS deployment. While this may make some of the work easier, we have risked the completion date by assuming that the work will be similar. |