TIER: Production Candidate
December 19, 2016
(Continuous Release Pipeline)
Synopsis of Trust and Identity in Education and Research (TIER) Package Delivery
The ultimate goal of TIER is the integration of community-developed open-source trust and identity software components into a manageable and complete identity and access management suite, supported by common campus practices.
Need Basic Information?
Visit the TIER 101 page.
Standard TIER Component Distributions
These are the standard production distributions for the three TIER components. These are recommended for production environments.
- COmanage Registry (v. 1.0.6)
- Grouper enterprise access management system (v. 2.3)
- Shibboleth Single Sign-On and Federating Software (Identity Provider version 3.3)
April 2016 TIER Release Report
If you wish, you can review the comprehensive report on the April 2016 TIER release.
Who's Trying TIER?
- Duke University
The Ohio State University
University of California, Berkeley
University of Illinois
University of Pennsylvania
University of Virginia
University of Wisconsin-Madison
Virtual Machine Images
These are virtual machine images preloaded with the appropriate set of Docker containers. These are made available for testing and for your feedback to the TIER component architects. The VMs are intended for campuses that do not currently operate container-based applications. Production deployment of these virtual machines is not recommended at this time.
The TIER team appreciates everyone who downloads and "kicks the TIER tires." Please provide your feedback using the links here.
Virtual Machine Images and Documentation
If you intend to download these VMs, a few suggestions:
- If you are not familiar with VirtualBox, you can read the documentation and download the software from the Oracle's web site.
- Once VirtualBox is installed and running, you import the .ova distribution using the File / Import Appliance function.
- The default network connection for some of the Virtual Machines is NAT. This works well for the case logging into and examing the VM and containers. To connect to services hosted by the VM, you'll likely want to switch the network to bridged mode. This will give the VM an IP address from your network's DHCP server and provide you with the ability to access services from a browser.
- Please review the Release Notes for installation instructions and additional information on VirtualBox setup.
- Remember to change the login password before you place the VMs on a public network.
Campus Practices Included in TIER
Structures of the Container-Based Files
The structures generally follow the pattern shown on the image to the left.
Each container has its own start-up configuration requirements but the team’s goals have been to provide as consistent an experience as possible. Because of the zero-cost and highly versatile deployment choices available in Oracle’s Virtualization Software (VirtualBox), we chose to describe installation and configuration in those terms. For more information about VirtualBox, please refer to the information on Oracle’s website: https://www.virtualbox.org/wiki/Downloads
Packaging is delivered in the Open Virtualization Format (OVF) and the container is called an Open Virtual Appliance (sometimes also called Open Virtual Application, but we prefer the use of “Appliance”) (OVA).
The OVF format standard was formed by the Distributed Management Task Force, or DMTF, which is an industry working group comprised of over 160 member companies and organizations. The DMTF board is comprised of 15 technology companies and includes Dell, EMC, VMware, Oracle, and Microsoft. As announced at VMworld 2010, DMTF’s OVF standard was adopted as a National Standard by ANSI.
An OVF package structure consists of a number of files: a descriptor file, optional manifest and certificate files, optional disk images, and optional resource files (such as ISOs). The optional disk image files can be VMware vmdk’s, or any other supported disk image file. More information about the OVF format standard can be found at DMTF.Org’s web site (http://www.dmtf.org/standards/ovf).
In order to package and deliver the software in the TIER Production Candiate, considerable work had to be coordinated across myriad constituencies and disciplines. To meet the primary objective of Durable Standards and Practices identified by the community, campus practitioners and Internet2 staff produced the comprehensive set of work packages and convened the necessary conversations to ensure that needs of the primary recipients (campus adopters) would be met.
To properly align the efforts, resources such as assigned university staff, contractors and consultants had to be properly engaged. Levels of engagement range from one-third time to full-time equivalents. Additional partner relationships and resources will be retained as funding and a persistent scope of work evolves throughout the course of the program.
TIER relies heavily on several working groups to get the specification work done, involving more than 100 active, contributing participants from the community. These teams work to ensure complete and comprehensive software development, documentation, partner engagement, and campus engagement. Internet2 has also hired software developers, a project manager, and a vice president for trust and identity thanks to the funds provided by the 49 TIER investor institutions.