1 / 14

Shibboleth Tutorial Origins

Shibboleth Tutorial Origins. John Ball SUNY at Buffalo john@buffalo.edu. Origin Deployment. UB Shibboleth deployment Performance Infrastructure Origin plans WebISO? SSL Hardware/OS Testing Other issues. UB Shib Deployment. Deploying in a load balanced/HA scenario

gabriellel
Download Presentation

Shibboleth Tutorial Origins

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Shibboleth TutorialOrigins John Ball SUNY at Buffalo john@buffalo.edu

  2. Origin Deployment • UB Shibboleth deployment • Performance • Infrastructure • Origin plans • WebISO? • SSL • Hardware/OS • Testing • Other issues

  3. UB Shib Deployment • Deploying in a load balanced/HA scenario • Virtualized services • Both Auth and Web application farm • 4 Geographic locations • Initially internal application use

  4. Performance • Benchmarked current peaks • DCE on Solaris • Apache Web servers • Peaks for our busiest web service ~5500 unique “auths” per hour or 92 per minute • Originally estimated peak Shib capacity to be 1.84 auths per second • with WebISO (Cosign) and Java encryption

  5. Performance • Other considerations: • Auth session length • Commitment to less than 5 seconds • Goal of 1-2 seconds maximum

  6. Original Plans • Originally using 4 Sun V120s • Originally using Java for SSL • Originally using Shib with Cosign

  7. WebISO? • Removed Cosign from our plans for now • Using Tomcat load balancing • This has an impact on our original HA plans • Can we save Tomcat session state?

  8. SSL • Now using native JCE SSL • Significant performance gains

  9. Hardware • UB Historically a Sun shop • Started with 4 Sun V120s • Moved to 4 Sun 280Rs • Dual CPU • Sun Crypto Accelerator cards • Performance still CPU bound • Moved to Linux on 2 “borrowed” Dell 6650s (used the 280s for our LDAP)

  10. Hardware/OS • Recently purchased 12 Dell 1750s • Dual Xeon 3.2G CPUs • The more CPUs the better • Plans to deploy 2 Dells per location for production

  11. Testing/Tweaking • Testing load using Webload and JMeter • Tweaking and testing • Capacity • Session times

  12. Other issues • Still working on a “500” page error about every 500 auths –Tomcat issue? • This may be fixed in a newer version of Tomcat • This has been seen at other locations • Cisco CSS configuration • Kerberos plug-in for LDAP bug

More Related