Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID


InCommon and TIER: Better Together Part II, or: InCommon In The TIER DevOps Environment

Dec 05, 2016, by Nicholas Roy
Tags: TIER, TIER Software, Trust & Identity

Last month, I wrote about how the InCommon Federation and TIER have shared needs in areas of project management, software, service development and operations. This month, we continue the story with a post about the concrete work that Internet2 and partner staff are doing to enhance the federation's technical capabilities and operational practices in one specific area: DevOps.

DevOps: A practice that emphasizes the collaboration and communication of software developers and IT infrastructure professionals while automating the process of software and infrastructure development, testing and delivery.

In August, Steve Zoppi, Internet2's Associate Vice President for Services Integration and Architecture, wrote about The Landscape of DevOps Within TIER. Steve outlined the path toward a demo workbench and a production workbench, within which TIER components will be rapidly developed and tested, and features selected for and batched into appropriate and uniformly tested production releases. The InCommon Federation, as both a stand-alone service and a TIER component, shares this need with the other TIER components. To that end, InCommon is building a continuous integration and delivery pipeline and a software staging environment in which we will test new and modified features of the InCommon Federation Manager software, as well as the applications, scripts and other components that produce, import, aggregate, sign and publish InCommon metadata.

The InCommon staging environment is based on the TIER demo and production workbench cycles, and will use the same patterns and practices to help InCommon achieve agile software development in alignment with functionality exposed in TIER releases.

We are partnering with the firm via a TIER contract for the construction of the TIER packaging delivery pipeline, using a set of tools including Docker, GitHub Enterprise, Jenkins and Amazon Web Services. InCommon is now using these components for containerization of the staging environment, code versioning and control, automated builds, testing and deployment to staging of our software, and the actual sStaging environment itself. Internet2's new Trust and Identity Architect, Chris Hubing, has been working with Levvel to build out the environment and wrap the needed identity and access management and other components around it in a reproducible and automatable way.

Our first target for this new environment was the automated build and deployment of the InCommon Federation Manager application – the user interface that InCommon Site Administrators and Delegated Administrators use to manage their federation metadata – into the staging environment. That has been completed and we are now using it to test updates to the Federation Manager user interface (stay tuned for a major update to the look and feel of that application in the next few months!).

Our next set of goals include automated testing and deployment to staging for scripts that produce reports on the InCommon web site and wiki. We'll use that experience to allow us to automate the updates of those reports in production.

We are also planning to use this environment to allow more agile development and testing of changes to our metadata production, signing and publication, and we will build a test per-entity metadata distribution environment in this new staging area and perform load testing, high-availability testing, and other needed checks before a production roll-out. We believe that the care and effort invested in building staging for InCommon software within the TIER DevOps environment will lead to closer alignment of the TIER components including InCommon, and will allow us to more rapidly evolve our service offerings as we seek to build depth of knowledge in the team that maintains our software and infrastructure.