I love reloadable services

Lee Foltz foltz2 at oakland.edu
Wed Mar 18 07:39:49 EDT 2020 

+1 as well.

We use these all the time and nice not taking the service down or
restarting shib.

MetadataResolverService
ReloadableCASServiceRegistry
RelyingPartyResolverService
AttributeFilterService

On Tue, Mar 17, 2020 at 7:05 PM Jesse Martinich <martinicj at sou.edu> wrote:

> +1
>
> *Jesse Martinich*
> Information Security Officer
> Infrastructure Services Manager
> Southern Oregon University | 1250 Siskiyou Blvd | Ashland OR  97520
> 541-552-8424
>
>
>
>
> On Tue, Mar 17, 2020 at 4:02 PM IAM David Bantz <dabantz at alaska.edu>
> wrote:
>
>> I've meant to reply to an off-hand comment Scott made several weeks ago
>> now regarding reloadable services being perhaps of diminished importance
>> as
>> folks go all in on DevOps: PLEASE, NO!
>>
>> While DevOps has incredible mind share as current best practice, when I
>> sketch the additional infrastructure I would need to go all in for
>> running our IdP
>> in that mode, it's 4 -10 times the number of "moving parts" of
>> infrastructure and tools
>> needing deployment and maintenance.
>>
>> My tiny environment of 1 active and 1 hot standby IdP nodes, using
>> reloadable
>> services, has not had an unplanned outage in nearly a decade, and I can
>> deploy new integrations for services configured even roughly correctly on
>> same day.
>> There is no way on earth I could do this in full DevOps mode when I
>> reflect that
>> deploying a suitable new VM for v3 IdP took over 1 year.
>>
>> I appreciate people's interest in scalable DevOps, but it may not be the
>> only
>> reasonable model for small scale deployments with very modest resources.
>> The use of reloadable resources has incredible utility and value for
>> smaller
>> scale operations - and they are crucial for wider adoption and reliance
>> on Shibboleth IdP.
>>
>> Thank you!
>>
>> David Bantz
>> UA OIT IAM
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net



-- 
Lee Foltz
Oakland University - UTS
Senior Identity and Access Management Engineer

248-370-2675
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200318/bd28ae38/attachment.html>

More information about the users mailing list