Shibboleth Hardware Recommendations

From GFIPM Implementation Wiki
Jump to: navigation, search
Go back


This article describes the basic hardware, operating system, Web server, and network requirements for participants who choose to use Shibboleth in their GFIPM federation deployment.

IDPs and SPs each require server-class machines. Both machines must be of contemporary performance specifications. Specifically, the following minimum performance characteristics are recommended for each machine:

  • 3.0 MHz Core2 Duo Pentium-4 (or equivalent) processor
  • 2 GB of memory
  • 160 GB of disk space

If a participant plans to implement multiple IDPs or SPs, additional servers are recommended. Some participants may also wish to implement their servers on virtual machines, in which case appropriate hardware should be chosen.

The only other hardware requirement is that the machines be able to run the participant's chosen operating system. Each participant must choose and install an OS platform on the machines. GTRI strongly recommends that participants choose one of the following OS platforms:

  • Microsoft Windows Server 2003 or later
  • Red Hat Enterprise Linux (AS or ES)

GTRI currently operates a reference implementation of an Identity Provider and a Service Provider on each of these two OS platforms. By using one of these platforms, participants can ensure that GTRI will be able to provide them with the best possible technical assistance.

Each participant must choose and install a Web server on the two machines. GTRI recommends that participants choose one of the following Web servers:

  • Microsoft Internet Information Server (for Windows-based systems)
  • Apache HTTP Server (for Linux-based systems)

GTRI operates a reference implementation of an Identity Provider and a Service Provider on each of these two Web servers. By using one of these Web servers, participants can ensure that GTRI will be able to provide them with the best possible technical assistance.

Participants must configure the Service Provider machine to have a static public IP address, a domain name, and Internet connectivity on port 443 (HTTPS). In addition, port 80 (HTTP) may be used for a public page of the portal or merely as a means to forward incoming connections to port 443. For security purposes, GTRI recommends that all other ports be blocked by a firewall. The Identity Provider machine must be accessible to allow local users to authenticate, but Internet access to the IDP may or may not be provided depending on local needs.


Go back