We have a similar deployment but are moving to nginx+ and as the front-end instead of apache+mod_jk. This should give us the ability to bring backend Tomcat/CAS nodes in and out of production without a service outage. We are also running with a json backed service registry, instead of pulling in JPA/RDMBS dependencies.
CAS3 has been rock solid for more than 10 years, but I'm looking forward to moving to CAS5 with MFA support and simplifying our deployment configuration even more thanks to Misagh. Best, Bill On Fri, Aug 12, 2016 at 4:08 AM, Philippe MARASSE <[email protected]> wrote: > Hello, > > 1. > Here we have about 1400 employees, our architecture is pretty simple : 2 > front servers sharing a virtual IP (active/passive, apache + mod_jk), 2 CAS > applications servers (CAS v3.5, Clustered tomcat, EHCache ticket registry, > JPA Service registry). It works like a charm since 2012. > > 2. > Our servers run Debian 7/8. IMHO, OS doesn't matter as long as you use > custom JVM for your CAS server. > > Regards. > > > Le 11/08/2016 à 23:23, Hank Foss a écrit : > > Thanks, Misagh, much appreciated. > > It sounds like this will work quite well for us. Most of our web apps rely > on LDAP authentication. > > Regarding architecture, hope you don't mind a couple of other questions: > > > How many servers are in your CAS environment (presuming you recommend an HA > environment) - e.g. 1 web server (Tomcat?) + 2 HA CAS ticketing servers > Do you recommend RHEL for OS? > > > Our user environment is about 12,000 (2,000 staff + 10,000 students) so I am > trying to architect the CAS to support that. > > > -Hank > > On Thursday, August 11, 2016 at 4:45:43 PM UTC-4, Misagh Moayyed wrote: >> >> If you mean CAS is going to provide you with an LDAP server, the answer is >> no. AFAIK, that has never been the case. If you mean you wish to >> authenticate via AD/LDAP and get access to your portal and other >> CAS-protected apps, then it’s quite simple. Since the dawn of time, CAS has >> supported LDAP/AD authentication. 90% of the deployments use that method of >> authentication. >> >> -- >> Misagh >> From: Hank Foss <[email protected]> >> Reply: Hank Foss <[email protected]> >> Date: August 11, 2016 at 1:38:35 PM >> To: CAS Community <[email protected]> >> Subject: [cas-user] New to CAS, new to Apereo >> >> >> >> Hello, >> >> I'm brand new to CAS and Apereo, and am asking the best way to begin. We >> are migrating our CAS from the cloud to on-premise as a cost savings >> measure. This will likely save us $60+k annually, as the vendor is also >> provides our portal. >> >> The externally hosted portal contains LDAP as well as CAS links. I >> understand CAS 5 comes out this fall (October?) which offers LDAP support, >> so I am on the fence a bit more. Since AD authentication drives many of our >> authentication, I have been told that we will either need to use ADFS or >> Shibboleth. The goal for this to be live is December of this year, so there >> are learning curve, architecture, installation and customization components >> of this project that all come into play. >> >> I built the Linux box, most current version of CentOS, but I believe being >> an open source application that the support of at least the OS should >> actually be a licensed RHEL instance. >> >> I'm technical, but this is uncharted territory so suggestions, comments, >> and criticism are all greatly welcome. >> >> >> Thanks, >> CAS-Newbie >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ccf659bc-12d9-4cb8-98dd-4dbf926f403a%40apereo.org. >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/df64e990-a4f5-406a-871e-f4a8ea96d289%40apereo.org. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > -- > Philippe MARASSE > > Responsable pôle Infrastructures - DSIO > Centre Hospitalier Henri Laborit > CS 10587 - 370 avenue Jacques Cœur > 86021 Poitiers Cedex > Tel : 05.49.44.57.19 > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb01bad3-3148-3295-3418-10ae0f513422%40ch-poitiers.fr. > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuEj%2BzVR-2F%2BkyUz8J0hrZk3pxDXD0gpug9YytOosF8aug%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
