CAS in AWS

[Geng, Kelly]

Hi All,

Is there anyone that is successfully running CAS v5+ on AWS either exclusively or in hybrid mode? We are trying to migrate CAS 6.0 to AWS and keep running into issues that we don't have running on premise. The issue is manifested to be tomcat trying to open too many files without properly closing them.  I'm wondering whether anyone else has issues on AWS, or if you successfully run it on AWS, what the deployment looks like. We appreciate any experience sharing with us.

--

Kelly Geng

Application Developer

Miami University of Ohio

[Carl Waldbieser]

Kelly,

At Lafayette College we run CAS entirely in AWS.

entry 

We are running it containerized on the AWS Fargate container service.

At a high level, we are using DynamoDB for the ticket registry and the JSON service registry.  I still make service entry changes by editing the config file and redeploying-- we don't have the management interface deployed.  We do have an automatic CI/CD pipeline, so redeployment is pretty trivial.

We have a single region multi-AZ deployment.  AWS application load balancer is out in front and automatically manages the user facing certs.

If you have any questions, let me know.

Thanks,

Carl Waldbieser

ITS

Lafayette College

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANDcCJ%3Di5KnoORTHXV3FcqzwhwSpF49xpr0RBGx0BX_BfGAY6A%40mail.gmail.com.

[Geng, Kelly]

Carl,

Thanks for your response! Some followup questions if you don't mind: what container image do you use to run CAS? Do you have any MFA integration such as Duo? Do you have CAS interruption configured and if yes, in what way?

Thanks again!

Kelly

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbOxdq3ygx_Y5%2Bz8gMEJ-0XaMd0m%2BgQQLZ2-W5%2Ba6ghiDA%40mail.gmail.com.

--

Kelly

[Carl Waldbieser]

Kelly,

We are using the JIB approach to building our CAS docker images.  See https://apereo.github.io/2018/11/09/cas6-docker-jib/ .  I did override the following property in my gradle.properties file:

  baseDockerImage=amd64/adoptopenjdk:11-jdk-hotspot-bionic

Mostly it was because I couldn't determine a better way to get the container to do a health check without some kind of rudimentary shell.

We do use Duo MFA integration.

I'm not certain what CAS interruption is-- I'm pretty sure we don't use it.

Thanks,

Carl Waldbieser

ITS

Lafayette College

 

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANDcCJnNydxXke1Bg%3D4VY9Na%2BE%3DnNg01Tg0fdYrQ7Y-H3LhL8Q%40mail.gmail.com.