Open Source SSO in the Cloud
When information technology (IT) budgets and staffing get tight on campus, it can be challenging to maintain key campus systems, and even more difficult to make critical improvements. More and more, IT departments are moving towards outsourcing major projects and ongoing management of technology, especially when this involves the Cloud. Cloud services providers have many benefits, including redundancy, global infrastructure, and maximum uptime. In addition, having someone else manage cloud migration and day-to-day operations can free up valuable internal resources for other projects.
The Open Source SSO Challenge
One of Unicon’s recent higher education clients used on-prem deployments of Shibboleth and CAS for their single sign-on (SSO) infrastructure. Over time, their information technology team lost key personnel and it became challenging to maintain and update their Shibboleth and CAS instances due to a lack of resources. In addition, this client was interested in moving both applications to the Cloud for scalability, reliability, and cost savings. They needed a partner who could take on the cloud migration project and afterward assume ongoing management of their SSO infrastructure to free up internal resources for other priorities. Outsourcing a key system such as SSO is a big step, so the client needed to have complete confidence in the partner they selected. They also were looking for a team with a strong project management component to keep an eye on schedule and budget.
Why Unicon
Unicon had the perfect capabilities for this project. We are well-known for our expertise with CAS and Shibboleth, having more than 25 years of experience in developing and implementing Open Source SSO solutions for higher education customers. In addition, we are an AWS Advanced Consulting Partner, and we have an AWS infrastructure in place that we built to host CAS and Shibboleth. The Unicon team is collaborative and transparent, which allows us to build strong working relationships with all of our clients. Our goal is to ensure we provide project management capabilities and engineering expertise that will result in a high-quality deliverable, completed in a timely manner and within the project budget.
Results
Since the Open Source SSO infrastructure was central to the client’s campus operations, the migration required careful planning and extensive testing. The Unicon team worked closely with the client to develop a phased approach to migrating CAS and Shibboleth services that allowed us to focus on one aspect of the system at a time and achieve key milestones along the way:
- First, we migrated SAML services and went live with the client’s IdP in the AWS Cloud while they continued to use an on-prem CAS server for CAS services.
- Next, we migrated their campus-wide productivity tool, Office365, to use the hosted IdP.
- As a final phase, we migrated the on-prem CAS services to the AWS Cloud.
- Once the CAS services were tested and went live, the client was able to shut down all services on-prem as the solution was entirely in the AWS Cloud.
- After the migration, Unicon assumed responsibility for managing the system.
CAS and Shibboleth are now hosted in one environment with day-to-day operations and support provided by Unicon. The cloud solution provides flexibility, scalability, reliability, and eliminates the costs associated with on-prem hardware and maintenance.
The client is extremely satisfied with both the new platform and Unicon’s services and is looking forward to continuing to work with us in the future. Now that CAS and Shibboleth are in the Cloud, the support provided by Unicon’s managed services teams means that the client can budget a yearly fixed recurring amount for CAS and Shibboleth support. They no longer have to worry about staffing, training, and keeping the knowledge needed to maintain these critical systems in-house. The information technology team can rely on Unicon’s cloud expertise and application knowledge to ensure high-quality support and maximum uptime while their internal resources focus on other projects.