per-entity - Re: [Per-Entity] Notes and recording for today's call
Subject: Per-Entity Metadata Working Group
List archive
- From: Thomas Lenggenhager <>
- To: Per-Entity Metadata Working Group <>
- Subject: Re: [Per-Entity] Notes and recording for today's call
- Date: Thu, 22 Sep 2016 11:31:37 +0200
- Ironport-phdr: 9a23:BbojBhDZtFg9wY+2DI9CUyQJP3N1i/DPJgcQr6AfoPdwSP7+psbcNUDSrc9gkEXOFd2Crakb26yL6Ou5BCQp2tWojjMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpRZbIBj0NBJ0K+LpAcaSyp3vj6HhzabOeB1FjyaRZrZ7LRP+7VmA95pevYw3EqsrjzbPvnpUaqxzyH9hKVuPll7D4d2z/ZhsuwtKvO85v5pYXL+/cqIkTKBJJDUgOGcw4crt8x7ZQl3cyGEbVzAqkh1NChONyBz8UZj8tCvzuednkH2eMMv5Qr0yWT2t4r1DUwDplCwHcTU5pjKEwvdshb5W9Ury7yd0xJTZNcTIbfc=
- Organization: SWITCH
I just read the notes of yesterday's meeting.
Monitoring the InCommon MDQ Service - Requirements for Ops...
SWITCH also has internal monitoring -- ping Lukas Hammerle for a glimpse of
it.
We use the following monitoring methods in SWITCHaai. I hope I got the details mostly right.
1) Our federation management tool (the home built Resource Registry)
a) Once a night it tries to connect to all IdPs and SPs (the
Shibboleth Status handler if permitted) otherwise a service
location. If it gets an answer it tries to discover a possible
clock skew. If higher than probably 60 secs, if I remember
correctly, it sends out a notification mail to the entity's
tech contact.
Owners
b) If enabled (the owner of the IdP entity can disable it in the
Resource Registry) periodically polls the IdP to check its
availability. The availability check is performed on Monday to
Friday between 7 to 23 every five minutes by sending an
authentication request to the Identity Provider.
On a failure (and on later recovery) it reports it by email to
the tech contact of the IdP as well as to the SWITCHaai team.
2) Nagios monitoring from a node within the SWITCH network
a) Age of the signature of the public metadata aggregates, alert
by mail to SWITCHaai team.
b) Discovery service on the two hosts load balanced by IP anycast.
c) Availability of the Resource Registry
d) Full IdP login process (to an SP on the monitoring host itself)
for all IdPs of the customers subscribed to the optional IdP
Hosting service.
Alerts by mail and by SMS to the SWITCHaai team.
We use the canoo WebTest for the scripted login sequence [1]
3) External monitoring by Alertra
Every 10 minutes reachability for all the hosts running the
services listed above in 2a-2d).
Alerts by mail and SMS to the SWITCHaai team.
Thomas
[1] http://webtest.canoo.com/webtest/manual/WebTestHome.html
On 21.09.16 19:08, David Walker wrote:
Everyone,
I've posted our live-scribed notes on the wiki at
https://spaces.internet2.edu/x/NwUZBg. Also a recording of the session
will be available for the next few weeks at
https://internet2.box.com/s/a9iznektjhlohke6nfjsg83v7a6pesuc.
Looking forward to seeing all of you in Miami!
David
--
SWITCH
------
Thomas Lenggenhager, Central Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505 direct +41 44 268 1541
https://www.switch.ch
- [Per-Entity] Notes and recording for today's call, David Walker, 09/21/2016
- Re: [Per-Entity] Notes and recording for today's call, Thomas Lenggenhager, 09/22/2016
Archive powered by MHonArc 2.6.19.