Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

> 
> As I understand it on a really high level, the container is a collection of 
> all of the 
> components that Grouper will need. With out current deployment, we 
> independently manage 
> those components, such as Tomcat and Java. A significant part of managing 
> those components 
> is tracking their versions, particularly with an eye towards relevant bug 
> and security 
> patches. How do we do we identify and track these versions with the Grouper 
> containers? 

1. If there is an issue that is not addressed in a container, tell me about 
it and we can make a new container
2. -or- you can make a subimage that upgrades or replaces part of the 
container

As soon as 2.5.30 is released (which is delayed since its substantial, and 
should be out in the next week or two), we will go back to release 
approximately every other week

> I think I understand that any such patches get incorporated into new 
> container versions, 
> but how do we perform the risk assessment for currently deployed 
> containers? Generally I'm 
> trying to determine how we respond to our security groups when they come 
> asking about vulnerabilities.

Was this answered in the above answer?  Its similar to what you would do 
today I would think...  if you want a schedule for upgrades, then you need to 
make a new image on that schedule I think

> 
> Is there a difference between the TIER/ITAP(?) containers and those 
> available via the 
> Grouper site? My cursory Googling seems to turn up Grouper 2.4 associated 
> with TIER, 
> but the Grouper site features 2.5? I'm a little unclear on the relationship.

Theres one container for Grouper.  Anything else is for training or 
integration POCs and is a subimage of the Grouper container...

Good luck!

> 
> -- 
> UH Information Technology Services : Identity & Access Mgmt, Middleware
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>