JIRA Issue

[#XCI-783] Migrate CILogon web servers to AWS containers

[XCI-783] Migrate CILogon web servers to AWS containers Created: 09/29/2020  Updated: 04/15/2021

Status: Design
Project: XSEDE Cyberinfrastructure Integration
Component/s: CILogon
Fix Version/s: PY10 (Sep '20 - Aug '21)

Type: XCI Enhanced Capability Priority: Major
Reporter: Jim Basney Assignee: Jim Basney
Resolution: Unresolved Votes: 0

Issue Links:
Associated bugs and stories
associated with XCI-757 Update idp.xsede.org to current InCom... Closed
relates to XCI-509 Enhance CILogon Silver CA with suppor... Closed
Target Operator:
XSEDE Enterprise Services
XSEDE Priority: -
XSEDE Areas:
RACD Security
Public activity link: https://software.xsede.org/display/xci-783
Devel Repository:
Use Cases:
CAN-06: Authenticate with an application
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Basney, Jim 0.4 two days of effort to lead the activity (required) none
TBD (tester) 0.4 two days of effort to test the software none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Deployment plan*
TRR Test plan*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Planned Launch Date:
Actual Launch Date:
Planned Design Review Date:
Planned Test Readiness Review Date:
Planned Complete Date:
Activity Lead: Jim Basney
Lead Tester: Shava Smallen


The CILogon team plans to migrate the CILogon web servers from NCSA/NICS to the CILogon AWS account. The migration itself is a CILogon project activity, not using XSEDE funds. However, since XSEDE relies on CILogon, I'm launching this activity to conduct an XSEDE-focused design review and test prior to the CILogon team making the change.

Goals for this migration include:

  • Replace NCSA/NICS fail-over configuration with AWS Docker Swarm using multiple AWS availability zones.
  • Migrate CILogon web apps from VMs to containers.
  • Stop relying on CentOS 6 VMs at NCSA and NICS, which reach end-of-life on November 30.

After this activity and XCI-757 are completed, the fozzie and jackfruit VMs at NICS can be retired.

This change should be transparent to end-users and should not require any updates to end-user documentation.


There are comments for XCI-783 that can be viewed with XSEDE authentication.