Tuakiri services will be moved from the University of Auckland hosting environment to REANNZ internal hosting.  At the same time, Tuakiri Discovery Service will be replaced by a new version (developed by the Australian Access Federation), that will allow connecting Tuakiri Service Providers to eduGAIN.


30/06/2020Send member notifications.None


Migrate DEV + internal-TEST services:

  • Attribute Validator (DEV)
  • Federation Registry (DEV)
  • Virtual Home (DEV)
  • Discovery Service (DEV)
  • RapidConnect (DEV/TEST)
None - Tuakiri internal DEV+TEST services only.

Migrate Tuakiri-TEST (public facing TEST) services

  • Attribute Validator (TEST/Staging)
  • Federation Registry (TEST)
  • Virtual Home (TEST)
  • Discovery Service (TEST)
  • RapidConnect (Staging)

Brief unavailability for users of TEST environment (VirtualHome, Federation Registry.

(members working on development of services connected to Tuakiri)

Metadata distribution will be unaffected.


Migrate non-critical Tuakiri (PROD) services:

  • Attribute Validator (PROD)
  • Federation Registry (PROD)
  • Tuakiri Virtual Home (PROD)

Brief unavailability for member admin users (VirtualHome, Federation Registry).

Possibly brief delay in metadata changes propagation
(metadata would be served off cached copy during the cut-over).


Migrate critical Tuakiri services

  • RapidConnect (PROD)
  • Discovery Service (PROD)
End-users are exposed to new Tuakiri Discovery Service.
Migrate Tuakiri DNSNone.

Why is the migration being done?

In 2015, Tuakiri became a service operated by REANNZ.  However, the Tuakiri environment has so far stayed hosted at the University of Auckland.  We are now about to move the Tuakiri environment onto REANNZ servers.  This will streamline the operations, integrating Tuakiri into workflows already in use for other REANNZ systems, and will result into significant reductions in operating costs.

Together with the migration, we will also upgrade some services with long overdue updates.  The most significant is replacing the Discovery Service with a new implementation, which will allow connecting Tuakiri Service Providers to eduGAIN.  The current Discovery Service is built on technology that's no longer supported and has been long due for a refresh.

The Attribute Validator will also be replaced with a new implementation (the original one was seriously outdated and is no longer supported by upstream).

What will be done?

Between July 14th and July 23rd, Tuakiri services will be migrated onto REANNZ servers as per the above schedule.  As part of the migration, the Discovery Service and the Attribute Validator will be replaced with a new implementation.

The migration has been carefully planned and will be executed in a way that avoids impact on end-users (there will be no outage of the Discovery Service and RapidConnect), and minimizes the impact on other users (service administrators from member organisations) - the Federation Registry and Virtual Home will be briefly unavailable to ensure data consistency during the migration.

What do I need to do?

No action is required on the technical side.

We however recommend that member organisations (connecting as IdPs) send internal communications to their users that the user interface of the Tuakiri Discovery Service will change.

A preview of the new user interface can be accessed via https://attributes.tuakiri.ac.nz/Shibboleth.sso/Login?discoveryURL=https://tuakiri-ds-ha.reannz.co.nz/ds/DS

Status updates

30/6/2020, TBDMember notification sent
17/7/2020All Tuakiri services migrated to REANNZ according to plan.

  • No labels