What kind of infrastructure (servers, load-balancers, etc.) do you have running for CAS
3 x Sun Netra X1 (single processor, 1GB RAM) behind redundant Cisco CSS in failover ("sorry server" in Cisco parlance, I believe) configuration. The Netras are dedicated for CAS. We also utilized a separate (shared) database server for centralized audit trail functionality we've added.
How many people does your CAS server serve?
~20,000 faculty/staff/students/etc., plus 10,000+ additional prospective students during admission cycles.
How much manpower do you have dedicated to CAS?
At Cal Poly, CAS is maintained by the same group which supports our uPortal deployment. For initial customization/deployment, this was ~1 person for three months, but this also included integrating a number of key applications. Ongoing support load for the service itself is very low.
Beware that outreach/guidance/policy on client integration may require significant ongoing attention, depending on your deployment strategy and your campus approach to web application support. Our approach has been to strongly encourage standardization on centralized authentication services, and on uPortal integration, and so we're investing significant effort in this area.
What kind of systems do you have running? (Learning Management Systems, Portals, etc.)
uPortal (primary portal for all users), Blackboard, PeopleSoft HR and Finance (Student Admin soon), Oracle SSO (in support of Oracle Collab Suite, Business Intelligence, and other services), Remedy, some other vendor-provided vertical apps, and many locally-developed applications (primarily Java, also PL/SQL, PHP, ASP, Perl).
How do you push out new CAS client updates?
Updates for applications supported by ITS (central IT) are handled in our normal change management process – requested/scheduled/tested/rolled out.
Non-centralized clients are the responsibility of the application administrator — we send advisories on update availability and issues to be aware of, including follow-up in some cases. Key to this, of course, is controlling and/or tracking those applications which are using your CAS implementation!
Any problems/ gotchas that you ran into
Consider policy implications as early as possible, and also integration with your portal offerings. To our end-users there is no distinction between CAS and uPortal, and for us this is a very good thing.
Develop a clear understanding of how CAS fits into your service and security strategies, and communicate that message.