Difference between revisions of "Provisioning Your Own SmartSimple Server"
From SmartWiki
(Created page with "=Overview= This article outlines the necessary steps in order to provision your own SmartSimple server infrastructure if you have subscribed to the Private Cloud offering and...") |
(No difference)
|
Revision as of 08:40, 20 July 2017
Contents
Overview
This article outlines the necessary steps in order to provision your own SmartSimple server infrastructure if you have subscribed to the Private Cloud offering and wish to bring your own hardware to host SmartSimple.
Infrastructure Prerequisites
A successful deployment requires that you have the expertise and resources available in order to provision as well as support the below items.
Operating System
- CentOS (currently supported version is CentOS 6 x86-64, or RHEL 6 x86-64 is also compatible)
Resources
Computing Resources
- CPU: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 4 virtual CPU units of 2.3 GHz Intel Xeon® E5-2686 v4 (Broadwell) processors or 2.4 GHz Intel Xeon® E5-2676 v3 (Haswell) processors)
- Memory: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 16 GB RAM)
Storage
Required:
- Minimum 10 GB volume mounted to / root volume
- Minimum 500 GB volume mounted to /smartsimple volume
Recommended:
- Additional 30 GB volume partitioned into 3 x 10 GB parts and mounted to /tmp, /var, and /var/log
- Encryption employed for all volumes. SmartSimple infrastructure utilizes Amazon Web Service (AWS) Key Management Service (KMS) which employs the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys. The KMS is configured to rotate the secret keys on an annual basis.
Network
Firewall
Required: The below rules are necessary for the overall environment.
- Inbound ports 80 (HTTP), and 443 (HTTPS) open to all sources
- Inbound port 22 (SSH) open to several static IPs to allow administrative access for SmartSimple staff
- Inbound port 22 (SSH) open to any other environments hosting SmartSimple (e.g. the backup environment) in order to sync with each other
- Inbound port 8009 (AJP) or other equivalent may be required to be open from the web to the application environment in the case that these are separate environments
- Inbound port 3306 (JDBC) may be required to be open from the application to the database environment in the case that these are separate environments
Recommended:
- Drop all other inbound connections
Domain Administration
You may choose to apply your own domain to your SmartSimple server instead of using our default domain. In order to do so you will require the following:
- A registered domain
- Create an A record in your DNS
- An SSL certificate (this can be purchased with a CSR provided by SmartSimple or you can provide an existing SSL certificate and private key)
Disaster Recovery
Security
Trend Micro Deep Security