Open main menu

Changes

Provisioning Your Own SmartSimple Server

747 bytes added, 11:56, 21 August 2023
no edit summary
{{Banner-UnderConstruction}}
 
 
=Overview=
==Operating System==
* CentOS (currently supported version is CentOS 6 7 x86-64, or RHEL 6 7 x86-64 is also compatible).
==Resources==
'''Recommended:'''
* Additional 30 20 GB volume partitioned into 3 4 x 10 5 GB parts and mounted to /tmp, /var, /var/log, and /var/log/audit.
* Encryption employed for all volumes. SmartSimple infrastructure utilizes Amazon Web Service (AWS) Key Management Service (KMS) which employs the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys. The KMS is configured to rotate the secret keys on an annual basis.
===Firewall===
'''Required:'''
* Open inbound ports 80 (HTTP), and 443 (HTTPS) to all sources.
* Open inbound port 22 (SSH) to several static IPs from SmartSimple office locations to allow administrative access for SmartSimple staff.
'''Recommended:'''
* Drop all other inbound connections.
 
'''Required:'''
* Open outbound ports 80 (HTTP), and 443 (HTTPS) to all sources.
* Open outbound port 22 (SSH) to your other SmartSimple environments (e.g. the prod environment) to allow them to sync with each other.
* Open outbound port 123 (NTP) to all sources.
* Open outbound port 587 (SMTP) to all sources.
* Open outbound port 8009 (AJP) or other equivalent may be required from the web to the application environment in the case that these are separate environments.
* Open outbound port 3306 (JDBC) may be required from the application to the database environment in the case that these are separate environments.
 
'''Recommended:'''
* Open outbound traffic to all sources.
===Domain Administration===
* Decide on a fully qualified domain name for your SmartSimple application. This must contain a subdomain string in the format ''applicationname.yourdomain.com'', e.g. apply.smartsimple.com.
* An A record in your DNS pointing to your server.
* A reverse DNS entry configured for your server.(Optional)
* An SSL certificate (this can be purchased with a CSR provided by SmartSimple or you can provide an existing certificate and private key). The certificate should be in PEM format.
==Creating the Initial Infrastructure==
<ol><li># Select a '''Region''' to operate in (e.g. US East (N. Virginia)).</li><li># Within the '''VPC''' (Virtual Private Cloud) service menu, create a '''VPC''' with default tenancy.</li><ol><li>## Create a '''Subnet''' in the VPC and select an '''Availability Zone'''.</li><li>## Create an '''Internet Gateway''' and attach it to the VPC.</li><li>## Edit the '''Route Table''' associated to the VPC and add the following route:<br/>Destination: 0.0.0.0/0 Target: above Internet Gateway</li></ol> <li># Create '''Security Groups''' to define the network security.</li><ol><li>## Create a '''Security Group''' for the Web layer. Configure inbound rules for ports 80 (HTTP) and 443 (HTTPS) to be open from all sources (0.0.0.0/0).</li><li>## Create a '''Security Group''' for SSH access. Configure inbound rules for port 22 (SSH) to be open from SmartSimple office environments (contact SmartSimple for a list of static IPs).</li><li>## Create a '''Security Group''' for the Database layer. Configure inbound rules for port 3306 (MySQL) to be open from the above Web Security Group.</li></ol><li># Within the '''IAM''' service menu, create an '''Encryption Key'''. This will be used for volume encryption.</li><li># Within the '''EC2''' service menu, launch an '''EC2 Instance'''.</li><ol><li>## From the '''AWS Marketplace''', select the CentOS 6 7 image 'CentOS 6 7 (x86_64) - with Updates HVM'.<li>## Select an '''Instance Type''' of m4.xlarge.<li>## Select the VPC and corresponding Subnet.<li>## Create three storage '''Volumes''' and enable encryption on them using the above key. Set the volumes with the following details: {| class="wikitable"| Name| Type| Device| Size ##* 10GB root volume (GiB)|-| Root| Root| /dev/sda1)| 10|-| ##* 500GB SmartSimple| EBS| volume (/dev/sdf)| 1000|-| Ext| EBS| ##* 20GB ext volume (/dev/sdg)| 30|}</li> <li>## Encrypt the volumes with the above Encryption Key.</li><li>## Associate the above Web and SSH Security Groups.</li></ol></ol>
===Optional RDS Deployment===
While the above steps are sufficient for a base SmartSimple environment, the following instructions are optional if you wish to provision a high availability clustered environment by adding an AWS Relational Database Service (RDS) instance.
<ol><li># Within the '''RDS''' service menu, create a new '''DB Subnet Group''' and add '''Subnets''' for two different '''Availability Zones'''.</li><li># Create a new '''Parameter Group''' based off the default 'mariadb10.0'. Set the following parameters:<br/>#* character_set_server = utf8mb4#* connect_timeout = 60<br/>#* delayed_insert_limit = 92233720368#* delayed_insert_timeout = 31536000#* delayed_queue_size = 9222337220#* interactive_timeout = 60<br/>#* log_bin_trust_function_creators = 1<br/>#* max_allowed_packet = 1073741824#* max_heap_table_size = 1073741824#* sql_mode = no_auto_create_user,no_engine_substitution#* time_zone = ''your local timezone'' (e.g. 'US/Eastern')<br/>#* tmp_table_size = 1073741824#* wait_timeout = 60</li><li># Launch a '''DB Instance'''.</li><ol><li>## Select the MariaDB database engine (version 10.04.x).</li><li>## Select an '''Instance Class''' of db.m4.large (if deploying RDS, the EC2 instance created above may be resized from m4.xlarge down to m4.large).</li><li>## You may choose whether to enable '''Multi-AZ Deployment''' or not.</li><li>## Set '''Allocated Storage''' to 200GB.</li><li>## Select the VPC, Subnet Group, Security Group, and DB Parameter Group previously created.</li><li>## Set '''Publicly Accessible''' to no, and '''Enable Encryption''' to yes and select the Encryption Key previously created.</li><li>## You may set '''Auto Minor Version Upgrade''' to yes to allow for automatic updates.</li></ol></ol>
==Creating Additional Environments==
Chin
Smartstaff, administrator
686
edits
Retrieved from ‘https://wiki.smartsimple.com/wiki/Special:MobileDiff/30912...41660