Smartstaff, administrator
686
edits
Changes
no edit summary
==Operating System==
* CentOS (currently supported version is CentOS 6 x86-64, or RHEL 6 x86-64 is also compatible).
==Resources==
===Computing Resources===
'''Required:'''* CPU: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 4 virtual CPU units of 2.3 GHz Intel Xeon® E5-2686 v4 (Broadwell) processors or 2.4 GHz Intel Xeon® E5-2676 v3 (Haswell) processors).* Memory: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 16 GB RAM).
===Storage===
'''Required:'''* Minimum 10 GB volume mounted to / root volume.* Minimum 500 GB volume mounted to /smartsimple volume.* The ability to dynamically expand these volumes or add additional as necessary. '''Recommended:'''
* Additional 30 GB volume partitioned into 3 x 10 GB parts and mounted to /tmp, /var, and /var/log
* Encryption employed for all volumes. SmartSimple infrastructure utilizes Amazon Web Service (AWS) Key Management Service (KMS) which employs the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys. The KMS is configured to rotate the secret keys on an annual basis.
===Firewall===
'''Required:The below rules are necessary for the overall environment. ''' * Inbound Open inbound ports 80 (HTTP), and 443 (HTTPS) open to all sources.* Inbound Open inbound port 22 (SSH) open to several static IPs from SmartSimple office locations to allow administrative access for SmartSimple staff.* Inbound Open inbound port 22 (SSH) open to any your other SmartSimple environments hosting SmartSimple (e.g. the backup environment) in order to allow them to sync with each other.* Inbound Open inbound port 8009 (AJP) or other equivalent may be required to be open from the web to the application environment in the case that these are separate environments.* Inbound Open inbound port 3306 (JDBC) may be required to be open from the application to the database environment in the case that these are separate environments.
'''Recommended:'''* Drop all other inbound connections.
===Domain Administration===
You may choose to apply utilize your own domain to address for your SmartSimple server instead of using our default domain. In order to do so you will require the following:
* A registered domain.* Create an Decide on a fully qualified domain name for your SmartSimple application. This must contain a subdomain string in the format ''applicationname.yourdomain.com'', e.g. apply.smartsimple.com.* An A record in your DNSpointing to your server.* A reverse DNS entry configured for your server.* An SSL certificate (this can be purchased with a CSR provided by SmartSimple or you can provide an existing SSL certificate and private key). The certificate should be in PEM format. ==Architecture== Coming soon...
==Disaster Recovery==
Since you may choose to provision all or only a part of the infrastructure you have a variety of options for disaster recovery. The below outlines firstly, the typical disaster recovery solution employed by SmartSimple, and then secondly, the various options that you may choose from depending on your environment.
'''SmartSimple Disaster Recovery Strategy'''
* A hot backup environment is provisioned to be always online and available. This backup environment is similar to the production environment but hosted in a different geographical region. This backup environment is synced to the production environment via a daily SSH rsync.
* A copy of each daily database backup file is moved to an archive location and stored for up to 90 days retention. The archive location is a combination of Amazon S3 and Glacier storage, and the data is transferred there via AWS CLI API calls from the production environment.
'''Your Disaster Recovery Options'''
* Have SmartSimple provision our regular disaster recovery strategy as outlined above.
* Provision your own infrastructure to fulfill the functions of the above strategy.
* Provision your own disaster recovery strategy entirely, e.g. just a daily image of your server volumes instead of a hot backup environment.
==Security==
Coming soon...<!--Trend Micro Deep Security =Engagement Steps=-->
=Amazon Web Services Example Setup=
[[Category:Infrastructure]]
