Provisioning Your Own SmartSimple Server

From SmartWiki
Revision as of 09:40, 20 July 2017 by Chin (talk | contribs) (Created page with "=Overview= This article outlines the necessary steps in order to provision your own SmartSimple server infrastructure if you have subscribed to the Private Cloud offering and...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

This article outlines the necessary steps in order to provision your own SmartSimple server infrastructure if you have subscribed to the Private Cloud offering and wish to bring your own hardware to host SmartSimple.

Infrastructure Prerequisites

A successful deployment requires that you have the expertise and resources available in order to provision as well as support the below items.

Operating System

  • CentOS (currently supported version is CentOS 6 x86-64, or RHEL 6 x86-64 is also compatible)

Resources

Computing Resources

  • CPU: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 4 virtual CPU units of 2.3 GHz Intel Xeon® E5-2686 v4 (Broadwell) processors or 2.4 GHz Intel Xeon® E5-2676 v3 (Haswell) processors)
  • Memory: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 16 GB RAM)

Storage

Required:

  • Minimum 10 GB volume mounted to / root volume
  • Minimum 500 GB volume mounted to /smartsimple volume

Recommended:

  • Additional 30 GB volume partitioned into 3 x 10 GB parts and mounted to /tmp, /var, and /var/log
  • Encryption employed for all volumes. SmartSimple infrastructure utilizes Amazon Web Service (AWS) Key Management Service (KMS) which employs the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys. The KMS is configured to rotate the secret keys on an annual basis.

Network

Firewall

Required: The below rules are necessary for the overall environment.

  • Inbound ports 80 (HTTP), and 443 (HTTPS) open to all sources
  • Inbound port 22 (SSH) open to several static IPs to allow administrative access for SmartSimple staff
  • Inbound port 22 (SSH) open to any other environments hosting SmartSimple (e.g. the backup environment) in order to sync with each other
  • Inbound port 8009 (AJP) or other equivalent may be required to be open from the web to the application environment in the case that these are separate environments
  • Inbound port 3306 (JDBC) may be required to be open from the application to the database environment in the case that these are separate environments

Recommended:

  • Drop all other inbound connections

Domain Administration

You may choose to apply your own domain to your SmartSimple server instead of using our default domain. In order to do so you will require the following:

  • A registered domain
  • Create an A record in your DNS
  • An SSL certificate (this can be purchased with a CSR provided by SmartSimple or you can provide an existing SSL certificate and private key)

Disaster Recovery

Security

Trend Micro Deep Security

Engagement Steps

Amazon Web Services Example Setup

Microsoft Azure Example Setup

Retrieved from ‘https://wiki.smartsimple.com/index.php?title=Provisioning_Your_Own_SmartSimple_Server&oldid=30405