Provisioning Your Own SmartSimple Server

From SmartWiki
Revision as of 17:11, 4 August 2017 by Chin (talk | contribs)

Jump to: navigation, search

Overview

This article outlines the necessary steps in order to provision your own SmartSimple server infrastructure if you have subscribed to the Private Cloud offering and wish to bring your own hardware to host SmartSimple.

Infrastructure Prerequisites

A successful deployment requires that you have the expertise and resources available in order to provision as well as support the below items.

Operating System

  • CentOS (currently supported version is CentOS 6 x86-64, or RHEL 6 x86-64 is also compatible).

Resources

Computing Resources

Required:

  • CPU: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 4 virtual CPU units of 2.3 GHz Intel Xeon® E5-2686 v4 (Broadwell) processors or 2.4 GHz Intel Xeon® E5-2676 v3 (Haswell) processors).
  • Memory: Minimum equivalent of an Amazon Web Service m4.xlarge sized general purpose EC2 instance (currently equivalent to 16 GB RAM).

Storage

Required:

  • Minimum 10 GB volume mounted to / root volume.
  • Minimum 500 GB volume mounted to /smartsimple volume.
  • The ability to dynamically expand these volumes or add additional as necessary.

Recommended:

  • Additional 30 GB volume partitioned into 3 x 10 GB parts and mounted to /tmp, /var, and /var/log
  • Encryption employed for all volumes. SmartSimple infrastructure utilizes Amazon Web Service (AWS) Key Management Service (KMS) which employs the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys. The KMS is configured to rotate the secret keys on an annual basis.

Network

Firewall

Required:

  • Open inbound ports 80 (HTTP), and 443 (HTTPS) to all sources.
  • Open inbound port 22 (SSH) to several static IPs from SmartSimple office locations to allow administrative access for SmartSimple staff.
  • Open inbound port 22 (SSH) to your other SmartSimple environments (e.g. the backup environment) to allow them to sync with each other.
  • Open inbound port 8009 (AJP) or other equivalent may be required from the web to the application environment in the case that these are separate environments.
  • Open inbound port 3306 (JDBC) may be required from the application to the database environment in the case that these are separate environments.

Recommended:

  • Drop all other inbound connections.

Domain Administration

You may choose to utilize your own domain address for your SmartSimple server instead of using our default domain. In order to do so you will require the following:

  • A registered domain.
  • Decide on a fully qualified domain name for your SmartSimple application. This must contain a subdomain string in the format applicationname.yourdomain.com, e.g. apply.smartsimple.com.
  • An A record in your DNS pointing to your server.
  • A reverse DNS entry configured for your server.
  • An SSL certificate (this can be purchased with a CSR provided by SmartSimple or you can provide an existing certificate and private key). The certificate should be in PEM format.

Architecture

Coming soon...

Disaster Recovery

Since you may choose to provision all or only a part of the infrastructure you have a variety of options for disaster recovery. The below outlines firstly, the typical disaster recovery solution employed by SmartSimple, and then secondly, the various options that you may choose from depending on your environment.

SmartSimple Disaster Recovery Strategy

  • A hot backup environment is provisioned to be always online and available. This backup environment is similar to the production environment but hosted in a different geographical region. This backup environment is synced to the production environment via a daily SSH rsync.
  • A copy of each daily database backup file is moved to an archive location and stored for up to 90 days retention. The archive location is a combination of Amazon S3 and Glacier storage, and the data is transferred there via AWS CLI API calls from the production environment.

Your Disaster Recovery Options

  • Have SmartSimple provision our regular disaster recovery strategy as outlined above.
  • Provision your own infrastructure to fulfill the functions of the above strategy.
  • Provision your own disaster recovery strategy entirely, e.g. just a daily image of your server volumes instead of a hot backup environment.

Security

Coming soon...

Amazon Web Services Example Setup

Coming soon...

Retrieved from ‘https://wiki.smartsimple.com/index.php?title=Provisioning_Your_Own_SmartSimple_Server&oldid=30868