Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

VM network requirements:

Image Removed

Software requirements:

OS: Centos 5

      

Packages/Modules:

Security requirements:

Physical server security: assumes data center is secured

Local security: Set up appropriate new users, restricting root access

File system security: Umask settings, setting up appropriate file permissions

OS kernel security: assumes provider to have latest kernel updates/patches

Password & Access security: use of public/private keys, SSH tunnels.

...

Table of Contents

...

Diagram - Single Environment

...

Image Added

...

RAM (GB)

...

 

web

db

geo

total

DEV

3

4

5

12

QA

4

8

8

20

PROD

4

8

8

20

TOTAL




48

...

DISK (GB)

...

 

web

db

geo

total

DEV

10 GB

32GB

200GB

242GB

QA

10 GB

32GB

200GB

242GB

PROD

10 GB

32GB

200GB

242GB

...

failover

...

Application failover must be achieved within 2-4 hours and proceeds several ways depending on the nature of the failure. Here we discuss fail-over only in the context of lost connectivity to the data center with an uncertain time to restore operations at that datacenter. When there is a configuration change, either at the VM level or at the application level, we clone the entire application and store it offsite (at the city?). Should the datacenter fail badly (fire, etc), we provide carinet with the application, and carinet brings up the application at another location.

...

portibility

...

We plan to move the application to our data center by midyear 2011. We want to insure that the application is portable. The chips in our data center will be Intel Xeon. We expect to do a VM copy (or similar) and do not need v-motion. Does this all seem right?

...

vm admin

...

We're planning to use VMware vSphere Essentials Kits to manage the VMs. This will be a Carinet responsibility to setup the Essential Kits on all VMs, SFGov should be able to connect to the VMs remotely via vSphere Client.

...

SE Linux

...

Do not enable SE Linux.

...

SSH Access

...

All VMs shall be accessible via ssh.
The city will provide public keys for those that will have linux root access.

...

linux services

...

All services shall be disabled unless otherwise requested.
Specifically, the following shall be disabled

  • NFS
  • FTP
  • incoming mail

And the following shall be enabled

  • outgoing mail
  • SSH
  • firewall (see below)

...

firewall

...

Allow access only as specified in the deployment diagram.