LabShare Deployment Documentx - The University of Sydney

mountainromeInternet και Εφαρμογές Web

31 Οκτ 2013 (πριν από 3 χρόνια και 1 μήνα)

46 εμφανίσεις


This document is protected by Australian copyright law and the law of confidentiality and the comparable laws
of other countries. It contains valuable information proprietary to the University of Sydney. No part of this
mate
rial may be copied, stored or transmitted in any form, electronic or otherwise, without the prior written
consent of the University of Sydney.


© Copyright 2010 The University of Sydney.


Labshare

Deployment







Written by:

Aaron Mendham


Academic Services



Research,
Learning & Teaching

Date saved:

1 November 2013

Version:

v
0.
7

draft

Document location:

https://staff.usyd.edu.au/ict/Architecture/Deployment Documents/LabShare
Deployment Document.docx

The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
2

of
12

Table of Contents

1

DOCUMENT CONTROL

................................
................................
................................
................................
.........

3

1.1

R
EVISION
H
ISTORY

................................
................................
................................
................................
...............

3

1.2

R
ELATED
D
OCUMENTS

................................
................................
................................
................................
........

3

1.3

D
OCUMENT
S
IGN OFF

................................
................................
................................
................................
...........

3

2

INTRODUCTION
................................
................................
................................
................................
.......................

4

2.1

P
URPOSE

................................
................................
................................
................................
................................
.

4

2.2

I
NTENDED
A
UDIENCE
................................
................................
................................
................................
...........

4

2.3

S
COPE

................................
................................
................................
................................
................................
......

4

2.4

B
ACKGROUND AND
O
VERVIEW
................................
................................
................................
...........................

4

3

DEPLOYMENT COMPONENT
S

................................
................................
................................
..........................

5

3.1

S
ERVER
C
OMPONENTS

................................
................................
................................
................................
.........

5

3.2

S
OFTWARE COMPONENTS

................................
................................
................................
................................
...

5

3.3

H
ARDWARE COMPONENTS

................................
................................
................................
................................
..

5

4

DEPLOYMENT REQUIREME
NTS

................................
................................
................................
.....................

5

4.1

N
ETWORK
R
EQUIREMENTS
................................
................................
................................
................................
.

5

4.2

B
ACKUP AND
R
ESTORE
R
EQUIREMENTS

................................
................................
................................
..........

5

4.3

H
IGH
A
VAILABILITY AND
DR

R
EQUIREMENTS

................................
................................
...............................

5

4.4

A
CCESS
C
ONTROL
R
EQUIREMENTS

................................
................................
................................
...................

5

5

ENVIRONMENTS
................................
................................
................................
................................
......................

6

5.1

P
RODUCTION
................................
................................
................................
................................
..........................

6

5.1.1

Deployment
................................
................................
................................
................................
.................

6

5.1.2

Network and firewall configuration
................................
................................
................................
.

7

5.2

D
EVELOPMENT

................................
................................
................................
................................
......................

9

5.2.1

Deployment
................................
................................
................................
................................
.................

9

5.2.2

Network and firewall configuration
................................
................................
...............................
10

6

ISSUES AND RISKS

................................
................................
................................
................................
...............

12


The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
3

of
12

1

DOCUMENT CONTROL

1.1

Revision History

Version

Date

Author(s)

Changes

0.
1

11/05/2010

Aaron Mendham

Initial Draft

0.2

2/06/2010

Aaron Mendham

Updated background

and
Network Flow diagrams

0.3

3
/06/2010

C. Albone

Minor Edits.

0.4

3/06/2010

Aaron Mendham

Minor Edits

0.5

21/06/2010

Aaron Mendham

Minor Edits

0.6

5/07/2010

Aaron Mendham

Alter server names (already
taken)

0.7

5/07/2010

Aaron Mendham

Minor Edits

Table
1
: Version Control Table

1.2

Related Documents


Ref
Id

Referenced Item

1

Sahara Release 2 Installation Guide

2


1.3

Document Sign
off

Name (Position)

Signature

Date

Aaron Mendham



Christopher Albone
(Technical Architect)



Steven Kuk (Manager,
Hosting Services)



Jim Chong (Manager,
Platform Services)



Geoff Gordon

(Solution Manager)




The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
4

of
12

2

Introduction

2.1

Purpose

To document the deployment of
LabShare

in both its production and its SDLC
environments.

2.2

Intended Audience



Academic

Services


Research,
Learning & Teaching



Infrastructure


Hosting Services and Platform Services



IIS A
rchitecture
t
eam

2.3

Scope

This document
will cover the following aspects of the deployment:



The required server infrastructure



The required software and its deployment



The required network configuration, including firewall holes



Any known issues with the deployment

2.4

Background and Overview



The Faculty of Health Sciences at the University of Sydney use medical imaging devices
such as Magnetic Resonance Imaging (MRI) held on site so students can get practical
use and experience of said devices. Having direct physical access to the device provi
des
a hazard to the occupants in the room, as the device can emit small amounts of harmful
radiation. Additionally, due to the precise manner in which this device has to be setup
and maintained, a staff member had to always be present in the room. Therefor
e, a
small TIES grant was granted to provide “remote access” to control and use the
machine, so that students can use the software to control and use the machine to
conduct their experiments whilst not being present in the room. LabShare, developed by
the
University of Technology, Sydney (UTS), is designed to allow students from remote
locations with internet to access and control experiments and labs under controlled
circumstances. The system allows students to access the device 24 hours 7 days a
week, or
under a time frame specified by the lab administrator. Additionally, the
software will allow students to be placed in a queue with set times to access the
The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
5

of
12

machine itself, or to schedule or book a time to access the machine at a time more
suitable to them.


3

Deployment Components

3.1

Server Components

Server Type

Server Configuration

No.

instances

Production
Application Server



Redhat Enterprise Linux 5
,
64

bit



Virtual


1 CPU


1GB RAM



SAN


40GB


1

labs
h
-
app
-
pr
d
-
1

Development
/UAT

Application Server



Redhat
Enterprise Linux 5
,
64

bit



Virtual


1 CPU


1GB RAM



SAN


40GB


1

labs
h
-
app
-
dev
-
1


3.2

Software components

Software

Instances

Sahara Release 2

2

MySQL

2

Java Platform, Standard Edition Runtime Environment version 6 (JRE6)

2

Apache 2.2+ with mod_rewrite

enabled

2

PHP 5.3

2

Zend Framework (version 1.10)

2

Patrol Agent

2

Legato Networker Agent

2

3.3

Hardware components

Hardware

Instances

N/A

N/A


4

Deployment Requirements

4.1

Network Requirements



External
ly accessible required (Distance Education Students)

4.2

Backup and Restore Requirements

Standard file system backup with ICT’s Legato Networker service.

Nightly txt file backup
for database.

4.3

High Availability and DR Requirements

There are no HA or DR requirements specific to this application.

4.4

Access Control
Requirements

Student access (via LabShare) is governed by Access Manager (authentication) and
LabShare (authorisation). Staff Access (Rig Administrator) is governed by Access
Manager (
a
uthentication) and LabShare (authorisation).


The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
6

of
12

5

Environments

5.1

Production

5.1.1

Deployment



Item

Description

1

Production Application Server

• Software Installed:
Java Platform Standard Edition Runtime Environment version 6 (JRE6);
Apached; PHP5.3;

MySQL;
Zend Framework (ver 1.10)
; Patrol Agent
;

Legato Networker
Agent

• Ports Exposed:

I 44P

㠰㠰

• VLAN:

• VM Enclosure:

• Resource Pool:

The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
7

of
12

5.1.2

Network and firewall configuration


5.1.3

Inbound ports

Host

Port

Purpose

Firewal
l Type

Scope

labs
h
-
app
-
pr
d
-
1


80

HTTP
Access to
web
interface



Host


[Internet]



443

HTTPS
Access to
web
interface


Host

[Internet]


8080

Server
listening
port

Host

[Internet]

22

SSH

Host

[sydnet]

TCP/2059
TCP/3181

Patrol

Host

radon.inside.ucc.usyd.edu.
au
krypton.mcs.usyd.edu.au

TCP/50001

Patrol

Host

krypton.mcs.usyd.edu.au

TCP/7937
-
7966

Legato
Networker

Host

nsrhost.ucc.usyd.edu.au

The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
8

of
12


5.1.4

Outbound ports

The following service ports must be opened on the firewall to allow the
solution’s

server
s

to originate requests

Host

Port

Purpose

Firewall
Type

Scope

labs
h
-
app
-
pr
d
-
1

UDP/53

TCP/53

DNS
Resolution

Host

extro.ucc.usyd.edu.au

metro.ucc.usyd.edu.au

TCP/123

NTP

Host

ntp.usyd.edu.au

TCP/8080

http proxy

Host

[sydnet]

TCP/443

https to
Access
Manager

Host

i
dm
-
am
.
sydney
.edu.au **



The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
9

of
12

5.2

Development
/UAT

5.2.1

Deployment
/UAT






Item

Description

1

Development
/UAT

Application Server

• Software Installed:

MySQL,

Java Platform Standard Edition Runtime Environment version 6
(JRE6); A
pache
; PHP5.3;

MySQL;

Zend Framework (ver 1.10)
;
Patrol Agent, Legato
Networker Agent

• Ports Exposed: 80, 443

㠰㠰

• VLAN:

• VM Enclosure:

• Resource Pool:




The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
10

of
12

5.2.2

Network and firewall configuration


5.2.3

Inbound ports

Host

Port

Purpose

Firewal
l Type

Scope

labs
h
-
app
-
dev
-
1


80

HTTP
Access to
web
interface



Host

[sydnet]



443

HTTPS
Access to
web
interface


Host

[sydnet]


8080

Server
listening
port

Host

[sydnet]


22

SSH

Host

[sydnet]

TCP/2059
TCP/3181

Patrol

Host

radon.inside.ucc.usyd.edu.
au
krypton.mcs.usyd.edu.au

TCP/50001

Patrol

Host

krypton.mcs.usyd.edu.au

TCP/7937
-
7966

Legato
Networker


nsrhost.ucc.usyd.edu.au

The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
11

of
12


5.2.4

Outbound ports

The following service ports must be opened on the firewall to allow the
solution’s

server
s

to originate requests

Host

Port

Purpose

Firewall
Type

Scope

labs
h
-
app
-
dev
-
1

UDP/53

TCP/53

DNS
Resolution

Host

extro.ucc.usyd.edu.au

metro.ucc.usyd.edu.au

TCP/123

NTP

Host

ntp.usyd.edu.au

TCP/8080

http proxy


[sydnet]

TCP/443

https to
Access
Manager


i
dm
-
am
-
dev
.
sydney
.edu.au






The University of Sydney

Saved:
1 November 2013

Labshare

-

Deployment

Page
12

of
12

6

Issues and Risks


Issue
Id

Issue

Impact

Remediation

1

<summary of risks>

<potential impact of risk>

<summary of
remediation steps>