Designed for High Availability

equableunalaskaSecurity

Dec 9, 2013 (3 years and 8 months ago)

95 views

Designed for High Availability


Fault
-
Tolerant Design


Shared Storage across 4 Nodes. Each Node:


6 X 900GB SAS 10k RPM hard drives configured RAID 5 +
hot standby


10Gbps interconnects (storage), 1Gbps (network)


Node Pairs


Storage shadowed on Pair


Failure of Node


VM can be lit up on pair member that
is still live.


CPU

RAM

Storage (HD)

CPU

RAM

vm1

vm2

Storage (HD)

VHD

ghosted

vhd1

vhd1

vhd2

vhd2

vhd3

vhd3

vm3

1.
If Node 1 Fails

2.
HRE
Administrator
intervenes and
activates VM
on remaining
Node Pair


vm2

vm1


First Level
-

Live & Standby
VMs


VHD duplicated to
pair node


Storage available for guest
VM to backup to


Host Machine

V
M

V
M

V
M

V
M

V
M

Host Machine

V
M

V
M

V
M

V
M

V
M

Live and Standby
VMs


Guest VM backs up to Storage Facility


Initiated by Guest VM


NOT by Host/HRE


HRE


responsible for storage


not backup and
recovery procedure inside VM

Storage
facility

Host Machine

V
M

V
M

V
M

V
M

V
M

HRE Tenant VM
initiates backup at
Guest VM level


putting data into
Storage Facility at
HRE or other location
(Tenant choice).

@10Mbps

internet

Node
1

Node
2

Node
3

Node
4

Node


Node




VPN

Admi
n

Private LAN

Storage LAN

Bridge FW

Bridge FW

Node Pair 2

Node Pair 1

Node Pair <n>

Utility Servers

Internet

Public Network

IRCan

FW

Private

FW1

Private

FW2

VPN

endpoint

Web

Server

Database

Server

Tenant A
minicloud


SSC Infrastructure


Data Centre, Rack, Power, Network

HRE Infrastructure


Virtualization Fabric, Storage,
VLANs, VPN

Tenant Application


Servers (OS, Applications),
Network Devices, Administration

Administration

Monitoring


From the “ground up”


Layered



Infrastructure + HRE +
Tenant Application


ONLY Tenant
Application is C&A
eligible.


Large Dependency on
HRE


Therefore, leverage
common information
for C&A Process on HRE
and SSC infrastructure.


Provide a flexible, upgradable, dependable, infrastructure that
Government departments can use to host applications and projects,
involving FLOSS applications and tools.

Provide the capability to implement each project

s security policy,
within the greater responsibilities of The Crown.

Provide a solution that
doesn

t

get in the way


of receiving a
certificaton

from SSC authority.


OTRS

Ubuntu

KVM

Ganeti

DRBD

MediaWiki

Openswan

OpenVPN

Unbound


& NSD

BackupPC

Nagios

Munin

Apache

Postfix

Pylons


Monthly


Guaranteed Outage


Network and other maintenance performed in a
maintenance window.


Assured outage of 1
-
hr / month (UNDER
DISCUSSION @HRE Governance Level)


D: get version #s of KVM etc.