Docstoc

AIELITInfrastructure003

Document Sample
AIELITInfrastructure003 Powered By Docstoc
					                                                                                                                          AIEL IT Infrastructure Version: 0.03

                                                          AIEL IT Infrastructure
                                                         История изменения документа
                  Дата                Версия                               Описание изменений                                                  Автор
              Apr 10, 2008               0.01          First draft                                                                               KKK
             April 23, 2008              0.02          Continuation                                                                              KKK
             June 25, 2008               0.03          General Application Structure and Requirements chapter was                                KKK
                                                       added.




                                                                                Content

AIEL IT Infrastructure ....................................................................................................................................................1
История изменения документа ..................................................................................................................................1
1      Summary ...............................................................................................................................................................2
2      General Application Structure and Requirements.................................................................................................2
    2.1       Application Routers (Code Name FxGate) .....................................................................................................2
    2.2       Application Types ..........................................................................................................................................2
       2.2.1 Client Web Servers and Back Office Web Servers. ....................................................................................2
       2.2.2 Data Feed Servers......................................................................................................................................2
       2.2.3 Mail Servers ...............................................................................................................................................3
       2.2.4 Critical Single Instance Application Servers ...............................................................................................3
       2.2.5 Back Office Application Servers .................................................................................................................3
       2.2.6 Cache Data Servers ....................................................................................................................................3
3      Basic Hardware Configuration ...............................................................................................................................3
4      Basic Software Requirements................................................................................................................................3
5      Segments ...............................................................................................................................................................4
6      Server Segment Configuration ..............................................................................................................................4
    6.1       WEB-HTL Segment .........................................................................................................................................4
       6.1.1 General structure.......................................................................................................................................4
       6.1.2 Web Server on WEB-HTL Segment ............................................................................................................4
       6.1.3 News and Quotes Server on WEB HTL Segment........................................................................................4
    6.2       BO-HTL Segment............................................................................................................................................4
       6.2.1 General structure.......................................................................................................................................5
       6.2.2 Back Office Web Server on BO-HTL Segment ............................................................................................5

                                                                                                                                                               1|Page
                                                                                                                           AIEL IT Infrastructure Version: 0.03
      6.2.3 Trade Processor Server on BO HTL Segment .............................................................................................5
      6.2.4 Back Office Server (Publisher) on BO HTL Segment...................................................................................5
      6.2.5 TODO - NLB configuration .........................................................................................................................5
    6.3     WEB-AIEL Segment ........................................................................................................................................5
    6.4     BO-AIEL Segment ...........................................................................................................................................6
    6.5     WEB-GRVN / BO-GRVN Segments .................................................................................................................6
    6.6     WEB-GEN Segment ........................................................................................................................................6
7     Other Locations Configuration and links to Servers. .............................................................................................6
    7.1     Office-HTL Segment .......................................................................................................................................6
    7.2     AIEL ................................................................................................................................................................6
    7.3     GRVN .............................................................................................................................................................6


1    Summary
This document outlines group IT Server infrastructure for the server hosted with Fredonia (Provider).



2    General Application Structure and Requirements

2.1 Application Routers (Code Name FxGate)
Application routers are built on top of WCF (Windows Communication Framework). They are high level application
routers, which can be deployed on many servers in identical or different configuration and provide high level
application switching. Any routing / load balancing / high availability tasks, which are impossible to solve by other
means can be delegated to application routers. Nevertheless overall system hardware infrastructure should be at
least “aware” of the application routers (as well as the application routers should be aware of hardware
configuration) and they should work together to achieve optimal results.


2.2 Application Types
The following are expected application types (for a single segment), their interaction and requirements.

2.2.1 Client Web Servers and Back Office Web Servers.
Client Web Servers (and Back Office Web Servers) are identical “self-contained” units, which uses NLB to balance
the workload. Each web server will contain the same set of “web related” data (files + MSSQL database), which will
hold the general structure of the web site and all necessary information for the site to function. All non web data
will be received from other components either via direct WCF (Windows Communication Foundation) calls or via
MSSQL calls. Due to their standardized nature web servers can be brought online fairly easy if the needs arise.

2.2.2 Data Feed Servers
Data Feed Servers are simple application server, whose purposes are:
   1. Obtain, consolidate and preprocess data from external data providers.
   2. Store (cache) the data in the Data Storage (MSSQL database). The amount of the data might potentially be
       very large.
   3. Serve subscriptions for data from its clients.


                                                                                                                                                                 2|Page
                                                                                   AIEL IT Infrastructure Version: 0.03
Data Feed Servers can maintain a limited functionality even if the Data Storage is down. In that case they
automatically switch into routing client’s requests to external data providers.

Data Feed Server need to operate in High Availability mode, which means that if one of the servers goes down, the
other should pick up the slack.

Data Feed Servers must maintain redundant internet connections so that to ensure seamless data flow in case one
connection goes down.

2.2.3 Mail Servers
Mail servers will serve, well, various email related tasks. There is no need for any high availability. However, if this
is achieved then that will be good.

2.2.4 Critical Single Instance Application Servers
Critical Single Instance Application Servers (CSIAS) are application servers, which run very complicated processing
logic. As such it is impossible (for the time being) to separate tasks into several different hardware servers.
However, these servers can be configured to have an active and stand by server. In case of a failure of an active
server is detected, application routers will automatically switch all the connections (including connection to Data
Storage) from active to stand by server and then try to issue a restart command to the active server. If restart
succeeds, then that server will become a stand by server (or the application routers might initiate the switch back).
The storage volume requirements are nominal, however the database speed might be crucial. For the time being it
is expected that MSSQL mirrored database will be used to achieve high availability storage.

2.2.5 Back Office Application Servers
Back office servers will consolidate all the company information and do the post processing. For the time being
they are expected to share the data storage with Critical Single Instance Application Servers. However, the actual
server(s) might be located on different machines. Most of the information processing can be treated as “offline”.
That means that while back office tasks are run on a certain schedule, delay in processing these tasks is not crucial.

2.2.6 Cache Data Servers
Cache Data Servers might be used to serve cached (preprocessed) data to users. The data can be uploaded from
several sources (Publishers). However, cache servers do not do any processing. Rather they merely allow spreading
the workload among many identical servers. They are working under simple NLB scheme. However, publishers
need to have “direct” access to them (so that to upload the data).


3   Basic Hardware Configuration
Basic hardware configuration consists of two blade chassis capable of hosting of up to 14 servers each located in
two separate data centers and one RAID 5+1 hot spare storage (in data center #1) with up to 4 connections to the
blade chassis. The chassis in data center # 1 currently has 4 servers and chassis in data center #2 has 2 servers.
Each server has mirror 15K rpm disk system, which should be split into System disk C: (with minimum necessary
space (about 20 GB)) and Data Disk D: with the remaining space (about 50 GB).



4   Basic Software Requirements
Unless otherwise noted each server should have Windows 2003 x 64 Enterprise (or above) Server installed, MSSQL
2005 Enterprise (may be with several instances installed) and Antivirus software.




                                                                                                            3|Page
                                                                                AIEL IT Infrastructure Version: 0.03
5   Segments
There are four segments, so called AIEL, HTL, GRVN and GEN. Each of the segments is divided into 2 sub segments
public = WEB and private = BO. Public (WEB) sub segments can be accessed via unsecure internet and private (BO)
sub segment can only be accessed via secure connection(s) form designated offices of by remote users with the
necessary access rights who first must establish a secure and RSA authenticated VPN connection. There is a firewall
between relevant WEB and BO sub segments which allows only the designated traffic.


6   Server Segment Configuration
This chapter describes the configuration of the servers hosted with the Provider. The equipment installed in other
locations are described further below in Chapter 7.

6.1 WEB-HTL Segment
6.1.1 General structure
This segment will have 1 x 2 servers (one in each chassis / datacenter). The servers will belong to
secure.heraclestrust.com domain (managed by the provider) and should be accessible only through SSL. Server
names should be webhtl11 for the server in datacenter # 1 and webhtl21 for the server in datacenter #2. An SSL
certificate should be created (purchased from the relevant authority) and installed on these servers. The servers
should serve as:
    1. Identical web application servers and as such should be self sufficient in that sense
    2. News and Quotes Servers (see description below).
The server in datacenter #1 will have access to data storage (as described below). Each of the servers should have
two IP addresses (one for web server and one for News and Quote Server) allocated from the beginning of NL-
WEB-HTL segment. As such these first two servers in this segment (one in each datacenter) will have multiple roles
as described below.


6.1.2 Web Server on WEB-HTL Segment
Each web server should have its own MSSQL instance called HTLWEB (or share the same default instance with
News and Quotes Server – this needs to be discussed) and database necessary for the web server to function. The
data will be uploaded into these databases by the Publisher (from BO-HTL segment). Location of the web
databases should be in D:\SQLWEB\.

6.1.3 News and Quotes Server on WEB HTL Segment
News and quotes servers will be installed (for the time being) on the same physical servers as the web servers.
However, additional MSSQL 2005 instances called HTLNNQ should be installed (or share the same default instance
with Web Server – this needs to be discussed). Location of the news and quotes database should be
DATASTORAGE\HTLSEGMENT\SQLNNQ (where DATASTORAGE\HTLSEGMENT means that the data should be on
data storage instead disks in the server and belong to the segment called something like HTLSEGMENT – to be
discussed).

From the NLB point of view (to be discussed) news and quotes servers should have an alias DNS name
nnq.heraclestrust.com (better) or nnq.secure.heraclestrust.com (if the previous name is not possible), which
should allow to move and/or increase the number of news and quotes serves as necessary. NOTE: this DNS alias
(or IP alias) should be managed by the provider. As currently heraclestrust.com domain is managed by another
provider it might be necessary to do some adjustments here to ensure seamless operation of the NLB.


6.2 BO-HTL Segment
This paragraph describes the general structure of BO-HTL Segment.
                                                                                                        4|Page
                                                                                 AIEL IT Infrastructure Version: 0.03
6.2.1 General structure
This segment will have 1 x 2 servers (one in each chassis / datacenter). The servers will belong to
backoffice.heraclestrust.com domain (managed by the provider) and should not be accessible via public internet
at all. Server names should be bohtl11 for the server in datacenter # 1 and bohtl21 for the server in datacenter #2.
The servers should serve as
    1. Domain Controller for heraclestrust.com domain (NOTE: heraclestrust.com domain is currently hosted with
         other provider, some actions might be needed to ensure proper operation).
    2. Identical web application servers for back office tasks.
    3. Trade Processor Servers (see description below).
    4. Back Office Server (Publisher of various information).
The server in datacenter #1 will have access to data storage (as described below). Each of the servers should have
three IP addresses (one for back office web server, one for Trade Processor Server and one for Back Office Server)
allocated from the beginning of NL-BO-HTL segment. As such these first two servers in this segment (one in each
datacenter) will have multiple roles as described in details below.


6.2.2 Back Office Web Server on BO-HTL Segment
Back Office Web Server will host the web application for the employees of the company. It should NOT be
accessible from outside the back office segment. Web databases should be located in D:\SQLBO\.


6.2.3 Trade Processor Server on BO HTL Segment
Trade Processor is the core of the trading platform. It serves many functions among which are: reception /
transmission / execution of orders, interface with external brokers / exchanges, etc… It should be noted that TP
does not provide any other information to the clients (for example, the information about deals / orders, accounts,
etc… will be provided by the pair of Back Office Server / Back Office Web Server). TP should run in High Availability
NLB mode, where the Master runs in datacenter #1, Slave runs in datacenter #2 and witness server (created by
JFC) should be hosted by the provider. A DNS alias tp.heraclestrust.com (or tp.backoffice.heraclestrust.com)
should be created for the ease of NLB switching (to be discussed). TP databases should be located in D:\SQLBO\.


6.2.4 Back Office Server (Publisher) on BO HTL Segment
Back Office Server will serve several purposes:
   1. Accumulate all the data and prepare them for distribution (Publisher in Publisher / Subscriber) model. Most
       of other servers are Subscribers to some of the information from Back Office Server.
   2. Serve as accounting core, which will host the General Ledger, and all related accounting stuff.
   3. Provide the company / client related data to web servers (from its MSSQL database) to Web Servers and
       Back Office Web Servers. NOTE: This role might be delegated to additional separate distribution servers –
       we need to discuss this.


6.2.5 TODO - NLB configuration
NLB should be provided “above” the web server by the provider. Necessary specification should be developed
and agreed with the provider. Any comments would be highly appreciated.


6.3 WEB-AIEL Segment
This segment is not configured in current configuration. We will need to install additional servers in order to
separate the access.



                                                                                                          5|Page
                                                                                  AIEL IT Infrastructure Version: 0.03
6.4 BO-AIEL Segment
A description of this segment will follow.


6.5 WEB-GRVN / BO-GRVN Segments
These segments are not configured in current configuration. We will need to install additional servers in order to
separate the access.


6.6 WEB-GEN Segment
The server in this segment should eventually host all Exchange 2007 mail servers for all our domains
(softellect.com, jfcglobal.com, heraclestrust.com, etc…). However, the migration should start from softellect.com
domain. All domains should be configured is such a way that to be able to allow/disallow POP3 / SMTP access for
certain users. By default POP3/SMTP access to softellect.com domain should be set to disallow (with the few
exceptions). Exceptions list will be provided separately. For all other domains the default setting should be set to
allow. Currently the webs servers are hosted by a different provider. As such some changes to configuration / DNS
/ etc… might be needed. Each mail server should be accessible via dedicated IP address (NOTE: a pair of addresses
should be actually used – one in each datacenter, but the installation in the second datacenter will follow later, if
necessary). The proposed name prefix for the servers is mail (i.e. mail.softellect.com, mail.jfcglobal.com, etc…). All
Exchange servers should be configured to use the data storage.



7   Other Locations Configuration and links to Servers.
This chapter describes the configuration of the servers and other equipment not hosted with the Provider as well
as the links to the server hosted with the provider.

7.1 Office-HTL Segment
HTL Office in Nicosia is called Office-HTL Segment. It is going to have two internet connections. This segment
should have a permanent connection to BO-HTL segment (via both internet connections). The routers on both
ends should be configured in such a way so that to allow this permanent connection to be established only from
dedicated IP addresses. Access to any of the resources in the Office-HTL segment should only be allowed after
successful authorization by the RSA device (located along with the servers hosted with the provider). While this
creates a trip to the RSA device, no other solutions seems appropriate, unfortunately.


7.2 AIEL
Office in Moscow is called Office-AIEL Segment. Currently is has a single permanent fiber optics connection to the
internet. This segment should have a permanent connection to BO-AIEL segment. The routers on both ends should
be configured in such a way so that to allow this permanent connection to be established only from dedicated IP
addresses. Internal domain name is dome.local Administrative access to BO-AIEL servers should only be allowed
after successful authorization by the RSA device (located along with the servers hosted with the provider). RSA
device should not be involved in the current authentication process used in this office.


7.3 GRVN
A description of this segment will follow




                                                                                                          6|Page

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:11/7/2013
language:Latin
pages:6
 wuzhenguang wuzhenguang
About