IRCan HREDesigned for High Availability
HRE – VM Fabric
Fault-Tolerant Design Shared Storage across 4 Nodes. Each Node:▪ 6 X 900GB SAS 10k RPM hard drives configured RAID 5 +
hot standby▪ 10Gbps interconnects (storage), 1Gbps (network)
Node Pairs – Storage shadowed on Pair▪ Failure of Node – VM can be lit up on pair member that
is still live.
Node Pair
CPURAM
Storage (HD)
CPURAM
vm1 vm2
Storage (HD)
VHDghosted
vhd1
vhd1
vhd2
vhd2
vhd3
vhd3
vm3
1. If Node 1 Fails
2. HRE Administrator intervenes and activates VM on remaining Node Pair
vm2vm1
HRE – Backup Approaches
First Level - Live & Standby VMs – VHD duplicated to pair node
Storage available for guest VM to backup toHost Machine
VM
VM
VM
VM
VM
Host Machine
VM
VM
VM
VM
VM
Live and Standby VMs
HRE – VM Guest Backup
Guest VM backs up to Storage Facility Initiated by Guest VM – NOT by Host/HRE HRE – responsible for storage – not backup and
recovery procedure inside VMStorage facility
Host Machine
VM
VM
VM
VM
VM
HRE Tenant VM initiates backup at Guest VM level – putting data into Storage Facility at HRE or other location (Tenant choice).
HRE Networking
@10Mbps
internet
Node 1
Node 2
Node 3
Node 4
Node …
Node …… VPN Admi
n
Private LANStorage LAN
Bridge FWBridge FW
Node Pair 2Node Pair 1 Node Pair <n> Utility Servers
HRE – Tenant Cloud
Internet
Public Network
IRCanFW
PrivateFW1
PrivateFW2
VPNendpoint
WebServer
DatabaseServer
Tenant A minicloud
Technical Layers
SSC Infrastructure – Data Centre, Rack, Power, Network
HRE Infrastructure – Virtualization Fabric, Storage, VLANs, VPN
Tenant Application – Servers (OS, Applications), Network Devices,
Administration
Adm
inist
ratio
nM
onito
ring
C&A
From the “ground up” – Layered
Infrastructure + HRE + Tenant Application
ONLY Tenant Application is C&A eligible. Large Dependency on
HRE ▪ Therefore, leverage
common information for C&A Process on HRE and SSC infrastructure.
Problem
Provide a flexible, upgradable, dependable, infrastructure that Government departments can use to host applications and projects, involving FLOSS applications and tools.Provide the capability to implement each project’s security policy, within the greater responsibilities of The Crown.Provide a solution that doesn’t “get in the way” of receiving a certificaton from SSC authority.
Packages
OTRS
Ubuntu KVM Ganeti
DRBD MediaWiki
Openswan OpenVPN Unbound & NSD
BackupPC Nagios Munin
Apache Postfix Pylons
Maintenance Windows
Monthly – Guaranteed Outage Network and other maintenance performed in a
maintenance window. Assured outage of 1-hr / month (UNDER
DISCUSSION @HRE Governance Level)
ACTION ITEMS
D: get version #s of KVM etc.