Posted over 1 year ago. Visible to the public.

Infrastructure basics

ops_complete

opscomplete gives you everything necessary to run a modern web infrastructure in a professional manner.
You have the application code, we take care of everything else. We have a private cloud running hundreds of sites but also support running and maintaining your application on AWS.

Architecture

Architektur_railscomplete.png

Bandwidth

Public

Our load balancer in front have a 10GBit/s uplink to the Internet. In the data center we can increase the uplink to more then 550 GBit/s. With direct connections to DE-CIX (Frankfurt), LINX (London), AMS-IX (Amsterdam) as well as redundant connections to all major carriers like Deutsche Telekom AG, TeliaSonera, Global Crossing and Netcologne we can provide perfect coverage.

Internal

Internal bandwith is set to 1 GBit/s.

External

The uplink for the internal servers (outside the scope of the load balancers) is set to 1 Gbit/s.

Traffic

Public

The default setup includes 1000 GB of traffic and a peak bandwith of 500 Mbit/s.

Internal

Internal traffic is included.

External

External traffic from servers (outside the scope of the load balancer) is included.

Traffic Shaping on VMs

We limit the network bandwith on the VMs to prevent them from using all the resources of the underlying VM Host. If we detect a VM is running at it's limit all the time we discuss with the customer if we need to increase the available network bandwith.

Possibilities

Redis/Sentinel

If you want to have a high-availability Redis setup we offer Sentintel with automatic failover. This needs a dedicated quorum server or third application server.

Dedicated Database

Besides the shared database server we also offer dedicated database servers just for the customer. We support MySQL/MariaDB and PostgreSQL, both with high-availability, redundancy and automatic-failover as well es daily backups.

SSL

We integrate the free Let's Encrypt Certificates as well as fee-based commercial certificates.

Security

Updates

We install newest updates for our systems on a weekly schedule. In the case of critical issues we install the security fixes or implement temporary workarounds ASAP.

Connections

We rely on encrypted connections and use the best practice attempt for cryptographic algorithms. We don't have plain text authentication and force the use public key authentication.

Database connections stay within the local network and aren't accessible from the Internet.

Availability

Loadbalancer

We have a setup of three load balancing servers that are capable of fast, automatic failover to cover any outages and they also offer round-robin and weighted traffic distribution.

Application Server

Our default setup includes two application servers at different physical locations to achieve redundancy. Thus if one of the servers goes offline (failure, outage, planned maintenance) the application is still available and accessible on the other one. It's possible to scale vertically (add virtual resources) as well as horizontally (add servers), see here.

Database Server

Our default setup includes two database servers at different physical locations to achieve redundancy. Thus if one of the servers goes offline (failure, outage, planned maintenance) the databases are still available and usable.

Monitoring

We provide two sorts of monitoring:

Outage

We run an automated 24/7 monitoring for all relevant resources and services so we can act fast on any issues. We're using Icinga for that purpose.

Performance

We run an automated 24/7 performance monitoring to cover the need for adjustments regarding hardware resources. We're using collectd, graphite and grafana for that purpose.

Backups

We provide daily backups of databases and data stored in glusterfs from the application servers. Up on request we backup additional filesystem paths. You'll find the details here: 400 Backup

Configuration Management

We use puppet for configuration management. Thus we can provide documented configuration that provides a history for configuration changes. The configuration on the server is defined by puppet and we can guarantee a solid and stringent state of your servers. This also assures that each of your application servers for your project are the same.

Owner of this card:

Avatar
Thomas Eisenbarth
Last edit:
3 months ago
by Claus-Theodor Riegg
Attachments:
Architektur_railscomplete.png
Posted by Thomas Eisenbarth to opscomplete
This website uses cookies to improve usability and analyze traffic.
Accept or learn more