Posted over 4 years ago. Visible to the public.

Infrastructure basics

opscomplete

Our opscomplete gives you everything necessary to run a modern web infrastructure in a professional manner.
You have the application code, we take care of everything else. We have a private cloud running hundreds of sites but also support running and maintaining your application on AWS.

Architecture

Image

Network Connectivity

Public

Our Infrastructure has a 10 GBit/s uplink to the data center Backbone which has a total capacity of 4 TBit/s. There are connections to BCIX, DE-CIX Munich and Frankfurt ECIX Berlin, Düsseldorf and Munich as well as N-IX.

Internal

Internal bandwidth is set to 1 GBit/s.

External

The uplink for the internal servers (outside the scope of the load balancers) is set to 1 Gbit/s.

Traffic

Public

The default setup includes 1000 GB of traffic and a peak bandwidth of 500 Mbit/s.

Internal

Internal traffic is included.

External

External traffic from servers (outside the scope of the load balancer) is included.

Traffic Shaping on VMs

We limit the network bandwidth on the VMs to prevent them from using all the resources of the underlying VM Host. If we detect a VM is running at it's limit all the time we discuss with the customer if we need to increase the available network bandwidth.

Possibilities

Redis/Sentinel

If you want to have a high-availability Redis setup we offer Sentinel with automatic failover. This needs a dedicated quorum server or third application server.

Dedicated Database

Besides the shared database server we also offer dedicated database servers just for the customer. We support MySQL/MariaDB and PostgreSQL, both with high-availability, redundancy and automatic-failover as well es daily backups.

SSL

We integrate the free Let's Encrypt Certificates as well as fee-based commercial certificates.

Security

Updates

We install newest updates for our systems on a weekly schedule. In the case of critical issues we install the security fixes or implement temporary workarounds ASAP.

Connections

We rely on encrypted connections and use the best practice attempt for cryptographic algorithms. We don't have plain text authentication and force the use public key authentication.

Database connections stay within the local network and aren't accessible from the Internet.

Availability

Loadbalancer

We have a setup of three load balancing servers that are capable of fast, automatic failover to cover any outages and they also offer round-robin and weighted traffic distribution.

Application Server

Our default setup includes two application servers to achieve redundancy. Thus if one of the servers goes offline (failure, outage, planned maintenance) the application is still available and accessible on the other one. It's possible to scale vertically (add virtual resources) as well as horizontally (add servers), see here.

Database Server

Our default setup includes two database servers at different physical locations to achieve redundancy. Thus if one of the servers goes offline (failure, outage, planned maintenance) the databases are still available and usable.

Monitoring

We provide two sorts of monitoring:

Outage

We run an automated 24/7 monitoring for all relevant resources and services so we can act fast on any issues. We're using Naemon Archive for that purpose.

Performance

We run an automated 24/7 performance monitoring to cover the need for adjustments regarding hardware resources. We're using collectd Archive , graphite Archive and grafana Archive for that purpose.

Backups

We provide daily backups of databases and data stored in glusterfs from the application servers. Up on request we backup additional filesystem paths. You'll find the details here: 400 Backup

Configuration Management

We use puppet Archive for configuration management. Thus we can provide documented configuration that provides a history for configuration changes. The configuration on the server is defined by puppet and we can guarantee a solid and stringent state of your servers. This also assures that each of your application servers for your project are the same.

Owner of this card:

Avatar
Thomas Eisenbarth
Last edit:
11 days ago
by Moritz Kraus
Attachments:
opscomplete_architecture.png, opscomplete_architecture_v2.png
Posted by Thomas Eisenbarth to opscomplete
This website uses short-lived cookies to improve usability.
Accept or learn more