opscomplete
Our opscomplete gives you everything necessary to run a modern web infrastructure in a professional manner.
You have the application code, we take care of everything else. We have a private cloud running hundreds of sites but also support running and maintaining your application on AWS.
Architecture
Datacenter location
Our datacenter is located entirely within Germany and, consequently, the EU.
Network Connectivity
Public
Our Infrastructure has a 10 GBit/s uplink to the data center Backbone which has a total capacity of 4 TBit/s. There are connections to BCIX, DE-CIX Munich and Frankfurt ECIX Berlin, Düsseldorf and Munich as well as N-IX.
Internal
Internal bandwidth is set to 1 GBit/s.
External
The uplink for the internal servers (outside the scope of the load balancers) is set to 1 Gbit/s.
Traffic
Public
The default setup includes 1000 GB of traffic and a peak bandwidth of 500 Mbit/s.
Internal
Internal traffic is included.
External
External traffic from servers (outside the scope of the load balancer) is included.
Traffic Shaping on VMs
We limit the network bandwidth on the VMs to prevent them from using all the resources of the underlying VM Host. If we detect a VM is running at it's limit all the time we discuss with the customer if we need to increase the available network bandwidth.
Possibilities
Redis/Sentinel
If you want to have a high-availability Redis setup we offer Sentinel with automatic failover. This needs a dedicated quorum server or third application server.
Dedicated Database
Besides the shared database server we also offer dedicated database servers just for the customer. We support MySQL/MariaDB and PostgreSQL, both with high-availability, redundancy and automatic-failover as well es daily backups.
SSL
We integrate the free Let's Encrypt Certificates as well as fee-based commercial certificates.
Security
Updates
We install newest updates for our systems on a weekly schedule. In the case of critical issues we install the security fixes or implement necessary mitigations as soon as possible, taking into consideration possible impact to production resources.
Connections
We rely on encrypted connections and use the best practice attempt for cryptographic algorithms. We don't have plain text authentication and force the use public key authentication.
Database connections stay within the local network and aren't accessible from the Internet.
Availability
Loadbalancer
We have a setup of three load balancing servers that are capable of fast, automatic failover to cover any outages and they also offer round-robin and weighted traffic distribution.
Application Server
Our default setup includes two application servers to achieve redundancy. Thus if one of the servers goes offline (failure, outage, planned maintenance) the application is still available and accessible on the other one. It's possible to scale vertically (add virtual resources) as well as horizontally (add servers), see here.
Database Server
Our default setup includes two database servers at different physical locations to achieve redundancy. Thus if one of the servers goes offline (failure, outage, planned maintenance) the databases are still available and usable.
Monitoring
We provide two sorts of monitoring:
Outage
We run an automated 24/7 monitoring for all relevant resources and services so we can act fast on any issues. We're using Naemon Show archive.org snapshot for that purpose.
Performance
We run an automated 24/7 performance monitoring to cover the need for adjustments regarding hardware resources. We're using collectd Show archive.org snapshot , graphite Show archive.org snapshot and grafana Show archive.org snapshot for that purpose.
Backups
We provide daily backups of databases and data stored in glusterfs from the application servers. Up on request we backup additional filesystem paths. You'll find the details here: 400 Backup
Configuration Management
We use puppet Show archive.org snapshot for configuration management. Thus we can provide documented configuration that provides a history for configuration changes. The configuration on the server is defined by puppet and we can guarantee a solid and stringent state of your servers. This also assures that each of your application servers for your project are the same.
