Changes between Version 1 and Version 2 of ServiceDeployment


Ignore:
Timestamp:
11/16/10 19:04:31 (14 years ago)
Author:
Dave Morris
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ServiceDeployment

    v1 v2  
    2727This has already been implemented for the BRICCS infrastructure services :
    2828
    29  * Subversion repository {{{svn.briccs.org.uk}}}
    30  * Maven repository {{{mvn.briccs.org.uk}}} http://mvn.briccs.org.uk/
    31  * Install repository {{{data.briccs.org.uk}}} http://data.briccs.org.uk/
    32  * Trac issue tracking and wiki {{{trac.briccs.org.uk}}} http://trac.briccs.org.uk/
    33 
    34  * Google Mail for the BRICCS team {{{mail.briccs.org.uk}}} http://mail.briccs.org.uk/
    35  * Google Docs for the BRICCS team {{{docs.briccs.org.uk}}} http://docs.briccs.org.uk/
     29 * Subversion repository ({{{svn.briccs.org.uk}}})
     30 * Maven repository ({{{mvn.briccs.org.uk}}}) http://mvn.briccs.org.uk/
     31 * Install repository ({{{data.briccs.org.uk}}}) http://data.briccs.org.uk/
     32 * Trac issue tracking and wiki ({{{trac.briccs.org.uk}}}) http://trac.briccs.org.uk/
     33
     34 * Google Mail for the BRICCS team ({{{mail.briccs.org.uk}}}) http://mail.briccs.org.uk/
     35 * Google Docs for the BRICCS team ({{{docs.briccs.org.uk}}}) http://docs.briccs.org.uk/
    3636
    3737Using human readable DNS aliases for our services not only makes things easier for our end users (catissue.briccs.org.uk is easier to remember and check than briccs-3.rcs.le.ac.uk), it also gives us a degree of flexibility in terms of relocating our services.
     
    5656=== DNS management ===
    5757
    58 The DNS settings for {{{briccs.org.uk}}} are currently handled by LCN (https://www.lcn.com/), the [[http://en.wikipedia.org/wiki/Domain_name_registrar DNS registrar]] we used to register the domain name.
     58The DNS settings for {{{briccs.org.uk}}} are currently handled by LCN (https://www.lcn.com/), the [http://en.wikipedia.org/wiki/Domain_name_registrar DNS registrar] we used to register the domain name.
    5959
    6060This was the quickest and easiest way to get things up and running.
    6161Registering a new domain name through a commercial registrar typically takes less than 60 seconds to fill in the form and click 'Ok'.
    6262
    63 In the longer term we will probably want to transfer ownership of the DNS name to the university IT services.
     63In the longer term we may want to transfer ownership of the DNS name to the university IT services.
    6464Transferring the ownership of a registered DNS domain is a fairly simple operation.
    65 
    66 However, the ability to change the DNS aliases for our services forms part of our disaster recovery plan.
    67 For example, if one of our web servers fails we may need to update the DNS alias to point to a new service quickly and easily.
    68 
    69 If we do decide to transfer the management of the {{{briccs.org.uk}}} domain to the university IT services we should check that we would still be able to make changes to the DNS information quickly and easily,
     65However, the ability to change the DNS aliases for our services forms an important part of our disaster recovery plan.
     66If for example, one of our web servers fails, we would need to be able to deploy a new service and update the DNS alias quickly and easily.
     67
     68If we do decide to transfer the management of {{{briccs.org.uk}}} to university IT services we need to check that we would still be able to make changes to the DNS information quickly and easily,
    7069preferably out of normal office hours (see note on DNS caching).
    7170
     
    210209Changing the delegation settings in the Apache web server would take effect immediately, and all of our users would be connected to the new service.
    211210
    212 Note that in this scenario, the old service is left intact.
     211==== Fallback option ====
     212
     213Note that in the above scenario, the old Tomcat/JBoss service is left intact.
    213214This means that if there are any unexpected problems with the new deployment we can swap back to the old service if we need to.
    214 
    215 == Recommendations ==
     215We only delete the old service once we are happy that the new service is running correctly.
     216
     217==== Critical services ====
     218
     219It is also worth noting that the Apache web server is the only component in system that end users interact with directly.
     220
     221If we deploy the Apache web server on a separate machine, then this is the only component that cannot be moved or re-deployed.
     222All of the other components and services can be re-deployed without affecting our users.
     223
     224Assuming we have good backups for our databases, if a back-end Tomcat/JBoss service fails need can re-deploy a new service on a new machine and update the the Apache proxy service.
     225The new service would replace the failed service without having to update the URLs used by our end users.
     226
     227With this in mind it may be best to keep the Apache web server deployment as simple as possible, with just the web server and AJP proxy module installed on that machine.
     228
     229==== Service vulnerability ====
     230
     231If the Apache web server is deployed on a separate machine, we can restrict access to the back-end JBoss/Tomcat web services to only allow connections from a limited set of machines.
     232This will help to reduce the number of security vulnerabilities we are exposed to e.g. ticket:36.
     233
     234= Recommendations =
    216235
    217236If we are considering migrating our live CaTissue service from briccs-3 to briccs-1, then we will need to notify all our users of a change to the URL they should use.