Additional SugarCRM details for complete, functional, and portable deployment.
-
Upload
tamsyn-boone -
Category
Documents
-
view
213 -
download
0
Transcript of Additional SugarCRM details for complete, functional, and portable deployment.
![Page 1: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/1.jpg)
Additional SugarCRM details for complete, functional, and portable deployment
![Page 2: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/2.jpg)
EndPoint Deployment Requirements
EndPoint Purpose Comment
WebTier/DBTier SSH OS admin access Cloud may provide key pair. For clouds that don’t provide SSH key pairs, install SSH keys (or accept password security)
MySQL DBA MySQL admin Create optional separate SSH account or use OS SSH,Configure DB admin password
HTTPS/443 Application via SSL Install specific SSL certs on WebServer Tier or Load Balancer
HTTP/HTTPS Application clear and SSL May need to configure VirtualHosts (or like concept)
![Page 3: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/3.jpg)
Load Balancing
• Some EndPoints in a tier may be load balanced• Load Balancing can typically be realized in the
following ways:1. Deploy another tier of one or more VMs with Load
balancing software2. Use the Load Balancing Service provide by the cloud
by registering the load balanced VMs or any other programming
• It should be possible to select among these in each deployment context
![Page 4: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/4.jpg)
Application Container
Load Balancer Tier or Service
Load Balancing Abstractions
WebServerTier
Load Balancer
Virtual Service
VM 1
HTTP Client
Port 80/443HTTP/S EndPoint
VM nLoad Balanced Connectors for each member
of the pool
.
.
.
.
.
.
Server Pool(all servers in the tier)
Aggregated Exposed EndPoint (publicly visible)
. . .
.
.
.
![Page 5: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/5.jpg)
Virtual Service
• Aggregates a set of EndPoints• Semantics– Protocol
• HTTP, HTTPS, TCP
– Session Stickiness• Bind requests from same client to specific server (or not)
– Load distribution algorithm• Round robin, IP hash, least sessions, …
– Health check• Determine if pool member is considered available or not
![Page 6: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/6.jpg)
EndPoint Load Balancing
• Tier is modeled as requiring load balancing along with required LB semantics for a specific EndPoint
• Deployer tries resolve the requirement to a capability in the usual way
• Deployer may deploy a new load balancing tier/service, use an existing tier/service, or use the cloud’s LB service to provide the capability
![Page 7: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/7.jpg)
Firewall Update• The rules of all the firewall elements must be updated to allow access to
the necessary EndPoints of the deployment• Firewall elements differ across clouds
– Security Groups allow compartmentalizing sets of nodes• with large numbers (100s) or small numbers (5) available for allocation to deployments
– Some clouds only use the firewalls in the server Oses– Customers may want the strongest enforcement requiring update of all firewall
elements with the most restrictive access• Server network connectivity differs across clouds
– Single interface with private IP address– Multiple interfaces, one with private and one with public IP address– Datacenters have networks for specific purposes: app, mgmt, backup,
migration, DMZ, …– Static and dynamic IPs. IPs changing across restarts
![Page 8: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/8.jpg)
Firewall Element Update• Compute complete deployment topology
– Note this is done with the Instance Model (all Node Templates Instantiated) so we have all IP addresses
– Determine which networks each connector will be bound to based on constraints. Simple case assumes single private network with complete connectivity and connectors with External EndPoints must be updated in Security Group
– Assumes each exposed EndPoint is connected to an External EndPoint so we have complete set of connectors for all communication, but this an implementation detail
• For each connector– For each firewall element it traverses
• Update the element to allow the appropriate traversal
![Page 9: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/9.jpg)
SugarCRM Topology Model
Application Container
Database Tier
WebServerTier
FWHTTP Client
VM
VM
.
.
.
VMVLANVLAN
Application Container VMs are assigned to one or more SecurityGroups
Operating System Firewall Elements
![Page 10: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/10.jpg)
DNS and Public IPs
• Public IPs usually need to be resolvable via DNS
• This is typically done by one of:1. Binding an IP address already known by DNS to
the VM exposing the EndPoint2. Updating the DNS service with the dynamic IP
address of the VM exposing the EndPoint
![Page 11: Additional SugarCRM details for complete, functional, and portable deployment.](https://reader036.fdocuments.net/reader036/viewer/2022071807/56649dd95503460f94ace264/html5/thumbnails/11.jpg)
SugarCRM Service
SugarCRM Service Model
Zone1
WebServerTier
Apache Web Server
SugarCRM App
PHP Module
DBServerTier
MySQL
SugarCRM DB
TypedConnector
Required EndPoint
ProvidedEndPointHTTP
Client
DocumentRoot:/SugarCRMHTTP Content EndPoint
Port 80HTTP EndPoint
Database Server EndPoint propagates client credentials, DB Name, host and port client
EndPoint (Web Server)
Server Admin Access and/or
Management Access
requires