IRCan HREDesigned for High Availability

HRE – VM Fabric

Fault-Tolerant Design Shared Storage across 4 Nodes. Each Node:▪ 6 X 900GB SAS 10k RPM hard drives configured RAID 5 +

hot standby▪ 10Gbps interconnects (storage), 1Gbps (network)

Node Pairs – Storage shadowed on Pair▪ Failure of Node – VM can be lit up on pair member that

is still live.

Node Pair

CPU

RAM

Storage (HD)

CPU

RAM

vm1 vm2

Storage (HD)

VHDghosted

vhd1

vhd1

vhd2

vhd2

vhd3

vhd3

vm3

1. If Node 1 Fails

2. HRE Administrator intervenes and activates VM on remaining Node Pair

vm2vm1

HRE – Backup Approaches

First Level - Live & Standby VMs – VHD duplicated to pair node

Storage available for guest VM to backup toHost Machine

VM

VM

VM

VM

VM

Host Machine

VM

VM

VM

VM

VM

Live and Standby VMs

HRE – VM Guest Backup

Guest VM backs up to Storage Facility Initiated by Guest VM – NOT by Host/HRE HRE – responsible for storage – not backup and

recovery procedure inside VMStorage facility

Host Machine

VM

VM

VM

VM

VM

HRE Tenant VM initiates backup at Guest VM level – putting data into Storage Facility at HRE or other location (Tenant choice).

HRE Networking

@10Mbps

internet

Node 1

Node 2

Node 3

Node 4

Node …

Node …… VPN Admi

n

Private LAN

Storage LAN

Bridge FWBridge FW

Node Pair 2Node Pair 1 Node Pair <n> Utility Servers

HRE – Tenant Cloud

Internet

Public Network

IRCanFW

PrivateFW1

PrivateFW2

VPNendpoint

WebServer

DatabaseServer

Tenant A minicloud

Technical Layers

SSC Infrastructure – Data Centre, Rack, Power, Network

HRE Infrastructure – Virtualization Fabric, Storage, VLANs, VPN

Tenant Application – Servers (OS, Applications), Network Devices,

Administration

Ad

min

istr

ati

on

Monit

ori

ng

C&A

From the “ground up” – Layered

Infrastructure + HRE + Tenant Application

ONLY Tenant Application is C&A eligible. Large Dependency on

HRE ▪ Therefore, leverage

common information for C&A Process on HRE and SSC infrastructure.

Problem

Provide a flexible, upgradable, dependable, infrastructure that Government departments can use to host applications and projects, involving FLOSS applications and tools.Provide the capability to implement each project’s security policy, within the greater responsibilities of The Crown.Provide a solution that doesn’t “get in the way” of receiving a certificaton from SSC authority.

Packages

OTRS

Ubuntu KVM Ganeti

DRBD MediaWiki

Openswan OpenVPN Unbound & NSD

BackupPC Nagios Munin

Apache Postfix Pylons

Maintenance Windows

Monthly – Guaranteed Outage Network and other maintenance performed in a

maintenance window. Assured outage of 1-hr / month (UNDER

DISCUSSION @HRE Governance Level)

ACTION ITEMS

D: get version #s of KVM etc.