...
VM requirements | Web Frontend | RADIUS | OCSP Responder |
---|---|---|---|
Description of usage | provides the web frontend functionality including creation of keys, certificates and OCSP statements. main processes: Apache 2, PHP7, MySQL/MariaDB | authenticates EAP sessions. | serves OCSP statements on request of RADIUSmain processes: Apache 2 |
Number of VMs with same specification | 1 | 2 | 1 |
Hardware requirements (CPU, RAM, disk space) | 2 CPU, 1G RAM, 30 GB disk | 1 CPU, 512 MB RAM, 30 GB disk | 1 CPU, 512 MB RAM, 30 GB disk |
Network connection requirements | incoming TCP/443 (from world) | incoming TCP/2083 (from world) | incoming TCP/80 (from world) |
IP addressing requirements (IPv4, IPv6, public routable) | yes, yes, yes | yes, yes, yes | yes, yes, yes |
Naming requirements1 | DNS name: "hosted.eduroam.org" (A/AAAA, plus matching PTR) | DNS name: "auth-1/2.hosted.eduroam.org" (A/AAAA, plus matching PTR) NAPTR: *.hosted.eduroam.org (wildcard!) SRV: _radsec._tcp.hosted.eduroam.org. | DNS name: "ocsp.hosted.eduroam.org" (A/AAAA, plus matching PTR) |
Other resource requirements | SMS Gateway |
---|---|
Indicate which ones together with their specifics | needs an account on www.nexmo.com and sufficient funds to send SMSes account should be created with an email address that is read to receive "low balance" alerts, alternatively enable the feature "Auto reload" the accounts "key" and "secret" go into the product configuration ( CONFIG_CONFASSISTANT['SMSSETTINGS'] ) |
Infrastructure hosting requirements
Hosting requirements | Applying to add_distinguisherWeb Frontend | Applying to RADIUS | Applying to | add_distinguisherOCSP Responder |
---|---|---|---|---|
Availability | ||||
Backup (what, frequency, retention period) | ||||
Monitoring and alerting1 | ||||
Measuring and Reporting2 | ||||
Log retention3 | ||||
Security policy for access and usage4 |
1 At minimum network accessibility (outside of LAN) and hardware resource usage must be monitored. Indicate if some of this resources can be deemed critical so that adequate thresholds for alerting are implemented. Additional, indicate which specific applications uptime and operational health must be monitored and alerting implemented.
2Define what should be measured, how and with what period in order to deliver appropriate reporting relating to KPIs, usage, etc.
4Define the policy for limiting accessing to the infrastructure piece and where it should be implemented (system level, network level etc.)
System and Application maintenance requirements
System and Application Requirements | Applying to add_distinguisherWeb Frontend | Applying to RADIUS | Applying to | VM add_distinguisherOCSP Responder |
---|---|---|---|---|
Operating system | ||||
Applications1 | Apache 2, PHP7, MariaDB | FreeRADIUS 3 | Apache 2, PHP7 | |
Maintenance hours2 | ||||
Configuration management3 |
1 List the applications installed on a system, and add corresponding licenses where applicable.
2 Define window appropriate for regular maintenance. /give some recommendations
3 Applies for automatized configuration management. Describe system used.
Human resources requirements
Indicate requirements both in skills and manpower needed, for personnel needed for devops team (that maintains service specific applications) and for L2 support.
Human resources requirements | add_distinguisher | add_distinguisher |
---|---|---|
Description | ||
Manpower | ||
Recommended number of persons (considering backups) | ||
Skills |