High-Level Architecture Description
View file
This page is holding information about requirements for service_name operations, in terms of required infrastructure and resources.
...
Infrastructure Requirements
Indicate requirements for servers, VMs or containers, grouping the requirements for multiple VMs in one column. Add as many columns as necessary, adding the sensible distinguisher for each group that will enable its later identification.
VM requirements | Group_1_distinguisher | Group_2_distinguisher | Web Frontend VM | RADIUS SP Proxy VM |
---|---|---|---|---|
Description of usage | Presents the UI to eduroam NROs and eduroam SP operators, for management of their Wi-Fi deployments. The VM also triggers configuration changes on the RADIUS servers via the R Config API. | Exposes a dedicated pair of (IP, UDP port) to each connected eduroam SP. VM accepts incoming RADIUS traffic from eduroam SPs and forwards requests via RADIUS/TLS to the production eduroam infrastructure (preferably with a NAPTR lookup target, alternatively via an NRO/ETLR backup link). Each VM can handle up to m=500 eduroam SPs. | Description of usage||
Number of VMs with same specification | 1 | n (Pilot: n=2; Prod: n=scale-up with number of eduroam SPs connected) | ||
Hardware requirements (CPU, RAM, disk space) | 1 CPU, 1 GB RAM, 10 GB disk space | 1 CPU, 512 MB RAM, 50 GB disk space | ||
Network connection requirements | standard | standard | ||
IP addressing requirements (IPv4, IPv6, public route) | IPv4 and IPv6 publicly reachable, static addresses | 2 x IPv4 and 2 x IPv6 publicly reachable, static addresses (one mgmt IP, one production IP)). Production IP must be stable when transitioning between Pilot and Production to avoid forcing eduroam SP reconfiguration. | ||
Naming requirements1 | msp-pilot.eduroam.org (DNS maintained by eduroam OT) | msp-radius-1...n.eduroam.org (DNS maintained by eduroam OT) |
Infrastructure Hosting Requirements
Hosting requirements | Applying to Group_1_distinguisher Applying to Group_2_distinguisherto Web Frontend VM | Applying to RADIUS SP Proxy VM |
---|---|---|
Availability | ||
Backup (what, frequency, retention period) | ||
Monitoring and alerting1 | ||
Measuring and Reporting2 | ||
Log retention3 | ||
Security policy for access and usage4 |
1As the minimum, network accessibility (outside of LAN) and hardware resource usage must be monitored. Indicate if some of these resources can be deemed critical so that adequate thresholds for alerting are implemented. Additional, indicate which specific applications uptime and operational health must be monitored and alerting implemented.
2Define what should be measured, how and with what period in order to deliver appropriate reporting relating to KPIs, usage, etc.
3Define which logs should be kept in order to have debugging data and data in case of misuse of the service, and how long logs should be retained.
4Define the policy for limiting access to the piece of the infrastructure and where it should be implemented (system level, network level etc.)
System and Application Maintenance Requirements
System and application requirements | Applying to Group_1_distinguisher | Applying to Group_2_distinguisher |
---|---|---|
Operating system | ||
Applications1 | ||
Maintenance hours2 | ||
Configuration management3 |
1 List the applications installed on a system, and add corresponding licenses where applicable.
2 Define the appropriate time window for regular maintenance or give some recommendations.
3 Applies to automatised configuration management. Describe the system used.
Human Resources Requirements
Indicate requirements both in skills and manpower needed, for personnel needed for the DevOps team (that maintains service specific applications) and for L2 support.
Human resources requirements | Applying to Group_1_distinguisher | Applying to Group_2_distinguisher |
---|---|---|
Description | ||
Manpower (in % of FTE) | ||
Recommended number of persons (considering backup) | ||
Skills |