Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

High-Level Architecture Description

View filenameThe following diagram depicts the system architecture of eduroam Managed SP UML Diagram.vpd(1).svgheight250

This page is holding information about requirements for service_name operations, in terms of required infrastructure and resources.

...


Image Added

Infrastructure Requirements

Indicate requirements for servers, VMs or containers, grouping the requirements for multiple VMs in one column. Add as many columns as necessary, adding the sensible distinguisher for each group that will enable its later identification. 

Description of usage
VM requirementsGroup_1_distinguisherGroup_2_distinguisherWeb Frontend VM
RADIUS SP Proxy VM
Description of usagePresents the UI to eduroam NROs and eduroam SP operators, for management of their Wi-Fi deployments. The VM also triggers configuration changes on the RADIUS servers via the R Config API.

Exposes a dedicated pair of (IP, UDP port) to each connected eduroam SP. VM accepts incoming RADIUS traffic from eduroam SPs and forwards requests via RADIUS/TLS to the production eduroam infrastructure (preferably with a NAPTR lookup target, alternatively via an NRO/ETLR backup link).

Each VM can handle up to m=500 eduroam SPs.

Number of VMs with same specification1n (Pilot: n=2; Prod: n=scale-up with number of eduroam SPs connected)
Hardware requirements (CPU, RAM, disk space)1 CPU, 1 GB RAM, 10 GB disk space1 CPU, 512 MB RAM, 50 GB disk space
Network connection requirements

standard

standard

IP addressing requirements (IPv4, IPv6, public route)IPv4 and IPv6 publicly reachable, static addresses2 x IPv4 and 2 x IPv6 publicly reachable, static addresses (one mgmt IP, one production IP)). Production IP must be stable when transitioning between Pilot and Production to avoid forcing eduroam SP reconfiguration.

Naming requirements1

msp-pilot.eduroam.org (DNS maintained by eduroam OT)msp-radius-1...n.eduroam.org (DNS maintained by eduroam OT)
Applicable if DNS records maintenance is required (naming scheme and type of records)
Indicate other service specific resource requirements. Add as many columns as necessary, adding the sensible distinguisher for each group that will enable its later identification.
Other resource requirementsGroup_1_distinguisherGroup_2_distinguisherOther requirement and its specifics

Infrastructure Hosting Requirements

Indicate requirements for infrastructure hosting, scoping by the above indicated infrastructure elements as necessary, or introducing the new ones (when hosting black-box components) . 


Hosting requirements

Applying to Group_1_distinguisher

Applying to Group_2_distinguisher

to Web Frontend VM

Applying to RADIUS SP Proxy VM

Availability



Backup (what, frequency, retention period)



Monitoring and alerting1



Measuring and Reporting2



Log retention3



Security policy for access and usage4




1As the minimum, network accessibility (outside of LAN) and hardware resource usage must be monitored. Indicate if some of these resources can be deemed critical so that adequate thresholds for alerting are implemented. Additional, indicate which specific applications uptime and operational health must be monitored and alerting implemented.

2Define what should be measured, how and with what period in order to deliver appropriate reporting relating to KPIs, usage, etc.

3Define which logs should be kept in order to have debugging data and data in case of misuse of the service, and how long logs should be retained.

4Define the policy for limiting access to the piece of the infrastructure and where it should be implemented (system level, network level etc.)

System and Application Maintenance Requirements

Indicate requirements for system and application maintenance, scoping by the indicated infrastructure elements, as necessary. 


System and application requirements

Applying to Group_1_distinguisher

Applying to Group_2_distinguisher

Operating system



Applications1



Maintenance hours2

Configuration management3




1 List the applications installed on a system, and add corresponding licenses where applicable.

Define the appropriate time window for regular maintenance or give some recommendations.

Applies to automatised configuration management. Describe the system used.

Human Resources Requirements

Indicate requirements both in skills and manpower needed, for personnel needed for the DevOps team (that maintains service specific applications) and for L2 support.

Human resources requirements

Applying to Group_1_distinguisher

Applying to Group_2_distinguisher

Description



Manpower (in % of FTE)



Recommended number of persons (considering backup)

Skills