Platform Server Technical Specifications - Cloud Implementation
Introduction
This section defines the infrastructure and services used in the stacks' deployment.
Virtual Private Cloud
We create a virtual private cloud (VPC) for each platform stack deployed within a stated region. The VPC provides an isolated and private network environment in which the platform infrastructure gets deployed. Ingress and egress out of the VPC is tightly controlled. Access to individual tenants deployed within a platform stack is restricted within the platform software. Security is managed through AWS security group (aka firewalls) and access is restricted by port. Access to endpoints deployed within the VPC are controlled using network and application load balancers.
-
AWS Resource Type = AWS Virtual Private Cloud (VPC)
Network and Application Load Balancers
To provide access to specific platform services and functionality, our cloud implementations use the AWS network and application load balancers. The load balancers are service- and port-specific and monitored by intrusion and vulnerability detection solutions. To ensure that they are protected from outside intrusion, cloud tenants are provided tenant-specific URLs and port information needed to access their specific tenant and tenant functionality.
-
AWS Resource Type = AWS Classic Network Load Balancer, used to provide access to the tenant platform manager and provide access to the mobile client listener ports.
-
AWS Resource Type = AWS Application Load Balancer, used to provide access to legacy cloud inventory solutions, including wire based and react based cloud inventory applications.
Application server
The application server is the primary communication apparatus used by mobile clients running mobile applications. Application servers are deployed using AWS EC2 instances, which are deployed across multiple AWS availability zones within a stated region. Customer tenants are deployed into a stated region according to proximity to the customer's back-office environment.
-
AWS Resource Type = EC2
-
EC2 Instance Type = c5.2xlarge
Support service server
The stack uses the support services server for non-mobile client communication processes such as asynchronous function processing, label printing, LDAP integration, data replication, and others. Support services servers are deployed using AWS EC2 instances, which are deployed across multiple AWS availability zones within a stated region. Customer tenants are deployed into a stated region according to proximity to the customer's back-office environment.
-
AWS Resource Type = EC2
-
EC2 Instance Type = c5.2xlarge
File System
A platform stack utilizes a redundant file system that contains system-specific information related to the stack, along with individual tenant data folders, which are configured to allow access by only the specific tenant. The redundant file system is deployed across multiple availability zones within a stated region. The redundant file system is also backed up and has five-minute shadow copies available for individual file restoration when required.
-
AWS Resource Type = FSx
-
FSx Sizing = Variable based on number of tenants and amount of data
Database server
A platform stack uses a redundant database system referred to as the platform database. The platform database contains specific system and individual tenant schemas configured to allow access by the specific tenant. The platform database is deployed across multiple availability zones within a stated region. We backup the platform database and provide 15-minute incremental recovery of individual tables should it be required.
-
AWS Resource Type = Aurora MySQL Relational Database System
-
MySQL RDS Sizing = Variable based on number of tenants and amount of data.
ElastiCache Storage
The platform's stack uses a redundant cache storage solution. The cache storage solution contains specific system and tenant-specific data. The cache storage solution is deployed across multiple availability zones within a stated region.
-
AWS Resource Type = Redis ElastiCache
Gateway server
A cloud connect gateway server is a virtual private network appliance deployed into a customer's private network. The Gateway Server provides a secure means of allowing a customer tenant deployed in the AWS infrastructure to communicate with resources in the customer's private network. A gateway is typically deployed when a customer is integrating their platform solution with ERP system or other back-office resources such as label printers, 3rd party solution services, databases, held up integration services, 3rd party controllers, and other solutions. The need for a gateway in a specific customer environment is determined during the architecture design workshop. Gateway server is a Windows based server. Specifications for that server are listed below.
Note:Nextworld recommends you set the DSI Gateway service account as a Windows Domain Account with Local Administrative rights on the machine.
Server hardware requirements
A physical or virtual machine is required to deploy the cloud connect gateway service. The hardware requirement for this server you shall below.
CPU
4 cores
RAM
16 GB memory
Drive space
2 disk or disk partitions are recommended.
-
OS Disk = 80gb, will host OS and page files
-
App Disk = 80gb, will host gateway services and other required software components needed for the gateway to perform its duties.
Network Interface Card (NIC)
1 NIC
Operating system requirements
Gateway service is a Windows based service and must be deployed on a Windows based operating system. Supported operating systems for the gateway service are:
-
2016 Standard Edition
-
2019 Standard Edition
-
2019 DataCenter Edition
-
2022 Standard Edition
Other Gateway Requirements
Because the gateway acts as a virtual private network appliance between a customer's cloud tenant and their private network, additional requirements are necessary to successfully deploy a gateway for use by a customer tenant.
.NET Framework
For Mobile Enterprise Platform 25.1, .NET 4.8.x with all the latest patches must be installed on the server
SSL Certificate
A commercially purchased Secure Socket Layer (SSL) certificate is required. This certificate is used on all Mobile Enterprise Platform servers to provide a secure connection between web browsers and tenant mobile clients.
Public IP and DNS record
The network or internet service provided must set up a public IP and DNS record for the gateway server where the gateway service runs. This DNS record gets registered with the customer's tenant and the cloud servers use it to resolve the public IP address of the gateway server..
Additional software
-
Any database client tools appropriate for the customer-specific database that the tenant might need for integration. (x64-bit client tools only).
-
Any database client tools appropriate for the ERP system database that the customer tenant might need for integration (used by the server when accessing database tables) (x64-bit client tools only).
Note:
-
The server requires the use of .NET-compliant drivers to access databases.
-
Your organization's specific configuration and architecture needs may require additional software, which the Delivery team outlines in the Architecture Design Document after the Architecture Design Workshop.
Loading...
There was a problem loading this topic