Morioh
Login
Domingo Jakubowski

Domingo Jakubowski

3 years ago

Let’s assume your organization is planning to develop an enterprise solution (name it opendrapp) using microservice architecture having below components and host them in a private cloud.

  • OpenDrApp-UI: Reactjs based app.
  • OpenDrApp-ACL: OpenID based user access control.
  • OpenDrApp-CRM.
  • OpenDrApp -PC &OrderCare with PMS, PIS, CAM, BM, WM, NIM etc
  • OpenDrApp-Charging.
  • OpenDr - Billing.

Database: Cloud-native database hosted on Kubernetes in HA &FT config.

Cache/key store: cloud-native hosted in Kubernetes in HA config.

Message broker: cloud-native hosted on Kubernetes in HA config.

Let’s say architecture building blocks of the OpenDrApp would be something like below. Please note that each block may contain multiple individually deployable components. Only UI will be exposed outside.

Figure 1: Architectural building blocks

Environment Design

Let’s try to design the environment to support the above application. We will try to design as vendor independent as possible them would discuss vendor specific alternative approach. We will be requiring below infrastructure to support the application.

  • Highly-available Kubernetes cluster to host application, database, message broker and key store solution.
  • Highly-available object storage. Which would be coupled with Kubernetes cluster to store persistence data of database, broker, key store and application logs etc.
  • A HA load balancer to route the external traffic to Kubernetes workers.

Figure 2: High Level Infra Design

Let’s discuss the above design in details.

Network Design

  • Private subnet for OpenDrApp VM communication: It’s a 10.0.1.0/24 subnet with gateway 10.0.1.0. Router will have external link to organization’s internal satellite server to receive OS patches. All the VM will primarily be connected to this subnet. Kubernetes, Storage VMs will interact using this network. Will recommend multiple similar private subnet in case of network redundancy requirement.
  • **One provider network towards organization internal management network. **
  • One Provider network towards traffic network which to be exposed externally and internally.

#security #infrastructure #cloud (add topic) #software design #kubernates

Design Cloud-Native Secure Environment to Host Your Enterprise Application

dzone.com

Design Cloud-Native Secure Environment to Host Your Enterprise Application

CloInfrastructure layout with Network, IP, VM design for your HA application to be hosted in HA Kubernetes cluster

1.15 GEEK