Skip to main content

Provisioning Your Own SmartSimple Server

Updated

Overview

This article delineates the essential steps required to provision your own SmartSimple server infrastructure if you have subscribed to the Private Cloud offering and intend to utilize your own hardware to host SmartSimple.

 

Infrastructure Prerequisites

A successful deployment necessitates that you possess the expertise and resources necessary to provision and support the items outlined below.

Operating System

  • CentOS (the currently supported version is CentOS 7 x86-64; RHEL 7 x86-64 is also compatible).

Resources

Computing Resources

Required:

  • CPU: Minimum equivalent to an Amazon Web Services m4.xlarge sized general-purpose EC2 instance (currently equivalent to 4 virtual CPU units of 2.3 GHz Intel Xeon® E5-2686 v4 (Broadwell) processors or 2.4 GHz Intel Xeon® E5-2676 v3 (Haswell) processors).
  • Memory: Minimum equivalent to an Amazon Web Services m4.xlarge sized general-purpose EC2 instance (currently equivalent to 16 GB RAM).

Storage

Required:

  • Minimum 10 GB volume mounted to the root volume (/).
  • Minimum 500 GB volume mounted to the /smartsimple volume.
  • The capability to dynamically expand these volumes or add additional volumes as necessary.

Recommended:

  • An additional 20 GB volume partitioned into four 5 GB segments and mounted to /tmp, /var, /var/log, and /var/log/audit.
  • Encryption should be applied to all volumes. The SmartSimple infrastructure utilizes the Amazon Web Services (AWS) Key Management Service (KMS), which employs the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS utilizes this algorithm with 256-bit secret keys, and the KMS is configured to rotate the secret keys annually.

Network

Firewall

Required:

  • Open inbound ports 80 (HTTP) and 443 (HTTPS) to all sources.
  • Open inbound port 22 (SSH) to specific static IPs from SmartSimple office locations to allow administrative access for SmartSimple personnel.
  • Open inbound port 22 (SSH) to your other SmartSimple environments (e.g., the backup environment) to facilitate synchronization.
  • Open inbound port 8009 (AJP) or another equivalent, which may be required from the web to the application environment in the event that these are separate environments.
  • Open inbound port 3306 (JDBC) which may be required from the application to the database environment if these are separate environments.

Recommended:

  • Restrict all other inbound connections.

Required:

  • Open outbound ports 80 (HTTP) and 443 (HTTPS) to all sources.
  • Open outbound port 22 (SSH) to your other SmartSimple environments (e.g., the production environment) to facilitate synchronization.
  • Open outbound port 123 (NTP) to all sources.
  • Open outbound port 587 (SMTP) to all sources.
  • Open outbound port 8009 (AJP) or another equivalent, which may be required from the web to the application environment if these are separate environments.
  • Open outbound port 3306 (JDBC) which may be required from the application to the database environment if these are separate environments.

Recommended:

  • Allow outbound traffic to all sources.

Domain Administration

You may opt to utilize your own domain address for your SmartSimple server instead of employing our default domain. To do so, you will require the following:

  • A registered domain.
  • Selection of a fully qualified domain name for your SmartSimple application. This must include a subdomain string in the format applicationname.yourdomain.com, e.g., apply.smartsimple.com.
  • An A record in your DNS pointing to your server.
  • A reverse DNS entry configured for your server (optional).
  • An SSL certificate (this can be purchased with a CSR provided by SmartSimple, or you may provide an existing certificate and private key). The certificate should be in PEM format.

Architecture

Coming soon...

Security

Coming soon...

Disaster Recovery

Since you may choose to provision all or only a portion of the infrastructure, you have various options for disaster recovery. The following outlines, firstly, the typical disaster recovery solution employed by SmartSimple, and secondly, the various options available to you depending on your environment.

SmartSimple Disaster Recovery Strategy

  • A hot backup environment is provisioned to remain continuously online and available. This backup environment is analogous to the production environment but is hosted in a different geographical region. This backup environment is synchronized with the production environment via a daily SSH rsync.
  • A copy of each daily database backup file is transferred to an archive location and retained for up to 90 days. The archive location comprises a combination of Amazon S3 and Glacier storage, with data transferred there via AWS CLI API calls from the production environment.

Your Disaster Recovery Options

  • Allow SmartSimple to provision our standard disaster recovery strategy as outlined above.
  • Provision your own infrastructure to fulfill the functions of the aforementioned strategy.
  • Develop your own disaster recovery strategy entirely, e.g., simply a daily image of your server volumes instead of a hot backup environment.

Example Setup within Amazon Web Services

The following serves as an example of how to provision the foundational infrastructure necessary to host SmartSimple in an AWS environment. These instructions assume a setup from scratch; however, if you already possess existing AWS components into which you wish to deploy your SmartSimple environment, you may need to modify the instructions accordingly. Upon completion, you will need to contact SmartSimple to install the SmartSimple components.

Prerequisites

  • A registered Amazon Web Services account.

Creating the Initial Infrastructure

  1. Select a Region in which to operate (e.g., US East (N. Virginia)).
  2. Within the VPC (Virtual Private Cloud) service menu, create a VPC with default tenancy.
    1. Create a Subnet within the VPC and select an Availability Zone.
    2. Create an Internet Gateway and attach it to the VPC.
    3. Edit the Route Table associated with the VPC and add the following route:
      Destination: 0.0.0.0/0 Target: above Internet Gateway
  3. Create Security Groups to define network security.
    1. Create a Security Group for the Web layer. Configure inbound rules for ports 80 (HTTP) and 443 (HTTPS) to be open from all sources (0.0.0.0/0).
    2. Create a Security Group for SSH access. Configure inbound rules for port 22 (SSH) to be open from SmartSimple office environments (please contact SmartSimple for a list of static IPs).
    3. Create a Security Group for the Database layer. Configure inbound rules for port 3306 (MySQL) to be open from the aforementioned Web Security Group.
  4. Within the IAM service menu, create an Encryption Key. This will be utilized for volume encryption.
  5. Within the EC2 service menu, launch an EC2 Instance.
    1. From the AWS Marketplace, select the CentOS 7 image 'CentOS 7 (x86_64) - with Updates HVM'.
    2. Select an Instance Type of m4.xlarge.
    3. Select the VPC and corresponding Subnet.
    4. Create three storage Volumes and enable encryption on them using the aforementioned key. Set the volumes with the following specifications:
      • 10GB root volume (/dev/sda1)
      • 500GB SmartSimple volume (/dev/sdf)
      • 20GB ext volume (/dev/sdg)
    5. Encrypt the volumes with the aforementioned Encryption Key.
    6. Associate the previously created Web and SSH Security Groups.

Optional RDS Deployment

While the aforementioned steps are sufficient for a basic SmartSimple environment, the following instructions are optional if you wish to provision a high availability clustered environment by adding an AWS Relational Database Service (RDS) instance.

  1. Within the RDS service menu, create a new DB Subnet Group and add Subnets for two different Availability Zones.
  2. Create a new Parameter Group based on the default 'mariadb10.0'. Set the following parameters:
    • character_set_server = utf8mb4
    • connect_timeout = 60
    • delayed_insert_limit = 92233720368
    • delayed_insert_timeout = 31536000
    • delayed_queue_size = 9222337220
    • interactive_timeout = 60
    • log_bin_trust_function_creators = 1
    • max_allowed_packet = 1073741824
    • max_heap_table_size = 1073741824
    • sql_mode = no_auto_create_user,no_engine_substitution
    • time_zone = your local timezone (e.g., 'US/Eastern')
    • tmp_table_size = 1073741824
    • wait_timeout = 60
  3. Launch a DB Instance.
    1. Select the MariaDB database engine (version 10.4.x).
    2. Select an Instance Class of db.m4.large (if deploying RDS, the EC2 instance created above may be resized from m4.xlarge to m4.large).
    3. You may choose whether to enable Multi-AZ Deployment.
    4. Set Allocated Storage to 200GB.
    5. Select the VPC, Subnet Group, Security Group, and DB Parameter Group previously created.
    6. Set Publicly Accessible to no, and Enable Encryption to yes, selecting the previously created Encryption Key.
    7. You may set Auto Minor Version Upgrade to yes to allow for automatic updates.

Creating Additional Environments

To create additional environments for disaster recovery backups or for development and testing, you can simply take snapshots of the EC2 and RDS instances and deploy new images. You may need to first create new VPC containers for these environments.

Was this article helpful?

0 out of 0 found this helpful
Return to top

Helpful Links