Presentation is loading. Please wait.

Presentation is loading. Please wait.

Additional SugarCRM details for complete, functional, and portable deployment.

Published byTamsyn Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "Additional SugarCRM details for complete, functional, and portable deployment."— Presentation transcript:

1 Additional SugarCRM details for complete, functional, and portable deployment

2 EndPoint Deployment Requirements EndPointPurposeComment WebTier/DBTier SSHOS admin accessCloud may provide key pair. For clouds that don’t provide SSH key pairs, install SSH keys (or accept password security) MySQL DBAMySQL adminCreate optional separate SSH account or use OS SSH, Configure DB admin password HTTPS/443Application via SSLInstall specific SSL certs on WebServer Tier or Load Balancer HTTP/HTTPSApplication clear and SSLMay need to configure VirtualHosts (or like concept)

3 Load Balancing Some EndPoints in a tier may be load balanced Load Balancing can typically be realized in the following ways: 1.Deploy another tier of one or more VMs with Load balancing software 2.Use the Load Balancing Service provide by the cloud by registering the load balanced VMs or any other programming It should be possible to select among these in each deployment context

4 Application Container Load Balancer Tier or Service Load Balancing Abstractions WebServerTier Load Balancer Virtual Service VM 1 HTTP Client Port 80/443 HTTP/S EndPoint VM n Load Balanced Connectors for each member of the pool............ Server Pool (all servers in the tier) Aggregated Exposed EndPoint (publicly visible).........

5 Virtual Service Aggregates a set of EndPoints Semantics – Protocol HTTP, HTTPS, TCP – Session Stickiness Bind requests from same client to specific server (or not) – Load distribution algorithm Round robin, IP hash, least sessions, … – Health check Determine if pool member is considered available or not

6 EndPoint Load Balancing Tier is modeled as requiring load balancing along with required LB semantics for a specific EndPoint Deployer tries resolve the requirement to a capability in the usual way Deployer may deploy a new load balancing tier/service, use an existing tier/service, or use the cloud’s LB service to provide the capability

7 Firewall Update The rules of all the firewall elements must be updated to allow access to the necessary EndPoints of the deployment Firewall elements differ across clouds – Security Groups allow compartmentalizing sets of nodes with large numbers (100s) or small numbers (5) available for allocation to deployments – Some clouds only use the firewalls in the server Oses – Customers may want the strongest enforcement requiring update of all firewall elements with the most restrictive access Server network connectivity differs across clouds – Single interface with private IP address – Multiple interfaces, one with private and one with public IP address – Datacenters have networks for specific purposes: app, mgmt, backup, migration, DMZ, … – Static and dynamic IPs. IPs changing across restarts

8 Firewall Element Update Compute complete deployment topology – Note this is done with the Instance Model (all Node Templates Instantiated) so we have all IP addresses – Determine which networks each connector will be bound to based on constraints. Simple case assumes single private network with complete connectivity and connectors with External EndPoints must be updated in Security Group – Assumes each exposed EndPoint is connected to an External EndPoint so we have complete set of connectors for all communication, but this an implementation detail For each connector – For each firewall element it traverses Update the element to allow the appropriate traversal

9 SugarCRM Topology Model Application Container Database Tier WebServer Tier WebServer Tier FW HTTP Client VM...... VLAN Application Container VMs are assigned to one or more SecurityGroups Operating System Firewall Elements

10 DNS and Public IPs Public IPs usually need to be resolvable via DNS This is typically done by one of: 1.Binding an IP address already known by DNS to the VM exposing the EndPoint 2.Updating the DNS service with the dynamic IP address of the VM exposing the EndPoint

11 SugarCRM Service SugarCRM Service Model Zone1 WebServerTier Apache Web Server SugarCRM App PHP Module DBServerTier MySQL SugarCRM DB Typed Connector Required EndPoint Provided EndPoint HTTP Client DocumentRoot:/SugarCRM HTTP Content EndPoint Port 80 HTTP EndPoint Database Server EndPoint propagates client credentials, DB Name, host and port client EndPoint (Web Server) Server Admin Access and/or Management Access requires

Download ppt "Additional SugarCRM details for complete, functional, and portable deployment."

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Windows Azure IaaS – Deep Dive

Windows Azure IaaS – Deep Dive
Mapping Service Templates to Concrete Network Semantics Some Ideas.

Mapping Service Templates to Concrete Network Semantics Some Ideas.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Application Internet Azure Cloud Internet Azure Cloud LB TDS (tcp) Applications use standard SQL client libraries: ODBC, ADO.Net, PHP, … Load balancer.

Application Internet Azure Cloud Internet Azure Cloud LB TDS (tcp) Applications use standard SQL client libraries: ODBC, ADO.Net, PHP, … Load balancer.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Module 8: Concepts of a Network Load Balancing Cluster

Module 8: Concepts of a Network Load Balancing Cluster
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.
VM Role (PaaS)Virtual Machine (IaaS) StorageNon-Persistent StoragePersistent Storage Easily add additional storage DeploymentBuild VHD offsite and upload.

VM Role (PaaS)Virtual Machine (IaaS) StorageNon-Persistent StoragePersistent Storage Easily add additional storage DeploymentBuild VHD offsite and upload.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google