Inf-unit kit, and why it can or can't be virtualised

Network

  • site infrastructure: fundamental to site bootstrapping and configuration; real hardware to avoid circular dependencies; needs good disc bandwidth
  • site external routers: traffic levels and required latencies are such that real hardware is needed; interrupt balancing is required; standby for site infrastructure, so same requirements
  • site network services: also act as backup routers
  • site external nameservers: potentially virtualisable, though with a loss of routing resilience; two are extntpN.inf, so VMs would be less appropriate; two are already VMs
  • (All these machines cross-mirror several times per day to ensure network configuration details are safe and available.)

Consoles

  • main SR console servers: fundamental to logging, and bootstrapping; avoid circular dependencies
    • KB console server is also KB network services server
  • SMSR console server: currently none, but could be recreated as a VM.

Logging

  • loghost: best as a totally standalone machine to minimise dependencies on anything else

Monitoring

  • primary: real machine for maximal robustness and minimal dependencies
  • secondary: is already a VM
  • jabber: no longer ours; has in fact been virtualised in the past, but that configuration was reversed when a decision was taken that the service was an important infrastructural one (in particular in its Nagios alerting role) which required minimal dependencies.
  • env.XX.net are already VMs

Authentication

  • inf KDCs: real machines to minimise dependencies and maximise security; might make sense to virtualise the Forum and AT slaves, and keep the master and KB slave (DR master) as real machines
  • KCAs: co-located with slave KDCs, otherwise could probably have been virtualised
  • cosign: ??? wary of virtualisation
  • iFriend KDCs: co-located with cosign, otherwise could probably be virtualised

Directory

  • LDAP master: wary of virtualisation due to potential circular dependencies; load?
  • LDAP slaves: same as master, as they may need to be promoted; but..
  • LDAP VM slaves: added as required for performance

Prometheus

  • Already virtualised

-- GeorgeRoss - revised June 2020

Topic revision: r5 - 24 Jun 2020 - 14:34:31 - GeorgeRoss
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies