Inf-unit kit, and why it can or can't be virtualised

Network

  • site infrastructure: fundamental to site bootstrapping and configuration; real hardware to avoid circular dependencies
  • site external routers: traffic levels and required latencies are such that real hardware is needed; standby for site infrastructure, so same requirements
  • site network services: also act as backup routers
  • site external nameservers: potentially virtualisable, though with a loss of routing resilience
  • (All these machines cross-mirror several times per day to ensure network configuration details are safe and available.)

Consoles

  • main SR console servers: fundamental to logging, and bootstrapping; avoid circular dependencies
    • KB console server is also KB network services server
  • SMSR console server: is already virtualised, (as VM 'peigne' on Forum KVM host jubilee.)

Logging

  • loghost: best as a totally standalone machine to minimise dependencies on anything else

Monitoring

  • primary: real machine for maximal robustness and minimal dependencies
  • secondary: could be virtualised, but needs (†) to be at AT where there is currently no official KVM service.
    († Certainly, cannot be located in the Inf Forum. Location at KB is an option, but would increase the risk of cascades of alerts in times of network disruption.)
  • jabber: has in fact been virtualised in the past, but that configuration was reversed when a decision was taken that the service was an important infrastructural one (in particular in its Nagios alerting role) which required minimal dependencies.

Authentication

  • inf KDCs: real machines to minimise dependencies and maximise security
  • KCAs: co-located with slave KDCs, otherwise could probably have been virtualised
  • cosign: ??? wary of virtualisation
  • iFriend KDCs: co-located with cosign, otherwise could probably be virtualised

Directory

  • LDAP master: wary of virtualisation due to potential circular dependencies; load?
  • LDAP slaves: same as master, as they may be promoted

Prometheus

  • master: could maybe be left virtualised??

-- GeorgeRoss - 29 Nov 2012

Topic revision: r3 - 30 Nov 2012 - 14:57:38 - GeorgeRoss
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies