Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Page Properties


Target release
Epic
Document status
Status
titleDRAFT
Document owner
Designer
Tech lead
Technical writers
QA


...

An isolated and independent copy of the OpenMethods cloud infrastructure.  A Shard contains three types of infrastructure elements:

  • Core Components - Application Manager, Redundant Cloud Gateways
  • Shared Versioned Components - Web MediaBar, Config Server, etc
  • Dedicated Versioned Components - HIS, QueueAdapter, etc

...

Architecture

Cloud Foundation

Shard Management Infrastructure

Image Removed

Deployment Ring Shared Infrastructure

Image RemovedImage Added

Putting it all Together

Image RemovedImage Added

AWS Network Design

...

  • Limited number of AWS resources (some can be increased, some can’t)
  • Avoid networking conflicts between AWS regions as well as customer networks
  • Consistent numbering for our various cloud shards (general population, GDPR, GovCloud, etc)
  • Ease automated assignment of networks
  • Support for two availability zones per region

Image Added


There are three types of VPCs we will be utilizing: Cloud Management VPC, Shard Management VPCs and Shard Service VPCs.  A single Cloud Management VPC holds the centralized cloud management services for the OpenMethods Cloud solution.  The Cloud Management VPC will occupy the 10.255250.0.0/16 address space.  Each cloud shard will have a single Shard Management VPC that hosts the common, centralized components that are shared between customers that reside in the shard.  An initial Class B network is dedicated to each shard.  The Shard Management VPC occupies the lower 8 Class C networks, which are split between two availability zones for redundancy.  The remaining address space is used for Shard Service VPCs to contain instances.  Additional Class B networks can be assigned to a Shard if more address space is needed.


Geography

AWS Region

Service VPC Id

Service VPC CIDR

Availability Zone A Subnet

Availability Zone B Subnet

1 – Development

N. Virginia (us-east-1)

1

10.254.8.0/21

10.254.8.0/22 (1019 hosts)

10.254.12.0/22

Mumbai (ap-south-1)

2

10.254.16.0/21

10.254.16.0/22

10.254.20.0/22

2 - General Population.253.25225122
Shard Networking

Shard Id

Base CIDR

Shard Management VPC CIDR

Availability Zone A Subnet

Availability Zone B Subnet

1 – Development

10.254249.0.0/16

10.249.0.0/21

10.254249.0.0/22 (1019 hosts)

10.254249.4.0/22

2 – Gen Pop

10.253248.0.0/16

10.248.0.0/21

10.248.0.0/22

10.253248.4.0/22

3 – GDPR

10.252247.0.0/16

10.247.0.0/21

10.247.0.0/22

10.252247.4.0/22

4 - GovCloud Canada?

10.251246.0.0/16

10.246.0.0/21

10.251246.40.0/22

The benefit of this approach allows you to tell that the server is in a Shard Management VPC and which shard it’s a member of just based on the server’s IP address.  An address that falls within 10.254.0.0-10.254.7.255 will always be a Shard Management VPC and the range of the third number will tell you which Shard Service VPC it belongs to, i.e 10.254.8.0 belongs to Shard 1 North Virginia.

The second type of VPC we will use is a Shard Service VPC.  Shard Service VPCs will host the services related to specific customers and the IPSec connectivity needed to communicate with any on premise CTI or data endpoints.  Each shard will have any number of service VPCs distributed around the globe.  As with Shard Management VPCs, Shard Service VPCs belong to a single cloud shard and are not shared.  The full service VPC address space is laid out below with grey rows not being implemented today but may be in the future:

10.246.4.0/22

5 - GovCloud10.245.0.0/1610.245.0.0/2110.245.0.0/2210.245.4.0/22


00000000 00000000 00001000 00000000


The benefit of this approach allows you to tell that the server is in a Shard Management VPC and which shard it’s a member of just based on the server’s IP address.  An address that falls within 10.249.0.0-10.249.7.255 will always be a Shard Management VPC and the range of the third number will tell you which Shard Service VPC it belongs to, i.e 10.249.8.0 belongs to Shard 1 North Virginia.


The second type of VPC we will use is a Shard Service VPC.  Shard Service VPCs will host the services related to specific customers and the IPSec connectivity needed to communicate with any on-premise CTI or data endpoints.  Each shard will have any number of service VPCs distributed around the globe.  As with Shard Management VPCs, Shard Service VPCs typically belong to a single cloud shard and are not shared.  However, in the case of internal development, QA, and training environments the underlying VPCs and services are shared between these logical Shards.  The full service VPC address space is laid out below with grey rows not being implemented today but may be in the future:


Geography

AWS Region

Service VPC Id

Service VPC CIDR

Availability Zone A Subnet

Availability Zone B Subnet

1 – Dev/QA/Train

N. Virginia (us-east-1)

1

10.

253

249.8.0/21

10.

253

249.8.0/22 (1019 hosts)

10.

253

249.12.0/22

Ohio

Mumbai (

us

ap-

east

south-

2

1)

2

10.

253

249.16.0/21

10.

253

249.16.0/22

10.

253

249.20.0/22

N California
2 - General PopulationN. Virginia (us-
west
east-1)
3
110.
253
248.
24
8.0/2110.
253
248.
24
8.0/22 (1019 hosts)10.
253
248.
28
12.0/22
3 - GDPRParis (eu-west-3)1

Singapore (ap-southeast-1)210.
252
248.
8
16.0/2110.
252
248.
8
16.0/22
(1019 hosts)
10.
252
248.
12N. Virginia
20.0/22
4 - Gov Cloud

N California (us-west-1)310.248.24.0/2110.248.24.0/2210.248.28.0/22

Ohio (us-east-
1
2)
1
410.
251
248.
8
32.0/2110.
251
248.
8
32.0/22
(1019 hosts)
10.
251
248.
12
36.0/22

...

3 - GDPRParis (eu-west-3)110.247.8.0/2110.247.8.0/22 (1019 hosts)10.247.12.0/22
4 - CanadaN. Virginia (us-east-1)110.246.8.0/2110.246.8.0/22 (1019 hosts)10.246.12.0/22
5 - XYZ




User interaction and design

...