Page Properties | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
An isolated and independent copy of the OpenMethods cloud infrastructure. A Shard contains three types of infrastructure elements:
- Core Components - Application Manager, Redundant Cloud Gateways
- Shared Versioned Components - Web MediaBar, Config Server, etc
- Dedicated Versioned Components - HIS, QueueAdapter, etc
...
Architecture
Cloud Foundation
Shard Management Infrastructure
Deployment Ring Shared Infrastructure
Putting it all Together
AWS Network Design
...
- Limited number of AWS resources (some can be increased, some can’t)
- Avoid networking conflicts between AWS regions as well as customer networks
- Consistent numbering for our various cloud shards (general population, GDPR, GovCloud, etc)
- Ease automated assignment of networks
- Support for two availability zones per region
There are three types of VPCs we will be utilizing: Cloud Management VPC, Shard Management VPCs and Shard Service VPCs. A single Cloud Management VPC holds the centralized cloud management services for the OpenMethods Cloud solution. The Cloud Management VPC will occupy the 10.255250.0.0/16 address space. Each cloud shard will have a single Shard Management VPC that hosts the common, centralized components that are shared between customers that reside in the shard. An initial Class B network is dedicated to each shard. The Shard Management VPC occupies the lower 8 Class C networks, which are split between two availability zones for redundancy. The remaining address space is used for Shard Service VPCs to contain instances. Additional Class B networks can be assigned to a Shard if more address space is needed.
AWS Region
Service VPC Id
Service VPC CIDR
Availability Zone A Subnet
Availability Zone B Subnet
N. Virginia (us-east-1)
1
10.254.8.0/21
10.254.8.0/22 (1019 hosts)
10.254.12.0/22
Mumbai (ap-south-1)
2
10.254.16.0/21
10.254.16.0/22
10.254.20.0/22
Shard Networking | |||||
---|---|---|---|---|---|
Shard Id | Base CIDR | Shard Management VPC CIDR | Availability Zone A Subnet | Availability Zone B Subnet | |
1 – Development | 10.254249.0.0/16 | 10.249.0.0/21 | 10.254249.0.0/22 (1019 hosts) | 10.254249.4.0/22 | |
2 – Gen Pop | 10.253248.0.0/16 | 10 | .253.248.0.0/21 | 10.248.0.0/22 | 10.253248.4.0/22 |
3 – GDPR | 10.252247.0.0/16 | 10 | .252.247.0.0/21 | 10.247.0.0/22 | 10.252247.4.0/22 |
4 - GovCloud Canada? | 10.251246.0.0/16 | 10. | 251246.0.0/ | 2221 | 10.251246.40.0/22 |
The benefit of this approach allows you to tell that the server is in a Shard Management VPC and which shard it’s a member of just based on the server’s IP address. An address that falls within 10.254.0.0-10.254.7.255 will always be a Shard Management VPC and the range of the third number will tell you which Shard Service VPC it belongs to, i.e 10.254.8.0 belongs to Shard 1 North Virginia.
The second type of VPC we will use is a Shard Service VPC. Shard Service VPCs will host the services related to specific customers and the IPSec connectivity needed to communicate with any on premise CTI or data endpoints. Each shard will have any number of service VPCs distributed around the globe. As with Shard Management VPCs, Shard Service VPCs belong to a single cloud shard and are not shared. The full service VPC address space is laid out below with grey rows not being implemented today but may be in the future:
10.246.4.0/22 | ||||
5 - GovCloud | 10.245.0.0/16 | 10.245.0.0/21 | 10.245.0.0/22 | 10.245.4.0/22 |
00000000 00000000 00001000 00000000
The benefit of this approach allows you to tell that the server is in a Shard Management VPC and which shard it’s a member of just based on the server’s IP address. An address that falls within 10.249.0.0-10.249.7.255 will always be a Shard Management VPC and the range of the third number will tell you which Shard Service VPC it belongs to, i.e 10.249.8.0 belongs to Shard 1 North Virginia.
The second type of VPC we will use is a Shard Service VPC. Shard Service VPCs will host the services related to specific customers and the IPSec connectivity needed to communicate with any on-premise CTI or data endpoints. Each shard will have any number of service VPCs distributed around the globe. As with Shard Management VPCs, Shard Service VPCs typically belong to a single cloud shard and are not shared. However, in the case of internal development, QA, and training environments the underlying VPCs and services are shared between these logical Shards. The full service VPC address space is laid out below with grey rows not being implemented today but may be in the future:
Geography | AWS Region | Service VPC Id | Service VPC CIDR | Availability Zone A Subnet | Availability Zone B Subnet |
---|---|---|---|---|---|
1 – Dev/QA/Train | N. Virginia (us-east-1) | 1 | 10. |
249.8.0/21 | 10. |
249.8.0/22 (1019 hosts) | 10. |
249.12.0/22 |
Mumbai ( |
ap- |
south- |
1) | 2 | 10. |
249.16.0/21 | 10. |
249.16.0/22 | 10. |
249.20.0/22 |
2 - General Population | N. Virginia (us- |
---|
east-1) |
1 | 10. |
248. |
8.0/21 | 10. |
248. |
8.0/22 (1019 hosts) | 10. |
248. |
12.0/22 |
Singapore (ap-southeast-1) | 2 | 10. |
248. |
16.0/21 | 10. |
248. |
16.0/22 |
10. |
248. |
20.0/22 |
N California (us-west-1) | 3 | 10.248.24.0/21 | 10.248.24.0/22 | 10.248.28.0/22 |
Ohio (us-east- |
2) |
4 | 10. |
248. |
32.0/21 | 10. |
248. |
32.0/22 |
10. |
248. |
36.0/22 |
...
3 - GDPR | Paris (eu-west-3) | 1 | 10.247.8.0/21 | 10.247.8.0/22 (1019 hosts) | 10.247.12.0/22 |
---|---|---|---|---|---|
4 - Canada | N. Virginia (us-east-1) | 1 | 10.246.8.0/21 | 10.246.8.0/22 (1019 hosts) | 10.246.12.0/22 |
5 - XYZ |
User interaction and design
...