-
Notifications
You must be signed in to change notification settings - Fork 0
/
deployment-planning.html
161 lines (150 loc) · 13.4 KB
/
deployment-planning.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.7.4 at 11 Mar 2017
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20170311" />
<meta http-equiv="Content-Language" content="en" />
<title>Fine Grained Service Monitoring System – Deployment Planning</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.6.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<script type="text/javascript" src="./js/apache-maven-fluido-1.6.min.js"></script>
</head>
<body class="topBarDisabled">
<a href="https://github.com/mil-oss/fgsms">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_green_007200.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left"><a href="http://mil-oss.org/" id="bannerLeft"><img src="images/mil-oss-logo.png" alt="Fine Grained Service Monitoring System"/></a></div>
<div class="pull-right"><div id="bannerRight"><img src="images/fgsms_logo_small.png" /></div>
</div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li id="projectVersion">Version: 7.0.0<span class="divider">|</span></li>
<li class=""><a href="https://www.mil-oss.org" class="externalLink" title="MIL-OSS">MIL-OSS</a><span class="divider">/</span></li>
<li class="active ">Deployment Planning</li>
<li id="publishDate" class="pull-right">Last Published: 11 Mar 2017</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li><a href="index.html" title="Project Information"><span class="none"></span>Project Information</a> </li>
<li><a href="index2.html" title="Welcome"><span class="none"></span>Welcome</a> </li>
<li><a href="whitepaper.html" title="Whitepaper"><span class="none"></span>Whitepaper</a> </li>
<li><a href="architecture.html" title="Architecture"><span class="none"></span>Architecture</a> </li>
<li><a href="quickstart.html" title="Quick Start"><span class="none"></span>Quick Start</a> </li>
<li class="active"><a href="#"><span class="none"></span>Deployment Planning</a>
</li>
<li><a href="deployserver.html" title="Deploying the Server"><span class="none"></span>Deploying the Server</a> </li>
<li><a href="agentmatrix.html" title="Agent Matrix"><span class="none"></span>Agent Matrix</a> </li>
<li><a href="deployagent.html" title="Deploying Agents"><span class="none"></span>Deploying Agents</a> </li>
<li><a href="user.html" title="User Guide"><span class="none"></span>User Guide</a> </li>
<li><a href="reporting.html" title="Reports and data access"><span class="none"></span>Reports and data access</a> </li>
<li><a href="security.html" title="Security Guide"><span class="none"></span>Security Guide</a> </li>
<li><a href="permissions.html" title="Access Control"><span class="none"></span>Access Control</a> </li>
<li><a href="federation.html" title="Data Federation"><span class="none"></span>Data Federation</a> </li>
<li><a href="news.html" title="News"><span class="none"></span>News</a> </li>
<li><a href="sdk.html" title="SDK"><span class="none"></span>SDK</a> </li>
<li><a href="specs.html" title="Specs/ICD"><span class="none"></span>Specs/ICD</a> </li>
<li><a href="committer.html" title="Committers"><span class="none"></span>Committers</a> </li>
<li><a href="faq.html" title="FAQ"><span class="none"></span>FAQ</a> </li>
<li class="nav-header">Modules</li>
<li><a href="apache-tomcat/index.html" title="Pre-Configured Apache Tomcat"><span class="none"></span>Pre-Configured Apache Tomcat</a> </li>
<li><a href="apache-juddi/index.html" title="Pre-Configured Apache Juddi"><span class="none"></span>Pre-Configured Apache Juddi</a> </li>
<li><a href="fgsms-common-interfaces/index.html" title="fgsms Interfaces WS Stubs and Schema Bindings Generated from WSDL"><span class="none"></span>fgsms Interfaces WS Stubs and Schema Bindings Generated from WSDL</a> </li>
<li><a href="fgsms-common/index.html" title="fgsms Common"><span class="none"></span>fgsms Common</a> </li>
<li><a href="fgsms-agents/index.html" title="fgsms Embedded Agents"><span class="none"></span>fgsms Embedded Agents</a> </li>
<li><a href="fgsms-ws-notification/index.html" title="fgsms WS-Notification Parent"><span class="none"></span>fgsms WS-Notification Parent</a> </li>
<li><a href="fgsms-server/index.html" title="fgsms Server"><span class="none"></span>fgsms Server</a> </li>
<li><a href="fgsms-cli/index.html" title="fgsms Command Line Interface"><span class="none"></span>fgsms Command Line Interface</a> </li>
<li><a href="fgsms-samples/index.html" title="fgsms Examples Packages"><span class="none"></span>fgsms Examples Packages</a> </li>
<li><a href="fgsms-dist/index.html" title="fgsms Distribution"><span class="none"></span>fgsms Distribution</a> </li>
<li><a href="fgsms-netagent/index.html" title="fgsms.Net Components"><span class="none"></span>fgsms.Net Components</a> </li>
<li class="nav-header">Project Documentation</li>
<li><a href="project-info.html" title="Project Information"><span class="icon-chevron-right"></span>Project Information</a> </li>
<li><a href="project-reports.html" title="Project Reports"><span class="icon-chevron-right"></span>Project Reports</a> </li>
</ul>
<form id="search-form" action="https://www.google.com/search" method="get" >
<input value="https://mil-oss.github.io/" name="sitesearch" type="hidden"/>
<input class="search-query" name="q" id="query" type="text" />
</form>
<script type="text/javascript">asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
<hr />
<div id="poweredBy">
<div class="clear"></div>
<div class="clear"></div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /></a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Deployment Planning</h1>
<p>In order to plan out a successful deployment of FGSMS, you should use the following guidelines for making several key decisions prior to attempting a deployment of FGSMS.</p>
<div class="section">
<h2><a name="Scaling"></a>Scaling</h2>
<p>FGSMS is designed to be scalable for all web facing components, specifically, the web interface, agents, and services.</p>
<p>Database scaling such as clustering is supportable via out of the box solutions for PostreSQL. Database mirroring or failover capabilities is also supported by all components, however the database administrator is responsible for the configuration of such a scenario and is not covered in this guide. This configuration is referred to as “Secondary” database connections.</p>
<p>For transactional services, FGSMS’s Data Collector Service is by far the busiest and is thus a critical component for keeping all of the agents operational. It is included within the FGSMS.Services.war file. There are many different parameters that determine the expected quantity of web service transactions. In general, FGSMS’s DCS can write data to the database at approximately 28ms per transaction (message logging off) on a conventional hard drive.</p>
<p>FIXME - we now have automated benchmarking. Quick summary from the last check - Alex’s dev environment - Java Data Collector + Java Web service agent (fgsms.AgentCore.jar) with the Java Message Processor was able to transmit and record about 1400 transactions per second on the high end. This was on an 8 core machine, Windows 10, 8 GB ram, with a reasonably priced solid state drive. All components were running on the same machine. - Travis CI’s dev environment - Java Data Collector + Java Web service agent (fgsms.AgentCore.jar) with the Java Message Processor was able to transmit and record about 400 transactions per second on the high end. This was on Travis CI’s virtual machine, which was last known to to run on Amazon Web Services with 4 CPU cores and 3GB ram. Hardware details are unknown.</p>
<p>These figures are a highly dependent on the server’s capabilities.</p></div>
<div class="section">
<h2><a name="Authentication_scenarios"></a>Authentication scenarios</h2>
<p>FGSMS’s components support two different authentication scenarios to meet most operational and demonstrative needs (CAC/PKI, and Username/Password). The following sections outline the basics of each scenario to help you (the person integrating FGSMS into your infrastructure) decide which is the most appropriate. </p>
<p>Due to the distributed nature of FGSMS, the following authentication links must be satisfied:</p>
<ul>
<li>Your web browser to Web Interface</li>
<li>Web Interface to Web Services</li>
<li>Agents to Web Services</li>
</ul>
<p>Whichever the authentication mode you select, it must be homogenous across all FGSMS components within each realm. This means that all agents, services, web gui, and services must be configured to run in the same authentication mode (auxiliary services are not affected by this).</p>
<p>Note, it is possible to have one collection of FGSMS components running CAC/PKI and another collection running Username/Password, each sharing the same databases. </p></div>
<div class="section">
<h2><a name="Common_Access_Card_and_Public_Key_Infrastructure_CAC_and_PKI"></a>Common Access Card and Public Key Infrastructure (CAC and PKI)</h2>
<p>FGSMS runs in Tomcat/Jboss and therefore in order to use CAC/PKI authentication, the following conditions must be met. All connections to Tomcat/Jboss must be SSL All connections to Tomcat/Jboss must require a client certificate The preconfigured Tomcat/Jboss included with FGSMS’s distribution package has port 8443 for SSL and port 8888 for non-SSL access, configured for username and passwords.</p>
<p>FGSMS’s Web GUI must be reconfigured for both logins to the GUI and for logins to the services by editing the web.xml and jboss-web.xml files AND /META-INF/config.properties file.</p>
<p>FGSMS’s Web Services must be reconfigured for CAC/PKI by editing the web.xml and jboss-web.xml files.</p>
<p>FGSM’s Java agents use the file FGSM.AgentCore.jar, it must also be updated when changing authentication modes.</p>
<p>All referenced files include samples and comments within the specific configuration files.</p></div>
<div class="section">
<h2><a name="Username_and_Password"></a>Username and Password</h2>
<p>FGSMS runs in Tomcat/Jboss and therefore Username and Password authentication can be enabled by any login module for Tomcat/Jboss that enables HTTP BASIC authentication over SSL. User stores can be LDAP, a SQL database or a properties file (or any other Tomcat/Jboss supported authentication mechanism). HTTP BASIC is requirement. User credential verification happens at the FGSMS Services WAR file.</p>
<p>Why is basic required? Simply because most SOAP frameworks do not support it, unfortunately.</p>
<p>FGSMS’s Web GUI must be reconfigured for both logins to the GUI and for logins to the services by editing the web.xml and jboss-web.xml files AND /META-INF/config.properties file.</p>
<p>FGSMS’s Web Services must be reconfigured for CAC/PKI by editing the web.xml and jboss-web.xml files.</p>
<p>FGSMS’s agent configuration files must also be updated when changing authentication modes. .NET Agents use a similar configuration file.</p>
<p>All referenced files include samples and comments within the specific configuration files.</p>
<h1>Scaling FGSMS for high availability</h1>
<p>FGSMS can scale as wide as it needs to be with a few exceptions. The primary component is the database and as such, it is the most important part to consider when up scaling FGSM. Mirroring (failover) and clustering is supported.</p>
<p>The all of the components of FGSMS can be scaled and/or load balanced through several different mechanisms.</p>
<ul>
<li>Database, FGSMS supports both primary and failover/mirroring configurations</li>
<li>Web Services, multiple instances of the web services can be setup of different Jboss servers. In addition, FGSMS’s agents support several different algorithms which support accessing multiple URLs for FGSMS’s web services.</li>
<li>Web GUI, multiple instances of the Web GUI can be setup on different application servers.</li>
<li>Auxiliary Services (bundled within the Service war), multiple instances of the Auxiliary Services war can be setup of different app servers so long as their instances have the Quartz engine configured for clustering. See the Quartz user’s guide</li>
</ul></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
</div>
</div>
</footer>
</body>
</html>