This is the vegaweb application structure, either in mobile-app or website version
The components included in the "Customer network" rectangle are usually che customer machines (on-premise or cloud). The communication between the "Customer network" and the other servers is always through an ipsec tunnel or another "secure" media (some of the protocols can not be encrypted, depending on the enabled functions or the software releases in use on the VEGA machines).
The icons in the graph do represent "roles" and not "machines". In some cases 2 or more roles could be running on a single machine (physical or virtual).
Here is a detail of the roles:
VEGA database
This is the Oracle server with the customer VEGA database. It doesn't require any change else some configuration for the connection to the vegaweb database.
Vegaweb2
This is one of the VEGA client applications. Its main roles are the syncronization-services monitor and the order-confirmation emails enqueue.
WVservices2
Depending on the vegaweb options chosen, there could be the need to start some other VEGA client applications i.e. WVServices2 and/or VegaREST. Their scope is to give real-time updates to the web application.
VEGAWEB database
This is the Oracle database containing a partial-replica of the VEGA contents. It's usually installed on a external datacenter, to ensure maximum availability to the application, even if the VEGA server is down (for updates, line issues, failures).
Vegaweb REST server
This is the core component of the vegaweb infrastructure. It's a weblogic application server running java apps who manage the communication between the front-end (mobile app and/or website) and the vegaweb database.
Vegaweb site front-end
This is the website with responsive interface the users will use from a web browser.
Vegaweb application deploy
Customer network:
The "Customer network" components usually don't require structural changes.
The WVservices2 and Vegaweb2 are usually run on one of the customer's syncpalmari machines, so they do not require new servers. Check with customer what machine he prefer to use, explaining that it should have a static (private) ip address to be reachable from the "Vegaweb REST server" via vpn or firewall rules.
VEGAWEB network:
All of the other roles will be run on a datacenter network but they will be mostly safe because only a small subset of the services will be exposed on the Internet.
The communication between the components will be limited to the following flows:
src | dst | proto | port | media | Scope | Note |
Digisoft | VEGAWEB database | tcp | 22 | vpn tunnel | ssh access for configuration | |
Digisoft | VEGAWEB database | tcp | 1521 | vpn tunnel | Database access | |
Digisoft | VEGAWEB REST | tcp | 22 | vpn tunnel | ssh access for configuration | |
Digisoft | VEGAWEB REST | tcp | 7001 | vpn tunnel | weblogic console | |
Digisoft | VEGAWEB REST | tcp | 7003-7010 | vpn tunnel | weblogic managed servers | |
Digisoft | VEGAWEB Front-end | tcp | 3389 | vpn tunnel | RDP access for configuration | |
VEGA database | VEGAWEB database | tcp | 1521 | vpn tunnel/DMZ rules | Database syncronization | |
VEGAWEB REST | VEGAWEB database | tcp | 1521 | vpn tunnel/DMZ rules | Database access | |
VEGAWEB REST | WVServices2 | tcp | 8095-8099 | vpn tunnel/DMZ rules | VEGA RemObject and REST communication | |
VEGAWEB Front-end | VEGAWEB REST | tcp | 443 | vpn tunnel/DMZ rules | VEGAWEB REST communication | |
all | VEGAWEB REST | tcp | 80 | Public IP/NAT | public http access (redirect to https) | WAF/IPS |
all | VEGAWEB REST | tcp | 443 | Public IP/NAT | public https access (mobile app) | WAF/IPS |
all | VEGAWEB Front-end | tcp | 80 | Public IP/NAT | public http access (redirect to https) | WAF/IPS |
all | VEGAWEB Front-end | tcp | 443 | Public IP/NAT | public https access (website) | WAF/IPS |
In addition, the VEGAWEB machines will need to access the Internet to download updates and, in some deployments, to send emails.
VEGAWEB server
Depending on the customer size and requirements we will opt for a partially/totally shared infrastructure or for dedicating a machine for one or more roles.
Many small customers can share a database server, a REST server and a front-end machine while bigger companies need dedicated machines for same or all of the roles.
Digisoft is offering dedicated and shared cloud servers for any roles but the customer can decide to use its own machines. In this case the customer will provide the servers and the network configurations and he will manage the infrastructure (OS updates, IPS filter check, service monitoring, etc). Digisoft will configure the applications on the provided machines and will update the components when needed. We will need administrative rights on the machines to be able to configure them.
If the customer will choose Digisoft managed hosting, we will plan the infrastructure depending on the customer size and needs (basically, how many roles can be shared or will have to be dedicated). The servers will be hosted on a high-available cloud datacenter and managed by digisoft. During the deploy phase, we will need the customer's IT assistance to establish the communication between the VEGA and the vegaweb machines. In case the firewalls are already managed by Digisoft, we will be autonomous in all of the deploy phases.
In case of installation on customer's machines there will not be the option to share dht servers so the vegaweb infrastructure can be deployed on 2 machines (except for very specific needs):
Server | OS | vCPU | RAM (GB) | Storage (GB) | Note |
VegaWEB DB e REST | Oracle Linux 7.x | 2 | 8 | 100 | Esegue i ruoli DB e rest |
VegaWEB Front-End | Windows server | 2 | 4 | 60 | Esegue il ruolo front-end |
.
Add Comment