Lixivial/isms_production_diagram.txt

## isms_production_diagram.txt
iSMS Production Diagram

This diagram is a fairly straightforward load balanced web tier with a clustered database tier scenario. Since our usage expectations can be modeled and predicted there is little need for a distinct hardware load balancer resident between web and database tiers. I think we can generally trust the SQL Server controller node(s) to sufficiently route db traffic to the correct partitioned cluster. Since elasticity is not a primary concern, session coherence will be managed with sticky sesssions on the load balancers. The prevailing requirement on the web, database (and likely domain controller) servers is that it'll be running Windows. The mail relays may be Linux-based running sendmail or postfix.

All connections to public-facing infrastructure -- whether they be over HTTPS or LDAPS -- are restricted to Scholarship America public IP addresses. This can be achieved either at each constituent endpoint (web and backup domain controller) or directly via the VPN box. Our eapp environment currently handles it at the constituent endpoints (web). Additionally, even though the connections are made over SSL-backed channels (HTTPS and LDAPS), all connections are wrapped in an IPSEC VPN connection. This will mean that our VPN box must be of sufficient capacity to handle the number of connections we'll be making.

The connection between the Primary Domain Controller hosted at Scholarship America and the Backup Domain Controller hosted at the data center is one of a standard PDC->BDC relationship, whereby updates on the PDC are published to the BDC as they are made. The assumption is that the BDC will be Active Directory, but a Samba and OpenLDAP server may be used in place of this. The assumption is also that one will be sufficient; I don't think a forest of BDC's will be necessary.

Finally, we have a dedicated set of servers to handle all mail relaying in the form of the mail relays (only one is outlined). We will use these relays to manage our own mail queue and then publish to whichever external relay is provided to us; this may even include routing the mail back over the VPN and routing it over SA-managed public relays. This allows us flexibility in switching mail providers without the pain of updating code.


      ____________                    ___________________
     /            \                  /                   \
     |  SA Users  <- HTTPS    LDAPS -> SA Primary        |
     \____________/    |        |    | Domain Controller |
                       |        |    \___________________/
                     __|________|___
                    /               \
                    |  IPSEC VPN    |
                    |  connection   ------------------------------------+
                    \__|____________/                                   |
                       |                                                |
   ____________________|____________________________________________    |
  /                    |                                            \   |
  |             _______v_______________            iSMS Environment |   |
  |            /                       \                  prod.isms |   |
  |            |         Load Balancer |                            |   |
  |            |  with sticky sessions |                            |   |
  |            |                1.lb.  |                            |   |
  |            \_______________________/                            |   |
  |                         ^                                       |   |
  |     ____________________|_________________                      |   |
  |    /                    |                 \                     |   |
  |    |                    |    web cluster  |                     |   |
  |    |                    |                 |                     |   |
  |    |    +---------------+~ ... ~+         |                     |   |
  |    |    |           |           |         |                     |   |
  |    |    | +---------|-+---------|-+------- LDAPS ----+++        |   |
  |    |    | |         | |         | |       |          |||        |   |
  |    |    v v         v v         v v       |       ___vvv_____   |   |
  |    |  web-1       web-2       web-n       |      /           \  |   |
  |    |  ^   ^       ^   ^       ^   ^       |      | local BDC |  |   |
  |    |  |   |       |   |       |   |       |      |   .auth.  <------+
  |    |  |   +-------|---+-------|---+---+   |      \___________/  |
  |    |  |           |           |       |   |                     |
  |    \__|___________|___________|_______|___/                     |
  |       +-----------+-----------+       |                         |
  |                     |               smtps     ______________    |
  |                   sqlsrv              |      /              \   |      _____________________________________
  |                     |                 +------>   mail relay |   |     /                                     \
  |           _________vvv___________     +------>  primary.mx. <- smtps -> postini or dc-supplied public relay |
  |          /                       \    +------>              |   |     \_____________________________________/
  |          |      database cluster |           \______________/   |
  |          | controller.sqlsrv.db. |                              |
  |          |         (undefined)   |                              |
  |          \_______________________/                              |
  |                                                                 |
  \_________________________________________________________________/
	iSMS Production Diagram

	This diagram is a fairly straightforward load balanced web tier with a clustered database tier scenario. Since our usage expectations can be modeled and predicted there is little need for a distinct hardware load balancer resident between web and database tiers. I think we can generally trust the SQL Server controller node(s) to sufficiently route db traffic to the correct partitioned cluster. Since elasticity is not a primary concern, session coherence will be managed with sticky sesssions on the load balancers. The prevailing requirement on the web, database (and likely domain controller) servers is that it'll be running Windows. The mail relays may be Linux-based running sendmail or postfix.

	All connections to public-facing infrastructure -- whether they be over HTTPS or LDAPS -- are restricted to Scholarship America public IP addresses. This can be achieved either at each constituent endpoint (web and backup domain controller) or directly via the VPN box. Our eapp environment currently handles it at the constituent endpoints (web). Additionally, even though the connections are made over SSL-backed channels (HTTPS and LDAPS), all connections are wrapped in an IPSEC VPN connection. This will mean that our VPN box must be of sufficient capacity to handle the number of connections we'll be making.

	The connection between the Primary Domain Controller hosted at Scholarship America and the Backup Domain Controller hosted at the data center is one of a standard PDC->BDC relationship, whereby updates on the PDC are published to the BDC as they are made. The assumption is that the BDC will be Active Directory, but a Samba and OpenLDAP server may be used in place of this. The assumption is also that one will be sufficient; I don't think a forest of BDC's will be necessary.

	Finally, we have a dedicated set of servers to handle all mail relaying in the form of the mail relays (only one is outlined). We will use these relays to manage our own mail queue and then publish to whichever external relay is provided to us; this may even include routing the mail back over the VPN and routing it over SA-managed public relays. This allows us flexibility in switching mail providers without the pain of updating code.


	____________ ___________________
	/ \ / \
	\| SA Users <- HTTPS LDAPS -> SA Primary \|
	\____________/ \| \| \| Domain Controller \|
	\| \| \___________________/
	__\|________\|___
	/ \
	\| IPSEC VPN \|
	\| connection ------------------------------------+
	\__\|____________/ \|
	\| \|
	____________________\|____________________________________________ \|
	/ \| \ \|
	\| _______v_______________ iSMS Environment \| \|
	\| / \ prod.isms \| \|
	\| \| Load Balancer \| \| \|
	\| \| with sticky sessions \| \| \|
	\| \| 1.lb. \| \| \|
	\| \_______________________/ \| \|
	\| ^ \| \|
	\| ____________________\|_________________ \| \|
	\| / \| \ \| \|
	\| \| \| web cluster \| \| \|
	\| \| \| \| \| \|
	\| \| +---------------+~ ... ~+ \| \| \|
	\| \| \| \| \| \| \| \|
	\| \| \| +---------\|-+---------\|-+------- LDAPS ----+++ \| \|
	\| \| \| \| \| \| \| \| \| \|\|\| \| \|
	\| \| v v v v v v \| ___vvv_____ \| \|
	\| \| web-1 web-2 web-n \| / \ \| \|
	\| \| ^ ^ ^ ^ ^ ^ \| \| local BDC \| \| \|
	\| \| \| \| \| \| \| \| \| \| .auth. <------+
	\| \| \| +-------\|---+-------\|---+---+ \| \___________/ \|
	\| \| \| \| \| \| \| \|
	\| \__\|___________\|___________\|_______\|___/ \|
	\| +-----------+-----------+ \| \|
	\| \| smtps ______________ \|
	\| sqlsrv \| / \ \| _____________________________________
	\| \| +------> mail relay \| \| / \
	\| _________vvv___________ +------> primary.mx. <- smtps -> postini or dc-supplied public relay \|
	\| / \ +------> \| \| \_____________________________________/
	\| \| database cluster \| \______________/ \|
	\| \| controller.sqlsrv.db. \| \|
	\| \| (undefined) \| \|
	\| \_______________________/ \|
	\| \|
	\_________________________________________________________________/