Virtual machines (Cloud)

De Wiki1000

Overview

The Sage FRP 1000 for Cloud solution uses virtual machines (VM) to execute Sage FRP 1000 Services.

In the Cloud model implemented on this solution, a VM execute one and only one Sage FRP 1000 Service.

As general principles, a VM used in the Sage FRP 1000 Solution :

  • Is agnostic.
  • Has no user access.
  • Is volatile.

Sage FRP 1000 start up process

In a stand alone configuration, a Sage FRP 1000 Service (S1000) load its configuration from a local file. This start up process has several cons which prevent to use it a Cloud environment :

  • The configuration file must be provide on the local disk, this don't met the agnostic requirement
  • The configuration file contents sensitive information which may leaks if the VM is compromise.

For these reasons, the start up process in a Cloud environment has been replaced by a configuration sequence where the S1000 contacts the configuration server (PDS) to obtain its configuration file. As the PDS maintains a list of the existing VM with there associate role, it can provide the adequate configuration file.

This approach has several benefices :

  • The VM is agnostic.
  • The loading sequence is secure.
  • The VM has no sensitive information stored in its local storage
  • The configuration may be updated in a centralized approach.

The communication between the S1000 service and the PDS is protected :

  • The PDS identify the S1000 service by the DNS Name of VM.
  • The data returned by the PDS are encrypted by a 3Des master key (hard coded) shared by both the S1000 and the PDS.
  • The communication is over https.

Virtual machine deployment process

The virtual machines are deployed by the Provisioning service (PDS).

The PDS uses the Azure resource manager, the template used to create a new VM includes a boot script executed by the VM during the provisioning.

(This functionality is a custom script extension)

This script realizes :

  • Download of the last Sage FRP 1000 service binary package from an account storage blob of the PDS.
  • Installation of the package
  • Create a service configuration file which contains only the url on the PDS.

The service start up, read the configuration file and start the configuration sequence.

Virtual machine update

At the end of the configuration sequence, the PDS can provide an update script to be executed.

This script realizes :

  • Download of the last Sage FRP 1000 binary package from an account storage blob of the PDS.
  • Stop the service
  • Installation of the package
  • Restart the service

Front virtual machines

Back virtual machines

Récupérée de « http://wiki.sage.fr/index.php?title=Virtual_machines_(Cloud)&oldid=12385 »