This page is holding information about requirements for service_name operations, in terms of required infrastructure and resources. RESPONSIBLE: Information provided here is initially populated by the development team (during the transition phase), and revised based on the need or in a yearly service check by service_name Service Manager. |
Infrastructure Requirements
Indicate requirements for VMs, grouping the requirements for multiple VMs in one column. Add as many columns as necessary, adding the sensible distinguisher for each group that will make it easier for later reference.
| VM requirements | add_distinguisher | add_distinguisher |
|---|---|---|
| Description of usage | development, test, uat and production VMs | |
| Number of VMs with same specification | 4 | |
| Hardware requirements (CPU, RAM, disk space) | 2 cores, 4GB RAM, 20GB HDD | |
| Network connection requirements | 1GB NIC |
|
| IP addressing requirements (IPv4, IPv6, public routable) | IPv4, IPv6 and public routable | |
Naming requirements1 | Yes, public resolvable |
| Other resource requirements | add_distinguisher | add_distinguisher |
|---|---|---|
| Indicate which ones together with their specifics |
Infrastructure hosting requirements
Hosting requirements | Applying to add_distinguisher | Applying to add_distinguisher |
|---|---|---|
Availability | 99% | |
Backup (what, frequency, retention period) | Backup of the VM is performed using the VEAM solution of the VMware. Additionally, backup of the configuration is performed using Puppet | |
Monitoring and alerting1 | Server liveliness including processes is performed using Nagios | |
Measuring and Reporting2 | Measuring and reporting is done using Nagios e-mail alerts, and alerts from the app itself when users submit rules (withdrawing, editing or creating) | |
Log retention3 | access, rule creation/edit/deletion, errors (6 months) | |
Security policy for access and usage4 | Reachable only from subscribed NRENs using ACLs, subscribed NRENs can only submit rules against their own IP space (as derived from RIPE and given AS set), only /29 subnets can be advertised to GÉANT network as destinations (FoD does not allow bigger), even if FoD wronlgly allows larger than /29 networks to be submitted iBGP import on the routers will block anything larger than /29, only up to 100 /29 flowspec rules can be submitted on the network |
1 At minimum network accessibility (outside of LAN) and hardware resource usage must be monitored. Indicate if some of this resources can be deemed critical so that adequate thresholds for alerting are implemented. Additional, indicate which specific applications uptime and operational health must be monitored and alerting implemented.
2Define what should be measured, how and with what period in order to deliver appropriate reporting relating to KPIs, usage, etc.
4Define the policy for limiting accessing to the infrastructure piece and where it should be implemented (system level, network level etc.)
System and Application maintenance requirements
System and Application Requirements | Applying to add_distinguisher | Applying to VM add_distinguisher |
|---|---|---|
Operating system | CentOS | |
Applications1 | gunicorn, beanstalkd, celeryd, django, python, ncclient, memcached, nxpy | |
| Maintenance hours2 | 20 hours per week - check for updates, respond to Nagios alerts, manage user request, audit firewalls | |
Configuration management3 |
1 List the applications installed on a system, and add corresponding licenses where applicable.
2 Define window appropriate for regular maintenance. /give some recommendations
3 Applies for automatized configuration management. Describe system used.
Human resources requirements
Indicate requirements both in skills and manpower needed, for personnel needed for devops team (that maintains service specific applications) and for L2 support.
Human resources requirements | add_distinguisher | add_distinguisher |
|---|---|---|
Description | ||
Manpower | 3 FTE | |
| Recommended number of persons (considering backups) | 6 | |
| Skills | flowspec, python, Linux, BGP, DDoS understanding |