sesanv_group_feb2015_kms2cloud v03
Post on 25-Jul-2015
103 Views
Preview:
TRANSCRIPT
SESA NVH2020 Hearten – KMS to the Cloud integration
Riccardo Pelliccioli
Giovanni Salvia
5 February 2015
Scope and Challanges
The main scope for the Cloud Platform is to be continuously reachable and available for the authorized persons
independently from their geolocalization, time zone and source.
To achieve this we must keep in our minds the following aspects:
Global Reachability - the platform must be accessible from the public network (Internet)
Security - just authorized people must gain the access from different PoA (Point of Access) to the platform
in a secure way (encryption)
Scalability - the platform must be able to start little and grow up in a short timeframe without service
interruption
Resiliency - the platform must provide and maintain an acceptable level of service in the face of faults
and challenges to normal operation
High Availability - every platform component must be redundant
Monitoring - the platform monitoring (fault and resource) will permit an optimized usage and will shorten
the timeframe of intervention in case of needs
Data Center Localization
The platform will be hosted in one of our
partner (that is one of the biggest European
and International players) Data Center in
Roubaix or Strasbourg
Global Network Connectivity
2000Gpbs Europe Network
500Gbps America Network
Asia Network (Work in Progress)
Hearten Infrastructure
The target Platform to deliver the Hearten Project and Infrastructure will be a Dedicated Cloud Platform. This
means we’ll have:
Dedicated Compute Resource - all the workloads will be delivered on-top of a dedicated cluster built on
standard virtualization technologies such as VMWare vSphere
Dedicated Storage Resurce - the vSphere cluster will use one or more dedicated and Redunant Data
Stores connected through a dedicated network (NAS/SAN)
Public Network - the platform will have a RIPE/28 - 16 IPs reserved Public IPv4 Addresses (5 address will
be reserved for management purpose) and 1.5Gbps of Guaranteed bandwidth
Private Network - the platform will have a dedicated Distributed Virtual Switch with one VLAN (across the
cluster) with up to 10Gbps internal connectivity (between Hearten virtual servers and components)
Scalability - it will be possible to add/remove resources (ex. Compute nodes, disk capacity) at any time
without service interruption
Hearten Startup Infrastructure
2 x Hypervisor Hosts
2 x 64bit Intel/AMD CPUs (16 Cores total)
64 GB Ram
2 x 10GbE Network
2 x 300GB Disk
Redundant connectivity to the hosts
vSphere main features
High Availability
vMotion and Storage vMotion
DRS
1 x Distributed Virtual Switch
Thin Provisioning
Hearten Infrastructure Security
An important aspect for the platform due of the sensitiviness of the managed data is the security; security will be achieved through
the following technologies
Data flow
All the data between devices and cloid platform will be exchanged in encrypted connections (ex: SSL, TLS, etc TBD with the
team)
Just allowed devices/person will be accepted
Web Access
The web and portal access will be available through https connection only (SSL/TLSv1); http connections will be redirected
to https
Just authorized and registered users will have access to the portal through authentication
Administrative Access
VPN access through named user (ex: SSL VPN, OpenVPN, RADIUS, LDAP, etc)
Physical Access
The fisical access to the Data Center is under Provider rules and responsability (details are available in case of needs)
Hearten Platform – High Level Design – 10.000 FT
3 Layers Architecture
Access Layer
Data interception
Frontend for the users (Doctors, patients, etc.)
Frontend for the admins
Processing Layer
Statistical Engine
Integration
Data Layer
Pre-processed data
Post-processed data
Data Indexing
Hearten Platform – Low Level Design - Draft
Internet Network
Pubilc Network
Virtualization Layer
Access Layer
Processing Layer
Data Layer
Physical Layer
Hypervisor
KVM
Low Level Management
Hearten Platform – Data Flow and External Interaction/Integration
Data Flow
Outgoing/Incoming
Web Portal for Users
Web Portal for Admins
mHealth App
Outgoing
SMS Notifications
Internal
DB/Indexing
Server
Client
Timing
Q&A
riccardo.pelliccioli@sesanv.comgiovanni.salvia@sesanv.com
top related