client interfaces - high level design document · web viewauthor sally measures created date...

SERVICE NAME

Service Design Document (SDD) v8.2

Version: CHANGE ME: X:Y (Draft / Release)

ACRONYM : e.g. ARC CHANGE ME

GUIDANCE NOTE: The acronym is a unique 3 letter code as defined in the naming conventions which can be found here https://wiki.its.qmul.ac.uk/data-centre-services/naming_standards.

Author: CHANGE ME

Project: CHANGE ME

PURPOSE OF DOCUMENT

GUIDANCE NOTE: This Design Document is intended to capture all design aspects of a service and is not limited to the technical design. To achieve this the various types of information needed requires different roles to be accountable for the document parts. By all aspects of the service we only need to include those aspects that are provided by or supported by IT Services.

Non-Technical Input: Accountability for the completion of the ‘non-technical’ part of this document (everything up to and including section5) is with the FRM or Business Analyst. Contributors will be the Business Service Owner, the IT Service Owner and the ITS Service Management Function.

Accountability for the completion of this document from section 6 (Service Dependencies) is with the Business Analyst (or the equivalent role in place) working with the IT Services

https://wiki.its.qmul.ac.uk/data-centre-services/naming_standards

technical support teams. Those consulted will include the Business Service Owner, the ITS Service Owner, the IT Security Manager, the FRM and the IT Service Management Function.

Technical Input: Accountability for the completion of the ‘technical’ part of this document from section 9.6 (Solution Design Technical Details) to section 16 (Appendices) is with the Application Analyst.

General recommendations on how to complete this document:

Replace CHANGEME with appropriate text throughout.

Please remove all guidance notes in the Release version of this document (prior to DTL submission).

Please use the references, citations and cross references features of word throughout. These are found in the “REFERENCES” tab ribbon bar. Enter new citable items via “Manage Sources”. Hint: CTRL-A followed by F9 updates all citations and cross-references in the document.

Please use the set styles in the “HOME” tab ribbon bar. Please do not define custom font sections or sections of the document that do not use these set styles. If you wish to create a new additional style please do so.

Please do not remove any sections. If a section is not relevant for your application please enter N/A. The exception to this is Section 6.1. In this case please remove those technical dependencies that do not apply

If you wish to expand on any particular subject, unless stated otherwise, please do so in an appendix.

For versioning please use numbers <1 (e.g. 0.9) for draft. For minor changes increment the minor version number. For major changes or changes where there is no backward compatibility, please increment the major version number. Draft status documents should not be submitted to the DTL.

This document should be written after the DEV environment has been set up and understood. However, this is not expected in all cases.

GUIDANCE NOTE: Please note all those items that have a “GUIDANCE NOTE: Required for High Level Design” must be completed to form a High Level Design (HLD).

Copyright © CHANGEME – Queen Mary University of London. All rights reserved. No part of this document may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the Queen Mary University of London, except in the case of brief quotations embodied in critical reviews and certain other non-commercial uses permitted by copyright law.

For permission requests, write to Assistant Director of CHANGEME, IT Services.

Please note that this document is NOT to be distributed by any means beyond those people listed in any request. This document may not be passed to non QMUL people without express permission

IT Services2

DOCUMENT CONTROL

Change Control TableGUIDANCE NOTE: This document is template version 8.2. Replace the contents of the table below with the version details of the actual SDD you are writing.

Version Amendment Description Release Date Updated by

7.1 (DTL ref. 2562)

Acronym definition added to page 1.

07/05/2019 Martin Evans/PMO

8.1 Contact Details

‘Help desk’ changed to ‘Service Desk’

‘Procurement & Finance’ changed to ‘Business Support’

29/01/2020 David Nye

8.2 Service LevelGold, Silver, Bronze Service Levels incorporated to Section 5

10/11/20 David Nye

1 Approvals GUIDANCE NOTE: Final approved documents will be base lined as V1.0 and placed in the designated document repository.

GUIDANCE NOTE: Required for High Level Design

Approver Title Date of issue Version

2 DistributionGUIDANCE NOTE: Required for High Level Design. This document has been distributed to:

Name Title Date of issue Version

IT Services3

RACI

Responsible Accountable Consult Inform

GUIDANCE NOTE: This should show who is responsible, accountable, consulted and informed with regard the document

IT Services4

3 Contents

Change Control Table.......................................................................................................................... 3

1 Approvals..................................................................................................................................... 3

2 Distribution................................................................................................................................... 3

3 Contents....................................................................................................................................... 5

4 Management Summary................................................................................................................8

4.1 Purpose 8

5 Service information..................................................................................................................... 8

5.1 Service Level Category 8

5.2 Service Level Variation 9

5.3 Service Offering 9

5.4 Service Demand 9

5.5 Business Critical Information 9

5.6 Stakeholders and Service Information 105.6.1 Business Stakeholders and Service Information..........................................................105.6.2 IT Services Stakeholders and Service Information.......................................................105.6.3 FTE Operational Estimate............................................................................................11

5.7 Internal Service Support Details 115.7.1 Service Component Definitions....................................................................................12

5.8 External Supplier Support Information 12

5.9 Standard Changes 13

5.10 Service Processes 13

5.11 Data Compliance 13

6 Service Dependencies...............................................................................................................14

6.1 Technical Dependencies 146.1.1 VMware ESXi and vCenter...........................................................................................146.1.2 Data Centre Network....................................................................................................146.1.3 F5................................................................................................................................. 146.1.4 Janet Certificate Service..............................................................................................156.1.5 Active Directory............................................................................................................156.1.6 Active Directory Certificate Services............................................................................156.1.7 UK Federation and QM Shibboleth Identity Provider....................................................166.1.8 Client Device Requirements.........................................................................................16

6.2 Interface Dependencies 16

7 Solution Architecture................................................................................................................. 16

7.1 Aims & Approach 16

7.2 Application Architecture 177.2.1 COTS or Bespoke Application......................................................................................19

IT Services5

7.3 Operational Specifics 19

7.4 Physical Network Diagram 19

7.5 Logical Network Architecture 19

8 Security....................................................................................................................................... 22

8.1 Authentication and Authorisation 22

8.2 Architectural Security Features 23

8.3 Scope of Access 23

9 Service Component Overview..................................................................................................23

9.1 Virtual Machines 23

9.2 Capacity Analysis 249.2.1 Capacity Forecast........................................................................................................24

9.3 Availability Monitoring 25

9.4 Firewall Configuration 25

9.5 Service Encryption 25

9.6 Automated Maintenance 259.6.1 Database Maintenance................................................................................................259.6.2 File Level Backup.........................................................................................................259.6.3 Log File Maintenance...................................................................................................25

10 Solution Design Technical Details........................................................................................26

10.1 Low Level Details 2610.1.1 Overview:.....................................................................................................................2610.1.2 Server Configurations:.................................................................................................2610.1.3 Active Directory Configuration......................................................................................2810.1.4 Linux Groups:...............................................................................................................2810.1.5 Folder Requests and Permissions...............................................................................2810.1.6 Software Source Arrangements...................................................................................28

10.2 Monitoring 29

10.3 F5 LTM Configuration 2910.3.1 Services Hosted Locally...............................................................................................2910.3.2 Services Hosted across Multiple Servers.....................................................................31

10.4 Client Configuration 3210.4.1 Client Application Deployment......................................................................................3210.4.2 Client Interface Dependencies.....................................................................................3210.4.3 Client Software Dependencies.....................................................................................3210.4.4 Client Configuration Dependencies..............................................................................3210.4.5 Client Software Upgrade Cycle....................................................................................32

11 Testing procedures....................................................................................................................32

12 Recovery Plan........................................................................................................................ 33

13 Benchmarking........................................................................................................................33

13.1 Performance Verification Procedures 33

14 Known Bugs & Workarounds...............................................................................................33

15 Future Opportunities.............................................................................................................34

IT Services6

16 Appendices............................................................................................................................. 34

16.1 UAT Environment differences 34

16.2 UAT Procedures 34

16.3 DEV environment differences 35

16.4 Notes on CHANGEME 35

17 Bibliography........................................................................................................................... 36

IT Services7

4 Management Summary

4.1 Purpose

GUIDANCE NOTE: Required for High Level Design. Please add one or two paragraphs describing what the service is meant to provide. DTL are looking to understand what it does for the university, if there is a standard associated with this then it should also be included.

The Queen Mary University of London (QMUL) has created a centralised, modern computing infrastructure with the aim of consolidating computer resources. This document describes the design required for the ‘CHANGEME service’.

5 Service information

5.1 Service Level Category

GUIDANCE NOTE: to assist with assigning a Service Level Category of Gold, Silver or Bronze:

Determining the Service Level Category should be achieved by discussing the service with the stakeholders to understand the impact unavailability of the service would have on the University. It is a business decision that will be very much dependent upon the service being deployed. The activity should be led by the FRM role working with stakeholders and will engage:

• The Business Service Owner and the ITS Service Owner

• Key stakeholders which may include HR, IT Security, Finance, Admissions etc.

To apply a Service Level the business needs to consider the impact that service unavailability would have on the University operation. The impact will vary in scale for each Service. Examples of the risks to consider (the business needs to work out their own circumstances, these are just typical examples) are:

• The potential for prosecution resulting from breaching legislative requirements.

• The possibility of reputational damage that could lead to various outcomes such as exposure through the media, loss of customers (student intake), damage to organisational peer relationships.

• How we would function if our financial systems capability was impacted.

• Would the loss of student systems during enrolment and clearing cause an issue? An impact on the Universities P&L?

• How would the loss of HR systems hurt us?

Understanding the threats and the scale of impact should inform the decision to assign ‘Gold’, ‘Silver or ‘Bronze’ classification. Service Level definitions can be found at: https://www.its.qmul.ac.uk/services/service-catalogue-items/gold-silver-bronze/

There are three Service Level Categories in use for services within the University. The choice of category is determined by the expected adverse impact that an outage of the service would have on University operations, University assets, or individuals. Which

IT Services8

classification to apply will be agreed by the Business Service Owner and the ITS Service Owner.

The levels are: Gold, Silver and Bronze

The ‘CHANGEME’ service is to be classified as ‘CHANGEME: [Gold, Silver, Bronze]. This is because… CHANGEME.

5.2 Service Level Variation

GUIDANCE: to assist with specifying a Service Level Variation

Service Level Variation should be specified for services that require a varying level of support for specified periods of time. For example, it may be necessary for a service to move from a Silver to a Gold service for a short period when it becomes a critical service..

When the conversation to understand the support requirements takes place, which is owned by the FRM, a picture of the support required should be ascertained. This will inform the decision as to whether any variation is required.

The following Service Level variations are required for the periods specified:

5.3 Service Offering

GUIDANCE NOTE: Service offerings may be Fully Managed, Platform As A Service (PAAS), Infrastructure As A Service (IAAS) or Software As A Service (SAAS). Most services will fall into fully managed or SAAS. If IAAS or PAAS is selected you must raise an exception and document the rationale for this offering.

The service offering for this service is CHANGEME: [Fully Managed (Default), PAAS, IAAS, SAAS]

5.4 Service Demand

GUIDANCE NOTE: Required for High Level Design. Describe the number of Users and User types that the service is designed to support.

This service is currently used by …CHANGEME.

5.5 Business Critical Information

GUIDANCE NOTE: Describe here the differences to the IT Services core support model that are required to support the service. You should include as examples:

• Changes to the hours of support

• Changes to the required response and/or resolution times

• Changes to processes

• Differing escalation procedures

If there are no changes expected to the current support model please retain the default paragraph below:

IT Services9

The service is expected to operate 24x7 and is supported during the normal operational hours of IT Services. At time of writing, this is 8am-6pm Monday-Friday, excluding normal college closure periods.

No changes to the normal operational model of IT Services are expected by the implementation of this design.

5.6 Stakeholders and Service Information

GUIDANCE NOTE: Required for High Level Design, for multiple analysts duplicate analysts role. Where If the Senior User is not known then use the details of the Business Service Owner for the Senior User.

5.6.1 Business Stakeholders and Service Information

Role Attribute ValueBusiness Service Owner

Team Name

Job TitleContact Name

Senior User NameJob TitlePhone Number

5.6.2 IT Services Stakeholders and Service Information

GUIDANCE NOTE: Required for High Level Design, for multiple analysts duplicate the analysts role. Where there are split responsibilities for a service then use multiple entries with a prefix, for example Applications and Database Support can be listed as 3rd line and 1st

Line could be for client devices with 2nd line being someone in the Campus Customer Support team.

IT Service Owner should be the Assistant Director of the team providing third line support.

Role Attribute ValueIT Service Owner Team Name

Job TitleContact Name

1st Line Support Team Name IT Service Desk

Email Address [email protected] Number 8888

2nd Line Support Team Name N/AEmail Address N/APhone Number N/A

3rd Line Support Team Name

Team Email AddressPrimary/Secondary AnalystPhone Number(s)

3rd Line DBA Support

Team Name GUIDANCE NOTE: Delete this row if DBA support is not required

Team Email GUIDANCE NOTE: Delete row if not

IT Services10

mailto:[email protected]

Address requiredPrimary/Secondary Analyst

GUIDANCE NOTE: Delete row if not required

Phone Number(s) GUIDANCE NOTE: Delete row if not required

3rd Party Support Company Name GUIDANCE NOTE: Delete row if not required

Email Address GUIDANCE NOTE: Delete row if not required

Phone Number GUIDANCE NOTE: Delete row if not required

Self Service Portal GUIDANCE NOTE: Delete row if not required

5.6.3 FTE Operational Estimate

GUIDANCE NOTE: The numbers to be used in this section are estimates only. Current suggested guidance is to use 0.1 FTE for LAMP or Web servers.

Detail the FTE operational estimate required to run the service:

We estimate this service will require n FTE’s to support the service.

456

5.7 Internal Service Support Details

GUIDANCE NOTE: Please describe here the teams within it services that are expected to be responsible for the normal operation of this application. Please alter the table as appropriate and delete entries that are not relevant to your application.

The following teams will be supporting various components:

Service Component Responsible Team

F5 load balancing & Networking

Network Operations & Network Design and Delivery / Network Services / Infrastructure

1st Line & General Support IT Service Desk

Application Support Vendor

Application software Corporate Applications / Application Technical Support (ATS) / ApplicationsAcademic Applications / Application Technical Support (ATS) / ApplicationsLAMP Applications Team / Application Technical Support (ATS) / ApplicationsLAMP Platform Team / Data Centre Services / InfrastructureFaculty / School

Database Database Services Team / Application Technical Support (ATS) / Applications LAMP Platform Team / Data Centre Services / Infrastructure

IT Services11

Service Component Responsible Team

Virtual Machines & the hardware supporting them.

Servers & Storage / Data Centre Services / Infrastructure

Infrastructure Software Infrastructure Software / Data Centre Services / Infrastructure

Firewalling & Networking / F5 load balancers/ Datacentre ASA Firewalls /

Networks Development / Networks & Telephony / Infrastructure

Security Policies & Standards

IT Security / Infrastructure

Application Software/components (Client side)

Client Devices / Client Services and Audio Visual Design / Infrastructure

Microsoft System Centre Operation Manager (SCOM) / Nagios

Servers & Storage / Data Centre Services / Infrastructure

Microsoft Remote Desktop / Web Service (RDS)

Client Devices / Client Services and Audio Visual Design / Infrastructure

Laptop/Desktop Replacement

Campus Customer Support / Student & Staff Services

Application Packaging Client Devices / Client Services and Audio Visual Design / Infrastructure

Laptop/Desktop Lease Business Support

Application Licensing Business Support

5.7.1 Service Component Definitions

5.7.1.1 General SupportIncident Management Guidelines [2], Incident Management Policy [3], Request Fulfilment Guidelines [4] and Request Fulfilment Policy [5] documentation is available.

5.7.1.2 Other ComponentsPlease refer to the relevant Service Design Documents.

5.8 External Supplier Support Information

Guidance Note: Please detail here all the information you have about any third party supplier relationships. It should include information (if it is relevant) about:

Who the supplier is (please provide their company name, address, email and website).

What components or services the contracts pertain to.

What contracts or licenses have been arranged and by whom.

Where those contract or licenses are kept (at QM) – please provide a media location via the references feature of word and state who is responsible for arranging them.

IT Services12

Any key people in the 3rd party organisation e.g. the account manager and his/her contact information.

If it is a support contract, provide relevant support contact information. In particular, contact details on how to obtain support.

5.9 Standard Changes

Guidance Note: All standard changes that will be required to support the service in operation should be documented. Start by making reference to any existing standard changes that have been defined.

The changes should be documented using the standard QMUL template located by following this link for more information on the Change Management intranet page [6].

All standard changes must be listed in this document as a cross reference to the fully documented versions. A URL must be provided to allow the reviewers of this document to review the changes.

“A Standard Change is a pre-approved, relatively common, well known, documented, low risk Change. The change activity normally happens frequently and would not normally require any scheduling or communication beyond informing a user or small group. As such, it is quite common for a Standard Change (SC) to have previously been a Non-Standard Change (NSC) which has been approved by the appropriate Change Authority to become an SC and CAB notified. Standard Changes will be often implemented after being requested via the Request Fulfilment Process, some of which might have been directly recorded and passed for action by the Service Desk.”

There are no standard changes associated with this system. Everything is automatic or requires a non-standard or emergency change request.

5.10 Service Processes

Guidance Note: These are the processes that are used to operate the service. For example for account maintenance, password resets. A service shouldn’t go into production if the Service Desk, the business support teams (HR, Finance etc.) and the second line support teams can’t operate or maintain them.

There are no service processes associated with this service.

5.11 Data Compliance

GUIDANCE NOTE: Required for High Level Design. Please state the classification of information held by the application. The various types of classification are detailed in the Information Classification document at http://www.its.qmul.ac.uk/Documents/Governance/SOPs/142319.pdf. It is recommended that the classification of information should be discussed initially with IT Security during the completion of the SDD. Please also complete the following:

The data processed and held by this application is subject to QMUL Information Governance regulations and policies. The data owner is the person who is ultimately accountable for the data. The data custodian is the person who is looking after the data. For example the HR System\data is owned by the HR Director and the custodian is the Assistant Director, Applications IT Services.

IT Services13

Data Classification: CHANGEME: Name (Confidential, Restricted, Open or Protect)

Data Owner: CHANGEME: Name & Role

Data Custodian: CHANGEME: Name & Role

Has the data governance group reviewed the use of the data held by this system: YES/NO

If the data governance group has not reviewed the information then a brief explanation should be given. If they have, then a statement and reference to the response should also be given stating the outcome of their findings.

The email address of the Data Governance Group is [email protected]. When sending emails to the above address please ensure mark it for the attention of Paul Smallcombe, Records and Information Compliance Manager.

6 Service DependenciesGUIDANCE NOTE: Please alter this section to describe all existing services that are used in the design.

6.1 Technical Dependencies


GUIDANCE NOTE: Please add in any technical dependencies. A technical dependency is any component of the service that is being used that has already been built and should really be described in detail elsewhere. Ideally, one paragraph explaining what the component does [citing another service design document which details the service]. Another subsequent paragraph should be provided explaining in slightly more detail how this component is used.

GUIDANCE NOTE: Please note that the items listed in this section are really dependencies in your design. So if you are not using some of the standard components listed below please remove them and add any additional dependencies.

These are the technical dependencies for the service design:

6.1.1 VMware ESXi and vCenter

GUIDANCE NOTE: Please state the Data Centre(s) where the service will be hosted.

Hosts all Server components in DC1 (Mile End) and DC2 (Enfield).

6.1.2 Data Centre Network

The application architecture complies with the “Data Centre Application Security Zones” SDD and the firewalling requirements are specified in the relevant NCRF document.

6.1.3 F5

6.1.3.1 F5 Global Traffic Manager (GTM) ConfigurationGUIDANCE NOTE: Required for High Level Design.

GUIDANCE NOTE: The F5 GTM is only required if this service will be hosted in both DC1 and DC2, or if VMware SRM (Site Recovery Manager) is to be configured.

GUIDANCE NOTE: Please choose one of the following or write your own.

IT Services14

mailto:[email protected]

The F5 Global Traffic Manager (GTM) is not required by this service.

The F5 Global Traffic Manager (GTM) is required by this service and should be configured to load balance traffic across both Data Centres (DC1 and DC2).

The F5 Global Traffic Manager (GTM) is required by this service and should be configured to prefer Data Centre CHANGEME: [DC1,DC2]

6.1.3.2 F5 Local Traffic Manager (LTM) ConfigurationGUIDANCE NOTE: Required for High Level Design.

GUIDANCE NOTE: Please choose one of the following or write your own.

<Choose one from the two options below>

The F5 Local Traffic Manager (LTM) is not required by this service.

The F5 Local Traffic Manager (LTM) is required by this service. The LTM configuration required for the website(s) provided by this service are detailed in Section Error: Reference source not found (F5 Configuration).

6.1.4 Janet Certificate Service

GUIDANCE NOTE: The Network Development group can source and provide x509 SSL certificates if they are provided with a Certificate Signing Request. These, by default should be used on any publicly accessible SSL endpoint (e.g. HTTPS termination on the F5s) because the root Certificates for these are widely published and available on most commodity equipment. If you are doing this, the following default sentence is sufficient.

The Janet Certificate Service will be used to provide all digital certificate requirements. Where appropriate, communication will be secured using SSL and x509 and digital certificates.

6.1.5 Active Directory

GUIDANCE NOTE: Please use the following default sentence, however please also add an additional paragraph that explains the use of any AD groups, service accounts or other relevant authorisation mechanisms you are using. If you are not using Active Directory please explain why.

Authentication and Authorization for this service is still to be provided by the colleges QM Active Directory Domain. All users, computers, groups and policies will be managed with this.

6.1.6 Active Directory Certificate Services

GUIDANCE NOTE: The root certificates for our internal windows PKI infrastructure are not commonly available. However, they are often used by internal windows components. If your design uses these features please include this section and state where the certificates are used. These certificates are NOT suitable for use on publically available SSL endpoints (e.g. HTTPS).

The Active Directory Certificate Services system will provide all certificates that are not publically visible. These certificates are not signed by a public Certificate Authority.

IT Services15

6.1.7 UK Federation and QM Shibboleth Identity Provider

GUIDANCE NOTE: This section should consist of one of the following paragraphs. Low level details should state how the SP is to be configured. You must cite both the UK federation website and the shibboleth SDD.

QMUL is a member [8] of the UK Federation [9] and our accounts are federated to all members of their trust fabric. This service will join the UK Federation as a Service Provider. The access controls on the Service Provider will be modified to allow QMUL accounts to log in.

or

QMUL is a member [8] of the UK Federation [9] and our accounts are federated to all members of their trust fabric. Unfortunately, it is not possible for this service to join the UK Federation because...(CHANGE ME). Therefore the QM Shibboleth Identity provider will be reconfigured to directly federate with this entity.

6.1.8 Client Device Requirements

GUIDANCE NOTE: This section should list any managed client system requirements. This should include applications or any other components.

YES/NO

If YES please add include details in Section 10.4 Client Configuration.

6.2 Interface Dependencies


GUIDANCE NOTE: Please describe the interfaces to other applications. E.g. links to the finance system, HR or SITS. Please also, where appropriate, add these to any diagrams you include later on and cross-reference. Two examples:

• This service depends on an extract of the SITS data, name and stucode as provided by the extract service via an automated CSV file upload over http.

• This service depends on AGRESSO direct database link to support procurement and authorisation from its own service request records.

Any detailed specification of the interface should be placed in a technical appendix or a separate document and referenced.

Please add these interface dependencies in subsections as appropriate, e.g. ‘6.2.1 SITS Interface’

7 Solution Architecture

7.1 Aims & Approach


IT Services16

GUIDANCE NOTE: Please indicate very briefly if the system you are designing is intended to be highly resilient or if it is acceptable to have various SPOFs. Please choose ONE of the two paragraphs. If you do not have this information, please consult with your Project Board or Line Manager.

Supplying the aims of the architecture is now mandatory. There should be a list of features, resiliency and software used.

It is understood, from the project board that initiated this work, that the production version of this system is intended to have no Single Point of Failures (SPOF) within its design that result in extended loss of service. This includes the loss of a single data centre. This architecture fulfils this requirement.

It is understood, from the project board that initiated this work that this design can include Single Points of Failure (SPOF) that may lead to extended outages that may have to be rectified by manual intervention. It is acceptable to place the production version of this system in a single data centre. This architecture fulfils this requirement.

GUIDANCE NOTE: Please append any pertinent aims or requirements that have influenced the design. These could be to accommodate a particular feature or to meet the design standards of the software supplier. If you are working to a third party supplier design, please reference any webpages or documents from this section.

7.2 Application Architecture


GUIDANCE NOTE: Please describe here, in words, the physical arrangements of the solution. This should state if components are in DC1 (Mile End), DC2 (Enfield) or elsewhere (e.g. ULCC or DC3).

GUIDANCE NOTE: Please note that if the application architecture is simple (e.g. contains one or two servers with minimal interconnections) then a logical diagram is not required and the mandatory diagram in Section 7.5 will suffice. In all other cases a logical diagram is expected.

Note that adding a logical diagram will provide DTL reviewers with additional information that will aid the understanding of the design.

GUIDANCE NOTE: When considering where a database should reside within the network security model please consider the following. Note that in many cases it is expected that the application and database will run on separate servers. For LAMP web services please refer to the LAMP SDD template.

Databases with a Restrict data classification should reside in the Database layer. With an approved DTL exception they can be to be placed in the Application layer. They should never be placed in the Web layer.

Databases with an Open or Protect data classification can reside in either the Database or Application layer. A reason should be provided in the SDD.

If the application and database cannot be separated and the data classification is Restrict then the server should be placed in the Application layer with an approved DTL exception. In the case of an Open or Protect data classifications the server can be placed in the Web layer (reason should be provided in the SDD).

IT Services17

SQL Server & Oracle databases are only supported in the Application and Database layers (with an appropriate DTL exception for the Application layer).

Web App Database Other

Open/Protect MySQL/PostGreSQL (Typically LAMP)

MySQL; PostGreSQL; SQL Server; Oracle

ALL DATABASES

ALL DATABASES

Restricted None MySQL; PostGreSQL; SQL Server; Oracle

ALL DATABASES

ALL DATABASES

GUIDANCE NOTE: Sample Application architecture description

The application consists of two dedicated Staff Surveillance System servers situated in the VMware DC1 and DC2 hardware environments. These offer Apache2 web services which are load balanced by our F5 appliance. Within each VM an instance of the Staff Surveillance System server software is running and its session data (or “cookie jar”) is block level replicated between the servers.

This block level replication is an essential feature. The properties required are such that the session data, once negotiated by one Staff Surveillance System server must be available on the other server so that the service can avoid an obvious race-condition where some of the data on an Staff Surveillance System protected web page is forbidden the Staff Surveillance System server that responded did not possess the session information. This solution satisfies that, whereas DFS-R does not.

Other architectures were also considered. These included mounting a CIFS or NFS volume in place of the block level replication. However, each one of these designs, in an emergency situation where we have lost one DC all required manual intervention or the coding of some bespoke daemon to manage the mount points.

The design also offers IPv6 end points on the F5’s. The F5s can handle IPv6.

This architecture is illustrated in Figure 1: Logical application architecture.

Figure 1: Logical application architecture.

IT Services18

7.2.1 COTS or Bespoke Application

GUIDANCE NOTE: Please describe here, in words, if the application is either COTS (commercial off-the-shelf) or bespoke.

If the application is bespoke please specify the development languages used and specify the source code location is Section 10.1.7.

7.3 Operational Specifics


GUIDANCE NOTE: Please explain here how the service operates or give references to web pages or other documents that explain its operation.

7.4 Physical Network Diagram

GUIDANCE NOTE: Required for High Level Design (only if relevant).

GUIDANCE NOTE: Please use the following paragraph unless you suspect that it is not true. If so, please state why and what changes are physically required to be made to the QMUL network.

It may be assumed that the network is not vulnerable to SPOF and will supply necessary bandwidth.

7.5 Logical Network Architecture


GUIDANCE NOTE: This section should state what connectivity and firewall rules are required to support your system. It should, in essence be an overview of the Network Configuration Request form contents. It should contain a reference to the Network Configuration Request form. This should be completed in the following table format

APPLICATION SPECIFIC INBOUND CONNECTION (Connection To)

Description Protocol Port Port Description

APPLICATION OUTBOUND (Connections FROM)


GUIDANCE NOTE: Example table

APPLICATION SPECIFIC INBOUND CONNECTION (Connection To)


TDS Central Workstation TCP 27027 Dongle

APPLICATION OUTBOUND (Connections FROM)TDS Workstations TCP 27027 DongleTDS Workstations TCP 1433 MSSQLTDS Central Workstation TCP 1433 MSSQL

IT Services19

TDS Workstations SMB 445 File ShareTDS Central Workstation SMB 445 File Share

These requirements of the network are illustrated in Figure 2.

GUIDANCE NOTE: The network diagram in the format shown below must be included in the SDD.

GUIDANCE NOTE: The network diagram should show the connections between the components of the system and will run in the direction from which network traffic is initiated. i.e. from the source to the destination. An arrowhead should be shown at the destination only.

GUIDANCE NOTE: The network diagram or text should indicate clearly in which Security Domain (e.g. SD05) each component resides. A template is embedded below for use

GUIDANCE NOTE: The network diagram must include remote access connections for ITS Admin (SSH/RDP). Note connections from VLAN 8/9 should not be included.

GUIDANCE NOTE: Please make sure that you embed all Visio diagrams into the document so they are able to be edited at a later date.

These details have been written into the current CHANGEME NCRF form [10].

IT Services20

Figure 2: Logical Network Architecture

8 Security

8.1 Authentication and Authorisation

GUIDANCE NOTE: Required for High Level Design.

GUIDANCE NOTE: Please state here how users are authenticated in your design, how access control for both users, web content editors (in the case of Web services)and administrators or any other group is achieved. For example,

“To add a new user of the: service the user should have a standard IT Services Active Directory Account and they must also be members of the GG-APP-Users Active Directory group.”

IT Services21

“Web content editors access the service via an administrative login page (https://service-url-admin.school.qmul.ac.uk/) and are authenticated via the QMUL openLDAP service.”. “Application administrators need to be members of the GG-APP-Admins group.”

8.2 Architectural Security Features


GUIDANCE NOTE: Please indicate if there are any intrusion detection mechanisms, URL sanitisers or other proactive security measures in the design. Anything listed here is specific to this design.

No intrusion detection systems are featured in this design.

8.3 Scope of Access


GUIDANCE NOTE: Please state in this section where the application is to be presented. Please choose one of the following or write your own.

This service is intended for:

Use on the internet by members of the public and QM. Use on the internet by QM staff members only. Use on the internet by QM staff and students only. Use on the QM Campus Network by members of the public and QM. Use on the QM Campus Network by QM staff members only. Use on the QM Campus Network by QM staff and students only. Use on a subsection the QM Campus Network by members of the public and QM.

CHANGEME: please elaborate. Use on a subsection of the QM Campus Network by QM staff members only.

CHANGEME: please elaborate. Use on a subsection of the QM Campus Network by QM staff and students only.

CHANGEME: please elaborate.

9 Service Component OverviewIn addition to the technical dependences above, this service has a number of core components which are described here:

1.

9.1 Virtual Machines


GUIDANCE NOTE: Please provide a description of the virtual machines required by your design. This should be a high level overview. The details can be placed in section 10.

The design requires two Windows 2032r2 65 bit servers to answer requests from the G6 load balancers which provide the end point services to users. These run the Foo application software components [11]. These servers require a shared database to store session data – this is a record of the current active login sessions.

IT Services22

GUIDANCE NOTE: if there is a requirement for Tier 1 storage it should be detailed and why the need for tier 1 storage otherwise it is assumed that all storage allocated will be tier 2. Currently the DC uses IBM v7000 using easy tier

Tier 1 is 5% SSD disks with 10000RPM spindle

Tier 2 is mixture of 10000RPM and 8000RPM

Please note that VMs can only be provisioned with storage in Tier1 or Tier2, not a mix of the two.

Servers will be named XXX-YYY-ZZ, where XXX is a application code, YYY is a role code and NN is the server number agreed according to the Data Centre naming standards [Refer to http://wiki.its.qmul.ac.uk/data-centre-services/naming_standards]

9.2 Capacity Analysis

GUIDANCE NOTE: If the machine is not expected to grow in size please retain the following default sentence. Otherwise, complete section 9.2.1.

The service is not expected to grow in size beyond the initial provisioning over the entire lifetime of the service.

9.2.1 Capacity Forecast

GUIDANCE NOTE: Please provide estimates on how the size of the virtual machines or any other relevant component is expected to grow over time. This includes scalability, throughput, availability requirements, storage, resource utilization, security, backups, event log growth etc.

If applicable, describe historical capacity growth patterns. Explain how future expected capacity requirements have been identified and analysed and how they will be monitored and managed. Below is a basic example of a table to illustrate one approach for monitoring and managing future capacity.

Area/ItemMonitored

CapacityRequirement(s)

% Increase NeededPer Time Period

CapacityThreshold

Threshold Response Strategy(Action to Be Take Upon Reaching Threshold(s))

<Hard Drive Storage>

<enter capacity requirements and measures>

<enter projected increases over intervals of time>

<enter acceptable capacity threshold(s)>

<enter response strategies to varying threshold limits. Threshold is defined as the level at which an event or change occurs>

<Number of Project Staff>

9.3 Availability Monitoring

GUIDANCE NOTE: Basic service machine monitoring will be accomplished by SCOM and or Nagios which will be configured to monitor the VM availability and any other pertinent data. Please describe here what monitoring is to be configured for this service.

IT Services23

Basic machine monitoring will be accomplished by Nagios and SCOM which will be configured to monitor the VM availability and any other pertinent data.

9.4 Firewall Configuration

GUIDANCE NOTE: Please explain here any necessary network firewalling and why it is required. The additional requirements described here should be those in addition to the default firewalling provided by Networks for the classification of the application.

The specifics of the Cisco Core ASA firewall configuration are recorded in the NCRF for this SDD document.

The Cisco Core 5585-X ASA firewalls will be configured to allow the traffic flows outlined within section 7.5 of this SDD.

9.5 Service Encryption

GUIDANCE NOTE: Please explain here any use of encryption in your application and why it is required.

By default service encryption will be terminated on the F5 unless there is a requirement to have SSL terminated at the server.

9.6 Automated Maintenance

GUIDANCE NOTE: Please state in this section any maintenance activities. These should cover only automated automatic housekeeping tasks. Manual maintenance activities (e.g. uploading spreadsheet data) should be covered in the standard changes (section 5.9).

There are no automatic (scheduled or otherwise) maintenance activities required.

9.6.1 Database Maintenance

GUIDANCE NOTE: Please state, in this section, where any database maintenance activities exists, it should be noted that if a database exists it should follow the standard maintenance plan and you should detail any exceptions to this

Database will be maintained as per standard database administration procedures: http://wiki.its.qmul.ac.uk/database-admin/start

9.6.2 File Level Backup

GUIDANCE NOTE: Please state, in this section, any file level backups that are required using TSM that are not part of the standard service offering from Servers & Storage.

9.6.3 Log File Maintenance

GUIDANCE NOTE: Please state in this section any log file maintenance configured on the server.

GUIDANCE NOTE: Example text

Log Rotate is configured to rotate logs weekly and keep four weeks of log files.

10 Solution Design Technical Details

IT Services24

http://wiki.its.qmul.ac.uk/database-admin/start

10.1 Low Level Details

GUIDANCE NOTE: This section should be modified as appropriate so as to give a low level description of what the system actually consists of. Please change the example text and the structure of this section to describe the design in detail:

10.1.1 Overview:

Overview ValueApplication Name G4SApplication & Role Codes [13]

SQL-G4SG4S-APPG4S-WEB

Number of Servers 3Server FQDNs SQL-G4S-01.qm.ds.qmul.ac.uk

G4S-APP-01.qm.ds.qmul.ac.ukG4S-WEB-01.server.qmul.ac.uk

Data Centre (DC1, DC2, DC1 & DC2)

DC2

10.1.2 Server Configurations:

GUIDANCE NOTE: Please complete one table per server

Specification ValueServer Name SQL-G4S-01.qm.ds.qmul.ac.ukVirtual Machine TRUERAM 16GB# CPUS/CORES 1 CPU/2 CoresOS Windows Server 2012Storage Tier (Tier 1 / Tier 2)

Tier 1

SRM (Yes/No) NoPublic or Private IP address

Private

Security Zone (WEB/APP/DB)

DB

Administrator Group ITS-DBAData Centre DC1 or DC2

Disk configurationVolume TYPE Size PurposeC: Operating System 50GB Operating SystemD: Data Volume 50GB SQL Database FilesE: SQLDATA Data Volume 50GB Primary SQL Data

AreaF: SQLLOG Data Volume 50GB Primary SQL Log

AreaH: BACKUP Data Volume 100GB Default SQL Backup I:TEMPDATA Data Volume 100GB TEMP Database Data J:TEMPLOG Data Volume 50GB TEMP Database Log P: Page File 100GB Page FileTSM File Level (Yes/No) YesTSM Details H:/ only

IT Services25

Specification ValueServer Name G4S-APP-01.qm.ds.qmul.ac.ukVirtual Machine TRUERAM 8GB# CPUS/CORES 1 CPU/2 CoresOS Windows Server 2012Storage Tier (Tier 1 / Tier 2)

Tier 2


Private


APP

Administrator Group ITS-CAData Centre DC1 or DC2

Disk configurationVolume TYPE Size PurposeC: Operating System 50GB Operating SystemD: Data Volume 50GB Application FilesP: Page File 100GB Page FileTSM File Level (Yes/No) NoTSM Details N/A

Specification ValueServer Name G4S-WEB-01.server.qmul.ac.ukVirtual Machine TRUERAM 8GB# CPUS/CORES 2 CPU/6 CoresOS Red Hat Linux 6Storage Tier (Tier 1 / Tier 2)

Tier 2


Private


WEB

Administrator Group ITS-CAData Centre DC1 or DC2

Disk configurationVolume TYPE Size Purpose/ EXT4 50GB Operating system and

application files./boot EXT4 512MB Kernels and

bootloader./home EXT4 512MB Scratch data for

system admins./tmp EXT4 5GB Temporary files/var EXT4 30GB Operating system and

application files.

IT Services26

Swap space 5GB Swap spaceTSM File Level (Yes/No) NoTSM Details N/A

10.1.3 Active Directory Configuration

10.1.3.1 Active Directory Groups:Administrative security group membership:

Name Description Managed ByGG-G4S-Application-Administrators

G4S Application Administrators

QM\GG-ITS-Corporate-Applications-Admin-Accounts

GG-G4S-Application-Users G4S Users QM\GG-ITS-Corporate-Applications-Admin-Accounts

10.1.3.2 Active Directory Accounts:Application Service Accounts:

Name DescriptionSRV-G4S-SQL-AG-01 Service Account for Database AgentSRV-G4S-SQL-DB-01 Service Account for Database Server

10.1.4 Linux Groups:

Administrative security accounts or group membership:

Puppet Account or Group DescriptionITS-CA sudoers

10.1.5 Folder Requests and Permissions

DFS Details:

DFS Share Path Administrator Group\\qm.ds.qmul.ac.uk\APP\PROD\G4S QM\GG-ITS-Corporate-Applications-Admin-Accounts

10.1.6 Software Source Arrangements

GUIDANCE NOTE: Give details of software source storage location and ESCROW arrangements with 3rd party suppliers where applicable.

If Application is bespoke (Section 7.2.1) please specify the Source location of the code.

10.2 Monitoring

The following monitoring will be set up as part of the solution.

Basic VM monitoring (this is a package of system related virtual machine monitoring options. They include:

- Monitoring of the backup processes – if they are alive or not- Disk usage- Swap space used- Ping- NTP (Network Time) is within - ssh availability

IT Services27

The F5 LTMs will also need to perform monitoring of the Staff Surveillance System server service addresses to correctly monitor and transfer load.

10.3 F5 LTM Configuration

GUIDANCE NOTE: Required for High Level Design (if relevant).

<If the F5 LTM functionality is required as noted in Section 6.1.n the detailed configuration should be completed here. One or more of the following sections will need to be completed depending on the service requirements. If no F5 LTM configuration is required leave as N/A.>

N/A

10.3.1 Services Hosted Locally

Please complete this section for services that are hosted solely on servers included in this SDD

10.3.1.1 Services Hosted Locally – No Conditions<Where a website (or websites) is hosted solely on servers included in this SDD but no Conditional Forwarding or URI Rewrites are required, include this section. Otherwise leave as N/A.>

N/A

10.3.1.1.1 HTTP Services RequiredService(s): http://service1-url.school.qmul.ac.uk

http://service2-url.school.qmul.ac.uk

F5 Configuration: The F5 LTM is required for unencrypted (HTTP) traffic. SSL traffic will not be terminated by the F5 LTM or passed through it.

<This statement will apply to all services listed above>

X-Forwarded-For: The X-Forwarded-For Header [Select either: should | should not] be inserted.

<Details of the X-Forwarded-For configuration should be included in the NCRF>

Custom Requirements: <Details of the custom requirements for the service should be specified in this section (e.g. logging)>

10.3.1.1.2 HTTPS Services RequiredService(s): https://service1-url.school.qmul.ac.uk

F5 Configuration: [Insert one of the following F5 Statements]

The F5 LTM is required to (1) redirect client requests on HTTP to HTTPS, (2) terminate HTTPS, off load SSL and pass HTTP traffic for this service.

The F5 LTM is required to (1) redirect client requests on HTTP to HTTPS (2) terminate HTTPS, off load SSL, re-encrypt and pass HTTPS traffic for this service.

The F5 LTM is required for encrypted (HTTPS) traffic, terminate HTTPS, off load SSL, re-encrypt and pass HTTPS traffic for this service.

The F5 LTM is required for encrypted (HTTPS) traffic, terminate HTTPS, off load SSL and pass HTTP traffic for this service.

IT Services28

The F5 LTM is required to redirect client requests on HTTP to HTTPS. In addition, a DTL exception has been approved for the F5 LTM to be configured in Pass Through mode, i.e. SSL encrypted traffic is forwarded to the service without any F5 LTM certificate management (HTTPS terminates on back-end server).

A DTL exception has been approved for the F5 LTM to be configured in Pass Through mode, i.e. SSL encrypted traffic is forwarded to the service without any F5 LTM certificate management (HTTPS terminates on back-end server).

<This statement will apply to all services listed above>


<Details of the X-Forwarded-For configuration should be included in the NCRF>


10.3.1.2 Services Hosted Locally – URI Rewrites<Where a website is hosted solely on servers included in this SDD and uses URI Rewrites, include this section. Otherwise leave as N/A>

N/A

10.3.1.2.1 HTTP Services RequiredService(s): http://service-w-url.school.qmul.ac.uk

http://service-x-url.school.qmul.ac.uk

F5 Configuration: The F5 Local Traffic Manager (LTM) is required for unencrypted (HTTP) traffic. SSL traffic will not be terminated by the F5 LTM or passed through it.



URI Rewrite Configuration: <Complete the table for all Service URLs requiring URI rewrites>

Uri String Uri Rewrite Forward to Server Port/student/ /student/school/ abc-xyz-01 80/staff/ /staff/school/ abc-xyz-01 80

10.3.1.2.2 HTTPS Services RequiredService(s): https://service-url.school.qmul.ac.uk

F5 Configuration: [Insert one of the six F5 Statements listed in Section 10.3.1.2.2]



URI Rewrite Configuration: <Complete the table for all Service URLs requiring URI rewrites>

IT Services29

Uri String Uri Rewrite Forward to Server Port/student/ /student/school/ abc-xyz-01 80/staff/ /staff/school/ abc-xyz-01 80

10.3.2 Services Hosted across Multiple Servers

<In some cases the servers in this design may host part of a web service. In these cases please include the details of the services hosted by this design in the sections below. Please complete the details for both HTTP and HTTPS services>

The following sections provide details of the configuration of the services that are served from this design (or server) where parts of the service may be detailed in a separate design.

Note: For information about other servers hosting components of this website please refer to the SDD CHANGEME <please add document reference(s), for example ‘EECS Reverse Proxy Service’>.

10.3.2.1 [Select either: HTTP | HTTPS | HTTP & HTTPS] ServicesService(s): http(s)://service-url.school.qmul.ac.uk

Conditional Forwarding Configuration: <Complete the table for all Service URLs requiring Conditional Forwarding>

Uri String Forward to Server Port/staff/ abc-xyz-01 80/student/ abc-xyz-01 80

URI Rewrite Configuration <Complete the table for all Service URLs requiring URI rewrites>

Uri String Uri Rewrite Forward to Server Port/staff/ /staff/school/ abc-xyz-01 80/student/ /student/school/ abc-xyz-01 80

10.4 Client Configuration

GUIDANCE NOTE: Please add information for the Client side configuration for the service.If no client configuration is required then insert N/A.

10.4.1 Client Application Deployment

GUIDANCE NOTE: Please outline in this section the deployment methodology for client applications. Some currently supported methodologies are shown below:

Fat client Virtualized app Remote App

10.4.2 Client Interface Dependencies

GUIDANCE NOTE: Please list any interfaces with local or remote software. Some examples are shown below:

ODBC/JDBC, SQL Interaction with any other software (e.g. office, acrobat) External special hardware requirements (e.g. USB, Bluetooth, dongle, serial, parallel

ports)

IT Services30

10.4.3 Client Software Dependencies

GUIDANCE NOTE: Please list any client software dependencies. Some examples are shown below:

What are the operating system requirements (e.g. Win 8.1, Win 10) or OS architecture (e.g. x86, x64)

Please list any additional software dependencies like .NET or Java (include version numbers), browser plugins or office plugins

License validation – license keys or license server Local windows services or message queueing Special privilege requirements for monitoring or debug functions

10.4.4 Client Configuration Dependencies

GUIDANCE NOTE: Please list any dependencies. Some examples are shown below:

Trusted sites (e.g. IE, Java, Click-once) Workstation firewall

10.4.5 Client Software Upgrade Cycle

GUIDANCE NOTE: Please state if a regular upgrade cycle is required (e.g. required by legislation):-

11 Testing proceduresGUIDANCE NOTE: Please list here (or reference any documents) that contain your testing procedures for application and client side testing. These can include automated regression testing or manual checks.

12 Recovery PlanGUIDANCE NOTES: Please describe in this section what you regard as the major failure mode possibilities and either describe the steps required to restore service or cite a document that describes these. For example:

“Failure of N-Series CIFS file-store in DC1. If this component fails asynchronous data replication to DC2 will need to be broken and the DC2 controller declared as the master controller. Please see Appendix X: DR Controller failure in DC1 for the steps required to do this.”

13 BenchmarkingGUIDANCE NOTE: Please indicate, in this section, what benchmarking has been performed. I.e. How have you compared the design to the expected day-to-day performance.

Benchmarking is not a mandatory requirement for DTL approval. However, the DTL Approval Team may comment on an application’s performance requirements which may lead to a request for some performance measurements to be completed prior to approval.

IT Services31

13.1 Performance Verification Procedures

GUIDANCE NOTE: Describe the procedures to be used to monitor and verify performance of the service overall. These may be used to ensure performance is maintained at required levels.

14 Known Bugs & WorkaroundsGUIDANCE NOTE: Please indicate, in this section, if there are any known bugs or deficiencies in the system that have been noted and agreed as acceptable for go-live by your project board. Each bug should contain the following information:

ISSUE: System crashes when user uploads file with NULL character.

IMPACT: Application server crashes.

SECURITY ISSUE: Unknown, but system is only available to 5 people.

MITIGATION: Apps team to restart server. User education.

PROJECT BOARD OR HEAD OF SERVICE SIGNOFF: OK

IT Services32

15 Future OpportunitiesGUIDANCE NOTE: This section is optional. If you foresee any obvious enhancements to this project that are feasible with additional effort please describe them briefly here. For example:

“Although the application has been configured to use local database tables for authentication and access control a better approach would be to use the UK Federation.”

At this time no future opportunities have been agreed.

16 Appendices

1.

2.

3.

4.

5.

6.

16.1 UAT Environment differences

GUIDANCE NOTE: Please describe here any differences between the UAT environment and the production environment proposed above. This should include changes to hostnames, networking number of servers and any appropriate items. Please use cross-references to numbered sections above. Please add a diagram where the numbered section above requires one. See examples below.

Section Error: Reference source not found: The UAT logical network architecture is as depicted in Figure 3.

IT Services33

Figure 3: UAT Logical Network Architecture

Section Error: Reference source not found: There are only 2 webservers in the UAT environment, two is the minimum number required to test out F5 load balancing. These are named UAT-APR-PHP-01 and UAT-APR-PHP-02.

Section Error: Reference source not found: The UAT environment contains a 1GB /u01 volume as it is only handling dummy records.

16.2 UAT Procedures

GUIDANCE NOTE: Please describe here (or reference another document which contains). Any agreed User Acceptance Testing tests that have been adopted.

16.3 DEV environment differences

GUIDANCE NOTE: If you have created a Development Request Document please reference that here with the following text. Otherwise, please describe the DIFFERENCES between the DEV environment and the Production environment.

The DEV environment is described by the Development Request Document for this service [14]

16.4 Notes on CHANGEME

GUIDANCE NOTE: This section can be considered to be an appendix detailing Extremely Low Level details. Please add or reference any useful notes that may be of assistance to future designers or BAU Operations staff. The DTL will not read this section nor comment on it. Please add more sections as required. Please use a fixed font for code/configuration examples. Please remove the following example:Gluster installation notes on a CentOS 6.5~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~by [email protected] on Mon May 19 15:59:59 BST 2014

Based on notes from October 2011.

Install on block devices (/dev/vda2).

Reference:

IT Services34

http://www.gluster.org/community/documentation/index.php/Getting_started_rrqsg

0. Prerequisites.

Centos 6.5 minimal install.Networking configured.

Install gluster repo

# cd /etc/yum.repos.d/# wget http://download.gluster.org/pub/gluster/glusterfs/LATEST/RHEL/glusterfs-epel.repo

Install gluster server and client# yum install glusterfs-server

1. Start GlusterFS

# chkconfig --level 235 glusterd on# service glusterd start

2. Check logs:

Have a look for errors in /var/log/glusterfs/

3 Set up xfs data bricks (xfs seems to be what people generally use).

Note that /dev/vda2 should be replaced with the actual device.

# mkdir -p /mnt/gluster/StaffSurveillanceSystem # mkfs.xfs -f -i size=512 /dev/vda2<snip>/dev/vda2 on /mnt/gluster/StaffSurveillanceSystem type xfs (rw)

4. Repeat the above on the other server……

IT Services35

Please edit references for guidelines on how to do this see [15]

Before you can add a citation, a works cited list, or a bibliography, you must add a source to your document. A works cited list is a list of sources, usually placed at the end of a document, that you referred to (or "cited") in the document. A works cited list is different from a bibliography, which is a list of sources that you consulted when you created the document. After you add sources, you can automatically generate a works cited list or a bibliography based on that source information. Each time that you create a new source, the source information is saved on your computer. You can use the Source Manager to find and reuse any source that you have created, even sources in other documents.

Citations are parenthetical references that are placed inline with the text. Citations are different from footnotes and endnotes, which are placed at the bottom of the page or end of the document. The source information stored in the Citations tool or Source Manager can be used to create citations, a works cited list, or a bibliography. However, you cannot use the information in the Citations tool or the Source Manager to create footnotes or endnotes.

17 Bibliography

[1] Queen Mary University of London, “Standard Operating Procedure for Information Classification,” [Online]. Available: http://www.its.qmul.ac.uk/Documents/Governance/SOPs/142319.pdf.

[2] Queen Mary University of London, IT Services, “Incident Management,” [Online]. Available: http://dept-web.its.qmul.ac.uk/communication/Processes/Incident_Management/index.html.

[3] Queen Mary University of London, IT Services, “Incident Management Policy,” [Online]. Available: http://dept-web.its.qmul.ac.uk/communication/Processes/Incident_Management/84455.doc. [Accessed 11 June 2015].

[4] Queen Mary University of London, IT Services, “Request Fulfilment,” [Online]. Available: http://dept-web.its.qmul.ac.uk/communication/Processes/Request_Fulfilment/index.html.

[5] Queen Mary Univerity of London, IT Services, “Request Fulfilment Guidelines,” [Online]. Available: http://dept-web.its.qmul.ac.uk/communication/Processes/Request_Fulfilment/63623.doc. [Accessed 11 June 2015].

[6] QM IT Services, “IT Services Standard Changes,” [Online]. Available: http://wiki.its.qmul.ac.uk/service-management/change_management/standard_changes..

[7] Queen Mary University London, “ITS Service Offerings,” 08 September 2015. [Online]. Available: J:\IT-Projects-Team\TDA Documents\Approved\ITS Service Offerings\3 - QMUL ITS Offering v2.0.doc. [Accessed 08 September 2015].

[8] DTL Document, “Resilient Shibboleth Federated SSO and Attribute Exchange,” DTL Document 254 or any subsequent approved release.

[9] “UK Federation Web Site,” [Online]. Available: http://www.ukfederation.org.uk/.

[10] M. Evans, DEV-IDC - Network Connection Request Form, 2014.

[11] FooBar corporation., “FooBar website,” 2023. [Online]. Available: http://qweq.com.

[12] F5, “F5 Configuration guide,” 2014. [Online]. Available:

IT Services36

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0.html.

[13] QM IT Services, “QMUL ITS Data Centre Services Naming Standards,” 2013-current. [Online]. Available: http://wiki.its.qmul.ac.uk/data-centre-services/naming_standards.

[14] A. Person, “CHANGEME Development Request Document,” [Online]. Available: J:\IT-Projects-Team\DTL Documents for Approval\Approved documents\999 - CHANGEME DRD.docx.

[15] Microsoft, “Add or change sources citations and bibliographies,” [Online]. Available: https://support.office.com/en-in/article/Add-or-change-sources-citations-and-bibliographies-159264ec-0a8a-4e9e-acf7-21faa9c371c2.

[16] F5, “F5 Apache Deployment Guide,” [Online]. Available: http://www.f5.com/pdf/deployment-guides/f5-apache-dg.pdf.

[17] D. Goddard, “Diagram of idcheck basic operation.,” 2005. [Online]. Available: http://idcheck.sourceforge.net/idcheck2.pdf.

[18] MDT Evans, “Summary of the idcheck cookie SSO,” 2005. [Online]. Available: http://idcheck.sourceforge.net/idcheck2-summary.html.

[19] J. O'Regan, Interviewee, Conversation about critical apps list indicating that the lead team have such a list.. [Interview]. May 2014.

[20] Queen Mary University of London, “Request Fulfilment Policy,” [Online]. Available: http://dept-web.its.qmul.ac.uk/communication/Processes/Request_Fulfilment/84457.doc. [Accessed 11 June 2015].

IT Services37