...
Delft-FEWS system installation on regular hardware / VMS is currently done by unzipping the binaries, setting OS environment variables and starting a launcher service. For installation in Kubernetes this is not going to be much different. Usually this is controlled using data driven yaml / json configuration file files to apply the needed actions.
| component | cloud readiness status | Room for improvements |
|---|---|---|
| Database | Both db docker containers as well as managed instances are already possible. Managed instances require minor adjustments of the db scripts. | Support one set of database scripts for all db flavors managed and unmanaged. |
Master Controller | Yes | Enable service replication |
Admin Interface | Yes | |
Operator Client / SA | Use Azure Virtual Desktop or Database proxy | |
Config Manager | Use Azure Virtual Desktop or Database proxy or API | |
Forecasting Shell Server | Yes | Facilitate auto scaling. |
WebServices | Yes | |
DatabaseProxy | Yes | |
OpenArchive | Yes | |
Fileshares | cloud-specific |
Delft-FEWS in the cloud: reference architectures
Explain and visualize reference architectures
- Single MC
- Dual MC (Multi MC?)
Hard- software requirements
Indications of hardware specs for installing the different VM's / containers.
The memory requirements in the cloud are similar as in a VM or on-premise. We recommend all containers to be linux unless Windows containers are specifically required. For Windows containers HW virtualization is required.
Typical cloud related choices (cloud FAQs)
Based on Webinar content / known FAQs specify a number of sub-topics, like
- Where to place OC(s)
- How to deal with (incoming, outgoing) data feeds
- Costs
...
DevOps (Infrastructure as Code, Automatic deployments of config changes)
Installation of Operator Clients
| non-exhaustive list of options | remarks |
|---|---|
| database http proxy using SSL | |
| Azure Virtual Desktop | only in Azure |
| ssh + mobaxterm |
Use of managed services
There is no actual requirement for the Delft-FEWS components to use managed services. Managed services can be used as long performance is not affected. As an example, customers that are using SQLServer database replication between different geographical locations reported database timeouts. In response, we've adjusted our database indexes and reconnection strategy for these problems. Since we expect Delft-FEWS users add many more simultaneous running Forecasting Shell servers in the future, we expect / foresee more challenges in this area.
Security
Securing your cloud assets requires continuous investment in keeping your containers safe. An infamous example of malconfigured Kubernetes has been Tesla's unsecured admin console for a Kubernetes cluster (Lessons from the Cryptojacking Attack at Tesla). This led to malicious actors getting hold of credentials for Tesla's wider AWS environment who used it for cryptomining. Tesla highlighted that it was a test instance "only", but this incident shows why it's really important to secure both production and pre-production resources as far as possible.
...