...
Delft-FEWS components are being deployed on many different architectures and hardware. A considerable amount of Delft-FEWS users use an IT infrastructure with virtual machines. The usual goal of virtualization is to The three main deployment types are
- physical servers
- virtual machines - centralize administrative tasks while improving scalability and overall hardware-resource utilization.
- containers. When organizations are in the initial stage of (re-)defining their IT infrastructure, it is commonly recognized that after virtualization, containerization is the next logical step in the evolution of IT infrastructure.
...
- While we simplify / improve the possible to install Delft-FEWS on on-premise hardware, or in virtual machines. Delft-FEWS system installation on regular hardware / VMS is currently done by organizing a central database, installing RPMs / MSIs / unzipping the binaries, setting OS environment variables and starting a launcher service. For installation in the cloud this is not going to be much different. Usually this is controlled using data driven yaml / json configuration files to apply the needed actions.
component | cloud readiness status | Room for improvements |
---|---|---|
Database | Both db docker containers as well as managed instances are already possible. Managed instances require minor adjustments of the db scripts. | Support one set of database scripts for all db flavors managed and unmanaged. |
Master Controller | Yes | Enable service replication |
Admin Interface | Yes | |
Operator Client / SA | Use Database proxy (Azure: Azure Virtual Desktop) | |
ConfigManager | See Operator Client, in addition the AdminInterface API can be used. | |
Forecasting Shell Server | Yes | Facilitate auto scaling. |
WebServices | Yes | |
DatabaseProxy | Yes | |
OpenArchive | Yes |
...
non-exhaustive list of options | remarks | ||
---|---|---|---|
database http proxy using SSL | Azure: Azure Virtual Desktop | See also: Azure Virtual Desktop for the Operator Client||
ssh + mobaxterm | |||
Citrix | Can be integrated integrates with most cloud providers | ||
Apache Guacamole |
...
https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html
https://cloudsecdocs.com/container_security/defensive/kubernetes/k8s_production_checklist/
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
Examples
Deltares has successfully completed Delft-FEWS projects in the cloud with virtual machines using standard installation scripts, using virtual machines with Azure ARM templates and AWS Elastic Beanstalk. For practical reasons, will keep our requirements / installation instructions as cloud neutral as possible.
ARM templates
Example ARM templates have been provided by MDBA and can be found here: MDBA ARM templates download
Getting started with the Cloud
Deltares has done several migrations and implementations of Delft-FEWS in the cloud. Microsoft Azure is a popular provider among the community but , see also Delft-FEWS and Azure. Delft-FEWS will can be run in almost any cloud-environment. See also Delft-FEWS and Azure.
Based on our experience with successful migration and implementations like MDBA (link) we drafted a "how to get started" bullet list.
...
AWS Elastic Beanstalk
Deltares has successfully completed Delft-FEWS projects in the cloud with virtual machines using standard installation scripts, using virtual machines with AWS Elastic Beanstalk.
ARM templates
Deltares has successfully completed Delft-FEWS projects in the cloud with virtual machines using standard installation scripts, using virtual machines with Azure ARM templates. A good example is MDBA, they have a high level of knowledge of both the Delft-FEWS systems as well as the new technologies offered by cloud solutions. Example ARM templates have been provided by MDBA and can be found here: MDBA ARM templates download
Getting started with the Cloud
- Involve your IT solution provider from the beginning of the project.
- Train staff / organisation in the cloud solution.
- Define functional and technical requirements: scalability, Create a list of requirements. Both functional and technical. Also incorporate requirements like performance, uptime, disaster recovery, high availability etc. Make sure that you also are aware of your company rules regarding using and migrating to the cloud.
- Verify forecast model requirements / licences are suitable for containers.Check which forecast models need to be run and if these can be run in the cloud (and, if applicable, under which licences)
- Organise a couple of workshops with Deltares (or another partner) to map the requirements of the cloud solutions.
- Create an implementation or migration plan.
- Implement a dry run phase. In this phase, the whole system is up and running but not for operational use. During this phase, the users can use the system like an operational system to test whether everything is functioning as expected.
...