Versions Compared

Old Version 6

changes.mady.by.user Gerrit Niestijl

Saved on

compared with

New Version Current

changes.mady.by.user André Speelmans

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The maximum size for PostgreSQL database fields in Delft-FEWS is 1 GB. As a result, all big files such as Module config files and ColdStates must respect this limit. WarmStates exceeding this size can be stored externally on the file system. If using pg_dump to make a database dump, the limit is 512 MB. The Configuration Manager will not allow files larger than 500 MB to be uploaded.

SQLServer

  • The maximum size for SQLServer database fields in Delft-FEWS is 2 GB. As a result, all big files such as Module config files and ColdStates must respect this limit. WarmStates exceeding this size can be stored externally on the file system.

...

JDKremarks
Amazon Corretto 21For Delft-FEWS components other than Tomcat and model adapters, there is no need to download the JDK since , as it is distributed as part of included in the binaries.

Master Controller Server

Server for workflow management, event processing, sending system alerts, and cleaning up expired records. Synchronizes from other Master Controllers in multi-MC systems. Multi-MC systems are useful for redundancy and / or for cooperation between organizations.

...

  • OS minimum +1 GB RAM (multi Master Controller systems +2 GB)
  • OS minimum +1 CPU per Master Controller instance
  • 10 GB free diskspacedisk space

Admin Interface

Web application for super-users for monitoring, system control and task scheduling.

...

Support for external authentication (optional)

  • Open ID Connect (oauth2OAuth2)

Config Manager

Minimum requirements

...

  • Open ID Connect when using Delft-FEWS Database proxy.

Operator Client / Stand alone

...

It is good practice to categorize workflows based on basis of CPU/memory requirements to into specialized Forecasting Shell Server Groups.  Simple import workflows often require less fewer resources than heavy-duty forecast models.

Minimum requirements

  • OS minimum +2 GB RAM + model requirements
  • OS minimum +1 CPU per FSS instance + model requirements
  • 20 GB free disk space + model requirements

Delft-FEWS Database Proxy

Optional server for enabling HTTP(S) access to the central database. Typically used in combination with a reverse proxy server. Typically used for connecting Operator Clients to the central database. Never used by the FSS. Sometimes used for ConfigManager Config Manager / MC-MC synchronization with external networks.

...

Support for external authentication (optional for OC / CM, not available for MC-MC synch)

  • Open ID Connect (oauth2OAuth2)

Delft-FEWS Web Services

Optional service which that allows PI-REST clients to interact with and retrieve data from the Delft-FEWS system.

...

The Delft-FEWS components can all be located on one (powerful) server or each on an individual machine, with all possible configurations in between. It is, however, However, it is common practice to separate the Forecasting Shell Server from the Master Controller Server. When using multiple machines, it is essential that all machines have matching clocks. This can be achieved by making use of one and using the same NTP server.

A typical configuration is:

  • Database Server
  • Master Controller server running Master Controller(s),  Apache Tomcat for Admin Interface
  • Forecasting Shell Server(s)
  • Delft-FEWS WebServices
  • Open Archive Server

Typically, in a dual Master Controller setup every , each Master Controller has its own machine so that maintenance can take place , allowing maintenance to proceed without offline time.

Security

...

Shared responsibility model

The Historically, the Delft-FEWS server software historically was most commonly installed on-premise premises at the customer site on servers that were not directly connected to the internet. Nowadays, there are also more and more Delft-FEWS applications that are being deployed in the cloud. This means that security standards and guidelines for the installation of live systems have become more critical than ever before. Delft-FEWS runs on top of a stack of components like 3rd party components: databases, Tomcat, and an embedded JRE.

[!IMPORTANT] It is the primary responsibility of the customer to apply the latest security fixes to the OS, database, Tomcat and all other components.

For updates for on the embedded JRE, it is recommended to contact Deltares. The role of Deltares is to supply provide guidelines and, where possible, facilitate security best practices where possible. Deltares maintains a Delft-FEWS Client-Server System Guide especially for system and database administrators. To view these pages, personal credentials can be supplied. These pages contain highly detailed information for on installing and upgrading Delft-FEWS, amongst others about including security aspects. For In the near future, it is foreseen expected that more and more managed services from cloud providers (e.g., Tomcat, databasedatabases) can be appliedused.  All Delft-FEWS developers are security-aware and regularly evaluate the existing and potential vulnerabilities on a regular basis. Together with our colleagues from our ICT department, they meet regularly to discuss (potential) improvements for each Delft-FEWS release.

...

Tomcat is required for the deployment of the Admin Interface, Database HTTPS Proxy, Fews Webservices and the Deltares Open Archive. Tomcat is installed and maintained by the customer organization. Deltares indicates which version of tomcat Tomcat is compatible with / required for which version of Delft-FEWS. All security related aspects available in Tomcat can be applied and are under the responsibility of the customer organization.

...