You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 256 Next »



Many clients wish to know what the hardware and operating system requirements are for a Delft-FEWS live system. On this page you can find a list of specifications. If you have any question about the list, or you do not see the operating system of your choice: please contact us. This list is not exhaustive.

Components

Central database

Operator Client

Error rendering macro 'excerpt-include'

No link could be created for 'Operator Client requirements'.

Forecasting Shell Server

Error rendering macro 'excerpt-include'

No link could be created for 'Forecasting Shell requirements'.

Master Controller Server

Server for workflow management, event processing, sending system alerts and cleaning up expired records. Synchronizes from other Master Controllers in multi-MC systems. Multi-MC systems are useful for redundancy and / or for cooperation between organizations.

Minimum requirements

  • OS minimum +1 GB RAM (multi Master Controller systems +2 GB)
  • OS minimum +1 CPU per Master Controller instance
  • 10 GB free diskspace

Deltares Open Archive

Minimum requirements

  • Failsafe storage. Any RAID (https://en.wikipedia.org/wiki/RAID) with ample capacity will be sufficient.
  • OS minimum +3 GB RAM.
  • OS minimum +3 CPUs.
  • See Tomcat requirements.
  • Load balancers must use sticky sessions.
  • Permissions for the file system containing archive data:
    • Must be accessible by the THREDDS server with read permissions.
    • Must be accessible by the Archive Server with full permissions.
    • Must be accessible by the Forecasting Shell Servers with write permissions.

Webserver

The webserver is an optional server that hosts and distributes the webpages generated by Delft-FEWS. Hardware requirements depend on the intended use.

FEWS Web Services

This is an optional service which allows SOAP/PI-REST clients to interact with and retrieve data from the Delft-FEWS system. Hardware requirements depend on the intended use, but a minimum of 1GB heap size is needed to start the FEWS Web Services. In general it is not recommended to have the PiService on the same machine as the master-controller.

Requirements overview


ComponentDescriptionHardware requirementsOperating system / Software requirementsInstances
Operator Client (Gui)

The Delft-FEWS client used by end-users.

client side, normal pc

Screen resolution depends upon the hardware supplied not on the Delft-FEWS software

Windows 7 / 8 / 10, Server 2012(R2), 2016

Linux RedHat Enterprise (7 / 8), CentOS (7 / 8)

As many as there are clients

ConfigManager


Control and distribute configuration via the Master Controller database.

client side, normal pc

Windows 7 / 8, Server 2012(R2), 2016

Linux RedHat Enterprise (7 / 8), CentOS (6.x 64 bit, 7.x 64 bit)

As many as there are application managers
Forecasting Shell Server

Executes forecast models and stores the results in the central database.

Minimum 2 GB RAM and 1 one CPU core per Forecasting Shell Server instance. CPU typically Intel Xeon E5606 2.33 GHz or equivalent. Always reserve 1 CPU core for the OS.

Windows 7 / 8 / 10, Server 2012(R2), 2016

Linux RedHat Enterprise, CentOS (6.x 64 bit, 7.x 64 bit)


Contains modelling software (incl. licenses), OS usually dependent on 3rd party modules and modelling software

recommended minimum 2, add more depending on computational load
Master Controller Server

Dispatches tasks to the Forecasting Shell Servers.

Maintenance of central database.

Synchronisation between master-controllers.

Sends system alerts.


Minimum 1 GB RAM per MC instance. CPU typically Intel Xeon 2.33 GHz or equivalent.

Windows 7 / 8 / 10, Server 2012(R2), 2016

Linux RedHat Enterprise, CentOS (6.x 64 bit, 7.x 64 bit)


Other Unix-like operating systems possible (e.g. HP-UX, Solaris), as long as there is a JDK of the correct version available for the OS. For 2017.01 and before, JBoss 4 / 5 or ActiveMQ are required for the JMS layer.

1 or 2
Central DatabaseCentral data repository

See Database vendor requirements + 8 GB RAM per DB server including 1 MC DB instance and. CPU typically Intel Xeon E5606 2.33 GHz or equivalent. Add 1 GB RAM per extra MC DB instance.

Oracle 12c, 18c, 19c for Delft-FEWS 2017.02 and later

Oracle 10 / 11 / 12 for versions up to Delft-FEWS 2017.01,

PostgreSQL 9.6, PostgreSQL 11 and 12

MS SQL Server 11 (2012) or higher.

The database instance(s) can be a hosted on an existing database server or cluster.

One instance per Master controller

see also:

Oracle upgrade notes

MS SQL upgrade notes

PostgreSQL upgrade notes


Admin Interface

Super-user monitoring, system control and task scheduling

Minimum 1 GB RAM

Requires internet browser with javascript and session cookies enabled.

2018.02 and higher requires Tomcat 9. Latest version is always used when installing or upgrading. Most recent version tested: Tomcat 9.0.44

Internet Explorer 10 or older is not supported. Supported browsers in preferred order :

  • Chrome: 76.0.3809.132 or higher
  • Firefox: 68.0.2 or higher
  • Edge: 42.17134.1.0 or higher
  • Internet Explorer 11: 11.950.1713.0 or higher.

2017.02 and before: Apache Tomcat 6 or higher

The web application runs over the Internet, E.g. Internet Explorer, Edge, Firefox, Chrome.

One instance per Master-Controller machine
"NFFS/FEWS" Web Server (optional)For disseminating forecast data and data from other sourcesTypically 1 GB RAM per server instance and CPU Intel Xeon 2.33 GHz or equivalent.Weblogic 11g with an Oracle Database. Weblogic as Application Server .One instance per Master-Controller machine (optional)
PiService (optional)Data access component.Typically 1 GB RAM per server instance and CPU Intel Xeon 2.33 GHz or equivalent.

Apache Tomcat 6 / 7 or later

Recommended: Tomcat 9. Latest version is always used when installing or upgrading. Most recent version tested: Tomcat 9.0.44

Preferrably not on the same machine as the master-controller / MQ server.

1 (optional)
JMS ServerMessaging communication between FEWS components

No longer present in 2017.02. Minimum 1 GB RAM per JMS instance. CPU typically Intel Xeon 2.33 GHz or equivalent. Minimum 1GB disk space for cache.

Windows 7 / 8, Server 2012(R2) (32bit, 64bit)

Linux RedHat Enterprise, CentOS (6.x 64 bit, 7.x 64 bit)

One instance per Master controller
Archive Server (optional)

Stores forecast data, performance indicator data and configurations on a longer time scale than in the central FEWS system. For new projects consider using the Deltares Open Archive instead.

No longer supported in 2017.02, please migrate to the open archive. Ample storage space for Archive files

Apache Tomcat 6 / 7 or later

Separate database instance with same requirements as Central Database for Master Controller.

1 (optional)
Open Archive

New version of the Archive Server replacing the old one.

Stores forecast data, performance indicator data and configurations on a longer time scale than in the central FEWS system.

Ample storage space for Archive files

for 2017.02 or earlier:

Apache Tomcat 7 (or later)  with JRE version 8

for 2018.02 or later:

Apache Tomcat 9 with Amazon Coretto 11.0.3

1 (optional)

All activities contribute to resource consumption on a computing box, whether that box is hardware or virtual and Delft-FEWS will consume resources when running.

Scalability, number of servers

The components mentioned above can all be located on one (powerful) server or each on an individual machine, with all possible configurations in between. It is however common practice to separate the Forecasting Shell server from the Master-controller server. When using multiple machines it is essential that all machines have matching clocks. This can be achieved by making use of one and the same ntp server.

A typical configuration is:

  • Master Controller server running Master Controller(s),  Apache Tomcat for Admin Interface
  • Open Archive Server
  • Database Server
  • Forecasting Shell Server(s)

Typically in a dual master-controller setup every master-controller has its own machine so that maintenance can take place without offline time.

Virtualization

It is very well possible to deploy the master-controller components / forecasting shells in virtualized environments. The Deltares ICT team has most experience with Delft-FEWS on VMWare VSphere with in-depth knowledge but Delft-FEWS is also known to run on Microsoft Hyper-V. Virtualization of the Delft-FEWS back-end services can generally be done without problems.  Take into account that  (not Delft-FEWS related)  modelling software may have other requirements or limitations with respect to virtualization of the Forecasting Shells. 

Grid computing

FEWS can work with grid computing. Especially when working with heavy computations, e.g. ensemble forecasting or 3d hydraulic computing, this can be an interesting option to explore. It is recommended to contact the Delft-FEWS product management beforehand.

Windows VC redistributables

Error rendering macro 'excerpt-include'

User 'null' does not have permission to view the page.

Security

Read more about the shared responsibility model. >>

Security - Shared responsibility model for Delft-FEWS system installations
The Delft-FEWS server software historically was most commonly installed on-premise at the customer site on servers that were not directly connected to the internet. Nowadays, there are also more and more Delft-FEWS applications that are being deployed in the cloud. This means security standards and guidelines for the installation of live systems have become more critical than ever before. Delft-FEWS runs on top of a stack of components like 3rd party components: databases, Tomcat and an embedded JRE.

It is the primary responsibility of the customer to apply the latest security fixes to the OS, database, Tomcat and all other components.

 For updates for the embedded JRE it is recommended to contact Deltares. The role of Deltares is to supply guidelines and facilitate security best practices where possible. Deltares maintains a separate section on the WIKI especially for system and database administrators. To view these pages, personal credentials can be supplied. These pages contain highly detailed information for installing and upgrading Delft-FEWS, amongst others about security aspects. For the near future it is foreseen that more and more managed services from cloud providers (e.g. Tomcat, database) can be applied.  All Delft-FEWS developers are security aware and evaluate the existing and potential vulnerabilities on a regular basis. Together with our colleagues from our ICT department they meet regularly to discuss (potential) improvements for each Delft-FEWS release.

Tomcat

Tomcat is required for the deployment of the Admin Interface, Database HTTPS Proxy, Fews Webservices and the Deltares Open Archive. Tomcat is installed and maintained by the customer organization. Deltares indicates which version of tomcat is compatible with / required for which version of Delft-FEWS. All security related aspects available in Tomcat can be applied and are under the responsibility of the customer organization. 

For Admin Interface clients / proxies that are exposed to the internet it is crucial that the highest stable release version of Tomcat with security fixes is used. This prevents exposure from common vulnerabilities and exposures (CVEs). 

For releases up to 2022.02, any tomcat9 version should be able to work for our Admin Interface / HttpProxy / PI Service / ArchiveServer web containers. This requires that the correct Java version matching the indicated JRE version for the Delft-FEWS release version is used and this Java version must be compatible with the Tomcat distribution.

See http://tomcat.apache.org/security-9.html

  • Run Tomcat server as an unprivileged user and NOT root / Administrator.
  • Tomcat user has read-only permission to the contents of the conf/, bin/, and lib/ directories in ${CATALINA_HOME.}.
  • Limit the Tomcat user’s access and permissions to only the needed directories and files work / temp / webapps / logs.
  • Uninstall all non-essential web applications in the webapps/ directory, including the applications that come with Tomcat.

JRE/Java

In several components of Delft-FEWS a (stripped down) version of Java/JRE (Java Runtime Environment) is embedded. This JRE folder is a recognizable and standard part of the Delft-FEWS binary package for Operator Clients and Forecasting Shell Servers. This means that Deltares delivers an optimized (and minimal) Java Runtime Environment based on Amazon Corretto's series. This so-called base-build can be updated and Deltares will release new base-builds if required. Since the JRE folder is recognizable within the Delft-FEWS binaries, organizations may decide to replace this JRE folder in favour of another (compatible) version of the JRE. It is certainly possible to use a different provider (e.g. Oracle Sun or the openJDK). Replacing the JRE can be done by creating a soft link to the JRE directory or by replacing the JRE folder.

Local databases (Operator Client, Stand Alone)

In recent versions of Delft-FEWS there is no need for a local database (datastore) for an Operator Client (OC) in a client-server environment. Although it is still possible to have a 'fully synchronized' (local) database in an OC or to create a 'replicate' of the central database to continue working as a standalone (SA). There are two data formats available: Derby or Firebird. These are just local files (just like any other file on the file system) and they do not require any software installed for managing it. The Delft-FEWS Operator Client or Stand Alone application just reads from and writes to this database format. This mechanism cannot be used as a ‘hub’ to enter other server side components.

Central Database access

Delft-FEWS can be equipped with one of three common brands of central databases: Oracle, PostgreSQL or MS SQLServer. Access to the central database is required for several Delft-FEWS servers side components. These components are normally located behind the organization's firewall (same network) or in the secure domain of a data centre or cloud provider. Operator client access to this database is also required, but when set up from 'outside' the organization's network, a https (proxy) server (including IP whitelisting) should be in between. Deltares can provide this.

Forecasting Shells

  1. The Delft-FEWS binaries folder should be made read-only.

  2. Forecasting Shell Servers (FSS) should have limited permissions (rights). Only write access within their own directory.

  3. Only provide access to the data feed shared folders for FSSs.

  4. The account for installing should be different than the account running processes

  5. When applying external simulation software, ensure the executables and other libraries have only permission to be run locally.

Operator clients

  1. The Delft-FEWS binaries folder should be made read-only.

  2. When using the optional JCEF browser, white-listing is used to grant access to webpages.

Multi-layered security approach

  • The inner layer is the central database (and optionally Deltares Open Archive).
  • The middle layer are Delft-FEWS components that communicate directly with the database using encryption.
  • The third layer (optional) is a reverse proxy to the database that can be accessed externally.
  • The outer layer is the bastion host (optional).



  • No labels

Disclaimer