Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Infrastructure (http://www.linux-archive.org/fedora-infrastructure/)
-   -   A small step towards for solving Ticket 1084 (http://www.linux-archive.org/fedora-infrastructure/701408-small-step-towards-solving-ticket-1084-a.html)

vipin kumar 09-07-2012 12:17 PM

A small step towards for solving Ticket 1084
 
Hi Team!

This mail is regarding Ticket 1084

As I already informed in Infrastructure weekly meeting that I'm proposing a slight change in page layout as mentioned below -



1 Global Presence
******** < this section is about either showing fedora servers in geographical map or just listing server locations as suggested by 'abadger1999'.>
2 Network Topology
******** < this section shows how our severs are interconnected or connected to the outside world. I guess this section will make more sense if we are just listing the server locations in section 1.>



3 Network Architecture
******** < this section will show overall network architecture with protocol stacks >
*** 3.1 Front end
******** < similar to present section but with more detail >
*** 3.2 Proxy view


******** < similar to present section but with more detail >
*** 3.3 Application layer
******** < similar to present section but with more detail >
4 Helping Out (or Help Us ?)
******** < this section will target two type of contributors, one who can improve the quality of information present in page and another who can provide resources.>


This is the overall structure and type of content the page will have. Please let me know about any additions, deletions or Improvements.


Thanks & Regards,

--
Vipin K.
IRC ID: _love_hurts_



_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Kevin Fenzi 09-07-2012 11:03 PM

A small step towards for solving Ticket 1084
 
On Fri, 7 Sep 2012 17:47:33 +0530
vipin kumar <vipinkumar41@gmail.com> wrote:

> Hi Team!
>
> This mail is regarding Ticket
> 1084<https://fedorahosted.org/fedora-infrastructure/ticket/1084>
>
> As I already informed in Infrastructure weekly meeting that I'm
> proposing a slight change in
> page<https://fedoraproject.org/wiki/Infrastructure/Architecture>layout
> as mentioned below -
>
> 1 Global Presence
> < this section is about either showing fedora servers in
> geographical map or just listing server locations as suggested by
> 'abadger1999'.>

I think just a table here with a region listed would be good.

> 2 Network Topology
> < this section shows how our severs are interconnected or
> connected to the outside world. I guess this section will make more
> sense if we are just listing the server locations in section 1.>

Sure. Basically all our sites are connected via a vpn that is served
from bastion in phx2. So, all those sites connect out to that vpn. Then
the vpn has basically 2 'zones'... a 192.168.1.x (trusted) and
192.168.100.x (less trusted).

> 3 Network Architecture
> < this section will show overall network architecture with
> protocol stacks >
> 3.1 Front end
> < similar to present section but with more detail >
> 3.2 Proxy view
> < similar to present section but with more detail >
> 3.3 Application layer
> < similar to present section but with more detail >

Sounds good.

> 4 Helping Out (or Help Us ?)
> < this section will target two type of contributors, one who
> can improve the quality of information present in page
> <https://fedoraproject.org/wiki/Infrastructure/Architecture>and
> another who can provide resources.>

Sounds good. Those might just best be links to other pages that explain
that sort of thing.

> This is the overall structure and type of content the page will have.
> Please let me know about any additions, deletions or Improvements.

Sounds good. Thanks for working on it! :)

kevin
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

vipin kumar 09-08-2012 04:15 PM

A small step towards for solving Ticket 1084
 
Hi,

I need small images of Proxy server, Firewall and Load balancer as shown in this image.

thanks & regards,



On Sat, Sep 8, 2012 at 4:33 AM, Kevin Fenzi <kevin@scrye.com> wrote:


On Fri, 7 Sep 2012 17:47:33 +0530

vipin kumar <vipinkumar41@gmail.com> wrote:



> Hi Team!

>

> This mail is regarding Ticket

> 1084<https://fedorahosted.org/fedora-infrastructure/ticket/1084>

>

> As I already informed in Infrastructure weekly meeting that I'm

> proposing a slight change in

> page<https://fedoraproject.org/wiki/Infrastructure/Architecture>layout

> as mentioned below -

>

> 1 Global Presence

> * * * * *< this section is about either showing fedora servers in

> geographical map or just listing server locations as suggested by

> 'abadger1999'.>



I think just a table here with a region listed would be good.



> 2 Network Topology

> * * * * *< this section shows how our severs are interconnected or

> connected to the outside world. I guess this section will make more

> sense if we are just listing the server locations in section 1.>



Sure. Basically all our sites are connected via a vpn that is served

from bastion in phx2. So, all those sites connect out to that vpn. Then

the vpn has basically 2 'zones'... a 192.168.1.x (trusted) and

192.168.100.x (less trusted).



> 3 Network Architecture

> * * * * *< this section will show overall network architecture with

> protocol stacks >

> * * 3.1 Front end

> * * * * *< similar to present section but with more detail >

> * * 3.2 Proxy view

> * * * * *< similar to present section but with more detail >

> * * 3.3 Application layer

> * * * * *< similar to present section but with more detail >



Sounds good.



> 4 Helping Out (or Help Us ?)

> * * * * *< this section will target two type of contributors, one who

> can improve the quality of information present in page

> <https://fedoraproject.org/wiki/Infrastructure/Architecture>and

> another who can provide resources.>



Sounds good. Those might just best be links to other pages that explain

that sort of thing.



> This is the overall structure and type of content the page will have.

> Please let me know about any additions, deletions or Improvements.



Sounds good. Thanks for working on it! :)



kevin


_______________________________________________

infrastructure mailing list

infrastructure@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/infrastructure


--
Vipin K.


Research Engineer,
C-DOTB, India

_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Tristan Santore 09-08-2012 04:53 PM

A small step towards for solving Ticket 1084
 
On 08/09/12 17:15, vipin kumar wrote:
Hi,



I need small images of Proxy server, Firewall and Load balancer as
shown in this
image.



thanks & regards,



On Sat, Sep 8, 2012 at 4:33 AM, Kevin
Fenzi <kevin@scrye.com>
wrote:


On Fri, 7 Sep 2012 17:47:33 +0530

vipin kumar <vipinkumar41@gmail.com>
wrote:



> Hi Team!

>

> This mail is regarding Ticket


> 1084<https://fedorahosted.org/fedora-infrastructure/ticket/1084>

>

> As I already informed in Infrastructure weekly meeting
that I'm

> proposing a slight change in


> page<https://fedoraproject.org/wiki/Infrastructure/Architecture>layout

> as mentioned below -

>

> 1 Global Presence

> * * * * *< this section is about either showing
fedora servers in

> geographical map or just listing server locations as
suggested by

> 'abadger1999'.>




I think just a table here with a region listed would be good.



> 2 Network Topology

> * * * * *< this section shows how our severs are
interconnected or

> connected to the outside world. I guess this section
will make more

> sense if we are just listing the server locations in
section 1.>




Sure. Basically all our sites are connected via a vpn that is
served

from bastion in phx2. So, all those sites connect out to that
vpn. Then

the vpn has basically 2 'zones'... a 192.168.1.x (trusted) and

192.168.100.x (less trusted).



> 3 Network Architecture

> * * * * *< this section will show overall network
architecture with

> protocol stacks >

> * * 3.1 Front end

> * * * * *< similar to present section but with more
detail >

> * * 3.2 Proxy view

> * * * * *< similar to present section but with more
detail >

> * * 3.3 Application layer

> * * * * *< similar to present section but with more
detail >




Sounds good.



> 4 Helping Out (or Help Us ?)

> * * * * *< this section will target two type of
contributors, one who

> can improve the quality of information present in page


> <https://fedoraproject.org/wiki/Infrastructure/Architecture>and

> another who can provide resources.>




Sounds good. Those might just best be links to other pages
that explain

that sort of thing.



> This is the overall structure and type of content the
page will have.

> Please let me know about any additions, deletions or
Improvements.




Sounds good. Thanks for working on it! :)



kevin



_______________________________________________

infrastructure mailing list

infrastructure@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/infrastructure








--

Vipin K.

Research Engineer,

C-DOTB, India



_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

yum search dia|grep ^dia



Install, be happy, have fun.



Regards,



Tristan



--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore@internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore@fedoraproject.org



_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

vipin kumar 09-09-2012 07:58 PM

A small step towards for solving Ticket 1084
 
thanks!

On Sat, Sep 8, 2012 at 10:23 PM, Tristan Santore <Tristan.Santore@internexusconnect.net> wrote:









On 08/09/12 17:15, vipin kumar wrote:
Hi,



I need small images of Proxy server, Firewall and Load balancer as
shown in this
image.



thanks & regards,



On Sat, Sep 8, 2012 at 4:33 AM, Kevin
Fenzi <kevin@scrye.com>
wrote:


On Fri, 7 Sep 2012 17:47:33 +0530

vipin kumar <vipinkumar41@gmail.com>
wrote:



> Hi Team!

>

> This mail is regarding Ticket


> 1084<https://fedorahosted.org/fedora-infrastructure/ticket/1084>

>

> As I already informed in Infrastructure weekly meeting
that I'm

> proposing a slight change in


> page<https://fedoraproject.org/wiki/Infrastructure/Architecture>layout

> as mentioned below -

>

> 1 Global Presence

> * * * * *< this section is about either showing
fedora servers in

> geographical map or just listing server locations as
suggested by

> 'abadger1999'.>




I think just a table here with a region listed would be good.



> 2 Network Topology

> * * * * *< this section shows how our severs are
interconnected or

> connected to the outside world. I guess this section
will make more

> sense if we are just listing the server locations in
section 1.>




Sure. Basically all our sites are connected via a vpn that is
served

from bastion in phx2. So, all those sites connect out to that
vpn. Then

the vpn has basically 2 'zones'... a 192.168.1.x (trusted) and

192.168.100.x (less trusted).



> 3 Network Architecture

> * * * * *< this section will show overall network
architecture with

> protocol stacks >

> * * 3.1 Front end

> * * * * *< similar to present section but with more
detail >

> * * 3.2 Proxy view

> * * * * *< similar to present section but with more
detail >

> * * 3.3 Application layer

> * * * * *< similar to present section but with more
detail >




Sounds good.



> 4 Helping Out (or Help Us ?)

> * * * * *< this section will target two type of
contributors, one who

> can improve the quality of information present in page


> <https://fedoraproject.org/wiki/Infrastructure/Architecture>and

> another who can provide resources.>




Sounds good. Those might just best be links to other pages
that explain

that sort of thing.



> This is the overall structure and type of content the
page will have.

> Please let me know about any additions, deletions or
Improvements.




Sounds good. Thanks for working on it! :)



kevin



_______________________________________________

infrastructure mailing list

infrastructure@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/infrastructure








--

Vipin K.

Research Engineer,

C-DOTB, India


_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

yum search dia|grep ^dia



Install, be happy, have fun.



Regards,



Tristan



--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore@internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore@fedoraproject.org




_______________________________________________

infrastructure mailing list

infrastructure@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/infrastructure


--
Vipin K.


Research Engineer,
C-DOTB, India

_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

vipin kumar 09-12-2012 09:08 PM

A small step towards for solving Ticket 1084
 
On Sat, Sep 8, 2012 at 4:33 AM, Kevin Fenzi <kevin@scrye.com> wrote:


On Fri, 7 Sep 2012 17:47:33 +0530

vipin kumar <vipinkumar41@gmail.com> wrote:



> Hi Team!

>

> This mail is regarding Ticket

> 1084<https://fedorahosted.org/fedora-infrastructure/ticket/1084>

>

> As I already informed in Infrastructure weekly meeting that I'm

> proposing a slight change in

> page<https://fedoraproject.org/wiki/Infrastructure/Architecture>layout

> as mentioned below -

>

> 1 Global Presence

> * * * * *< this section is about either showing fedora servers in

> geographical map or just listing server locations as suggested by

> 'abadger1999'.>



I think just a table here with a region listed would be good.
ok, its now a list of datacenters.





> 2 Network Topology

> * * * * *< this section shows how our severs are interconnected or

> connected to the outside world. I guess this section will make more

> sense if we are just listing the server locations in section 1.>



Sure. Basically all our sites are connected via a vpn that is served

from bastion in phx2. So, all those sites connect out to that vpn. Then

the vpn has basically 2 'zones'... a 192.168.1.x (trusted) and

192.168.100.x (less trusted).


I have prepared initial Network Topology diagram. I guess trusted zone consists of local servers and servers belonging to other datacenters comes under less trusted zone? Please find the attached file and provide feedback.



> 3 Network Architecture

> * * * * *< this section will show overall network architecture with

> protocol stacks >

> * * 3.1 Front end

> * * * * *< similar to present section but with more detail >

> * * 3.2 Proxy view

> * * * * *< similar to present section but with more detail >

> * * 3.3 Application layer

> * * * * *< similar to present section but with more detail >



Sounds good.


yet to work on it...

> 4 Helping Out (or Help Us ?)

> * * * * *< this section will target two type of contributors, one who

> can improve the quality of information present in page

> <https://fedoraproject.org/wiki/Infrastructure/Architecture>and

> another who can provide resources.>



Sounds good. Those might just best be links to other pages that explain

that sort of thing.


section completes with 2-3 statements and links to proper pages.



> This is the overall structure and type of content the page will have.

> Please let me know about any additions, deletions or Improvements.



Sounds good. Thanks for working on it! :)



kevin


_______________________________________________

infrastructure mailing list

infrastructure@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/infrastructure
thanks & regards,


--
Vipin K.
Research Engineer,
C-DOTB, India

_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Kevin Fenzi 09-13-2012 03:19 PM

A small step towards for solving Ticket 1084
 
On Thu, 13 Sep 2012 02:38:24 +0530
vipin kumar <vipinkumar41@gmail.com> wrote:

...snip...

> > I have prepared initial Network Topology diagram. I guess trusted
> > zone
> consists of local servers and servers belonging to other datacenters
> comes under less trusted zone? Please find the attached file and
> provide feedback.

All the machines on the vpn are 'trusted' by default... there's a very
few that we have more firewalling on so they aren't able to get to
much.

The file looks fine to me as a generic diagram. ;)

kevin
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

vipin kumar 09-23-2012 04:14 PM

A small step towards for solving Ticket 1084
 
Hi Team,
The page is almost ready for reviews and feedback. Please have a look at following page and provide feedback.

https://fedoraproject.org/wiki/User:Vipin



thanks & regards,
On Fri, Sep 7, 2012 at 5:47 PM, vipin kumar <vipinkumar41@gmail.com> wrote:


Hi Team!

This mail is regarding Ticket 1084



As I already informed in Infrastructure weekly meeting that I'm proposing a slight change in page layout as mentioned below -




1 Global Presence
******** < this section is about either showing fedora servers in geographical map or just listing server locations as suggested by 'abadger1999'.>
2 Network Topology
******** < this section shows how our severs are interconnected or connected to the outside world. I guess this section will make more sense if we are just listing the server locations in section 1.>




3 Network Architecture
******** < this section will show overall network architecture with protocol stacks >
*** 3.1 Front end
******** < similar to present section but with more detail >
*** 3.2 Proxy view



******** < similar to present section but with more detail >
*** 3.3 Application layer
******** < similar to present section but with more detail >
4 Helping Out (or Help Us ?)
******** < this section will target two type of contributors, one who can improve the quality of information present in page and another who can provide resources.>



This is the overall structure and type of content the page will have. Please let me know about any additions, deletions or Improvements.


Thanks & Regards,



--
Vipin K.
IRC ID: _love_hurts_




--
Vipin K.
Research Engineer,
C-DOTB, India

_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Kevin Fenzi 09-23-2012 04:43 PM

A small step towards for solving Ticket 1084
 
On Sun, 23 Sep 2012 21:44:19 +0530
vipin kumar <vipinkumar41@gmail.com> wrote:

> Hi Team,
> The page is almost ready for reviews and feedback. Please have a look
> at following page and provide feedback.
>
> https://fedoraproject.org/wiki/User:Vipin

Awesome. :)

Just a few minor nitpicks:

- I'd just say we should remove any mention of pix firewalls or nat in
the diagrams. In phx2 we are behind a firewall setup, but all our
other sites are just directly on the net, and we don't control or
have any knowledge of the phx2 firewall stuff anyhow. ;)

- Might make the vpn lines bi directional. For app servers and such
data travels back and forth both ways over the vpn for requests.

- "Authorization can be done at Proxy Server though it should be done at
application level for security reasons" Depending on what auth you
mean here, it should always be done at the application level... when
someone logs into FAS it is a request: proxy->fasserver and then they
have a cookie that lasts for X minutes to authenticate against the
various FAS using applications. Nothing should really auth on the
proxy directly that I can think of...

- For the 'data layer' in the last diagram, might note that that is
mostly database servers. I guess in the case of the wiki it's also
nfs storage (for attachements).

Overall this looks great!

Thanks again for working on it.

kevin

_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

vipin kumar 09-23-2012 05:57 PM

A small step towards for solving Ticket 1084
 
On Sun, Sep 23, 2012 at 10:13 PM, Kevin Fenzi <kevin@scrye.com> wrote:


On Sun, 23 Sep 2012 21:44:19 +0530

vipin kumar <vipinkumar41@gmail.com> wrote:



> Hi Team,

> The page is almost ready for reviews and feedback. Please have a look

> at following page and provide feedback.

>

> https://fedoraproject.org/wiki/User:Vipin



Awesome. :)



Just a few minor nitpicks:



- I'd just say we should remove any mention of pix firewalls or nat in

* the diagrams. In phx2 we are behind a firewall setup, but all our

* other sites are just directly on the net, and we don't control or

* have any knowledge of the phx2 firewall stuff anyhow. ;)
fixed. its just "Firewall" now at one place and removed second one from fig.





- Might make the vpn lines bi directional. For app servers and such

* data travels back and forth both ways over the vpn for requests.
point noted....done





- "Authorization can be done at Proxy Server though it should be done at

* application level for security reasons" Depending on what auth you

* mean here, it should always be done at the application level... when

* someone logs into FAS it is a request: proxy->fasserver and then they

* have a cookie that lasts for X minutes to authenticate against the

* various FAS using applications. Nothing should really auth on the

* proxy directly that I can think of...
this information I just copied from old fig and moved to description......removed it from description and flow chart updated.





- For the 'data layer' in the last diagram, might note that that is

* mostly database servers. I guess in the case of the wiki it's also

* nfs storage (for attachements).
*Fig just mentioned "data layer" but no information about it like "proxy layer" cloud in that fig......updated fig....done! I guess :)

thanks & regards,





Overall this looks great!



Thanks again for working on it.



kevin




_______________________________________________

infrastructure mailing list

infrastructure@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/infrastructure


--
Vipin K.


Research Engineer,
C-DOTB, India

_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure


All times are GMT. The time now is 04:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.