2. Who am I
• Infrastructure Architect in Nova
• Back office implementation
• 100% Cloud
• Essent Belgium as part of Innogy
• 5th in Belgium
• 5th in Europe
https://www.linkedin.com/in/michiel-van-wambeke-2a91854/
3. What did we try to achieve in Nova
• Near zero licensing cost
• Pay per use model
• Different Components, loosely coupled
• Possible to replace each component
• Fully automated “Delivery pipeline”
• Continuous Integration / Continuous Deployment
• Supported from Infrastructure up
• Secure platform
• Mijn-essent and backoffice user will use the same platform
5. AWS
Plus
• Pay per use model
• Largest open source stack and tooling
• At time of choice , most mature
Considerations
• Vendor lock-in :
• RDS usages
• Data Migration Services ( DMS )
• No abstraction in API calls
• Necessity for scale out
6. Puppet/Hiera
• Puppet vs Angular vs Chef vs …
• Client vs Clientless
• syntax
• All configurations parameters are saved in Hiera
• Necessity if you have 22 environments , that all are just a little different
• Public keys for connection are stored in simple AD
7. Jenkins / Nexus
Strongly rely on Jenkins for enabling Developers
• One push deploys
• Startup / shutdown Environments
Store artifacts in Nexus
8. Security
- No public facing application servers
- Webservers for content
- Reverse proxy
- SFTP server for files
- All outgoing HTTP/HTTPS traffic over proxy
- Concept of steppingstone for management Servers
- Usage of Black hole
- Databases encrypted ( one simple click in RDS )
- All instance volumes encrypted
- Security groups apply least access principle
9.
10. Monitoring / Logging
Zabbix
• Dashboard building
• Schedule for sending errors to whom and what channel
Graylog
• Central logging
• Functional application logging
• Correlation between logging over the different applications
• Infrastructure logging
• Audit logging ( access review )
11. Facts and figures
• Backoffice will support up to 1 Million
• Currently 20 environments are in use
• Uptime exl. planned downtime is 100% since go live 20 Feb.
• The infrastructure from ground up was built with 4 developers (+2 people on
service desk for bugs and access tickets )