450 likes | 640 Views
DAT HLD Application W@T Collaborative portal . Perimeter and contributors Indicate the DT impacted , as the contributors solicited right now for the project. Table of contents. 1 - Context 2 - Project 3 - Architecture 4 - Operations 5 - Exhibits. 3. Architecture. Design goals
E N D
DAT HLDApplication W@T Collaborative portal DAT Application HLD – DSIT/DSIH – Portal Collaboratifve WAT - Version 0.91
Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
Perimeter and contributorsIndicate the DTimpacted, as the contributors solicited right now for the project Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
Table of contents • 1 - Context • 2 - Project • 3 - Architecture • 4 - Operations • 5 -Exhibits Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3. Architecture • Design goals • Functional architecture • Application architecture • Technical architecture • Security commitments • OSPs • Capacity management 5 Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.1 - Design goals Design goals 1 • End users • User friendliness • Fluid user experience • Responsiveness to terminal type • Profiling • Support of multiple languages • Operations • Easy installation, environments and versions management • Application and DB versioning • Ability to grow in contents size • Fast access to logs for support teams • Total corporate environment • Use of existing Total authentication mechanisms • Connection to corporate LDAP server (AIG) for profiles information • Ability to host other corporate applications Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.1 - Design goals Design goals 2 • Service Level Commitments • Classify Ultimate service offer : Gold • Redundancy of application roles: all the application roles are doubled on a site. • RTO: 4 hours • PIT: 1 day • Availability ratio: 99.5% • Service Working hours : 24 X 7 • Corporate Standards Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.2 - Functional architecture General organization Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.2 – Functional Architecture Functional architecture principles • Single Page Application • All transitions made through Ajax requests • Minimal impact on bandwidth • Fluidity • Unified user interface • Navigation through mega-menu (according to user’s preference) • Central zone : page contents • Left bar : summary information • Right bar : quick access shortcuts • Intranets, community sites and personal sites offer the same user interface • Navigation • Profiled mega-menu Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.2 – Functional Architecture Unified user interface DAT Applicatif HLD – DSIT/DSIH – Portail Collaboratif WAT - Version 0.91
3.2 – Functional Architecture Functional blocks • Home page • Intranets • The universes are set by user preference (branche, entité, site, métier) • Intranet navigation through mega menu • Menu links lead to intranet pages or to other corporate sites • Social functions • Wall, multi layer agenda, personal documents library, blog, preferences • Communities : public, controlled, on invitation • Communities : wall, discussion threads, agenda, documents library • Messages : to all, to someone, to a community, to a thread • Search center • Previous search requests are stored so that user can replay them • Search requests may be standard or advanced • Administration (for relevant users only) • Navigation through standard mega menu Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.2 – Functional Architecture Feature set summary • Community • Community home page • Blog • Diary • Threads • Document management • Administration of Corporate Portal • Manage the users rights • Manage the types of contents • Manage the page layouts • Leading functionalities • Create/edit/publish/consult contents • Take part to the corporate social network • Social functionalities • Using a personal space : wall, documents, blog, calendar, preferences, profile • Following people, communities, threads, documents, events • Sharing events, documents • Exchanging social messages with people, communities, threads • Creating communities, be member of follower • Search • Search bar • Viewing search history, replaying previous search requests Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 Application Architecture 3.3.1 Application model Client Cross browsers Javascript, AJAX Jquery, Jquery UI, Jquery Mobile XML/HTTP Server IIS Authentication Web Front End Service Web Services Dispatching Logging Request Control Rights enforcements Business Layer Business objects and methods Data Access Layer Standard SQL Drivers for multiple DBMS support (SQL Server, PostresQL) Data bases Multiple DB model Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.1
3.3 Application architecture 3.3.2 Client Building blocks Presentation Pages and sub-pages Templates CSS Transversal utilities XML Parser Jqueryajax utilities Jquery mobile (mobile users) Calendar Treeview component Superfishmegamenu CK Editor Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 Application architecture 3.3.3 Server Building blocks Data Access Layer Business Layer Data Bases Standard SQL Adaptive to DBMS specificities • Business entities are handled by a specificobjectimplementing a set of methods. • calendars • groups • documents • profiles • metadata • relationships • web zones • search SearchEngine (SOLR, Sinequa) External component WAT contents (pages, documents, profiles, communities) are submitted for indexation at the time they are created or modified Searchqueries are sent to searchenginethrough server to server HTTP requests HTTP SQLP Authentication Front End Web Service Authentication Session management Logging Request Control Rightsenforcement Dispatching Response • External component • 3 modes of authentication: • NTLM (all MAIN users) • Certificate (mobile users) • Login/password AIG (otherusers) Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.4 Rightsenforcementprinciples • Rights enforcement is done at 2 levels: • The client application does not propose a user an action he cannot perform • The server application does not allow a user an action he cannot perform • All users rights are stored in one single database (network) • Relationships are expressed as phrases with a subject, an object and a verb • user A follows user B • user C is owner of community D • user E is a contributor to zone EP Home Page • Every method of every object verifies current user rights to perform the action carried by the method before proceeding • Example : before posting a message to a community, verify that current user is a member of the community. • Rights enforcement is done through a specific API Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.5 Databaseorganization • Design goals • Restoration of a database must be done is less than 4 hoursConstraint : databases must not be bigger than 200 GB • Database backup must be done with no service interruptiondata organization must be done to allow this while maintaining data integrity • Databases • Depending on the type of data they are holding, database might or might not reach the limit size. • When they might, the data model splits them in order to stay under the limit • Database schema • Database schema is described in an XML document • Schemas are used to create or upgrade databases through ADODB Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.6 Databaseorganization Backup order Metadata: organization, sites, hashtags, keywords User Profiles : profiles, favorites, history, groups Network: relationships Messages: messages, events, threads Contents: web sites (intranets, personal, communities) Logs: ws logs, db logs, client logs Attachments: binary data attached to messages, pages, ... Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.7 Versioning • Versions of application and DB schema • Each version of application or DB schema has a version number • A version of an application requires a minimal DB schema (for example app version 1.7 requires DB schema 1.5 or higher). • All databases have a db_version table to trace DB versioning. • Versions management • All source code (application and DB schema) is managed by Subversion (SVN) • SVN handles versions, branches, change history, team work • Deploying versions • Multiple application versions can coexist on the same server • Using a new version or stepping back to the previous one consists of setting a symbolic link (immediate effect). • The installation of a new version does not require service interruption • Rollback is immediate • Data migration does not require service interruption Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.8 Environments configuration DNS Config file App. Versions DB Sets DBS4 DBS4 DBS3 DBS3 DBS2 DBS1 INT1 INT2 REC1 REC2 PPR PROD V1.3 V1.3 V1.2 V1.2 V1.1 V1.0 INT1 INT2 REC1 REC2 PPR PROD APP V1.0 APP V1.2 APP V1.1 APP V1.3 DBS 4 DBS 3 DBS 2 DBS 1 Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.9 Bandwidth management • Adaptive user interface • Upon first page load, the available bandwidth is measured by the download of a small test file • Depending on the duration of this initial test, the client session is classified (SMALL, MEDIUM, LARGE) • Downloads of images and videos • Depending on client classification, different versions of the same image or video stream are sent to client • User has the ability to change its classification, at the cost of the response time • File uploads • At upload time, image files are saved under a JPEG format and resized to different sizes, depending on their future use • Bitmaps cannot be uploaded • AJAX/XML messages • All information flow is conveyed by XML messages carrying the strictly necessary information Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.10 Internationalization • User Interface messages • All user interface messages are kept in resource files • At run time, the proper file is loaded (according to user’s language preference) • Communities • Communities are set with a default language • Messages are not translated • Pages • The different translations of one page may be handled differently, at contributor’s option. • Option 1 : the page appears only once in the menu (according tu user’s preference) • Option 2 : all the translations of the page appear in the menu, the user selects the one he/she wants to view. • Documents • The result of the translation of a document is another document. • The same document in different languages appears as many times as the number of translations. Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.11 Profiling • Profiling impacts on different aspects of the user interface • Language • Menu contents • Profiling criteria are configured by user (profiling preferences) • Branche • Entity • Site • Business segment (métier) • Language • After the profiling preferences are saved : • The mega menu is rebuilt to reflect new settings • The user interface switches language Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.3 - Application Architecture 3.3.12 Control of information • Users of social networks must be given control on 2 major points • The contents of their news feed (which events are reported on their Mon WAT page)I may or may not want to know when someone changes its pictureI may or may not want to know when someone becomes member of a community • Which of their actions are made publicI may or may not want people to be warned when I change my pictureI may or may not want to people to be warned when I become a member of a community • User’s preferences • Users have the option to choose how to filter • The contents of their news feed • The visibility of their actions Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
Application architecture 3.3.13 Application interface (inter-application Flows) • Impact in term of flow matrices • Flow matrix to be created • Flow matrix to be modified Fillin DAT HLD V2.0 (post RAP) Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 Technical architecture 3.4.1 Hosting • Software hosting • Security domain :MAIN • Hosting zone :ZSA • VLAN SI business • No Prod VLAN V1920 – dedicated to WAT • Prod VLAN V1828– dedicated to WAT • Network & Physical hosting • Data centre :St-Denis/Clichy • LAN ZSG Component = LAN DC P08 • Creation/Attribution of VLAN and definition of IP addressing plan :delegated to BT • Redundancy:inside a site (HA en active/active), redundancy dual site (GOLD in active/ passive ) • Hosting room - Space available:YES • Server hosting • Type of server : • VM : Spider ESX Windows in VM • Spider physical server for SQL cluster • OS : Windows 2008 R2 Enterprise • Virtualisation : yes • High availability : yes Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 - Technical architecture 3.4.2 Authentification Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 Technical architecture 3.4.3 SQL Databases • Each instance is assigned to a physical node in standard operations • In case of unavailability of the nominal node, a switchover instance on the following node in its list of preferences Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 Technical architecture 3.4.4 LoadBalancing • Load Balancer F5 balances the traffic between: • Web Front End • Authentication servers • Office Web Apps • Search Servers • Round robin Detectionof machine off • Affinity of session Load To balance F5 WFE x 8 STS x 2 OWA x 3 VM names are listed in the followingslide Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 Technical architecture 3.4.5 Loadbalancers configuration Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 Technical architecture 3.5.5 SQL Databases • SQL Server Infrastructure is a cluster geographically distributed on 2 sites of Saint-Denis and Clichy • Each site comprises 2 nodes (2 active nodes) • The data is stored in 4 SQL Server instances • All volumetry is visible by all the nodes at any moment Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 Technical architecture 3.4.7 Firewalls configuration • Use of Firewalls • All the servers are in ZSA • Need for communication of security interdomaine (outside MAIN) • Acquisition of information of market indexes • AIG communication for the authentification • eXchange • Identification of flows • Operating flow:supervision, backup, restoration • Infrastructure flow :heartbeat • Ports STS:500,1000,2000,3000 • Application flows: • TCP/80 enters the cluster servers • TCP/Ports STS from F5 to STS • TCP on port 80 and ports STS from the cluster servers to F5 • TCP/1443 (SQL) between the cluster servers and SQL cluster • User Flow : • TCP on port 80 and ports STS from all the users to F5 Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.5 Technical architecture 3.5.8 Identification use needs of infrastructures II • Authentification • Vision:AD • Non Vision:AIG • Ipad:certificate • DNS Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.5 Technical architecture 3.5.9 Infrastructure services :storage, backup, administration and supervision • Storage • VSP Hitachi array • Backup • SQL Server backup • SLA backup • Frequency:4 hours • Backup base :all databases • Duration of retention disc:Groups policy • Duration of retention tapes:Groups policy • Criteria of restoration:to be defined • Filing • Infrastructure Administration • RACI of operation in course of definition • Supervision • System:standard • Metrology Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.5 Technical architecture 3.5.10 Exchanges with external sources • Panorama of press • AIG imports • Market flow Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 - Technical Architecture 3.4.1 Topology (PREPROD) SQL Cluster WFE1 VIP1 : 80 SEARCH1 VIP4 : 80 SQL1 WFE2 SEARCH2 SQL2 AUTH1 VIP2 :443 AUTH2 SQL3 Office Web Apps F5 (LB) F5 (LB) Authentication F5 (LB) Front End F5 (LB) Search OWA1 SQL4 VIP3 : 80 OWA2 Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.4 - Technical Architecture 3.4.2 Topology (PROD) SQL Cluster WFE1 VIP1 : 80 SEARCH1 VIP4 : 80 SQL1 WFE2 SEARCH2 WFE3 SEARCH3 SQL2 AUTH1 VIP2 :443 AUTH2 SQL3 F5 (LB) Office Web Apps F5 (LB) F5 (LB) F5 (LB) Authentication Front End Search OWA1 SQL4 VIP3 : 80 OWA2 OWA3 Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.5 – Security commitment Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.6 OSP • List of OSPs Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
3.7 - Capacity management Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
4. Operations • Design goals 41 Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
4.1 Compatibility with operating standards Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
4.2 Recurring process, organization & evaluation of operational load Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
4.3 Skills • New skills to implement Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91
Exhibits • Data model 45 Application DAT HLD - DSIT/DSIH - Gate Collaboratif WAT - Version 0.91