• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

1z0-865 Deployment Diagram

 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi folks,

I'm here to request a little help from you folks with deployment diagram of 1z0-865.

1. How much do I need to specify my load balancer? Just as a node is ok?

2. Do I need to specify the web/EJB container software?

3. I've used the same hardware configuration (Dell PowerEdge T320) to all the servers and my warm backups servers. Is it acceptable? I've made this thinking of support.

I'm stablishing my OS as Ubuntu Server 14.04.2 due the new support for OpenStack. Does I need (or could I) to tell why I've chosen Ubuntu, Java 1.7 and JBoss EAP 6.4.0.GA in this diagram as notes?

Best,

Sergio.
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sergio,

1. How much do I need to specify my load balancer? Just as a node is ok?

This depends on the degree of availability you need to provide. If you need four nines, one device for load balancer is not enough, as it becomes a single point of failure.
In my diagram, I created a node with no stereotype for LVS Load Balancer, with two <<device>> nodes for active ad backup router in it. These two router devices are connected by VRRP

2. Do I need to specify the web/EJB container software?

I think you should. I used the following hierarchy of nodes for the application servers, outermost to innermost:
1. <<device>> <<Hardware Profile A>> Application Server Node
2. <<execution environment>> OS
3. <<execution environment>> JEE6-compliant application server
4. <<artifact>> your-application.ear

3. I've used the same hardware configuration (Dell PowerEdge T320) to all the servers and my warm backups servers. Is it acceptable? I've made this thinking of support.

warm standby nodes may or may not be of the same capacity as active nodes, in real life they can be less powerful, for economical reasons.

I'm stablishing my OS as Ubuntu Server 14.04.2 due the new support for OpenStack. Does I need (or could I) to tell why I've chosen Ubuntu, Java 1.7 and JBoss EAP 6.4.0.GA in this diagram as notes?

I don't think you should, especially for the application server. I think specifying that your application server is just JEE6-complaint application servier is perfectly enough. JBoss is great server, but it is not Oracle product, and specifying it will probably not give you extra points.
 
Heliton Rodrigues Aranha Filho
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Sergio,

1) Depends on your requirements. I did it on my project, and I passed, so...

2) Again, depends on your project and SuD, I specified them both on the diagram and in the suggested hardware and software note box I added per Cade's suggestion.

3) And once more it depends. If it has a database server it should be a more powerful machine. You can use lighter machines for the web server, mail server, or whatever you have in your requirement. You can also explain that part about making it easier for maintainability by using the same spec for all of them in the assumptions file.

4) I don't think you have to explain why you chose a specific technology. The fact that you're already suggesting it is a bonus. Just use your experience (if you have any, or else look it up online for some guidelines) and go with it. The main point of part 2 and 3 is defining and architecture and standing behind it. I did detail what software I was using in the assumptions file, but only listed it, didn't justify it.

Best of luck!
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Heliton and Mike,

Thanks for all the answers. It helps me a lot because I've no experience at this.

Based on your concerns and good tips, I've changed some points in my deployment diagram.

Here it's attached. So, what do you think guys? Is that diagram ok for both of you?

Thank you very much!
Deployment.png
[Thumbnail for Deployment.png]
 
Heliton Rodrigues Aranha Filho
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Looks fine to me. I just find the protocol notation a little odd as I've never seen it being represented in UML with a plus sign in the front. Myself I used a stereotype (<<HTTP>>), which is what most UML books recommend. Remember that regarding the diagrams, less is more, because they take away points for wrong UML usage. Also I only put one line leading to the cluster node, not one for each node in the cluster, as the cluster should be a single virtual unit when viewed from the outside, but that's up to you (I assume you did it because you want to show that only 2 nodes are active at any one time? If so, the fact that you specify the backup node does that already).

I didn't put the full server specs as you did, just enough so they'd know which server I was recommending and why, but as Jeanne always says, the more info the better. Just don't forget to put those explanations in the assumptions file too, and set them aside to use in Part 3 if you get asked about it.

One final thing, and I hope I'm not breaching any forum rules here (if I am, moderators, feel free to delete/edit this post), but you forgot about security (shhh don't tell them I told ya).

Keep up the good work!
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Heliton Rodrigues Aranha Filho wrote:Looks fine to me. I just find the protocol notation a little odd as I've never seen it being represented in UML with a plus sign in the front. Myself I used a stereotype (<<HTTP>>), which is what most UML books recommend. Remember that regarding the diagrams, less is more, because they take away points for wrong UML usage. Also I only put one line leading to the cluster node, not one for each node in the cluster, as the cluster should be a single virtual unit when viewed from the outside, but that's up to you (I assume you did it because you want to show that only 2 nodes are active at any one time? If so, the fact that you specify the backup node does that already).

I didn't put the full server specs as you did, just enough so they'd know which server I was recommending and why, but as Jeanne always says, the more info the better. Just don't forget to put those explanations in the assumptions file too, and set them aside to use in Part 3 if you get asked about it.

One final thing, and I hope I'm not breaching any forum rules here (if I am, moderators, feel free to delete/edit this post), but you forgot about security (shhh don't tell them I told ya).

Keep up the good work!


Thank you SO MUCH for your tips Heliton!

I've tried to remove "+" sign from protocols many times, but I don't know why, the tool that I'm using (StarUML) always add it again. I added it as a Communication Path between the nodes.

I think that you're not breaking any rules here because I'm asking for help, not an end solution. Lol

Security is really a concern about this project, because as the assignment says "128bit encryption at a minimum". But I don't know how could I represent it into my UML model. I've tried to search for everything at google images and still nothing about it.

Do you think that I need to add an Firewall as a node between the connection of client workstation and my first load balancer?

Best!

Sergio.
 
Heliton Rodrigues Aranha Filho
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sergio Figueras wrote:
Thank you SO MUCH for your tips Heliton!

No prob, just trying to give back what was given to me for free

Sergio Figueras wrote:
I've tried to remove "+" sign from protocols many times, but I don't know why, the tool that I'm using (StarUML) always add it again. I added it as a Communication Path between the nodes.

I used the Virtual Paradigm tool. Was really pleased with it, specially the new version (12). It lets you edit everything, even things it put there automatically. Plus it's free (Community Version). But if you already have your entire project in StarUML, just keep it there and hope for the best

Sergio Figueras wrote:
I think that you're not breaking any rules here because I'm asking for help, not an end solution. Lol

Better safe than sorry. Was a long and hard road to get these certificates, don't wanna lose them on a technicality.

Sergio Figueras wrote:
Security is really a concern about this project, because as the assignment says "128bit encryption at a minimum". But I don't know how could I represent it into my UML model. I've tried to search for everything at google images and still nothing about it.

If security is an explicit concern in the assignment, then you should try harder. It wasn't on mine, but I still covered all my bases. Try adding a couple of firewalls in there, some secure protocols, and detail the security practices you find adequate in the assumptions file.
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sergio,

What I'd like to suggest

(Strongly recommend)
1. Consider adding firewalls. I would add two sets of firewalls - first set before load balancers, and another set between application servers and DB cluster.
2. Unless your requirements stipulate that you have to serve static content, you do not need dedicated web servers.
3. Not sure what's the role of "warm backup". Is it warm backup or warm standby ? If it is an application server node that should take over in case of disaster, than it is a warm standby. If not, then what does it back up, exactly ?
3a. Mechanism of switching between active and warm standby is not provided. Is it automatic DNS or manual ?

(what I would also do)
3b. warm standby should be on geographically distributed location, and I would provide two sites - "main site" and "DR site" as two distinct nodes, rather than providing just "business logic tier".
4. Database should also be replicated (passive replication is fine) to geographically different location.
5. I would not specify ANY proprietary names if they are not Oracle's (like Ubuntu, Dell, postgre sql, Jboss, etc), as it does not add any value to the diagram. Reviewer may not be aware of benefits of this particular model or revision.

 
K. Tsang
Bartender
Posts: 3583
16
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"Warm standby" should be called "hot standby".

Regarding DR, the machine specs should be the same as the main site. If you do mention DR in a separate location, you should mention how database data/storage is synchronized/replicated so that in case the DR site becomes primary will data be an issue, reducing availability waiting for DBA to restore DB...

Firewall, I agree with Mike having one before the first load balancer. But between the app serve and DB I don't agree unless different network subnet or something. By different subnet, it can be different location too.
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mike Degteariov wrote:Hi Sergio,

What I'd like to suggest

(Strongly recommend)
1. Consider adding firewalls. I would add two sets of firewalls - first set before load balancers, and another set between application servers and DB cluster.
2. Unless your requirements stipulate that you have to serve static content, you do not need dedicated web servers.
3. Not sure what's the role of "warm backup". Is it warm backup or warm standby ? If it is an application server node that should take over in case of disaster, than it is a warm standby. If not, then what does it back up, exactly ?
3a. Mechanism of switching between active and warm standby is not provided. Is it automatic DNS or manual ?

(what I would also do)
3b. warm standby should be on geographically distributed location, and I would provide two sites - "main site" and "DR site" as two distinct nodes, rather than providing just "business logic tier".
4. Database should also be replicated (passive replication is fine) to geographically different location.
5. I would not specify ANY proprietary names if they are not Oracle's (like Ubuntu, Dell, postgre sql, Jboss, etc), as it does not add any value to the diagram. Reviewer may not be aware of benefits of this particular model or revision.



Thank you for your considerations Mike!

Following your tips, I've added an Firewall device between client and web server.

I've separated the Web Server because it's a separated war file, that access my beans with CDI. Isn't that right?

Since I've no experience with this, I've seen the names from Bambara's book, but for me the correct is warm standby too. So, I've changed that.

Yeah, in the end I've seen how mad is to recommend PostgreSQL to Oracle in this project (LOL!). So, I've turned everything into Oracle products. In a real world, of course it wouldn't be as this, because a lot of Oracle products that I've tested are really bad products for me. (ADF, BPM, etc).

Best and again: THANK YOU!
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
K. Tsang wrote:"Warm standby" should be called "hot standby".

Regarding DR, the machine specs should be the same as the main site. If you do mention DR in a separate location, you should mention how database data/storage is synchronized/replicated so that in case the DR site becomes primary will data be an issue, reducing availability waiting for DBA to restore DB...

Firewall, I agree with Mike having one before the first load balancer. But between the app serve and DB I don't agree unless different network subnet or something. By different subnet, it can be different location too.


And what about having firewalls before external services (SMTP, Open Market Services, Inventory EIS), do you think that is necessary?

Thanks K. Tsang!
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"Warm standby" should be called "hot standby".


Hot standby, definition #1:

Hot Standby: Software components are installed and available on both primary and secondary nodes. The software components on the secondary system are up


Hot standby, definition #2:

A method of redundancy in which the primary and secondary (i.e., backup) systems run simultaneously.


So it is agreed that with hot standby the DR node is not just up to date, but also running.

Now, the database on DR site is also being replicated from the master database on the main site.

If DR node is in hot standy and therefore is running, then nothing can prevent it from accessing its (DR) database. Even if DR node is not accepting incoming HTTP requests, all timers, triggers, quartz jobs etc can potentially read and write the database.

Here we have two options on how database can be replicated:
- If the DR database is replicated in synchronous mode (i.e. every transaction made on main DB is replicated to DR DB) than it will hurt performance very badly and generally does not work very well over WANs.
- If the DR database is replicated in async (passive) mode, then DR database accepts periodic updates as part of replication, and works in slave mode. I have not heard that the database can be in slave mode and active to transactional requests at the same time.

The acceptable solution would be that the DR app server is in warm standby (up to date, but not running), and DR database is passively replicated. This is cheap and efficient.


But between the app serve and DB I don't agree unless different network subnet or something.


If someone gets access to the app node, due to vulnerability of linux or whatever, I do not want them to be able to access port 22 (ssh) on DB node ! That's why I recommend putting the firewall before DB box.
 
K. Tsang
Bartender
Posts: 3583
16
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mike Degteariov wrote:

But between the app serve and DB I don't agree unless different network subnet or something.


If someone gets access to the app node, due to vulnerability of linux or whatever, I do not want them to be able to access port 22 (ssh) on DB node ! That's why I recommend putting the firewall before DB box.


Fair enough

Regarding the hot standby, my interpretation is that if primary crashes the secondary can take over. Both will be up and running.

For DB replication or synchronization or whatever you want to call it, from my experience companies are following the async (passive) mode, never the sync (active) mode. The question is when the replication occurs depend on several factors such as server load, network bandwidth, amount of data etc.

 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sergio,

I've separated the Web Server because it's a separated war file, that access my beans with CDI. Isn't that right?


No it is not right, unless your UI and back-end are controlled by different organizations/teams, and deployed separately (which can be the case but is rare).
What you suggest requires CDI beans in Presentation tier (residing on web server) to communicate with EJBs in business tier (residing on app server) via remote interfaces, which incurs performance overhead.
There'll also be a cost in obtaining and maintaining extra pieces of infrastructure (web servers, routers, etc) and you should have strong reasons to justify this decision.
As I earlier said, requirement to serve static content can justify additional web servers, but then it will be a classic web server, not servlet container.

See if you can deploy all your solution as a single war bundle on applications server. I still think web servers are not necessary.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic