I’m hoping to get some honest feedback on the development environment I’ve setup for my lucee app.
I’ll start by saying I was a tech and sales engineer for a small but successful datacenter in St. Louis for 10+ years, and they were a CentOS/vmWare heavy shop. I have quite a bit of experience in this realm so even thought their might be better solutions out there (amazon?), this is what I’m comfortable with maintaining and will most easily be able to support. I’m also working with the datacenter to support this app so I have additional motivation to use CentOS and vmWare.
That said, I’ve been a stay at home dad for the last 2 years and I kind of feel like I’m working in a vacuum these days, so I’d like to gather my thoughts and get some checks/balances on my approach.
Thanks! I’ll get right to it.
Hosting – I currently have a single server for dev running vmWare at the datacenter. (devHost01). I’m currently working on a plan to upgrade this server to more current architecture, but for now it runs ok with a dozen or so bare bone vms. The datacenter has a handfull of spare servers I can grab at any time if this fails, and I don’t consider it mission critical atm.
I also have 2 additional vmWare servers setup for an initial launch. I call them prodhost01 and prodhost02. They are nicer IBM xseries servers each having a 10 disc raid 10 array (15k sas) with 4 hot spares. The current vmWare build doesn’t support transparent failover between each server yet, but I have a plan with the datacenter crew to get that upgraded soon and likely before I’d actually put anything in production. But as for now I at least have 2 hot servers I can use for live, production stuff. I’d likely put everything on one, and use the other strictly as a hot backup.
They’re all tied together with a mirrored pair of 10Gbps HP switches, and the switches are tightly configured with VLANS (storage, vmware, management, public, private, etc) and access rights.
I have both a production and development block of public IPS. Production IP’s are routed to the production servers’ public ports, and dev is routed to the dev block. Any kind of access to either network has to go through a mirrored pair of juniper firewalls via VPN.
For storage, we’re running fiber to the switches so I can get a direct connection to the datacenter’s netapps. They probably have 30 full size netapp racks loaded with SSD’s that I can use for large scale, elastic storage. All super redundant, etc.
So, regardless of what actual application stack is used, I at least have an environment setup that is secure, has elastic storage, has sandboxed dev and production servers, and the ability to make/destroy vms as needed. If someone wanted to help, I can quickly turn over a vpn login, and any additional logins needed to get started (including Windows 10 box if needed).
I figure this should be enough to get something rolling and get a MVP rolled out that would be fairly reliable knowing that once things actually get busy on the production side of things I’ll have the flexibility to stretch things out pretty quickly (add new servers, storage, CDN, etc)
App Stack – For the actual app I want to build in this environment, I plan to use CentOS 7 primarily. I’ve built vm’s for various services, such as SMTP, backups, database, image hosting, search catalogs, etc.
For instance, the SMTP server is a bare bones ‘minimal’ CentOS7 build with a secure install of postfix with intentions on using for outgoing application based emails. (aka password reset, initial registration, etc).
For image hosting, it’s a bare bones ‘minimal’ CentOS7 build with a secure install of apache and an elastic netapp SAN volume for images mounted as ‘/images’. In this case, the vm gets an additional virtual nic for storage, which is linked to a dedicated physical nic for storage traffic, that attaches to the storage VLAN, then takes a dedicated link out to the SAN.
For the database, it is a bare bones ‘minimal’ CentOS7 build with a secure install of MariaDB. I’m most familiar with MariaDB so that’s my db of choice. It also seems to have all the features I need for this specific app, so I’m fairly locked in on this.
For web server, it is a bare bones ‘minimal’ CentOS7 build with a secure install of apache tomcat setup to running Lucee. All of the servers are setup so that the web server can access them over a dedicated network (with vlan), ie… talk to the mail server or upload images to the image server. Once we get a little further into development I’ll look at adding in additional webhost layer (ie NGINX) but I don’t want to overcomplicate things just yet and create any more moving targets.
I personally use a Windows 10 vm running locally on the development server so I can access it from anywhere. So I’ll connect via VPN, rdp into the Windows 10 box, and manage everything from there. I do however, have everything setup so I can use a local physical machine (ie at my house) to access the entire network. This way if the development server goes down and takes my windows 10 dev box down with it, I can still get to everything.
I don’t want to post any more detail (for sake of being too verbose). I’m really just hoping for people to say ‘yea that sounds just fine’ or ask any questions if things are unclear. Or any general advice.