In July, we introduced to our software stack . This is divided into three layers: infrastructure, platform and software. In today's article, we would like to take a closer look at the infrastructure layer and our cloud architecture, i.e. the technical basis on which all our applications run.
Our infrastructure is built on the concepts of the cloud, i.e. virtualization. With virtualization, resources are pulled together and shared in a network. We rely on the LEMP stack (Linux, nginx, MariaDB and PHP) together with complementary software and services from other platforms (e.g. Java). To have full flexibility and control over our solutions, we rely on a private cloud and Docker to containerize our applications. We explain how our infrastructure is built and what it is composed of in the following paragraphs.
Web Application Firewall, Hosting, Virtual Data Center and Virtual Machines
To keep our processes as lean and simple as possible, we have outsourced physical server hosting to a partner in Switzerland. Our Virtual Data Center (VDC) runs on their servers. By using multiple Virtual Machines (VM) we are flexible in adapting the required performance (RAM, processor, hard disks, etc.).
The basis of our VDC is OpenNebula. OpenNebula is an open source cloud computing platform. Within OpenNebula different VMs are running. Our VMs are mainly based on the Linux operating system, are connected by a virtual LAN and together form a Docker Swarm.
We ensure the security of our applications and thus also of our infrastructure primarily with a web application firewall. It checks all requests to the system for correctness and compares them with the defined guidelines.
Once a request has been determined to be secure, routing kicks in and the request is routed either directly to the desired application, or to one or more instances of traefik , for example. Traefik is an open-source edge router that connects a request to the container (or containers) responsible for it, and also enables advanced configurations needed for requirements such as replication or high availability.
Virtualization with the help of Docker
For the virtualization of our projects we use Docker . Docker is a platform for developing, deploying and running applications. It is based on Linux techniques, can be installed on different operating systems and therefore fits very well into our development environment. Docker allows applications to be separated from the infrastructure so that software can be deployed or transported quickly and ensures identical processing across all platforms and environments. With Docker, the operating system is "containerized" and abstracted.
Such a container consists of one or a group of software processes, for example the web server, the database and the application programming language. It is provided with the help of an "image" file, which can be imagined similar to a CD-ROM. In the case of cloudtec, these are mainly nginx as the web server, MariaDB as the database and PHP as the programming language. This container provides all the necessary executable files with the help of which an application is operated.
To ensure that the different customer projects are securely separated from each other, each project has at least its own container in our infrastructure. In this way, the customer data is isolated and segmented and cannot be mixed with other data. In addition, all the above-mentioned software parts have exclusive access to their own application. With the help of containerization and virtual networks, we provide auxiliary services such as a virus scanner and PDF indexing in addition to the projects, for example. These communicate locally with the respective project containers. Visibility and grouping of applications and services among each other is also controlled by said virtual networks.
We use Docker Swarm to orchestrate the allocation of containers to hosts. With Docker Swarm, if a host fails, a container is automatically allocated to a new host and restarted. This helps to ensure high availability of applications.
To manage the containers and the Docker Swarm, we use Portainer . Portainer is a container management tool and allows to centrally manage, configure, orchestrate and secure the operated containers. It also offers a simple user interface, which additionally simplifies the work of the users.
Advantages of a private cloud and the cloudtec cloud architecture
Of course, there are different providers and solutions of cloud architectures with corresponding advantages and disadvantages. Large providers such as Amazon Web Services AWS or Microsoft Azure offer ready-made solutions. In contrast, we have full control over our architecture and can quickly and easily make adjustments if necessary. Furthermore, we are not at the mercy of the release cycles and policy changes that the large corporations impose on us. We can decide for ourselves when to update what.
With our own private cloud and the IaaS concept, we are independent of local IT and achieve maximum flexibility. Containerization allows us to continuously provide new services for all our projects. Docker Swarm helps us to ensure the availability of our applications and simplifies the operation of a redundant infrastructure.
In general (outside the cloudtec bubble) it can be said that a private cloud offers the following advantages:
- Data is available at any point in the corporate network
- Full control over access rights
- High security standard including encryption
- Separation of resources and storage location
- High bandwidth through exclusive access
- Resources are flexible and scalable
Are you looking for a partner to host your online platform?
We are the right partner for you! With our own cloudtec cloud architecture we can offer you an architecture that is based on real experience, is constantly being developed and can be adapted to your individual needs. In addition to our own data center, we also offer remotely managed solutions at your data center. This means that we concentrate fully on your needs and challenges right from the start. We are therefore more efficient and you get a high quality product for your budget.
Are you interested in a cloud architecture? Then use our contact form and explain your project to us. We will design a flexible solution for you based on our cloud architecture.