Difference between revisions of "Provider appliance"

From regify WIKI
Jump to navigation Jump to search
 
(48 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
The '''regify Provider Software Appliance''' can get described with the following key attributes:
 
The '''regify Provider Software Appliance''' can get described with the following key attributes:
  
# '''Software appliance''', based on a special CentOS 6 version, one of the most stable Linux distributions (comes as an ISO image).
+
# '''Software appliance''', based on a special Linux version (comes as an ISO image).
# Supports Replication (Master-Slave, Cross-Master) for full redundancy and high availability.
+
# Hardened for 24/7 internet availability and security
# Offers easy SSL certificate usage.
+
## Built-in firewall blocking all unused ports.
# Fully supports all Sub-Provider features (handles multiple IP addresses).
+
## Application based intrusion detection system (IDS) to be a second firewall against various attacks (XSS, SQL injection, header injection, Directory traversal, Remote File Execution, Local File Inclusion, DoS).
# Optionally included database (MySQL and MariaDB alternative).
+
## All unused services, users and groups are removed or stopped.
 +
## Continuously updated by "check for updates" function including all operating system and application components (Kernel, Apache, MySQL, OpenSSL etc).
 +
## Appliance management is only available by SSH from internal IP address range or (optional) from dedicated external IP addresses.
 +
# Supports database replication (Master-Slave, Cross-Master) for full redundancy and high availability.
 +
# Offers easy SSL certificate generation and usage (menu guided).
 +
# Fully supports all [[Subprovider]] features (handles multiple IP addresses, customizations etc).
 +
# Included database (MySQL, with MariaDB as an alternative).
 
# Included Apache Webserver with PHP environment.
 
# Included Apache Webserver with PHP environment.
# Included MTA (Mail Tranfer Agent) which is also usable as relay with a SmartHost.
+
# Included MTA (Mail Tranfer Agent) which is also usable as relay with a company SmartHost.
 
# Automatic time-synchronisation using NTP.
 
# Automatic time-synchronisation using NTP.
# Fully supporting NAGIOS monitoring.
+
# Fully supporting NAGIOS monitoring (more information below on this page).
 
# Supports external loadbalancers and SSL offloading.
 
# Supports external loadbalancers and SSL offloading.
 +
# Use any network SMB shares for regibox storage (optional).
 
# Installs in less than 10 minutes.
 
# Installs in less than 10 minutes.
 
# Allows easy and automatic updates.
 
# Allows easy and automatic updates.
# Does not need any andvanced Linux knowledge.
+
# Does not need any advanced Linux knowledge.
  
==Real hardware or virtualized==
+
==Hardware requirements==
The '''regify Provider Software Appliance''' can get installed on real hardware (given it is supported by CentOS6) or virtual machines.  
+
 
 +
You can find the hardware requirements at the [[Hardware]] page.
 +
 
 +
==Performance considerations==
 +
 
 +
You can find information about performance and speed at the [[Hardware]] page.
 +
 
 +
==Monitoring support==
 +
 
 +
The regify provider software appliance offers you two kind of monitoring:
 +
 
 +
===Nagios support===
 +
The regify provider software appliance gives you access to the standard NAGIOS client plugins. Here is a list of the plugins that are contained (regify provider V4 - 02/2015):
 +
* nagios-plugins-cluster
 +
* nagios-plugins-dig
 +
* nagios-plugins-disk
 +
* nagios-plugins-dns
 +
* nagios-plugins-dummy
 +
* nagios-plugins-file_age
 +
* nagios-plugins-http
 +
* nagios-plugins-icmp
 +
* nagios-plugins-ide_smart
 +
* nagios-plugins-ifoperstatus
 +
* nagios-plugins-ifstatus
 +
* nagios-plugins-linux_raid
 +
* nagios-plugins-load
 +
* nagios-plugins-log
 +
* nagios-plugins-mailq
 +
* nagios-plugins-memcheck
 +
* nagios-plugins-mysql
 +
* nagios-plugins-nrpe-2.14-5.rf.i386
 +
* nagios-plugins-ntp
 +
* nagios-plugins-perl
 +
* nagios-plugins-ping
 +
* nagios-plugins-procs
 +
* nagios-plugins-smtp
 +
* nagios-plugins-ssh
 +
* nagios-plugins-swap
 +
* nagios-plugins-tcp
 +
* nagios-plugins-time
 +
* nagios-plugins-users
 +
 
 +
The supported protocol is NRPE.
 +
 
 +
By default, NAGIOS is disabled but the plugins are available.
  
<u>Virtualization compatibility:</u>
+
There is no GUI support for Nagios, so the usage is for experts only.
* VMWare ESX(i) servers
 
* VMWare Workstation
 
* Citrix XEN Server V6
 
** Only supporting Hardware-assisted virtualization (HVM) mode
 
** No Paravirtualization (PV) support
 
  
It is <u>not possible to install on '''Microsoft Hyper-V'''</u> because of missing network adapter support. We have some success reports for the most recent version of Hyper-V. But currently it is not officially supportet.
+
===Built-in monitoring script===
 +
The regify provider software appliance offers a dedicated HTTPS call to get information about the health of the regify provider. By calling this prepared URL, it returns either
 +
* "OK" -> Everything is fine
 +
* "WARNING: ''description''" -> System still running, but there are problems
 +
* "ERROR: ''description''" -> System is in maintenance mode and not running
  
We do not promise the compatibility to any virtualization technique available on the market. There is a good chance that it runs fine on many virtualization solutions, but there is <u>no guarantee</u> on that.
+
The ''description'' contains detailed information about the reason of the current state.
  
==Hardware requirements==
 
  
You can find the hardware requirements at the [[Hardware]] page.
+
This monitoring call allows you to generate basic monitoring with no big efforts. This call is testing the following things:
 +
* Clearing connection health?
 +
* Is the provider in maintenance mode?
 +
* Is free disk space bigger than 300MB?
 +
* Is regibox space available and working (if enabled)?
 +
* Do we have working cryptography?
 +
* How is internal database connectivity?

Latest revision as of 14:18, 9 July 2024

Key features

The regify Provider Software Appliance can get described with the following key attributes:

  1. Software appliance, based on a special Linux version (comes as an ISO image).
  2. Hardened for 24/7 internet availability and security
    1. Built-in firewall blocking all unused ports.
    2. Application based intrusion detection system (IDS) to be a second firewall against various attacks (XSS, SQL injection, header injection, Directory traversal, Remote File Execution, Local File Inclusion, DoS).
    3. All unused services, users and groups are removed or stopped.
    4. Continuously updated by "check for updates" function including all operating system and application components (Kernel, Apache, MySQL, OpenSSL etc).
    5. Appliance management is only available by SSH from internal IP address range or (optional) from dedicated external IP addresses.
  3. Supports database replication (Master-Slave, Cross-Master) for full redundancy and high availability.
  4. Offers easy SSL certificate generation and usage (menu guided).
  5. Fully supports all Subprovider features (handles multiple IP addresses, customizations etc).
  6. Included database (MySQL, with MariaDB as an alternative).
  7. Included Apache Webserver with PHP environment.
  8. Included MTA (Mail Tranfer Agent) which is also usable as relay with a company SmartHost.
  9. Automatic time-synchronisation using NTP.
  10. Fully supporting NAGIOS monitoring (more information below on this page).
  11. Supports external loadbalancers and SSL offloading.
  12. Use any network SMB shares for regibox storage (optional).
  13. Installs in less than 10 minutes.
  14. Allows easy and automatic updates.
  15. Does not need any advanced Linux knowledge.

Hardware requirements

You can find the hardware requirements at the Hardware page.

Performance considerations

You can find information about performance and speed at the Hardware page.

Monitoring support

The regify provider software appliance offers you two kind of monitoring:

Nagios support

The regify provider software appliance gives you access to the standard NAGIOS client plugins. Here is a list of the plugins that are contained (regify provider V4 - 02/2015):

  • nagios-plugins-cluster
  • nagios-plugins-dig
  • nagios-plugins-disk
  • nagios-plugins-dns
  • nagios-plugins-dummy
  • nagios-plugins-file_age
  • nagios-plugins-http
  • nagios-plugins-icmp
  • nagios-plugins-ide_smart
  • nagios-plugins-ifoperstatus
  • nagios-plugins-ifstatus
  • nagios-plugins-linux_raid
  • nagios-plugins-load
  • nagios-plugins-log
  • nagios-plugins-mailq
  • nagios-plugins-memcheck
  • nagios-plugins-mysql
  • nagios-plugins-nrpe-2.14-5.rf.i386
  • nagios-plugins-ntp
  • nagios-plugins-perl
  • nagios-plugins-ping
  • nagios-plugins-procs
  • nagios-plugins-smtp
  • nagios-plugins-ssh
  • nagios-plugins-swap
  • nagios-plugins-tcp
  • nagios-plugins-time
  • nagios-plugins-users

The supported protocol is NRPE.

By default, NAGIOS is disabled but the plugins are available.

There is no GUI support for Nagios, so the usage is for experts only.

Built-in monitoring script

The regify provider software appliance offers a dedicated HTTPS call to get information about the health of the regify provider. By calling this prepared URL, it returns either

  • "OK" -> Everything is fine
  • "WARNING: description" -> System still running, but there are problems
  • "ERROR: description" -> System is in maintenance mode and not running

The description contains detailed information about the reason of the current state.


This monitoring call allows you to generate basic monitoring with no big efforts. This call is testing the following things:

  • Clearing connection health?
  • Is the provider in maintenance mode?
  • Is free disk space bigger than 300MB?
  • Is regibox space available and working (if enabled)?
  • Do we have working cryptography?
  • How is internal database connectivity?
Retrieved from "https://wiki.regify.com/index.php?title=Provider_appliance&oldid=2485"