Current Situation

Dave J. Franco
DevOps
Blanclink, Inc
Current Situation

As the blancride application is on development

process there are to different environments, one
called “development” where the developers can
change and test new features and another called
“quality” for more stable versions of the
application. The development servers consist on a
API server running on tomcat 7, a database on
MongoDB and a webserver solution for webproxy
Nginx, there is a server for administration
dashboard which also have several components
such as, ningx, jetty, jenkins and mongoDB.

In order to test stable version of the

application, there is another environment called
“qa servers” with a close approximation on what
is going to be the final production stage.
Basically is compose of Blancride Api Server
running on tomcat and nginx for webproxing, there
is a separate ec2 instance for the database using
mongoDB and a instance running with the quality
stage of administration dashboard. Additionally
there is an instance with both Blanclink and
Blancride websites.
At present the infrastructure team has been
preparing for production stage of the
applications by creating two additional servers,
one which is going to be public facing server
running a reverse proxy using Nginx and another
ec2 instance as our devops server for remote
deployments, automatic backup, vpn server and as
a exit door for servers to make updates.

The actual architecture doesn't represent what is

going to be the production environment but is an
approximation on the service and features that
are going to be use.
Development Environment

The development environment are located on

Ontario Region of AWS using a VPC call
vpc_dev+qa, all of them are using a public IP
address, the idea is to allow flexibility on
testing for developers; they have Basic security
setting such as: ssh, multi factor
authentication, login MOTD and they are capable
to record every login attempt to each server.

Details

dev-api

Hostname: dev.blancride.com.
OS: Ubuntu 14.04 LTS.
VPC: vpc_dev+qa.
Ec2_type: m3-medium.
Security Group: dev-api
Service Running: jenkins port: 9090
Tomcat7 port: 8080.
Nginx port: 80, 443.
SSH port: 16022.
Details

dev_support

Hostname: admin.blancride.com.
OS: Ubuntu 14.04 LTS.
VPC: vpc_dev+qa.
Ec2_type: m1-medium.
Security Group: dev+qa_support
Service Running: jetty port: 8084.
Nginx port: 80, 443.
SSH port: 16022.
Apache2: 80.

Quality Environment

On this environment is where stable versions of

blancride api are deploy, as it was mention
earlier it consist in 4 ec2 instances: blancride
api, support system, api database and the
webserver for blanclink and blancride websites.

In the case of the blancride api server is behind

a ELB (Elastic Load Balancer) to give the same
scaling capabilities as the production
environment will have, additionally the rol of
the database is on a different instance.
qa-api

Hostname: api.blancride.com.
OS: Ubuntu 14.04 LTS.
VPC: vpc_dev+qa.
Ec2_type: m3-medium.
Security Group: qa-api
Service Running: Tomcat7 port: 8080.
Nginx port: 80, 443.
SSH port: 16022.

qa-support

Hostname: dashboard.blancride.com.
OS: Ubuntu 14.04 LTS.
VPC: vpc_dev+qa.
Ec2_type: m3-medium.
Security Group: dev+qa_support
Service Running: jetty port: 8084.
Nginx port: 80, 443.
SSH port: 16022.
qa-db

Hostname: db.blancride.com (internal record).

OS: Ubuntu 14.04 LTS.
VPC: vpc_dev+qa.
Ec2_type: m3-medium.
Security Group: qa-db
Service Running: MongoDB port: 27173.
SSH port: 16022.

qa-www

Hostname: www.blancride.com, www.blanclink.com.

OS: Ubuntu 14.04 LTS.
VPC: vpc_dev+qa.
Ec2_type: t1.micro.
Security Group: qa-www
Service Running: Apache2 port: 80, 443.
SSH port: 16022.
Staging Production Environment

This environment is where the infrastructure team

prepares for the production stage, at present is
located in the same region but in a different vpc
the idea is to be preparing all the features that
the api infrastructure will have.

After we set all the features and we make all the

propers tests, the idea is to create a template
to deploy in another aws region like N. Virginia.

Details

staging-proxy

Hostname: ip-172-31-19-240.us-west-2.compute.internal.
OS: Ubuntu 14.04 LTS.
VPC: vpc_staging.
Ec2_type: t1.micro.
Security Group: staging-proxy.
Service Running: Nginx port: 80, 443.
SSH port: 16022.

staging-ops

Hostname: devops.blancride.com
OS: Ubuntu 14.04 LTS.
VPC: vpc_staging.
Ec2_type: t1.micro.
Security Group: staging-ops.
Service Running: Jenkins port: 8080.
Openvpn port: 23880_UDP
SSH port: 16022.

AWS Infrastructure Security

In terms of security of the infrastructure there

several measure that has been taken, from the
perspective of ec2 each instance belongs to a
security group, each security group inbound and
outbound rules to allow or deny traffic.

Security Groups Details

dev-api
dev+qa_support

qa-api
qa-db

qa-www

staging-proxy

staging-ops
 Additionally all ec2 instance has been change
from their default configuration, each one of
them has multifactor authentication enable and
different port for ssh, MOTD, fail2ban.

Route 53

DNS Records – Blancride.com

DNS Records – Blanclink.com