Releases
Enterprise-Grade Reliability
High availability (HA) OneFirewall Infra
OneFirewall (WCF Server) is primarily composed of a set of software components that seamlessly intercommunicate to deliver a full suite of functionalities. Traditionally, these components are embedded within a single server and orchestrated using Docker Compose, including a local database. While this setup ensures a 99.99% SLI, making it suitable for most use cases, certain critical infrastructure demands even higher reliability, reaching four to six nines (99.9999% to 99.999999%).
To meet these stringent requirements, we propose the implementation of the following enhanced underlying infrastructure.
Architecture
Requirements
| Component | Specification | Notes |
|---|---|---|
| VMs | 3 | k8s master/node |
| RAM | 32 GB | for each VM |
| vCPU | 24 | for each VM |
| GPU | N/A | for each VM |
| SSD | 1TB | for each VM |
| NSF | 3TB | Shared |
Connectivity
| Service | Specification | Notes |
|---|---|---|
| ALB | against the 3 VMs | If possible, otherwise DNS round robin |
| VM | 443 Inbound | For Web and API Access |
| VM & NFS | Same subnet | for K8s connections |
| VM | 22 Inbound | For management console |
| VM | 443 Outbound | Via Proxy for updates on new feeds |
