Skip to main content
OneFirewall (WCF Server) is primarily composed of a set of software components that seamlessly intercommunicate to deliver a full suite of functionalities. Traditionally, these components are embedded within a single server and orchestrated using Docker Compose, including a local database. While this setup ensures a 99.99% SLI, making it suitable for most use cases, certain critical infrastructure demands even higher reliability, reaching four to six nines (99.9999% to 99.999999%). To meet these stringent requirements, we propose the implementation of the following enhanced underlying infrastructure.

Requirements

ComponentSpecificationNotes
VMs3k8s master/node
RAM32 GBfor each VM
vCPU24for each VM
GPUN/Afor each VM
SSD1TBfor each VM
NSF3TBShared

Connectivity

ServiceSpecificationNotes
ALBagainst the 3 VMsIf possible, otherwise DNS round robin
VM443 InboundFor Web and API Access
VM & NFSSame subnetfor K8s connections
VM22 InboundFor management console
VM443 OutboundVia Proxy for updates on new feeds

ArchitectureEnterprise-GradeReliability