Technical White Paper


Note: The goal of this page is to help you to understand how the Product name - ev itsm.png platform will be integrated into your environment.
  • It is for information purposes only.
  • Each project will have its own unique specifications that will need to be analyzed during the pre-sales process and pre-installation preparation.

Architecture

3-tier architecture

Objectives

Product name - ev itsm.png is based on a 3-tier architecture, meaning that the interface layer (Web), the application layer and the database layer can be installed on different machines and sized depending on the project.

According to the number of concurrent users and the security policy of your company, you must define how the Product name - ev itsm.png platform will be structured.

A gradual way of scaling

The Product name - ev itsm.png architecture is not static and can be modified later according to your changing needs.

If the number of concurrent users increases, if your security rules change, or if there are several phases in your project, you can modify the architecture even after the installation. That's why you can start with a first level of architecture and decide later to upgrade to another one.

Each tier can be sized separately by adding servers.

Licensed users vs Concurrent users

We propose two different architectures mainly based on the number of concurrent users. Basically, concurrent users are up to the maximum number of users defined by your Product name - ev itsm.png license.

Even if there are N users in the license, it doesn't mean that they are concurrent: N users can be connected, but at any one moment concurrent users are those who request an action at the same time.

That's why you can choose to use a simplified architecture if you calculate that the average number of simultaneous transactions is less than the number of licensed users.

Scale-up vs Scale-out of the servers

When you have the choice between adding more capacity on a server and adding new servers, the first solution is often the best if the current machines can support an upgrade.

The same applies if you have the choice between two single processor servers and a dual processor or two dual processors and a quad processor. You should consider:

  • Less servers to install and manage
  • Less Operating System (OS) licenses
  • Less rack space

We do not apply these rules to the database layer, because it can only support scale-up according to the current feature of SQL Server.

How the components are distributed in the architecture

Simple architecture

         Simple architecture.png

Complex architecture

         Complexity architecture.png

Availability

Maximum availability can be reached by using clusters for the database and the web site. With regards to the application layer, our recommendation is to add application servers. Note: Your system and database teams should manage the cluster mode installation and maintenance. Our teams are not trained to do this sort of work.

A load balancer can also be placed in front of the web server. It must be session persistent.

Security of the data transferred on the network

You can add an SSL certificate on the Apache server to secure the data exchanged between the web server and the clients.

During the installation process, we will provide you advice for sercuring the web.

Hardware and system prerequisites

System prerequisites

Layer Prerequisites
Web Tier OS: Linux; kernel 3 recommended
Apache: Apache 2.2 or 2.4
PHP: PHP 5.4.x (5.4.11 mini) to PHP 5.6
OS: Linux, kernel 3 recommended
Application Tier OS: Windows Windows 2008 Server R2; Windows 2012 Server/Windows 2012 Server R2
NET 4.X must be installed on the application server
Database Tier OS: All supported by the DB version
SQL Server:
  • SQL Server 2012
  • SQL Server 2014:
    • The installation script must be modified with the following value: @STAFFVERSION=’12’
    • The smoServer.ini file must be modified with the following value: Provider=SQLNCLI11.0
  • Backward compatibility with SQL server 2008 R2 for existing installation

Web tier

Caution:

  • We can't provide each configuration for each Linux distribution. Hereby some sample to help you. You may update it for your used version.
  • We provide a test PHP page which helps you to check the web server configuration. Put it in the web server document root and access it from a regular windows web browser. All results should be displaying in green. If you find some red, you have to adapt your Apache/PHP settings.

OS

  • Linux, all distribution, for BSD or Unix, please call us. 
  • Performances are better under Linux kernel 3.
  • List of first Linux distribution included a version 3: CentOS 7, Red Hat 7, Debian 7,Unbuntu 11.10,…

Apache

  • Apache version 2.2.10 or above, version 2.4 recommended. We strongly advise that you use the most recent version of Apache 2.4.x for security and performance.
  • If you compile Apache yourself you must include the SOCKET module.
        Example documentation icon EN.png
./configure --prefix=/etc/httpd --enable-mime-magic --enable-expires --enable-headers --enable-ssl --enable-http
--enable-info --enable-dir --enable-rewrite --enable-so --enable-cgi --with-sslport=443 --enable-deflate --with-deflate
  • Following modules should be enabled:
    • so
    • headers
    • expires
    • deflate or filter
  • If you need set up SSO, enable modules Kerberos, SSPI, CAS… depends on our authentication method.
  • Without SSO, check the following directive in httpd.conf files. Directory should be:
<Directory "EasyVista_document_root">
       Options Indexes FollowSymLinks
       AllowOverride All
       Order allow,deny
       Allow from all
</Directory>
  • Compression needs mod_deflate Apache module.
  • Directives to add to httpd.conf file:
    • On apache 2.2:
      AddOutputFilterByType DEFLATE text/plain
      AddOutputFilterByType DEFLATE text/html
      AddOutputFilterByType DEFLATE text/xml
      AddOutputFilterByType DEFLATE text/css
      AddOutputFilterByType DEFLATE text/plain
      AddOutputFilterByType DEFLATE application/xml
      AddOutputFilterByType DEFLATE application/xhtml+xml
      AddOutputFilterByType DEFLATE application/rss+xml
      AddOutputFilterByType DEFLATE application/javascript
      AddOutputFilterByType DEFLATE application/x-javascript
    • On apache 2.4:
      FilterDeclare gzipDeflate CONTENT_SET
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /text|css/"
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /css/"
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /\.js/"
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /text/"
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /plain/"
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /javascript/"
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /xml/"
      FilterProvider gzipDeflate deflate "%{Content_Type} =~ /flash/"
      FilterChain gzipDeflate
      SetEnvIfNoCase Request_URI \wizard_stream.php no-gzip dont-vary
      SetEnvIfNoCase Request_URI export_csv.php no-gzip dont-vary

Example documentation icon EN.png

<IfModule mod_deflate.c>

       # place filter 'DEFLATE' on all outgoing content
       SetOutputFilter DEFLATE

       # exclude uncompressible content via file type
       SetEnvIfNoCase Request_URI \.(?:gif|jpg|png|ico|zip|gz)$ no-gzip

       # The value must between 1 (less compression) and 9 (more compression).
       DeflateCompressionLevel 9
       FilterDeclare gzipDeflate CONTENT_SET
       FilterProvider gzipDeflate deflate "%{Content_Type} =~/text|css/"
       FilterProvider gzipDeflate deflate "%{Content_Type} =~ /css/"
       FilterProvider gzipDeflate deflate "%{Content_Type} =~ /\.js/"
       FilterProvider gzipDeflate deflate "%{Content_Type} =~ /text/"
       FilterProvider gzipDeflate deflate "%{Content_Type} =~ /plain/"
       FilterProvider gzipDeflate deflate "%{Content_Type} =~ /javascript/"
       FilterProvider gzipDeflate deflate "%{Content_Type} =~ /xml/"
       FilterProvider gzipDeflate deflate "%{Content_Type} =~ /flash/"
       FilterChain gzipDeflate

       <IfModule mod_headers.c>
              # properly handle requests coming from behind proxies
              Header append Vary User-Agent
       </IfModule>

</IfModule>
  • Security:
    • ServerSignature = Off
    • Do not allow that folders could be browsed
    • Use .htaccess to secure critical folders
    • EnableSendFile = On
  • Performance:
    • LogLevel = warn
    • Disable unused modules
    • HostnameLookups = Off
    • DirectoryIndex = index_prod.html
    • Server-Status + ExtendedStatus ==> Desactivate if not necessary
    • Activate Keep-Alive with a short timeout like 4s
  • Scalability:
    • MaxClients ==> Depends of your configuration
    • MaxRequestPerChild ==> 100 000 for Linux
    • MinSpareServers, MaxSpareServers ==> Depends of your configuration
  • The URL must allow a direct access to Product name - ev itsm.png without using a subfolder.
             Example documentation icon EN.png  easyvista.mycompany.com  and not:  www.mycompany.com/easyvista
  • Logs our support team is able to process apache logs to sort out many things, but the logformat should be:
    • without SSL:
      LogFormat "\"%t\" \"%D\" \"%H\" \"%{Referer}i\" \"%{User-Agent}i\" \"%U\" \"%a\" \"%X\" \"%>s\" \"%b\" \"%r\""
    • SSL enable
      LogFormat "\"%t\" \"%D\" \"%H\" \"%{Referer}i\" \"%{User-Agent}i\" \"%U\" \"%a\" \"%X\" \"%>s\" \"%b\" \"%r\" \"%{SSL_PROTOCOL}x\" \"%{SSL_CIPHER}x\""

PHP

  • We need PHP 5 from 5.4.11 to 5.6.X.
  • Following PHP modules must be available:
    • session
    • sockets
    • curl
    • json
    • libxml
    • iconv
    • zlib
    • dom
    • filter
    • OPcache

         Example documentation icon EN.png

'./configure' '--prefix=/etc/httpd' '--with-curl' '--with-iconv' '--enable-sockets' '--with-apxs2=/etc/httpd/bin/apxs'
'--enable-json' '--enable-module=so' '--sysconfdir=/etc/httpd' '--disable-mbstring'
'--disable-pdo' '--disable-pdo_sqlite' '--disable-phar' '--without-sqlite3' '--disable-tokenizer'
'--without-pcre' '--with-openssl' '--with-zlib' '--disable-soap' ‘--enable-opcache'
  • The following parameters should be updated in your PHP.ini:
open_basedir must be commented out

zend_extension="/[YourFolderName]/opcache.so"

short_open_tag = Off
precision = 14
zend.enable_gc = On
Expose_php = Off
error_reporting = E_ALL & ~~E_NOTICE
display_errors = Off
log_errors = On
log_errors_max_len = 1024
track_errors = On
error_log = should be set
variables_order = GPCS
request_order = GP
auto_globals_jit = On
default_charset = UTF-8
file_uploads = On
default_socket_timeout = 60
max_execution_time = 300
max_input_time = 300
memory_limit = 192M
post_max_size = 800M
upload_max_filesize = 800M
max_file_uploads = 20
max_input_vars = 5000

session.save_handler = files
session.save_path = should be filled in
Session.use_cookies = Off
Session.name = PHPSESSID
Session.auto_start = Off
Session.cookie_lifetime = Off
Session.serialize_handler = php
Session.gc_probability = 1
Session.gc_divisor = 1000
Session.gc_maxlifetime = 18000
Session.cache_expire = 180
Session.use_trans_sid = Off
Session.hash_function = Off
Session.hash_bits_per_character = 5

File share

  • A common folder between web and application servers should be configured. 
  • You may choice a CIFS client if the folder is store on Windows or a Samba to store it under Linux.

Other

  • The customer can integrate a reverse proxy of its choice between the final users and the Product name - ev itsm.png website. Note: Customer's technical teams are in charge of the choice, the installation and the configuration of such a reverse proxy.
  • The configuration of the reverse proxy must guarantee a transparent usage for the final users, as if there was no reverse proxy (and especially guarantee the transfer of the Product name - ev itsm.png parameters either by GET and POST, a correct management oh http headers, cache and resource compression, upload and download, etc.). Note: Installation, configuration and maintenance of the reverse proxy are not included in the Product name - ev itsm.png installation nor in the technical support.

Application tier

OS

  • Application server runs on Windows: 2008 Server, 2008 Server R2, 2012 Server, 2012 R2 server 32 or 64 Bits.
  • .NET Framework version 4.X must be installed.
  • Use the last Windows service pack.
  • Default cmd codepage should be 850. Use cpch command to check it under cmd.

Processor

  • The application tier works only with x86 processors.

Database client

  • A full SQLnet layer must be installed on all our application servers. Client version must be the same as the server one.
  • A least, BCP and SQLCMD tools must be available. It's simpler to install the SQL server management studio.

Network

  • IPV6 is not used by Product name - ev itsm.png, disable it.
  • We use only one logical network connection, you may disable the others.
  • Server SOCKET parameters must be updated to maximize the number of available sockets.

         Open url.png  See this Microsoft article: http://msdn2.microsoft.com/en-US/library/aa560610.aspx

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
MaxUserPort ->60 000
TcpTimedWaitDelay -> 30

If you don't do it, you will get the following errors:

tem.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.

Or:

Unable to connect to the remote server System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted.
  • In the same manner, you have to maximize it through netsh:
netsh int ipv4 set dynamicportrange tcp start=32767 num=32768

Antivirus

  • Local antivirus must not scan the LOG folder of Product name - ev itsm.png to avoid performance issues.

Database tier

OS

  • All supported OS for your DB server.

SQL Server

  • Supported: SQL Server 2012 to SQL Server 2014. Your expected load will indicate the right version.
  • You must configure the instance as:
    • Sort order: Latin1_General_CI_AS
    • Mixed mode authentication required
    • Automatic growing of tempdb or at least 1GB
    • Database configured with READ_COMITTED_SNAPSHOT
    • FullText search must be installed and available
    • Max Degree of Parallelism must be 1
  • Express version may be used for less than 10 concurrent users.

Web browser

Version

NotesSupportedBrowsers

Notes

  • Browsers not listed below are not supported.
  • While Product name - ev itsm.png or Product name - ev sas.png might run without major issues in compatible browser versions, we do not fix bugs in them if they may not appear in the supported browser versions.
  • Current and (Current-1): Denotes that we support the current stable version of the browser and the version that preceded it.
             Example documentation icon EN.png  If the current version of the browser is 22, we support the 22 and 21 versions

SupportedBrowsers_evSM
Browser Compatible Version Supported Version
Microsoft Internet Explorer 9+ 11
Microsoft Edge 12+ Current and (Current-1)
Google Chrome 40+ Current and (Current-1)
Mozilla Firefox 39+ Current and (Current-1)
Apple Safari 5.1+ Current
iOS 5.1.1+ Current

Configuration

  • Pop-ups and JavaScript must be allowed Product name - ev itsm.png web site.
  • Local cache for temporary files must be large enough (>10MB).
  • If you use SSL, check that the cache for secure pages is allowed.
  • For Internet Explorer: Security option/Downloads must allow AUTOMATIC PROMPTING FOR FILE DOWNLOADS.

Antivirus

  • On the customer PC, the local antivirus should not systematically check each .JS (JavaScript) file to avoid performance problem during the display of the page.

Other

  • Product name - ev itsm.png doesn't require APPLET or ActiveX on the client browser.
  • Flash plug-in 9 or more recent.

Discovery

  • Workstation information gathers needs to open networks flow to the “collect point” share. You may use:
    • SMTP / POP / IMAP
    • NetBIOS over IP (regular Windows share)
    • Usually operations are conducted by a user context system call. Exe files are acceded through NetBIOS.
  • You may use other method. Please ask us for specific implementation (HTTP, local install…).

Disk space needed

This table shows the space needed for SQL Server based on volume needs:

Group Information SQL Server
Administrative database The size of these databases doesn't vary during usage EVO_ADMIN, EVO_BACKOFFICE, EVO_REFERENCE, EVO_PROC 1 GB
Config database The size of these databases doesn't vary during usage 350 MB
Data database Examples based on the demo database: Assets: 38400 Employees: 8750 Orders: 500 Requests: 24200 1 GB

Product name - ev itsm.png is installed by default:

  • 1 administration database group
  • 1 demo account (config and data databases)
  • 1 production account (config and data databases)
  • 1 test account (config and data databases)

Sizing for more than 10 users

Note: These architectures are defined to give you an idea of what the platform will look like. These platforms must be adapted according to your own business and number of users.

  • An Product name - ev itsm.png platform can always be upgraded at a later stage, but please keep in mind the implications to your business and support of your users of shutting down a production system. It's better to define the platform as well as possible at the beginning of the project.
    This advice is really important for physical architectures, which our experience says, are not often upgraded on the average five years that last such a project (5 years is today the maximum guarantee that can be subscribed for most of the servers). The architecture should not only cover today's needs but also the changes that could occur during the lifetime project, both on the customer usage (more departments, etc.) and Product name - ev itsm.png upgrades (one major version per year).
  • Virtual architectures, excluded the database server, can be upgraded as needed, based on the resources really used, and with very little stops in the product availability. That's why our prerequisites are less important for virtual architecture than for physical ones:
    • Virtualized platform administrators prefer to size the resources based on the real usage while the project is growing, instead of reserving too much resources at the beginning. That's how they can guarantee an optimal usage of the physical resources of the virtual server among all the virtual machines.
    • Using more than 4 vCPUs on a virtual machine should be considered with precaution because that such configuration can create contention on physical CPUs (VMware CPU Ready indicator).
Connected Users

(simultaneously)

LAN

20 Web Linux 1 core (or 1 vCPU), 3GB of RAM, 40 GB available disk space
Application & Database Windows 2008/2012, dual core (or 2 vCPUs), 4 GB of RAM, 70 GB available disk space
50 Web Linux Dual core (or 2 vCPUs), 4 GB of RAM, 40 GB available disk space
Application Windows 2008/2012, dual core (or 2 vCPUs), 4 GB of RAM, 70 GB available disk space
Database server Windows 2008/2012, dual core (or 2 vCPUs), 8 GB of RAM, 100 GB available disk space
100 Web Linux Dual core (or 2 vCPUs), 8 GB of RAM, 40 GB available disk space
Application Windows 2008/2012, quad core (or 4 vCPUs), 4 GB of RAM, 70 GB available disk space
Database server Windows 2008/2012, quad core (or 4 vCPUs), 16 GB of RAM, 100 GB available disk space
More users Architecture will be defined with your engineers to provide the best solution

Special considerations in architecture sizing

More than 1 000 PCs inventoried each day

Discovery data integration (Discovery, Usage, SNMP, Citrix…) can be very resource intensive. A single PC needs 10 seconds to be integrated in the Product name - ev itsm.png database because of all the rules applied during the integration process (merges, movement history, etc.). Huge imports can potentially slow down the performance for end users.

In this case, it is necessary to either import data outside of working hours (e.g. night shift), or use a dedicated back office server to import data: MONO XEON dual core, 4 GB of RAM, 2 HD 70GB RAID 1, Windows 2003).

Many Self Service users

If the number of Self Service users is important, you should consider having a second line of servers dedicated to them.

In this case, standard users will access Product name - ev itsm.png with one URL, and Self Service users with another one. You can then guarantee the performance will always be the same for your standard users (Service Desk, etc.) even when many Self Service users are connected.

Documents uploaded by users on Service Desk

The web server must have adequate disk space to accommodate the uploading of documents by users. Documents such as licenses, contracts, email attachments and screenshots will all be stored on the web server and over the course of time could become huge.

You can configure Product name - ev itsm.png to store these documents outside of the web server, in a more secure area (i.e. File Server).

Database instance dedicated

We always recommend a dedicated database for Product name - ev itsm.png.

With SQL Server, Product name - ev itsm.png needs to use a specific sort order that could potentially conflict with the one already in use.

How to secure the http traffic

It's not mandatory to secure the http traffic, but you should consider using an SSL certificate to avoid readable information being sent on your network.

For larger environments (more than 200 users on the same web server) we would recommend installing a dedicated SSL encryption card on the web server.

SSO, LDAP, etc.

Product name - ev itsm.png integration in your security environment has no impact on the size of the architecture.

However, you must validate with your LDAP administrators that Product name - ev itsm.png will have no consequence on their servers. Product name - ev itsm.png generates two LDAP queries for each new user login to Product name - ev itsm.png.

Virtualized platforms

  • You can use virtualized platforms to host Product name - ev itsm.png but you have to follow the rules:
    • Workstation platforms must not be used.
    • There must be enough resources on the platform hosting the virtualization OS (network, memory, CPU, etc.).
    • Resources dedicated to Product name - ev itsm.png virtual machines must be compliant with the technical white paper, as if it was a physical platform.
    • The physical architecture hosting the virtualization platform must be designed and configured for performance (lot of memory, high speed disks and SANS, high speed network with Jumboframes, etc.).
  • Performance are better on VMware ESX / vSphere (or following) rather than Hyper-V. But the two systems can be used.

Caution:

  • Product name - ev itsm.png performance on virtualized platform is tightly linked to the performance of the physical infrastructure hosting the virtualization OS.
  • Linux are not optimized to run on Hyper-V.

Test platform, development platform, etc.

The right platform architecture and size is based upon the answers to the following questions:

  • Would you like to test response times and workload increase with these platforms?
    • YES: The platforms must be identical to the production platform. Keep in mind that this will cost the same price as the production platform, for a platform that will not be used very often.
    • NO: The platforms will only be used to test new versions, develop specific interfaces, etc. You can use smaller architectures, and even virtual server environments.
  • Would you like to validate on these platforms the whole integration context and needs (LDAP, SSO…)?
    • YES: The platforms should be the same as the production database in terms of OS, and location in the network.
    • NO: The platforms will only be used to test new versions, develop specific interfaces, etc. You can use smaller architectures, and even virtual server environments

Integration with your database servers

Adds to the database model

Adds to our database model is allowed if you follow the next rules:

  • Added fields, tables, view or indexes must be prefixed by E_.
  • No existing object change is allowed: type or field sizing F.E.

Caution: Large adds could reduce the product performance, for example several memo in a table, lot of indexes…

SQL database synoptic

         SQL synoptic.png

Tags:
Last modified by Unknown User on 2017/02/24 10:35
Created by Administrator XWiki on 2013/09/09 14:30

Shortcuts

Recent Updates

Haven't been here in a while? Here's what changed recently:

-   Product name - ev itsm.png
-   Product name - ev sas.png

Interesting Content

How to Automate Integration
Add a Shortcut to an App
History
Quick Dashboard
Full text search - Stop Words

Powered by XWiki ©, EasyVista 2017