The integrator and/or end-user will provide physical servers meeting the requirements described above in the Server Requirements section. Also, the integrator and/or end-user will need to provide the underlying infrastructure included, but not limited to network, switches, firewalls, and operating systems (installed), SQL Server, etc.
All Ubuntu machines will require SSH to be enabled on each server with the same username, password , and administration permissions (Sudo) granted to each server to be able to run any command. In addition, the OS’s default UMask settings should be enabled for this account. This account can be disabled after the installation process and re-enabled when upgrades are needed
The GUEST application is a web-based product that requires an SSL/HTTPS certificate for the web interface to ensure that the website is secure. This will also provide the end-user with a URL that can be used to access the website from any mobile/internet device. The certificate will be linked to a registered domain and will allow the end-user to use a fully qualified domain name. It may be possible to use an existing certificate if the certificate is a wildcard certificate.
For a large system with multiple servers, Docker Swarm will provide a minimal level of load balancing via the ingress mesh network it uses, however supplementing this with external load balancer provides some additional benefits. One benefit is the certificate can be offloaded to a load balancer to ease the management of the certificate. Otherwise, the certificate can be loaded directly onto the Docker webserver. This would mean that each Docker server would need to be updated when the certificate expired (yearly – depending on the time length of the certificate purchased by the installer/end customer).
The application will require access to an email or SMTP server to allow the invites for guests to be sent and to allow updates to guest arrivals to be sent to the host.
For the system to be accessible from external sources the environment will require access to the internet. In addition, this will also be used to allow the application to install and update the application, however alternative methods are available if needed. It is possible to run all aspects of CONNECT and Guest without access to the internet if needed.
The integrator or end-user will need to provide an SSL certificate and domain. The certificate provider may need to add a DNS entry to direct the URL to the end customer’s internet gateway. From its gateway entry point, the end user’s IT team would then need to NAT the gateway address from the entry point through to the load balancer or the Ubuntu Docker server that holds the SSL certificate.
To increase the security of the environment then it would be advisable to separate the machines into different DMZ. An internet-facing DMZ for the Docker. An application DMZ for Rabbit MQ, REDIS, and Elastic. Then a Backend DMZ for the SQL server. This would require the installer to set the firewall rules between each of the DMZs. The firewall found below in the appendix.