Technical Architectureversion 1.103/12/2015

Insurance

Technical ArchitectureVersion 1.103/12/2015

Insurance

Technical Architecture

Version1.1

03/12/2015

Page 1 of 22

Insurance

Technical ArchitectureVersion 1.103/12/2015

Contents

1Project plan

1.1PPP005: Insurance application re-development

2Service design

2.1Service description

2.2Resilience measures

2.3Disaster recovery category

2.4Backup policy

2.5Security issues

2.6Authentication and authorisation

2.7External access

2.8Interfaces and dependencies

2.9Exceptions and other issues

3Service specification

3.1URLs, certificates and channels

3.2Servers

3.3Users, roles and groups

3.4Data sources

3.5Firewall configuration

3.6Scheduled tasks

4Service operation

4.1Support contacts

4.2Startup and shutdown steps

4.3Log files

4.4Configuration files

4.5Patching

5Common procedures

5.1e.g. Create a new user

6Disaster recovery plan

Appendix AOld project plans

Version control

Date / Version / Author / Sections / Amendments
24/08/2015 / 1.0 / Gordon McKenna / All / Initial draft.
03/12/2015 / 1.1 / Gordon McKenna / 2 / Updated technical diagram, added dsg_browser

1Project plan

1.1PPP005: Insurance application re-development

1.1.1Stakeholders

Role / Unit / Name
Technical Architect / Development Technology / Gordon McKenna
Peer Reviewer / Development Technology / Mark Lang
Project Manager / Project Services / Sally Hayward
Production Representative / Production Management
ITI Representative / IT Infrastructure

1.1.2Key deliverables

Deliverable / Business benefit
Online application to capture insurance applications for travel, vehicle and transit. / The user experience for staff and students will be enhanced by the ability to correct/change their insurance requirements without the need for duplication.
Online application to administer insurance applications, in particular to maintain master data, search and extract data. / The Insurance Department will be able to respond to information requests more quickly and accurately, particularly in the event of an incident.
A new ColdFusion/Oracle application will be developed to replace the existing MS Access database. / The application will be in a supported development language and on supported infrastructure
Support for the application will be transferred to IS Apps / The application will become part of the supported suite of Finance systems so can be more easily recovered in the case of an outage/disaster

1.1.3Technical commitments

Commitment / Y/N / Justification (if not)
Will the project conduct a load test? / N / The application is unlikely to be heavily used.
Will the project conduct a DR test? / N / This application runs on shared application and database infrastructure so in the event of a disaster will be recovered along with other applications hosted there.
Has a service restart been tested? / Y / This application runs on shared application and database infrastructure so will inherit any patching arrangements already established on this infrastructure.

1.1.4Summary of technical changes

The existing MS Access database application will be replaced by a ColdFusion/Oracle application hosted on shared infrastructure. Support will be transferred from Finance to IS Apps.

1.1.5Estimated costs

Item / Development / Test / Live
e.g. hardware / £ / £ / £
e.g. disk on SAN / £ / £ / £
e.g. backup / £ / £ / £
e.g. licences / £ / £ / £
e.g. maintenance / £ / £ / £
e.g. support / £ / £ / £
Subtotals / £ / £ / £
Total / £

2Service design

2.1Service description

This service enables University staff and students to apply for insurance cover for travel, vehicle or transit. The service consists of an Apache/ColdFusion application connecting to an Oracle database, and is hosted on standard shared corporate infrastructure. The service also uses a separate ColdFusion datasource to query the organisational hierarchy.

The business has agreed the url for the site as

The site is authenticated by EASE.

Bamboo is used for deployment to all environments.

2.1.1Key technologies

Technology / Version / New or existing
ColdFusion / 10 / Existing
Apache / 2.2 / Existing
Oracle RDBMS / 11.2.0.3 / Existing
Bamboo / 4.2.1 / Existing
Netscaler Load Balancing / n/a / Existing

2.1.2Technical diagrams

2.2Resilience measures

The application tier (including the development environment) is setup in an active/active configuration accessed via the NetScaler load balancer. The application will therefore survive the loss of a single application server without manual intervention.

The databases are protected by Oracle DataGuard, so that redo logs from the primary database are shipped with no delay to the standby database. In case of failure of the primary node, the primary database can be switched over to the standby node. A switchover can also be initiated for maintenance purposes.

2.3Disaster recovery category

Application / Category
Insurance / 3

2.4Backup policy

Component / Variance from backup policy
Operating System / None (standard backup)
Database / None (standard backup)
File system / None (standard backup)
Other / None (standard backup)

2.5Security issues

None.

2.6Authentication and authorisation

The application is authenticated by EASE. Authorisation is handled within the application, where users are assigned different roles according to their function.

2.7External access

Name / Contact details / Access method / Description of need
None

2.8Interfaces and dependencies

The application consumes organisational hierarchy information through a separate ColdFusion datasource in order to validate Schools information.

Uploaded documents are stored on a remote file share.

2.9Exceptions and other issues

None

3Service specification

3.1URLs, certificates and channels

3.1.1Development

Application / URL
Insurance /

3.1.2Test

Application / URL
Insurance /

3.1.3Live

Application / URL
Insurance /

3.1.4Certificates

Certificate CN / CA / Server / Location
www-dev.insurance.finance.ed.ac.uk / QuoVadis / cflinux-kb1-dev/cflinux-at1-dev / /usr/local/certs/www-dev.insurance.finance.ed.ac.uk
www-test.insurance.finance.ed.ac.uk / QuoVadis / cflinux-kb1-test/cflinux-at1-test / /usr/local/certs/www-test.insurance.finance.ed.ac.uk
/ QuoVadis / cflinux-kb1-live/cflinux-at1-live / /usr/local/certs/

3.1.5MyED channels

Channel name / Type / Description

3.2Servers

3.2.1Application servers

Development / Test / Live
Servers / cflinux-kb1-dev/cflinux-at1-dev / cflinux-kb1-test/cflinux-at1-test / cflinux-kb1-live/cflinux-at1-live
Physical / Virtual / Virtual / Virtual / Virtual
Shared / Dedicated / Shared / Shared / Shared
CPU cores / 2 / 2 / 2
Memory / 8Gb / 16Gb / 16Gb
OS / linux / linux / linux
Software and versions / Apache 2.2, ColdFusion 10 / Apache 2.2, ColdFusion 10 / Apache 2.2, ColdFusion 10
Dependencies / EASE / EASE / EASE

3.2.2Database servers

Development / Test / Live
Server / oradevkb/oradevat / oratestat2/oratestkb2 / oraat2/orakb2
Physical / Virtual / Physical / Physical / physical
Shared / Dedicated / Shared / Shared / Shared
CPU cores / 64 / 64 / 64
Memory / 384Gb / 384Gb / 384Gb
OS / linux / linux / linux
Instance / GENDEV / GENTEST / GENLIVE
Database version / 11.2.0.3 / 11.2.0.3 / 11.2.0.3
Dependencies / e.g. Java, packages

3.2.3File systems

Server names / Volume / Size / Purpose
CF Application Servers / /u01/software/insurance / 50MB / Application code
CF Application Servers / /remote/insurance-content

3.2.4File shares

Server names / Shared path / Share name
fin-fs-dev / /remote/insurance-content / //fin-fs-dev/insurance-content
fin-fs-test / /remote/insurance-content / //fin-fs-test/insurance-content
fin-fs-live / /remote/insurance-content / //fin-fs-live/insurance-content
Share name / Users / groups / Permissions
//fin-fs-dev/insurance-content / cfadmin
//fin-fs-test/insurance-content / cfadmin
//fin-fs-live/insurance-content / cfadmin

3.3Users, roles and groups

3.3.1Unix

Username / Home directory / Description
insurance / /home/insurance / Application code owner
cfadmin / /home/cfadmin / ColdFusion administrator, used for writing to remote share
Group / Members / Description
insurance / insurance, cfadmin / Application code owner
Application Directory / Owner / Description
/u01/software/insurance / insurance / Location of application code

3.3.2Oracle

Instance / Username / Roles / Description
GEN / insurance / application / Application table owner
insuranceuser / insurance_user / Application user
insurancebrowser / insurance_browser / Application browser
insuranceadmin / insurance_admin / application administrator
dsginsurance / dsg_insurance_browser / For developers
Instance / OPS$ username / Roles / Description
Instance / Database role / Description
GEN / application / Application table owner
GEN / insurance_admin / Application administrator
GEN / insurance_browser / Application browser (i.e. select only)
GEN / insurance_user / Application user (i.e. any privileges)
GEN / dsg_insurance_browser / For developers (i.e. select only)
Instance / Schema / Tablespace
GEN / insurance / insurance_data
GEN / insurance / insurance_index
Instance / DB link name / Owner / Source instance / Source user

3.4Data sources

3.4.1ColdFusion

Data source name / insurance / orgbrowser
CF instance / finance / finance
Username / insurance / orgbrowser
Database / GEN / APPS
Additional settings

3.5Firewall configuration

3.5.1Drum firewall

Source / Destination / Port / Protocol
None

3.5.2Central firewall

Source / Destination / Port / Protocol
cflinux-kb1-dev/cflinux-at1-dev / oradevkb/oradevat / 1826 / SQLNet
cflinux-kb1-test/cflinux-at1-test / oratestkb1/oratestat1 / 1826 / SQLNet
cflinux-kb1-live/cflinux-at1-live / orakb1/oraat1 / 1826 / SQLNet
edlan / cflinux-kb1-dev/cflinux-at1-dev
cflinux-kb1-test/cflinux-at1-test
cflinux-kb1-live/cflinux-at1-live / 443 / https

3.6Scheduled tasks

3.6.1Unix cron jobs

Server / Account / Script name / Schedule / Description
None

3.6.2Windows scheduled tasks

Server / Run as / Task name / Schedule / Description
None

3.6.3Oracle DBMS jobs

Instance / Owner / Job name / Schedule / Description
None

3.6.4SQL Server jobs

Server / Job name / Schedule / Description
None

4Service operation

4.1Support contacts

Vendor / Contact details / Required information
None

4.2Startup and shutdown steps

The application is hosted on existing shared Coldfusion and Oracle infrastructure therefore all startup and shutdown procedures follow the current procedures on that infrastructure.

4.2.1Shutdown

Use standard Oracle procedures, but remember that the INSURANCE schema is hosted on the GEN database, and the application is hosted on the FINANCE instance. Both of these include other database schemas and applicationsand so cannot be shutdown or started up in isolation.

4.2.2Start up

Use standard Oracle procedures, but remember that the INSURANCE schema is hosted on the GEN database, and the application is hosted on the FINANCE instance. Both of these include other database schemas and applications and so cannot be shutdown or started up in isolation.

4.3Log files

Log files are available in /etc/httpd/logs on the application server, insurance-error_log and insurance-access_log.

4.4Configuration files

Virtual hosts are configured by /etc/httpd/conf/httpd.conf on the application servers.

4.5Patching

Patches are applied using the Continuous Integration deployment method which uses Bamboo.

5Common procedures

5.1e.g. Create a new user

6Disaster recovery plan

The application is active/active and the database is protected by Oracle Data Guard, which provides easy failover in case of failure of the primary database. The service is therefore able to withstand the loss of a single datacentre and in the event of a disaster on one site services can be brought up on the other datacentre.

Appendix AOld project plans

Place old project plans here in reverse chronological order (i.e. newest project at the top).

Page 1 of 22