Hardware Requirements: General Concepts

The simplified PaaS cluster (Virtuozzo Application Platform) structure from top to bottom can be shown in the following image:

It consists of several levels:

User Experience Level - shows all the platform users' services with which the developers, platform administrators, and end-users interact.

Virtuozzo Application Platform Infrastructure Level - represents the set of the platform infrastructure hosts and hosts for users’ containers and virtual machines united into a single system.

• Infrastructure hosts (infra nodes) - servers with PaaS services running
• User hosts (user nodes) - servers with user applications

Compute Provisioning Level - means a service provider or cloud computing platform that can buy/create/install bare-metal hosts or virtual machines with specific virtualization technology and unite them into one whole via the external and internal network.

Hardware Level - represents the underlying low-level infrastructure with a set of bare metal servers and networking, which is used for resource provisioning.

Also, the cluster consists of:

• external network, which usually should be accessible from the Internet, with one or more ranges of public IP addresses, routable in this network
• isolated internal network, entirely devoted to the PaaS cluster, with private IP addresses
• DNS zone, which will be controlled by the platform (i.e. {plarformDomain} and {regionDomain})
• wildcard SSL certificate(s) for infrastructure and end-user domains (i.e. covering also *.{plarformDomain} and *.{regionDomain})

High-Level Requirements

According to the general concepts, to have the Virtuozzo Application Platform installed, you need to provide:

1. Bare-metal servers or virtual machines - hosts. The hardware requirements depend on a particular installation scenario.

2. External or pseudo-external NAT network, which usually should be accessible for platform users (customers/visitors).

• one or more public IP ranges, routable in this network

3. Internal network, isolated for platform use only.

• one or more private IP ranges, routable in this network (a single network of /8 or /16 addresses is preferred)

4. DNS subdomains, which will be controlled by the platform (short ones are highly recommended, see the Note below for a detailed explanation):

• *.{platformDomain} - the main domain of your platform (should differ from the company site/domain). For example, it is used for the end-users' dashboard (app.{platformDomain}, e.g. app.mypaas.com, app.mycloud.net) and admin panel (jca.{platformDomain}, e.g. jca.mypaas.com, jca.mycloud.net)
• *.{regionDomain} - a domain name for each region used on the PaaS (should differ from the platform and other region domains). It is automatically used for all the environments created by end-users in the appropriate region ({envName}.{regionDomain}, e.g. awesomesite.euregion.com, supershop.usregion.net)

We highly recommend using different domains for the platform and each region. It is required to prevent the whole platform from being blocked (blocklisted) in case of abuse from the end-users (spamming, phishing, etc.). On the Virtuozzo Application Platform side, we aim to keep the shared domains to be compliant and isolated for the customers with the help of PSL. However, the process of adding new domains to the list is not real-time due to delays (verification) on a PSL maintainers' side.

The following setup can be used as an example:

• platform domain - mypaas.com
  • dashboard - app.mypaas.com
  • cluster admin - jca.mypaas.com
• first region - euregion.com
  • environment example - awesomesite.euregion.com
• second region - usregion.com
  • environment example - supershop.usregion.com

5. Multi-domain Wildcard SSL certificate for this DNS subdomain, covering the following DNS names:

• *.{plarformDomain} (added as SAN)
• *.{regionDomain} (added as CN)

6. Storage for the user-uploaded content (Uploader Storage), can be shared with Docker templates cache storage.

• external NFS mount (or SCSI LUN shared over infrastructure nodes) is recommended

7. Storage for Docker templates cache (Docker Storage), can be shared with uploader storage.

• external SCSI LUN shared over infrastructure nodes is recommended

8. SMTP (Simple Mail Transfer Protocol) server for sending automatic notifications from the platform, can be configured using the SMTP Server Configuration guide.

• SMTP Relay component is optional but recommended to enhance the process

9. Docker Hub billing account, which should be set as default via the Templates > Docker Registries tab in the admin panel.

• an account with unlimited pulls is required to ensure that end-users won’t be restricted based on the number of containers created on the platform

10. According to the Virtuozzo Support Policy, the host’s kernel version should always be up-to-date:

The up-to-date kernels contain a number of important fixes that are necessary for stable and correct platform functionality.

You can find a list of supported VZ7 kernels on the official changelog web page.

Backup Server

Backup servers can be configured based on the shared storage connected to any existing host (via NFS, iSCSI, etc.) or a dedicated server with local disk space. The selected storage should provide a sufficient level of redundancy and reliability to store backups.

The storage server must meet the following requirements:

• the minimum required disk space is calculated as the total capacity of the /vz(/private) directories on all of the hosts that will be backed up (2x is recommended)
• the server must be located in the same network as the hosts that will be backed up
• network bandwidth at least 1Gbit/sec, 10 Gbit/sec is recommended for a high-performance production platform
• CPU x86_64 with 8+ cores / 16+ threads
• 16GB+ RAM

Installation Scenarios

For the public beta and commercial launch, there are two possible scenarios for the Virtuozzo Application Platform installation:

• Local Storage Server
• Cloud Storage Cluster

Please refer to the appropriate linked page to see the specific scenario-depended requirements on hardware, network, and OS configurations.

System Settings

The following OS settings are configured on the servers during the Virtuozzo PaaS Installation. They must not be changed or removed after the installation. Please, review the list below for possible contradictions with your operations and maintenance practices:

• Changes to the system configuration files are prohibited.
• PaaS cluster installation updates additional system configuration files; these changes must not be removed or overwritten after the installation.
• Specific kernel modules are configured for pre-loading during the installation, and these settings must not be altered after the installation.
• TCP stack settings are modified during the installation and must not be altered after the installation.
• The PaaS cluster installation adds specific iptables rules, which must not be removed or overwritten after the installation.
• The list of IP addresses used by the platform infrastructure should be allowed by the firewall.
• For the Virtuozzo Operations team to have the ability to access the required host node in case of emergency, the appropriate SSH keys should be added to each of them.
• The server timezone is set to UTC during the installation and must not be updated after the installation.
• The SELinux module is switched OFF during the installation and must not be turned ON after the installation.

Contact Support or Operations if any of these points represent a potential conflict.

What’s next?

• Local Storage
• Cloud Storage
• HW/VM Vendors Limitations