Take a fresh, new look at IT.

A multi-tenant hosted environment

When a large African mobile network operator launched a drive to rapidly deploy mobile banking solutions to their installations in the Middle East and North Africa, their technology partner approached Breakpoint to design and build a shared infrastructure solution that is able to host the application for five operators in various countries in the region, with a possibility for further growth.

The solution had to be secure, scalable and highly available, and Breakpoint further designed in-service updates into the system, all the way from the storage fundamentals right through to the firewalls at the top of the stack. The solution also had to contain segregated test environments for every tenant. The challenge in designing a hosted, multi-tenant architecture is to know which components to select to ensure efficient sharing of resources, while at all times maintaining secure separation of traffic and data.

The final design consisted of a shared Oracle storage array, with dual redundant hot swap controllers, connected to redundant fibre channel switches. This ensured multiple paths to the various storage consumers, which consisted of a cluster of three VMware ESX servers, each with 128GB RAM and 12 CPU cores. A further two-node cluster is connected to a separate storage pool on the same array for the test environment. The Oracle database environment is hosted on a SPARC system connected to an optimised data volume on the array, with a second system in cold standby, able to take over duties with a manual switchover procedure, which uses a single Oracle installation on a shared ZFS pool. In this manner, hardware redundancy is ensured without incurring additional licensing costs normally incurred when using Oracle Real Application Clusters. The rest of the application environment consists of around forty virtual machines, running a mixture of Oracle Solaris 10 and Microsoft Windows Server.

The switching is handled by Cisco Catalyst 3750 switch stacks, with all network interfaces connected in cross-stack LACP link aggregates. This allows for redundant network links and permits failed switch swap-outs with no impact on service availability. Firewall duties are performed by two clusters of Cisco Adaptive Security Appliances, which separate the Perimeter, Application and Data zones. Load balancing is performed by a cluster of Riverbed Stingray virtual appliances that allow applications to be dynamically drained, removed, updated and added back to the application pools, so that application patching can occur in business hours, without impacting service. Health monitoring further ensures that any failed application services are disabled and removed from the resource pool within seconds of the failure occurring.

Breakpoint specified, ordered and managed the delivery of all components, then assembled, installed and configured the entire infrastructure, which consisted of a full rack of equipment and software from multiple vendors, and delivered it to the customer for application installation – on time, and within budget. After the application installation was completed, the customer requested that Breakpoint deploy and integrate the system at the colocation facility in Cyprus. A Breakpoint engineer travelled to the installation site to receive the shipped equipment, and reassembled it on site, after which it was integrated into the various customer environments. A recent full system update of all firmware and software releases (including a complete reinstallation of the VMware cluster with the latest vSphere release) was performed on the running system, with the only downtime required being for a test switchover of the database servers.


Leave a Reply