Deploying Liferay Digital Experience Platform in Amazon Web Services

Similar documents
Managing Performance in Liferay DXP: An Overview of Liferay Connected Services

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Training on Amazon AWS Cloud Computing. Course Content

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

LINUX, WINDOWS(MCSE),

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Samsung SDS Enterprise Cloud

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Oracle WebLogic Server 12c on AWS. December 2018

CIT 668: System Architecture. Amazon Web Services


Cloud Computing /AWS Course Content

AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS

Liferay Security Features Overview. How Liferay Approaches Security

Dynatrace FastPack for Liferay DXP

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

ArcGIS 10.3 Server on Amazon Web Services

ThoughtSpot on AWS Quick Start Guide

Using MySQL in a Virtualized Environment. Scott Seighman Systems Engineer Sun Microsystems

TIBCO Cloud Integration Security Overview

Deploy the Firepower Management Center Virtual On the AWS Cloud

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Magento Commerce Architecture and Security Model Last updated: Aug 2017

MyCloud Computing Business computing in the cloud, ready to go in minutes

Deploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform

lab Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 AWS Certified Solutions Architect Associate lab title

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Elastic Load Balance. User Guide. Issue 14 Date

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Elastic Load Balancing. User Guide. Date

Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017

AWS Solution Architect Associate

About Intellipaat. About the Course. Why Take This Course?

Elastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

Amazon Web Services Training. Training Topics:

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

Web Cloud Solution. User Guide. Issue 01. Date

Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM

SAP Vora - AWS Marketplace Production Edition Reference Guide

Introduction. Architecture Overview

PCoIP Connection Manager for Amazon WorkSpaces

Avoka Transact Reference Architectures. Version 4.0

SCALE AND SECURE MOBILE / IOT MQTT TRAFFIC

Introduction to Cloud Computing

Advanced Architectures for Oracle Database on Amazon EC2

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

25 Best Practice Tips for architecting Amazon VPC

STATE OF MODERN APPLICATIONS IN THE CLOUD

Amazon Web Services (AWS) Training Course Content

Liferay Digital Experience Platform. New Features Summary

High School Technology Services myhsts.org Certification Courses

Principal Solutions Architect. Architecting in the Cloud

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

TestkingPass. Reliable test dumps & stable pass king & valid test questions

Linux Virtual Machine (VM) Provisioning on the Hyper-V Platform

HOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

Amazon Virtual Private Cloud. Getting Started Guide

Introduction to ArcGIS Server Architecture and Services. Amr Wahba

Scaling DreamFactory

Getting Started with AWS Security

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

ORACLE IDENTITY MANAGER SIZING GUIDE. An Oracle White Paper March 2007

Hosting Requirements Smarter Balanced Assessment Consortium Contract 11 Test Delivery System. American Institutes for Research

OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems

Paperspace. Architecture Overview. 20 Jay St. Suite 312 Brooklyn, NY Technical Whitepaper

USE CASE - HYBRID CLOUD IZO MANAGED CLOUD FOR AWS

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Pulse Secure Application Delivery

EsgynDB Enterprise 2.0 Platform Reference Architecture

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

AUTOMATING IBM SPECTRUM SCALE CLUSTER BUILDS IN AWS PROOF OF CONCEPT

Amazon Web Services Course Outline

AWS Certified Solutions Architect - Associate 2018 (SAA-001)

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

THE DEFINITIVE GUIDE FOR AWS CLOUD EC2 FAMILIES

AWS 101. Patrick Pierson, IonChannel

Cloud Services. Introduction

Installation of Informatica Services on Amazon EC2

The Cloud's Cutting Edge: ArcGIS for Server Use Cases for Amazon Web Services. David Cordes David McGuire Jim Herries Sridhar Karra

IBM InfoSphere Streams v4.0 Performance Best Practices

BEST PRACTICES TO PROTECTING AWS CLOUD RESOURCES

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

Using AWS Data Migration Service with RDS

Amazon Virtual Private Cloud. User Guide API Version

Microsoft SharePoint Server 2013 on the AWS Cloud: Quick Start Reference Deployment

Amazon AWS-Solution-Architect-Associate Exam

IBM Compose Managed Platform for Multiple Open Source Databases

Confluence Data Center on the AWS Cloud

Puppet on the AWS Cloud

Configure IBM Security Identity Manager Virtual Appliance in Cloud

Relational Database Service. User Guide. Issue 05 Date

Transcription:

Deploying Liferay Digital Experience Platform in Amazon Web Services

Table of Contents Introduction................................. 1 Reference Architecture........................ 1 Overview.................................. 2 Sizing..................................... 3 Implementation Details...................... 3 Firewall.................................. 3 Load Balancer............................ 4 Web Tier................................. 4 Application Tier........................... 5 Database Tier............................. 5 Cloud Architecture Considerations............. 5 Security.................................. 5 SSL/TLS................................ 5 Data Encryption......................... 6 Autoscaling............................... 6 Networking (Liferay Clustering).............. 7 Cloud vs Bare Metal Performance............. 7 Liferay Specific Considerations................ 8 File Storage............................... 8 Search................................... 8 Summary.................................. 10 Disclaimer................................. 10 Moving Forward............................. 10 Liferay Global Services..................... 10 ii

Introduction Liferay Digital Experience Platform (DXP) can be deployed into various infrastructures and cloud-based environments. The Liferay Engineering and Global Services teams have extensive experience deploying and managing infrastructure in cloud environments, including Amazon Web Services (AWS). Their accumulated experience and best practices are described in this comprehensive document. It provides an initial architecture of AWS deployments and can be altered depending on specific needs for fault tolerance, scalability and other infrastructure and non-functional requirements. The reference architecture presented in this document is similar to the base reference architecture as described in the Deployment Checklist with AWS-specific technologies applied. The Liferay Global Services team also offers a specialized Go Live package which can help Liferay users with pre-production tuning and configuration. Reference Architecture The selection of an appropriate architecture is one of the first decisions in your deployment path. To select an appropriate architecture, you must consider: Information Security: securing the hardware and sensitive information against malicious attacks and intrusions Performance: supporting the desired number of total users, concurrent transactions, etc. Fault Tolerance: maintaining uptime during unexpected failure or scheduled maintenance Flexibility and Scalability: designing an expandable architecture to support additional features and users without significant redesign 1

Overview The reference architecture depicted in Figure 1 appears complex, but it provides high levels of fault tolerance and flexibility. LOAD BALANCER TIER WEB TIER APPLICATION TIER DATABASE TIER Load Balancer Apache Web Server Application Server Database Server Firewall Load Balancer Apache Web Server Application Server Database Server Figure 1 - Liferay DXP Reference Architecture The architecture contains the following tiers: Firewall: intrusion detection and prevention Load Balancer Tier: ensures smooth distribution of load between multiple web server resources (and underlying application servers) Web Server Tier: delivers static content elements like images, rich media, CSS files, etc. Also provides integration modules to single sign on solutions like CA Netegrity, Oracle Identity, etc. Application Tier: hosts Liferay DXP on supported application servers like Tomcat, JBoss, GlassFish, Oracle AS, Oracle/BEA Weblogic and IBM WebSphere (please see Liferay DXP Compatibility Matrix for complete list of supported application servers) Database Tier: hosts Liferay supported database servers like MySQL, Oracle, IBM DB2 and PostgreSQL (please see Liferay DXP Compatibility Matrix for complete list of supported database servers) 2

Sizing The hardware deployed within each tier varies depending on the type of transactions. We will use Liferay Engineering s benchmarking environment as a hardware specification guide. Some of the tiers will use AWS services where explicit sizing is not available: Firewall Amazon Virtual Private Cloud (VPC), subnets, security groups and network access control lists (ACLs). Load Balancer Tier AWS Elastic Load Balancer (ELB) Web Tier 2 x Amazon EC2 c4.xlarge instance (4 vcpu Intel Xeon E5-2666 v3, 7.5GB memory) Amazon CloudFront (CDN) can be utilized for some functions at this tier as well. Also possible to share EC2 instance with application tier or not utilize web servers at all (both options are discussed in more detail in the Web Tier section. Application Tier 2 x Amazon EC2 c4.4xlarge instance (16 vcpu Intel Xeon E5-2666 v3, 30 GB memory) AWS Simple Storage Service (S3) used as document repository (discussed in File Storage) Separate Elasticsearch cluster used as Liferay s search engine (discussed in Search) Database Tier 2 x Amazon RDS db.m4.2xlarge instance (8 vcpu Intel Xeon E5-2666 v3, 32 GB memory) Implementation Details Firewall VPCs can define one or more subnets, which can be set as private or public. Making a subnet private makes all resources created in this subnet (like EC2 instances or ELBs) inaccessible from internet. This may be used to isolate the entire infrastructure from the public internet and isolate layers such as the web tier and application tier according to security requirements. AWS security groups and ACLs further enable users to define access restrictions on inbound and outbound ports on various resources, like EC2 instances or ELBs. 3

Load Balancer AWS Elastic Load Balancer allows traffic to be distributed in an even manner between EC2 instances. The load balancer utilizes the source ip and port and destination ip and port. Sticky sessions can be defined, either using dedicated AWS-generated cookie or by reusing existing cookie generated by application servers (like JSESSIONID in case of servlet containers). Web Tier The web tier in AWS consists of the EC2 instances with web server installed and possibly also Amazon CloudFront (CDN). Amazon CloudFront is typically responsible for delivering static content as expected from any CDN which usually serves images, CSS, JavaScript and other files that do not change frequently. As for the web server implementation being used in the EC2 instances, any common web server such as Apache or Nginx can be deployed and configured to perform the desired work (compression, caching, etc.) and then forwarding the requests to the appropriate application server in the next tier. Liferay DXP should be configured accordingly, for example by disabling the unnecessary servlet filters in Liferay (e.g., gzip compression filter). The reference architecture utilizes separate EC2 instances for this tier, but deploying the web servers on the same EC2 instances as the application servers is also a viable option. Note that such a strategy will result in the web and application tiers sharing computing resources, which may not be ideal for all applications and loads. You may also choose not to deploy a web tier and instead rely upon a content delivery network (CDN) like CloudFront to deliver your static resources. As with most architectural choices, there are advantages and disadvantages to each approach. You must perform proper load tests to determine the best option for your solution. Please see the Liferay DXP Compatibility Matrix for a complete list of supported operating systems which can be used in the EC2 instances. EC2 instances should be created in several availability zones (within one region) to increase the level of resiliency against data center outage. 4

Application Tier This tier consists of EC2 instances with an application server where Liferay DXP is deployed. Users can choose from a variety of Java application servers and operating systems when deploying Liferay. The AWS platform offers a wide range of Amazon Machine Images (AMIs) and OS options so users can choose whatever best suits their needs. Custom AMIs can also be created in any AWS account and the EC2 instances can be based on them. Please see the Liferay DXP Compatibility Matrix for a complete list of supported application servers and operating systems which can be used in the EC2 instances. EC2 instances should be created in several availability zones (within one region) to increase the level of resiliency against data center outage. Database Tier AWS offers a managed database solution Relational Database Service (RDS). Users can select from common database servers and also choose the size of the RDS instances, determining how much power will be available to each database server. AWS RDS service offers a low barrier of entry for users looking to deploy highly resilient and scalable database tiers. Liferay recommends using RDS instead of managing a set of EC2 instances with database servers deployed. The cost difference is minimal and the added value provided by a managed service outweighs the savings in almost every circumstance. Users are free to choose any database platform, assuming the platform is supported according to the Liferay DXP Compatibility Matrix. Cloud Architecture Considerations Security As mentioned in the implementation section (see Firewall), the basic means of securing the Liferay deployment in AWS are VPCs, security groups and ACLs. There are, however, additional measures which can be taken if higher security standards are required. SSL/TLS When setting up ELB, it by default listens (and forwards) only the incoming traffic on port 80, which is an unencrypted HTTP connection. It is strongly recommended to also add a listener on port 443, an encrypted HTTPS connection. This will make sure that data transferred between the user s browser and ELB will be encrypted and cannot be intercepted. A valid SSL/TLS certificate needs to be provided to ELB, 5

either by choosing one of the user s existing certificates or uploading a new one. SSL/TLS certificate on ELB is used to decrypt the incoming traffic and then route it to one of the defined instances. ELB acts as an SSL connection terminator. The request then needs to be forwarded to EC2 instances. This can be done in unencrypted form, since the traffic is now flowing through VPC s internal network. On the other hand, the connection can also be encrypted again, by setting up another SSL connection between ELB and EC2 instances (e.g., web server or Tomcat with Liferay DXP deployed). As for the SSL/TLS certificates, Amazon became a certificate authority (CA) in early 2016 and added a service called AWS Certificate Manager. This service allows all users of AWS to ask for SSL certificates without any additional charges. This certificate can then be deployed on ELB, providing HTTPS capability. Optionally, for users not comfortable with Amazon managing their SSL certificate and any private information it includes, users can opt for getting an SSL certificate using a traditional approach (i.e., generating the SSL certificate and having some external CA sign it upon verifying the user s and server s credentials). Data Encryption In many of its services, AWS offers encryption of the data at rest as well. This includes, but is not limited to: encrypted EBS volumes, mounted into EC2 instances RDS encryption for DB instances All these services use AWS Key Management Service to store the encryption keys and provide them to services when necessary. AWS claims there is only a minimal overhead for the encryption, that it in no way limits the use of the encrypted resource, and that it will be available in the same way as the unencrypted option. Please see the latest AWS documentation of each service to see if it offers additional encryption options and follow the recommended steps to implement them. Autoscaling Failure scenarios should be planned (e.g., application not responding, loss of server, loss of data center, etc.) and factored into the high availability and fault tolerance plan for the application. 6

Autoscaling is a common strategy used in cloud environments to improve fault tolerance and provide dynamic resource allocation. AWS offers Auto Scaling Groups as part of its EC2 service. It allows administrators to manage sets of EC2 instances (pools) that will automatically adjust its size. New instances can be added or existing ones removed, based on various factors including load or failures. We will not discuss how to set up autoscaling groups in AWS. Official AWS documentation offers excellent guidelines and step-by-step guides. The AWS console also contains wizards to guide users through all necessary steps when defining autoscaling. Liferay is fully compatible with autoscaling architectures, assuming you have the appropriate subscription levels and have deployed Liferay Connected Services (LCS) as part of your Liferay solution. LCS, as part of its offerings, will also help manage elastic and cloud based subscription keys. Networking (Liferay Clustering) When Liferay DXP is deployed in AWS, it will run inside Amazon s VPC network. The virtualized networking infrastructure is very similar to physical networks, with some specific differences. Most notably, multicast is not implemented in Amazon VPC. Liferay implements clustering within its Cluster Link feature. By default, Cluster Link uses multicast for discovery and cluster member communications. In AWS, since multicast is not available, Cluster Link can be configured to use either S3 or JDBC for member discovery and TCP for cluster member communications. Cloud vs Bare Metal Performance Special attention should be paid toward vocabulary used when describing AWS performance, especially when instance-sizing choice is required from the user for services like EC2 or RDS. With bare metal machines, a CPU refers to the physical chip which typically contains multiple cores. Each core may contain one or more hardware threads; modern processors typically have two hardware threads per core. AWS uses the term vcpu (virtual CPU) to mean one physical hardware thread. For example, c4.4xlarge instances in EC2 are providing 16 vcpus from Intel Xeon E5-2666 v3 chips. This means the instance can utilize 16 hardware threads. Based on official Intel documentation (see ark.intel.com/products/81706/intel- Xeon-Processor-E5-2660-v3-25M-Cache-2_60-GHz), each physical E5-2666 v3 chip 7

contains 10 hyper-threaded cores or 20 hardware threads. Therefore, c4.4xlarge instances provide roughly the equivalent CPU performance of 80% of a physical E5-2666 v3 CPU. Virtualization will also have a certain degree of overhead, compared to bare metal. For instance, while the c4.4xlarge instances theoretically provide 80% of the threads from a physical CPU, in reality, they offer less than 80% of bare metal performance. This should be factored into your calculations when performing capacity planning. Liferay Specific Considerations File Storage By default, Liferay utilizes disk storage for its document management capabilities. In traditional (non-cloud) deployments, customers tend to provision network attached storage (NAS) or SAN drives mounted via NFS or similar technologies. In AWS, Liferay DXP users should utilize Simple Storage Service (S3) as a means of document storage, configuring Liferay to use S3Store as an implementation of Document Library store. Please see the Liferay User Guide for instructions on how to set up S3Store. Another option is to use DBStore, but Liferay strongly discourages its use except for demoing purposes or deployments with zero to none requirements on storing documents in Liferay DXP. Note that while AWS offers a feature similar to NFS (Amazon Elastic File System (EFS) for EC2 instances), Liferay does not currently recommend using it. Amazon EFS is still in preview, offered only in the US West (Oregon) region and is available only upon requesting access to this service, which makes it unsuitable for production deployments. Search In Liferay DXP, Liferay ships with an embedded Elasticsearch search engine the Elasticsearch engine runs in the same JVM as Liferay DXP. Although this approach is great for having out of the box search in Liferay, production use of embedded Elasticsearch won t be supported by Liferay and any issues will be out of scope of Liferay support. For production usage, Liferay recommends and will support external Elasticsearch search engine running outside of the DXP JVM (i.e., 1 JVM for Liferay DXP and a separate JVM for the Elasticsearch search engine). 8

Search engines benefit heavily from caching and their JVM memory profiles are substantially different from a JVM focused on serving content and web views (e.g., Liferay JVM). For these reasons, the two applications should always be kept separate in production environments. The search engine JVM can run on the same EC2 instance as the Liferay JVM; however, this will cause the two processes to compete for the same resources. For heavy search usage, Liferay strongly advises deploying not only to a separate process, but to a separate EC2 instance to provide dedicated CPU capacity. Liferay continues to support Solr for Liferay DXP, which can be configured in AWS using one or more EC2 instances. Please see Solr documentation for detailed deployment instructions. For those who are deploying Liferay Digital Experience Platform, Liferay recommends deploying Elasticsearch, although Solr remains a supported option. 9

Summary In the preceding sections, we outlined the steps and considerations to design a fully fault-tolerant Liferay DXP deployment for the Amazon Web Services cloud platform. The described architecture provides a solid foundation for future growth. Disclaimer Liferay can only give you an initial tuning recommendation based on benchmarks that have been performed on the core Liferay DXP product. It is up to you as system architects and business analysts to come up with the utilization scenarios that your system will need to service the required amount of users. It is your responsibility to run the appropriate load tests on your system before production deployment, so that you can identify significant bottlenecks due to custom applications/portlets or other unforeseen system and network issues, and implement appropriate configurations. Please use this document and the Liferay DXP Deployment Checklist (liferay.com/documentation/additional-resources/whitepapers) as guides in sizing your system and procuring your hardware. Moving Forward Liferay Global Services Learn how Liferay s Global Services team can support your Liferay DXP project with a Go Live consultation. Contact sales@liferay.com for more information. 10

Liferay makes software that helps companies create digital experiences on web, mobile and connected devices. The Liferay platform is open source, which makes it more reliable, innovative and secure. Companies such as Carrefour, Coach, Danone, Fujitsu, Lufthansa Aviation Training, Siemens, Société Générale, VMware and the United Nations use Liferay. Learn more at liferay.com. 2017 Liferay, Inc. All rights reserved. 171212

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback