SERVICE NAME

Service Design Document (SDD)

Version: CHANGE ME: X:Y (Draft / Release)

Author: CHANGE ME
Project: CHANGE ME

PURPOSE OF DOCUMENT

GUIDANCE NOTE: This Design Document is intended to capture all design aspects of a
service and is not limited to the technical design. To achieve this the various types of
information needed requires different roles to be accountable for the document parts. By all
aspects of the service we only need to include those aspects that are provided by or
supported by IT Services.
Non-Technical Input: Accountability for the completion of the ‘non-technical’ part of this
document (everything up to and including section5) is with the FRM or Business Analyst.
Contributors will be the Business Service Owner, the IT Service Owner and the ITS Service
Management Function.
Accountability for the completion of this document from section 6 (Service Dependencies) is
with the Business Analyst (or the equivalent role in place) working with the IT Services
technical support teams. Those consulted will include the Business Service Owner, the ITS
Service Owner, the IT Security Manager, the FRM and the IT Service Management Function.
Technical Input: Accountability for the completion of the ‘technical’ part of this document from
section 9.6 (Solution Design Technical Details) to section 16 (Appendices) is with the
Application Analyst.
General recommendations on how to complete this document:
  Replace CHANGEME with appropriate text throughout.

 Please remove all guidance notes in the Release version of this document (prior to
DTL submission).

 Please use the references, citations and cross references features of word
throughout. These are found in the “REFERENCES” tab ribbon bar. Enter new
citable items via “Manage Sources”. Hint: CTRL-A followed by F9 updates all
citations and cross-references in the document.

 Please use the set styles in the “HOME” tab ribbon bar. Please do not define custom
font sections or sections of the document that do not use these set styles. If you wish
to create a new additional style please do so.

 Please do not remove any sections. If a section is not relevant for your application
please enter N/A. The exception to this is Section 6.1. In this case please remove
those technical dependencies that do not apply

 If you wish to expand on any particular subject, unless stated otherwise, please do so
in an appendix.

 For versioning please use numbers <1 (e.g. 0.9) for draft. For minor changes
increment the minor version number. For major changes or changes where there is
no backward compatibility, please increment the major version number. Draft status
documents should not be submitted to the DTL.

 This document should be written after the DEV environment has been set up and
understood. However, this is not expected in all cases.
GUIDANCE NOTE: Please note all those items that have a “GUIDANCE NOTE: Required
for High Level Design” must be completed to form a High Level Design (HLD).

Copyright © CHANGEME – Queen Mary University of London. All rights reserved. No part of
this document may be reproduced, distributed, or transmitted in any form or by any means,
including photocopying, recording, or other electronic or mechanical methods, without the
prior written permission of the Queen Mary University of London, except in the case of brief
quotations embodied in critical reviews and certain other non-commercial uses permitted by
copyright law.
For permission requests, write to Assistant Director of CHANGEME, IT Services.

Please note that this document is NOT to be distributed by any means beyond those people
listed in any request. This document may not be passed to non QMUL people without
express permission

DOCUMENT CONTROL

1 CHANGE CONTROL TABLE

GUIDANCE NOTE: Required for High Level Design

IT Services
2
 Version Amendment Description Release Date Updated by

2 APPROVALS

GUIDANCE NOTE: Final approved documents will be base lined as V1.0 and placed in the
designated document repository.
GUIDANCE NOTE: Required for High Level Design
This document is template version 7.0

Approver Title Date of issue Version

DTL ref. 1306. 7.0

DTLs 27th May 2016

3 DISTRIBUTION

GUIDANCE NOTE: Required for High Level Design. This document has been distributed to:

Name Title Date of issue Version

DTLs DTL ref. 1306. May 2016 7.0

RACI
Responsible Accountable Consult Inform

IT Services
3
 GUIDANCE NOTE: This should show who is responsible, accountable, consulted and
informed with regard the document

IT Services
4
 4 Contents

1 CHANGE CONTROL TABLE ......................................................................................................... 2

2 APPROVALS .................................................................................................................................. 3

3 DISTRIBUTION ............................................................................................................................... 3

4 Contents ......................................................................................................................................... 5

4 Management Summary ................................................................................................................. 8

4.1 Purpose 8

5 Service information ....................................................................................................................... 8

5.1 Service Classification 8
5.2 Service Level 9
5.3 Service Offering 9
5.4 Service Demand 10
5.5 Business Critical Information 10
5.6 Stakeholders and Service Information 10
5.6.1 Business Stakeholders and Service Information .......................................................... 10
5.6.2 IT Services Stakeholders and Service Information ....................................................... 10
5.6.3 FTE Operational Estimate ............................................................................................. 11
5.7 Internal Service Support Details 11
5.7.1 Service Component Definitions ..................................................................................... 12
5.8 External Supplier Support Information 13
5.9 Standard Changes 13
5.10 Service Processes 13
5.11 Data Compliance 14

6 Service Dependencies ................................................................................................................ 14

6.1 Technical Dependencies 14
6.1.1 VMware ESXi and vCenter ........................................................................................... 15
6.1.2 Data Centre Network ..................................................................................................... 15
6.1.3 F5 .................................................................................................................................. 15
6.1.4 Janet Certificate Service ............................................................................................... 15
6.1.5 Active Directory ............................................................................................................. 16
6.1.6 Active Directory Certificate Services ............................................................................. 16
6.1.7 UK Federation and QM Shibboleth Identity Provider .................................................... 16
6.1.8 Client Device Requirements .......................................................................................... 16
6.2 Interface Dependencies 16

7 Solution Architecture .................................................................................................................. 17

7.1 Aims & Approach 17
7.2 Application Architecture 17

IT Services
5
 7.2.1 COTS or Bespoke Application ....................................................................................... 19
7.3 Operational Specifics 19
7.4 Physical Network Diagram 19
7.5 Logical Network Architecture 20

8 Security ........................................................................................................................................ 22
8.1 Authentication and Authorisation 22
8.2 Architectural Security Features 23
8.3 Scope of Access 23

9 Service Component Overview ................................................................................................... 23

9.1 Virtual Machines 23
9.2 Capacity Analysis 24
9.2.1 Capacity Forecast ......................................................................................................... 24
9.3 Availability Monitoring 25
9.4 Firewall Configuration 25
9.5 Service Encryption 25
9.6 Automated Maintenance 25
9.6.1 Database Maintenance ................................................................................................. 25
9.6.2 File Level Backup .......................................................................................................... 25
9.6.3 Log File Maintenance .................................................................................................... 25

10 Solution Design Technical Details......................................................................................... 26

10.1 Low Level Details 26
10.1.1 Overview: ...................................................................................................................... 26
10.1.2 Server Configurations: .................................................................................................. 26
10.1.3 Active Directory Configuration ....................................................................................... 28
10.1.4 Linux Groups: ................................................................................................................ 28
10.1.5 Folder Requests and Permissions ................................................................................ 28
10.1.6 Software Source Arrangements .................................................................................... 28
10.2 Monitoring 29
10.3 F5 LTM Configuration 29
10.3.1 Services Hosted Locally ................................................................................................ 29
10.3.2 Services Hosted across Multiple Servers ..................................................................... 31
10.4 Client Configuration 32
10.4.1 Client Application Deployment ...................................................................................... 32
10.4.2 Client Interface Dependencies ...................................................................................... 32
10.4.3 Client Software Dependencies ...................................................................................... 32
10.4.4 Client Configuration Dependencies............................................................................... 32
10.4.5 Client Software Upgrade Cycle ..................................................................................... 32

11 Testing procedures ..................................................................................................................... 32

12 Recovery Plan.......................................................................................................................... 33

13 Benchmarking ......................................................................................................................... 33
13.1 Performance Verification Procedures 33

14 Known Bugs & Workarounds ................................................................................................ 33

IT Services
6
 15 Future Opportunities .............................................................................................................. 34

16 Appendices .............................................................................................................................. 34
16.1 UAT Environment differences 34
16.2 UAT Procedures 34
16.3 DEV environment differences 35
16.4 Notes on CHANGEME 35

17 Bibliography ............................................................................................................................ 36

IT Services
7
 4 Management Summary

4.1 Purpose

GUIDANCE NOTE: Required for High Level Design

The Queen Mary University of London (QMUL) has created a centralised, modern computing
infrastructure with the aim of consolidating computer resources. This document describes
the design required for the ‘CHANGEME service’.
GUIDANCE NOTE: Please add one or two paragraphs describing what the service is meant
to provide. DTL are looking to understand what it does for the university, if there is a
standard associated with this then it should also be included.

5 Service information

5.1 Service Classification

GUIDANCE NOTE: to assist with assigning a Criticality Classification:

Determining the criticality classification should be achieved by discussing the service with
the stakeholders to understand the impact unavailability of the service would have on the
University. It is a business decision that will be very much dependent upon the particular
service being deployed. The activity should be led by the FRM role working with the
stakeholders, and will engage:
• The Business Service Owner and the ITS Service Owner
• Key stakeholders which may include HR, IT Security, Finance, Admissions etc.
To apply a criticality the business needs to consider the impact that service unavailability
would have on the University operation. The impact will vary in the scale of effect on the
University for each Service. Examples of the risks to consider (the business needs to work
out their own circumstances, these are just typical examples) are:
• The potential for prosecution resulting from breaching legislative requirements.
• The possibility of reputational damage that could lead to various outcomes such
as exposure through the media, loss of customers (student intake), damage to
organisational peer relationships.
• How we would function if our financial systems capability was impacted.
• Would the loss of student systems during enrolment and clearing cause an
issue? An impact on the Universities P&L?
• How would the loss of HR systems hurt us?
Understanding the threats and the scale of impact should inform the decision to assign either
a ‘Non-Critical’, ‘Critical’ or ‘Highly-Critical’ classification.
There are three classifications that are in use for services within the University. The choice of
category is determined by the expected adverse impact that an outage of the service would
have on the University operations, University assets, or individuals. Which classification to
apply will be agreed by the Business Service Owner and the ITS Service Owner. The levels
are:

IT Services
8
 Non-Critical
Critical
Highly-Critical
The ‘CHANGEME’ service is to be classified as ‘CHANGEME: Highly-Critical|Critical|Non-
Critical’. This is because… CHANGEME.

5.2 Service Level

GUIDANCE: to assist with applying a Service Level:

Two SLA standards are in place. This has been done to be able to differentiate between
services that have a consistent and standard level of support throughout an academic year
and those that have support levels that exceed the core standard IT Services offerings by
agreement with the customer either on a consistent basis or at specific times within an
academic year.
When the conversation to understand the support requirements takes place, which is owned
by the FRM, a picture of the support required should be ascertained. This will inform the
decision as to which SLA standard will be applied.
Note: during migration the objective is to transition services on a ‘like for like’ basis. We
should not be increasing the scope of service or negotiating ‘up selling’ the service.
The SLA standards available are:
Business Standard SLA.
Used where a consistent level of support is provided which aligns with the core IT Services
offerings.
Business Custom SLA
Used where there are support levels that exceed the core standard IT Services offerings by
agreement with the customer either on a consistent basis or at specific times within an
academic year.

Note: We should avoid setting any perceptions with the Customer that a customised SLA is
‘special’ or for ‘VIP’s’.

The Service Level to be applied is ‘CHANGEME: Business Standard|Business Custom’.

5.3 Service Offering

GUIDANCE NOTE: This document (Queen Mary University London 2015) describes the
service offering from QMUL ITS, for the School Application Migration (SAM) project but can
be applied the same for any service.
The service offering for this service is CHANGEME: [Fully Managed (Default), PAAS,
IAAS, SAAS]
GUIDANCE NOTE: if IAAS or PAAS is selected you must raise an exception and document
the rationale for wanting this service as most services will fall into fully managed or SAAS.

IT Services
9
 5.4 Service Demand

GUIDANCE NOTE: Required for High Level Design

GUIDANCE NOTE: Describe the number of Users and User types that the service is
designed to support.
This service is currently used by …CHANGEME.

5.5 Business Critical Information

GUIDANCE NOTE: Describe here the differences to the IT Services core support model that
are required to support the service. You should include as examples:
• Changes to the hours of support
• Changes to the required response and/or resolution times
• Changes to processes
• Differing escalation procedures
If there are no changes expected to the current support model please retain the default
paragraph below:
The service is expected to operate 24x7 and is supported during the normal operational
hours of IT Services. At time of writing, this is 8am-6pm Monday-Friday, excluding normal
college closure periods.
No changes to the normal operational model of IT Services are expected by the
implementation of this design.

5.6 Stakeholders and Service Information

GUIDANCE NOTE: Required for High Level Design, for multiple analysts duplicate analysts
role. Where If the Senior User is not known then use the details of the Business Service
Owner for the Senior User.
5.6.1 Business Stakeholders and Service Information
Role Attribute Value
Business Service Team Name
Owner
Job Title
Contact Name
Senior User Name
Job Title
Phone Number

5.6.2 IT Services Stakeholders and Service Information

GUIDANCE NOTE: Required for High Level Design, for multiple analysts duplicate the
analysts role. Where there are split responsibilities for a service then use multiple entries
with a prefix, for example Applications and Database Support can be listed as 3rd line and 1st
Line could be for client devices with 2nd line being someone in the Campus Customer
Support team.

IT Services
10
 IT Service Owner should be the Assistant Director of the team providing third line support.
Role Attribute Value
IT Service Owner Team Name
Job Title
Contact Name
1st Line Support Team Name IT Helpdesk

Email Address helpdesk@qmul.ac.uk

Phone Number 8888
2nd Line Support Team Name N/A
Email Address N/A
Phone Number N/A
3rd Line Support Team Name

Team Email
Address
Primary/Secondary
Analyst
Phone Number(s)
3rd Line DBA Team Name GUIDANCE NOTE: Delete this row if DBA
Support support is not required

Team Email GUIDANCE NOTE: Delete row if not

Address required
Primary/Secondary GUIDANCE NOTE: Delete row if not
Analyst required
Phone Number(s) GUIDANCE NOTE: Delete row if not
required
3rd Party Support Company Name GUIDANCE NOTE: Delete row if not
required
Email Address GUIDANCE NOTE: Delete row if not
required
Phone Number GUIDANCE NOTE: Delete row if not
required
Self Service Portal GUIDANCE NOTE: Delete row if not
required

5.6.3 FTE Operational Estimate

GUIDANCE NOTE: The numbers to be used in this section are estimates only. Current
suggested guidance is to use 0.1 FTE for LAMP or Web servers.
Detail the FTE operational estimate required to run the service:
We estimate this service will require n FTE’s to support the service.

5.7 Internal Service Support Details

GUIDANCE NOTE: Please describe here the teams within it services that are expected to be
responsible for the normal operation of this application. Please alter the table as appropriate
and delete entries that are not relevant to your application.
The following teams will be supporting various components:

IT Services
11
 Service Component Responsible Team

F5 load balancing & Network Operations & Network Design and Delivery /
Networking Network Services / Infrastructure

General Support IT Services Helpdesk

Application Support Vendor

Application software Corporate Applications / Application Technical Support (ATS)

/ Applications
Academic Applications / Application Technical Support (ATS) /
Applications
LAMP Applications Team / Application Technical Support
(ATS) / Applications
LAMP Platform Team / Data Centre Services / Infrastructure
Faculty / School

Database Database Services Team / Application Technical Support

(ATS) / Applications
LAMP Platform Team / Data Centre Services / Infrastructure

Virtual Machines & the Servers & Storage / Data Centre Services / Infrastructure
hardware supporting them.

Infrastructure Software Infrastructure Software / Data Centre Services / Infrastructure

Firewalling & Networking / Networks Development / Networks & Telephony /

F5 load balancers/ Infrastructure
Datacentre ASA Firewalls /

Security Policies & IT Security / Infrastructure

Standards

Application Client Devices / Client Services and Audio Visual Design /

Software/components Infrastructure
(Client side)

Microsoft System Center Servers & Storage / Data Centre Services / Infrastructure
Operation Manager
(SCOM) / Nagios
Microsoft Remote Desktop / Client Devices / Client Services and Audio Visual Design /
Web Service (RDS) Infrastructure
Laptop/Desktop Campus Customer Support / Student & Staff Services
Replacement
Application Packaging Client Devices / Client Services and Audio Visual Design /
Infrastructure
Laptop/Desktop Lease Procurement & Finance Officer
Application Licensing Procurement & Finance
5.7.1 Service Component Definitions
5.7.1.1 General Support
Incident Management Guidelines [2], Incident Management Policy [3], Request Fulfilment
Guidelines [4] and Request Fulfilment Policy [5] documentation is available.

IT Services
12
 5.7.1.2 Other Components
Please refer to the relevant Service Design Documents.

5.8 External Supplier Support Information

Guidance Note: Please detail here all the information you have about any third party supplier
relationships. It should include information (if it is relevant) about:

 Who the supplier is (please provide their company name, address, email and
website).

 What components or services the contracts pertain to.

 What contracts or licenses have been arranged and by whom.

 Where those contract or licenses are kept (at QM) – please provide a media location
via the references feature of word and state who is responsible for arranging them.

 Any key people in the 3rd party organisation e.g. the account manager and his/her
contact information.

 If it is a support contract, provide relevant support contact information. In particular,

contact details on how to obtain support.

5.9 Standard Changes

Guidance Note: All standard changes that will be required to support the service in
operation should be documented. Start by making reference to any existing standard
changes that have been defined.
The changes should be documented using the standard QMUL template located by following
this link for more information on the Change Management intranet page [6].
All standard changes must be listed in this document as a cross reference to the fully
documented versions. A URL must be provided to allow the reviewers of this document to
review the changes.
“A Standard Change is a pre-approved, relatively common, well known, documented, low
risk Change. The change activity normally happens frequently and would not normally
require any scheduling or communication beyond informing a user or small group. As such, it
is quite common for a Standard Change (SC) to have previously been a Non-Standard
Change (NSC) which has been approved by the appropriate Change Authority to become an
SC and CAB notified. Standard Changes will be often implemented after being requested via
the Request Fulfilment Process, some of which might have been directly recorded and
passed for action by the Service Desk.”
There are no standard changes associated with this system. Everything is automatic or
requires and emergency change or non-standard-change request.

5.10 Service Processes

Guidance Note: These are the processes that are used to operate the service. For example
with PRM processes like ‘Staff Password Reset Process’, ‘Student Password Reset
Process’ and ‘Novell Password Reset Process’ exist. Just like there will be processes for
operating SITS and Q-Review. A service shouldn’t go into production if the Service Desk, the

IT Services
13
 business teams (HR, Finance etc.) and the second line support teams can’t operate or
maintain them.
There are no human processes associated with this service.

5.11 Data Compliance

GUIDANCE NOTE: Required for High Level Design

GUIDANCE NOTE: Please state the classification of information held by the application. The
various types of classification are detailed in the Information Classification document at
http://www.its.qmul.ac.uk/Documents/Governance/SOPs/142319.pdf. It is recommended
that the classification of information should be discussed initially with IT Security during the
completion of the SDD. Please also complete the following:
The data processed and held by this application is subject to QMUL Information Governance
regulations and policies. The data owner is the person who is ultimately accountable for the
data. The data custodian is the person who is looking after the data. For example the HR
System\data is owned by the HR Director and the custodian is the Assistant Director,
Applications IT Services.
Data Classification: CHANGEME: Name (Confidential, Restricted, Open or Protect)
Data Owner: CHANGEME: Name & Role
Data Custodian: CHANGEME: Name & Role
Has the data governance group reviewed the use of the data held by this system: YES/NO
If the data governance group has not reviewed the information then a brief explanation
should be given. If they have, then a statement and reference to the response should also
be given stating the outcome of their findings.
The email address of the Data Governance Group is
informationgovernancegroup@qmul.ac.uk. When sending emails to the above address
please ensure mark it for the attention of Paul Smallcombe, Records and Information
Compliance Manager.

6 Service Dependencies

GUIDANCE NOTE: Please alter this section to describe all existing services that are used in
the design.

6.1 Technical Dependencies

GUIDANCE NOTE: Required for High Level Design

GUIDANCE NOTE: Please add in any technical dependencies. A technical dependency is
any component of the service that is being used that has already been built and should really
be described in detail elsewhere. Ideally, one paragraph explaining what the component
does [citing another service design document which details the service]. Another
subsequent paragraph should be provided explaining in slightly more detail how this
component is used.

IT Services
14
 GUIDANCE NOTE: Please note that the items listed in this section are really dependencies
in your design. So if you are not using some of the standard components listed below please
remove them and add any additional dependencies.
These are the technical dependencies for the service design:
6.1.1 VMware ESXi and vCenter
GUIDANCE NOTE: Please state the Data Centre(s) where the service will be hosted.

Hosts all Server components in DC1 (Mile End) and DC2 (Enfield).
6.1.2 Data Centre Network
The application architecture complies with the “Data Centre Application Security Zones” SDD
and the firewalling requirements are specified in the relevant NCRF document.
6.1.3 F5
6.1.3.1 F5 Global Traffic Manager (GTM) Configuration
GUIDANCE NOTE: Required for High Level Design.
GUIDANCE NOTE: The F5 GTM is only required if this service will be hosted in both DC1
and DC2, or if VMware SRM (Site Recovery Manager) is to be configured.
GUIDANCE NOTE: Please choose one of the following or write your own.
The F5 Global Traffic Manager (GTM) is not required by this service.
The F5 Global Traffic Manager (GTM) is required by this service and should be configured to
load balance traffic across both Data Centres (DC1 and DC2).
The F5 Global Traffic Manager (GTM) is required by this service and should be configured to
prefer Data Centre CHANGEME: [DC1,DC2]
6.1.3.2 F5 Local Traffic Manager (LTM) Configuration
GUIDANCE NOTE: Required for High Level Design.
GUIDANCE NOTE: Please choose one of the following or write your own.
<Choose one from the two options below>
The F5 Local Traffic Manager (LTM) is not required by this service.
The F5 Local Traffic Manager (LTM) is required by this service. The LTM configuration
required for the website(s) provided by this service are detailed in Section Error! Reference
source not found. (F5 Configuration).
6.1.4 Janet Certificate Service
GUIDANCE NOTE: The Network Development group can source and provide x509 SSL
certificates if they are provided with a Certificate Signing Request. These, by default should
be used on any publicly accessible SSL endpoint (e.g. HTTPS termination on the F5s)
because the root Certificates for these are widely published and available on most
commodity equipment. If you are doing this, the following default sentence is sufficient.
The Janet Certificate Service will be used to provide all digital certificate requirements.
Where appropriate, communication will be secured using SSL and x509 and digital
certificates.

IT Services
15
 6.1.5 Active Directory
GUIDANCE NOTE: Please use the following default sentence, however please also add an
additional paragraph that explains the use of any AD groups, service accounts or other
relevant authorisation mechanisms you are using. If you are not using Active Directory
please explain why.
Authentication and Authorization for this service is still to be provided by the colleges QM
Active Directory Domain. All users, computers, groups and policies will be managed with
this.
6.1.6 Active Directory Certificate Services
GUIDANCE NOTE: The root certificates for our internal windows PKI infrastructure are not
commonly available. However, they are often used by internal windows components. If your
design uses these features please include this section and state where the certificates are
used. These certificates are NOT suitable for use on publically available SSL endpoints (e.g.
HTTPS).
The Active Directory Certificate Services system will provide all certificates that are not
publically visible. These certificates are not signed by a public Certificate Authority.

6.1.7 UK Federation and QM Shibboleth Identity Provider

GUIDANCE NOTE: This section should consist of one of the following paragraphs. Low level
details should state how the SP is to be configured. You must cite both the UK federation
website and the shibboleth SDD.
QMUL is a member [8] of the UK Federation [9] and our accounts are federated to all
members of their trust fabric. This service will join the UK Federation as a Service Provider.
The access controls on the Service Provider will be modified to allow QMUL accounts to log
in.
or
QMUL is a member [8] of the UK Federation [9] and our accounts are federated to all
members of their trust fabric. Unfortunately, it is not possible for this service to join the UK
Federation because...(CHANGE ME). Therefore the QM Shibboleth Identity provider will be
reconfigured to directly federate with this entity.
6.1.8 Client Device Requirements
GUIDANCE NOTE: This section should list any managed client system requirements. This
should include applications or any other components.
YES/NO
If YES please add include details in Section 10.4 Client Configuration.

6.2 Interface Dependencies

GUIDANCE NOTE: Required for High Level Design

IT Services
16
 GUIDANCE NOTE: Please describe the interfaces to other applications. E.g. links to the
finance system, HR or SITS. Please also, where appropriate, add these to any diagrams you
include later on and cross-reference. Two examples:
• This service depends on an extract of the SITS data, name and stucode as
provided by the extract service via an automated CSV file upload over http.
• This service depends on AGRESSO direct database link to support procurement
and authorisation from its own service request records.
Any detailed specification of the interface should be placed in a technical appendix or a
separate document and referenced.
Please add these interface dependencies in subsections as appropriate, e.g. ‘6.2.1 SITS
Interface’

7 Solution Architecture

7.1 Aims & Approach

GUIDANCE NOTE: Required for High Level Design

GUIDANCE NOTE: Please indicate very briefly if the system you are designing is intended
to be highly resilient or if it is acceptable to have various SPOFs. Please choose ONE of the
two paragraphs. If you do not have this information, please consult with your Project Board
or Line Manager.
Supplying the aims of the architecture is now mandatory. There should be a list of features,
resiliency and software used.
It is understood, from the project board that initiated this work, that the production version of
this system is intended to have no Single Point of Failures (SPOF) within its design that
result in extended loss of service. This includes the loss of a single data centre. This
architecture fulfils this requirement.
It is understood, from the project board that initiated this work that this design can include
Single Points of Failure (SPOF) that may lead to extended outages that may have to be
rectified by manual intervention. It is acceptable to place the production version of this
system in a single data centre. This architecture fulfils this requirement.
GUIDANCE NOTE: Please append any pertinent aims or requirements that have influenced
the design. These could be to accommodate a particular feature or to meet the design
standards of the software supplier. If you are working to a third party supplier design, please
reference any webpages or documents from this section.

7.2 Application Architecture

GUIDANCE NOTE: Required for High Level Design

GUIDANCE NOTE: Please describe here, in words, the physical arrangements of the
solution. This should state if components are in DC1 (Mile End), DC2 (Enfield) or elsewhere
(e.g. ULCC or DC3).

IT Services
17
 GUIDANCE NOTE: Please note that if the application architecture is simple (e.g. contains
one or two servers with minimal interconnections) then a logical diagram is not required and
the mandatory diagram in Section 7.5 will suffice. In all other cases a logical diagram is
expected.
Note that adding a logical diagram will provide DTL reviewers with additional information that
will aid the understanding of the design.
GUIDANCE NOTE: When considering where a database should reside within the network
security model please consider the following. Note that in many cases it is expected that the
application and database will run on separate servers. For LAMP web services please refer
to the LAMP SDD template.

 Databases with a Restrict data classification should reside in the Database layer. With
an approved DTL exception they can be to be placed in the Application layer. They
should never be placed in the Web layer.

 Databases with an Open or Protect data classification can reside in either the Database
or Application layer. A reason should be provided in the SDD.

 If the application and database cannot be separated and the data classification is
Restrict then the server should be placed in the Application layer with an approved DTL
exception. In the case of an Open or Protect data classifications the server can be
placed in the Web layer (reason should be provided in the SDD).

 SQL Server & Oracle databases are only supported in the Application and Database
layers (with an appropriate DTL exception for the Application layer).

Web App Database Other

Open/Protect MySQL/PostGreSQL MySQL; PostGreSQL; SQL ALL ALL
(Typically LAMP) Server; Oracle DATABASES DATABASES

Restricted None MySQL; PostGreSQL; SQL ALL ALL

Server; Oracle DATABASES DATABASES

GUIDANCE NOTE: Sample Application architecture description

The application consists of two dedicated Staff Surveillance System servers situated in the
VMware DC1 and DC2 hardware environments. These offer Apache2 web services which
are load balanced by our F5 appliance. Within each VM an instance of the Staff Surveillance
System server software is running and its session data (or “cookie jar”) is block level
replicated between the servers.
This block level replication is an essential feature. The properties required are such that the
session data, once negotiated by one Staff Surveillance System server must be available on
the other server so that the service can avoid an obvious race-condition where some of the
data on an Staff Surveillance System protected web page is forbidden the Staff Surveillance
System server that responded did not possess the session information. This solution
satisfies that, whereas DFS-R does not.

IT Services
18
 Other architectures were also considered. These included mounting a CIFS or NFS volume
in place of the block level replication. However, each one of these designs, in an emergency
situation where we have lost one DC all required manual intervention or the coding of some
bespoke daemon to manage the mount points.
The design also offers IPv6 end points on the F5’s. The F5s can handle IPv6.
This architecture is illustrated in Figure 1: Logical application architecture.

Figure 1: Logical application architecture.

7.2.1 COTS or Bespoke Application

GUIDANCE NOTE: Please describe here, in words, if the application is either COTS
(commercial off-the-shelf) or bespoke.
If the application is bespoke please specify the development languages used and specify the
source code location is Section 10.1.7.

7.3 Operational Specifics

GUIDANCE NOTE: Required for High Level Design

GUIDANCE NOTE: Please explain here how the service operates or give references to web
pages or other documents that explain its operation.

7.4 Physical Network Diagram

GUIDANCE NOTE: Required for High Level Design (only if relevant).

GUIDANCE NOTE: Please use the following paragraph unless you suspect that it is not true.
If so, please state why and what changes are physically required to be made to the QMUL
network.
It may be assumed that the network is not vulnerable to SPOF and will supply necessary
bandwidth.

IT Services
19
 7.5 Logical Network Architecture

GUIDANCE NOTE: Required for High Level Design

GUIDANCE NOTE: This section should state what connectivity and firewall rules are
required to support your system. It should, in essence be an overview of the Network
Configuration Request form contents. It should contain a reference to the Network
Configuration Request form. This should be completed in the following table format

APPLICATION SPECIFIC INBOUND CONNECTION (Connection To)

Port
Description Protocol Port
Description

APPLICATION OUTBOUND (Connections FROM)

Port
Description Protocol Port
Description

GUIDANCE NOTE: Example table

APPLICATION SPECIFIC INBOUND CONNECTION (Connection To)
Port
Description Protocol Port
Description
TDS Central Workstation TCP 27027 Dongle

APPLICATION OUTBOUND (Connections FROM)

TDS Workstations TCP 27027 Dongle
TDS Workstations TCP 1433 MSSQL
TDS Central Workstation TCP 1433 MSSQL
TDS Workstations SMB 445 File Share
TDS Central Workstation SMB 445 File Share

These requirements of the network are illustrated in Figure 2.

GUIDANCE NOTE: The network diagram in the format shown below must be included in the
SDD.
GUIDANCE NOTE: The network diagram should show the connections between the
components of the system and will run in the direction from which network traffic is initiated.
i.e. from the source to the destination. An arrowhead should be shown at the destination
only.
GUIDANCE NOTE: The network diagram or text should indicate clearly in which Security
Domain (e.g. SD05) each component resides. A template is embedded below for use
GUIDANCE NOTE: The network diagram must include remote access connections for ITS
Admin (SSH/RDP). Note connections from VLAN 8/9 should not be included.

IT Services
20
 Application Security Zones

CLIENT SD05 Infrastructure

DMZ
WEB

SD03 Legacy
Infrastructure
APP
DATABASE
OTHER

GUIDANCE NOTE: Please make sure that you embed all Visio diagrams into the document
so they are able to be edited at a later date.
These details have been written into the current CHANGEME NCRF form [10].

IT Services
21
 Figure 2: Logical Network Architecture

8 Security

8.1 Authentication and Authorisation

GUIDANCE NOTE: Required for High Level Design.

GUIDANCE NOTE: Please state here how users are authenticated in your design, how
access control for both users, web content editors (in the case of Web services)and
administrators or any other group is achieved. For example,

IT Services
22
 “To add a new user of the: service the user should have a standard IT Services Active
Directory Account and they must also be members of the GG-APP-Users Active Directory
group.”
“Web content editors access the service via an administrative login page (https://service-url-
admin.school.qmul.ac.uk/) and are authenticated via the QMUL openLDAP service.”.
“Application administrators need to be members of the GG-APP-Admins group.”

8.2 Architectural Security Features

GUIDANCE NOTE: Required for High Level Design.

GUIDANCE NOTE: Please indicate if there are any intrusion detection mechanisms, URL
sanitisers or other proactive security measures in the design. Anything listed here is specific
to this design.
No intrusion detection systems are featured in this design.

8.3 Scope of Access

GUIDANCE NOTE: Required for High Level Design.

GUIDANCE NOTE: Please state in this section where the application is to be presented.
Please choose one of the following or write your own.
This service is intended for:

 Use on the internet by members of the public and QM.

 Use on the internet by QM staff members only.
 Use on the internet by QM staff and students only.
 Use on the QM Campus Network by members of the public and QM.
 Use on the QM Campus Network by QM staff members only.
 Use on the QM Campus Network by QM staff and students only.
 Use on a subsection the QM Campus Network by members of the public and QM.
CHANGEME: please elaborate.
 Use on a subsection of the QM Campus Network by QM staff members only.
CHANGEME: please elaborate.
 Use on a subsection of the QM Campus Network by QM staff and students only.
CHANGEME: please elaborate.

9 Service Component Overview

In addition to the technical dependences above, this service has a number of core
components which are described here:

9.1 Virtual Machines

GUIDANCE NOTE: Required for High Level Design.

GUIDANCE NOTE: Please provide a description of the virtual machines required by your
design. This should be a high level overview. The details can be placed in section 10.

IT Services
23
 The design requires two Windows 2032r2 65 bit servers to answer requests from the G6
load balancers which provide the end point services to users. These run the Foo application
software components [11]. These servers require a shared database to store session data –
this is a record of the current active login sessions.
GUIDANCE NOTE: if there is a requirement for Tier 1 storage it should be detailed and why
the need for tier 1 storage otherwise it is assumed that all storage allocated will be tier 2.
Currently the DC uses IBM v7000 using easy tier

 Tier 1 is 5% SSD disks with 10000RPM spindle

 Tier 2 is mixture of 10000RPM and 8000RPM

Please note that VMs can only be provisioned with storage in Tier1 or Tier2, not a mix of the
two.
Servers will be named XXX-YYY-ZZ, where XXX is a application code, YYY is a role code
and NN is the server number agreed according to the Data Centre naming standards [Refer
to http://wiki.its.qmul.ac.uk/data-centre-services/naming_standards]

9.2 Capacity Analysis

GUIDANCE NOTE: If the machine is not expected to grow in size please retain the following
default sentence. Otherwise, complete section 9.2.1.
The service is not expected to grow in size beyond the initial provisioning over the entire
lifetime of the service.
9.2.1 Capacity Forecast
GUIDANCE NOTE: Please provide estimates on how the size of the virtual machines or any
other relevant component is expected to grow over time. This includes scalability,
throughput, availability requirements, storage, resource utilization, security, backups, event
log growth etc.
If applicable, describe historical capacity growth patterns. Explain how future expected
capacity requirements have been identified and analysed and how they will be monitored
and managed. Below is a basic example of a table to illustrate one approach for monitoring
and managing future capacity.
Area/Item Capacity % Increase Capacity Threshold Response Strategy
Monitored Requirement(s) Needed Threshold (Action to Be Take Upon Reaching
Threshold(s))
Per Time
Period
<Hard Drive <enter <enter <enter <enter response strategies
Storage> capacity projected acceptable to varying threshold limits.
requirements increases capacity Threshold is defined as the
and over intervals threshold( level at which an event or
measures> of time> s)> change occurs>
<Number of
Project
Staff>

IT Services
24
 9.3 Availability Monitoring

GUIDANCE NOTE: Basic service machine monitoring will be accomplished by SCOM and or
Nagios which will be configured to monitor the VM availability and any other pertinent data.
Please describe here what monitoring is to be configured for this service.
Basic machine monitoring will be accomplished by Nagios and SCOM which will be
configured to monitor the VM availability and any other pertinent data.

9.4 Firewall Configuration

GUIDANCE NOTE: Please explain here any necessary network firewalling and why it is
required. The additional requirements described here should be those in addition to the
default firewalling provided by Networks for the classification of the application.
The specifics of the Cisco Core ASA firewall configuration are recorded in the NCRF for this
SDD document.
The Cisco Core 5585-X ASA firewalls will be configured to allow the traffic flows outlined
within section 7.5 of this SDD.

9.5 Service Encryption

GUIDANCE NOTE: Please explain here any use of encryption in your application and why it
is required.
By default service encryption will be terminated on the F5 unless there is a requirement to
have SSL terminated at the server.

9.6 Automated Maintenance

GUIDANCE NOTE: Please state in this section any maintenance activities. These should
cover only automated automatic housekeeping tasks. Manual maintenance activities (e.g.
uploading spreadsheet data) should be covered in the standard changes (section 5.9).
There are no automatic (scheduled or otherwise) maintenance activities required.
9.6.1 Database Maintenance
GUIDANCE NOTE: Please state, in this section, where any database maintenance activities
exists, it should be noted that if a database exists it should follow the standard maintenance
plan and you should detail any exceptions to this
Database will be maintained as per standard database administration procedures:
http://wiki.its.qmul.ac.uk/database-admin/start
9.6.2 File Level Backup
GUIDANCE NOTE: Please state, in this section, any file level backups that are required
using TSM that are not part of the standard service offering from Servers & Storage.
9.6.3 Log File Maintenance
GUIDANCE NOTE: Please state in this section any log file maintenance configured on the
server.
GUIDANCE NOTE: Example text

IT Services
25
 Log Rotate is configured to rotate logs weekly and keep four weeks of log files.

10 Solution Design Technical Details

10.1 Low Level Details

GUIDANCE NOTE: This section should be modified as appropriate so as to give a low level
description of what the system actually consists of. Please change the example text and the
structure of this section to describe the design in detail:
10.1.1 Overview:
Overview Value
Application Name G4S
Application & Role Codes SQL-G4S
[13] G4S-APP
G4S-WEB
Number of Servers 3
Server FQDNs SQL-G4S-01.qm.ds.qmul.ac.uk
G4S-APP-01.qm.ds.qmul.ac.uk
G4S-WEB-01.server.qmul.ac.uk
Data Centre (DC1, DC2, DC2
DC1 & DC2)
10.1.2 Server Configurations:
GUIDANCE NOTE: Please complete one table per server
Specification Value
Server Name SQL-G4S-01.qm.ds.qmul.ac.uk
Virtual Machine TRUE
RAM 16GB
# CPUS/CORES 1 CPU/2 Cores
OS Windows Server 2012
Storage Tier (Tier 1 / Tier Tier 1
2)
SRM (Yes/No) No
Public or Private IP Private
address
Security Zone DB
(WEB/APP/DB)
Administrator Group ITS-DBA
Data Centre DC1 or DC2
Disk configuration
Volume TYPE Size Purpose
C: Operating System 50GB Operating System
D: Data Volume 50GB SQL Database Files
E: SQLDATA Data Volume 50GB Primary SQL Data
Area
F: SQLLOG Data Volume 50GB Primary SQL Log
Area

IT Services
26
 H: BACKUP Data Volume 100GB Default SQL Backup
I:TEMPDATA Data Volume 100GB TEMP Database Data
J:TEMPLOG Data Volume 50GB TEMP Database Log
P: Page File 100GB Page File
TSM File Level (Yes/No) Yes
TSM Details H:/ only

Specification Value
Server Name G4S-APP-01.qm.ds.qmul.ac.uk
Virtual Machine TRUE
RAM 8GB
# CPUS/CORES 1 CPU/2 Cores
OS Windows Server 2012
Storage Tier (Tier 1 / Tier Tier 2
2)
SRM (Yes/No) No
Public or Private IP Private
address
Security Zone APP
(WEB/APP/DB)
Administrator Group ITS-CA
Data Centre DC1 or DC2
Disk configuration
Volume TYPE Size Purpose
C: Operating System 50GB Operating System
D: Data Volume 50GB Application Files
P: Page File 100GB Page File
TSM File Level (Yes/No) No
TSM Details N/A

Specification Value
Server Name G4S-WEB-01.server.qmul.ac.uk
Virtual Machine TRUE
RAM 8GB
# CPUS/CORES 2 CPU/6 Cores
OS Red Hat Linux 6
Storage Tier (Tier 1 / Tier Tier 2
2)
SRM (Yes/No) No
Public or Private IP Private
address
Security Zone WEB
(WEB/APP/DB)
Administrator Group ITS-CA
Data Centre DC1 or DC2

IT Services
27
 Disk configuration
Volume TYPE Size Purpose
/ EXT4 50GB Operating system and
application files.
/boot EXT4 512MB Kernels and
bootloader.
/home EXT4 512MB Scratch data for
system admins.
/tmp EXT4 5GB Temporary files
/var EXT4 30GB Operating system and
application files.
Swap space 5GB Swap space
TSM File Level (Yes/No) No
TSM Details N/A

10.1.3 Active Directory Configuration

10.1.3.1 Active Directory Groups:
Administrative security group membership:

Name Description Managed By

GG-G4S-Application- G4S Application QM\GG-ITS-Corporate-
Administrators Administrators Applications-Admin-Accounts
GG-G4S-Application-Users G4S Users QM\GG-ITS-Corporate-
Applications-Admin-Accounts
10.1.3.2 Active Directory Accounts:
Application Service Accounts:

Name Description
SRV-G4S-SQL-AG-01 Service Account for Database Agent
SRV-G4S-SQL-DB-01 Service Account for Database Server

10.1.4 Linux Groups:

Administrative security accounts or group membership:

Puppet Account or Group Description

ITS-CA sudoers

10.1.5 Folder Requests and Permissions

DFS Details:

DFS Share Path Administrator Group

\\qm.ds.qmul.ac.uk\APP\PROD\G4S QM\GG-ITS-Corporate-Applications-Admin-Accounts

10.1.6 Software Source Arrangements

GUIDANCE NOTE: Give details of software source storage location and ESCROW
arrangements with 3rd party suppliers where applicable.
If Application is bespoke (Section 7.2.1) please specify the Source location of the code.

IT Services
28
 10.2 Monitoring

The following monitoring will be set up as part of the solution.

Basic VM monitoring (this is a package of system related virtual machine monitoring options.
They include:
- Monitoring of the backup processes – if they are alive or not
- Disk usage
- Swap space used
- Ping
- NTP (Network Time) is within
- ssh availability
The F5 LTMs will also need to perform monitoring of the Staff Surveillance System server
service addresses to correctly monitor and transfer load.

10.3 F5 LTM Configuration

GUIDANCE NOTE: Required for High Level Design (if relevant).

<If the F5 LTM functionality is required as noted in Section 6.1.n the detailed configuration
should be completed here. One or more of the following sections will need to be completed
depending on the service requirements. If no F5 LTM configuration is required leave as
N/A.>
N/A
10.3.1 Services Hosted Locally
Please complete this section for services that are hosted solely on servers included in this
SDD
10.3.1.1 Services Hosted Locally – No Conditions
<Where a website (or websites) is hosted solely on servers included in this SDD but
no Conditional Forwarding or URI Rewrites are required, include this section.
Otherwise leave as N/A.>
N/A
10.3.1.1.1 HTTP Services Required
Service(s): http://service1-url.school.qmul.ac.uk
http://service2-url.school.qmul.ac.uk
F5 Configuration: The F5 LTM is required for unencrypted (HTTP) traffic. SSL traffic will
not be terminated by the F5 LTM or passed through it.
<This statement will apply to all services listed above>
X-Forwarded-For: The X-Forwarded-For Header [Select either: should | should not] be
inserted.
<Details of the X-Forwarded-For configuration should be included in the NCRF>
Custom Requirements: <Details of the custom requirements for the service should be specified in
this section (e.g. logging)>

IT Services
29
 10.3.1.1.2 HTTPS Services Required
Service(s): https://service1-url.school.qmul.ac.uk

F5 Configuration: [Insert one of the following F5 Statements]

The F5 LTM is required to (1) redirect client requests on HTTP to HTTPS, (2) terminate HTTPS, off load
SSL and pass HTTP traffic for this service.

The F5 LTM is required to (1) redirect client requests on HTTP to HTTPS (2) terminate HTTPS, off load
SSL, re-encrypt and pass HTTPS traffic for this service.

The F5 LTM is required for encrypted (HTTPS) traffic, terminate HTTPS, off load SSL, re-encrypt and
pass HTTPS traffic for this service.

The F5 LTM is required for encrypted (HTTPS) traffic, terminate HTTPS, off load SSL and pass HTTP
traffic for this service.

The F5 LTM is required to redirect client requests on HTTP to HTTPS. In addition, a DTL exception has
been approved for the F5 LTM to be configured in Pass Through mode, i.e. SSL encrypted traffic is
forwarded to the service without any F5 LTM certificate management (HTTPS terminates on back-end
server).

A DTL exception has been approved for the F5 LTM to be configured in Pass Through mode, i.e. SSL
encrypted traffic is forwarded to the service without any F5 LTM certificate management (HTTPS
terminates on back-end server).

<This statement will apply to all services listed above>

X-Forwarded-For: The X-Forwarded-For Header [Select either: should | should not] be
inserted.
<Details of the X-Forwarded-For configuration should be included in the NCRF>
Custom Requirements: <Details of the custom requirements for the service should be specified in
this section (e.g. logging)>

10.3.1.2 Services Hosted Locally – URI Rewrites

<Where a website is hosted solely on servers included in this SDD and uses URI Rewrites,
include this section. Otherwise leave as N/A>
N/A
10.3.1.2.1 HTTP Services Required
Service(s): http://service-w-url.school.qmul.ac.uk
http://service-x-url.school.qmul.ac.uk
F5 Configuration: The F5 Local Traffic Manager (LTM) is required for unencrypted
(HTTP) traffic. SSL traffic will not be terminated by the F5 LTM or
passed through it.
X-Forwarded-For: The X-Forwarded-For Header [Select either: should | should not] be
inserted.
Custom Requirements: <Details of the custom requirements for the service should be specified in
this section (e.g. logging)>

URI Rewrite Configuration: <Complete the table for all Service URLs requiring URI rewrites>

IT Services
30
 Uri String Uri Rewrite Forward to Server Port
/student/ /student/school/ abc-xyz-01 80
/staff/ /staff/school/ abc-xyz-01 80

10.3.1.2.2 HTTPS Services Required

Service(s): https://service-url.school.qmul.ac.uk

F5 Configuration: [Insert one of the six F5 Statements listed in Section 10.3.1.2.2]

X-Forwarded-For: The X-Forwarded-For Header [Select either: should | should not] be

inserted.
Custom Requirements: <Details of the custom requirements for the service should be specified in
this section (e.g. logging)>

URI Rewrite Configuration: <Complete the table for all Service URLs requiring URI rewrites>

Uri String Uri Rewrite Forward to Server Port

/student/ /student/school/ abc-xyz-01 80
/staff/ /staff/school/ abc-xyz-01 80

10.3.2 Services Hosted across Multiple Servers

<In some cases the servers in this design may host part of a web service. In these cases
please include the details of the services hosted by this design in the sections below. Please
complete the details for both HTTP and HTTPS services>
The following sections provide details of the configuration of the services that are served
from this design (or server) where parts of the service may be detailed in a separate design.
Note: For information about other servers hosting components of this website please refer
to the SDD CHANGEME <please add document reference(s), for example ‘EECS Reverse
Proxy Service’>.
10.3.2.1 [Select either: HTTP | HTTPS | HTTP & HTTPS] Services
Service(s): http(s)://service-url.school.qmul.ac.uk

Conditional Forwarding Configuration: <Complete the table for all Service URLs requiring
Conditional Forwarding>

Uri String Forward to Server Port

/staff/ abc-xyz-01 80
/student/ abc-xyz-01 80

URI Rewrite Configuration <Complete the table for all Service URLs requiring URI rewrites>
Uri String Uri Rewrite Forward to Server Port
/staff/ /staff/school/ abc-xyz-01 80
/student/ /student/school/ abc-xyz-01 80

IT Services
31
 10.4 Client Configuration

GUIDANCE NOTE: Please add information for the Client side configuration for the service.If
no client configuration is required then insert N/A.
10.4.1 Client Application Deployment
GUIDANCE NOTE: Please outline in this section the deployment methodology for client
applications. Some currently supported methodologies are shown below:

 Fat client
 Virtualized app
 Remote App

10.4.2 Client Interface Dependencies

GUIDANCE NOTE: Please list any interfaces with local or remote software. Some examples
are shown below:

 ODBC/JDBC, SQL
 Interaction with any other software (e.g. office, acrobat)
 External special hardware requirements (e.g. USB, Bluetooth, dongle, serial, parallel
ports)

10.4.3 Client Software Dependencies

GUIDANCE NOTE: Please list any client software dependencies. Some examples are
shown below:

 What are the operating system requirements (e.g. Win 8.1, Win 10) or OS architecture
(e.g. x86, x64)
 Please list any additional software dependencies like .NET or Java (include version
numbers), browser plugins or office plugins
 License validation – license keys or license server
 Local windows services or message queueing
 Special privilege requirements for monitoring or debug functions

10.4.4 Client Configuration Dependencies

GUIDANCE NOTE: Please list any dependencies. Some examples are shown below:

 Trusted sites (e.g. IE, Java, Click-once)

 Workstation firewall

10.4.5 Client Software Upgrade Cycle

GUIDANCE NOTE: Please state if a regular upgrade cycle is required (e.g. required by
legislation):-

11 Testing procedures

GUIDANCE NOTE: Please list here (or reference any documents) that contain your testing
procedures for application and client side testing. These can include automated regression
testing or manual checks.

IT Services
32
 12 Recovery Plan

GUIDANCE NOTES: Please describe in this section what you regard as the major failure
mode possibilities and either describe the steps required to restore service or cite a
document that describes these. For example:
“Failure of N-Series CIFS file-store in DC1. If this component fails asynchronous data
replication to DC2 will need to be broken and the DC2 controller declared as the master
controller. Please see Appendix X: DR Controller failure in DC1 for the steps required to do
this.”

13 Benchmarking

GUIDANCE NOTE: Please indicate, in this section, what benchmarking has been performed.
I.e. How have you compared the design to the expected day-to-day performance.
Benchmarking is not a mandatory requirement for DTL approval. However, the DTL
Approval Team may comment on an application’s performance requirements which may lead
to a request for some performance measurements to be completed prior to approval.

13.1 Performance Verification Procedures

GUIDANCE NOTE: Describe the procedures to be used to monitor and verify performance
of the service overall. These may be used to ensure performance is maintained at required
levels.

14 Known Bugs & Workarounds

GUIDANCE NOTE: Please indicate, in this section, if there are any known bugs or
deficiencies in the system that have been noted and agreed as acceptable for go-live by
your project board. Each bug should contain the following information:
ISSUE: System crashes when user uploads file with NULL character.
IMPACT: Application server crashes.
SECURITY ISSUE: Unknown, but system is only available to 5 people.
MITIGATION: Apps team to restart server. User education.
PROJECT BOARD OR HEAD OF SERVICE SIGNOFF: OK

IT Services
33
 15 Future Opportunities

GUIDANCE NOTE: This section is optional. If you foresee any obvious enhancements to this
project that are feasible with additional effort please describe them briefly here. For example:
“Although the application has been configured to use local database tables for authentication
and access control a better approach would be to use the UK Federation.”
At this time no future opportunities have been agreed.

16 Appendices

16.1 UAT Environment differences

GUIDANCE NOTE: Please describe here any differences between the UAT environment and
the production environment proposed above. This should include changes to hostnames,
networking number of servers and any appropriate items. Please use cross-references to
numbered sections above. Please add a diagram where the numbered section above
requires one. See examples below.
Section Error! Reference source not found.: The UAT logical network architecture is as
depicted in Figure 3.

Figure 3: UAT Logical Network Architecture

Section Error! Reference source not found.: There are only 2 webservers in the UAT
environment, two is the minimum number required to test out F5 load balancing. These are
named UAT-APR-PHP-01 and UAT-APR-PHP-02.
Section Error! Reference source not found.: The UAT environment contains a 1GB /u01
volume as it is only handling dummy records.

16.2 UAT Procedures

GUIDANCE NOTE: Please describe here (or reference another document which contains).
Any agreed User Acceptance Testing tests that have been adopted.

IT Services
34
 16.3 DEV environment differences

GUIDANCE NOTE: If you have created a Development Request Document please reference
that here with the following text. Otherwise, please describe the DIFFERENCES between
the DEV environment and the Production environment.
The DEV environment is described by the Development Request Document for this service
[14]

16.4 Notes on CHANGEME

GUIDANCE NOTE: This section can be considered to be an appendix detailing Extremely

Low Level details. Please add or reference any useful notes that may be of assistance to
future designers or BAU Operations staff. The DTL will not read this section nor comment on
it. Please add more sections as required. Please use a fixed font for code/configuration
examples. Please remove the following example:
Gluster installation notes on a CentOS 6.5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by m.d.t.evans@qmul.ac.uk on Mon May 19 15:59:59 BST 2014

Based on notes from October 2011.

Install on block devices (/dev/vda2).

Reference:

http://www.gluster.org/community/documentation/index.php/Getting_started_rrqsg

0. Prerequisites.

Centos 6.5 minimal install.

Networking configured.

Install gluster repo

# cd /etc/yum.repos.d/
# wget http://download.gluster.org/pub/gluster/glusterfs/LATEST/RHEL/glusterfs-epel.repo

Install gluster server and client

# yum install glusterfs-server

1. Start GlusterFS

# chkconfig --level 235 glusterd on

# service glusterd start

2. Check logs:

Have a look for errors in /var/log/glusterfs/

3 Set up xfs data bricks (xfs seems to be what people generally use).

Note that /dev/vda2 should be replaced with the actual device.

# mkdir -p /mnt/gluster/StaffSurveillanceSystem
# mkfs.xfs -f -i size=512 /dev/vda2
<snip>
/dev/vda2 on /mnt/gluster/StaffSurveillanceSystem type xfs (rw)

4. Repeat the above on the other server

…
…

IT Services
35
 Please edit references for guidelines on how to do this see [15]
Before you can add a citation, a works cited list, or a bibliography, you must add a source to
your document. A works cited list is a list of sources, usually placed at the end of a
document, that you referred to (or "cited") in the document. A works cited list is different from
a bibliography, which is a list of sources that you consulted when you created the document.
After you add sources, you can automatically generate a works cited list or a bibliography
based on that source information. Each time that you create a new source, the source
information is saved on your computer. You can use the Source Manager to find and reuse
any source that you have created, even sources in other documents.
Citations are parenthetical references that are placed inline with the text. Citations are
different from footnotes and endnotes, which are placed at the bottom of the page or end of
the document. The source information stored in the Citations tool or Source Manager can be
used to create citations, a works cited list, or a bibliography. However, you cannot use the
information in the Citations tool or the Source Manager to create footnotes or endnotes.

17 Bibliography

[1] Queen Mary University of London, “Standard Operating Procedure for Information
Classification,” [Online]. Available:
http://www.its.qmul.ac.uk/Documents/Governance/SOPs/142319.pdf.

[2] Queen Mary University of London, IT Services, “Incident Management,” [Online]. Available:
http://dept-web.its.qmul.ac.uk/communication/Processes/Incident_Management/index.html.

[3] Queen Mary University of London, IT Services, “Incident Management Policy,” [Online].
Available: http://dept-
web.its.qmul.ac.uk/communication/Processes/Incident_Management/84455.doc. [Accessed
11 June 2015].

[4] Queen Mary University of London, IT Services, “Request Fulfilment,” [Online]. Available:
http://dept-web.its.qmul.ac.uk/communication/Processes/Request_Fulfilment/index.html.

[5] Queen Mary Univerity of London, IT Services, “Request Fulfilment Guidelines,” [Online].
Available: http://dept-
web.its.qmul.ac.uk/communication/Processes/Request_Fulfilment/63623.doc. [Accessed 11
June 2015].

[6] QM IT Services, “IT Services Standard Changes,” [Online]. Available:

http://wiki.its.qmul.ac.uk/service-management/change_management/standard_changes..

[7] Queen Mary University London, “ITS Service Offerings,” 08 September 2015. [Online].
Available: J:\IT-Projects-Team\TDA Documents\Approved\ITS Service Offerings\3 - QMUL ITS
Offering v2.0.doc. [Accessed 08 September 2015].

[8] DTL Document, “Resilient Shibboleth Federated SSO and Attribute Exchange,” DTL Document
254 or any subsequent approved release.

[9] “UK Federation Web Site,” [Online]. Available: http://www.ukfederation.org.uk/.

IT Services
36
 [10] M. Evans, DEV-IDC - Network Connection Request Form, 2014.

[11] FooBar corporation., “FooBar website,” 2023. [Online]. Available: http://qweq.com.

[12] F5, “F5 Configuration guide,” 2014. [Online]. Available: http://support.f5.com/kb/en-

us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0.html.

[13] QM IT Services, “QMUL ITS Data Centre Services Naming Standards,” 2013-current. [Online].
Available: http://wiki.its.qmul.ac.uk/data-centre-services/naming_standards.

[14] A. Person, “CHANGEME Development Request Document,” [Online]. Available: J:\IT-Projects-

Team\DTL Documents for Approval\Approved documents\999 - CHANGEME DRD.docx.

[15] Microsoft, “Add or change sources citations and bibliographies,” [Online]. Available:
https://support.office.com/en-in/article/Add-or-change-sources-citations-and-bibliographies-
159264ec-0a8a-4e9e-acf7-21faa9c371c2.

[16] F5, “F5 Apache Deployment Guide,” [Online]. Available: http://www.f5.com/pdf/deployment-

guides/f5-apache-dg.pdf.

[17] D. Goddard, “Diagram of idcheck basic operation.,” 2005. [Online]. Available:

http://idcheck.sourceforge.net/idcheck2.pdf.

[18] MDT Evans, “Summary of the idcheck cookie SSO,” 2005. [Online]. Available:
http://idcheck.sourceforge.net/idcheck2-summary.html.

[19] J. O'Regan, Interviewee, Conversation about critical apps list indicating that the lead team have
such a list.. [Interview]. May 2014.

[20] Queen Mary University of London, “Request Fulfilment Policy,” [Online]. Available: http://dept-
web.its.qmul.ac.uk/communication/Processes/Request_Fulfilment/84457.doc. [Accessed 11
June 2015].

IT Services
37