[freeside-devel] Some Ideas

P.E.Ahlquist J pea at ahlquist.org
Wed Nov 23 23:40:15 PST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 16 November 2005 02:01, ivan wrote:
> Hmm... The self-service stuff is *designed* to run on another
> machine or machines (your public web server or servers).
>
> The backend web interface as well as the daemons controlling the
> self-service machines all depend on the library layer, and while
> "farmable" (with a few caveats) are usually run on a single machine
> along with the database.
>
> I could discuss a lot about this if you wanted to work on how things are
> organized.  In the most ideal setup, you'd have a "super back end"
> machine that doesn't even run the backend web interface and is the sole
> box with the private key used for CC decryption.

The layout I'm setting up is roughly as shown in the attached 
old-skool ascii-diagram.

Where, approximately, should the back office code divide to break 
the "Bursar", the CC-Auth portions, off into a separate server?
FS::cust_pay* would move or is there a simpler isolation approach?


- -- 
pea
319E 1969 C476 E38D 6133  D3B4 6314 A6A9 67B6 ABB9
- ---------------------------------
It's a home of contention. 
  -Farberism #490
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQFDhW5fYxSmqWe2q7kRAtNCAKCoKnRi0UqW8iTWZbbB7TeKiYYUrgCgrG7E
is2N3YEXWZRUFxXsCPfpUVM=
=3SV+
-----END PGP SIGNATURE-----
-------------- next part --------------
Ultimate FreeSide


                           +------------+
     "Outside World"  <--> | Web & Mail |
        /|\                +------------+     ----------
         |                      :           +-CoLo-Space-+
        \|/                     :             ----------
   +-------------+     +--------------+
   |             |     |    Admin     |                  +--------------+
   | SelfServe   |     |   --------   | <--------------> | PortMaster's |
   |             |     |  RADIUS,etc  |                  |  & Modems    |
   +-------------+     +--------------+                  +--------------+
             /|\         /|\
              '----S---.  S
                        \ |
     . . . . . . . . . . \| . . . . . . . . "The Web"
                          |
                          |            .                               eb/iptables
                          |           /|\                                  -------
      ------              |            |                                     FW-0
    +-Office-+            |            /    <=====================================
      ------              |           /
   +-------------+        |          /
   |        https|<-443-------------'
   |   RT        |        |                               "DMZ" level
   | w/xml.pat   |<-S------------------------.
   +-------------+<-S-.   |                  |
                      |   |                  |
                      |   |                  |                               FW-1
                      |   |                  | <==================================
                      |   |                  |
                      |   |                  |
                      |   |                  |
   +-------------+<-S-'   |                  |             "Inside I"
   |             |<--/S/--'                  |
   |  FreeSide   |<---------/S/--------------|--.
   |             |<--/S/-.                   |  |
   +-------------+       |                   S  |
         /|\             |                   |  |
          |              |                   |  |                            FW-2
          |              |                   |  | <===============================
          |              |                   |  |
          |              |                   |  |
          |              |                   |  |             "Way Inside"
          |              V                   V  V
          |          +-------------+      +-------------+
          |          |   AuthNet   |      |             |
          |          |    Stuff    |      |    pgsql    |
          |          |  ????.????  |      |             |
          |          +-------------+      +-------------+
          |
          |
          |                                                                       .
      OfficeLAN                                                              .


More information about the freeside-devel mailing list