[freeside-devel] Some Ideas
P.E.Ahlquist J
pea at ahlquist.org
Wed Nov 23 23:40:15 PST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 16 November 2005 02:01, ivan wrote:
> Hmm... The self-service stuff is *designed* to run on another
> machine or machines (your public web server or servers).
>
> The backend web interface as well as the daemons controlling the
> self-service machines all depend on the library layer, and while
> "farmable" (with a few caveats) are usually run on a single machine
> along with the database.
>
> I could discuss a lot about this if you wanted to work on how things are
> organized. In the most ideal setup, you'd have a "super back end"
> machine that doesn't even run the backend web interface and is the sole
> box with the private key used for CC decryption.
The layout I'm setting up is roughly as shown in the attached
old-skool ascii-diagram.
Where, approximately, should the back office code divide to break
the "Bursar", the CC-Auth portions, off into a separate server?
FS::cust_pay* would move or is there a simpler isolation approach?
- --
pea
319E 1969 C476 E38D 6133 D3B4 6314 A6A9 67B6 ABB9
- ---------------------------------
It's a home of contention.
-Farberism #490
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQFDhW5fYxSmqWe2q7kRAtNCAKCoKnRi0UqW8iTWZbbB7TeKiYYUrgCgrG7E
is2N3YEXWZRUFxXsCPfpUVM=
=3SV+
-----END PGP SIGNATURE-----
-------------- next part --------------
Ultimate FreeSide
+------------+
"Outside World" <--> | Web & Mail |
/|\ +------------+ ----------
| : +-CoLo-Space-+
\|/ : ----------
+-------------+ +--------------+
| | | Admin | +--------------+
| SelfServe | | -------- | <--------------> | PortMaster's |
| | | RADIUS,etc | | & Modems |
+-------------+ +--------------+ +--------------+
/|\ /|\
'----S---. S
\ |
. . . . . . . . . . \| . . . . . . . . "The Web"
|
| . eb/iptables
| /|\ -------
------ | | FW-0
+-Office-+ | / <=====================================
------ | /
+-------------+ | /
| https|<-443-------------'
| RT | | "DMZ" level
| w/xml.pat |<-S------------------------.
+-------------+<-S-. | |
| | |
| | | FW-1
| | | <==================================
| | |
| | |
| | |
+-------------+<-S-' | | "Inside I"
| |<--/S/--' |
| FreeSide |<---------/S/--------------|--.
| |<--/S/-. | |
+-------------+ | S |
/|\ | | |
| | | | FW-2
| | | | <===============================
| | | |
| | | |
| | | | "Way Inside"
| V V V
| +-------------+ +-------------+
| | AuthNet | | |
| | Stuff | | pgsql |
| | ????.???? | | |
| +-------------+ +-------------+
|
|
| .
OfficeLAN .
More information about the freeside-devel
mailing list