VNClagoon On Premise Deployment Requirements
State 2021-09
Currently we VNClagoon is deployed in a mixed environment, where the containerized applications are deployend in a Kubernetes cluster and those components which are not stateless or not containerized yet, deployed in classic VMs.
Hardware requirements for on premise deployments¶
VNClagoon for 250 users¶
| Amount of nodes (VMs) | Node usage | Hardware Requirements |
|---|---|---|
| 3 | k8s deployment cluster | CPU: (Intel/AMD 64-bit CPU 2 GHz): 8 cores RAM: 32 GB Storage: 60 GB free space OS: Ubuntu-Server 20.04 |
| 1 | database-backend | CPU: (Intel/AMD 64-bit CPU 2 GHz): 4 cores RAM: 8 GB Storage: 40 GB free space (preferable SSD-storage) OS: Ubuntu-Server 20.04 |
| 1 | Jitsi frontend | CPU: (Intel/AMD 64-bit CPU 2 GHz): 1 cores RAM: 4 GB Storage: 40 GB free space OS: Ubuntu-Server 20.04 |
| 1 | Jitsi signal | CPU: (Intel/AMD 64-bit CPU 2 GHz): 4 cores RAM: 8 GB Storage: 20 GB free space OS: Ubuntu-Server 20.04 |
| 1 | stun server | CPU: (Intel/AMD 64-bit CPU 2 GHz): 2 cores RAM: 4 GB Storage: 20 GB free space OS: Ubuntu-Server 20.04 |
| 2 | Jitsi videobridges | CPU: (Intel/AMD 64-bit CPU 2 GHz): 4 cores RAM: 16 GB Storage: 20 GB free space OS: Ubuntu-Server 20.04 |
| 1 | storage-backend | CPU: (Intel/AMD 64-bit CPU 2 GHz): 2 cores RAM: 4 GB Storage: 100 GB free space OS: Ubuntu-Server 20.04 |
| 1 | Zimbra-backend node | CPU: (Intel/AMD 64-bit CPU 2 GHz): 4 cores RAM: 16 GB Storage: 50 GB free space OS: Ubuntu-Server 20.04 |
Once up, to all the nodes, VNC requires ssh-access for the installation and setup process, directly or via jumphost, for which VNC can provide an IP if required.
In case a local jitsi environment is not feasible, intead of the three Jitsi-Nodes, our VNCtalk shard environment can be integrated for video-conferencing by configuring jitsiURL: "https://meet.vnclagoon-live.com/" via helm chart.
VNClagoon for 12000 - 15000 users¶
for providing the VNCproducts
- VNCtalk
- VNCchannels
- VNCproject
| Amount of nodes (VMs) | Node usage | Hardware Requirements |
|---|---|---|
| 4 | k8s deployment cluster | CPU: (Intel/AMD 64-bit CPU 2 GHz): 8 cores RAM: 32 GB Storage: - 60 GB (HDD) free space - 125 GB SSD storage OS: Ubuntu-Server 20.04 |
| 3 | database-backend | CPU: (Intel/AMD 64-bit CPU 2 GHz): 8 cores RAM: 32 GB Storage: - 20 GB (HDD) free space - 100 GB SSD storage OS: Ubuntu-Server 20.04 |
| 3 | pgbouncer | CPU: (Intel/AMD 64-bit CPU 2 GHz): 2 cores RAM: 2 GB Storage: 40 GB free space OS: Ubuntu-Server 20.04 |
| 3 | Jitsi signal | CPU: (Intel/AMD 64-bit CPU 2 GHz): 2 cores RAM: 8 GB Storage: 40 GB free space OS: Ubuntu-Server 20.04 |
| 3 | stun server | CPU: (Intel/AMD 64-bit CPU 2 GHz): 1 cores RAM: 4 GB Storage: 20 GB free space OS: Ubuntu-Server 20.04 |
| 3 | Jitsi videobridge frontend | CPU: (Intel/AMD 64-bit CPU 2 GHz): 1 cores RAM: 40 GB Storage: 20 GB free space OS: Ubuntu-Server 20.04 |
| 6 | Jitsi videobridge load balancer | CPU: (Intel/AMD 64-bit CPU 2 GHz): 4 cores RAM: 16 GB Storage: 40 GB free space OS: Ubuntu-Server 20.04 |
| 9 | Jitsi videobridge | CPU: (Intel/AMD 64-bit CPU 2 GHz): 4 cores RAM: 16 GB Storage: 20 GB free space OS: Ubuntu-Server 20.04 |
| 2 | nginx load balancer | CPU: (Intel/AMD 64-bit CPU 2 GHz): 2 cores RAM: 8 GB Storage: 20 GB free space OS: Ubuntu-Server 20.04 |
| 2 | NFS share | CPU: (Intel/AMD 64-bit CPU 2 GHz): 4 cores RAM: 8 GB Storage: 300 GB free space OS: Ubuntu-Server 20.04 |
| Hardware Requirements | CPU cores | RAM (GB) | HDD (GB) | SSD (GB) |
|---|---|---|---|---|
| Total | 154 | 674 | 1800 | 300 |
DNS-settings and IP requirements¶
Assuming, the domain for your VNClagoon installation will be yourdomain.tld, then
- a TLS-certificate, which covers the hostnames listed in column Public Hostname, if possible, a wildcard TLS-Certicifate for *.yourdoman.tld is prefereable, and
- the assignment local to public IPs
according to this table are required:
| Service | Public Hostname | Local IP | Public IP |
|---|---|---|---|
| VNCcalendar | vnccalendar.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCchannels | wss-vncdirectory.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCcontacts | vnccontacts.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCdirectory (user management) |
vncdirectory.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCdirectory | wss-vncdirectory.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCidp | vncidp.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCmail | vncmail.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCpad | etherpad.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCproject | vncproject.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCproject | wss-vncproject.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCsafe (owncloud) | vncsafe.yourdomain.tld (owncloud.yourdomain.tld) |
Local IP1 | Public-IP1 |
| VNCtalk | vnctalk.yourdomain.tld | Local-IP1 | Public-IP1 |
| VNCtask | vnctask.yourdomain.tld | Local-IP1 | Public-IP1 |
| XMPP (prosody) |
xmpp.yourdomain.tld | Local IP1 | Public-IP1 |
| XMPP (prosody) |
xmpprest.yourdomain.tld | Local IP1 | Public-IP1 |
| Avatar | avatar.yourdomain.tld | Local IP1 | Public-IP1 |
| Fileshare | files.yourdomain.tld | Local-IP1 | Public-IP1 |
| Jitsi | meet.yourdomain.tld | Local IP2 | Public-IP2 |
| Stun | stun.yourdomain.tld | Local IP3 | Public-IP3 |
| Videobridge | - | Local IP4 | Public-IP4 |
| Zimbra-backend | zcs.yourdomain.tld | Local IP5 | Public-IP6 |
For the VNCmail component, an MX-record is required for yourdomain.tld:
yourdomain.tld IN MX 5 zcs.yourdomain.tld
In addition, for video conferencing, these two SRV-records are required as well:
_xmpp-server._tcp.yourdomain.tld in SRV 0 10 5269 xmpp.yourdomain.tld
_xmpp-server._tcp.conference.yourdomain.tld in SRV 0 10 5269 xmpp.yourdomain.tld
Mailrelay¶
in case the zimbra backend is not available, eg. when the VNCmail component is not part of the setup or the Zimbra-backend is not allowed to send mails for the domain yourdomain.tld, eg. when installed in GCP or for some other reasons, in order to send mails, eMail-Notifications and invitations to meetings to external users, a suitable mailrelay is required, that is properly configured for the domain yourdomain.tld, which we then can setup for the VNClagoon applications.
Firewall settings¶
| Host | Protocol | Ports |
|---|---|---|
| k0s (Ingress) | TCP | 80 |
| TCP | 81 | |
| TCP | 443 | |
| XMPP | TCP | 80 |
| TCP | 443 | |
| TCP | 5222 | |
| TCP | 5269 | |
| Jitsi Frontend | TCP | 80 |
| TCP | 443 | |
| Jitsi Signal | TCP | 80 |
| TCP | 443 | |
| TCP | 5222 | |
| TCP | 5269 | |
| TCP | 5280 | |
| TCP | 5281 | |
| Jitsi Stun | TCP | 443 |
| TCP | 3478 | |
| UDP | 3478 | |
| UDP | 5349 | |
| Jitsi Videobridge | TCP | 9090 |
| UDP | 4096 | |
| UDP | 10000 | |
| Zimbra-backend | TCP | 22 |
| TCP | 25 | |
| TCP | 465 |