Infrastructure Overview

Complete infrastructure documentation for the SBM CRM Platform deployment on Huawei Cloud.

Infrastructure Components

Compute Resources

• ECS Instances - Application servers
• Container Registry (SWR) - Docker image storage
• CCE (Cloud Container Engine) - Kubernetes orchestration (optional)

Database Resources

• RDS for PostgreSQL - Primary database
• DCS (Distributed Cache Service) - Redis cache
• OBS (Object Storage Service) - File storage

Networking

• VPC (Virtual Private Cloud) - Network isolation
• ELB (Elastic Load Balancer) - Load balancing
• NAT Gateway - Outbound internet access
• Security Groups - Firewall rules

Monitoring & Logging

• Cloud Eye - Monitoring and alerting
• LTS (Log Tank Service) - Centralized logging
• APM (Application Performance Monitoring) - Application monitoring

Security

• WAF (Web Application Firewall) - Web security
• DDoS Protection - DDoS mitigation
• IAM (Identity and Access Management) - Access control
• KMS (Key Management Service) - Secret management

Architecture Diagram

┌─────────────────────────────────────────────────────────┐
│                    Internet                              │
└────────────────────┬────────────────────────────────────┘
                     │
                     ▼
┌─────────────────────────────────────────────────────────┐
│              ELB (Elastic Load Balancer)                 │
│              - SSL Termination                          │
│              - Health Checks                            │
└────────────────────┬────────────────────────────────────┘
                     │
        ┌────────────┴────────────┐
        │                         │
        ▼                         ▼
┌──────────────┐         ┌──────────────┐
│  ECS Zone A  │         │  ECS Zone B  │
│  ┌────────┐  │         │  ┌────────┐  │
│  │ API    │  │         │  │ API    │  │
│  │ Server │  │         │  │ Server │  │
│  └───┬────┘  │         │  └───┬────┘  │
└──────┼────────┘         └──────┼───────┘
       │                         │
       └────────────┬────────────┘
                    │
        ┌───────────┴───────────┐
        │                       │
        ▼                       ▼
┌──────────────┐      ┌──────────────┐
│ RDS Primary  │      │  DCS Redis   │
│ PostgreSQL   │      │  Cache      │
└──────────────┘      └──────────────┘
        │
        ▼
┌──────────────┐
│ RDS Read     │
│ Replica      │
└──────────────┘

Resource Specifications

Production Environment

ECS Instances

• Type: General-purpose (s6.xlarge.2)
• vCPU: 4 cores
• RAM: 8GB
• Storage: 100GB SSD
• Quantity: 2 instances (multi-AZ)
• OS: Ubuntu 20.04 LTS

Database (RDS)

• Type: PostgreSQL 13
• Instance Class: rds.pg.c2.xlarge
• Storage: 500GB SSD
• Backup: Automated daily backups
• High Availability: Enabled (primary + standby)

Cache (DCS)

• Type: Redis 6.0
• Memory: 8GB
• High Availability: Enabled

Load Balancer (ELB)

• Type: Application Load Balancer
• Bandwidth: 100Mbps
• Health Checks: Enabled

Staging Environment

• ECS: 2x s6.large.2 (2 vCPU, 4GB RAM)
• RDS: rds.pg.c2.large (2 vCPU, 4GB RAM, 200GB)
• DCS: 4GB Redis
• ELB: 50Mbps

Network Architecture

VPC Configuration

• CIDR: 10.0.0.0/16
• Subnets:
  • Public Subnet: 10.0.1.0/24 (Zone A)
  • Public Subnet: 10.0.2.0/24 (Zone B)
  • Private Subnet: 10.0.10.0/24 (Zone A)
  • Private Subnet: 10.0.11.0/24 (Zone B)

Security Groups

Application Security Group

• Inbound:
  • Port 80 (HTTP) from ELB
  • Port 443 (HTTPS) from ELB
  • Port 22 (SSH) from management IPs
• Outbound: All traffic

Database Security Group

• Inbound:
  • Port 5432 (PostgreSQL) from Application SG
• Outbound: None

Cache Security Group

• Inbound:
  • Port 6379 (Redis) from Application SG
• Outbound: None

High Availability

Multi-AZ Deployment

• Application servers in multiple availability zones
• Database with primary and standby in different zones
• Load balancer across multiple zones

Auto-Scaling

• Min Instances: 2
• Max Instances: 10
• Scaling Policy: CPU > 70% for 5 minutes
• Cooldown: 10 minutes

Disaster Recovery

Backup Strategy

• Database: Daily automated backups, 30-day retention
• Files: Daily backups to OBS
• Configuration: Version controlled in Git

Recovery Objectives

• RTO (Recovery Time Objective): 4 hours
• RPO (Recovery Point Objective): 1 hour

Cost Optimization

Reserved Instances

• Purchase 1-year reserved instances for predictable workloads
• Estimated savings: 30-40%

Auto-Scaling

• Scale down during off-peak hours
• Use spot instances for non-critical workloads

Resource Monitoring

• Monitor unused resources
• Right-size instances based on actual usage
• Use cost allocation tags

Security Architecture

Network Security

• VPC isolation
• Security groups with least privilege
• WAF for web application protection
• DDoS protection enabled

Data Security

• Encryption at rest (database, storage)
• Encryption in transit (TLS 1.3)
• KMS for key management
• Regular security audits

Access Control

• IAM roles and policies
• MFA for console access
• SSH key-based authentication
• Audit logging enabled

Monitoring & Observability

Infrastructure Monitoring

• Cloud Eye for resource monitoring
• Custom metrics and alarms
• Dashboard for infrastructure health

Application Monitoring

• APM for application performance
• Log aggregation with LTS
• Distributed tracing

Alerting

• Email notifications
• SMS alerts for critical issues
• Integration with PagerDuty/Slack

Documentation Structure

• Cloud Architecture - Detailed Huawei Cloud setup
• Networking - Network configuration and security
• Terraform - Infrastructure as Code with Terraform
• Ansible - Configuration management with Ansible
• High Availability - High availability configuration

Next Steps

1. Review Cloud Architecture for detailed setup
2. Configure Networking for secure connectivity
3. Use Terraform for infrastructure provisioning
4. Set up High Availability for production