Architecture Component Definitions

End Users are the users connecting to your PRS website. End users include people performing administrative tasks (admins), as well as clients that are leveraging the solution.

Load Balancers are often used in the solution to help distribute web traffic to more than one web server. Or they may be involved in distributing traffic to a RabbitMQ Helper cluster. Local and Global load balancers, if available, may be used in the solution to minimize potential application downtime during upgrades, patching, and single site failures.

Web Server is a primary component of the solution. Our web servers use IIS 7 and newer, and will only work on Windows Server 2008–Windows Server 2019. Each web server acts as its own stand-alone web server. Currently clustered Web nodes are not available options for PRS.

Database Server is a primary component of the solution. SQL Server hosts the PRS database. We are compatible with SQL Server 2005 or newer running on Windows Server 2008–Windows Server 2019. The PRS database can be put on a stand-alone server, a FCI, or preferably using an AlwaysOn AG for clustered environments. The database can be added to an existing production SQL cluster or instance, but it is important to retain proper sizing of the environment. Windows authentication only is advised.

Single Site, Single Server

This is an example of a standard Password Reset Server installation. Password Reset Server Standard and Microsoft SQL Server Standard are installed on a single Windows Server (Production). A Disaster Recovery Plan for this configuration would consist of the Manual Web Application Backup and Manual Application Database Backup procedures. User-managed strategies can also be employed, such as a Manual File Backup and Manual Database Backup. If the Windows Server is virtualized, strategies such as making scheduled Snapshots or having a Hot/Cold Site would provide additional layers of redundancy. The recovery time for reverting to Password Reset Server-generated backup files is roughly 30-60 minutes plus any time needed to prepare the server for Password Reset Server installation in the user’s environment.

Diagram

The reference number for this diagram is #11-A-1.

Figure: Standard Installation on a Single Windows Server with Minimal Footprint

Diagram #11-A-1

Definitions

Minimum footprint design

Requirements

  • Web Node - Minimum 2 core 2 Ghz or higher per core, 4 GB RAM
  • Web Node - Recommended 4 core 2 Ghz or higher per core, 8 GB RAM
  • IIS 7, 8
  • Database - 1000 users=300 MB DB
  • SQL Standard Edition (SQL Server 2005 - 2016)
  • All port requirements are listed on diagram

Single Site, Multi-Server

This is an example of a common Password Reset Server installation. Password Reset Server and Microsoft SQL Server Standard are installed on a number of Windows Servers, with the number depending on the requirements of the organization. The diagram shows Microsoft SQL Mirroring enabled with a Witness Server, but a Witness Server is not required for this scenario. A Disaster Recovery Plan for the above configuration would consist of failover for Microsoft SQL Server issues. If the failover members were to themselves fail, then Automated Web Application Backups and Automated Application Database Backups can be used to restore functionality to the Inactive server. If these Servers are virtualized, strategies such as making scheduled Snapshots or having a Hot/Cold Site would provide additional layers of redundancy. The recovery time for reverting to Password Reset Server-generated backup files is roughly 30-60 minutes plus any time needed to prepare the server for Password Reset Server installation in the user’s environment.

Diagram

The reference number for this diagram is #11-A-2.

Figure: Hot Standby Mode

Diagram #11-A-2

Definitions

  • Hot standby node (requires manual intervention to bring online)
  • SQL Mirroring in primary location configured

Requirements

  • Web Node - Minimum 2 core 2 Ghz or higher per core, 4 GB RAM
  • Web Node - Recommended 4 core 2 Ghz or higher per core 8 GB RAM
  • IIS 7, 8
  • Database - 1000 users=300MB DB
  • SQL Standard Edition (SQL Server 2005 - 2016)
  • All port requirements are listed on diagram

Multi-Site Design A - AlwaysOn AG

This is an example of a Password Reset Server installation that leverages a hot standby node in another data center. In the event of a disaster, manual intervention is required to bring the web node server in that location online. Load Balancers are used to help minimize DNS-related changes during fail over events. This design variation leverages Basic Availability Groups as part of SQL Standard licensing, for a low cost, new design option to provide HA/DR for the PRS back-end database. Synchronous replication configured between data centers is advisable only when data centers are in close physical proximity to one another or latency is less than 30ms.

Diagram

The reference number for this diagram is #11-B-1.

Figure: Hot Standby Node in Another Data Center

Diagram #11-B-1

Definitions

  • Hot standby node in another data center (requires manual intervention to bring online)

  • Traffic to DR site in GLB configuration can be included but should be explicitly disabled in the pool until Web

    Server in DR is brought online

  • Basic Availability Groups used as part of the solution

Requirements

  • Web Node - Minimum 2 core 2 Ghz or higher per core, 4 GB RAM
  • Web Node - Recommended 4 core 2 Ghz or higher per core 8 GB RAM
  • IIS7, 8
  • Database - 1000 users = 300 MB DB
  • SQL Standard Edition (SQL Server 2016)
  • All port requirements are listed on diagram
  • Synchronous or asynchronous replication is dependent on latency. Recommend asynchronous replication between data centers with more than 30ms latency

Virtual IP or Computer Object Requirements

  • prs.company.com:443 (1 virtual IPs - Global Load Balancer)
  • prs-a.company.com:443. prs-b.company.com:443 (2 virtual IPs - Local Load Balancer

  • prs-aoag.company.com:1433 (created as part of SQL AlwaysOn Configuration)

    • prs-aoag.company.com computer object/Virtual IP
    • 2 virtual Ip addresses may be required as part of this configuration

  • Windows Failover Cluster Object (created as part of Windows Failover Clustering Configuration)

    • computer object/Virtual IP
    • 2 additional virtual IP addresses may be required as part of Windows Failover Cluster for single site design for the network configuration of the Failover Cluster representing both networks at each respective site

Multi-Site Design B - AlwaysOn AG

This is an example of a Password Reset Server installation that leverages multiple hot standby nodes. One is set up locally and another is set up in another data center. In the event of a disaster, manual intervention is required to bring the web node server in that location online. Load Balancers are used to help minimize DNS-related changes during fail over events. This design variation leverages Enterprise Availability Groups as part of SQL Enterprise licensing, for a low cost, new design option to provide HA/DR for the PRS back-end database. A local node is available for patching scenarios to fail the database over to another node within the same data center. Synchronous replication configured between data centers is advisable only when data centers are in close physical proximity to one another or latency is less than 30ms.

Diagram

The reference number for this diagram is #11-B-2.

Figure: Hot Standby Node Locally and in Another Data Center

Diagram #11-B-2

Definitions

  • Hot standby node locally and in another data center (requires manual intervention to bring online)
  • Traffic to DR site in GLB configuration can be included but should be explicitly disabled in the pool until Web Server in DR is brought online
  • AlwaysOn Enterprise Availability Groups used as part of the solution

Requirements

  • Web Node - Minimum2 core 2Ghz or higher per core, 4GB RAM
  • Web Node - Recommended 4 core 2Ghz or higher per core 8GB RAM
  • IIS 7, 8
  • Database - 1000 users = 300MB DB
  • SQL Enterprise Edition (SQL Server 2012 - 2016)
  • All port requirements listed on diagram
  • Synchronous or asynchronous replication is dependent on latency. Recommend asynchronous replication between data centers with more than 30 ms latency.

Virtual IP or Computer Object Requirements

  • prs.company.com:443 (1 virtual IPs- Global Load Balancer)
  • prs-a.company.com:443. prs-b.company.com:443 (2 virtual IPs- Local Load Balancer

  • prs-aoag.company.com:1433 (created as part of SQL AlwaysOn Configuration)

    • prs-aoag.company.comcomputer object/Virtual IP
    • 2 virtual IP addresses may be required as part of this configuration

  • Windows Failover Cluster Object (created as part of Windows Failover Clustering Configuration)

    • computer object/Virtual IP
    • 2 additional virtual IP addresses may be required as part of Windows Failover Cluster for single site design for the network configuration of the Failover Cluster representing both networks at each respective site.