CloudAfrica: Infrastructure - Physical & Logical Architecture Overview

Created by Angelo Roussos
Last updated: Aug 24, 2020

CloudAfrica: Data Centres & Infrastructure

  • CloudAfrica hosts all its infrastructure (networking equipment, compute nodes and storage platforms) at various Teraco Data Centres across South Africa

    • Currently, the majority of services are provided from Teraco Isando - JB1 East and JB1 West

      • Each of JB1 East and JB1 West have independent feeds and backup power facilities (UPSs and Generators), network feeds and HVAC infrastructure

  • Teraco operates Africa’s largest and most resilient data centre infrastructure

  • Teraco Bredell will be brought on-stream to extend CloudAfrica’s Object Storage service - https://www.bigstorage.io/ - by end 2020

  • Teraco Cape Town currently serves as an interconnect point for CloudAfrica customers based in Cape Town, and is being extended to accommodate compute infrastructure

  • Access to Teraco is secured as follows:

    • All individuals accessing Teraco facilities are required to be registered with Teraco, and must provide copies of identity documents to Teraco, as well as fingerprint/biometric scans

    • Access to Teraco Data Centre facilities must be pre-booked and access requests will only be granted for pre-registered individuals

    • Individuals accessing Teraco must present relevant identification documents as well as undergo biometric/fingerprint scans prior to entry to any Teraco facilities

    • Access to specific Data Centres within Teraco facilities requires further biometric verification

    • Access to CloudAfrica infrastructure is only permitted to senior CloudAfrica engineering staff

 

CloudAfrica: High-Level Physical & Logical Architecture

  • Internet Connectivity

    • All connectivity between CloudAfrica networks, compute hosts and storage infrastructure is connected to the Internet through multiple Internet peers

  • Routers & Firewalls

    • Internet connectivity is provided through redundant Internet-facing routers peering with multiple upstream BGP peers (CloudAfrica AS: 37352)

    • Firewalling (self-managed by customers) is provided by both:

      • Clusters of edge firewalls

      • On-compute firewalls isolating and controlling ingress and egress to VMs hosted on Compute nodes

  • Networking

    • All CloudAfrica Compute nodes and network elements are deployed on a (minimum) 10GB network backbone

  • VPCs & VLANs

    • Customers have the option of provisioning their servers within Virtual Private Clouds (essentially private VLANs), ensuring that network traffic within a VPC/VLAN is not visible to any other network/server outside of the VPC/VLAN

  • Compute Nodes & On-Compute Storage

    • All Compute and Storage Infrastructure deployed and operated by CloudAfrica is data-centre quality

    • On-compute storage is SSD-based (solid-state disk) and deployed as ZFS RAIDZ2/Z3 zpools (all Compute nodes currently being migrated to RAIDZ3)

  • VMs (Virtual Machines)

    • Virtual Machines are deployed as KVM instances running on Compute nodes

    • Backups of VMs are self-managed by customers utilising the built-in capabilities provided through the CloudAfrica management portal

    • VM Security: CloudAfrica staff have NO access to individual client VMs

      • Access to individual VMs can only be gained by CloudAfrica should clients share access details (including logins, passwords and/or access keys) if they require CloudAfrica engineers to provide relevant support services

  • Object/Block/Network Storage

    • In addition to on-compute direct-attached storage, CloudAfrica compute nodes are connected to the CloudAfrica network-attached storage platform using multiple 10GB network connections, in order to provide access to tiered:

      • Object Storage

      • Block Storage