CloudAfrica: Infrastructure - Physical & Logical Architecture Overview
CloudAfrica: Data Centres & Infrastructure
CloudAfrica hosts all its infrastructure (networking equipment, compute nodes and storage platforms) at various Teraco Data Centres across South Africa
Currently, the majority of services are provided from Teraco Isando - JB1 East and JB1 West
Each of JB1 East and JB1 West have independent feeds and backup power facilities (UPSs and Generators), network feeds and HVAC infrastructure
Teraco operates Africa’s largest and most resilient data centre infrastructure
Teraco Bredell will be brought on-stream to extend CloudAfrica’s Object Storage service - https://www.bigstorage.io/ - by end 2020
Teraco Cape Town currently serves as an interconnect point for CloudAfrica customers based in Cape Town, and is being extended to accommodate compute infrastructure
Access to Teraco is secured as follows:
All individuals accessing Teraco facilities are required to be registered with Teraco, and must provide copies of identity documents to Teraco, as well as fingerprint/biometric scans
Access to Teraco Data Centre facilities must be pre-booked and access requests will only be granted for pre-registered individuals
Individuals accessing Teraco must present relevant identification documents as well as undergo biometric/fingerprint scans prior to entry to any Teraco facilities
Access to specific Data Centres within Teraco facilities requires further biometric verification
Access to CloudAfrica infrastructure is only permitted to senior CloudAfrica engineering staff
CloudAfrica: High-Level Physical & Logical Architecture
Internet Connectivity
All connectivity between CloudAfrica networks, compute hosts and storage infrastructure is connected to the Internet through multiple Internet peers
Routers & Firewalls
Internet connectivity is provided through redundant Internet-facing routers peering with multiple upstream BGP peers (CloudAfrica AS: 37352)
Firewalling (self-managed by customers) is provided by both:
Clusters of edge firewalls
On-compute firewalls isolating and controlling ingress and egress to VMs hosted on Compute nodes
Networking
All CloudAfrica Compute nodes and network elements are deployed on a (minimum) 10GB network backbone
VPCs & VLANs
Customers have the option of provisioning their servers within Virtual Private Clouds (essentially private VLANs), ensuring that network traffic within a VPC/VLAN is not visible to any other network/server outside of the VPC/VLAN
Compute Nodes & On-Compute Storage
All Compute and Storage Infrastructure deployed and operated by CloudAfrica is data-centre quality
On-compute storage is SSD-based (solid-state disk) and deployed as ZFS RAIDZ2/Z3 zpools (all Compute nodes currently being migrated to RAIDZ3)
VMs (Virtual Machines)
Virtual Machines are deployed as KVM instances running on Compute nodes
Backups of VMs are self-managed by customers utilising the built-in capabilities provided through the CloudAfrica management portal
VM Security: CloudAfrica staff have NO access to individual client VMs
Access to individual VMs can only be gained by CloudAfrica should clients share access details (including logins, passwords and/or access keys) if they require CloudAfrica engineers to provide relevant support services
Object/Block/Network Storage
In addition to on-compute direct-attached storage, CloudAfrica compute nodes are connected to the CloudAfrica network-attached storage platform using multiple 10GB network connections, in order to provide access to tiered:
Object Storage
Block Storage