3. Distributed deployment example

Deploying FRED on multiple servers brings at least two advantages:

• increased performance,

• access control on the network level.

Deploying on multiple physical servers is not the only distributed solution, deploying on virtual servers or separating tasks on the process level is also possible.

Nodes overview

Nodes in this document represent execution environments.

We work with the following nodes:

• EPP node – EPP service

• ADMIN node – web admin service

• WEB node – public web services: Unix WHOIS, Web WHOIS, RDAP

• HM node – zone management

• APP node – application servers, CLI admin tools, pgbouncer, CORBA naming service

• DB node – the main FRED database

• LOGDB node – the logger database

• Secretary node

• Messenger node

Tip

Redundancy

This text does not describe redundancy options in detail, but here is a quick tip:

• database replication is a standard technique to protect data,

• the whole system can be replicated in several instances on different localities, which can substitute one another when one instance fails or during a system upgrade. Except the node that hosts application servers (APP node), because FRED only supports single instance backend at the moment.

3.1. Network

Network rules are described per node in the following sections, but here is an overview of logical connections in the network (a single instance of the system).

Network – Logical topology

Restricted network access means that servers should be accessed only from IP addresses and ports allowed on a firewall.

Unrestricted network access means that servers can be accessed from any IP address, but only necessary ports should be open for access as illustrated in the network rules for each node.

3.2. EPP node

Provides: EPP service

Packages:

• libapache2-mod-corba

• libapache2-mod-eppd;

Network:

• access to EPP (tcp, port 700) permitted only from particular IP addresses (or ranges) declared by registrars

EPP node packages

Package	Provided services	Description	Default config location
libapache2-mod-corba	None (is only an Apache module)	Apache module that provides common functionality of CORBA communication for EPP and WHOIS Apache modules	/etc/apache2/sites-enabled (generated after module activation)
libapache2-mod-eppd	None (is only an Apache module)	Apache module for parsing EPP commands and transforming them into CORBA calls to server (and vice versa)	/etc/apache2/sites-available/02-fred-mod-eppd-apache.conf (generated after module activation)

3.3. ADMIN node

Provides: Web administration interface

Network:

• access to HTTPS (tcp, port 443) permitted only from the private network of the Registry

ADMIN node docker images

Docker image	Description	Default config location
ferda-nginx	http webserver	none, configuration example in fred/ferda/-/tree/master/docs/demo-deploy
ferda-uwsgi	webserver gateway interface	none, configuration example in fred/ferda/-/tree/master/docs/demo-deploy

3.4. WEB node

Provides: Unix WHOIS, Web WHOIS, RDAP

Network:

• access to HTTPS (tcp, port 443) permitted from anyone

• access to WHOIS (tcp, port 43) permitted from anyone

WEB node packages

Package	Provided services	Description	Default config location
libapache2-mod-corba	No provided services (is only an Apache module)	Apache module that provides common functionality of CORBA communication for EPP and WHOIS Apache modules	/etc/apache2/sites-enabled (generated after module activation)
libapache2-mod-whoisd	No provided services (is only an Apache module)	Apache module for parsing EPP commands and transforming them into CORBA calls to server (and vice versa)	/etc/apache2/sites-available/02-fred-mod-whoisd-apache.conf (generated after module activation)

WEB node docker images

Docker image	Description	Default config location
rdap-nginx	http webserver	none, configuration example in fred/ferda/-/tree/master/docs/demo-deploy
rdap-uwsgi	webserver gateway interface	none, configuration example in fred/ferda/-/tree/master/docs/demo-deploy
webwhois-nginx	http webserver	none, configuration example in fred/ferda/-/tree/master/docs/demo-deploy
webwhois-uwsgi	webserver gateway interface	none, configuration example in fred/ferda/-/tree/master/docs/demo-deploy

3.5. HM node

Hidden master for the DNS infrastructure.

Provides: zone file generation, zone signing, DNS servers notification

Network:

• access to IXFR (tcp, port 53) permitted only from DNS servers

HM node packages

Package	Provided services	Description	Default config location
fred-zone-generator	None	System binary for zonefile generation	/etc//fred/fred-zone-generator.conf

3.6. APP node

Provides:

• CORBA naming service (omninames) as a virtual server “corba”,

• backend application servers,

• CLI administration tools,

Tip

In addition to FRED components we recommend adding pgbouncer for database connection distribution.

Network:

• only internal access from the private network of the Registry

APP node packages

Package	Provided services	Description	Default config location
fred-accifd	/lib/systemd/system/fred-accifd.service	FRED backend for accounting	/etc/init/fred-accifd.conf
fred-adifd	/lib/systemd/system/fred-adifd.service	Administration interface daemon	/etc/init/fred-adifd.conf
fred-akm	None	FRED automatic keyset management client	etc/fred/fred-akm.conf
fred-akmd	/lib/systemd/system/fred-akmd.service	FRED backend for automatic keyset management	/etc/init/fred-akmd.conf
fred-api-fileman	None	FRED fileman services interface definition files	None
fred-api-logger	None	FRED logger services interface definition files	None
fred-backend-dbreport	/lib/systemd/system/fred-dbreport-services.service /lib/systemd/system/fred-dbreport-services@.service	FRED server for database reports (gRPC)	None
fred-backend-fileman	/lib/systemd/system/fred-fileman-server.service	FRED service for file management	/etc/fred/fileman.conf
fred-backend-logger	/lib/systemd/system/fred-backend-logger.service	FRED logger services (gRPC)	None
fred-backend-logger-corba	/lib/systemd/system/fred-backend-logger-corba.service	FRED logger services (CORBA)	None
fred-backend-notify	None	FRED notify implementation	/etc/fred/fred-notify-contact-data-reminder-example.conf /etc/fred/fred-notify-object-events-example.conf /etc/fred/fred-notify-object-state-changes-example.conf
fred-backend-public-request	/lib/systemd/system/fred-backend-public-request.service	FRED backend for public requests management	None
fred-backend-registry	/lib/systemd/system/fred-backend-registry.service	FRED registry core services (gRPC)	None
fred-backend-zone	/lib/systemd/system/fred-zone-services.service	FRED backend service for DNS zone generator	etc/fred/fred-zone-services.conf
fred-idl	None	FRED server interface definition files	None
fred-pifd	/lib/systemd/system/fred-pifd.service	FRED public interface daemon	/etc/init/fred-pifd.conf
fred-rifd	/lib/systemd/system/fred-rifd-services.service	FRED registrar interface daemon	/etc/init/fred-rifd.conf
cdnskey-scanner	None	CDNSKEY records scanner	None
python3-pydantic	None	Data validation and settings management using python type hinting	None

3.7. Database nodes

Database is separated into several nodes:

• DB – the main database freddb – data of all domains, contacts, registrars, history etc.

• LOGDB – the audit log (logger) database logdb – logging of all user transactions

• messenger

• secretary

• FERDA

We have the logger database separately due to high workload.

Network:

• accessed only by the backend server(s) from the APP node

DB node packages

Package	Provided services	Description	Default config location
fred-db	None	Database schema and example data for FRED	None
postgresql-13	None	PostgreSQL database server	None

3.8. Secretary node

Secretary node packages

Package	Provided services	Description	Default config location
python3-django-secretary	/usr/share/doc/python3-django-secretary/examples/fred-secretary.service	Django app for rendering e-mails and PDFs	/usr/share/doc/python3-django-secretary/examples/settings.py
nginx-full	None	http web server	None
uwsgi	None	webserver gateway interface	None

3.9. Messenger node

Messenger node packages

Package	Provided services	Description	Default config location
fred-api-fileman	None	FRED fileman services interface definition files	None
fred-api-messenger	None	FRED messenger services interface definition files	None
fred-backend-messenger	/lib/systemd/system/fred-messenger-server.service /lib/systemd/system/fred-messenger-sender-email.service /lib/systemd/system/fred-messenger-sender-sms.service	FRED service for sending and archiving messages	None