unidesk technical architecture - university of edinburgh
TRANSCRIPT
Unidesk
Technical Architecture
Version 1.12
26/04/2016
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 2 of 19
Contents
1 Technical Description .............................................................................................. 6
1.1 Key Technologies ....................................................................................................... 6
2 Users, Roles and Groups ........................................................................................ 6
3 Application / Database Connectors ........................................................................ 8
3.1 Development Environment .......................................................................................... 8
3.2 Test Environment ........................................................................................................ 8
3.3 Live Environment ........................................................................................................ 9
4 Application Server Requirements ......................................................................... 10
5 Database Server Requirements ............................................................................ 10
6 Portal Requirements .............................................................................................. 11
7 Application URLs ................................................................................................... 11
7.1 Development ............................................................................................................. 11
7.2 Test .......................................................................................................................... 11
7.3 Live ........................................................................................................................... 11
8 File System Requirements .................................................................................... 12
8.1 File System Shares ................................................................................................... 13
9 Scheduled Tasks.................................................................................................... 13
9.1 Development ............................................................................................................. 13
9.2 Test .......................................................................................................................... 13
9.3 Live ........................................................................................................................... 14
10 Technical Diagrams ............................................................................................... 16
11 Resilience Measures .............................................................................................. 16
12 External Access ..................................................................................................... 17
13 Backup Policy ........................................................................................................ 17
14 Disaster Recovery Requirements ......................................................................... 17
15 Security Considerations ........................................................................................ 17
16 Authentication and Authorisation......................................................................... 17
17 Load Testing .......................................................................................................... 17
18 Interfaces and Dependencies ................................................................................ 18
19 Firewall Configuration ........................................................................................... 18
20 Software Licence Requirements ........................................................................... 18
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 3 of 19
21 Patching and Machine Restarts ............................................................................ 18
22 Exceptions and Other Issues ................................................................................ 18
23 Document Sign-off ................................................................................................. 19
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 4 of 19
Document Management
When completing this document please mark any section that is not required as being not applicable. A brief description explaining why the section is not required should also be included.
Role Unit Name
Technical Architect (Owner) Development Technology, IS
Applications
Systems Analyst
Project Manager
Production Management
Representative
IS Apps Mgmt Andrew Hobden
IS ITI Representative IS IT Infrastructure Paul Hutton
Project Sponsor
Business Area Manager
Other Contributors Topdesk
Project Control
Date Project code Project name Summary of changes
August
2013
SMI002 TOPDesk
Upgrade to v 5
Upgrade from Topdesk 4.2 to 5.1 in order to
benefit from new functionally and continued
vendor support.
April
2016
Smi013/016 Topdesk Update
to 5.7.4 and
Napier on
boarding
Smi013 - Upgrade of unidesk, this includes remove
of apache and new shibboleth login, smi016 – new
instance setup for Napier
Sep 2016 Smi017 Durham on
boarding
New instance setup for Durham live, test details
updated for existing infrastructure
Version Control
Please document all changes to this document since its initial draft.
Date Version Author Sections Amendments
8/3/10 0.1 Nmoir various
19/3/10 0.2 Nmoir Various Substantial details added following meeting
31/3/10 1.0 Peter Jackson Various Updates following meeting with TopDesk/ IS Architecture
7/4/10 1.1 Peter Jackson Various Miscellaneous Updates
20/4/10 1.2 Peter Jackson 2.10
25/5 1.3 Maurice Franceschi
Various Indicating where TAD needs final changes as par tof PPBR
19/7/10 1.4 Peter Jackson Various Update URL add, extra database info
2/05/12 1.5 Peter Jackson Various Change for Self Service Portal
5/07/13 1.6 John Chan 2.8 Add details of Windows scheduled tasks
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 5 of 19
7/7/13 1.7 Peter Jackson Various
27/8/13 1.8 Peter Jackson Various Update to use new TAD template.
27/9/13 1.9 Peter Jackson Various Add details of Demo environment.
12/5/14 1.10 Peter Jackson Add H2 database details
01/07/2014 1.11 Alister Webb 2, 4, 7.2, 7.3, 8, 9.1, 9.3, 11
Ed unidesk separation
26/04/2016 1.12 Alister Webb Various Napier + 5.4 to 5.7.1 upgrade added to most areas, removed jetty/apache details. Change in replication from AT DR sites to veeam replicas
25/08/2016 1.13 Alister Webb Various Durham (dur) live server details added, Durham (dur) details added to existing headings.
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 6 of 19
1 Technical Description
UniDesk is an ITIL based shared service. It is available using Shibboleth over the web for Higher and
Further Education. The service includes:
A Service Desk using TOPdesk software
Self service incident logging and knowledge management
Integrated ITIL compliant Incident, Problem, Change and Release processes
The service is hosted at Edinburgh but provides service management to all participating organisations, via
a web interface. The user interface does not require any software components to be installed by users of the
system and delivers excellent cross-browser compatibility.
Access to the software is facilitated via Shibboleth, with federated authentication at each site. Each
institution’s service is registered as a service provider with the UK Federation and makes use of the already-
existing shibboleth identity providers at each institution.
The software is installed in a virtualised environment, with each server having a Veeam replica residing in
a different physical location (live only). Failover to the secondary site is manual with the replicas being
taken nightly. The service uses a SQL Server database back-end; which has been configured as a mirror
across 2 sites.
UniDesk application software uses a built in web server which includes Shibboleth 2.x for webhosting
1.1 Key Technologies
Topdesk uses a built in webserver and no longer requires apache/ jetty
Technology Version New or existing
SQL Server 2008 Existing
Shibboleth 2.x.x Existing
H2 “Database” New
2 Users, Roles and Groups
Application Username
Description
ed\tdsksql Activie Directory user for SQL Mirroring on Test & Live
tdeskdb-
kb3t\cmdb_proxy_os
Local user used for Hardware import job
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 7 of 19
tdeskdb-
kb3\cmdb_proxy_os
Local user used for Hardware import job
ed\tdskcpy User used to copy attachements from Primary to DR application severs (jobs
stopped as of 5.7.1, replication now using veeam )
Database Username Roles Description
topdesk_dev_ed db_owner Development Database User
topdesk_test_ed db_owner Test Edinburgh Database User
topdesk_test_abertay db_owner Test Abertay Database User
topdesk_test_standrews db_owner Test St-Andrews Database User
topdesk_live_ed db_owner Live Edinburgh Database User
topdesk_live_abertay db_owner Live Abertay Database User
topdesk_live_standrews db_owner Live St-Andrews Database User
topdesk_test_shu db_owner Test Sheffield Hallam Database User
topdesk_live_shu db_owner Live Sheffield Hallam Database User
topdesk_test_stir db_owner Test Stirling Database User
topdesk_live_stir db_owner Live Stirling Database User
topdesk_test_napier db_owner Test Napier Database User
topdesk_live_napier db_owner Live Napier Database User
topdesk_test_dur db_owner Test Durham Database User
topdesk_live_dur db_owner Live Durham Database User
topdesk_import_dev_ed db_owner Import for Dataload Development Database User
topdesk_import_test_ed db_owner Import for Dataload Test Edinburgh Database User
topdesk_import_test_abertay db_owner Import for Dataload Test Abertay Database User
topdesk_import_test_standrews db_owner Import for Dataload Test St-Andrews Database User
topdesk_import_live_ed db_owner Import for Dataload Live Edinburgh Database User
topdesk_import_live_abertay db_owner Import for Dataload Live Abertay Database User
topdesk_import_live_standrews db_owner Import for Dataload Live St-Andrews Database User
topdesk_import_live_shu db_owner Import for Dataload Live Sheffield Hallam
topdesk_import_test_shu db_owner Import for Dataload test Sheffield Hallam
topdesk_import_live_stir db_owner Import for Dataload Live Stirling
topdesk_import_test_stir db_owner Import for Dataload test Stirling
topdesk_import_live_napier db_owner Import for Dataload Live napier
topdesk_import_test_napier db_owner Import for Dataload test napier
topdesk_import_live_dur db_owner Import for Dataload Live durham
topdesk_import_test_dur db_owner Import for Dataload test durham
topdesk_live_demo db_owner Demo instance also used as template for new institutions.
Database Description
topdesk_dev_ed_v5 Dev Edinburgh Topdesk Database
topdesk_test_ed_v5 Test Edinburgh Topdesk Database
topdesk_test_abertay_v5 Test Edinburgh Topdesk Database
topdesk_test_standrews_v5 Test St Andrews Topdesk Database
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 8 of 19
topdesk_live_ed_v5 Live Edinburgh Topdesk Database
topdesk_live_abertay_v5 Live Abertay Topdesk Database
topdesk_live_standrews_v5 Live St Andrews Topdesk Database
topdesk_test_shu_v5 Test Sheffield Hallam Topdesk Database
topdesk_live_shu_v5 Live Sheffield Hallam Topdesk Database
topdesk_test_stir_v5 Test Stirling Topdesk Database
topdesk_live_stir_v5 Live Stirling Topdesk Database
topdesk_test_napier_v5 Test Napier Topdesk Database
topdesk_live_napier_v5 Live Napier Topdesk Database
topdesk_test_dur_v5 Test Durham Topdesk Database
topdesk_live_dur_v5 Live Durham Topdesk Database
topdesk_import_dev_ed Dataload Development Database
topdesk_import_test_ed Dataload Test Edinburgh Database
topdesk_import_test_abertay Dataload Test Abertay Database
topdesk_import_test_standrews Dataload Test St-Andrews Database
topdesk_import_live_ed Dataload Live Edinburgh Database
topdesk_import_live_abertay Dataload Live Abertay Database
topdesk_import_live_standrews Dataload Live St-Andrews Database
topdesk_import_live_shu Dataload Live Sheffield Hallam
topdesk_import_test_shu Dataload test Sheffield Hallam
topdesk_import_live_stir Dataload Live Stirling
topdesk_import_test_stir Dataload test Stirling
topdesk_import_live_napier Dataload Live Napier
topdesk_import_test_napier Dataload test Napier
topdesk_import_live_dur Dataload Live Durham
topdesk_import_test_dur Dataload test Durham
topdesk_live_demo_v5 Demo instance also used as template for new institutions.
3 Application / Database Connectors
3.1 Development Environment
Application Name Topdesk Topdesk Import
Technology JDBC JDBC
Username topdesk_dev_ed topdesk_import_dev_ed
Database topdesk_dev_ed_v5 topdesk_import_dev_ed
Additional settings n/a n/a
3.2 Test Environment
Application Name Topdesk Topdesk Import
Technology JDBC JDBC
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 9 of 19
Username topdesk_test_${inst} topdesk_import_test_${inst}
Instance topdesk_test_${inst}_v5 topdesk_import_test_${inst}
Additional settings n/a n/a
3.3 Live Environment
Application Name Topdesk Topdesk Import
Technology JDBC JDBC
Username topdesk_live_${inst} topdesk_import_live_${inst}
Instance topdesk_live_${inst}_v5 topdesk_import_live_${inst}
Additional settings n/a n/a
Where ${inst} is the institutional identifier for example ed for Edinburgh and shu for Sheffield Hallam
3.4 Demo Environment
Application Name Topdesk Topdesk Import
Technology JDBC n/a, No import on Demo
Username topdesk_live_demo
Instance topdesk_live_demo_v5
Additional settings n/a
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 10 of 19
4 Application Server Requirements
Development Test Live
Servers tdeskapp-kb1d tdeskapp-kb1t (all)
tdeskapp3t(Ed)
tdeskapp-kb1(abertay, st-
andrew)
tdeskapp-kb2 (Demo & shu,
stir, ulster)
tdeskapp3(Ed)
tdeskapp-napier
tdeskapp-durham
Physical/Virtual Virtual Virtual Virtual
Memory 3GB 12GB tdeskapp-kb1 &
tdeskapp-kb2 &
tdeskapp3(28GB)
tdeskapp-napier (8GB)
tdeskapp-durham (8GB)
Operating System Windows Server 2008
R2
Windows Server 2008
R2
Windows Server 2008 R2
vCPUs 1 2 4
Tdeskapp-napier (2cores)
Tdeskapp-durham (2cores)
Application home directories
G:/Program
Files/Topdesk*
G:/Program
Files/Topdesk*
G:/Program Files/Topdesk*
Software and versions
Topdesk 5.7.x Topdesk 5.7.x Topdesk 5.7.x
Additional dependencies
Java Runtime
Environment1.8
Shibboleth 2.x.x
Java Runtime
Environment 1.8
Shibboleth 2.x.x
Java Runtime Environment
1.8
Shibboleth 2.x.x
All servers are members of the ED active directory domain.
5 Database Server Requirements
Development Test Live
Servers tdeskdb-kb1d tdeskdb-kb1t
tdeskdb-at1t
tdeskdb-kb3t
tdeskdb-at3t
tdeskdb-kb1 (abertay,
st-andrews, demo, shu,
stir, ulster)
tdeskdb-at1
tdeskdb-kb3(ed)
tdeskdb-at3
tdeskdb-kb4(napier,
dur)
tdeskdb-at4
Memory 3GB 12GB 12GB
Tdeskdb-kb4\at4
(16GB)
Operating System Windows Server 2008
R2
Windows Server 2008
R2
Windows Server 2008
R2
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 11 of 19
vCPUs 1 2 4
Database versions SQL Server 2008
Enterprise
SQL Server 2008
Enterprise
SQL Server 2008
Enterprise
All servers are members of the ED active directory domain.
6 Portal Requirements
Development Test Live
e.g. Portal channel Launcher Launcher Launcher
7 Application URLs
7.1 Development
Application URL
Edinburgh https://www-dev.topdesk.is.ed.ac.uk/
7.2 Test
Application URL
Edinburgh https://test.ed.unidesk.ac.uk/
St-Andrews https://test.st-andrews.unidesk.ac.uk/
Abertay https://test.abertay.unidesk.ac.uk/
Sheffield Hallam https://test.shu.unidesk.ac.uk/
WebSite http://www-test.unidesk.ac.uk/
Stirling https://test.stir.unidesk.ac.uk
Napier https://test.napier.unidesk.ac.uk
Durham https://test.dur.unidesk.ac.uk
7.3 Live
Application URL
Edinburgh https://ed.unidesk.ac.uk/
St-Andrews https://st-andrews.unidesk.ac.uk/
Abertay https://abertay.unidesk.ac.uk/
Sheffield Hallam https://shu.unidesk.ac.uk/
WebSite http://www.unidesk.ac.uk/ and http://unidesk.ac.uk/
(aliases from http://unidesk.ed.ac.uk and http://www.undesk.ed.ac.uk/)
Stirling https://stir.unidesk.ac.uk
Napier https://napier.unidesk.ac.uk
Durham https://dur.unidesk.ac.uk
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 12 of 19
7.4 Demo
Application URL
Demo https://demo.unidesk.ac.uk/
8 File System Requirements
Server Volume Size Purpose
tdeskapp-kb1d C: 50GB Operating System
G: 30GB Data (including TopDesk Install)
H: 80GB Attachments
tdeskdb-kb1d C:– operating system 50GB Operating System
G: 60GB SQL Server data files and
database backups
H: 60GB SQL Server transaction logs
Server Volume Size Purpose
tdeskapp-kb1t &
tdeskapp3t
C: 100GB Operating System
G: 30GB Data (including TopDesk Install)
H: 300GB Attachments
tdeskdb-kb1t &
tdeskdb-at1t
tdeskdb-kb3t &
tdeskdb-at3t
C:– operating system 80GB Operating System
E: 300GB SQL Server data files and
database backups
F: 80GB SQL Server transaction logs
G: 500GB SQL Server data files
Server Volume Size Purpose
tdeskapp-kb1,
tdeskapp-kb2,
tdeskapp3
tdeskapp-napier
tdeskappp-durham
C: 100GB
Tdeskapp-
napier/durham(70GB)
Operating System
G: 30GB
Tdeskapp-
napier/durham(100GB)
Data (including TopDesk Install)
H: 300GB
Tdeskapp-
napier/durham(200GB)
Attachments
tdeskdb-kb1(demo,
shu, stir, standrews,
ulster) & tdeskdb-at1
C:– operating system 80GB Operating System
G: 300GB
Tdeskdb-kb4(400GB)
SQL Server data files and
database backups
H: 80GB
Tdeskdb-kb4(300GB)
SQL Server transaction logs
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 13 of 19
tdeskdb-kb3(ed) &
tdeskdb-at3t
tdeskdb-kb4(napier,
Durham) & tdeskdb-at4
I: 500GB
Tdeskdb-kb4(500GB)
SQL Server Backups
8.1 File System Shares
N/a
9 Scheduled Tasks
9.1 Development
Cron/dbms Name Schedule User Name Description
SQL Server Backup
(TDESKDB-KB1D)
Daily system Full SQL Server Backup
SQL Server Job –
EdinburghUniFeed
(TDESKDB-KB1D)
Daily at 22:00pm Ed\tdsksql Edinburgh Person Import
from IDM
Windows Scheduled Task
– Unidesk Hard Disk
Space Report
(TDESKDB-KB1D)
Daily at 08:00am Ed\tdsksql Automated email sent to
Apps Mgmt detailing
Hard disk drive space.
Windows Scheduled Task
– Unidesk Average and
Peak Count Report
(TDESKDB-KB1D)
1st of each month at
08:00am
Ed\tdsksql Automated email sent to
Apps Mgmt with average
and peak count details for
each institution.
Windows Scheduled Task
– NorMAN Data file
export (TDESKDB-
KB1D)
Daily at 02:00am
(DISABLED on DEV)
Ed\tdsksql CSV Export of University
of Edinburgh Unidesk
person data to NorMAN
9.2 Test
*Napier TBC – will be a person import job but have no details at present.
*Durham TBC – as above
Cron/dbms Name Schedule User Name Description
SQL Server Backup
(TDESKDB-KB1T)
Daily 21:30 system Full SQL Server Backup
SQL Server Job –
EdinburghUniFeed
(TDESKDB-KB1T)
Daily at 22:00pm Ed\tdsksql Edinburgh Person Import
from IDM
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 14 of 19
SQL Server Job –
AbertayFeed
(TDESKDB-KB1T)
Daily at 00:30am and
12:30pm
Ed\tdsksql Abertay Person Import
SQL Server Job–
StAndrewsFeed
(TDESKDB-KB1T)
Daily at 22:00pm Ed\tdsksql St Andrews Person
Import
SQL Server Job–
SheffieldHallamFeed
(TDESKDB-KB1T)
Daily at 04:00am Ed\tdsksql Sheffield Hallam Person
Import
SQL Server Job–
StirlingFeed
(TDESKDB-KB1T)
Daily 20:30pm Ed\tdsksql Stirling Person Import
SQL Server Job-
Import Hardware
Edin(TDESKDB-KB3T)
Manual topdesk_import_test_ed
tdeskdb-
kb3t\cmdb_proxy_os
Edinburgh Hardware
import(cmdb)
Windows Scheduled Task
– Unidesk Hard Disk
Space Report
(TDESKDB-KB1T)
Daily at 08:00am Ed\tdsksql Automated email sent to
Apps Mgmt detailing
Hard disk drive space.
Windows Scheduled Task
– Unidesk Average and
Peak Count Report
(TDESKDB-KB1T)
1st of each month at
08:00am
Ed\tdsksql Automated email sent to
Apps Mgmt with average
and peak count details for
each institution.
Windows Scheduled Task
– NorMAN Data file
export (TDESKDB-
KB1T)
Daily at 02:00am
(DISABLED on TEST)
Ed\tdsksql CSV Export of University
of Edinburgh Unidesk
person data to NorMAN
9.3 Live
*Napier TBC– will be a person import job but have no details at present.
*Durham TBC – as above
Cron/dbms Name Schedule User Name Description
SQL Server Backup
(TDESKDB-KB1)
Daily 21:30 system Full SQL Server Backup
SQL Server Job –
EdinburghUniFeed
(TDESKDB-KB1)
Daily at 22:00pm Ed\tdsksql Edinburgh Person Import
from IDM
SQL Server Job –
AbertayFeed
(TDESKDB-KB1)
Daily at 00:30am and
12:30pm
Ed\tdsksql Abertay Person Import
SQL Server Job–
StAndrewsFeed
(TDESKDB-KB1)
Daily at 22:00pm Ed\tdsksql St Andrews Person
Import
SQL Server Job–
SheffieldHallamFeed
Daily at 04:00am Ed\tdsksql Sheffield Hallam Person
Import
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 15 of 19
(TDESKDB-KB1)
SQL Server Job–
StirlingFeed
(TDESKDB-KB1)
Daily 20:30pm Ed\tdsksql Stirling Person Import
Windows Scheduled Task
– Unidesk Hard Disk
Space Report
(TDESKDB-KB1)
Daily at 08:00am Ed\tdsksql Automated email sent to
Apps Mgmt detailing
Hard disk drive space.
Windows Scheduled Task
– Unidesk Average and
Peak Count Report
(TDESKDB-KB1)
1st of each month at
08:00am
Ed\tdsksql Automated email sent to
Apps Mgmt with average
and peak count details for
each institution.
Windows Scheduled Task
– NorMAN Data file
export (TDESKDB-KB1)
Daily at 02:00am Ed\tdsksql CSV Export of University
of Edinburgh Unidesk
person data to NorMAN
Windows Scheduled Task
– St Andrews Qlikview
Data Export (TDESKDB-
KB1)
Daily at 02:00am Ed\tdsksql CSV Export of Unidesk
data for University of St
Andrews
SQL Server Job-
Import Hardware
Edin(TDESKDB-KB3)
Manual topdesk_import_ed,
tdeskdb-
kb3t\cmdb_proxy_os
Edinburgh Hardware
import(cmdb)
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 16 of 19
10 Technical Diagrams
SQL Server Mirrored Pair
Network Links 27/08/2013
Unidesk
Ed Uni Firewall
SAN Storage
TopDesk Active
App Server
Topdesk Standby
app server
(Manual Switchover)
Internet
Client
HTTPSInstitutional
Data Sources
SCP
Outgoing Email
Server
IMAPS
1
2
3
1
Physical Location 1
(KB)
Physical Location 2
(AT)
SQLSrv
Replication
SAN Storage
Connection from client to to Topdesk application server made using HTTPS. This is a single virtual machine located in KB with a cold standby server in AT.
2 Application server Normally connects to the primary member of the SQL Server mirror.
Replication between SQL server instances using High Safety Mode3
5
Outgoing Email is passed to the Edinburgh Outgoing email Servers for onward delivery.5
Data feeds containing user information from each institution are passed into the database periodically. Connection made via Eduni firewall, but not shown for simplicity.7
7
SQLSrv
4
In the Event of failure of the Primary database server the Application is manually reconfigured to connect to the secondary SQL Server.4
SQLSrv4
TopDesk Application regularly polls IMAP mailboxes (using Encrypted connections) hosted within each of the participating institutions to process incoming email.6
IMAP Mail
IMAP Mail
SMTP
IMAPS
6
6
Settings
Manager
JavaRMIJavaRMI
8
Advanced Settings, such as events and actions within the Topdesk software are managed using a client installation. Only a handful of admins use this tool 8
Note for point 1, 4: for tdeskapp* servers there is no cold standby server. The application servers are now
using vmotion replicas and will be manually failed over to these in the event of a DR
11 Resilience Measures
A mirrored pair of SQL Server servers in High Safety configuration is used. Manual intervention is required
to connect the database to the secondary SQL server database as automatic failover is not supported by
Topdesk.
The App tier is now replicated using veeam with the SQL DB tiers still using mirroring like above.
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 17 of 19
12 External Access
External Details (telephone number, email etc.)
Access Type Authentication and authorisation methods
Description of need
None
13 Backup Policy
Detail any variance from the default backup policy as detailed below.
Component Type of backup Backup period Technology
File system backup Full weekly and daily
incremental
4 weeks retention VEEM
SQL Server backup Full weekly and daily
incremental
4 weeks retention VEEM
14 Disaster Recovery Requirements
Application Category Recovery URL
Unidesk 2 See Operational Document
15 Security Considerations
Access to Unidesk is made using HTTPS. Connections to external institutions for user data are carried out
over an encrypted channel (SFTP) to comply with Data Protection Legislation.
16 Authentication and Authorisation
Authentication is facilitated via shibboleth. Each institution has a separate install of Topdesk that uses
separate Service Provider (SP) registered with the UKFederation.
The eduPersonPrincipalName (EPPN) attribute requires to be released by the institutions Identity Provider
(IdP). The Topdesk application performs authorisation of the user based on the value of this attribute (e.g
17 Load Testing
Load testing has been carried out by Topdesk against Topdesk version 5. The results of these load tests
have been used to determine the memory configuration. No internal load testing has been performed with
version 5.
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 18 of 19
18 Interfaces and Dependencies
The University of Edinburgh feed of customer data is made using HTTPS connections to IDM web services.
Customer data from partners and member institutions is transferred using SFTP. In the event of
unavailability of these interfaces the data from the previous successful download remains within Unidesk.
Outgoing email is send via bulkmailrelay.ucs.ed.ac.uk, in the case of non-Edinburgh installations the email
will be send via the external institutions mail infrastructure. The configuration to perform this forwarding
is configured in the mailrelay infrastructure by IS ITI Unix Team.
19 Firewall Configuration
Source Destination Port Protocol
All Live topdesk application
URL
TCP 80,443 http,https
All Test topdesk application
URL
TCP 80,443 http,https
Eduninets Dev topdesk application
URL
TCP 80,443 http, https
Topdesk live application servers Topdesk live DB cluster TCP 1433 SQL Server
Topdesk test application servers Topdesk test DB cluster TCP 1433 SQL Server
Topdesk dev application server Topdesk dev DB server TCP 1433 SQL Server
Management Client PC Dev, Test & Live topdesk
application servers
TCP 20919- 20928 JavaRMI
20 Software Licence Requirements
Software and Supplier Details
Licence Requirements
Already Licensed? (Y/N)
New or Additional Licence Costs
Topdesk Y Additional Forms &
new shib license
module added
Windows server Y
SQL Server 2008 Y
21 Patching and Machine Restarts
Has restart been tested to confirm that policy has been achieved? Yes
22 Exceptions and Other Issues
JAVA automatic updates should be switched off in all environments.
Unidesk
Technical Architecture Version 1.12 26/04/2016
Page 19 of 19
The Treewalk bespoke work provided by Topdesk uses a H2 database, this “database” consists of a single
XML file. No special backup or recovery mechanisms are required.
23 Document Sign-off
Architect Name Peter Jackson/Iain Fiddes (20/09/2013)
IS ITI Representative Name (date)
Project Manager Acceptance Document URL of email or PPDR
Business Partner Acceptance Document URL of email or PPDR