oo

Liferay Cloud Infrastructure

Liferay Cloud is a flexible platform that combines a collection of key components to provide a robust, reliable, and manageable Liferay DXP implementation. This diagram shows how all of these components fit together to complete this implementation:

All of the key services and components integrated with Liferay Cloud are shown with their connections here.

note

Private cluster subscriptions also include a built-in Web Application Firewall. However, this is not available with a shared cluster.

See the following list for a description of the various components.

Advanced Application Monitoring

Liferay Cloud supports the use of Dynatrace monitoring. This app provides monitoring of application performance, infrastructure, and more, in real time. See Advanced Application Metrics for more information.

Repository Integration

Liferay Cloud integrates with project source code using Git. Built-in integration with Jenkins allows new commits or pull requests to automatically trigger builds that can be deployed to any Liferay Cloud environment.

GitHub, Bitbucket, and GitLab integration are all supported.

VPN Server and Client

Liferay Cloud environments can send and receive data through an encrypted tunnel using a customer’s own VPN server. Liferay Cloud provides a client-to-site VPN service that enables connection from a supported VPN to its environments. OpenVPN and IPSec (IKEv2) protocols are supported for this connection. See the VPN Integration Overview for more information.

Docker Hub

Liferay Cloud uses Docker Hub as a public platform for service images and versions (shared as tags). This implementation also allows for customers to use custom DOcker images from any public repository or local development workspace. See the Liferay Cloud profile on Docker Hub for a registry of service images.

DDoS Protection

Liferay Cloud provides built-in protection from distributed denial-of-service (DDoS) attacks. It uses a GCP POP network to protect environments from being flooded with incoming traffic, and to safely and consistently deliver content to end-users globally.

HTTP(S) Load Balancer

Liferay Cloud distributes HTTP(S) traffic across multiple instances. It uses GKE Ingress to diffuse traffic, reducing the risk of services being overloaded.

Web Server

An Nginx web server is used as a gateway to other services within every Liferay Cloud environment. This includes a build-in firewall that provides Layer 7 attack protection, IP protection, and audit logging.

This server is configurable as one of Liferay Cloud’s main services. See the Web Server Service for more information.

Liferay DXP

Liferay DXP connects, orchestrates, and integrates data and services from a variety of applications to one central user interface platform. Liferay Cloud provides a quick and reliable implementation for a DXP instance in the cloud. The Web Server service provides the entry point and gateway for all HTTP(S) traffic to DXP.

By adding configurations and any custom modules to your own project repository, the Liferay service is highly customizable just like a normal DXP installation. See the Introduction to the Liferay Service for more information.

Liferay Cloud uses Elasticsearch for RESTful search, indexing, and analytics capabilities within each environment. The search service is only accessible via private network traffic, through TCP or UDP connection.

The Elasticsearch engine is offered as one of Liferay Cloud’s main services, making it highly scalable and customizable. See the Search Service for more information.

MySQL Database

Liferay Cloud connects the Liferay service to a separate, database storage service within its private network. A MySQL database is used to create a reliable, secure, and scalable DXP implementation in the cloud. The database service is only accessible via private network traffic, through TCP or UDP connection.

The MySQL database is offered as one of Liferay Cloud’s main services, making it freely configurable and customizable. See the Database Service for more information.

Persisted Storage (Volumes)

Liferay Cloud uses volumes for persistent data storage for any service that needs them, within its private network. Depending on the type of service, volumes can be either be stored with an SSD drive specific to that service, or shared between services on a network file system (NFS). Volumes are only accessible via private network traffic.

By default, the Web Server, Liferay DXP, and Backup services store volumes using NFS, and the Search and CI services use dedicated SSD disks. See Configuring Persistent File Storage Volumes for more information.

Backups

Liferay Cloud stores a copy of the Database service and volumes from Liferay DXP within its private network. Customers can manually create a backup from any environment, and restore that backup to any other environment. By default, backups are accessible to public web traffic through HTTP(S) connections.

Backups are offered as one of Liferay Cloud’s main services, and its rules of operation (such as backup frequency and retention) can be freely configured. See the Backup Service Overview for more information.

CI Server

Liferay Cloud automates the build and deployment processes for customer projects in development. With a project tied to a customer repository, Jenkins is used with a webhook to automatically transform new commits or pull requests into builds that can be deployed to any environment. This service exists within a special, separate infra environment, and it is not accessible to regular users. Liferay Cloud also provides a dashboard to customers in the Cloud console to view the details of Jenkins builds.

The CI service used for Jenkins builds is offered as one of Liferay Cloud’s main services, and customers can configure this service and even customize the Jenkins pipeline if desired. See Continuous Integration for more information.

CLI Tool

Liferay Cloud allows for a variety of management tasks to be performed on its environments and services by using its CLI Tool. The application serves as a central interface that can be used for all a customer’s projects, and it is accessible to HTTP(S) traffic. See the Command-line Tool for more information.

Antivirus

Liferay Cloud automatically detects trojans, viruses, malware, and other malicious threats, using ClamAV. This engine operates as a background service within the cloud, and it is not accessible to users or other services. Each cluster in Liferay Cloud has one instance of the antivirus running.

Intrusion Detection System

Liferay Cloud automatically detects intrusion within its components, using Threat Stack. Like the built-in antivirus software, this system also operates as a background service, and it is not accessible to users or other services. Each cluster in Liferay Cloud has one instance.

Capability:
Deployment Approach: