DPOD was designed for deployment using either a standalone (All in one) or a distributed topology using remote DPOD collectors.
There 4 basic deployment options for DPOD:
- All-In-One with a single network interface
- All-In-One with two network interfaces
- All-In-One with External Self Service Console
- All-In-One with DPOD Remote collector
Scenario 1 : All-In-One with a single network interface
This is the most common deployment scenario. All DPOD components reside on the same appliance (either virtual or physical).
A single network interface is used both for communicating with the DataPower Gateway and accessing the DPOD console.
This scenario is appropriate for cases in which there is no organizational restrictions on providing users with direct access to DPOD’s IP address.
todo: change diagram to new-name
Scenario 2 : All-In-One with two network interfaces
In this deployment scenario all DPOD components reside on the same appliance (either virtual or physical). To address network and access restrictions, DPOD uses two network interfaces in this deployment scenario:
- Network Interface 1 – for communicating with the DataPower Gateway
- Network Interface 2 – for user access to the DPOD UI Console.
This deployment scenario is appropriate when a separation is required between network access from console users and DataPower Gateways.
Note: It is the System Administrator’s responsibility to define the second interface and make the proper static route definitions and additional network configuration. TODO: See Chapter X.X
todo: change diagram to new-name
Scenario 3 : All-In-One with External Self Service Console
In this deployment scenario two DPOD instances are deployed. The first one is the All-In-One, internal instance which is fully operational. The second is an external Self Service Console that does not store data. It only serves as a UI component , communicating with the internal DPOD instance over HTTP.
This deployment scenario supports both single and dual network interfaces, as specified in the two preceding scenarios.
An organization should consider using this deployment scenario when DPOD users are members of a different network to DPOD itself, or when a separation is required between the user interface and the data stored in the system.
TODO: in prod, for extra security - MESS is a second installation of DPOD. The second one connects to the Regular DPOD. This way - developers can have access to the the external DPOD, and do not need to access through into the more-secure network, and this way we can prevent access to DataPower. The investigate+configuration is available - because this is db only.
TODO: For detailed setup instructions and requirements for the External Self Service Console deployment see Chapter X.X ALSO: Diagram is unclear. Which is the user? What is “DPOD console?” an additional login point? Need to write about this a few more lines)
todo: change diagram to new-name
Scenario 4 : All-In-One with DPOD Remote Collector
This deployment scenario addresses deploying DPOD to monitor geographically dispersed locations. Communication with these locations is performed over WAN, and are susceptible to challenges of limited or unreliable network connectivity. To address this scenario, DPOD provides the ability to deploy instances of the DPOD Remote Collector alongside the All-In-One DPOD instance.
A Remote Collector is normally deployed in sites which are geographically separated from the DPOD main installation. A Remote Collector deployed in a site communicates with the DataPower Gateways there using DPOD agents. The data it collects is then sent asynchronously to the DPOD main installation.
This setup is appropriate when the existing DataPower deployment includes geographically dispersed sites, especially if network access between them is unreliable or limited (e.g. because of bandwidth).
TODO: For detailed instructions and requirements for the DPOD Remote Collector deployment, see Chapter X.X
todo: change diagram to new-name