Deploy Maximo Application Suite in on-premises Satellite location

Maximo Application Suite on Satellite pattern involves the following:

An IBM Cloud Satellite location configured on-premises
Configuring Maximo Application Suite at that Satellite location

Due to privacy, regulatory, or compliance reasons, customers might not want to store their data in the public cloud. In such scenarios, the best option is to create one or more Satellite locations on-premises and host the Maximo Application Suite related data locally.

Architecture diagram

Figure 1 illustrates the IBM Cloud Satellite architecture where the Satellite location is deployed on-premises and Maximo Application Suite is installed at that location.

MAS on-premises Satellite architecture — Figure 1. Solution architecture showing Maximo Application Suite setup at an IBM Cloud Satellite on-premises location

Figure 2 shows the components in Maximo Application Suite architecture. For more information, see IBM Maximo Application Suite architecture.

MAS architecture — Figure 2. Maximo Application Suite architecture

Design scope

This Maximo Application Suite in IBM Cloud Satellite solution covers design considerations and architecture decisions for the following aspects and domains:

Application Platform: Enterprise Applications
Compute: Bare Metal, Virtual Servers, Virtualization, Containers
Storage: Primary Storage, Backup Storage
Networking: Enterprise Connectivity, Network Segmentation
Data: Databases & Data Storage highlighting the Data Residency requirement
Security: Data Security, Identity and Access Management, Infrastructure and Endpoint
Resiliency: Backup and Restore, High Availability
Service Management: Monitoring, Logging, Auditing/Tracking

The Introduction to the Architecture Design Framework, provides a consistent approach to design cloud solutions by addressing requirements across a pre-defined set of aspects and domains, which are technology-agnostic architectural areas to consider for any enterprise solution. It can be used as a guide to make the necessary design and component choices. After you have identified the applicable requirements and domains that are in scope, you can evaluate and select the best fit for purpose components for your enterprise cloud solution.

In Figure 3, you can view the domains that are relevant in a Maximo Application Suite on IBM Cloud Satellite solution.

MAS on Satellite Architecture Design Framework — Figure 3. MMaximo Application Suite on IBM Cloud Satellite Architecture Design Framework

Solution components and requirements for Satellite location on-premises

Review the following requirements and components for configuring Maximo Application Suite in an on-premises Satellite location.

Requirements

The following table represents a baseline set of requirements, which are applicable to many clients who are looking to upgrade from Maximo 7.x to Maximo Application Suite 8.x. Deployment of Maximo Application Suite on IBM Cloud Satellite location serves as the first step.

Table 1. Pattern requirements
Aspect	Requirement
Application platform	The solution should be fully managed from end to end
Compute	Customer is looking to deploy hosts running managed Red Hat OpenShift Kubernetes Service (ROKS) clusters in the Satellite location
Storage	Provide storage that meets the Maximo Application Suite applications and database performance requirements
Network	Provide secure, low-latency connectivity
Data	Data security and compliance requirements require that the data remains on-premises. Use a proven relational database technology in order to provide critical information to applications on premises.
Security	Encrypt all application data in transit and at rest to protect it from unauthorized disclosure.
Resiliency	Multi-site capability to support a disaster recovery strategy and solution that uses IBM Cloud infrastructure disaster recovery capabilities that are combined with Satellite features. Provide backups for Maximo Application Suite data retention.
Service management	Customer wants a fully managed service
Other	Shorten the time required to upgrade from Maximo 7.x to Maximo Application Suite 8.x
	Use a managed ROKS service helping customers that might not have the level of skill in Red Hat OpenShift to operate to the level required
	Provide an Image Replication migration solution that minimizes disruption during cut-over
	Access customer's existing Red Hat Container Registry
	Use multiple Satellite locations to enable disaster recovery for Maximo Application Suite applications

IBM Cloud Satellite is a fully managed offering and there are certain responsibilities that are shared by IBM and the customer. For more information about the table and the corresponding task details, see Satellite responsibilities.

Components

For a list of Satellite-related components, see Overview. The following table lists the components for setting up Maximo Application Suite Core, on Red Hat OpenShift on-premises as a Managed Cloud Service by using IBM Cloud Satellite. It represents the minimum resources that are needed to successfully install medium-sized Maximo Application Suite Core.

More resources might be needed to support specific workloads. For more information, see Prerequisite software.

Table 2. Pattern components
Aspect	Component	How the component is used
Compute	Hosts	Virtual machine (VM) or Bare Metal Server Host OS: RHEL 8.x
	Satellite worker nodes hosts: Red Hat OpenShift (Customer Workload Cluster)	8 vCPU and 32 GB RAM x 6
	Satellite worker nodes hosts : Other Satellite-enabled services	Based on Satellite-enabled service, which includes MongoDB as required by Maximo Application Suite core. This solution pattern does not include any other Maximo Application Suite application.
	Containers	Managed Red Hat OpenShift on Satellite
	Red Hat OpenShift cluster	It's recommended to use even-numbered Red Hat OpenShift Container Platform versions
	Red Hat OpenShift cluster services	These services are required by Maximo Application Suite Core and all its applications. Red Hat Certificate Manager IBM Suite license service Service Binding Operator User Data Servies (UDS). Starting with Maximo Application Suite 8.10.10, UDS is replaced with IBM Data Reporter Operator (DRO).
	Workload isolation	Single cluster for all workloads
	Container Images Registry	IBM Cloud Container Registry on IBM Cloud (cp.icr.io) Quay Registry (quay.io) Red Hat Registry (registry.redhat.io)
	Bastion host	Bastion host, external to the Red Hat OpenShift is useful when installing Maximo Application Suite core, Cloud Pak for Data (CP4D), and other prerequisites into the Red Hat OpenShift cluster.
Storage: Primary	Red Hat® OpenShift cluster	Control plane worker nodes host local storage Data plane worker nodes offer Red Hat OpenShift Data Foundation (ODF) internal storage for application data, registry, logging, metrics. Recommend 15 GB - 25 GB of disk storage per CPU allocated to the compute nodes. Maximo Application Suite provides a license for IBM Storage Fusion, with limitations, that includes the IBM delivery of ODF.
Storage: Backup	Red Hat OpenShift workload data	Customer can choose to use Cloud Object Storage on IBM Cloud
Networking	Enterprise Connectivity	Maximo Application Suite uses networking setup by Red Hat OpenShift Container Platform for its internal communications. See
		Connectivity from the cluster to external endpoints except in an air-gapped deployment
		Connectivity into the cluster for web browsers to access the Maximo Application Suite control plane and applications
		Connectivity from the Web Browsers to external Internet endpoints via port 443
	Load balancers	External load balancers to access protocol endpoints that are used to communicate with Red Hat OpenShift Container Platform and with the applications
	Segmentation	Maximo Application Suite is configured to enable least-privilege access throughout the product with a default deny-all policy
	Red Hat® OpenShift cluster	Container network policies
	DNS	Client DNS at Satellite location
Data	Data services	Dependent on the Maximo Application Suite application. MongoDB is required for Maximo Application Suite core only.
	MongoDB	Maximo Application Suite uses MongoDB for its data dictionary and local user management. In this solution, Satellite-enabled MongoDB service is used.
	Cloud Pak for Data Services	While Maximo Application Suite includes an entitlement to use Cloud Pak for Data, it is not a prerequisite for Maximo Application Suite core. Db2 Warehouse is another Cloud Pak for Data component that is used by Maximo Application Suite applications like Maximo Manage and Maximo Health. Db2 Warehouse is not a prerequisite for Manage. Db2 11.5 can be used and is installed by the Db2 Universal Operator.
Security	Connectivity	DNS should contain the domain names If Firewall is present, it should allow TCP/IP connections from Red Hat OpenShift Container Platform nodes to port 443 of external sites
Security: Data
Data encryption at rest	Satellite control plane backup storage	Cloud Object Storage encrypted with provider keys
	Satellite worker nodes data	Worker nodes storage encryption: Customer
	Red Hat OpenShift cluster persistent storage	Cluster volume encryption with Kubernetes Secret
Data encryption in transit	Satellite Link	Encryption that uses TLS
	Red Hat OpenShift cluster workloads	App-level encryption that uses TLS
	Certificate issuer	By default, Maximo Application Suite provides a cluster issuer that generates self-signed certificates. Customers have the option to provide their certificate issuer. Maximo Application Suite uses IBM® Certificate Manager for automatic management and issuance of TLS certificates.
Security: Identity and Access Management (IAM)	LDAP server SAML server	The LDAP server must support the secure LDAP (LDAPS) protocol. Non-TLS connections are not supported. Maximo Application Suite core maintains a registry of users. You can specify which users have access to which Maximo Application Suite applications.
	Satellite services: Red Hat OpenShift for Customer Workloads Cluster	IBM Cloud IAM Roles Kubernetes role-based access control (RBAC) roles
IAM: Application	Runtime security (WAF and DDoS)	Bring your own Edge Security
IAM: Infrastructure and endpoint	Core Network Protection	Subnets and firewall rules
IAM: Threat detection and response	Threat detection	Customer SIEM tool, for example, Splunk
Resiliency: High availability	Satellite Host Nodes: control and worker nodes	Multi-zone deployment
	Red Hat OpenShift workloads	Multi-zone Red Hat OpenShift cluster
Resiliency: Backup	Red Hat OpenShift clusters	Portworx PX Backup for Kubernetes
Service management: Monitoring	IBM® Maximo® Application Suite	Configure Red Hat OpenShift cluster monitoring and install Grafana to monitor Maximo Application Suite Maximo Application Suite uses the Prometheus monitoring stack within OCP for application level metrics IBM Satellite Monitoring Tool for infrastructure
	Red Hat® OpenShift clusters	IBM Cloud Monitoring
Service management: Logging	Satellite location and hosts	IBM Satellite Log Analysis tool IBM Cloud® Log Analysis
	Red Hat® OpenShift clusters	IBM Cloud Log Analysis
Service management: Auditing	Satellitee location events	IBM Cloud® Activity Tracker
	Red Hat® OpenShift clusters	IBM Cloud® Activity Tracker
Service management: Email	SMTP server	External SMTP server is required to configure Maximo Application Suite core, Maximo Manage, and other applications to send emails to users.