Private cloud and on-prem database architectures with ClusterControl

ClusterControl is a platform used by organizations to automate the operations of 100s of database clusters on-premise, in the cloud and hybrid environments. With ClusterControl, you can easily and seamlessly support the full-ops approach through providing a complete database management lifecycle across local data-centers and on public cloud providers.

Our platform empowers teams to use multi and hybrid cloud for their database infrastructure without the fear of cloud vendor-lock in (“Cloud Mobility”).

Architecture

ClusterControl is a small and lightweight stack which consists of the following components:

• End-user web-based portal: Running on a classic LAMP stack.
• Command-line client: Interactive command-line tool to interact with ClusterControl with a complete feature set to manage databases clusters from a console.
• cmon controller: The core service is responsible for managing and monitoring the database clusters and auxiliary nodes such as load balancers.
• cmon ssh: Provides web-based SSH console access to the nodes.
• cmon cloud: Provides integration with various cloud providers.
• cmon events: Provides alerts and notifications to web-based portals and other services.

ClusterControl uses agent-less monitoring by default which requires no additional software to be installed on the nodes besides providing SSH connectivity. The “zero bootstrapping” and small footprint makes it effortless to install and get started with a fully functional database management service within an hour.

In addition, the ClusterControl Command-Line and RPC – Remote Procedure Call API provides powerful and complete integration endpoints with configuration management software such as Ansible or Terraform.

Many of our users leverage their expertise with these de-facto industry-standard configuration management software and tools to provision infrastructure in combination with ClusterControl’s “headless” options.

The end result is a fully automated private database management service used within their organization.

The most common production environment is running ClusterControl in your local data center on the same private subnet as the database nodes. The database replication traffic can further be isolated into a separate logical subnet to improve network security and performance.

Database nodes run on physical servers or virtual machines provisioned for example with VMWare or Nutanix.

In the above example, VMWare is used to provision virtual machines for the nodes while Nutanix is used to manage and abstract the physical resources such as the servers and storage.

See the online documentation for the full ClusterControl user and administration documentation.

Virtual Private Network

A virtual private network – VPN extends a private network across shared and public networks and enables sending and receiving data between servers as if they were directly part of the same private network. Applications running across a VPN benefit from the same functionality, security, and management of a private network.

ClusterControl is inherently agnostic to where nodes are running as long as they have an IP address and reachable/routable from the ClusterControl host.

A VPN setup allows us to manage clusters and nodes on physical servers or on virtual machines either in local data centers, in private or public clouds as if they were all running on the same private network. All traffic is encrypted and secure.

Using for example WireGuard as the VPN to encrypt point-to-point connections you are able to get throughput speeds close to the maximum network link bandwidth with very low CPU utilization.

A multi-cloud VPN network can easily be achieved that spans across local data centers and multiple public clouds. A WireGuard network “mesh” provides an abstraction of where the nodes would be physically running.

By carefully selecting where the database nodes should be deployed you can have ClusterControl manage and monitor database clusters running in:

• Local data centers
• Public clouds
• Multiple public clouds
• Hybrid public or private clouds

Security

ClusterControl requires passwordless SSH connections from its host to the cluster nodes. SSH provides a secure channel over unsecured networks and is the de-facto standard for any remote communication with servers.

In addition to secure communication channels, ClusterControl provides a number of features to enable encryption for data at rest for backups or data-in-transit with replication data.

In certain edge cases, SSH tunnels can also be used to make sure all communication and data are encrypted such as when setting up a cluster to cluster replication to public clouds which are not part of your VPN.