Documentation > Server > Deployment

Deployment Guide

Production deployment strategies and best practices for scalable, secure, and reliable SysManage infrastructure.

Deployment Overview

SysManage can be deployed in various configurations depending on your infrastructure requirements, from single-server setups to highly available multi-node clusters.

🖥️ Single Server Deployment

Ideal for small to medium environments (up to 100 hosts)

  • Single server hosts all components
  • PostgreSQL database on same server
  • Simple configuration and maintenance
  • Lower resource requirements

🔄 High Availability Deployment

Production environments requiring zero downtime

  • Multiple application servers
  • Load balancer with SSL termination
  • Database clustering with failover
  • Redundant network and storage

☁️ Cloud Deployment

Scalable cloud-native deployment options

  • Container orchestration (Kubernetes)
  • Auto-scaling capabilities
  • Managed database services
  • Multi-region availability

Production Checklist

Pre-Deployment

Security Configuration

Performance Optimization

Single Server Deployment

System Requirements

Component Minimum Recommended
CPU 2 cores 4+ cores
RAM 4 GB 8+ GB
Storage 20 GB SSD 50+ GB SSD
Network 100 Mbps 1 Gbps

Installation Steps

# 1. Update system packages
sudo apt update && sudo apt upgrade -y

# 2. Install dependencies
sudo apt install -y python3.12 python3.12-venv python3-pip postgresql postgresql-contrib nginx

# 3. Create application user
sudo useradd -m -s /bin/bash sysmanage

# 4. Clone repository
sudo -u sysmanage git clone https://github.com/bceverly/sysmanage.git /home/sysmanage/sysmanage

# 5. Setup Python environment
cd /home/sysmanage/sysmanage
sudo -u sysmanage python3.12 -m venv .venv
sudo -u sysmanage .venv/bin/pip install -r requirements.txt

# 6. Install Node.js and frontend dependencies
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs
cd frontend && sudo -u sysmanage npm install && sudo -u sysmanage npm run build

# 7. Configure PostgreSQL
sudo -u postgres createuser -P sysmanage
sudo -u postgres createdb -O sysmanage sysmanage

Production Configuration

# /etc/sysmanage.yaml
database:
  host: localhost
  port: 5432
  name: sysmanage
  user: sysmanage
  password: "your_secure_password"

webui:
  host: 0.0.0.0
  port: 6443
  https: true
  ssl_cert: "/etc/ssl/certs/sysmanage.crt"
  ssl_key: "/etc/ssl/private/sysmanage.key"

authentication:
  jwt_secret: "your_jwt_secret_key_here"
  token_expire_minutes: 60

logging:
  level: INFO
  file: "/var/log/sysmanage/sysmanage.log"

High Availability Deployment

Architecture Overview

    [Load Balancer (HAProxy/Nginx)]
                    |
         +----------+----------+
         |                     |
    [App Server 1]        [App Server 2]
         |                     |
         +----------+----------+
                    |
            [PostgreSQL Cluster]
            (Primary + Standby)

Load Balancer Configuration

Nginx Configuration

# /etc/nginx/sites-available/sysmanage
upstream sysmanage_backend {
    least_conn;
    server 10.0.1.10:6443 max_fails=3 fail_timeout=30s;
    server 10.0.1.11:6443 max_fails=3 fail_timeout=30s;
}

server {
    listen 443 ssl http2;
    server_name sysmanage.yourdomain.com;

    ssl_certificate /etc/ssl/certs/sysmanage.crt;
    ssl_certificate_key /etc/ssl/private/sysmanage.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;

    location / {
        proxy_pass https://sysmanage_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # Health check endpoint
    location /health {
        proxy_pass https://sysmanage_backend/health;
        access_log off;
    }
}

Database Clustering

PostgreSQL Streaming Replication

# Primary server postgresql.conf
listen_addresses = '*'
wal_level = replica
max_wal_senders = 3
max_replication_slots = 3
synchronous_commit = on
synchronous_standby_names = 'standby1'

# Standby server recovery.conf
standby_mode = 'on'
primary_conninfo = 'host=primary_ip port=5432 user=replicator'
recovery_target_timeline = 'latest'

Container Deployment

Docker Compose

# docker-compose.yml
version: '3.8'

services:
  sysmanage:
    build: .
    ports:
      - "6443:6443"
    environment:
      - DATABASE_URL=postgresql://sysmanage:password@db:5432/sysmanage
      - JWT_SECRET=your_jwt_secret
    depends_on:
      - db
    volumes:
      - ./config:/etc/sysmanage
      - logs:/var/log/sysmanage

  db:
    image: postgres:15
    environment:
      - POSTGRES_DB=sysmanage
      - POSTGRES_USER=sysmanage
      - POSTGRES_PASSWORD=password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"

  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./ssl:/etc/ssl/certs
    depends_on:
      - sysmanage

volumes:
  postgres_data:
  logs:

Kubernetes Deployment

# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sysmanage
  labels:
    app: sysmanage
spec:
  replicas: 3
  selector:
    matchLabels:
      app: sysmanage
  template:
    metadata:
      labels:
        app: sysmanage
    spec:
      containers:
      - name: sysmanage
        image: sysmanage:latest
        ports:
        - containerPort: 6443
        env:
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: sysmanage-secrets
              key: database-url
        resources:
          requests:
            memory: "512Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 6443
            scheme: HTTPS
          initialDelaySeconds: 30
          periodSeconds: 30

Monitoring & Logging

System Monitoring

Prometheus Configuration

# prometheus.yml
global:
  scrape_interval: 15s

scrape_configs:
  - job_name: 'sysmanage'
    static_configs:
      - targets: ['localhost:6443']
    metrics_path: /metrics
    scheme: https

Health Check Endpoint

# Built-in health check
curl -k https://localhost:6443/health

# Response
{
  "status": "healthy",
  "database": "connected",
  "version": "1.0.0",
  "uptime": "72h15m30s"
}

Log Management

# Logrotate configuration (/etc/logrotate.d/sysmanage)
/var/log/sysmanage/*.log {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    create 644 sysmanage sysmanage
    postrotate
        systemctl reload sysmanage
    endscript
}

# Centralized logging with rsyslog
# /etc/rsyslog.d/sysmanage.conf
:programname, isequal, "sysmanage" /var/log/sysmanage/sysmanage.log
& stop

Backup & Disaster Recovery

Database Backup

# Automated backup script
#!/bin/bash
# /usr/local/bin/backup_sysmanage.sh

BACKUP_DIR="/backup/sysmanage"
DATE=$(date +%Y%m%d_%H%M%S)
DB_NAME="sysmanage"

# Create backup directory
mkdir -p $BACKUP_DIR

# Database backup
pg_dump -h localhost -U sysmanage $DB_NAME | gzip > $BACKUP_DIR/db_backup_$DATE.sql.gz

# Configuration backup
tar -czf $BACKUP_DIR/config_backup_$DATE.tar.gz /etc/sysmanage/

# Keep only last 30 days
find $BACKUP_DIR -name "*.gz" -mtime +30 -delete

# Cron entry: 0 2 * * * /usr/local/bin/backup_sysmanage.sh

Disaster Recovery Plan

  1. Assessment: Determine scope of failure and affected systems
  2. Communication: Notify stakeholders and users of the incident
  3. Isolation: Isolate failed components to prevent further damage
  4. Recovery: Restore from backups or failover to standby systems
  5. Verification: Test restored systems and verify functionality
  6. Post-mortem: Document incident and improve procedures

Performance Optimization

Database Tuning

# PostgreSQL optimization settings
# postgresql.conf

# Memory settings
shared_buffers = 256MB                  # 25% of RAM
effective_cache_size = 1GB              # 75% of RAM
work_mem = 4MB
maintenance_work_mem = 64MB

# Checkpoint settings
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100

# Connection settings
max_connections = 200

# Query optimization
random_page_cost = 1.1                  # For SSD storage
effective_io_concurrency = 200          # For SSD storage

Application Tuning

# Uvicorn production settings
uvicorn backend.main:app \
  --host 0.0.0.0 \
  --port 6443 \
  --workers 4 \
  --worker-class uvicorn.workers.UvicornWorker \
  --ssl-keyfile /etc/ssl/private/sysmanage.key \
  --ssl-certfile /etc/ssl/certs/sysmanage.crt \
  --access-log \
  --log-level info

Caching Strategy

  • Redis: Session storage and temporary data caching
  • CDN: Static asset delivery and geographic distribution
  • Application Cache: Database query result caching
  • Browser Cache: Client-side asset caching with appropriate headers

Security Hardening

Network Security

# Firewall rules (ufw example)
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow from 10.0.1.0/24 to any port 5432  # Database access
sudo ufw enable

# Fail2ban configuration
# /etc/fail2ban/jail.local
[sysmanage]
enabled = true
port = 443
filter = sysmanage
logpath = /var/log/sysmanage/access.log
maxretry = 3
bantime = 3600

Application Security

  • HTTPS Only: Enforce TLS for all connections
  • HSTS: HTTP Strict Transport Security headers
  • CSP: Content Security Policy implementation
  • Rate Limiting: API endpoint rate limiting
  • Input Validation: Comprehensive input sanitization
  • Audit Logging: Log all administrative actions

Maintenance & Updates

Update Procedure

  1. Backup: Create full system backup before updates
  2. Testing: Test updates in staging environment
  3. Maintenance Window: Schedule maintenance with user notification
  4. Update: Apply updates following documented procedures
  5. Verification: Verify all systems function correctly
  6. Rollback Plan: Have rollback procedures ready if needed

Maintenance Tasks

Daily

  • Monitor system health and performance
  • Review application logs for errors
  • Verify backup completion

Weekly

  • Review security logs and alerts
  • Update system packages
  • Test backup restoration procedures

Monthly

  • Security vulnerability assessment
  • Performance analysis and optimization
  • Capacity planning review