So the last few days has seen me putting together a target hardware design for the customer's current system to be migrated onto. The current architecture is one that was put together by the previous project team, and although the security aspects are well documented there isn't much about why certain components where deployed in the locations that they were. As the platform grew, certain servers ended up with additional components purely because it was easier to deploy them there than to find out how to properly manage constraints such as firewalls etc.
The new architecture will hopefully give better scalability and resilience - where practicable single points of failure have been removed.Existing obsolete Solaris hardware has been replaced with the customers's standard build (LInux) and components have also been moved off some the creaking Windows virtual servers. I have introduced the concept of server roles and married them up with the appropriate firewall zones - the customer's Security Architects have been very helpful in this area.
The new architecture standardises on Linux (always better for running Java than Windows IMHO) and now has standardised system access for the team members, as well as standard monitoring so that the SYS Admins can manage the servers (disk, cpu and memory monitoring via their standard tools....) - one less headache for the Production Support team on the project.