Alcatel-Lucent Rainbow™ is a cloud-based, enterprise-grade, Unified Communication as a Service hybrid cloud approach. Rainbow offers a global solution for collaboration and communications while addressing the specific needs of ALE’s end-customers. Whether it is a small business requiring cost-effective mobility or a multinational organization that wants a single standard for unified communications across their complex IT, broad geography and business process environment - Rainbow can address their UC needs. Rainbow features a scalable cloudcomputing UCaaS and CPaaS platform designed with high-availability and resilience in mind.
Guaranteeing ALE users’ confidentiality, integrity and availability of their data while maintaining their trust and confidence is also a high priority.
Hyperscale cloud architecture
Rainbow services are hosted on a global mesh of highly efficient data-centers spread across regions around the world. User data is currently bound to six key regions: North America, Caribbean and Latin America, Europe Middle-East Africa, Germany, Asia- Pacific, Australia-New Zealand. ALE’s primary data-centers are in Canada, USA, Brazil, France, Germany, Singapore, and Australia.
Secondary data-centers, hosting no data but acting as cache and media relays only, reside in the United States, South Africa, Middleeast/ Bahrain and Japan. These locations offload the network infrastructure by providing Rainbow’s users direct local access to static resources through an IP AnyCast mechanism as well as media relays, and increase the webRTC audio and video perceived quality during webRTC conferences, peer to peer calls and hybrid telephony/WRG calls.
All ALE data-centers, regardless of their location and hosting provider, are tightly interconnected, through either dedicated black fiber or SD-WAN compatible technologies, allowing ALE to ensure 100% connectivity reliability, maximizing local bandwidth and throughput while minimizing latency providing a best-in-class user experience. ALE also offers a dedicated datacenter in China for local market specificities and one hosting healthcare sensitive data in France.
Global Traffic Director
From an end user’s perspective, Rainbow services are accessible through GeoDNSrelated technologies. With Global Traffic Director (GTD) enabled, our DNS servers provide different routes to our infrastructure, based on the origin of queries. Based on global worldwide IP maps, source queries are mapped to key regions: Europe (world-wide default), US West, Asia Pacific, Latin America and Oceania. Such a mapping can even be fine-tuned at the country level through various GeoIP mechanisms in place.
The consequence of such an approach is to always route users to the closest point of presence to access Rainbow services, regardless of roaming characteristics, minimizing global latency.
For each zone, ALE’s DNS provides a pool of load balancers, ensuring region-wise scalability and high availability. By using continuous probing and monitoring, any given zone being in temporary degraded state can be coped with, through automatic failover to resilient regions, providing service continuity through global routing.
Geographical failover and redundancy
With redundancy across regions being covered, Rainbow services usually provide additional intra-region redundancy through multiple, geographically isolated datacenters inside a given region.
Each site and data-center features a fullblown set of Rainbow application servers, having each site fully autonomous and working in an active-active approach. DNS servers route users’ requests to one of the many Internet-facing load balancers in the different sites. Requests are then forwarded vertically to the various backend services using a local affinity policy. This ensures that, while being tightly interconnected with all remote sites, once a request has reached a given data-center, it stays there, as to minimize latency and maximize user experience.
In the unfortunate event of partial local disturbance on a given data-center, requests are then automatically routed back to another data-center from the region, as to provide traffic failover.For data-at-rest services (such as databases or object storage), all sites of a given region are part of a single, massively coherent cluster or dataset, and instances of such services are replicated through private dedicated links from 10 to 40 Gb/s with minimal latency. This enforces data-center durability and reliability, allowing Rainbow services from a given region to remain operational and survive a possible data-center interruption.
Unbounded infrastructure scaling
Each region and data-center being fully autonomous, it features all possible software and system components from Rainbow’s architecture. Each site then offers public Internet-facing servers where users connect, acting either as load-balancers or WebRTC media relays. As for any other internal Rainbow service instances, they go with infinite horizontal and vertical scaling capabilities and grow to accommodate the generated traffic load. These public entry points, being frontal, offer all possible levels of Internet-related security.
Consequently, they only accept TLSv1.2+ secured WSS and HTTPS connection and other level of extended security as presented in “Rainbow Security White Paper.” Each loadbalancer and media relay instance have public Internet access and offers from 1 Gb/s to 2 Gb/s (on burst) inbound and outbound traffic. Requests are then internally forwarded back to fully stateless applicationlevel micro-services, providing Web and API services, either based on round-robin, dynamic weighting or connection stickiness policies (or a combination of them).
Rainbow’s infrastructure backend side relies on heavily scalable, geographically and locally redounded and replicated data store, keeping both ephemeral and persistent data at rest. Rainbow hosts both user-related usage and business data through MariaDB SQL and MongoDB NoSQL technologies and infrastructure-related internal metrics using Prometheus time-series formatted database. Different layers of backend cross-sites cache and object storage mechanisms are in place as to allow bi-directional local micro-services acceleration and users’ file storage. Each data-center and region then features logs and backup sinks.
All software components from every Rainbow service internally dump their access and system logs to local clusters, ensuring global region-wise monitoring and coherency, and legal logs persistence, never impairing dataprivacy compliance. Each Rainbow datacenter also features a dedicated edge gateway serving multiple purposes. Its main goal is to provide the various networking (routing, DHCP, DNS, and more) and security (firewall, ACLs, and more) services to local servers from a given data-center.
The second goal is providing Layer-2 encrypted cross-connections to remote datacenters, featuring SD-WAN oriented technologies such as VXLAN, EVPN and DMVPN.
Regional data-privacy boundary
The protection of customer data being paramount, ALE built its infrastructure mechanisms and processes to ensure in-depth security to respect data privacy. Since Rainbow is a global service, all regions are natively cross-connected, allowing users interconnections regardless of their respective data location, thanks to multiregions services federation.
User data remains stored to geographies they (or their associated companies) belong to, ensuring legal conformance wherever it applies. Each region then features a mix of local and global data sets, depending on the nature of the data itself.
We ensure that all private user data (whether it is stored in the various databases or being stored as files in our object storages) remains local to the region it is from. Only anonymous business-related and non user-generated data are asynchronously replicated across regions, enabling global service coherency and user roaming, allowing users to connect from any location around the globe, while fetching their data from the region they’re stored at.
Site reliability engineering
Rainbow Operations team employs industrystandard diagnostic procedures to drive resolution during business-impacting events. ALE’s SRE team is comprised of several network, system, infrastructure, security and database experts whose goals are to ensure ultra-scalability and high reliability of system components. The team provides 24x7x365 coverage to detect incidents and manage impact and resolution, with a 99.95% Service Level Objective (SLO) on critical infrastructure parts and delivers contractual 99.9% Service Level Agreement (SLA) for global services. Rainbow servers all run on GNU/Linux Debian distribution, configured to always follow the latest security branch, ensuring system packages get upgraded in case of zero-day breaches.