> For the complete documentation index, see [llms.txt](https://academy.cegedim.cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://academy.cegedim.cloud/databases/redis/redis-features.md).

# Redis - Features

Redis is self-service deployable via our cloud platform management tool: ITCare.

## Topologies

Two topologies are available:

* Standalone instance
* Sentinel cluster

In both cases, you can choose whether or not to persist data on disk at the time of the creation request, see [#persistence](#persistence "mention")

### Standalone instance

Once deployed, the stand-alone instance can be accessed on listening port 6379.

### Sentinel cluster

The Redis Sentinel cluster is deployed on 3 instances distributed over all the Availability Zones of an Area.

Once deployed, the cluster is accessible on listening port 6379.

#### Special features in cluster mode

* Each instance runs Redis **and** Sentinel processes
* Sentinel listening port: 26379
* Of the 3 instances, one is primary and the other two are replicas
* Replicas are open read-only

## Persistence

Persistence refers to the writing of data to durable storage, such as a solid-state disk (SSD). Redis provides a range of persistence options. These include:

* **RDB** (Redis Database): RDB persistence performs point-in-time snapshots of your dataset at specified intervals.
* **AOF** (Append Only File): AOF persistence logs every write operation received by the server. These operations can then be replayed again at server startup, reconstructing the original dataset. Commands are logged using the same format as the Redis protocol itself.
* **No persistence**: You can disable persistence completely. This is sometimes used when caching.
* **RDB + AOF**: You can also combine both AOF and RDB in the same instance.

{% embed url="<https://redis.io/docs/management/persistence/>" %}

<table><thead><tr><th width="285">Scenario</th><th>Parameter</th></tr></thead><tbody><tr><td>if <strong>RDB</strong> is enabled</td><td><ul><li>save 3600 1</li><li>save 300 100</li><li>save 60 10000</li></ul></td></tr><tr><td>if <strong>AOF</strong> is enabled</td><td><ul><li>append fsync every sec</li></ul></td></tr></tbody></table>

### Resiliency <a href="#redisarchitecture-resiliency" id="redisarchitecture-resiliency"></a>

If the primary is down, a replica will be automatically promoted as the new primary and the other replica will be reconfigured automatically to follow the new master.

Sentinel will give you the master node and the replicas nodes.

## Features <a href="#redisarchitecture-caracteristiques" id="redisarchitecture-caracteristiques"></a>

This section is to list which feature / capabilities are available to customer, and how to request / perform them :

<table data-header-hidden><thead><tr><th width="176"></th><th></th></tr></thead><tbody><tr><td><strong>Self Service</strong></td><td>Customer can perform action autonomously.</td></tr><tr><td><strong>On Request</strong></td><td>Customer can request for the action to be done to cegedim.cloud support team.</td></tr></tbody></table>

<table data-full-width="true"><thead><tr><th width="323">Features</th><th width="137" data-type="checkbox">Self Service</th><th width="145.5" data-type="checkbox">On Request</th><th>Comments</th></tr></thead><tbody><tr><td>SSH access</td><td>false</td><td>false</td><td>SSH access is disabled and reserved to cegedim.cloud administrators.</td></tr><tr><td>Redis/Sentinel access</td><td>true</td><td>true</td><td>Customer can log in with an account to Redis and Sentinel (password defined by customer in the provisioning wizard).</td></tr><tr><td>Change configuration file</td><td>false</td><td>true</td><td>On request via ticket.</td></tr></tbody></table>

## High level diagram

Looking at the image again: the arrowheads point **toward the Redis/Sentinel boxes** (left), not toward the client. The client initiates each interaction — it reads/writes data and queries Sentinel — so the arrows flow from client to the nodes.

My version has them reversed. Corrected:

```mermaid
graph LR
    client["👤 Client"]

    subgraph aza["Availability Zone A"]
        direction TB
        rA["📕 Redis (Primary)<br/>Port 6379"]
        sA["📒 Sentinel<br/>Port 26379"]
    end

    subgraph azb["Availability Zone B"]
        direction TB
        rB["📕 Redis (Replica)<br/>Port 6379"]
        sB["📒 Sentinel<br/>Port 26379"]
    end

    subgraph azc["Availability Zone C"]
        direction TB
        rC["📕 Redis (Replica)<br/>Port 6379"]
        sC["📒 Sentinel<br/>Port 26379"]
    end

    client -->|Read/Write data| rA
    client -->|Read only data| rB
    client -->|Read only data| rC
    client -->|Get master/replicas address| sA
    client -->|Get master/replicas address| sB
    client -->|Get master/replicas address| sC

    style client fill:#dde8f5,stroke:#000,stroke-width:2px,color:#000
    style aza fill:#eef2fb,stroke:#000,stroke-width:2px,color:#000
    style azb fill:#eef2fb,stroke:#000,stroke-width:2px,color:#000
    style azc fill:#eef2fb,stroke:#000,stroke-width:2px,color:#000
    style rA fill:#d62728,stroke:#8b0000,stroke-width:2px,color:#fff
    style rB fill:#d62728,stroke:#8b0000,stroke-width:2px,color:#fff
    style rC fill:#d62728,stroke:#8b0000,stroke-width:2px,color:#fff
    style sA fill:#f1c40f,stroke:#9a7d0a,stroke-width:2px,color:#000
    style sB fill:#f1c40f,stroke:#9a7d0a,stroke-width:2px,color:#000
    style sC fill:#f1c40f,stroke:#9a7d0a,stroke-width:2px,color:#000
```

## Configuration

### Product configuration <a href="#redisarchitecture-configurationduproduit" id="redisarchitecture-configurationduproduit"></a>

<table data-full-width="true"><thead><tr><th width="200">Parameter</th><th width="294">Custom value</th><th width="113.5" data-type="checkbox">Enforced</th><th>Comments</th></tr></thead><tbody><tr><td>bind</td><td>@IP 127.0.0.1</td><td>false</td><td>Listening address</td></tr><tr><td>timeout</td><td>300</td><td>false</td><td>Close the connection after a client is idle for N seconds (0 to disable)</td></tr><tr><td>logfile</td><td>/var/log/redis/redis-server.log</td><td>true</td><td>Log file path</td></tr><tr><td>supervised</td><td>systemd</td><td>true</td><td>Supervision interaction</td></tr></tbody></table>

If **AOF persistence** is active, the following parameters will be applied:

<table data-full-width="false"><thead><tr><th>Parameter</th><th>Custom value</th><th data-type="checkbox">Enforced</th></tr></thead><tbody><tr><td>appendonly</td><td>yes</td><td>false</td></tr><tr><td>dir</td><td>/var/lib/redis/persistance</td><td>true</td></tr><tr><td>appendfsync</td><td>everysec</td><td>false</td></tr></tbody></table>

if **RDB** is active, the following parameters will be applied:

<table data-full-width="false"><thead><tr><th>Parameter</th><th>Custom value</th><th data-type="checkbox">Enforced</th></tr></thead><tbody><tr><td>save</td><td>3600 1</td><td>false</td></tr><tr><td>save</td><td>300 100</td><td>false</td></tr><tr><td>save</td><td>60 10000</td><td>false</td></tr><tr><td>rdb_compression</td><td>yes</td><td>false</td></tr><tr><td>rdbchecksum</td><td>yes</td><td>false</td></tr><tr><td>dir</td><td>/var/lib/redis/persistance</td><td>true</td></tr></tbody></table>

### Kernel configuration <a href="#redisarchitecture-kernelconfiguration" id="redisarchitecture-kernelconfiguration"></a>

The following kernel parameters have been modified to optimize operating system performance for Redis :

* vm.overcommit\_memory = 1
* vm.swappiness = 1
* net.core.somaxconn = 65535

## Security <a href="#redisarchitecture-securite" id="redisarchitecture-securite"></a>

### Authentification <a href="#redisarchitecture-authentification" id="redisarchitecture-authentification"></a>

The authentication mode used is internal: Redis 6 ACL.

Passwords are hashed with SHA-256 and do not appear in plain text in the ACL file.

### Autorisations <a href="#redisarchitecture-autorisations" id="redisarchitecture-autorisations"></a>

Redis 6 ACLs are used to manage authorizations.

On Sentinel, the dedicated client account has rights to :

{% code overflow="wrap" %}

```
~* &* +@all -@dangerous +ACL|GETUSER +INFO +sentinel|GET-MASTER-ADDR-BY-NAME +sentinel|IS-MASTER-DOWN-BY-ADDR +sentinel|MASTER +sentinel|MASTERS +sentinel|MYID +sentinel|REPLICAS +sentinel|SLAVES +sentinel|SENTINELS
```

{% endcode %}

On Redis, the dedicated customer account has rights to :

{% code overflow="wrap" %}

```
~* &* +@all -@dangerous +ACL|GETUSER +INFO +CONFIG|GET +CONFIG|HELP
```

{% endcode %}

### Secure Transport <a href="#redisarchitecture-transportsecurise" id="redisarchitecture-transportsecurise"></a>

The customer can choose whether or not to activate TLS transport when requesting self-service creation via ITCare.

### Password <a href="#redisarchitecture-motsdepasse" id="redisarchitecture-motsdepasse"></a>

This section describes password management:

<table data-full-width="true"><thead><tr><th width="230.2">Password</th><th width="231" data-type="checkbox">Stored by cegedim.cloud</th><th data-type="checkbox">Stored by customer</th><th width="139" data-type="checkbox">Enforced</th><th>Hash</th></tr></thead><tbody><tr><td>customer account</td><td>false</td><td>true</td><td>false</td><td>SHA-256</td></tr><tr><td>ANY other account</td><td>false</td><td>true</td><td>false</td><td>SHA-256</td></tr><tr><td>cgdm_admin account</td><td>true</td><td>false</td><td>true</td><td>SHA-256</td></tr><tr><td>cgdm_monitor account</td><td>true</td><td>false</td><td>true</td><td>SHA-256</td></tr></tbody></table>

## Monitoring <a href="#redisarchitecture-surveillance" id="redisarchitecture-surveillance"></a>

The following items are monitored and are accessible in ITCare.

<table data-full-width="false"><thead><tr><th width="395">Alerts</th><th>Description</th></tr></thead><tbody><tr><td>DBS_REDIS_CLI_CLIENTS</td><td>Check connected clients count</td></tr><tr><td>DBS_REDIS_CLI_AOF_STATUS</td><td>Check aof status</td></tr><tr><td>DBS_REDIS_CLI_COMMANDS</td><td>Number of commands processed</td></tr><tr><td>DBS_REDIS_CLI_CONNECTIONS</td><td>Number of connections</td></tr><tr><td>DBS_REDIS_CLI_CPU</td><td>CPU usage</td></tr><tr><td>DBS_REDIS_CLI_MEMORY</td><td>Memory usage</td></tr><tr><td>DBS_REDIS_CLI_REPL_REPLICAS_COUNT</td><td>Check replicas count</td></tr><tr><td>DBS_REDIS_CLI_RDB_STATUS</td><td>RDB status</td></tr><tr><td>DBS_REDIS_SENTINEL_MASTER_UP</td><td>Checks the status of the master from Sentinel</td></tr><tr><td>DBS_REDIS_SENTINEL_SLAVES_COUNT</td><td>Check replicas count from Sentinel</td></tr><tr><td>DBS_REDIS_SENTINEL_SENTINELS_COUNT</td><td>Check Sentinelscount</td></tr><tr><td>DBS_REDIS_SENTINEL_QUORUM</td><td>Check quorum status</td></tr><tr><td>TLS_REDIS_CERT_EXPIRATION</td><td>Check Redis certificate expiration</td></tr><tr><td>TLS_SENTINEL_CERT_EXPIRATION</td><td>Check Sentinel certificate expiration</td></tr></tbody></table>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://academy.cegedim.cloud/databases/redis/redis-features.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
