# Redis - Features

Redis is self-service deployable via our cloud platform management tool: ITCare.

## Topologies

Two topologies are available:

* Standalone instance
* Sentinel cluster

In both cases, you can choose whether or not to persist data on disk at the time of the creation request, see [#persistence](#persistence "mention")

### Standalone instance

Once deployed, the stand-alone instance can be accessed on listening port 6379.

### Sentinel cluster

The Redis Sentinel cluster is deployed on 3 instances distributed over all the Availability Zones of an Area.

Once deployed, the cluster is accessible on listening port 6379.

#### Special features in cluster mode

* Each instance runs Redis **and** Sentinel processes
* Sentinel listening port: 26379
* Of the 3 instances, one is primary and the other two are replicas
* Replicas are open read-only

## Persistence

Persistence refers to the writing of data to durable storage, such as a solid-state disk (SSD). Redis provides a range of persistence options. These include:

* **RDB** (Redis Database): RDB persistence performs point-in-time snapshots of your dataset at specified intervals.
* **AOF** (Append Only File): AOF persistence logs every write operation received by the server. These operations can then be replayed again at server startup, reconstructing the original dataset. Commands are logged using the same format as the Redis protocol itself.
* **No persistence**: You can disable persistence completely. This is sometimes used when caching.
* **RDB + AOF**: You can also combine both AOF and RDB in the same instance.

{% embed url="<https://redis.io/docs/management/persistence/>" %}

<table><thead><tr><th width="285">Scenario</th><th>Parameter</th></tr></thead><tbody><tr><td>if <strong>RDB</strong> is enabled</td><td><ul><li>save 3600 1</li><li>save 300 100</li><li>save 60 10000</li></ul></td></tr><tr><td>if <strong>AOF</strong> is enabled</td><td><ul><li>append fsync every sec</li></ul></td></tr></tbody></table>

### Resiliency <a href="#redisarchitecture-resiliency" id="redisarchitecture-resiliency"></a>

If the primary is down, a replica will be automatically promoted as the new primary and the other replica will be reconfigured automatically to follow the new master.

Sentinel will give you the master node and the replicas nodes.

## Features <a href="#redisarchitecture-caracteristiques" id="redisarchitecture-caracteristiques"></a>

This section is to list which feature / capabilities are available to customer, and how to request / perform them :

<table data-header-hidden><thead><tr><th width="176"></th><th></th></tr></thead><tbody><tr><td><strong>Self Service</strong></td><td>Customer can perform action autonomously.</td></tr><tr><td><strong>On Request</strong></td><td>Customer can request for the action to be done to cegedim.cloud support team.</td></tr></tbody></table>

<table data-full-width="true"><thead><tr><th width="323">Features</th><th width="137" data-type="checkbox">Self Service</th><th width="145.5" data-type="checkbox">On Request</th><th>Comments</th></tr></thead><tbody><tr><td>SSH access</td><td>false</td><td>false</td><td>SSH access is disabled and reserved to cegedim.cloud administrators.</td></tr><tr><td>Redis/Sentinel access</td><td>true</td><td>true</td><td>Customer can log in with an account to Redis and Sentinel (password defined by customer in the provisioning wizard).</td></tr><tr><td>Change configuration file</td><td>false</td><td>true</td><td>On request via ticket.</td></tr></tbody></table>

## High level diagram

<figure><picture><source srcset="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-51f86ef5cd46f520b2131a358ca647df9913f40e%2Fdark_eng%20(22).png?alt=media" media="(prefers-color-scheme: dark)"><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-afda798d556d7a3692ccd44d3f5052d7a068a8e7%2Flight_eng%20(9).png?alt=media" alt="" width="563"></picture><figcaption><p>High level diagram</p></figcaption></figure>

## Configuration

### Product configuration <a href="#redisarchitecture-configurationduproduit" id="redisarchitecture-configurationduproduit"></a>

<table data-full-width="true"><thead><tr><th width="200">Parameter</th><th width="294">Custom value</th><th width="113.5" data-type="checkbox">Enforced</th><th>Comments</th></tr></thead><tbody><tr><td>bind</td><td>@IP 127.0.0.1</td><td>false</td><td>Listening address</td></tr><tr><td>timeout</td><td>300</td><td>false</td><td>Close the connection after a client is idle for N seconds (0 to disable)</td></tr><tr><td>logfile</td><td>/var/log/redis/redis-server.log</td><td>true</td><td>Log file path</td></tr><tr><td>supervised</td><td>systemd</td><td>true</td><td>Supervision interaction</td></tr></tbody></table>

If **AOF persistence** is active, the following parameters will be applied:

<table data-full-width="false"><thead><tr><th>Parameter</th><th>Custom value</th><th data-type="checkbox">Enforced</th></tr></thead><tbody><tr><td>appendonly</td><td>yes</td><td>false</td></tr><tr><td>dir</td><td>/var/lib/redis/persistance</td><td>true</td></tr><tr><td>appendfsync</td><td>everysec</td><td>false</td></tr></tbody></table>

if **RDB** is active, the following parameters will be applied:

<table data-full-width="false"><thead><tr><th>Parameter</th><th>Custom value</th><th data-type="checkbox">Enforced</th></tr></thead><tbody><tr><td>save</td><td>3600 1</td><td>false</td></tr><tr><td>save</td><td>300 100</td><td>false</td></tr><tr><td>save</td><td>60 10000</td><td>false</td></tr><tr><td>rdb_compression</td><td>yes</td><td>false</td></tr><tr><td>rdbchecksum</td><td>yes</td><td>false</td></tr><tr><td>dir</td><td>/var/lib/redis/persistance</td><td>true</td></tr></tbody></table>

### Kernel configuration <a href="#redisarchitecture-kernelconfiguration" id="redisarchitecture-kernelconfiguration"></a>

The following kernel parameters have been modified to optimize operating system performance for Redis :

* vm.overcommit\_memory = 1
* vm.swappiness = 1
* net.core.somaxconn = 65535

## Security <a href="#redisarchitecture-securite" id="redisarchitecture-securite"></a>

### Authentification <a href="#redisarchitecture-authentification" id="redisarchitecture-authentification"></a>

The authentication mode used is internal: Redis 6 ACL.

Passwords are hashed with SHA-256 and do not appear in plain text in the ACL file.

### Autorisations <a href="#redisarchitecture-autorisations" id="redisarchitecture-autorisations"></a>

Redis 6 ACLs are used to manage authorizations.

On Sentinel, the dedicated client account has rights to :

{% code overflow="wrap" %}

```
~* &* +@all -@dangerous +ACL|GETUSER +INFO +sentinel|GET-MASTER-ADDR-BY-NAME +sentinel|IS-MASTER-DOWN-BY-ADDR +sentinel|MASTER +sentinel|MASTERS +sentinel|MYID +sentinel|REPLICAS +sentinel|SLAVES +sentinel|SENTINELS
```

{% endcode %}

On Redis, the dedicated customer account has rights to :

{% code overflow="wrap" %}

```
~* &* +@all -@dangerous +ACL|GETUSER +INFO +CONFIG|GET +CONFIG|HELP
```

{% endcode %}

### Secure Transport <a href="#redisarchitecture-transportsecurise" id="redisarchitecture-transportsecurise"></a>

The customer can choose whether or not to activate TLS transport when requesting self-service creation via ITCare.

### Password <a href="#redisarchitecture-motsdepasse" id="redisarchitecture-motsdepasse"></a>

This section describes password management:

<table data-full-width="true"><thead><tr><th width="230.2">Password</th><th width="231" data-type="checkbox">Stored by cegedim.cloud</th><th data-type="checkbox">Stored by customer</th><th width="139" data-type="checkbox">Enforced</th><th>Hash</th></tr></thead><tbody><tr><td>customer account</td><td>false</td><td>true</td><td>false</td><td>SHA-256</td></tr><tr><td>ANY other account</td><td>false</td><td>true</td><td>false</td><td>SHA-256</td></tr><tr><td>cgdm_admin account</td><td>true</td><td>false</td><td>true</td><td>SHA-256</td></tr><tr><td>cgdm_monitor account</td><td>true</td><td>false</td><td>true</td><td>SHA-256</td></tr></tbody></table>

## Monitoring <a href="#redisarchitecture-surveillance" id="redisarchitecture-surveillance"></a>

The following items are monitored and are accessible in ITCare.

<table data-full-width="false"><thead><tr><th width="395">Alerts</th><th>Description</th></tr></thead><tbody><tr><td>DBS_REDIS_CLI_CLIENTS</td><td>Check connected clients count</td></tr><tr><td>DBS_REDIS_CLI_AOF_STATUS</td><td>Check aof status</td></tr><tr><td>DBS_REDIS_CLI_COMMANDS</td><td>Number of commands processed</td></tr><tr><td>DBS_REDIS_CLI_CONNECTIONS</td><td>Number of connections</td></tr><tr><td>DBS_REDIS_CLI_CPU</td><td>CPU usage</td></tr><tr><td>DBS_REDIS_CLI_MEMORY</td><td>Memory usage</td></tr><tr><td>DBS_REDIS_CLI_REPL_REPLICAS_COUNT</td><td>Check replicas count</td></tr><tr><td>DBS_REDIS_CLI_RDB_STATUS</td><td>RDB status</td></tr><tr><td>DBS_REDIS_SENTINEL_MASTER_UP</td><td>Checks the status of the master from Sentinel</td></tr><tr><td>DBS_REDIS_SENTINEL_SLAVES_COUNT</td><td>Check replicas count from Sentinel</td></tr><tr><td>DBS_REDIS_SENTINEL_SENTINELS_COUNT</td><td>Check Sentinelscount</td></tr><tr><td>DBS_REDIS_SENTINEL_QUORUM</td><td>Check quorum status</td></tr><tr><td>TLS_REDIS_CERT_EXPIRATION</td><td>Check Redis certificate expiration</td></tr><tr><td>TLS_SENTINEL_CERT_EXPIRATION</td><td>Check Sentinel certificate expiration</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://academy.cegedim.cloud/databases/redis/redis-features.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.