Infrastructure Flow

how traffic & control signals connect · OVH Sydney + OVH BHS · 2026-04-27
Public HTTPS Database (TLS) SMTP Ops · monitoring External probes Backups Control plane
Edge
DNS / Status
Management & Monitoring
Hypervisors
VMs
Backup
public users 🌐 Internet Visitors hitting customer websites and the Sitecove control panel.
DNS · WAF · proxy Cloudflare Authoritative DNS, TLS termination, WAF and DDoS protection for all zones. sitecove.com + 32 zones
authoritative DNS · AWS EC2 ns1.sitecove.com Primary authoritative nameserver — EC2 instance running cPanel PowerDNS. AWS EC2 · PowerDNS
authoritative DNS · AWS EC2 ns2.sitecove.com Secondary authoritative nameserver — EC2 instance running cPanel PowerDNS for redundancy. AWS EC2 · PowerDNS
third-party · manages all VMs VMmanager Provisions, snapshots and lifecycles every VM across the hypervisor cluster. platform.sitecove.com · cluster sitecove-01
metrics · dashboards Monitor Grafana instance — dashboards and metrics for the whole stack. 51.161.195.193 · Grafana
AIOps HQ · inference Hermes Intelligence Automation brain & local model host — orchestrates ops loops and serves LLM/vision inference. 51.161.195.195 · 51.161.195.196 · Alma 10
alert sinks ClickUp + ntfy Where AIOps drops tasks and pushes incident notifications to humans. [AIOps] tasks · push
independent · OVH BHS OneUptime External uptime & latency probes; powers the public status page. 51.79.25.43 · status.sitecove.com
hypervisor · KVM ovh-syd03-aus01 Primary KVM hypervisor — hosts cpanel, db replica and smtp VMs. 51.161.218.254 · EPYC 12c · 128 GB
hypervisor · KVM ovh-syd03-db01 Secondary hypervisor — hosts the DB primary VM. Pending Alma 9.7 upgrade. 51.161.216.71 · EPYC 6c · 32 GB
planned · hypervisor ovh-syd-db02 Planned third hypervisor — will host a separate database node for HA. tbd · planned
customer host · VM on aus01 cpanel-aus-01 Shared hosting node — WHM/cPanel + Imunify360 serving customer sites. 51.161.195.192 · WHM/cPanel
DB primary · VM on db01 database-aus-01 Percona MySQL primary — authoritative store for cPanel and app data. 51.161.202.240 · Percona 8.0
read replica · VM on aus01 database-aus-02 Read replica of database-aus-01; offloads heavy read queries and reports. 51.161.195.197 · Alma 8.9
outbound mail · VM SMTP Stalwart mail relay — handles outbound mail from cPanel and system alerts. 51.161.195.194 · Stalwart Mail
offsite · object storage Backblaze B2 Offsite backup target — receives WHM account backups and DB dumps. WHM backups · DB dumps
← scroll horizontally →
Glossary — what's what click to expand
Authoritative DNS
Nameservers that hold the source-of-truth DNS records for our zones (ns1/ns2 — two EC2 instances running cPanel PowerDNS). Cloudflare proxies them at the edge.
Cluster
Two or more nodes acting as one logical unit. The database cluster replicates data between db-aus-01 and db-aus-02 so reads can scale and one node can fail without downtime.
Ghost / Planned
Dotted, translucent boxes represent infrastructure that is planned but not yet provisioned (e.g. ovh-syd-db02).
Hypervisor
Bare-metal host that runs virtual machines. KVM here — each VM gets a slice of CPU, RAM and disk on the physical box.
Offsite Backup
Backups stored in a different provider/region (Backblaze B2) so a full OVH outage or compromise can't take both primary and backup data.
SMTP Relay
Outbound mail server (Stalwart) that takes mail from cPanel and system alerts and delivers it to recipient mailbox providers.
Tailscale Mesh
Encrypted private network (WireGuard-based) that lets every internal node reach every other internal node directly, without exposing ports to the public internet.
VM (Virtual Machine)
An isolated guest OS running on a hypervisor. Our cPanel, database and SMTP services each live in their own VM.
VMmanager
External control plane that provisions, snapshots and lifecycles VMs across the hypervisor fleet via the KVM API.
WHM / cPanel
Shared hosting control panel — manages customer accounts, websites, mail and DNS on the cpanel-aus-01 VM.