Web Infrastructure Design Headlights
0x09. Web infrastructure design - DevOps - SysAdmin - web infrastructure
Servers:
A computer or a system that provides services, resources, or functionalities to other computers, known as clients, over a network.
Servers are designed to handle specific tasks or functions, and they respond to requests from clients by providing the requested resources or services. Servers play a crucial role in various technology-related applications and services. Here are a few key points about servers:
1. **Resource Provider:** Servers are dedicated computers or software systems that are optimized to deliver specific resources or services to clients. These resources could include websites, files, databases, applications, email services, and more.
2. **Client-Server Model:** The interaction between servers and clients follows the client-server model. Clients request services or resources, and servers fulfill those requests. This model enables efficient distribution of tasks and resources across a network.
3. **Dedicated Functionality:** Different types of servers are designed for specific functions. For instance, web servers (like Nginx or Apache) serve web pages, application servers process application logic, database servers (like MySQL or PostgreSQL) manage databases, and email servers handle email communication.
4. **Persistence:** Servers typically operate continuously (24/7) to ensure that the services they provide are always available. This is in contrast to clients, which connect to servers on an as-needed basis.
5. **Scalability:** Depending on the workload and demand, servers can be scaled up (by adding more resources to a single server) or out (by adding more servers to a network) to handle increased traffic and service demands.
**Examples:**
Common types of servers include web servers, application servers, file servers, database servers, DNS servers, proxy servers, and mail servers.
In the context of web infrastructure, the server is the computer responsible for hosting your website's files, running the necessary software (like the LAMP stack), and serving the content to users who request it through their web browsers.
DNS Records:
The DNS record type typically associated with the "www" subdomain in a domain like "www.foobar.com" is a CNAME (Canonical Name) record. CNAME records are used to alias one domain name to another. In this case, the "www" subdomain is often set up as a CNAME record that points to the root domain, indicating that both "www.foobar.com" and "example.com" should resolve to the same IP address.
Here's how it would look in a DNS configuration:
- Type: CNAME
- Name: www
- Value: example.com
This configuration ensures that when users type either "www.example.com" or "example.com" into their browser, they are directed to the same web server (represented by the IP address 8.8.8.8 for example) to access the website.
Web Servers:
The primary role of a web server is to receive incoming requests for web pages or resources and respond by delivering the requested content. Here are the key roles and functions of a web server:
Request Handling: When a user enters a URL in their web browser or clicks a link, a request is sent to the web server associated with that URL. The web server receives and processes this request.
Routing and URL Mapping: The web server determines which resource or content the user is requesting based on the URL provided. It may involve mapping URLs to specific files or application routes.
Static Content Delivery: Web servers efficiently serve static content such as HTML files, images, CSS stylesheets, JavaScript files, and downloadable files directly to the user's browser.
Load Balancing: In more complex setups, web servers can be configured to distribute incoming requests among multiple servers, a configuration known as load balancing. This helps ensure the distribution of traffic and prevents overload on a single server.
Reverse Proxy: Web servers can act as reverse proxies, forwarding requests to application servers or other resources based on specific rules or conditions. This allows for better security, performance optimization, and request management.
SSL/TLS Termination: Web servers often handle Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption and decryption, which ensures secure communication between the user's browser and the server.
Caching: Web servers can implement caching mechanisms to store frequently accessed content temporarily. This reduces the need to repeatedly fetch the same content from the application or database server, improving performance.
Security Measures: Web servers provide security features such as access control, authentication, and protection against common web vulnerabilities like cross-site scripting (XSS) and SQL injection.
Error Handling: When errors occur during the processing of requests, such as "404 Not Found" or "500 Internal Server Error," the web server generates appropriate error messages to inform users and developers about the issue.
Application Server:
Responsible for executing the dynamic processing and business logic required to generate and serve dynamic web pages to users.
While the web server handles the delivery of static content, the application server manages the more complex tasks of processing data, interacting with databases, and generating dynamic responses.
Here are the key roles and functions of an application server:
Dynamic Content Generation: The application server is responsible for generating dynamic content based on user requests.
Database Communication: The application server interacts with the database server to retrieve, update, and store data. It translates high-level application requests into queries that the database can understand and execute.
SPOF:
"SPOF" stands for "Single Point of Failure." It refers to a component within a system or infrastructure that, if it fails, can bring the entire system or a significant portion of it to a halt. A single point of failure is a vulnerability because it lacks redundancy or failover mechanisms, making the system susceptible to downtime, data loss, or degraded performance.
Redundancy in the context of technology and systems refers to the duplication or inclusion of additional components, resources, or systems within an infrastructure to provide backup and ensure continued functionality in case of failures or problems.
Here's why SPOFs are a concern:
Downtime: If a critical component experiences a failure and there's no backup or redundancy in place, the entire system can become unavailable until the issue is resolved.
Data Loss: Without redundancy, data might not be replicated or backed up, leading to potential data loss if the primary component fails.
Performance Degradation: Even if a component doesn't completely fail, a performance issue can impact the overall system's performance. If that component is critical, it can lead to sluggishness or timeouts.
Resilience and Reliability: Redundancy and failover mechanisms ensure that the system can continue functioning even when a component fails. A lack of these measures reduces the system's resilience and reliability.
Scalability and Load Balancing: SPOFs can hinder scalability efforts. For instance, if a single database server handles all write operations, it might not handle increased load effectively.
Risk Mitigation: Systems designed to eliminate SPOFs are better equipped to handle unexpected failures, ensuring better risk mitigation and disaster recovery.
Examples of potential SPOFs include a single server handling critical functions, a network switch without a backup, a primary database without replicas, or a sole power source for a data center.
To mitigate the risks posed by SPOFs, it's important to implement redundancy, failover mechanisms, load balancing, and other strategies to ensure that the failure of one component doesn't disrupt the entire system.
How to guard against SPOF?
A few concepts related to redundancy and avoiding Single Points of Failure (SPOFs):
1. **Network Load Balancing:**
- Network Load Balancing involves distributing incoming network traffic across multiple servers to ensure even distribution of workloads and prevent overloading a single server. If one server becomes unavailable, traffic is automatically directed to the remaining healthy servers, avoiding downtime and ensuring continuous service availability.
2. **Database Replication: Creating Copies (Replicas):**
- Database Replication is the process of creating and maintaining multiple copies (replicas) of a database. These replicas are typically located on separate servers or locations. Replication serves multiple purposes, including improved data availability, data backup, and load distribution. If the primary database server fails, one of the replicas can take over, minimizing disruption.
3. **Power Supplies as Means to Avoid SPOF:**
- Having redundant power supplies is a common practice to avoid a Single Point of Failure (SPOF) in critical systems. Servers and networking equipment often have dual power supplies. If one power supply fails, the other one can continue providing power, ensuring uninterrupted operation.
All these concepts highlight the importance of redundancy in various aspects of system design to ensure high availability, fault tolerance, and reliability
Distributed Web Infrastructure:
A distributed web infrastructure is like a team of computers working together to make websites and apps faster and more reliable. Imagine you have a big project, and instead of doing all the work by yourself, you have a group of friends helping you out. They share the tasks, making things quicker and less likely to fail.
A distributed web infrastructure refers to a network architecture where computational tasks and resources are dispersed across multiple interconnected nodes or servers rather than being centralized on a single machine.
In scientific terms, a distributed web infrastructure can be understood through the lens of distributed systems theory, which encompasses various concepts such as:
Decentralization: In a distributed setup, there's no central point of control. Instead, computational nodes collaborate autonomously, contributing to the collective processing power and resource pool.
Parallelism and Concurrency: Distributed systems leverage parallelism, where tasks are divided into smaller subtasks that can be executed concurrently on different nodes. This parallel execution accelerates processing and reduces latency.
Scalability: By adding more nodes to the network, a distributed system can scale horizontally, accommodating increasing workloads without overburdening any single component.
Redundancy and Fault Tolerance: Distributed systems are inherently fault-tolerant due to redundancy. If a node fails, another can take over, ensuring continuous service availability. This concept parallels the biological concept of redundancy in ecosystems.
Database Primary-Replica (Master-Slave) Cluster:
How It Works:
Primary Node (Master): The primary node handles all write operations and serves as the authoritative source of data. It receives and processes write requests from the application, updates its own database, and then replicates those changes to the replica nodes.
Replica Nodes (Slaves): Replica nodes replicate data from the primary node. They are read-only and handle read queries from the application. Replication is asynchronous, and the replica nodes maintain a copy of the primary node's data.
Difference Between Primary Node and Replica Node in Regard to the Application:
Primary Node: Handles write operations, updates data in real-time, and is responsible for maintaining data consistency. It's crucial for ensuring data integrity and acts as the source of truth.
Replica Nodes: Serve read operations, distributing the read traffic and offloading the primary node
Load Balancers Distribution Algorithms:
Round Robin:
In this simple algorithm, the load balancer forwards each incoming request to the next server in line.
It cycles through the list of available servers in a circular manner.
Round Robin is easy to implement but doesn't consider server load or capacity, potentially leading to uneven distribution.
Weighted Round Robin:
Servers are assigned weights based on their capacities or performance levels.
Requests are distributed proportionally to server weights.
This allows administrators to give more traffic to powerful servers and less to weaker ones.
Random:
Requests are randomly assigned to available servers.
While simple, this algorithm doesn't consider server load, which can lead to uneven distribution and performance issues.
4. Adaptive:
This algorithm adjusts the distribution of requests based on real-time server performance and load.
Servers' performance metrics are continuously monitored, and the load balancer makes decisions dynamically to optimize distribution.
An Active-Active setup and an Active-Passive setups
Two different configurations commonly used in load balancing scenarios. Let's explore the differences between these two setups:
Active-Active Setup:
In an Active-Active setup, all the servers in the load balancing pool actively participate in processing incoming requests. This means that multiple servers are simultaneously handling user traffic, sharing the load among them. This setup aims to maximize resource utilization and overall system performance.
Advantages:
Efficient resource utilization: All servers are actively working, distributing the load evenly.
Scalability: It's easier to scale horizontally by adding more servers to the pool.
High availability: If one server fails, the remaining servers continue to handle traffic.
Disadvantages:
Complexity: Managing synchronization of data and maintaining consistency across active servers can be complex.
Increased cost: Running and maintaining multiple active servers can incur higher operational costs.
Active-Passive Setup:
In an Active-Passive setup, one server (or a subset of servers) actively handles incoming requests, while the other servers remain passive and do not participate in processing user traffic. The passive servers are typically in a standby state and only become active if the primary (active) server fails.
Secured and monitored web infrastructure:
1. Firewalls
Firewalls act as a barrier between trusted and untrusted networks, enforcing security policies to allow or block specific types of traffic based on predefined rules.
Firewalls play a crucial role in network security by:
Preventing unauthorized access: Firewalls block incoming traffic from sources that are not explicitly allowed, reducing the risk of external attacks.
Filtering malicious content: They inspect data packets for known threats and malicious patterns, blocking potentially harmful content.
Protecting against DoS attacks: Firewalls can mitigate Distributed Denial of Service (DDoS) attacks by filtering out excessive traffic.
SSL Certificate:
An SSL (Secure Sockets Layer) certificate is a digital certificate that establishes an encrypted connection between a web server and a user's browser. It ensures that the data exchanged between the two remains confidential and cannot be intercepted or tampered with by malicious actors.
Role of SSL Certificate: SSL certificates serve several critical roles in web security:
Encryption: SSL encrypts data transmitted between the user's browser and the web server, preventing eavesdropping and data theft.
Data Integrity: SSL ensures that the data sent and received is not altered or tampered with during transmission.
Authentication: SSL certificates verify the identity of the website, assuring users that they are communicating with the genuine site.
What is SSL termination?
SSL termination refers to the process of decrypting encrypted incoming traffic (usually HTTPS) at a network device, such as a load balancer or a reverse proxy, and then forwarding the decrypted traffic to the backend servers. In other words, SSL termination involves removing the SSL encryption layer from the incoming requests before passing them to the internal servers that host the web application.
Here's how the SSL termination process works:
Encryption at the Client: When a user's browser sends a request to a web server using HTTPS, the data is encrypted using SSL/TLS protocols to ensure secure transmission.
Arrival at the Load Balancer or Proxy: The encrypted request reaches the load balancer or reverse proxy. This network device is responsible for distributing incoming requests to multiple backend servers to balance the load and improve performance.
SSL Termination: At this point, the load balancer or proxy decrypts the incoming encrypted traffic using its SSL certificate. This involves using the private key associated with the SSL certificate to decrypt the data.
Decrypted Traffic: Once the traffic is decrypted, the load balancer can inspect the contents of the request, apply security policies, and perform load balancing based on the content or the destination server.
Forwarding to Backend Servers: The load balancer or proxy forwards the decrypted request to one of the backend servers for further processing.
Response Handling: The backend server processes the request, generates a response, and sends it back to the load balancer.
This has a potential issues:
Terminating SSL at the load balancer level means that incoming encrypted HTTPS traffic is decrypted at the load balancer, and then forwarded to the backend servers as unencrypted HTTP traffic. This has a potential issue:
Lack of End-to-End Encryption: The data between the load balancer and backend servers is transmitted in plain text, which can expose sensitive information to potential eavesdropping or interception.
Monitoring :
What Monitoring Is Used For: Monitoring is used to continuously observe and assess the performance, availability, and security of various components within a system or infrastructure. It involves collecting data, analyzing it, and generating insights to ensure that the system operates optimally, meets user expectations,
Monitoring Clients (Data Collector for Sumo Logic or Other Monitoring Services):
Monitoring clients collect data about your infrastructure's performance, health, and security. This data is sent to monitoring services like Sumo Logic for analysis.
Importance: Monitoring helps identify issues, anomalies, and potential threats, allowing you to take proactive measures and maintain high availability.
Data Collection: They collect logs, metrics, and performance data from various components, such as servers, applications, and network devices.
Data Forwarding: Collected data is sent securely to external monitoring services for analysis and storage.
Real-time Analysis: Monitoring services process the data to provide insights into the health, performance, and security of your infrastructure.
Alerting: Monitoring clients trigger alerts based on predefined thresholds, notifying administrators about anomalies or critical issues.
Monitoring Web Server QPS (Queries Per Second):
Queries Per Second." It refers to the number of queries or requests that the web server receives and processes in one second. These queries can include various types of requests, such as HTTP requests for web pages, API calls, database queries, or any interaction with the server that requires processing and a response. Monitoring QPS helps assess the server's load, performance, and capacity to handle incoming traffic effectively.
See Part 1…:
This is a very comprehensive text. I love it.
But I believe adding some diagrams to exemplify load balancing and setting up the architecture can facilitated understanding.
Keep doing it Shaza! We are proud of you! :)