The three major causes of website Vulnerabilities

Editor's Note

At on July 22, October 30, tickets for the Beijing Olympic Games were officially launched shortly after the second stage of public sales in China. The traffic volume far exceeded the capacity of the ticket sales system and the ticket sales had to be suspended.

In fact, whether it is the Olympic ticket ordering system, the securities trading system, or the College Entrance Examination scoring system, they share a common feature: When thousands of people enthusiastically welcome forward, however, it is a little slow.

Vulnerability is a common feature of many websites. The reason is also very simple, that is, there are too many people logging on. There seem to be many solutions, but not every website designer can notice them.

This topic introduces some methods and examples to enhance the robustness and reliability of the system from the perspective of Architecture Design and stress testing, hoping to attract the attention of website designers on sudden access.

　　

Too many people are queried, which is a challenge for the Civil Servant Examination website.

On June 23, October 31, Rong Jun, director of the Beijing Olympic Ticketing Center, read a "apology letter from the public buyers in China ". This is the first public apology letter from the organizing committee since the preparation of the Olympic Games.

A large number of accesses are a sign of popularity. If you are happy, you are not able to access your website. In fact, what cannot afford a lot of access is the Olympic ticket booking website. The website for signing up for the Civil Servant Examination and the website for checking scores for the college entrance examination all collapsed due to too many visits. Why are websites so fragile?

Cause 1: inaccurate Demand Analysis

Prescription: comprehensive and accurate survey and analysis of potential users. In particular, strengthening analysis on some special time points is the key to success of demand analysis.

When I heard that my website crashed due to a large number of accesses, the first response of many people was: Didn't I think there were so many visitors when I designed my website? In fact, this is about the analysis of website requirements. The lack of accurate and comprehensive analysis of website access requirements at some special times is the first cause of the crash of many enterprise websites when they encounter sudden and massive access requests.

The performance requirements of websites depend on the volume of traffic they can withstand. Performance requirements measure how fast and reliable the system should operate. When the performance requirement analysis is inaccurate, a large number of sudden access requests may far exceed the system capacity. At the press conference on ticket pre-sale in the second stage of the Beijing Olympic Games, Rong Jun said that based on the foreign ticket sales situation, especially considering China's national conditions, the planned ticket sales webpage is accepted more than 1 million times per hour, bank of China's ticketing outlets, ticketing call centers, and official ticketing websites can process 0.15 million tickets per hour.

Practice has proved that this demand analysis is too conservative. At on July 22, October 30, tickets for the Beijing Olympic Games were officially launched in the second stage of public sales. Soon after, the system access traffic soared. According to Rong Jun, the traffic on the ticket website reaches 8 million requests per hour, exceeding the system's capacity of 1 million requests per hour; in the first hour after the launch, the number of tickets submitted to the ticketing system from various ticketing channels reached 0.2 million, which also exceeded the system's design to sell 0.15 million tickets per hour, resulting in network congestion, if the ticket sales speed is slow or you cannot log on to the system for the time being, the public may not be able to submit a ticket purchase application in time through three ticket sales channels.

How can we make accurate performance requirements and estimate the actual traffic volume during peak hours? Wang lifu, a professor at Peking University, believes that performance requirements are often ignored compared with functional requirements. In fact, performance requirements affect how the system operates quickly and reliably. Performance requirements can often be divided into several sub-categories, such as speed, capacity, reliability, and availability.

According to the demand analysis theory, the source of the demand information is people with interests in system development. Such people are often called risk owners. They include not only the system owner, but also the expected users of the system. Wang lifu believes that for a large website, the difficulty in obtaining performance requirements lies in the difficulty of defining its user concepts, and it is difficult to accurately grasp the behavior patterns and time patterns used by users to access the Internet.

Therefore, when determining the highest Website access peak, some website owners often make an estimation based on their existing experience, or look at other similar websites. This is a typical empirical approach. Other Websites rely only on decisions made by a few people or departments. "Our website has extremely high requirements on reliability. We have to handle 0.1 million visits per hour and process 20 thousand orders per hour," a corporate website administrator may say without reason ." In fact, the scientific approach should be to have a detailed investigation of the Website user's access time and access path. For some key time points, such as the time when the exam scores and other important information are published, booking tickets, and other important online activity start times, a special investigation should be conducted on potential users of the website. After investigation, the requirement analysis personnel can make a relatively accurate estimation of the proportion of potential users to access at this critical time point, and then determine the access Volume Based on the proportion and user scale.

In fact, compared with the Olympic Ticketing System, some websites may have no requirement analysis at all, or only one unqualified requirement analysis. "To improve the reliability of the company's website, we should try our best to meet the needs of more people," said a company website manager ." This may be a reasonable requirement, but not a qualified one. A qualified requirement analysis should be able to be tested. A requirement that can be expressed with certain accurate numbers is a requirement that can be tested.

Cause 2: The process is unreasonable

Prescription: first come, first served, easy to induce users to log on at the same time point. Designers should guide users to distribute registration time, reduce user stay time, and thus reduce system pressure.

In some posts posted by some netizens, some people questioned the first-come-first-served ticket booking mode, believing that the lottery mode can reduce the pressure on the system and meet the principles of fairness. The rationality of this suggestion was affirmed by the organizing committee of the Olympic Games.

On September 16, November 5, the ticket center of the Beijing Organizing Committee announced the adjustment plan for the second-stage sales policy, abandoning the first-come-first-served ticket booking model and using one-time lottery to determine the buyer's qualification.

Unreasonable business process design is the second biggest cause of enterprise website weakness. First come, first served increases the pressure on system processing, but some marketing planners like this method. In the household appliance industry, one of the commonly used promotion methods is the limited quantity sale, first come first served. At present, some websites, when conducting marketing activities, are still playing popular slogans, such as "first 100", in the hope that this will cause a temporary sensation and achieve the purpose of marketing.

If it is only done online, the biggest loss is that the public cannot handle transactions. If it is carried out on the Internet, this first-come, first-served promotion method can easily cause social problems due to insufficient carrying capacity. In the recent sales promotion event of Carrefour in Chongqing, customers gathered outside the door in the morning. As soon as the door was opened, three people were killed and more than 30 people were injured. It seems that when selecting a first-come-first-served marketing method, designers should not only consider the marketing effect, but also the processing capability of the system.

When designing a business process, in addition to guiding users to log on separately, designers should also optimize the user registration and transaction processes, reduce the user's necessary time for a transaction, and reduce the use of system resources by a single user.

The registration or transaction process is not reasonable enough, and a single transaction takes too long, which is the cause of the website crash in the case of a large number of visits. This can be seen from this example. An enterprise's e-commerce website can handle up to 1000 transactions per hour during peak hours. However, due to the complexity of the transaction process, about 200 users need to constantly try to find the correct transaction method, and it takes an hour and a half to complete the transaction. The result is that the 200 users still occupy system resources in the second hour, and the system can only process 800 users in the second hour, thus reducing the processing capability of the system.

On the Internet, the interaction between users and websites is more complex than that between users and sellers. Reducing the processing time of a single transaction is not a simple task. In the past, when a customer walked into a grocery store, he had to pay for the item and take the goods away. Generally, the customer did not worry about giving the money to the shopkeeper, And the shopkeeper did not accept the bill, similarly, the shopkeeper does not worry that the customer will leave without paying for the goods. Such a simple transaction process is much more complex than on the Internet. Despite the difficulty, the optimization process is essential.

In a real transaction, the customer can always interact with the salesman or clerk before the transaction, familiar with the rules such as return and three packets, but this kind of humanized contact does not exist on the network, because customers can only interact with the company's website or trade via email, they are not familiar with the customer's staff on behalf of the company to understand the customer's needs. In such a case, the online transaction process is always very complex to ensure the interests of both parties. Only young people who accept new things quickly are willing to make online transactions without any trouble.

However, whether in the real world or in a virtual network, providing customers with the best experience is essential for enterprise survival. Only by providing a user-friendly transaction process can enterprises establish brand and network loyalty through the website, in order to obtain service and product benefits through the website.

Cause 3: lack of emergency plans

Prescription: emergency measures need to be prepared in advance, not only to lease more servers, but also to develop a feasible plan.

There are always a lot of opportunities in the world that can be turned into reality, so that the last trace of luck is completely shattered. In fact, if it is not terrible, the terrible thing is that the client is not prepared, and the terrible thing is that the client is helpless in the face of an emergency. From the recent crash examples of some websites, when the website encounters a large number of sudden accesses, the website designers did not come up with a set of feasible emergency measures and can only be rescued in a hurry.

When asked about emergency measures, the person in charge of the College Entrance Examination Scoring System of a province was surprised to say: "I only heard that emergency measures are required for emergencies. I didn't hear that such sudden access requests also require emergency measures ."

This opinion represents the thoughts of a large part of people. At present, the emergency research in the field of information system emergency is mainly to resist major disasters and risks such as earthquakes, floods, and wars, the purpose is to restore the fault or paralysis caused by a disaster to a normal running state, and restore the business functions it supports from the abnormal state caused by a disaster to an acceptable state. The emergency measures to deal with sudden access traffic have not yet become a major research topic.

In fact, when a public emergency occurs, the information system will not only suffer from the impact of the emergency, but also encounter a large amount of sudden access. For example, in the case of a City earthquake, 110, 120, and other systems will not only be affected by the earthquake, but also receive several times or even dozens of times more calls than usual. If a large amount of access is not taken into account in the emergency measures, the recovered system may be paralyzed again due to the inability to withstand the load.

When planning online promotions and other activities for a CEN site, appropriate emergency measures should be prepared for some sudden visits. In July March this year, after Tiantie media announced that Li Yuchun would hold a concert at the Beijing Exhibition Hall theater, the ticket's online booking website was once paralyzed by a large number of viewers.

It is worth noting that some enterprises do not regard website and other system crashes as a glorious thing, but are widely publicized as a sign of the popularity of enterprises. In particular, some organizers of commercial marketing activities use the hype of phone calls and websites. Of course, Beijing Olympic Ticketing Center will not do this.

Now, the adjustment scheme for the sale of Olympic tickets to the Chinese public has been introduced, and the ticket booking system is overwhelmed. However, in December 10, the second-order