General architecture notes for the Internet system

Source: Internet
Author: User

Access Layer Session design principles:

1, the session-read and write request uses the context object, called the session.

Business always has a status: the user orders to purchase, login status, friend status, message delivery situation;

These stateful information varies with the user's operation.

Stand-alone environment:

    1. There is no session sharing problem;
    2. easy to handle;
    3. Session is saved in memory;
    4. High availability is not guaranteed (process hangs, downtime, session loss is not available).

Cluster Design:

--session Replication:

Synchronize session data between all Access layer servers;

Each access server holds the user's full amount of session data;

Users only need to access a machine, get fast;

High availability: Downtime part of the machine, no impact.

Problem:

--Apply to the Access layer cluster less, not a large amount of thousands of Access layer server;

-A large number of session replication, occupy the server and network resources;

--Storage of the full user session, the memory consumption is too large, and may even overflow;

Large design:

Session bindings:

Load balancer to a specific access layer server based on user requests (Uid\mac\imei, etc.)

Some websites use;

How high availability is guaranteed: Single point of issue, replication mechanism (Master-slave)

Multi-Machine Design:

Client hold session:

--session is generated by the server and stored to the client;

--Each request carries the client session;

--If the server has updates back to the client storage;

C:

--apps: recorded in the native;

b/S:

--web: Recorded in a cookie.

Disadvantages:

WEB cookie Record information size limit (e.g. 100KB);

Each request is transmitted session: Traffic, performance is affected;

The user closes, clears the session, the user request is not normal;

Advantages:

The scheme is simple and supports the seamless scaling of the service side.

High availability of the programme;

more website use;

Session High Availability cluster:

--no State of access layer;

--Unified high-availability session distributed read-write server cluster;

-State separation:

The access layer itself is stateless;

Session Cluster has Status:

Distributed Cache (Nosql-memcached/redis, RDBMS-MYSQL/MONGODB)

Access Layer Security:

The access layer is the client and server interface;

The importance of data security is self-evident;

Ensure data security: Connection channel encryption, transmission data encryption.

Client and server establish secure channel-technical solution:

All request data are encrypted, improve efficiency, use symmetric encryption algorithm;

Symmetric encryption keys are determined by using asymmetric cryptographic algorithms over two times.

The establishment of a secure channel must satisfy:

Any third party cannot forge the server;

In the case of client code, even intercepting other user-sent encryption requests cannot be decrypted.

Using https:

Encryption of data security;

One-way encryption is not recommended, and bidirectional encryption is used (secure)

Client certificate

Data encryption purposes:

Solve the problem of data plaintext;

Even interception can not be decrypted;

Data tampering cannot be guaranteed;

How to ensure data correctness:

Data signature: Both parties agree to a rule signature (md5sum, others)

Process:

    1. The client is signed according to the agreement;
    2. The server receives the data and generates md5sum values according to the rules;
    3. is consistent with the md5sum value in the data packet;
    4. The agreement is no problem, the inconsistency means that the change

High-availability access layer best practices:

module and data separation;

Session binding: Synchronous replication of each session;

General architecture notes for the Internet system

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.