General architecture notes for the Internet system

Access Layer Session design principles:

1, the session-read and write request uses the context object, called the session.

Business always has a status: the user orders to purchase, login status, friend status, message delivery situation;

These stateful information varies with the user's operation.

Stand-alone environment:

1. There is no session sharing problem;
2. easy to handle;
3. Session is saved in memory;
4. High availability is not guaranteed (process hangs, downtime, session loss is not available).

Cluster Design:

--session Replication:

Synchronize session data between all Access layer servers;

Each access server holds the user's full amount of session data;

Users only need to access a machine, get fast;

High availability: Downtime part of the machine, no impact.

Problem:

--Apply to the Access layer cluster less, not a large amount of thousands of Access layer server;

-A large number of session replication, occupy the server and network resources;

--Storage of the full user session, the memory consumption is too large, and may even overflow;

Large design:

Session bindings:

Load balancer to a specific access layer server based on user requests (Uid\mac\imei, etc.)

Some websites use;

How high availability is guaranteed: Single point of issue, replication mechanism (Master-slave)

Multi-Machine Design:

Client hold session:

--session is generated by the server and stored to the client;

--Each request carries the client session;

--If the server has updates back to the client storage;

C:

--apps: recorded in the native;

b/S:

--web: Recorded in a cookie.

Disadvantages:

WEB cookie Record information size limit (e.g. 100KB);

Each request is transmitted session: Traffic, performance is affected;

The user closes, clears the session, the user request is not normal;

Advantages:

The scheme is simple and supports the seamless scaling of the service side.

High availability of the programme;

more website use;

Session High Availability cluster:

--no State of access layer;

--Unified high-availability session distributed read-write server cluster;

-State separation:

The access layer itself is stateless;

Session Cluster has Status:

Distributed Cache (Nosql-memcached/redis, RDBMS-MYSQL/MONGODB)

Access Layer Security:

The access layer is the client and server interface;

The importance of data security is self-evident;

Ensure data security: Connection channel encryption, transmission data encryption.

Client and server establish secure channel-technical solution:

All request data are encrypted, improve efficiency, use symmetric encryption algorithm;

Symmetric encryption keys are determined by using asymmetric cryptographic algorithms over two times.

The establishment of a secure channel must satisfy:

Any third party cannot forge the server;

In the case of client code, even intercepting other user-sent encryption requests cannot be decrypted.

Using https:

Encryption of data security;

One-way encryption is not recommended, and bidirectional encryption is used (secure)

Client certificate

Data encryption purposes:

Solve the problem of data plaintext;

Even interception can not be decrypted;

Data tampering cannot be guaranteed;

How to ensure data correctness:

Data signature: Both parties agree to a rule signature (md5sum, others)

Process:

1. The client is signed according to the agreement;
2. The server receives the data and generates md5sum values according to the rules;
3. is consistent with the md5sum value in the data packet;
4. The agreement is no problem, the inconsistency means that the change

High-availability access layer best practices:

module and data separation;

Session binding: Synchronous replication of each session;

General architecture notes for the Internet system