Quantum Software Architecture Design Course

Written by: Igor Korotach

Section 5

Scalability, Availability, Load Balancing, Caching, Security Strategies

1. Scalability

Types of scalability

  • Horizontal
  • Vertical
  • Hybrid

Horizontal scalability

Vertical scalability

Hybrid scalability

Potential bottlenecks

  • Inefficient algorithms or data structures: If the algorithms or data structures used by the system aren’t optimized for the workload, they might become a bottleneck.
  • Insufficient resources: The system doesn’t have enough resources, such as memory, CPU, or storage, to handle the increased workload.
  • Inefficient use of resources: The system isn’t using its resources efficiently.
  • Inefficient communication between components: The communication between components of the system isn’t efficient.
  • Inefficient use of network resources: The system isn’t using network resources efficiently.

Scaling per architecture

  • Monolith
  • Microservice
  • Pipe and filter
  • Broker based (e.g. pub-sub)
  • Event-driven 
  • Hexagonal
  • Serverless

2. Availability

Availability approaches

  • Redundancy
  • Failover
  • Replication
  • Clustering

Redundancy

Failover

Replication

Clustering

Availability strategies

  • Hardware
  • Data
  • Network

Redundancy

Replication

  • Data
  • File
  • Database

Replication

  • Load balancing
  • Database
  • Failover

3. Load balancing

Software load balancing

  • Web servers (Apache, Ngnix, HAProxy)
  • Database servers (Mongo, Postgres)
  • Virtualized environments (Docker, Kubernetes)

DNS

Domain name servers (DNS) are key components of the internet that translate human-readable domain names (such as “google.com”) into numerical IP addresses that computers use to interact with one another.

How DNS works?

When a user enters a domain name or clicks a hyperlink, the browser sends a request to a DNS server to resolve the domain name to an IP address. The DNS server searches its database for the domain name and delivers the appropriate IP address to the browser. The IP address is then used by the browser to connect to the server that hosts the website or service associated with the domain name

DNS server keeps the database of records

  • A records - domain name -> public IP address (google.com -> 01.102.103.104)
  • AAAA records - domain name -> public IPv6 address (  google.com -> 2001:db8:3333:4444:5555:6666:7777:8888)
  • CNAME records - Canonical name (CNAME) records allow multiple domain names to be mapped to the same IP address (www.google.com to the same IP as google.com)
  • MX records - google.com -> google email service
  • NS records - google.com -> DNS resolver on google.com domain
  • TXT records - google.com -> text data related to domain
  • SRV records - google.com -> XMPP server
  • PTR records - IP to domain reverse lookup

How DNS load balancing works?

Consider a web application that’s hosted on a network of web servers. The domain name “www.example.com” can be connected with the web application. Multiple A records for “www.example.com” can be set on the DNS server, each of which resolves the domain name to a distinct IP address inside the cluster. When a client requests “www.example.com,” the DNS server looks for the domain name and delivers one of the cluster’s IP addresses to the client. The client then connects to the web server at that IP address and sends the request.

How google.com resolves your request?

The schema for google DNS resolution is as follows:

  1. You query the local DNS resolver
  2. Cache check on the address
  3. DNS Resolver asks the Google Authoritative DNS Resolver (8.8.8.8)
  4. Google Authoritative DNS Resolver uses Anycast to provide an ip that could be routed to multiple physical servers based on geolocation/network proximity
  5. Google DNS Resolver provides you one of cluster IPs to connect to

Load Balancing Strategies

Round Robin

Least Connections

Weighted round robin

Least response time

IP Hash

4. Caching

Why do we need caching?

Caching is a crucial factor for the success of any application. It’s the cornerstone of high performance and low latency. With caching in place, an application is able to intercept requests before they reach the database, and respond in a timely manner. This results in faster and more efficient operations. In comparison, an application without caching won’t perform as well because it will have to access the database for each request, leading to slower response times.

Types of caches

  • Web caches (CDNs)
  • Application caches (database, web server)
  • System caches (OS caching, e.g. parts of File System)
  • Browser caches (cache headers)
  • Hardware caches (CPU, RAM levels)

Cache strategies

Cache-aside

Write-through

Write-back

Read-through

5. Security

Authentication

Answers the question 'Who are you?'

An example of authentication is when a user enters their username and password to access a website or an application. The system verifies the entered credentials against the stored data to confirm the user’s identity before allowing them to proceed.

Authorization

Answers the question 'What can you do?'

For example, within a company’s internal software system, certain employees might have authorization to view and edit specific data, while others might only have permission to view it.

OWASP Top 10 2021

Encryption

Encryption is the process of encrypting data in order to prevent unauthorized access or tampering with it. Encryption can be used to protect data while it’s in transit, such as while it’s transmitted over a network, or while it’s at rest, such as when it’s saved on a disc or in a database.

Common Security Threats

  • Malware - is a malicious software that’s created to damage computer systems, steal sensitive information, or gain unauthorized access to a network.
  • Phishing attack - is a type of social engineering attack that aim to trick individuals into divulging sensitive information, such as passwords, social security numbers, and credit card information. 
  • Cross-site scripting (XSS) - attacks are online application vulnerability that allows attackers to insert malicious code into a client side code
  • SQL injection attacks - SQL injection occurs when harmful code is added as user input, causing it to become an SQL query that executes malicious actions once it enters the system.
  • Denial of Service attacks - is a hacking strategy that aims to block or shut down a particular website, network, or online service by bombarding it with a large volume of traffic, requests, or data.

Security testing approaches

  • Vulnerability scanning - automated testing that scans a system or application for known vulnerabilities.
  • Penetration testing (pen testing) - a practice of simulating an attack on a system or application in order to find vulnerabilities or flaws that automated scanners might miss.
  • Security review - a comprehensive manual evaluation of a system or application’s security controls, processes, and practices. Internal security experts or external consultants can conduct the review.
  • Ethical hacking - conducting a hacking bounty program to identify security vulnerabilities by white-hat hackers
  • Posture assessment - a process that involves reviewing an organization’s security policies, procedures, and controls to identify any vulnerabilities or gaps in security.

Next time: Practical lesson 1

Thanks for your attention. You've been awesome!

Questions?

  • Presentation link: https://slides.com/emulebest/architecture-5

Quantum Architecture Course - 5

By Igor Korotach

Quantum Architecture Course - 5

  • 108