Upload
kevin-jones
View
485
Download
0
Embed Size (px)
Citation preview
A Little about me
2
• My name is Kevin Jones
• Currently working as Sales Engineer for NGINX, Inc
• Previously worked as an SRE for YP - yellowpages.com
• Experience with production operations, large scale infrastructure and automation
• Enjoy meeting new people, music and learning new technology
Objectives
3
• What is a Distributed System?
• What makes a Distributed System efficient and reliable?
• What are some of the core fundamentals of Distributed Systems and what makes them great characteristics to implement in other areas of your IT infrastructure?
• What qualities does NGINX have that reflect some of these core fundamentals and how can NGINX help strengthen and improve your existing IT infrastructure?
• Q&A
5
• A program… is the code you write.• A process… is what you get when you run it.• A message… is used to communicate between processes.• A packet… is a fragment of a message on a wire.• A protocol… is a formal description of a message and its rules it must follow
in order to exchange those messages.• A network… is the infrastructure that links computers, workstations, terminals
etc together.• A component… can be a process or any piece of hardware required to run a
process.
Lets go back to the basics…
6
Therefore…
• A distributed system… is an application that executes a collection of protocols to coordinate the actions of multiple processes on a network, such that all components cooperate together to perform a single or small set of related tasks.
What Makes a Distributed System Efficient and Reliable?
7
• Scalable• High Performing• Highly Available• Transparent• Open• Secure
It should be…
8
The ability of a system, network, or process, to handle a growing amount of work in a capable manner or its ability to be enlarged to accommodate that growth.
Scalability
9
• Plan for the future• Think about user experience• Start with thinking about SCALE!
Distributed Geometric Availability When Needed
10
• Number of machines• Number of users• Number of tasks• Connections or concurrency
Dealing with the Size of Your Infrastructure
11
• Cost of maintenance• Efficiency of maintenance
Administration and Dealing with Maintenance of Systems
12
Characterized by the amount of useful work accomplished by a computer system compared to the time and resources that are used.
Performance
13
Latency is the state of being latent; delay, a period between the initiation of something and the occurrence.
15
What Are the Characteristics of High Performance?
• Short response time or low latency• High throughput or rate of processing work• Low utilization of computing resources
16
The proportion of time a system is in a functioning condition. If a user cannot access the system, it is said to be down.
Availability
17
• Designing for failure• Identifying weak points• Implementing redundancy
High Availability Is All about Being Fault Tolerant
18
• Network outages across the wire or inside your own private network• Outages of other third party services or dependencies• Anything that is out of control of the designer
Some Things Are out of Your Control
19
Any form of a distributed system should hide its distributed nature from its users, appearingand functioning as a normal centralized system.
Transparency
There Are Many Types of Transparencies in Distributed Systems
20
• Access - one single way to access• Location - no matter where the user is• Migration - physical location• Relocation - moving of resources• Replication - appear as a single resource• Concurrent - competing for resources• Failure - try to hide failure to the user• Persistence - whether volatile or permanent• Security - minimum user intervention
21
This determines whether the system can be extended in various ways without disrupting existing systems or services and be able to easily interact with other open services.
Openness
22
• Conform to well-defined interfaces• Support portability of applications• Easily interoperate with other services
To Keep Your Distributed System Open It Must…
23
The system should authenticate access to data and services,be invulnerable to know threats and follow industry standard security guidelines.
Secureness
24
• Security Audits• Software patching maintenance or vulnerability management• Try to use a security framework• Encryption everywhere• Integrity checking (Auth)• Confidentiality through authorization (Resource Access)• Monitoring of traffic, logins and requests
Common Measures to Help with Security
25
ALL of them!
Which of These Core Fundamentals Can Be Implemented in Other Areas of Your IT infrastructure?
26
Many of these characteristics can be found in NGINX and can even help you strengthen your existing IT infrastructure.
27
Quick Intro to NGINX
• Open source version created in 2004• NGINX, Inc. founded in 2011• 140 million + known instances running
today on the internet• #1 web server of choice on the top 100,000
busiest sites
Igor Sysoev, NGINX creator and founder
29
Scalability
NGINX - Open SourceLayer 7 Software Load Balancer for HTTP(S) / TCPApplication Delivery PlatformAPI Gateway10,000+ Virtual Servers Multi-tenancy
NGINX Plus - CommercialReal Time Activity Monitoring API (status)Dynamic Upstream Reconfiguration API (upstream_conf)
32
Performance
NGINX - Open SourceHigh ThroughputHigh Number of Concurrent Connections (1 Million+)Content Caching at EdgeLow CPU/Memory UtilizationFine Tunable ConfigurationHTTP2!!!
34
Availability
NGINX - Open SourceHA Configurable with keepalived
(IP Syncronization over VRRP)
NGINX Plus - CommercialNGINX HA Package for Easy ConfigurationApplication Aware Health Checks for Upstreams
35
Transparency
NGINX - Open SourceCombined with Global DNS Can Handle
Global Load Balancing (Route53, Google, GoDaddy etc)Reverse Proxy - Single Entry Point
NGINX Plus - CommercialSession Persistence (Cookie, Session, Route)
36
Openness
NGINX - Open SourceOpen Source / Third Party ModulesnginScript - JavaScript Inside NGINX ConfigurationsDynamic Loadable Modules COMING SOON!
NGINX Plus - CommercialSimple HTTP Based APIsAPI with JSON Interface
37
{ "version":6, "nginx_version":"1.9.5", “address”:”127.0.0.1", "generation":12, "load_timestamp":1446285600278, "timestamp":1446705526537, "pid":92676, "processes":{ "respawned":0 }, "connections":{ "accepted":11441510, "dropped":0, "active":4, "idle":30 }, "ssl":{ "handshakes":57921, "handshakes_failed":9497, "session_reuses":11987 },
NGINX Plus Monitoring JSON API
38
Secureness
NGINX - Open SourceAuthentication via auth_request ModuleSSL SupportClient Certificate Based Authentication SupportBandwidth LimitingConnection LimitingAccess Control Lists (ACLs)LDAP SupportReverse Proxy - Easily ACL Backend Resources
NGINX Plus - CommercialNTLM Support
39
Thank you all again for coming!
Twitter @webopsx
Kevin Joneshttp://www.slideshare.net/KevinJones62
Q&A?
40
http://www.aosabook.org/en/distsys.htmlhttp://arxiv.org/pdf/0911.4395v1.pdf http://book.mixu.net/distsys/ http://the-paper-trail.org/blog/distributed-systems-theory-for-the-distributed-systems-engineer/ http://www.fit.vutbr.cz/~rabj/pdie/lecture_1.pdf http://www.cl.cam.ac.uk/~jac22/books/ods/ods/node18.html http://www.hpcs.cs.tsukuba.ac.jp/~tatebe/lecture/h23/dsys/dsd-tutorial.html http://cse.csusb.edu/tongyu/courses/cs660/notes/chap1.php http://www.opengroup.org/cloud/cloud/cloud_iop/cloud_port.htm http://www.toptal.com/security/10-most-common-web-security-vulnerabilities http://arxiv.org/pdf/1211.2032.pdf https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.htmlhttp://nginx.org/en/docs/ http://www.aosabook.org/en/nginx.html https://www.nginx.com/resources/admin-guide/ https://www.nginx.com/blog/nginx-plus-authenticate-users/
References