high availability website architecture 877-2inflow
TRANSCRIPT
High Availability Website Architecture
877-2INFLOWwww.inflow.com
Agenda• Introduction• Example ASP implementations• Why build redundancy?• Site components• Proof of concept phase• Adding redundancy layer-by-layer• Typical Endpoint• Global Site Load Balancing (GSLB)
Introduction
• Who is Inflow?– Inflow is a leading provider of carrier-neutral datacenter
and outsourced IT services– 13 datacenter locations across the U.S – ISO9001:2000 Certified– Services:
• Colocation and Application Hosting• Business Continuity/Disaster Recovery• IT Consulting
Sample Customers
has acquired thehas divested its
ConfidentialSeptember 2001
has been acquired by
$34,500,000July 2002
has divested ItsSpeech Solutions Business
to
San Diego, Phoenix IDCs
Application HostingBusiness Continuity
Customer
Philadelphia IDC
Application HostingBusiness Continuity
Customer
Denver IDC
Application Hosting Customer
Denver IDC
Application Hosting Customer
Phoenix IDC
Application HostingBusiness Continuity
Customer
Austin IDC
Application Hosting Customer
Portland IDC
Application Hosting Customer
Minneapolis IDC
Enterprise Data Center Mgt Customer
Denver IDC
Business Continuity Customer
Minneapolis IDC
Application Hosting Customer
Nashville IDC
Enterprise Data Center Mgt Customer
Local Customers
Example ASP implementations• Logistics ASP
– Schedules and tracks shipments– Rating estimates– Load and route optimization
• Construction Project Management ASP– Scheduling, planning, status and reporting
• Maintenance ASP– Tracks costs, PM events– Reporting– Alerting
Why build redundancy?
• Clinical disasters are more frequent than catastrophic disasters
• Examples:– User headspace error– Fat finger of death– Hardware (hard disk drive) failure– Plumbing issue above server room– Power issues– Network outages
Components
• Utility Services• Network equipment• Database layer• Application layer• Web layer
Component - Utility Services
• Internet Service Provider(s) who provide “ping”
• Power– Internal redundancy via generator and
UPS
• Competitive Local Exchange Carriers (CLECs) who provide “pipes”
Power Redundancy• Phase synching generators is expensive and
complex– Use a split block approach – redundant engines
powering a single generator• UPS provides power for 5-10 seconds while
generator comes online• Manage phases
– Evenly load phases – use ampmeter to meter– Breakers should trip at 80% of rating– Manage sustained load on redundant power
supplies at <40% of rating
Component - Network equipment• Routers (including CSU/DSUs)
– Border Gateway Protocol 4 (BGP4) is the standard edge routing protocol
– Cisco routers use Hot Spare Router Protocol (HSRP)– Other vendors use Virtual Router Redundancy Protocol
(VRRP)• Firewall(s)
– Plan to add redundancy during your early stages– See www.icsalab.net for a list of lab reports on firewalls
• Switches– Multiple VLANs on redundant Switches can be trunked
together on a single port (or set of ports) using IEEE802.1q or ISL (Cisco-proprietary) trunking
• Network Interface Cards– NICs can be “teamed” for redundancy
Component - Database layer• Storage intensive
• Most difficult and expensive to:– Make redundant– Backup– Modify, upgrade and/or change
• Examples:– IBM DB2– Oracle– MySQL– PostgreSQL
Component - Application layer
• Processes business logic• Assembles data for publication to
weblayer• Examples:
– ATG Dynamo– BEA Weblogic– IBM Websphere (Network Deploy)
Component - Web Layer
• Publication engine• Examples:
– Apache– Netscape Enterprise Server– IBM HTTP Server– Sun IPlanet
Proof of Concept Phase
Proof of Concept Phase• Typically “garage built”• Redundancy isn’t key• Getting the site working, tuned out
and ready to launch is key• Typically not acceptable for bet-the-
bank applications
Network Redundancy
Network Redundancy
• Multiple ISPs– Use Border Gateway Protocol 4 (BGP4) for
route determination
• Multiple CLECs– Difficult to get Type I (eg: not resold Verizon)
circuits– Difficult to get onto redundant SONET rings
• Multiple routers• Redundant switching
Web Layer Redundancy
Web Layer Redundancy• Easiest layer to make redundant• Horizontally scalable• Usually start making all components
redundant– Firewall– Layer 2 Switching– Local Server Load Balancers (LSLB)
LSLB Terms and Concepts• Virtual Router Redundancy Protocol (VRRP)• Virtual IP Address (VIP) – What the world sees• Real IP Address (RIP) – Each of the load balanced servers• Least Connections – Ability of LSLB to dish out sessions to
the RIP with least number of active connections• Stickiness or Persistance – Sticking a client to the same
Webserver through the entire session• SSL Acceleration• LSLB does constant health checks of servers and will
automatically pass new connections to survivors• LSLB strips the requesting client IP and replaces it with its
own IP when sending to the Webserver.
Challenges to Persistance
• Meta Proxy Servers that frequently change source IP– AOL– MSN
• LSLB can’t read a cookie in an encrypted payload of an SSL packet
• Short SSL Session ID Timer (IE 5+)
SSL Acceleration
• Add-on feature– Saves labor by not having to admin so many Webservers,
certificates, etc– Cures Stickiness/Persistance issues by decrypting the payload
and allowing use of cookies that the LSLB can read• Client sends https request to VIP• LSLB passes to Accelerator• Accelerator decrypts and passes back to LSLB in http• LSLB reads payload (cookie) and passes to appropriate RIP• RIP responses to request through LSLB• LSLB passes to Accelerator for encryption• Accelerator encrypts and passes back to LSLB in https• LSLB responds to requesting client in https
Application Layer Redundancy
Application Layer Redundancy
• Usually accomplished through software– Have to buy additional licensing
• Might also be accomplished through LSLB– App servers can become RIPs– Webservers are the clients
• Choose carefully– Is the app server J2EE compliant? (May not be very
portable)– How is it licensed? (Could get expensive later)– Does it provide session state to the webservers?
(Session state could make LSLB easier)
Database Layer Redundancy
Database Layer Redundancy
• Requires OS support– Red Hat Cluster Suite on Enterprise Linux AS or ES– Veritas Cluster Server on RH Enterprise Linux AS or ES– MS Cluster Services – part of Enterprise Server 2003
• Shared Storage– Shared LUN for the Quorum– LUN for data– Direct Attached SCSI limits to two (2) nodes– Fiber Channel SAN allows more nodes depending on
implementation• Hint: Get a FC fabric• Hint: make a dual path to take advantage of both SPs
• Heartbeat between servers – hint: make redundant
Typical endpoint
Global Site Load Balancing (GSLB)• Can be done on LSLB hardware
• Content Distribution Network (CDN) Providers are a better solution– Akamai– Speedera
• CNAME your site to CDN provider• Can weight traffic between sites• Latency due to physical factors (eg: speed of
light) dictates that synchronous hot sites be within 60 miles of each other
Reference Sites• BEA Supported Platforms: http://edocs.bea.com/platform/docs81/support/supp_plat.html• ATG Supported Platforms: http://www.atg.com/en/products/requirements/atg_62.jhtml• IBM Websphere Supported Platforms:
http://www-106.ibm.com/developerworks/websphere/downloads/WASsupport.html• IBM Websphere Application Server Network Deployment
http://www-306.ibm.com/software/webservers/appserv/was/network/• IBM DB2: http://www14.software.ibm.com/webapp/download/search.jsp?rs=db2pde• IBM HTTP Server: http://www-306.ibm.com/software/webservers/httpservers/• Red Hat Cluster Suite: http://www.redhat.com/software/rha/cluster/• Red Hat Enterprise Linux: http://www.redhat.com/software/rhel/• Sun Java System Web Server: http://wwws.sun.com/software/products/web_srvr/datasheet.html• Alteon Websystems: http://www.nortelnetworks.com/products/01/alteon/index.html• Veritas Cluster Server: http://www.veritas.com/Products/www?c=product&refId=20• Oracle on Linux: http://www.oracle.com/technologies/linux/• Netscape Enterprise Servers: http://enterprise.netscape.com/• eWeek article on MySQL Clustering http://www.eweek.com/article2/0,1759,1565415,00.asp