Wednesday, June 03, 2009

During Microsoft Teched at Hyderabad, there was a contest for the top architect which I contested.
The following images are of the slides I sent and the text is basically the audio I sent.

High Overview


Microsoft Solutions Architecture


The first slide is a high level overview just for illustration purposes, so I won't delve into that. Let me speak of the Use cases which is in the 2nd slide.Here as I state a user or rather an authenticated user can vote, Mark Self as Candidate, sponsor someone else as candidate, view candidate info and so on. Ialso have another actor Candidate who extends from user and can upload content. I also have a external system who gets data and functionality from the system. To do so it pays to the system which I have assumed is done via a Payment Partner. The system also takes money when a user marks self as candidate and sponsoring another person.This is another assumption i have made.
Now to the solution Architecture, I have proposed a N tier application(in code) with complete seapration of UI, business logic, and data access logic. I follow the business facade pattern and will have a generated Data access layer where every method corresponds to one stored proc. Now one thing people might not like is the site having both a web client and a rich internet client. I like rich internet clients a lot and I think its usage could be a great plus in this site. I have suggested a web client to go with a rich internet app as well as it can then run on mobile browsers and on those browsers which do not have rich internet client framework.The rich internet client as well as the external services can connect directly to service layer to get the data.
Now if we go to the microsoft technology based architecture slide you will see that I have replaced all the technologies spoken earlier with the Microsoft technologies, Rich Internet Client has become Silverlight, the web client app has become ASP.NET MVC ( to mobile enable it , you just need to add the mobile browser definition files).I'm a great believer in software factories and so I have used the web service software factory with WCF in the service and business layer, the ADO.NET entity framework takes up the job of data layer along with data access application block which is heavily being used along with other application blocks in enterprise library cross cutting all layers for exception management, validation, logging, security, etc. I have proposed SQLserver as the dbas we are using .net and Microsoft's SQL client provider is super optimized for SQL Server.MS is supposed to come out with a rich internet client technology for mobile but as it is still in the pipeline( not even a beta release), I would like to first build the ria and even after it is ready if ms does not have the ria client for mobile browsers, I would create the web client, and my experience tells me that it will not require a heavy resource as the business logic has already been created.Finally security in WCF, to connect to silverlight u need to use basic http binding , so the security will have to happen at transport-level, HTTPS, IIS-based auth for the entire application and authentication outside of silverlight, but for b2b scenarios I suggest consider using messagebased brokered authentication with X.509 certificates with certificates the certificate issued by a commercial certificate authority.
Now for the deployment diagram, a little costly but I believe this is the best.
First there is the hardware firewall which will handle DDOS attacks, TCP flood, Malformed Packets efficiently as there is a dedicated processor in Hardware Firewall that handles all the filtering. If i use just Windows firewall and too many malformed requests come in, my Web servers CPU will be too busy saving me from those attacks then doing the real job like running my .NET code.My fire wall connects to a router or switch which has load balancing capability that evenly distributes traffic to my web servers. I had thought of firewalls with load balancing capabilities built in and with enough NIC to connect all my web servers but finally decided on the present architecture as i feel every device should do its own wotk and also this is perfect if the site is a hit and requires scaling up. I have seen many networks and web sites which have gone down for hours even a day because they did not have a backup, so I suggest each device should have a backup. So if the firewall goes down or has to be patched up, my backup can do its work.Note, the physical architecture is two-tier,the decision to have two tier architecture is due to speed. Since we don't store super critical information, we don't need to worry about Security as much as we would do if we were building a financial application.The servers should always run 64 bit windows as otherwise you cannot fully utilize the 4 GB RAM or more than that.The 64bit version of .NET framework is stable enough to run heavy duty applications. Some people have had bad experience running 64bit Windows on their personal computers, but 64bit servers are pretty solid nowadays. Web server layer contains three web servers in load balanced mode. Each web server hosts the exact the same copy of the code and other artifacts of the application that we have.Also our main users are coming from RIA and external systems which are any way going to be connected to the service layer but even if we only had a web client application, I would still do the same as a separate application layer has been proven to be a bad practice for high performance websites particularly the ones developed using ms technologies.even if you say that the webserver has no idea of the sql server,in modern applications, almost all operations are exposed via services. There's very little ad-hoc SQL query. So, this means, if someone can compromise the web tier, all the service methods are exposed to hacker and calling those service methods are not more complicated than calling SQL Server. IIS generates humoungous sizes of logs, and also we have the application logs been genrated by logging application block, my suggestion is to keep a large amount of space in the drive where the app is located as might need to store several weeks worth of IIS logs incase our internal systems to move those logs to somewhere else for reporting gets broken.
Now the webservers are also connected to the internal router. the db servers sit behind it. I know that some people would say that a firewall is required to keep the webservers in dmz but my exp is that this firewall becomes a bottleneck for all traffic between web and database servers. What I do is use a router and open only port 1433 to pass anything through the router from a web server to any DB server.I have been told by many security experts that if you can hack and get the web.config,everything else whether dmz or anything else is of no use.I have suggested windows clustering witha active /passive cluster but if the site scales up, we can make it 2 active /passive cluster. I have also suggested SAN for the main db data as windows clustering needs it(very costly i know, but if the site is big just worth it) but only local raids for backups and reporting data. Finally I have suggested MDFs and LDfs kept in spearate disks with RAID10 for storing MDFs where the read data is normally kept and RAID1 for LDFs which contain the high write scenarios.