Software

59 pages
35 views

Cloud Design Patterns

of 59
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Share
Description
At Ottawa .NET User Group I had a talk on Cloud Design Patterns, External Config Pattern, Cache Aside, Federated Identity Pattern, Valet Key Pattern, Gatekeeper Pattern and the Circuit Breaker Pattern. These patterns depicts common problems in designing cloud-hosted applications and design patterns that offer guidance.
Transcript
  • 1. TaswarBhatti
  • 2. Agenda • What are Patterns? • The External Configuration Pattern • The Cache Aside Pattern • The Federated Identity Pattern • The Valet Key Pattern • The Gatekeeper Pattern • The Circuit Breaker Pattern • Questions
  • 3. What are Patterns? • General reusable solution to a recurring problem • A template on how to solve a problem • Best practices • Patterns allow developers communicate with each other in well known and understand names for software interactions.
  • 4. External Configuration Pattern
  • 5. External Configuration Pattern • Helps move configuration information out of the application deployment • This pattern can provide for easier management and control of configuration data • For sharing configuration data across applications and other application instances
  • 6. Typical Application
  • 7. Storing Configuration in file
  • 8. Multiple application
  • 9. Problems • Configuration becomes part of deployment • Multiple applications share the same configuration • Hard to have access control over the configuration
  • 10. External Configuration Pattern
  • 11. When to use the pattern • When you have shared configuration, multiple application • You want to manage configuration centrally by DevOps • Provide audit for each configuration
  • 12. When not to use • When you only have a single application there is no need to use this pattern it will make things more complex
  • 13. Cloud Solution Offerings • Azure Key Vault • Vault by Hashicorp • AWS KMS • Keywhiz
  • 14. Cache Aside Pattern
  • 15. Cache Aside Pattern • Load data on demand into a cache from datastore • Helps improve performance • Helps in maintain consistency between data held in the cache and data in the underlying data store.
  • 16. Typical Application
  • 17. Cache Aside Pattern
  • 18. When to use the pattern • Resource demand is unpredictable. • This pattern enables applications to load data on demand • It makes no assumptions about which data an application will require in advance
  • 19. When not to use • Don’t use it for data that changes very often
  • 20. Things to consider • Sometimes data can be changed from outside process • Have an expiry for the data in cache • When update of data, invalidate the cache before updating the data in database • Pre populate the data if possible
  • 21. Cloud Offerings • Redis (Azure and AWS) • Memcache • Hazelcast • Elastic Cache (AWS)
  • 22. Federated Identity Pattern
  • 23. Federated Identity Pattern • Delegate authentication to an external identity provider. • Simplify development, minimize the requirement for user administration • Improve the user experience of the application • Centralized providing MFA for user authentication
  • 24. Typical Application
  • 25. Problem
  • 26. Problem • Complex development and maintenance (Duplicated code) • MFA is not an easy thing • User administration is a pain with access control • Hard to keep system secure • No single sign on (SSO) everyone needs to login again to different systems
  • 27. Federated Identity Pattern
  • 28. When to use • When you have multiple applications and want to provide SSO for applications • Federated identity with multiple partners • Federated identity in SAAS application
  • 29. When not to use it • You already have a single application and have custom code that allows you to login
  • 30. Things to consider • The identity Server needs to be highly available • Single point of failure, must have HA • RBAC, identity server usually does not have authorization information • Claims and scope within the security auth token
  • 31. Cloud Offerings • Azure AD • Gemalto STA and SAS • Amazon IAM • GCP Cloud IAM
  • 32. Valet Key Pattern
  • 33. Valet Key Pattern • Use a token that provides clients with restricted direct access to a specific resource • Provide offload data transfer from the application • Minimize cost and maximize scalability and performance
  • 34. Typical Application
  • 35. Problem
  • 36. Valet Key Pattern
  • 37. When to use it • The application has limited resources • To minimize operational cost • Many interaction with external resources (upload, download) • When the data is stored in a remote data store or a different datacenter
  • 38. When not to use it • When you need to transform the data before upload or download
  • 39. Cloud Offerings • Azure Blob Storage • Amazon S3 • GCP Cloud Storage
  • 40. Gatekeeper Pattern
  • 41. Gatekeeper Pattern • Using a dedicated host instance that acts as a broker between clients and services • Protect applications and services • Validates and sanitizes requests, and passes requests and data between them • Provide an additional layer of security, and limit the attack surface of the system
  • 42. Typical Application
  • 43. Problem
  • 44. Gatekeeper Pattern
  • 45. When to use it • Sensitive information (Health care, Authentication) • Distributed System where perform request validation separately
  • 46. When not to use • Performance vs security
  • 47. Things to consider • WAF should not hold any keys or sensitive information • Use a secure communication channel • Auto scale • Endpoint IP address (when scaling application does the WAF know the new applications)
  • 48. Circuit Breaker Pattern
  • 49. Circuit Breaker Pattern • To handle faults that might take a variable amount of time to recover • When connecting to a remote service or resource
  • 50. Typical Application
  • 51. Problem
  • 52. Circuit Breaker
  • 53. When to use it • To prevent an application from trying to invoke a remote service or access a shared resource if this operation is highly likely to fail • Better user experience
  • 54. When not to use • Handling access to local private resources in an application, such as in-memory data structure • Creates an overhead • Not a substitute for handling exceptions in the business logic of your applications
  • 55. Libraries • Polly (http://www.thepollyproject.org/) • Netflix (Hystrix) https://github.com/Netflix/Hystrix/wiki
  • 56. Questions? Taswar Bhatti System Solutions Architect (Gemalto) Microsoft MVP http://taswar.zeytinsoft.com @taswarbhatti
  • We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks
    SAVE OUR EARTH

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!

    x