There are several important considerations we must take when designing solutions. There are golden principles that should drive each design in the cloud. As an architect during the design phase, you must take into account several disasters. You need a plan in every scenario. Having a plan will help you in creating systems that will be resilient, and prepared for each catastrophe.
There are four main topics you must cover when designing a solution. If you prepare yourself before by writing lots of questions. It will help you and will work as a checkpoint. During design just go through your list and tick all the boxes. This will help you in designing a good solution.
Architecture is about planning and being prepared for any circumstances. These happen ordinarily and those that happen unexpectedly. We have to plan and design solution that will cope with critical disasters. The key is the
Building a great system is iterative work. At each iteration we need to concentrate on a specific problem. You have to evaluate various risks and be prepared to mitigate them.
Design for security
Currently, data is a business asset. Must be protected with high priority. System resources must be resilient to network vulnerabilities. It should be protected with encryption both in transit and in storage. Security is a concept that applies to the whole lifecycle of an application. Cloud provides you with additional security benefits like DDoS attached or network intrusion detection. But this is the architect responsibility to build security into the
I am trying to ask myself several questions to challenge myself and find the answer.
How do we prevent system from hacking?
What to do if we get hacked?
How will I know if I was hacked?
How to maintain access to data to prevent from unauthorized usage?
In every business, there is confidential data, which must be protected from malicious people. Like I said before data is an asset. And must be treated like one. Since we have strict rules to protect personal data GDPR then there is an additional aspect we need to think about. Regulatory compliance something that you don’t like but must be managed. It will apply to personal data of your staff or your customers. What about their payments, for this we have another regulatory standard that we must adhere to. We need to remember that the cloud has vulnerabilities as everything so don’t take things for granted.
Security locks
In order for the security mechanism to be effective, we need to consider several layers. Each layer works as a fence. In the real world if you put 10 fences around your home it will make very difficult for an intruder to pass. The same principle applies to the cloud. This is called “defense in depth” and covers the
- Data
- Applications
- VM/Compute
- Networking
- Perimeter
- Policies and access
- Physical security
This creates in-depth protection. Each layer is aimed at protecting a different area. If one fails there are still other gates that protect us. By creating more layers we are increasing complexities for an attacker. Security should cover people and processes.
Each layer has some specific vulnerabilities that you need to tackle and be prepared.
- Data: Having strong encryption is a must. Both on storage and in transit.
- Applications: What we need to protect is code injections, SQL injection and cross-site scripting (XSS).
- VM/Compute: Protect against executing code on a
compromised system. - Networking: Open ports are the main issues, leaving SSH or RDP open to VM may be a big problem.
- Perimeter: Denial-of-service attacks are in this layer, this will take your servers down and other resources.
- Policies and access: It’s all about authentication, Active Directory, Kerberos, OAuth. Protect your credentials and put monitoring in place to know what is happening and when.
- Physical security: Protect your facilities, put locks everywhere and check who has access to them.
You have to remember that when you are in the cloud then you are sharing the security with Azure. Depending on which your model solution is in like IAAS, PAAS or SAAS. From this, you can infer what to protect. The closer to the SAAS you are the fewer worries you have. Managing IAAS is the most complex because you are responsible for the operating system and applications.
Design for performance and scalability
Our systems must be capable to scale with increased demand. A system should be able to do it automatically without human intervention. Azure cloud has a built-in mechanism that will allow scaling the application up or down depending on needs. This kind of architecture must be done at a application level and cloud resource level. You should be able to answer a question like Can we handle a
Despite all this Azure automation, there is work for you to analyze systems and identify bottlenecks and apply optimization. Optimization may include testing network speeds or IO on a storage solution. There should be thought put on each system independently. Looking at the code or logs. Performance analysis is a recurring process that applies to each system component. Once you identify potential issues from the architectural standpoint it will be easier to plan for the solution.
Scaling
Like in life everything depends on what we want to achieve. You need to make a decision if scaling up is better then scaling out. Scaling up is making your resource bigger and stronger. For example, you can add more RAM or CPU.
When you scale out then you add more instances of your resource.
Both ways will improve the
Performance patterns
You can tackle scalability and performance by following some principles.
- Data partitioning
To improve performance when accessing data we can partition it. Which means putting data into separate pots. This kind of separation helps because when I need a particular piece I know exactly in which pot it is. It simplifies the extraction process.
- Caching
Caching means having the most recent data handy. On an application level, you can put most often used data in memory so that retrieval time will be minimal. It is often used in a web application, to save time when serving data to the client.
- Autoscaling
It is a great feature of many Azure services. You can automate
- Separate intensive tasks
Very heavy tasks that require process intensive calculations or long-running workflows can be run in the
- Messaging
If two services must communicate with each other. It will be efficient to put a messaging mechanism between them. In this scenario, messages are communicated asynchronously. This has less impact on performance because the application can process tasks one by one. That way it is more resilient to more time-consuming messages.
- Monitor performance
Applications in the cloud are using several services. This makes the solution very complex. It is very difficult to pinpoint how each component is utilizing the system. You have to put a good diagnostic mechanism in place. Constant monitoring of your systems will provide valuable insights into operations. As they say, what is measured can be managed.
Design for availability and recoverability
These days business requires systems to be up and running 24/7. There is no justification for downtime. Each component of a solution should be prepared for a failure. There must be a plan for, how to recover? Users should not even notice if part of a system goes down. This should apply to the application and its data. The most important question comes to my mind can architecture handle the failure of one or more components?
Not a single business like downtime so it is our job to make solution unbreakable. This is part of an architectural design to be prepared for failures of various services and application components. High availability must limit the impact of failures. If they happen application must cope with it so users will not be impacted.
Recoverability means when a disaster happens can I still have access to my data? There should be no data loss. the process of data recovery after failure should be automatic. This will improve time to full recovery. You need to analyze each component and add redundancy to limit the possibility of an outage. In reality, we should allow for some data loss. This will save tons of money. There is always a tradeoff between costs and complexities of a solution.
Design for efficiency and operations
Efficient in business terms means cost-effective. A system must utilize all the resources available. You can not allow for any waste. Like in Japanese Kaizen you need to look in every part of a system and search for improvements. In Azure, you pay per second, per minute or per hour. When it is coming to Azure “time is money” if there is an unnecessary process that takes up resources you should control it. Luckily for you, Azure provides tools to measure and monitor all usage. Monitoring costs is an ongoing activity, generally, each application will have its own manager who will perform such a task.
The most often reason for increased costs is consuming more resources than is required. Or paying for resources that are idle most of the time. Fox example my development machines are working only 9:00 to 5:00. They shut down automatically to save money. There must be a process of constant monitoring resources. Any misalignment must be immediately corrected. This may include resizing virtual machines. Where you can try moving to PAAS, which is cheaper than IAAS.
There should be a huge emphasis on the automation of resource management. We, humans, are still bit slow and faulty. We make too many mistakes. 🙁 Automating common tasks we improve efficiency and reduce possible errors.
Shared responsibility
Shared responsibility is a concept that applies to the cloud environment. Depending on which service model you choose you will be responsible for managing certain parts of the system. It depends if you are on the IAAS, PAAS, or SAAS. The closer you are to the bare metal like in IAAS then you have to manage Data, applications, OS
Perfect Solution
If you are looking for a perfect solution then you have to be prepared for some tradeoffs. In reality, if we plan to create systems that are always available, efficient, secure and fast then are looking into huge costs or long time to delivery. There are some tradeoffs to balance costs with reality. It’s a business decision to pick what is the highest priority. Luckily for us, good people have made some useful design patterns what we can use. They will save time and provides valuable help.