Web Infrastructure

Definition

Refers to the underlying framework and resources required to support the operation of websites, web applications, and internet services. This includes various components (hardware and software), that work together to deliver content and services to users across the internet.

Web infrastructure can be categorized into the following:

• Simple web infrastructure / simple web stack
• Distributed web infrastructure
• Secure and monitored web infrastructure

1. Simple web infrastructure

At a minimum, it consists of a server, a web server, an application server, a codebase, and a database.

To be able to understand what each component is and its role in the setup, let’s take a scenario where a user wants to access www.foobar.com over the internet.

What is a server?

A server is a computer system or software application that provides services or resources to clients over a network. It is a physical or virtual machine hosting the web infrastructure. Each server has an address(IP address) that is used to access it.

What is the role of the domain name?

The domain name, foobar.com, serves as a human-readable alias for the server’s IP address, e.g. 8.8.8.8. This makes it easier for users to access the website as it is easier to remember as compared to the actual address.

What type of DNS record is www in www.foobar.com?

Almost all domain names are prefixed with www. The www record is a subdomain that typically points to the main domain name. It’s usually configured as a CNAME(Canonical Name) record in the DNS.

What is the role of the web server?

The web server e.g. Nginx, Apache, handles incoming HTTP requests from clients and serves static files or routes dynamic requests to the application server for processing.

What is the role of the application server?

The application server executes the web application codebase, generates dynamic content, and interacts with the database to retrieve or update information as needed.

What is the role of the database?

The database e.g. MySQL, Postgresql, stores and manages structured data used by the web application. This allows for efficient storage, retrieval, and manipulation of data required for the website’s functionality.

What is the server using to communicate with the user’s computer requesting the website?

The server communicates with the user’s computer over the HTTP protocol, exchanging requests and responses containing web content.

As simple as it may seem, there are limitations to this infrastructure:

• Single Point of Failure — Since we only have one server, it represents a single point of failure. If the server goes down due to hardware failure or system troubles, the entire website becomes inaccessible.
• Downtime during maintenance — During maintenance tasks such as deploying new code or updating server configurations, the web server may need to be restarted, resulting in temporary downtime for the website.
• Scalability limitations — With only one server, the infrastructure cannot easily handle a significant increase in incoming traffic.

2. Distributed web infrastructure

This is an improvement over the simple web stack. It has an additional server and a load balancer.

Why the extras?

• Extra server — Allows incoming traffic to be distributed.
• Load balancer — This is to distribute incoming traffic across multiple servers for improved performance and availability.

What distribution algorithm is configured for the load balancer and how does it work?

• Round Robin algorithm — It works by sequentially forwarding incoming requests to each server in turn, ensuring equal distribution of traffic.

Is the load balancer enabling an Active-Active or Active-Passive setup? What’s the difference between both?

• Active-active setup. In an active-active setup, both the servers are actively serving traffic and the load balancer distributes requests across them which ensures high availability. On the other hand, in an active-passive setup, only one server is actively serving traffic, while the other server remains on standby. If the active server fails the passive server takes over.

How does a database Primary-Replica (Master-Slave) cluster work?

In a Primary-Replica cluster, the Primary node(Master) handles all write operations (insert, update, delete) and replicates the changes to one or more Replica nodes(Slaves). The Replica nodes serve read-only queries, improving read scalability and providing fault tolerance.

What is the difference between the Primary node and the Replica node in regard to the application?

• The Primary node handles write operations and is responsible for maintaining the authoritative copy of the data. The application interacts with the primary node for its write operations.
• The Replica nodes replicate data from the Primary node and serve read-only queries from the application. They provide additional capacity for handling read traffic.

Even with the improvements, this setup has some issues:

• Single Point of Failure — Since only a single load balancer is available, if it fails, incoming traffic won’t be distributed properly.
• Security issues — There is no mention of firewalls or HTTPS, leaving the infrastructure vulnerable to various threats, such as unauthorized access and data interception.
• No monitoring — Without monitoring in place, it becomes difficult to detect and troubleshoot issues such as performance bottlenecks, resource utilization, and server failures in real-time.

3. Secure and monitored web infrastructure

The infrastructure setup is augmented with firewalls, SSL certification, and monitoring clients.

Why the extra resources?

• Firewalls — This is to control and secure network traffic, protecting the servers from unauthorized access and potential security threats.
• SSL Certificate — This is to encrypt traffic between clients and servers, ensuring data confidentiality and integrity.
• Monitoring clients — This is to collect performance metrics and monitor the health and availability of the servers and services, enabling proactive management and troubleshooting.

What are firewalls for?

Firewalls control and secure network traffic, protecting the servers from unauthorized access and potential security threats.

Why is the traffic served over HTTPS?

HTTPS encrypts data transmitted between clients and servers, protecting sensitive information such as login credentials, personal details, and financial transactions from eavesdropping and tampering.

What monitoring is used for?

Monitoring is used to track the performance, availability, and health of the web infrastructure and detect any anomalies that may arise.

How is the monitoring tool collecting data?

It collects data by deploying monitoring agents or clients on each server to gather metrics, logs, and other relevant information. The data is then aggregated to the monitoring dashboard.

What should you do if you want to monitor your web server QPS?

If you want to monitor the web server’s query per second (QPS), you can configure the monitoring tool to collect metrics related to incoming HTTP requests and response times.

Again, this setup has some issues:

• SSL termination at the load balancer — This can expose decrypted traffic within the internal network, potentially compromising data security. It is recommended to terminate SSL at the web server level for end-to-end encryption.
• Only one MySQL server for write operations — This creates a single point of failure which can result in data loss or service disruption. Clustering may mitigate this risk.
• Having servers with all the same components — This may lead to a lack of diversity in the infrastructure, making it vulnerable to common mode failures. It’s advisable to distribute components across different servers or employ different servers or employ redundancy to enhance reliability and fault tolerance.

The following illustration shows a far better improvement. It involves distributing components (database, web server, and application server) for each server to employ redundancy. It also has an additional load balancer to eliminate a single point of failure at the load balancing level: