an introduction to e-commerce infrastructure · an introduction to e-commerce infrastructure...
TRANSCRIPT
![Page 1: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/1.jpg)
An Introduction to E-Commerce Infrastructure
Building your own Website
![Page 2: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/2.jpg)
Supporting a number of sites
• Concept of virtual hosting – used to host a number of Websites on a single
server box • Two choices
– IP-based hosting – Name-based hosting
![Page 3: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/3.jpg)
IP based hosting
• Each virtual host name that Apache serves must be associated with a unique IP address or port number. If you want to use a different domain name then you must have a different IP address
• Two ways of getting separate IP addresses – use separate NIC cards suitable for small
system
![Page 4: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/4.jpg)
Virtual Interfaces
• On the same physical card, you can have a set of different addresses by using virtual interfaces – So address could be assigned as:
• 204.148.170.3 eth0:1 www.alpha-complex.com • 204.148.170.4 eth0:2 www.beta-complex.com • 204.148.170.5 eth0:3 www.trouble-shooter.com
![Page 5: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/5.jpg)
Configuring Virtual interfaces
• Use ifconfig • /sbin/ifconfig eth0:1 204.148.170.3 netmask
255.255. 255.128 • /sbin/ifconfig eth0:2 204.148.170.4 netmask
255.255.255.128
![Page 6: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/6.jpg)
Web Security in Apache
• Access.conf file which indicates broad security policies
• Can also restrict access to certain directories on the site
• Limit based on methods (GET, POST, etc)
![Page 7: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/7.jpg)
Example of Restricting Access
<Directory /local/web/private> <Limit get>
order deny, allow
deny from all
allow from .host.domain1 allow from .host.domain2
allow from 128.123.7 </Limit>
< /Directory>
![Page 8: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/8.jpg)
Access Control cont’d • Order specifies whether to look at deny or
allow specification first • If order is not specified, then the last
directive will override a previous one • Can also restrict access to individual users • Apache supports two types of password
mechanism – htpasswd – dbmmanage
![Page 9: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/9.jpg)
Aspects of Network Security
• If you want to set up a Web Server. Where do you place it relative to your network and firewall
• If the Web Server is private then it should be kept within the network. No packets must go through the firewall
• If the Web Server is public then it should placed before the firewall
![Page 10: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/10.jpg)
Secure Socket Layer SSL • Running just above TCP/IP • Uses public key encryption • The server publishes its public key, client
also gives public key • They encode messages using the public key
of the other and use their private keys to decode messages addressed to them
• Associated with using https: instead of http
![Page 11: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/11.jpg)
Proxy Servers
• Use for security – checks valid requests
• Used for caching – caches Web pages for nearby browsers – set up caching parameters
![Page 12: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/12.jpg)
Caching Parameters • CacheRoot
– Physical path of the cache directory – CacheRoot /usr/tmp/webproxy
• CacheSize – no less that 250 Mbytes
• CacheGcInterval – how often the cache is garbage-collected
• CacheMaxExpire – how long in hours can a file be in the cache
![Page 13: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/13.jpg)
Other Web servers
• There are a number of public ones • CERN Server - Unix and VMS • CL-HTTP - object-oriented server written in
Common Lisp • GOServe - Gopher and Web Server for OS/
2 and Windows (IBM) • Phttpd - a free multithreaded, lightweight
and fast Web server
![Page 14: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/14.jpg)
Zeus Web Server
• Zeus - company in Cambridge UK • Developed a high-speed Web Server • Large share of the Web Server Market • Uses the select call in Unix rather than fork
or multithreading
![Page 15: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/15.jpg)
Application Servers
• Web Servers are front ends to provide a commercial service
• Back office usually a database and file server
• Glue - Perl, Java, JavaScript
![Page 16: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/16.jpg)
Totally Commercial Enterprise
• Mission – you are setting up a business to sell airline
tickets over the Internet – Access to SITA - the airline seat reservation
database – You have £200,000.00 – How do you set up your business
![Page 17: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/17.jpg)
Network requirements • Networking Specs
– Number of calls/second 50 – Average number of bytes per call 8000 – Average number of NULL calls/second 5 – Bytes per null call 200 – 50 * 8000 + 5 * 200 = 401000 bytes/second – *1.5 so we can cope with peak load
601.5Kbytes/s – About 5.0 Mbits/s
![Page 18: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/18.jpg)
Need to choose an ISP
• What guarantees would you like the ISP to provide
• Make sure it can provide at least the bandwidth required
• Make sure there is a minimum guarantee of service. Compensation if this is not met
• Possibility of switching to another ISP if service fails
![Page 19: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/19.jpg)
Need IP addresses
• If you are trying to run a large commercial operation, you will need to get at least 16
Internet addresses • Need at least two subnets • Must keep your own internal network
separate from that for the Website
![Page 20: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/20.jpg)
Router Issues
• Should you have your own router – buy it if you can
• Need a 10 Mbps outgoing interface • Two other 10 Mbps Ethernet interfaces
![Page 21: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/21.jpg)
Firewall PCs
• Need to firewall each network coming from the router. If the router can do firewalling then make use of it
• Also we want to have a way for two subnets to talk to each other so that we can make changes from our private network without having to go back through the router
![Page 22: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/22.jpg)
Possible Network Configuration
10 Mbps
10 Mbps 10 Mbps Router
Commercial Network
Internal Network
Firewall 1 Firewall
2
Firewall 3
Connection direction
![Page 23: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/23.jpg)
Firewall PCs • Firewall 1
– 1 100 Mbps interface to commercial network – 1 10 Mbps to router – Only allows types of connection for global
services • ftp, http, etc NOT telnet or other access programs
• Firewall 2 – Same interfaces as firewall 1 – Disable all global ports
• ftp, http, etc – Disable ALL unused ports
![Page 24: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/24.jpg)
Firewall 3
• Two 100 Mbps interfaces • Only allow connections from the Internal to
Commercial network • If someone hacks the commercial site they
do not get access to your internal records
![Page 25: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/25.jpg)
Internal Network • Same as any other • Secure from outside access • Defined ways of interacting with the
commercial network – must use ssh or secure comms
• Still have to watch who is on your internal network – limit those who has access to the commercial
network
![Page 26: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/26.jpg)
Commercial Network • At least a 100 Mbps • Who’s on it?
– Webserver – Databases back end – Fileserver
• What you might also add: – separate FTP server – duplicate Web Server
• redundancy, experimentation – a sniffer engine
• something that looks at all the network packets and detects if there is something weird happening
![Page 27: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/27.jpg)
Web Server Security
• Main question – where are the security keys kept – too dangerous to be kept in files on the Web
Server • Hardware support
– files kept on a special device connected to the server by SCSI
![Page 28: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/28.jpg)
Web Server Security
• Companies like nCipher help to provide this kind of security
• Very specific way of altering and managing these keys
• Can detect unauthorized access and erase the keys
![Page 29: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/29.jpg)
Web Server Hardware
• Several options – Large shared memory multiprocessor – Number of closely coupled workstations – Larger number of inexpensive PCs
![Page 30: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/30.jpg)
Shared Memory Multiprocessor
• Lots of CPUs tightly coupled together • Lots of memory > 8 GBs • Lots of disk • Very expensive
– Most expensive server is Sun’s Enterprise E10000 Server 64 CPUs, 8GBs memory
– over $2million
![Page 31: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/31.jpg)
Shared Memory Multiprocessor
• Multithreaded software – expensive to debug
• Single point of failure • Is it the right model
– How well does it fit in with Global Servers such as a Web Server
![Page 32: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/32.jpg)
Shared Memory Multiprocessor SMPs
• SMPs developed to give more processing power
• Good for complex problems – simulations, weather calculation, theoretical
chemistry modelling • Data set is large but can be constrained
– so lots of CPUs working in parallel
![Page 33: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/33.jpg)
SMPs cont’d
• Web Server requires processing but not at the level of complex applications
• Static pages - no processing. A lot of that is moving data from disk to network interface
• Dynamic Pages - need information from files or database
• SMPs do not really fit the model
![Page 34: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/34.jpg)
SMPs and Web Services
• When we use SMPs as Web Server • Network Interfaces tend to become a
bottleneck • File server tends to also be bottleneck • Need to have lots of memory for caching
![Page 35: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/35.jpg)
Closely Coupled Workstations
• Implies a lot of computing power – Do we need so much computing power?
• Makes use of redundancy features • Also can make use of very high-speed
Cluster technology
![Page 36: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/36.jpg)
Loosely Coupled Cheap PCs
• Appears to be the best suited model • Web Service needs close coupling between
the server , fileserver and database but there is no need to have close coupling between the server machines themselves
• Large commercial sites have 100s or 1000s of these cheap servers
![Page 37: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/37.jpg)
What do the Maths say
• Simple queuing model • Tightly coupled CPUs tend to perform
better at low loads • Loosely coupled systems tend to perform
better at high loads when the system is under stress
![Page 38: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/38.jpg)
Management Issues
• How do you manage such a large numbers of processors. For example quite a number of servers might be rebooting at any one time.
• Hardware issues – Power, space, cabling, cooling systems, etc
• Software Issues – configuration, booting, monitoring, error
logging and fixing
![Page 39: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/39.jpg)
Blade Servers
• Server electronics made into a thin slice called a Blade
• Blade has CPU, memory, network interface • May or may not have disk • Extremely dense packing
– 100+ in 19-inch rack
![Page 40: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/40.jpg)
Blade Servers cont’d
• Some blades configured as fileservers, • Some configured as Web Servers • Ethernet switches also integrated into the
system • Configuration and power management
software
![Page 41: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/41.jpg)
Web Hosting
• Not just one site but must manage tens or hundreds of Web sites
• Different service requirements • Some servers not used very much • Other servers are critical to the company’s
success
![Page 42: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/42.jpg)
Virtual Servers
• Partition the system such that the OS supports the idea of virtual Webservers
• Servers have their own virtual network interfaces and disk partitions, etc
• A type of Web Server Virtual Machine • Ensim:
– see http://www.ensim.com
![Page 43: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/43.jpg)
OS Support Issues
• Supporting static Web pages requires that we send the pages (files) over the network
• Tedious to do so from user-space • So a system call named sendfile is used to
tell the OS to send files along TCP connections
![Page 44: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/44.jpg)
Loosely Coupled Model
• Very inexpensive servers • Using the protocol stack may be taking
more computing power than servicing the actual request
• A way to relieve servers of having to do much work on the protocol stack
![Page 45: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/45.jpg)
Network Processors
• Have some dedicated hardware to do some protocol processing
• Network processors – developed around 5 years ago – specially designed for handling network
packets rather than doing general computing
![Page 46: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/46.jpg)
Network Processors
• Concept of Micro-engines – computational engines with small instruction
region – enough to route packets – 8 or 16 micro-engines working together
• Big Players – Intel, Vitesse Semiconductor, IBM
![Page 47: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/47.jpg)
New Architecture
Network Processor
Blade Server
Storage Area Network
Fileserver
Database Server
![Page 48: An Introduction to E-Commerce Infrastructure · An Introduction to E-Commerce Infrastructure Building your own Website . ... do you place it relative to your network and firewall](https://reader030.vdocuments.site/reader030/viewer/2022040414/5f1c95edfe06d62bd104cc1c/html5/thumbnails/48.jpg)
Sources for this lecture
• How to Set Up and Maintain a Web Site – Lincoln D. Stein (Second Edition)
• Professional Apache 2.0 – Peter Wainwright
• Network processors – http://www.intel.com
• Search for Network Processors
• Blade Servers – http://www.egenera.com/whitepap.php