Post on 04-Jul-2020
An Introduction to E-Commerce Infrastructure
Building your own Website
Supporting a number of sites
• Concept of virtual hosting – used to host a number of Websites on a single
server box • Two choices
– IP-based hosting – Name-based hosting
IP based hosting
• Each virtual host name that Apache serves must be associated with a unique IP address or port number. If you want to use a different domain name then you must have a different IP address
• Two ways of getting separate IP addresses – use separate NIC cards suitable for small
system
Virtual Interfaces
• On the same physical card, you can have a set of different addresses by using virtual interfaces – So address could be assigned as:
• 204.148.170.3 eth0:1 www.alpha-complex.com • 204.148.170.4 eth0:2 www.beta-complex.com • 204.148.170.5 eth0:3 www.trouble-shooter.com
Configuring Virtual interfaces
• Use ifconfig • /sbin/ifconfig eth0:1 204.148.170.3 netmask
255.255. 255.128 • /sbin/ifconfig eth0:2 204.148.170.4 netmask
255.255.255.128
Web Security in Apache
• Access.conf file which indicates broad security policies
• Can also restrict access to certain directories on the site
• Limit based on methods (GET, POST, etc)
Example of Restricting Access
<Directory /local/web/private> <Limit get>
order deny, allow
deny from all
allow from .host.domain1 allow from .host.domain2
allow from 128.123.7 </Limit>
< /Directory>
Access Control cont’d • Order specifies whether to look at deny or
allow specification first • If order is not specified, then the last
directive will override a previous one • Can also restrict access to individual users • Apache supports two types of password
mechanism – htpasswd – dbmmanage
Aspects of Network Security
• If you want to set up a Web Server. Where do you place it relative to your network and firewall
• If the Web Server is private then it should be kept within the network. No packets must go through the firewall
• If the Web Server is public then it should placed before the firewall
Secure Socket Layer SSL • Running just above TCP/IP • Uses public key encryption • The server publishes its public key, client
also gives public key • They encode messages using the public key
of the other and use their private keys to decode messages addressed to them
• Associated with using https: instead of http
Proxy Servers
• Use for security – checks valid requests
• Used for caching – caches Web pages for nearby browsers – set up caching parameters
Caching Parameters • CacheRoot
– Physical path of the cache directory – CacheRoot /usr/tmp/webproxy
• CacheSize – no less that 250 Mbytes
• CacheGcInterval – how often the cache is garbage-collected
• CacheMaxExpire – how long in hours can a file be in the cache
Other Web servers
• There are a number of public ones • CERN Server - Unix and VMS • CL-HTTP - object-oriented server written in
Common Lisp • GOServe - Gopher and Web Server for OS/
2 and Windows (IBM) • Phttpd - a free multithreaded, lightweight
and fast Web server
Zeus Web Server
• Zeus - company in Cambridge UK • Developed a high-speed Web Server • Large share of the Web Server Market • Uses the select call in Unix rather than fork
or multithreading
Application Servers
• Web Servers are front ends to provide a commercial service
• Back office usually a database and file server
• Glue - Perl, Java, JavaScript
Totally Commercial Enterprise
• Mission – you are setting up a business to sell airline
tickets over the Internet – Access to SITA - the airline seat reservation
database – You have £200,000.00 – How do you set up your business
Network requirements • Networking Specs
– Number of calls/second 50 – Average number of bytes per call 8000 – Average number of NULL calls/second 5 – Bytes per null call 200 – 50 * 8000 + 5 * 200 = 401000 bytes/second – *1.5 so we can cope with peak load
601.5Kbytes/s – About 5.0 Mbits/s
Need to choose an ISP
• What guarantees would you like the ISP to provide
• Make sure it can provide at least the bandwidth required
• Make sure there is a minimum guarantee of service. Compensation if this is not met
• Possibility of switching to another ISP if service fails
Need IP addresses
• If you are trying to run a large commercial operation, you will need to get at least 16
Internet addresses • Need at least two subnets • Must keep your own internal network
separate from that for the Website
Router Issues
• Should you have your own router – buy it if you can
• Need a 10 Mbps outgoing interface • Two other 10 Mbps Ethernet interfaces
Firewall PCs
• Need to firewall each network coming from the router. If the router can do firewalling then make use of it
• Also we want to have a way for two subnets to talk to each other so that we can make changes from our private network without having to go back through the router
Possible Network Configuration
10 Mbps
10 Mbps 10 Mbps Router
Commercial Network
Internal Network
Firewall 1 Firewall
2
Firewall 3
Connection direction
Firewall PCs • Firewall 1
– 1 100 Mbps interface to commercial network – 1 10 Mbps to router – Only allows types of connection for global
services • ftp, http, etc NOT telnet or other access programs
• Firewall 2 – Same interfaces as firewall 1 – Disable all global ports
• ftp, http, etc – Disable ALL unused ports
Firewall 3
• Two 100 Mbps interfaces • Only allow connections from the Internal to
Commercial network • If someone hacks the commercial site they
do not get access to your internal records
Internal Network • Same as any other • Secure from outside access • Defined ways of interacting with the
commercial network – must use ssh or secure comms
• Still have to watch who is on your internal network – limit those who has access to the commercial
network
Commercial Network • At least a 100 Mbps • Who’s on it?
– Webserver – Databases back end – Fileserver
• What you might also add: – separate FTP server – duplicate Web Server
• redundancy, experimentation – a sniffer engine
• something that looks at all the network packets and detects if there is something weird happening
Web Server Security
• Main question – where are the security keys kept – too dangerous to be kept in files on the Web
Server • Hardware support
– files kept on a special device connected to the server by SCSI
Web Server Security
• Companies like nCipher help to provide this kind of security
• Very specific way of altering and managing these keys
• Can detect unauthorized access and erase the keys
Web Server Hardware
• Several options – Large shared memory multiprocessor – Number of closely coupled workstations – Larger number of inexpensive PCs
Shared Memory Multiprocessor
• Lots of CPUs tightly coupled together • Lots of memory > 8 GBs • Lots of disk • Very expensive
– Most expensive server is Sun’s Enterprise E10000 Server 64 CPUs, 8GBs memory
– over $2million
Shared Memory Multiprocessor
• Multithreaded software – expensive to debug
• Single point of failure • Is it the right model
– How well does it fit in with Global Servers such as a Web Server
Shared Memory Multiprocessor SMPs
• SMPs developed to give more processing power
• Good for complex problems – simulations, weather calculation, theoretical
chemistry modelling • Data set is large but can be constrained
– so lots of CPUs working in parallel
SMPs cont’d
• Web Server requires processing but not at the level of complex applications
• Static pages - no processing. A lot of that is moving data from disk to network interface
• Dynamic Pages - need information from files or database
• SMPs do not really fit the model
SMPs and Web Services
• When we use SMPs as Web Server • Network Interfaces tend to become a
bottleneck • File server tends to also be bottleneck • Need to have lots of memory for caching
Closely Coupled Workstations
• Implies a lot of computing power – Do we need so much computing power?
• Makes use of redundancy features • Also can make use of very high-speed
Cluster technology
Loosely Coupled Cheap PCs
• Appears to be the best suited model • Web Service needs close coupling between
the server , fileserver and database but there is no need to have close coupling between the server machines themselves
• Large commercial sites have 100s or 1000s of these cheap servers
What do the Maths say
• Simple queuing model • Tightly coupled CPUs tend to perform
better at low loads • Loosely coupled systems tend to perform
better at high loads when the system is under stress
Management Issues
• How do you manage such a large numbers of processors. For example quite a number of servers might be rebooting at any one time.
• Hardware issues – Power, space, cabling, cooling systems, etc
• Software Issues – configuration, booting, monitoring, error
logging and fixing
Blade Servers
• Server electronics made into a thin slice called a Blade
• Blade has CPU, memory, network interface • May or may not have disk • Extremely dense packing
– 100+ in 19-inch rack
Blade Servers cont’d
• Some blades configured as fileservers, • Some configured as Web Servers • Ethernet switches also integrated into the
system • Configuration and power management
software
Web Hosting
• Not just one site but must manage tens or hundreds of Web sites
• Different service requirements • Some servers not used very much • Other servers are critical to the company’s
success
Virtual Servers
• Partition the system such that the OS supports the idea of virtual Webservers
• Servers have their own virtual network interfaces and disk partitions, etc
• A type of Web Server Virtual Machine • Ensim:
– see http://www.ensim.com
OS Support Issues
• Supporting static Web pages requires that we send the pages (files) over the network
• Tedious to do so from user-space • So a system call named sendfile is used to
tell the OS to send files along TCP connections
Loosely Coupled Model
• Very inexpensive servers • Using the protocol stack may be taking
more computing power than servicing the actual request
• A way to relieve servers of having to do much work on the protocol stack
Network Processors
• Have some dedicated hardware to do some protocol processing
• Network processors – developed around 5 years ago – specially designed for handling network
packets rather than doing general computing
Network Processors
• Concept of Micro-engines – computational engines with small instruction
region – enough to route packets – 8 or 16 micro-engines working together
• Big Players – Intel, Vitesse Semiconductor, IBM
New Architecture
Network Processor
Blade Server
Storage Area Network
Fileserver
Database Server
Sources for this lecture
• How to Set Up and Maintain a Web Site – Lincoln D. Stein (Second Edition)
• Professional Apache 2.0 – Peter Wainwright
• Network processors – http://www.intel.com
• Search for Network Processors
• Blade Servers – http://www.egenera.com/whitepap.php