An Introduction to E-Commerce Infrastructure

Building your own Website

Supporting a number of sites

•  Concept of virtual hosting –  used to host a number of Websites on a single

server box •  Two choices

–  IP-based hosting – Name-based hosting

IP based hosting

•  Each virtual host name that Apache serves must be associated with a unique IP address or port number. If you want to use a different domain name then you must have a different IP address

•  Two ways of getting separate IP addresses –  use separate NIC cards suitable for small

system

Virtual Interfaces

•  On the same physical card, you can have a set of different addresses by using virtual interfaces – So address could be assigned as:

•  204.148.170.3 eth0:1 www.alpha-complex.com •  204.148.170.4 eth0:2 www.beta-complex.com •  204.148.170.5 eth0:3 www.trouble-shooter.com

Configuring Virtual interfaces

•  Use ifconfig •  /sbin/ifconfig eth0:1 204.148.170.3 netmask

255.255. 255.128 •  /sbin/ifconfig eth0:2 204.148.170.4 netmask

255.255.255.128

Web Security in Apache

•  Access.conf file which indicates broad security policies

•  Can also restrict access to certain directories on the site

•  Limit based on methods (GET, POST, etc)

Example of Restricting Access

<Directory /local/web/private> <Limit get>

order deny, allow

deny from all

allow from .host.domain1 allow from .host.domain2

allow from 128.123.7 </Limit>

< /Directory>

Access Control cont’d •  Order specifies whether to look at deny or

allow specification first •  If order is not specified, then the last

directive will override a previous one •  Can also restrict access to individual users •  Apache supports two types of password

mechanism –  htpasswd –  dbmmanage

Aspects of Network Security

•  If you want to set up a Web Server. Where do you place it relative to your network and firewall

•  If the Web Server is private then it should be kept within the network. No packets must go through the firewall

•  If the Web Server is public then it should placed before the firewall

Secure Socket Layer SSL •  Running just above TCP/IP •  Uses public key encryption •  The server publishes its public key, client

also gives public key •  They encode messages using the public key

of the other and use their private keys to decode messages addressed to them

•  Associated with using https: instead of http

Proxy Servers

•  Use for security –  checks valid requests

•  Used for caching –  caches Web pages for nearby browsers –  set up caching parameters

Caching Parameters •  CacheRoot

– Physical path of the cache directory – CacheRoot /usr/tmp/webproxy

•  CacheSize –  no less that 250 Mbytes

•  CacheGcInterval –  how often the cache is garbage-collected

•  CacheMaxExpire –  how long in hours can a file be in the cache

Other Web servers

•  There are a number of public ones •  CERN Server - Unix and VMS •  CL-HTTP - object-oriented server written in

Common Lisp •  GOServe - Gopher and Web Server for OS/

2 and Windows (IBM) •  Phttpd - a free multithreaded, lightweight

and fast Web server

Zeus Web Server

•  Zeus - company in Cambridge UK •  Developed a high-speed Web Server •  Large share of the Web Server Market •  Uses the select call in Unix rather than fork

or multithreading

Application Servers

•  Web Servers are front ends to provide a commercial service

•  Back office usually a database and file server

•  Glue - Perl, Java, JavaScript

Totally Commercial Enterprise

•  Mission –  you are setting up a business to sell airline

tickets over the Internet – Access to SITA - the airline seat reservation

database – You have £200,000.00 – How do you set up your business

Network requirements •  Networking Specs

– Number of calls/second 50 – Average number of bytes per call 8000 – Average number of NULL calls/second 5 – Bytes per null call 200 –  50 * 8000 + 5 * 200 = 401000 bytes/second –  *1.5 so we can cope with peak load

601.5Kbytes/s – About 5.0 Mbits/s

Need to choose an ISP

•  What guarantees would you like the ISP to provide

•  Make sure it can provide at least the bandwidth required

•  Make sure there is a minimum guarantee of service. Compensation if this is not met

•  Possibility of switching to another ISP if service fails

Need IP addresses

•  If you are trying to run a large commercial operation, you will need to get at least 16

Internet addresses •  Need at least two subnets •  Must keep your own internal network

separate from that for the Website

Router Issues

•  Should you have your own router –  buy it if you can

•  Need a 10 Mbps outgoing interface •  Two other 10 Mbps Ethernet interfaces

Firewall PCs

•  Need to firewall each network coming from the router. If the router can do firewalling then make use of it

•  Also we want to have a way for two subnets to talk to each other so that we can make changes from our private network without having to go back through the router

Possible Network Configuration

10 Mbps

10 Mbps 10 Mbps Router

Commercial Network

Internal Network

Firewall 1 Firewall

2

Firewall 3

Connection direction

Firewall PCs •  Firewall 1

–  1 100 Mbps interface to commercial network –  1 10 Mbps to router – Only allows types of connection for global

services •  ftp, http, etc NOT telnet or other access programs

•  Firewall 2 – Same interfaces as firewall 1 – Disable all global ports

•  ftp, http, etc – Disable ALL unused ports

Firewall 3

•  Two 100 Mbps interfaces •  Only allow connections from the Internal to

Commercial network •  If someone hacks the commercial site they

do not get access to your internal records

Internal Network •  Same as any other •  Secure from outside access •  Defined ways of interacting with the

commercial network – must use ssh or secure comms

•  Still have to watch who is on your internal network –  limit those who has access to the commercial

network

Commercial Network •  At least a 100 Mbps •  Who’s on it?

– Webserver – Databases back end – Fileserver

•  What you might also add: –  separate FTP server –  duplicate Web Server

•  redundancy, experimentation –  a sniffer engine

•  something that looks at all the network packets and detects if there is something weird happening

Web Server Security

•  Main question – where are the security keys kept –  too dangerous to be kept in files on the Web

Server •  Hardware support

–  files kept on a special device connected to the server by SCSI

Web Server Security

•  Companies like nCipher help to provide this kind of security

•  Very specific way of altering and managing these keys

•  Can detect unauthorized access and erase the keys

Web Server Hardware

•  Several options – Large shared memory multiprocessor – Number of closely coupled workstations – Larger number of inexpensive PCs

Shared Memory Multiprocessor

•  Lots of CPUs tightly coupled together •  Lots of memory > 8 GBs •  Lots of disk •  Very expensive

– Most expensive server is Sun’s Enterprise E10000 Server 64 CPUs, 8GBs memory

–  over $2million

Shared Memory Multiprocessor

•  Multithreaded software –  expensive to debug

•  Single point of failure •  Is it the right model

– How well does it fit in with Global Servers such as a Web Server

Shared Memory Multiprocessor SMPs

•  SMPs developed to give more processing power

•  Good for complex problems –  simulations, weather calculation, theoretical

chemistry modelling •  Data set is large but can be constrained

–  so lots of CPUs working in parallel

SMPs cont’d

•  Web Server requires processing but not at the level of complex applications

•  Static pages - no processing. A lot of that is moving data from disk to network interface

•  Dynamic Pages - need information from files or database

•  SMPs do not really fit the model

SMPs and Web Services

•  When we use SMPs as Web Server •  Network Interfaces tend to become a

bottleneck •  File server tends to also be bottleneck •  Need to have lots of memory for caching

Closely Coupled Workstations

•  Implies a lot of computing power – Do we need so much computing power?

•  Makes use of redundancy features •  Also can make use of very high-speed

Cluster technology

Loosely Coupled Cheap PCs

•  Appears to be the best suited model •  Web Service needs close coupling between

the server , fileserver and database but there is no need to have close coupling between the server machines themselves

•  Large commercial sites have 100s or 1000s of these cheap servers

What do the Maths say

•  Simple queuing model •  Tightly coupled CPUs tend to perform

better at low loads •  Loosely coupled systems tend to perform

better at high loads when the system is under stress

Management Issues

•  How do you manage such a large numbers of processors. For example quite a number of servers might be rebooting at any one time.

•  Hardware issues – Power, space, cabling, cooling systems, etc

•  Software Issues –  configuration, booting, monitoring, error

logging and fixing

Blade Servers

•  Server electronics made into a thin slice called a Blade

•  Blade has CPU, memory, network interface •  May or may not have disk •  Extremely dense packing

–  100+ in 19-inch rack

Blade Servers cont’d

•  Some blades configured as fileservers, •  Some configured as Web Servers •  Ethernet switches also integrated into the

system •  Configuration and power management

software

Web Hosting

•  Not just one site but must manage tens or hundreds of Web sites

•  Different service requirements •  Some servers not used very much •  Other servers are critical to the company’s

success

Virtual Servers

•  Partition the system such that the OS supports the idea of virtual Webservers

•  Servers have their own virtual network interfaces and disk partitions, etc

•  A type of Web Server Virtual Machine •  Ensim:

–  see http://www.ensim.com

OS Support Issues

•  Supporting static Web pages requires that we send the pages (files) over the network

•  Tedious to do so from user-space •  So a system call named sendfile is used to

tell the OS to send files along TCP connections

Loosely Coupled Model

•  Very inexpensive servers •  Using the protocol stack may be taking

more computing power than servicing the actual request

•  A way to relieve servers of having to do much work on the protocol stack

Network Processors

•  Have some dedicated hardware to do some protocol processing

•  Network processors –  developed around 5 years ago –  specially designed for handling network

packets rather than doing general computing

Network Processors

•  Concept of Micro-engines –  computational engines with small instruction

region –  enough to route packets –  8 or 16 micro-engines working together

•  Big Players –  Intel, Vitesse Semiconductor, IBM

New Architecture

Network Processor

Blade Server

Storage Area Network

Fileserver

Database Server

Sources for this lecture

•  How to Set Up and Maintain a Web Site – Lincoln D. Stein (Second Edition)

•  Professional Apache 2.0 – Peter Wainwright

•  Network processors –  http://www.intel.com

•  Search for Network Processors

•  Blade Servers –  http://www.egenera.com/whitepap.php