The solution architecture needs to consider multiple attributes and design applications. Solution design may have a broad impact across numerous projects in an organization and that demands a careful evaluation of the various properties of the architecture and striking a balance between them.
This chapter will provide an overall understanding of each attribute and how they are related to each other and coexist in solution design.
There may be more attributes, depending on the solution's complexity, but in this chapter, you will learn about the common characteristics that can be applied to most aspects of solution design. You can also view them as NFRs (which fulfill an essential aspect of design). It is the responsibility of a solution architect to look at all the attributes and make sure they satisfy the desired requirements and fulfill...
Scalability and elasticity
Scalability has always been a primary factor while designing a solution. If you ask any enterprise about their existing and new solutions, most of the time they like to plan ahead for scalability. Scalability means giving your system the ability to handle growing workloads, and it can apply to multiple layers, such as the application server, web app, and database.
As most applications nowadays are web-based, let's talk about elasticity. This is not only about growing out your system by adding more capabilities but also shrinking it to save cost. Especially with the adoption of the public cloud, it becomes easy to grow and shrink your workload quickly, and elasticity is replacing the term scalability.
Traditionally, there are two modes of scaling:
- Horizontal scaling: It is becoming increasingly popular as compute commodity has become exponentially cheaper in the last decade. In horizontal scaling, the team adds more instances to handle increasing workloads...
The capacity dilemma in scaling
Most businesses have a peak season when the user is most active, and the application has to handle an additional load to meet demands. Take the classic example of an e-commerce website, selling all kinds of products such as cloth, groceries, electronic items, merchandise, and many more. These e-commerce sites have regular traffic throughout the year but get 10 times more traffic in the shopping season, for example, Black Friday and Cyber Monday in the US, or Boxing Day in the UK. This pattern creates an interesting problem for capacity planning, where your workload is going to increase drastically for just 1 month in the entire year.
In the traditional on-premise data center, ordering additional hardware can take between 4 to 6 months before it becomes application-ready, which means a solution architect has to plan for capacity. Excess capacity planning means your IT infrastructure resources will be sitting idle for most of the year, and less capacity means...
Scaling your architecture
Let's continue with the e-commerce website example by considering a modern three-tier architecture. Let's see how we can achieve elasticity at a different layer of the application. Here, we are only targeting the elasticity and scalability aspects of architecture design. You will learn more about this in Chapter 6, Solution Architecture Design Patterns.
The following diagram shows a three-tier architecture diagram of the AWS Cloud tech stack:
In the preceding architecture diagram, you can see a lot of components, such as the following:
- Virtual server (Amazon EC2)
- Database (Amazon RDS)
- Load balancer (Amazon Elastic Load Balancer)
- DNS server (Amazon Route53)
- CDN service (Amazon CloudFront)
- Network boundary (VPC) and object store (Amazon S3)
As shown in the preceding diagram, there is a fleet of web servers and application servers behind the load balancer. In this architecture, the user sends an application request to...
Static content scaling
The web layer of the architecture is mostly concerned about displaying and collecting data and passing it to the application layer for further processing. In the case of an e-commerce website, each product will have multiple images and maybe videos to show a product's texture and demos, which means the website will have lots of static content with a read-heavy workload since, most of the time, users will be browsing products.
Storing static content in the web server means consuming lots of storage space, and as product listings grow you have to worry about scalability. The other problem is that static content (such as high-resolution images and videos) is large, which may cause significant load latency on the user's end. The web tier needs to utilize the Content Distribution Network (CDN) to solve this issue.
CDN providers (such as Akamai, Amazon CloudFront, Microsoft Azure CDN, and Google CDN) provide edge locations across the globe where static content...
Server fleet elasticity
The application tier collects user requests from the web tier and performs the heavy lifting of calculating business logic and talking to the database. When user requests increase, the application tier needs to scale to handle them and shrink back as demands decrease. In such scenarios, users are tied to the session, where they may be browsing from their mobile and purchasing from their desktop. Performing horizontal scaling without handling user sessions may cause a bad user experience as it will reset their shopping progress.
Here, the first step is to take care of user sessions by decoupling them from the application server instance, which means you should consider maintaining the user session in an independent layer such as a NoSQL database. NoSQL databases are key-value pair stores, where you can store semi-structured data.
Once you start storing your user session in NoSQL databases such as Amazon DynamoDB or MongoDB, your instance can scale horizontally without...
Most applications use relational databases to store their transactional data. The main problem with relational databases is that they can scale horizontally until you plan for other techniques such as sharding and modifying your application accordingly. This sounds like a lot of work.
When it comes to databases, it is better to take preventive care and reduce their load. Using a mix of storage, such as storing user sessions in separate NoSQL databases and storing static content in an object store, helps to offload the master database. It's better to keep the master database node only for writing and updating data and use an additional read replica for all read requests.
Amazon RDS engine provides up to six read replicas for relational databases, and Oracle plugins can live-sync data between two nodes. Read replicas may have milliseconds of delay while syncing with the master node, and you need to plan for that while designing your application. It is recommended to...
High availability and resiliency
The one thing an organization doesn't want to see is downtime. Application downtime can cause a loss of business and user trust, which makes high availability one of the primary factors while designing the solution architecture. The requirement of application uptime varies from application to application.
If you have an external-facing application with a large user base such as an e-commerce website or social media, then 100% uptime becomes critical. In the case of an internal application (accessed by an employee such as an HR system or internal company), a blog can tolerate some downtime. Achieving high availability is directly associated with cost, so a solution architect always needs to plan for high availability, as per the application requirements, to avoid over-architecting.
To achieve a high availability (HA) architecture, it's better to plan workloads in the isolated physical location of the data center so that if an outage happens in...
Fault tolerance and redundancy
In the previous section, you learned that fault tolerance and high availability have a close relationship with each other. High availability means your application is available for the user, but maybe with degraded performance. Suppose you need four servers to handle a user's traffic. For this, you put two servers in two different physically isolated data centers. If there is an outage in one data center, then user traffic can be served from another data center. But now, you have only two servers, which means you're left with 50% of the original capacity, and users may experience performance issue. In this scenario, your application has 100% high availability but is only 50% fault tolerant.
Fault tolerance is about handling workload capacity if an outage occurs without compromising system performance. A full fault-tolerant architecture involves high costs due to increased redundancy. Whether your user base can live with degraded performance for...
Disaster recovery and business continuity
In the previous section, you learned about using high availability and fault tolerance to handle application uptime. There may be a situation when the entire region where your data center is located goes down due to massive power grid outages, earthquakes, or floods, but your global business should continue running. In such situations, you must have a disaster recovery plan where you will plan your business continuity by preparing sufficient IT resources in an entirely different region, maybe in different continents or countries.
When planning disaster recovery, a solution architect must understand an organization's Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO means how much downtime a business can sustain without any significant impact. RPO indicates how much data loss a business can resist. A reduced RTO and RPO means more cost, so it is essential to understand whether the business is mission-critical and needs...
Extensibility and reusability
Businesses evolve as they grow, where applications not only scale to handle an increased user base but also keep adding more features to stay ahead and get a competitive edge. A solution design needs to be extendable and flexible enough to modify an existing feature or add new functionality. To modularize their application, often organizations want to build a platform with a group of features and launch them as separate applications. This is only possible with reusable design.
To achieve solution extensibility, a solution architect needs to use a loosely coupled architecture wherever possible. At a high level, creating a RESTful-based or queue-based architecture can help develop loosely coupled communication between different modules or across applications. You will learn more about the other kinds of architecture in Chapter 6, Solution Architecture Design Patterns. In this section, we will take a simple example to explain the concept of architecture flexibility...
Usability and accessibility
You want your users to have a seamless experience when browsing through the application. It should be so smooth that even the users don't notice that they can find things without any difficulties. You can do this by making your application highly usable. User research and testing are an essential aspect when it comes to defining usability that can satisfy user experience.
Usability is how quickly the user can learn navigation logic when using your application for the first time. It's about how quickly they can bounce back if they make a mistake and are able to perform the task efficiently. Complex and feature-rich applications have no meaning if they can't be used effectively.
Often, when you are designing your application, you want to target a global audience or significant geographic region. Your user base should be diverse in terms of technical amenities and physical abilities. You want your application to be accessible to everyone, regardless...
Portability and interoperability
Interoperability is about the ability of one application to work with others through a standard format or protocol. Often, an application needs to communicate with the various upstream systems to consume data and downstream systems to supply data, so it is essential to establish that communication seamlessly.
For example, an e-commerce application needs to work with other applications in the supply chain management ecosystem. This includes enterprise resource planning applications to keep a record of all transactions, transportation life cycle management, shipping companies, order management, warehouse management, and labor management, and so on.
All applications should be able to exchange data seamlessly to achieve an end-to-end feature from customer order to delivery. You will encounter similar use cases everywhere, whether it is a healthcare application, manufacturing application, or telecom application.
A solution architect needs to consider application...
Operational excellence and maintainability
Operational excellence can be a great differentiator for your application by providing an on-par service to customers with minimal outage and high quality. It also helps the support and engineering team to increase productivity by applying proactive operational excellence. Maintainability goes hand in hand with operational excellence. Easily maintainable applications help reduce costs, avoid errors, and let you gain a competitive edge.
A solution architect needs to design for operation, which means the design should include how the workload will be deployed, updated, and operated in the long run. It is essential to plan for logging, monitoring, and alerting to capture all incident and take quick actions for the best user experience. Apply automation wherever possible, whether deploying infrastructures or changing the application code to avoid human error.
Including deployment methods and automation strategy in your design is very important as...
Security and compliance
Security is one of the most essential attributes of solution design. Many organizations fail due to security breaches, which results in a loss in customer trust and an unrecoverable business loss. Industry-standard regulations such as PCI for finance, HIPPA for health care, GDPR for the European Union, and SOC compliance enforce security to protect consumer data and provide standard guidance to the organization. Depending on your industry and region, you must comply with local legislation by adhering to compliance needs. Primarily, application security needs to be applied in the following aspects of solution design:
- Authentication and authorization
- Web security
- Network security
- Infrastructure security
- Data security
These can be seen in the following diagram:
Let's take a look at the different security aspects. You will dive deep into each component in Chapter 8, Security Considerations.
Authentication and authorization
Authentication means specifying who can access the system and authorization is applied to activities that a user can perform after getting inside the system or application. Solution architects must consider the appropriate authentication and authorization system while creating a solution design. Always start with the least privileged and provide further access as required by the user role.
If your application is for corporate internal use, you may want to allow access through a federated organizational system such as Active Directory, SAML 2.0, or LDAP. If your application is targeting mass user bases such as social media websites or gaming apps, you can allow them to authenticate through OAuth 2.0 and OpenID access, where users can utilize their other IDs such as Facebook, Google, Amazon, and Twitter.
It is important to identify any unauthorized access and take immediate action to mitigate security threats, which warrants continuously monitoring and auditing...
A web application is often exposed to the internet and is more vulnerable to external attacks. Solution design must consider preventing attacks such as cross-site scripting (XSS) and SQL injection. These days, the Distributed Denial of Service (DDoS) attack is causing trouble for organizations. To prevent this, the appropriate tools are required, and an incident response plan needs to be put in place.
Solution architects should plan to use a Web Application Firewall (WAF) to block malware and SQL injection attacks. WAF can be used to prevent traffic from a country where you don't have a user base or to block malicious IP addresses. WAF, in combination with a Content Distribution Network (CDN), can help to prevent and handle DDoS attacks.
Network security helps prevent overall IT resources inside an organization and application being open to external users. Solution design must plan to secure the network, which can help prevent unauthorized system access, host vulnerabilities, and port scanning.
Solution architects should plan for minimal system exposure by keeping everything behind a corporate firewall and avoiding internet access wherever possible. For example, the web server shouldn't be exposed to the internet instead; only the load balancer should be able to talk to the internet. For network security, plan to utilize an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) and put them in front of network traffic.
If you are maintaining your own data center, then the physical security of the infrastructure is very important if you wish to block physical access to your server on the part of any unauthorized user. However, if you are leasing the data center or using a private cloud, then this can be handled by a third-party vendor. Logical access to the server must be secured by network security, which is done by configuring the appropriate firewall.
This is one of the most critical components that need to be secured. After all, you are putting layers of security at the access, web, application, and network layers to secure your data. Data can be exchanged between two systems, so it need to be secure in transit, or it may be sitting in a database or some storage where data needs to be secure at rest.
Solution design needs to plan data-in-transit security with Secure Socket Layer/Transport Layer Security (SSL/TLS) and security certification. Data at rest should be secured using various encryption mechanisms, which may be symmetric or asymmetric. The design should also plan to secure the encryption key with the right key management approach, as per application requirements. Key management can be achieved using a hardware security module or services provided by cloud vendors.
While ensuring security, it is essential to have a mechanism to identify any security breach as soon as it occurs and respond to it. Adding automation...
Cost optimization and budget
Every solution is limited by budget and investors look for maximal ROI. The solution architect needs to consider cost-saving during architecture design. Cost should be optimized from pilot creation to solution implementation and launch. Cost optimization is a continuous effort and should be continuous process. Like any other constraint, cost-saving comes with a trade-off; it should make a point of determining whether other components such as the speed of delivery and performance are more critical.
Often, cost increases due to over-provision resources and overlooks the cost of procurement. The solution architect needs to plan optimal resources to avoid excessive underutilization. At the organization level, there should be an automated mechanism to detect ghost resources, which team members may create dev and test environments, and it may no longer be in use after completion of the implementation task. Often, those ghost resources go unnoticed and cause costs...
In this chapter, you learned about various solution architecture attributes that need to be considered while creating a solution design. You learned about two modes of scalability, vertical and horizontal, and how to scale various layers of the architecture, including the web layer, application servers, and databases.
You also learned how to apply elasticity in your workload using autoscaling so that it can grow and shrink on demand. This chapter provided insights into designing a resilient architecture and the methods to achieve high availability. Furthermore, this helped you understand fault tolerance and redundancy so that you can make your application performant, as per your user's expectations, and plan for disaster recovery for the continuation of your business in the case of any unforeseen events.
Then, you learned about the importance of making your architecture extendable and accessible and how architecture portability and interoperability help reduce costs and increase...