Advanced skills in system architecture design · Web architecture design

现在的一切都是为将来的梦想编织翅膀，让梦想在现实中展翅高飞。
Now everything is for the future of dream weaving wings, let the dream fly in reality.

Click to enter the series of articles directory

1. Introduction to Web Architecture

Web architecture has high performance, high availability, maintainability, adaptability, and security .

1.1 Web architecture involves technology

1.2 Separate a single server from the database and the Web server

1.3 Application server cluster

Application server cluster will cause the following problems :

• Who forwards the user's request to the specific application server.
• If users access different servers each time, how to maintain session consistency (load balancing and state issues).

So how to solve it? This can be solved using load balancing technology.

2. Load balancing

2.1 Introducing load balancing

2.2 Load balancing technology

2.3 Application layer load balancing

2.3.1 HTTP Redirect

HTTP redirection is request forwarding at the application layer . The user's request has actually reached the HTTP redirection load balancing server. The server requires the user to redirect based on the algorithm. After the user receives the redirection request, it requests the real cluster again.

Features: Simple to implement, but poor performance.

2.3.2 Reverse proxy server

When the user's request reaches the reverse proxy server (has reached the website computer room), the reverse proxy server forwards it to the specific server according to the algorithm. The commonly used apache and nginx can serve as reverse proxy servers.

Features: Simple to deploy, but the proxy server may become a performance bottleneck.

2.4 Transport layer load balancing

2.4.1 DNS domain name resolution load balancing

DNS domain name resolution load balancing means that when a user requests the DNS server to obtain the IP address corresponding to the domain name, the DNS server directly gives the load-balanced server IP.

Features: It is more efficient than HTTP redirection and reduces the cost of maintaining load balancing servers. However, if an application server fails, the DNS cannot be notified in time, and the control of DNS load balancing lies with the domain name service provider, so the website cannot make more improvements and more powerful management.

2.4.2 NAT-based load balancing

NAT-based load balancing maps an external IP address to multiple IP addresses and dynamically converts each connection request to an internal node address.

Features: The technology is relatively mature, usually at the gateway location, and can be implemented through hardware. Layer 4 switches generally use this technology.

2.5 Load Balancing-Static and Dynamic Algorithms

• Static algorithm (does not consider dynamic load)
  (1) Round-robin algorithm , which schedules service requests (tasks) to different nodes (ie: servers) in turn.
  (2) Weighted rotation algorithm takes into account the differences in processing capabilities of different nodes.
  (3) Source address hashing algorithm, based on the requested source IP address, used as a hash key to find the corresponding node from the statically allocated hash table.
  (4) Target address hashing algorithm, hashing the requested target IP to find the corresponding node.
  (5) Random algorithm, random allocation, simple, but uncontrollable.

• Dynamic algorithm (considering dynamic load)
  (1) Minimum number of connections algorithm , when each node has the same processing capacity, new requests are assigned to the node with the smallest number of current active requests.
  (2) Weighted minimum number of connections algorithm: considering the different processing capabilities of nodes, allocation is based on the minimum number of connections.
  (3) Weighted percentage algorithm: Taking into account the node utilization, hard disk speed, number of processes, etc., the utilization is used to express the remaining processing capacity.

• Hardware load balancing: F5

• Software load balancing: LVS, Nginx, HAprox

2.6 Session sharing mechanism

2.7 Stateful and stateless

• The processing of a single request by a stateless service does not depend on other requests. That is to say, all the information required to process a request is either included in the request or can be obtained from the outside (such as a database) . ), the server itself does not store any information.

• Stateful service (stateful service) , on the contrary, will save some data in itself, and successive requests are related.
  Determine whether the following components are stateful or stateless services:
  (1) ldentification Bean (identity authentication component) stateful
  (2) ResPublish Bean (resource publishing component) stateless
  (3) ResRetrieval Bean (resource retrieval component) stateless
  (4 ) onlineEdit Bean (online editing component) stateful
  (5) Statistics Bean (statistical analysis component) stateless

3. Persistence technology-ORM

ORM (Object Relational Mapping), the mapping between objects and relational data.

Mapping table

object-oriented	relational database
class	Database table (table)
object	record (record, row data)
Object attributes	field

Implementation technology comparison table

DimensionsHibernate	MyBatis
Contrast powerful, complex, indirect, SQL-independent (HQL statements)	Small, simple, direct, SQL related
Good portability (does not care about the specific database)	Poor (written according to database SQL)
Complex multi-table association	not support

4. Database technology

• Characteristics of master-slave database structure:
  1. General: one master and multiple slaves, or multiple masters and multiple slaves.
  2. The master library performs write operations and the slave library performs read operations.
• Master-slave replication steps:
  1. Before the master database (Master) completes updating data, write the operation to the binlog log file.
  2. The slave library (Salve) opens the I/O thread to connect to the main library, performs binlog dump process, and writes events to the relay log.
  3. The slave library executes relay log events and remains consistent with the master library.
  
  For a detailed explanation of database technology, please see →Click Database Design

5. Caching technology

5.1 Use caching to relieve database pressure

Common caching technologies:

• MemCache: Memcache is a high-performance distributed memory object caching system used in dynamic web applications to reduce database load. Memcache maintains a unified huge hash table in memory, which can be used to store data in various formats, including images, videos, files, and database retrieval results.

• Redis: Redis is an open source log-type, Key-Value database written in ANSIC language, supports network, can be memory-based and persistent, and provides APIs in multiple languages.

• Squid: Squid is a high-performance proxy caching server. Squid supports FTP, gopher, HTTPS and HTTP protocols.

Collaboration between cache and database:

• Data reading
  1. Read from the cache according to the key
  2. If it is not in the cache, search in the database according to the key
  3. After reading the "value", update the cache
• Data writing
  1. Write to the database according to the key value
  2. Update the cache according to the key

5.2 Comparison of Redis and Memcache capabilities

5.3 In-memory database - a common way of slicing Redis clusters

5.4 In-memory database - Redis distributed storage solution

5.5 Redis data sharding solution

5.6 Redis data types

5.7 Two methods of Redis persistence

There are two main ways of persistence in Redis: RDB and AOF.

• RDB: The idea of ​​snapshots in traditional databases. Snapshot the data at specified intervals.
• AOF: The idea of ​​logs in traditional databases is to append each command that changes the data set to the end of the AOF file. If something goes wrong, you can re-execute the command in the AOF file to rebuild the data set.
  

5.8 Redis elimination mechanism

5.9 Redis FAQ

5.9.1 Cache avalanche

Solution:
1. Use locks or queues: Ensure that there will not be a large number of threads reading and writing the database at one time, thereby avoiding a large number of concurrent requests from falling
on the underlying storage system in the event of failure.
2. Set different cache expiration times for keys: based on a fixed cache time + a random time as the cache expiration time.
3. Second level cache: Set up a time-limited cache + an unlimited time-limited cache. Avoid large-scale database access.

5.9.2 Cache penetration

Query returns no data -> directly query the database

Solution:
1. If the query result is empty, directly set a default value and store it in the cache
, so that it will have valuethe second time it is retrieved from the cacheSet an expiration time of no more than 5 minutes so that the cache can be updated normally.
2. Set up a Bloom filter to hash all possible data into a large enough bitmap.
Data that definitely does not exist will be intercepted by this bitmap, thereby avoiding query pressure on the underlying storage system.

5.9.3 Cache warm-up

After the system goes online, the relevant cached data will be directly added to the cache system.

Solution:
1. Suppose you directly write a cache refresh page and do it manually when going online.
2. When the amount of data is not large, it can be loaded automatically when the project is started.
3. Refresh the cache when setting.

5.9.4 Cache updates

In addition to the cache invalidation strategy that comes with the Redis system, the following two are commonly used:
1. Clean expired caches regularly.
2. When a user makes a request, it will be judged whether the cache used by the request has expired. If it has expired, go to the underlying system to obtain new data and update the cache.

5.9.5 Cache downgrade

The purpose of downgrading is to ensure that core services are available , even if they are damaged, and some services cannot be downgraded (such as e-commerce shopping processes, etc.);
before downgrading, the system must be sorted out to sort out what must be protected and what Can be downgraded.

5. Concurrent offload-CDN

The full name of CDN is Content Delivery Network , which is content distribution network. The basic idea is to avoid as much as possible the bottlenecks and links on the Internet that may affect the speed and stability of data transmission, so that content can be transmitted faster and more stably.

CND Content Distribution Network

6. Data encoding

6.1 XML

Extensible Markup Language (XML) is a markup language used to mark electronic documents to make them structural. It can be used to mark data and define data types. It is a source language that allows users to define their own markup language. .

• Advantages:
  (1) The format is unified and conforms to standards.
  (2) It is easy to interact remotely with other systems, and data sharing is more convenient.

• Disadvantages:
  (1) XML files are huge, the file format is complex, and the transmission consumes bandwidth.
  (2) Both the server side and client side need to spend a lot of code to parse XML, causing the server side and client side code to become extremely complex and difficult to maintain.
  (3) The ways of parsing XML between different browsers on the client side are inconsistent, and a lot of code needs to be written repeatedly.
  (4) The server and client spend more resources and time parsing XML.

6.2 JSON

JSON (JavaScript Object Notation) is a lightweight data exchange format that is easy to read and easy to write quickly. Data exchange between different platforms is possible.

• Advantages:
  (1) The data format is relatively simple, easy to read and write, the formats are compressed, and takes up little bandwidth.
  (2) Easy to parse, client-side JavaScript can simply read JSON data through eval().
  (3) Supports multiple languages, including ActionScript, C, C#, ColdFusion, Java, JavaScript, Perl, PHP, Python, Ruby and other server-side languages ​​to facilitate server-side parsing.
  (4) Because the JSON format can be directly used by server-side code, it greatly simplifies the code development of server-side and client-side, and the task remains unchanged and is easy to maintain.

• Disadvantages:
  (1) XML is more versatile in some areas.

7. Web application server

Web application servers can be understood as having two meanings:

(1) The WEB server has a relatively single function, which is to return the Request request sent by the browser to the Html page.
(2) Application server, processing business logic.

• Apache : Web server, with a market share of about 60%. It can run on almost all Unix, Windows, and Linux system platforms.

• IIS , an early Web server, is still used on small-scale sites.

• Tomcat is an open source, Java-based web application container that runs Servlet and JSP web applications.

• JBOSS , JBOSS is an open source application server based on J2EE. Generally used in conjunction with Tomcat or Jetty.

• WebSphere , a fully functional, open Web application server, is a Java-based application environment for building, deploying, and managing Internet and Intranet Web applications.

• WebLogic , BEA WebLogic Server is a multi-functional, standards-based web application server that provides a solid foundation for enterprises to build their own applications.

• Jetty , Jetty is an open source servlet container that provides a running environment for Java-based web content, such as JSP and servlets.

8. REST

REST (Representational State Transfer) is a technology that usually uses HTTP and XML for Web-based communication, which can reduce the complexity of development and improve the scalability of the system.

5 principles of REST:

(1) Everything on the network is abstracted into resources.
(2) Each resource corresponds to a unique resource identifier.
(3) Operate resources through common connector interfaces.
(4) Various operations on resources will not change the resource identification.
(5) All operations are stateless.

9. Responsive Web Design

Responsive Web design is a kind of web page design layout . Its concept is to centrally create the image layout size of the page, and can intelligently carry out corresponding layout according to user behavior and the device environment used. For example, it can meet all the requirements for mobile phones, tablets, PCs and other devices.

Methods and Strategies:

(1) Adopt fluid layout and flexible design: use relative units and set the size of page elements by setting percentages instead of specific values.
(2) Responsive images: Not only must the image be scaled year-on-year, but the resolution of the image itself must also be reduced on small devices.

10. Middle stage

The middle office is a set of enterprise structures that combine Internet technology and industry characteristics to precipitate the core capabilities of enterprises in the form of shared services to form an organizational and business mechanism of "large middle office and small front office" for enterprises to carry out business innovation quickly and at low cost. The middle platform can be further subdivided, such as business middle platform, data middle platform, and XX middle platform. In essence, they are the accumulation of enterprise general capabilities at different levels and open to external capabilities.

Supercell, a practitioner of middle platform
, is a Finnish mobile game giant. In 2015, it occupied 5 of the top 10 games in the world and only had more than 200 employees. Because it used middle platform and had the ability to develop quickly with a small team, it was later acquired by Tencent for US$8.6 billion.

Alibaba visited Supercell in 2015 and then promoted Zhongtai.

• Business center : Provides reusable services, such as out-of-the-box reusable capabilities such as student center and course center.

• Data middle platform : Provides data integration and analysis capabilities to help enterprises learn and improve from data and adjust direction.

• Technology middle platform : Provides technology reuse component capabilities to help solve the reuse of basic technology platforms. For example, middleware, distributed storage, AI, load balancing and other infrastructure.

Business middle platform vs. data middle platform

(1) Multiple e-commerce channels use one ordering service, and one order interface provides services for multiple front-end systems at the same time.
(2) Multiple front-end systems obtain the corresponding portrait and user tags based on a user's mobile phone number.
(3) Abstract multiple payment channels into a payment API and expose it to the front-end business system.
(4) Get a list of possible product recommendations through an order number to achieve cross-selling.

Four core competencies necessary for a data center:

(1) Data aggregation and integration capabilities
(2) Data purification and processing capabilities
(3) Data service visualization
(4) Value realization

11. Cloud Computing

Cloud computing is a distributed processing architecture that integrates a large number of computing devices and resources and shields users from underlying differences. Its users are separated from the computing resources that provide actual services.

Advantages: ultra-large scale, virtualization, high reliability, high scalability, on-demand services, low cost [low initial investment, low comprehensive use cost].

• Classification according to service type:
  (1) Saas (Software as a Service) , based on multi-tenant technology, directly provides applications.
  (2) Paas (Platform as a Service) , virtual middleware server, operating environment and operating system.
  (3) laas (infrastructure as a service) , including servers, storage and network services.

• Classified according to deployment methods:
  (1) Public cloud , oriented to the needs of Internet users, provides cloud computing services through open networks.
  (2) Private cloud , which provides cloud computing services within enterprises.
  (3) Hybrid cloud , a cloud computing service that takes into account the above two situations. Public cloud and private cloud interact with data and applications through the network.

The architecture diagram is as follows:

(1) Management layer , which provides management functions for all levels of cloud computing services.
(2) User access layer , which facilitates users to use various supporting services required by cloud computing services. Corresponding access interfaces need to be provided for each level of cloud computing services.
(3) The application layer provides software services, such as financial management, customer relationship management, and business intelligence.
(3) The platform layer provides users with the encapsulation of resource layer services so that users can build their own applications.
(4) The resource layer provides virtualized resources to hide the complexity of physical resources. Such as: server, storage.

12. Edge computing

Edge computing refers to an open platform that integrates network, computing, storage, and application core capabilities on the side close to the source of things or data to provide the nearest end services. Its essence is the localization of computing processing functions.

13. Web system layering

14. Internet of Things Architecture

(1) Application layer , application service intelligent terminal.

(2) Platform layer , the operating system software development equipment management platform is connected to the management platform.

(3) Network layer , access network core network business network proprietary network communication standards/protocols.

(3) Perception layer , sensor chip communication module perception intelligent equipment/device.

15. Big data architecture

15. Industrial equipment detection system design-SSM framework

Spring is a lightweight enterprise-level application development framework. Version 1.0 was released by Rod Johnson in 2004. After years of update and iteration, it has gradually become the first framework in the Java open source world. The Spring framework is known as the one-stop for Java EE applications. It is a solution that can be seamlessly integrated with various excellent MVC frameworks such as Spring MVC, Struts 2, JSF, etc., and can also be seamlessly connected with various ORM frameworks such as Hibernate, My Batis, JPA, etc. Various other technologies can also be The existence of Spring makes it easy to integrate into project development, such as Redis integration, Log4J integration, etc. Spring MVC is a full-featured MVC module in the Spring framework system. Spring MVC is a request-driven lightweight Web framework based on the Java language that implements the MVC design pattern. The purpose is to modularize Web development and simplify code. It provides the Dispatcher Servlet front-end controller to dispatch requests, and also provides flexible configuration handler mapping, view parsing, and supports file upload. It is currently the leader among many MVC frameworks. The predecessor of MyBatis is iBatis, an open source project of the Apache community. It was renamed MyBatis in 2010. My Bat is an excellent persistence layer framework that supports customized SQL, stored procedures and advanced mapping. It avoids almost all JDBC code and manual setting of parameters and obtaining result sets, allowing developers to pay more attention to the SQL itself and business logic. No need to Spend time focusing on the entire complex JDBC operation process.

Quality attributes considered in the design architecture:
1. Performance
Performance refers to the responsiveness of the system, that is, how long it takes to respond to an event, or the number of events that the system can handle within a certain period of time. number.
2. Reliability
Reliability is the basic ability of a software system to maintain the functional characteristics of the software system in the face of application or system errors and accidental or incorrect use.
3. Availability
Availability is the proportion of time that the system can run normally. Often expressed in terms of the length of time between failures or how quickly a system can return to normal in the event of a failure.
4. Security
Security (security) refers to the system's ability to prevent unauthorized users' attempts to use or deny service while providing services to legitimate users. Security can be divided into characteristics such as confidentiality, integrity, non-repudiation and controllability.
5. Modifiability Modifiability
(modifiability) refers to the ability to quickly make changes to the system with a high performance-price ratio. Modifiability is usually measured based on some specific changes and by examining the costs of these changes.
6. Ease of use
Software development tools should have a very friendly user interface that users are happy to use; tools should be able to be tailored and customized to meet the needs of specific users; tools should be able to prompt users for interactive operations and provide simple and effective execution methods; Tools should also be able to check for user operational errors and correct them automatically whenever possible.

This industrial equipment detection system plans to use a unified data access mechanism in the field of industrial control to realize data interaction with various different devices. Explain the reasons for using a standard data access mechanism?

The industrial equipment detection system needs to interact with different devices for data, and uses a standard data access mechanism to establish a complete set of rules between hardware suppliers and software developers. As long as this set of rules is followed, data interaction is transparent to both parties. The hardware supplier only needs to consider the multiple requirements and transmission protocols of the application, and the software developer does not need to understand the essence and operation process of the hardware to realize the control of the device. Unified management of data collection.

16. Design of logistics vehicle management system

A company plans to develop a logistics vehicle management system that can support real-time location monitoring of each vehicle, vehicle historical trajectory management, violation record management, vehicle
fixed asset need. Its non-functional requirements are as follows:
(1) The system should support concurrent requests from more than 50 terminal devices;
(2) The system should be able to recognize license plates in real time, and the recognition time should be less than 1 second;
(3) The system should work 24/7;
(4) Has a friendly user interface;
(5) Can resist common SQL injection attacks;
(6) Independent transaction operation response time should be less than 3 seconds;
(7) The system should recover within 1 hour in case of failure;
(8) New user learning Use the system for less than 1 hour.
Faced with system requirements, the company held a project team discussion meeting to formulate a system design plan, and finally decided to implement the logistics vehicle management system based on distributed architecture design, and applied Kafka, Redis data caching and other technologies to implement the logistics vehicle's own data and business data. Fast and efficient processing.

An analysis of the system's architectural design plan shows that the logistics vehicle management system should be designed based on a hierarchical architectural style. The figure from bottom to top is the data storage layer, distributed communication processing layer, logical processing layer and presentation layer. Then, relevant technologies are selected to support the tasks required by each layer.

Logistics vehicle management system design architecture diagram, as shown in the figure:

There are six software quality attributes: usability, modifiability, performance, security, testability, and ease of use.
Availability focuses on the possibility of a system failure and its ability to recover from failures;
performance focuses on the system's response time to events;
security focuses on the system's ability to protect legitimate users from using the system normally and prevent illegal users from attacking the system;
Testability focuses on the system's ability to detect errors;
usability focuses on how easy it is for users to complete a desired task and the type of user support provided by the system.

The logistics vehicle management system needs to resist common SQL injection attacks. What are SQL injection attacks? And list the ways to resist SQL injection attacks.

SQL injection attacks are one of the common means used by hackers to attack databases. With the development of B/S mode application development, more and more programmers use this mode to write application programs. However, due to the uneven level and experience of programmers, a considerable number of programmers do not judge the legality of user input data when writing code, causing security risks in applications. The user can submit a database query code and obtain some data he wants to know based on the results returned by the program. This is the so-called SQL Injection, that is, SQL injection. SQL injection attacks are one of the means of database security attacks. Effective protection can be achieved through database security protection technologies. Database security protection technologies include: database leak scanning, database encryption, database firewall, data desensitization, and database security audit system. In order to resist SQL injection attacks, you can use the following methods: use regular expressions, use parameterized filtering statements, check the legality of user input, encrypt user-related data, store procedures to execute all queries, and use professional vulnerability scanning Tools etc.

SQL injection attacks are performed by inserting SQL commands into Web form submissions or entering query strings for domain names or page requests, ultimately tricking the server into executing malicious SQL commands.
SQL injection attacks can be defended against in the following ways:
· Use regular expressions;
· Use parameterized filtering statements;
· Check the validity of user input;
· Encrypt user-related data;
· Stored procedures to execute all queries;
· Use Professional vulnerability scanning tool.

17. Bank information system design

A bank plans to fully integrate the bank information system with branches as the main body into a bank information system managed and maintained by the head office to achieve unified user account management, transfers and remittances, self-service payment, financial investment, loan management, online payment, and financial statements. Analysis and other business functions. However, because in the original bank information system with branches as the main body, multiple business systems use heterogeneous platforms, databases and middleware, and the message exchange standards and communication protocols used are also different, it is impossible to use traditional EAI solutions. Flexible interaction and integration between heterogeneous systems under new business models cannot be realized. Therefore, in order to integrate existing banking business systems based on different technologies with minimal system improvements, the bank plans to adopt an ESB-based service-oriented architecture (SO A) integration solution to achieve business integration.

What is service-oriented architecture (SOA) and the role and characteristics of ESB in SO A?

Defined from an application perspective, SOA can be considered an application framework that focuses on daily business applications and divides them into separate business functions and processes, which are so-called services. SOA enables users to build, deploy and integrate these services without relying on applications and their running platforms, thereby improving the flexibility of business processes. This business agility enables businesses to grow faster, lower total cost of ownership, and improve access to timely, accurate information. SOA helps achieve more asset reuse, easier management, and faster development and deployment.

From the definition of the basic principles of software, it can be considered that SOA is a component model that connects different functional units of an application (called services) through well-defined interfaces and contracts between these services. The interface is defined in a neutral way and should be independent of the hardware platform, operating system and programming language on which the service is implemented. This allows services built into a variety of such systems to interact in a unified and common way.

SOA is a component model that connects different functional units of an application (called services) through well-defined interfaces and contracts between these services. The interface is neutral in gas and programming languages. This enables the services built in various such systems to have a unified and functional role, connect and integrate various services; have the ability to switch, and support some modes summarized from practice, such as synchronous mode, asynchronous mode decoupling Service requesters and service providers. More advanced capabilities include defining secure support methods, which should interact in a common way independent of the hardware platform and operating system that implements the service.

ESB functions and characteristics:
1. An implementation method of SOA. ESB functions as a bus in service-oriented architecture.
2. Metadata describing services and service registration management;
3. Transfer between service requesters and providers. Data, and transformation of these data;
4. The ability to discover, route, match and select to support dynamic interaction between services, service quality assurance, manageability and load balancing, etc.

The actual needs of bank information systems can be seen. In the process of information integration, banks use enterprise service platforms to build an integration platform for the entire bank's application systems. Vertically, it connects various systems of the head office and branches; horizontally, it connects various business application systems and business systems. The enterprise service platform adopts a hierarchical deployment method and consists of two parts: one is the enterprise service platform deployed among the head office systems; the other is the enterprise service platform deployed among the branch systems. The two enterprise service platforms are interconnected and form an overall framework for enterprise application integration. In the SO A architecture model of the bank information system, connection and integration through ESB can well support various business processes. In operational customer relationship management, customer information is scattered in various business subsystems and cannot be shared. After integration through an ESB-based architecture, all-round customer management can be achieved. The account manager can check the basic information of the target customer, product account information, address contact information, event information, resource information, relationship information, risk information, statistical analysis information, etc. at one time through the integrated customer relationship management system. This is truly Achieved a customer-centric transformation process and got rid of the previous account-centric partial model.

Based on the actual needs of the information system integration, the project team completed the bank information system architecture design plan based on SOA. The system architecture diagram is as follows:

In view of the data interaction security requirements of bank information systems, list the measures that can achieve information system security?
In the SOA environment, security issues that need to be solved include:
(1) Confidentiality: Confidentiality, also known as confidentiality, refers to illegal unauthorized users accessing data, resulting in the leakage of data confidentiality.
ConfidentialityThe requirements are different and data encryption can be relied upon to ensure data confidentiality.
(2) Integrity: refers to the correctness, consistency and compatibility of data. Guaranteeing data integrity can be achieved through digital signatures.
(3) Auditability: Auditing is a post-monitoring measure that tracks system access activities, discovers illegal access, and achieves the purpose of security prevention. Different
systems may require different levels of auditing.
(4) Authentication management: It actually refers to the fact that the service requester and the service provider authenticate each other's identities when calling services, preventing unauthorized and illegal
entities from obtaining services, which is the first security barrier for system security.
(5) Authorization management: The purpose of authorization management is to prevent unauthorized use of Web services.
(6) Identity management: In the SO A architecture, identity management is similar to that in traditional systems. The identity of both the service requester and the service provider is crucial to both, otherwise there will be illegal users passing messages between the service requester and the service provider, which will easily lead to data leakage and tampering. .

List the measures that can ensure the security of information systems:
1. Introduce https protocol or use encryption technology to encrypt data before transmitting it
2. Use information summary technology to verify the integrity of important information
3. Firewall system
4. Security detection
5. Network scanning

18. Design of new commodity trading platform

Due to the good development of an e-commerce company, the number of customers has gradually increased, and the company's business has continued to expand. As a result, its original B2C commodity trading platform can no longer meet existing business needs. Therefore, the company commissioned a software company to re-develop a commodity trading platform. The company requires that the new platform should be able to adapt to customers' access to the system from different terminal devices such as mobile phones, tablets, computers, etc., and at the same time meet the high concurrent access requirements of the system where e-commerce companies regularly carry out activities such as "flash sales" and "limited time promotions". Faced with system requirements, the software company held a project team discussion meeting to formulate a system design plan. At the discussion meeting, Wang Gong proposed that responsive web design can be applied to meet customers' needs for correct access to the system from different devices. At the same time, methods such as adding mirror sites and CDN content distribution are used to solve the problems caused by high concurrent visits. Li Gong added to Wang Gong's proposal that relying solely on the above-mentioned external network acceleration technology cannot completely solve the problem of high user concurrent access. If the number of visits continues to increase, the system may still crash. Li Gong proposed that the system architecture should be designed simultaneously with methods such as load balancing, cache servers, Web application servers, distributed file systems, and distributed databases. After discussion by the project team, it was finally decided to integrate the ideas of Gong Wang and Gong Li to complete the architectural design of the new system.

What is "responsive web design" and what are the implementation methods of responsive web design?

Responsive web design means that the pages we design and develop can respond accordingly based on user behavior (such as changing the browser window size) and different device environments (such as system platform, screen resolution, horizontal and vertical screens, etc.) Adjust the layout of the page to provide users with a perceptible and smooth reading and operation experience. Responsive design generally follows the principle of "design first, content first, mobile first". That is to say, if a page wants to respond to PC and mobile terminals, including some user behaviors, etc., then the designer needs to design at least two sets of design drawings for the page (one for the PC and one for the mobile terminal), and the interaction designer also needs to design It is necessary to first carry out interaction design based on the terminal and display the most important content in the requirements on the small mobile screen, and then the front-end engineer will design and develop a responsive framework accordingly.

Responsive web design means that the pages we design and develop can adjust the layout of the page in response to the user's behavior and different device environments to provide users with a perceivable and smooth reading and operating experience.
Implementation method:
(1) Streaming layout
(2) Flexible layout (such as flexible pictures)
(3) Media query

Based on the suggestions of Wang Gong and Li Gong, the project team completed the system architecture design of the new commodity trading platform. The new system architecture diagram is as follows:

According to Li Gong's proposal, the new B2C commodity trading platform introduced a master-slave replication mechanism. Based on the characteristics of the B2C commodity trading platform, please briefly describe the benefits of introducing this mechanism?

1. Improve performance.
The trading platform requires high concurrency. The master-slave replication method is one master and multiple slaves. Different user requests can read data from different slave databases to improve concurrency.
2. Better scalability
If a single database server is used, when the number of visits continues to increase, the database bottleneck will be exposed and the problem cannot be solved quickly. The master-slave structure can quickly increase the number of slave servers to meet demand.
3. Improve availability.
With one master and multiple slaves, the failure of one slave server will not affect the normal operation of the entire system.
4. Equivalent to load balancing:
One master and multiple slaves share tasks, which is equivalent to load balancing.
5. Improve data security.
The data in the system is stored in multiple copies redundantly, and data will not be lost due to hardware failure of a certain machine.

Click to return to the main directory