2. 2
Scalability is the property of a system to
handle a growing amount of work by adding
resources to the system
Classification level: for internal use only
3. Availability
3Classification level: for internal use only
The system should be available for use as much as possible
Uptime percentage has the most immediate effect on user experience
It doesn’t matter how useful a system is if no one can access it
4. Performance
4Classification level: for internal use only
The system must maintain a high level of performance even under heavy loads
Speed is critical to providing a good user experience
5. Reliability
5Classification level: for internal use only
The system must accurately store, retrieve, and edit data under stress
Unlike availability and performance, reliability builds positive user experiences in the
long run rather than just in the moment
6. Vertical Scaling
6Classification level: for internal use only
Up/Down scaling
Adding resources to (or removing resources from) a single node
For example adding more memory or more CPUs
7. Vertical Scaling
7Classification level: for internal use only
PRO
Easy to implement in any architecture
Low license cost
Low maintainance cost
CONTRA
High scaling cost
Limited upgradeability
High failure risk
8. Horizontal Scaling
8Classification level: for internal use only
Out/In Scaling
Adding more nodes to (or removing nodes from) a system
For example adding more servers
9. Horizontal Scaling
9Classification level: for internal use only
PRO
Low scaling cost
Unlimited upgradeability
Increases fault tolerance
CONTRA
Requires apropriate architecture
High license cost
High maintainance cost
10. 10
Architecture is the complex or carefully
designed structure of the required system
Classification level: for internal use only
11. Components
11Classification level: for internal use only
Infrastructure
Hosting
Monitoring
Operation
Data storage
Webserver
Software Design and Implementation
12. 12
The goal of architecture is to
minimize the human resource required
to build and maintain the required system
Classification level: for internal use only
13. Services
14Classification level: for internal use only
decouple functionality and think about each part of the system as its own service
each service has its own distinct functional context
complementary services decouples the operation of those pieces from one another
establish clear relationships between the service, environment and consumer
14. Redundancy
15Classification level: for internal use only
handle failure gracefully using redundancy
ensuring that multiple copies are running simultaneously can secure against the
failure
remove single points of failure
service redundancy is creating a shared-nothing architecture
each node is able to operate independently of one another
new nodes can be added without special conditions or knowledge
15. Caching
16Classification level: for internal use only
locality of reference principle: recently requested data is likely to be requested again
typically faster than the original data source
A global cache where all the nodes use the same single cache space
A distributed cache where each of its nodes own part of the cached data
16. Load Balancing
17Classification level: for internal use only
allows multiple nodes to transparently service the same function in a system
handle a lot of simultaneous connections and route those connections to one of the
nodes
allowing the system to scale by adding nodes
17. Queues
18Classification level: for internal use only
effective management of writes
achieving performance and availability requires building asynchrony into the system
20. People
21Classification level: for internal use only
Users must understand and comply with basic data security principles
like choosing strong passwords
being wary of attachments in email
backing up data
21. Processes
22Classification level: for internal use only
Organizations must have a framework for how they deal with both attempted and
successful cyber attacks
A framework explains how to identify attacks, protect systems, detect and respond to
threats, and recover from successful attacks
https://www.nist.gov/cyberframework
22. Technology
23Classification level: for internal use only
Providing security tools needed to protect from cyber attacks
Three main entities must be protected
endpoint devices like computers, smart devices, and routers;
networks;
and the cloud
23. Informationsecurity
Classification level: for internal use only
Protection of confidentiality, integrity and availability of computer system data
Data security
Data safety
Data privacy
24. Application security
25Classification level: for internal use only
software vulnerabilities in applications and application programming interfaces
(APIs)
authentication or authorization
integrity of code and configurations
mature policies and procedures
25. Cloud security
26Classification level: for internal use only
building and hosting secure applications in cloud environments
securely consuming third-party cloud applications
“Cloud” simply means that the application is running in a shared environment
28. Incident response
29Classification level: for internal use only
monitors and investigates potentially malicious behavior
incident response plan for containing the threat and restoring the status quo
preserve evidence for forensic analysis and potential prosecution
29. Vulnerability management
30Classification level: for internal use only
scanning an environment for weak points and prioritizing remediation based on risk
finding a vulnerability in advance can save you the catastrophic costs of a breach
30. Any Questions ? Björn Wendland
31Classification level: for internal use only