System or infrastructure must have
- Fault tolerance
- No single point of failure
- More than one or two security layers
- Auto-failover without requiring human intervention
- Heartbeat monitoring on all running components
- Infrastructure as code
It is the property that enables a system to continue operating properly in the event of the failure of (or one or more faults within) some of its components. If its operating quality decreases at all, the decrease is proportional to the severity of the failure, as compared to a naively designed system in which even a small failure can cause total breakdown. Fault tolerance is particularly sought after in high-availability or life-critical systems.
- Distributed read/write to MySQL replication cluster
- CDN system like Cloudfront/Cloudflare
- Micro-services, seperated databases for some big components
Single point of failure
A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. SPOFs are undesirable in any system with a goal of high availability or reliability, be it a business practice, software application, or other industrial system.
- MySQL multi-master - galera cluster
- AWS RDS multi-AZ feature
- Elasticsearch master nodes
- Redis sentinel
Defense in depth
Defense in depth (also known as Castle Approach) is an information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical for the duration of the system’s life cycle.
- Cloudflare Anti DDOS layer
- IPtable / AWS secgroup
- Snort / Ossec
A method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails. In computing, failover is switching to a redundant or standby computer server, system, hardware component or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network. Failover and switchover are essentially the same operation, except that failover is automatic and usually operates without warning, while switchover requires human intervention.
- HAproxy / AWS ALB & ELB
- Auto promote on MySQL replication
In computer science, a heartbeat is a periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a computer system. Usually a heartbeat is sent between machines at a regular interval in the order of seconds. If the endpoint does not receive a heartbeat for a time —usually a few heartbeat intervals—, the machine that should have sent the heartbeat is assumed to have failed.
- Uptime tools (Monit, Newrelic synthetics, AWS LB healh-check)
- Percona pt-heartbeat
Infrastructure as code
All configuration is defined in executable configuration definition files, such as shell scripts, Ansible playbooks, Chef recipes, or Puppet manifests …
- Infra & network layer: Terraform, Cloudformation
- Application layer: Ansible playbook, Puppet, Chef, Salt stack