Brian Adler, Solutions Consultant at RightScale, led this session at the RightScale User Conference 2010 in Santa Clara. Session Abstract: RightScale has extensive experience building scalable websites from the ground up. More importantly, we have invaluable experience rescuing companies who have come to us after their self-built websites failed to scale when hit with unexpected traffic levels. In this session, we'll review reference architectures and share best practices from proven, scalable websites deployed in the cloud. Additionally, we'll cover alternate methods for load balancing along with techniques to improve your web application's availability and reliability.

1. Scalable Web ApplicationsReference Architectures and Best Practices Brian Adler, PS Architect

2. Scalable Web Application

3. Scalable Web Application What? An application built on an architecture that can adapt to changing conditions

4. Scalable Web Application What? An application layered on an architecture that can adapt to changing conditions Why? Traffic and load patterns are unpredictable Viral or flash-mob events can result in very dynamic conditions Availability and Reliability Application must be distributed to increase likelihood of end-user accessibility Overprovision Under-utilized resources == wasted $$$ Underprovision Missed opportunities – users unable to access your site/product Don’t be a victim of your own success

5. This bed is too big. This bed is too small…

6. Cloud Resource Model Dynamically provision the resources you need to meet the current demand Demand goes up, resources are added Demand goes down, resources are removed In true “utility computing” fashion, only pay for what you use, when you use it

7. But this bed is just right

8. Scalable Web Application When? No time like the present

9. Scalable Web Application When? No time like the present How? Stay tuned…

10. Reference Architecture

11. Load Balancing Tier

12. Load Balancing ELB or not ELB. That is the question. No SSL termination on the ELB (*) Can load balance at the TCP level, but that eliminates sticky sessions for secure connections (*) (*) No longer the case as of mid-October 2010 Can scale to handle large amounts of traffic, but slow to ramp-up Only need one (RightScale has a technical white paper on load balancing solutions that can be provided if desired)

13. Load Balancing ELB or not ELB. That is the question. No SSL termination on the ELB (*) Can load balance at the TCP level, but that eliminates sticky sessions for secure connections (*) (*) No longer the case as of mid-October 2010 Can scale to handle large amounts of traffic, but slow to ramp-up Only need one (RightScale has a technical white paper on load balancing solutions that can be provided if desired) HAProxy + Apache Can handle SSL termination on the load balancer Allows for sticky sessions with secure connections Each instance can handle a specific amount of traffic with no ramp-up time Each instance can only handle a specific amount of traffic Addition of load balancers is possible, but requires DNS modifications

14. Load Balancing Load Balancer + Application server Possible, and good for test and dev Not a best practice for a production environment Traffic spikes can cause instance to perform both load balancing and application functions…poorly

15. Load Balancing Load Balancer + Application server Possible, and good for test and dev Not a best practice for a production environment Traffic spikes can cause instance to perform both load balancing and application functions…poorly Recommendation: Minimum of two load balancers Each load balancer should be in a different availability zone (AZ) to increase reliability and availability RightScale testing has shown that m1.large is a good choice for load balancers Due to 100K-120K packet-per-second limit, larger instances do not provide much gain in throughput Roughly 5K responses/second can be handled by m1.large With the 5K threshold in mind, select the number of load balancers required to handle your peak traffic

16. Application Server Tier Puts the “scalable” in a scalable application True autoscaling a must in any dynamic/unpredictable environment

17. Application Server Tier Autoscaling Fully automated server launch based on autoscaling triggers No manual intervention (can be challenging in certain environments, i.e. Windows) Download and install application code from common repository to ensure identical configuration of all servers in the tier

18. Application Server Tier Autoscaling Fully automated server launch based on autoscaling triggers No manual intervention (can be challenging in certain environments, i.e. Windows) Download and install application code from common repository to ensure identical configuration of all servers in the tier Triggers Common CPU idle Free memory System load Custom Web server connections Application-specific metrics

19. Application Server Tier When to scale? Conservatively. Both up and down

20. Application Server Tier When to scale? Conservatively. Both up and down Up Allow adequate lead time for new servers to become operational Before system is negatively impacted Look for trends in activity and react early Worst that can happen: Charged for an extra instance hour

21. Application Server Tier When to scale? Conservatively. Both up and down Up Allow adequate lead time for new servers to become operational Before system is negatively impacted Look for trends in activity and react early Worst that can happen: Charged for an extra instance hour Down When system has been underutilized for a consistent, consecutive period of time Scale down fewer servers than in a scale-up event Again, only downside is an extra hour of instance charge Better safe than sorry

22. Application Server Tier Array considerations

23. Application Server Tier Array considerations Weight the array across all availability zones (not regions) Increases reliability of application NOTE: Traffic within an AZ on private IPs is free. Traffic between AZs incurs a per-gigabyte charge Traffic between regions is charged at public Internet rates

24. Application Server Tier Array considerations Weight the array across all availability zones (not regions) Increases reliability of application NOTE: Traffic within an AZ on private IPs is free. Traffic between AZs incurs a per-gigabyte charge Traffic between regions is charged at public Internet rates Set minimums and maximums appropriately Minimum can assist in cost savings in times of low usage Maximum can limit overall cost exposure

25. Application Server Tier Array considerations Weight the array across all availability zones (not regions) Increases reliability of application NOTE: Traffic within an AZ on private IPs is free. Traffic between AZs incurs a per-gigabyte charge Traffic between regions is charged at public Internet rates Set minimums and maximums appropriately Minimum can assist in cost savings in times of low usage Maximum can limit overall cost exposure Instance size m1.large is typically a good choice for array-based servers in a production environment m1.smalls (and even micro instances) can be used in test and development environments Every application is different, so run load tests and benchmarks to find the optimal solution for your environment

26. Application Server Tier Array considerations Weight the array across all availability zones (not regions) Increases reliability of application NOTE: Traffic within an AZ on private IPs is free. Traffic between AZs incurs a per-gigabyte charge Traffic between regions is charged at public Internet rates Set minimums and maximums appropriately Minimum can assist in cost savings in times of low usage Maximum can limit overall cost exposure Instance size m1.large is typically a good choice for array-based servers in a production environment m1.smalls (and even micro instances) can be used in test and development environments Every application is different, so run load tests and benchmarks to find the optimal solution for your environment Code Deployment Updated code can be pushed to all servers in an array via a single click of a button

27. Caching Tier Caching can dramatically decrease the load on the database Particularly in read-intensive applications Costs of caching Application complexity/modification Additional instance hours to support the cache

28. Caching Tier Best practice is to have a separate, dedicated caching tier Caching can be implemented on each application server Prevents the use of a distributed cache Local cache should only be used by the co-resident application server Application complexities Database performance degradation

29. Caching Tier Best practice is to have a separate, dedicated caching tier Caching can be implemented on each application server Prevents the use of a distributed cache Local cache should only be used by the co-resident application server Application complexities Database performance degradation Instance Size and Count Determine memory caching footprint Select instance size and count that spreads the load over several servers Prevents loss of entire cache if a single instance fails Distribute caching servers across AZs for reliability Overprovision if possible Provide capacity for system to grow to fully utilize cache (budget permitting)

30. Caching Tier Best practice is to have a separate, dedicated caching tier Caching can be implemented on each application server Prevents the use of a distributed cache Local cache should only be used by the co-resident application server Application complexities Database performance degradation Instance Size and Count Determine memory caching footprint Select instance size and count that spreads the load over several servers Prevents loss of entire cache if a single instance fails Distribute caching servers across AZs for reliability Overprovision if possible Provide capacity for system to grow to fully utilize cache (budget permitting) Manually scaling caching servers is possible but non-trivial Involves application and database performance degradation Time To Lives (TTLs) Always set to expire

31. Caching Tier Write-intensive applications Don’t see as large a performance gain as read-intensive apps Memcached can be modified to perform lazy writes of data objects to the database Data can be lost in case of caching server crash Not a recommended best practice, but can be (and has been) done Tradeoff of performance versus end-user experience

32. Caching Tier Write-intensive applications Don’t see as large a performance gain as read-intensive apps Memcached can be modified to perform lazy writes of data objects to the database Data can be lost in case of caching server crash Not a recommended best practice, but can be (and has been) done Tradeoff of performance versus end-user experience Third-party providers Vendor solutions exist that allow dynamic memcached scaling

33. Database Tier Numerous database architecture options exist No “one size fits all” solution, so testing and benchmarking are critical to determine proper configuration

34. Database Tier Masters and Slave(s) Multiple Slaves if budget permits Distribute Master and Slave(s) across AZs Always use same instance size for Master and Slaves

35. Database Tier Masters and Slave(s) Multiple Slaves if budget permits Distribute Master and Slave(s) across AZs Always use same instance size for Master and Slaves Data Storage EBS volumes for data store Never use ephemeral storage for persistent data Back up Master and Slaves frequently Upload snapshots to S3 or some other persistent, redundant storage

36. Database Tier Masters and Slave(s) Multiple Slaves if budget permits Distribute Master and Slave(s) across AZs Always use same instance size for Master and Slaves Data Storage EBS volumes for data store Never use ephemeral storage for persistent data Back up Master and Slaves frequently Upload snapshots to S3 or some other persistent, redundant storage Instance Size Varies greatly based on the nature of the application and site traffic Load testing and benchmarking can assist in identifying a reasonable initial size

37. Database Scaling

38. Database Scaling Vertical “Grow” or “shrink” a database server from one instance size to another

39. Database Scaling Vertical “Grow” or “shrink” a database server from one instance size to another Horizontal Add additional servers to spread the database load

40. Database Vertical/Horizontal Scaling

41. Horizontal Database Scaling Addition of read Slaves Effective for read-intensive applications Only writes need to access the master Replication lag to slaves must be considered

42. Horizontal Database Scaling Addition of read Slaves Effective for read-intensive applications Only writes need to access the master Replication lag to slaves must be considered Effective mechanism is to use MySQL Proxy

43. Horizontal Database Scaling Sharding Concept is to partition the database into distinct, non-overlapping pieces “Horizontal slicing” of the database tables into groups of rows Forethought required in setting up shards since cross-shard joins are resource intensive

44. Horizontal Database Scaling Before Sharding

45. Horizontal Database Scaling After Sharding

46. Horizontal Database Scaling Master-Master Two (or more) Master DBs Any Master can modify any database object Replication lag can result in database inconsistencies Poorly-designed applications can cause data object collisions and leave databases in indeterminate state Not a recommended best practice, nor supported by RightScale

47. Horizontal Database Scaling NoSQL solutions Many options exist – SimpleDB, Cassandra, Membase, CouchDB, MongoDB, Riak, etc. Basically a Key/Value store No complex operations between data objects (no relational operations) Multiple nodes can be used to implement a distributed data store Coordinated backup and recovery can be challenging Some RightScale customers are beginning to use some NoSQL solutions in specific use cases.

48. So What’s Best?

49. So What’s Best? As is typical in many technology discussions…

50. So What’s Best? As is typical in many technology discussions… “It depends”

51. So What’s Best? As is typical in many technology discussions… Many scalable environments share some common underlying architecture concepts “It depends”

52. So What’s Best? As is typical in many technology discussions… Many scalable environments share some common underlying architecture concepts Every application is different. As such, there is no “one size fits all” “It depends”

53. So What’s Best? As is typical in many technology discussions… Many scalable environments share some common underlying architecture concepts Every application is different. As such, there is no “one size fits all” Components of a reference architecture such as this can be used as a starting point, with tweaks and modifications made per the unique characteristics of the application itself, or the load and traffic patterns it experiences “It depends”

54. Scalable Web Applications Q&A RightScale.com/Conference (Presentations available next week) Conference@RightScale.com RightScale.com/whitepapers