SlideShare a Scribd company logo

Cloud Design Patterns - Hong Kong Codeaholics

Download as PPTX, PDF
T
Taswar Bhatti

The document discusses various software design patterns that address complexities in software development, emphasizing reusable solutions to recurring problems. It covers patterns such as external configuration, cache aside, federated identity, valet key, gatekeeper, circuit breaker, retry, and strangler, detailing when to use or avoid each pattern and their associated cloud solutions. The author, Taswar Bhatti, is a Microsoft MVP and a global solutions architect with extensive industry experience.

Software
1 of 80
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
TaswarBhatti
Ponder • For every 25 percent increase in problem complexity, there is a 100 percent increase in solution complexity. • There is seldom one best design solution to a software problem. • If cars were like software, they would crash twice a day for no reason, and when you called for service, they’d tell you to reinstall the engine.
Who am I • Taswar Bhatti – Microsoft MVP since 2014 • Global Solutions Architect/System Architect at Gemalto • In Software Industry since 2000 • Native Hong Kong, but live in Canada now • I know Kung Fu (Languages)
What I am not
Cloud Design Patterns - Hong Kong Codeaholics
Agenda • What are Patterns? • The External Configuration Pattern • The Cache Aside Pattern • The Federated Identity Pattern • The Valet Key Pattern • The Gatekeeper Pattern • The Circuit Breaker Pattern • The Retry Pattern • The Strangler Pattern • Questions
Bad Design
Bad Design
Bad Design
Bad Design?
Itunes when I use it
What are Patterns? • General reusable solution to a recurring problem • A template on how to solve a problem • Best practices • Patterns allow developers communicate with each other in well known and understand names for software interactions.
External Configuration Pattern
External Configuration Pattern • Helps move configuration information out of the application deployment • This pattern can provide for easier management and control of configuration data • For sharing configuration data across applications and other application instances
Typical Application
Storing Configuration in file
Multiple application
Problems • Configuration becomes part of deployment • Multiple applications share the same configuration • Hard to have access control over the configuration
External Configuration Pattern
When to use the pattern • When you have shared configuration, multiple application • You want to manage configuration centrally by DevOps • Provide audit for each configuration
When not to use • When you only have a single application there is no need to use this pattern it will make things more complex
Cloud Solution Offerings • Azure Key Vault • Vault by Hashicorp • AWS KMS • Keywhiz
Cache Aside Pattern
Cache Aside Pattern • Load data on demand into a cache from datastore • Helps improve performance • Helps in maintain consistency between data held in the cache and data in the underlying data store.
Typical Application
Cache Aside Pattern
When to use the pattern • Resource demand is unpredictable. • This pattern enables applications to load data on demand • It makes no assumptions about which data an application will require in advance
When not to use • Don’t use it for data that changes very often
Things to consider • Sometimes data can be changed from outside process • Have an expiry for the data in cache • When update of data, invalidate the cache before updating the data in database • Pre populate the data if possible
Cloud Offerings • Redis (Azure and AWS) • Memcache • Hazelcast • Elastic Cache (AWS)
Federated Identity Pattern
Federated Identity Pattern • Delegate authentication to an external identity provider. • Simplify development, minimize the requirement for user administration • Improve the user experience of the application • Centralized providing MFA for user authentication
Typical Application
Problem
Problem • Complex development and maintenance (Duplicated code) • MFA is not an easy thing • User administration is a pain with access control • Hard to keep system secure • No single sign on (SSO) everyone needs to login again to different systems
Federated Identity Pattern
When to use • When you have multiple applications and want to provide SSO for applications • Federated identity with multiple partners • Federated identity in SAAS application
When not to use it • You already have a single application and have custom code that allows you to login
Things to consider • The identity Server needs to be highly available • Single point of failure, must have HA • RBAC, identity server usually does not have authorization information • Claims and scope within the security auth token
Cloud Offerings • Azure AD • Gemalto STA and SAS • Amazon IAM • GCP Cloud IAM
Valet Key Pattern
Valet Key Pattern • Use a token that provides clients with restricted direct access to a specific resource • Provide offload data transfer from the application • Minimize cost and maximize scalability and performance
Typical Application Client App Storage
Problem Client App Storage Client Client Client Client
Valet Key Pattern Client App Generate Token Limited Time And Scope Storage
When to use it • The application has limited resources • To minimize operational cost • Many interaction with external resources (upload, download) • When the data is stored in a remote data store or a different datacenter
When not to use it • When you need to transform the data before upload or download
Cloud Offerings • Azure Blob Storage • Amazon S3 • GCP Cloud Storage
Gatekeeper Pattern
Gatekeeper Pattern • Using a dedicated host instance that acts as a broker between clients and services • Protect applications and services • Validates and sanitizes requests, and passes requests and data between them • Provide an additional layer of security, and limit the attack surface of the system
Typical Application
Problem
Gatekeeper Pattern
When to use it • Sensitive information (Health care, Authentication) • Distributed System where perform request validation separately
When not to use • Performance vs security
Things to consider • WAF should not hold any keys or sensitive information • Use a secure communication channel • Auto scale • Endpoint IP address (when scaling application does the WAF know the new applications)
Circuit Breaker Pattern
Circuit Breaker Pattern • To handle faults that might take a variable amount of time to recover • When connecting to a remote service or resource
Typical Application
Problem
Client Circuit Breaker Api Closed State Timeout Closed State Open State Half Open State After X Retry Closed State
Circuit Breaker
When to use it • To prevent an application from trying to invoke a remote service or access a shared resource if this operation is highly likely to fail • Better user experience
When not to use • Handling access to local private resources in an application, such as in-memory data structure • Creates an overhead • Not a substitute for handling exceptions in the business logic of your applications
Libraries • Polly (http://www.thepollyproject.org/) • Netflix (Hystrix) https://github.com/Netflix/Hystrix/wiki
Retry pattern
Retry Pattern • Enable an application to handle transient failures • When the applications tries to connect to a service or network resource • By transparently retrying a failed operation
Typical Application Network Failure
Retry Pattern • Retry after 2, 5 or 10 seconds
When to use it • Use retry for only transient failure that is more than likely to resolve themselves quicky • Match the retry policies with the application • Otherwise use the circuit break pattern
When not to use it • Don’t cause a chain reaction to all components • For internal exceptions caused by business logic • Log all retry attempts to the service
Libraries • Roll your own code • Polly (http://www.thepollyproject.org/) • Netflix (Hystrix) https://github.com/Netflix/Hystrix/wiki
Strangler Pattern
Strangler Pattern • Incrementally migrate a legacy system • Gradually replacing specific pieces of functionality with new applications and services • Features from the legacy system are replaced by new system features eventually • Strangling the old system and allowing you to decommission it
Monolith Application
Strangler Pattern
When to use • Gradually migrating a back-end application to a new architecture
When not to use • When requests to the back-end system cannot be intercepted • For smaller systems where the complexity of wholesale replacement is low
Considerations • Handle services and data stores that are potentially used by both new and legacy systems. • Make sure both can access these resources side-by-side • When migration is complete, the strangler façade will either go away or evolve into an adaptor for legacy clients • Make sure the façade doesn't become a single point of failure or a performance bottleneck.
Questions? Taswar Bhatti System Solutions Architect (Gemalto) Microsoft MVP http://taswar.zeytinsoft.com @taswarbhatti

More Related Content

What's hot (20)

PPTX
Tokyo azure meetup #8 - Azure Update, August
Kanio Dimitrov
 
PPTX
Azure governance
Udaiappa Ramachandran
 
PDF
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
Markus Eisele
 
PDF
CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
NCCOMMS
 
PPTX
Azure Reference Architectures
Christopher Bennage
 
PPTX
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
PPTX
Azure SQL DB V12 at your service by Pieter Vanhove
ITProceed
 
PPTX
Digitally Transform (And Keep) Your On-Premises File Servers
Aidan Finn
 
PPTX
Azure Networking - The First Technical Challenge
Aidan Finn
 
PDF
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
RightScale
 
PPTX
Tokyo Azure Meetup #4 - Build 2016 Overview
Tokyo Azure Meetup
 
PDF
Flux QL - Nexgen Management of Time Series Inspired by JS
Ivo Andreev
 
PDF
Gradual migration to MicroProfile
Rudy De Busscher
 
PPTX
Office 365 Best Practices That You Are Not Thinking About
Quest
 
PPTX
Protecting Your Data with Encryption
Ed Leighton-Dick
 
PPTX
2 Speed IT powered by Microsoft Azure and Minecraft
Sriram Hariharan
 
PPTX
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Tom Kerkhove
 
PPTX
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)
Ed Leighton-Dick
 
PDF
Microsoft azure - the cloud for modern business
Vinh Nguyen Quang
 
PDF
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Lightbend
 
Tokyo azure meetup #8 - Azure Update, August
Kanio Dimitrov
 
Azure governance
Udaiappa Ramachandran
 
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
Markus Eisele
 
CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
NCCOMMS
 
Azure Reference Architectures
Christopher Bennage
 
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
Azure SQL DB V12 at your service by Pieter Vanhove
ITProceed
 
Digitally Transform (And Keep) Your On-Premises File Servers
Aidan Finn
 
Azure Networking - The First Technical Challenge
Aidan Finn
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
RightScale
 
Tokyo Azure Meetup #4 - Build 2016 Overview
Tokyo Azure Meetup
 
Flux QL - Nexgen Management of Time Series Inspired by JS
Ivo Andreev
 
Gradual migration to MicroProfile
Rudy De Busscher
 
Office 365 Best Practices That You Are Not Thinking About
Quest
 
Protecting Your Data with Encryption
Ed Leighton-Dick
 
2 Speed IT powered by Microsoft Azure and Minecraft
Sriram Hariharan
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Tom Kerkhove
 
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)
Ed Leighton-Dick
 
Microsoft azure - the cloud for modern business
Vinh Nguyen Quang
 
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Lightbend
 

Similar to Cloud Design Patterns - Hong Kong Codeaholics (20)

PPTX
Cloud patterns forwardjs April Ottawa 2019
Taswar Bhatti
 
PPTX
Azure architecture design patterns - proven solutions to common challenges
Ivo Andreev
 
PPTX
Cloud First Architecture
Cameron Vetter
 
PDF
MS Cloud Design Patterns Infographic 2015
James Tramel
 
PDF
Ms cloud design patterns infographic 2015
Kesavan Munuswamy
 
PPTX
Applicare patterns di sviluppo con Azure
Marco Parenzan
 
PDF
Cloud Design Patterns
Carlos Mendible
 
PDF
Software Architecture for Cloud Infrastructure
Tapio Rautonen
 
PDF
Summer School Soa EAP Asanka 18 Jun
WSO2
 
PDF
Cloud Design Patterns Book from Microsoft
Kesavan Munuswamy
 
PPTX
Cloud design pattern using azure
Karthikeyan VK
 
PPTX
Cloud Design Patterns
Karthikeyan VK
 
PDF
SOA Solution Patterns
WSO2
 
PDF
Cloud Design Patterns - PRESCRIPTIVE ARCHITECTURE GUIDANCE FOR CLOUD APPLICAT...
David J Rosenthal
 
PDF
Cloud application architecture with Microsoft Azure
Guillermo Zepeda Selman
 
PPT
Best Practices for Large-Scale Websites -- Lessons from eBay
Randy Shoup
 
PDF
Cloud-native Data: Every Microservice Needs a Cache
cornelia davis
 
PPTX
Cloud architecture
Mahmoud Moussa
 
PDF
The top 6 microservices patterns
Abhishek Sood
 
PPTX
Azure Application Architecture Guide
Masashi Narumoto
 
Cloud patterns forwardjs April Ottawa 2019
Taswar Bhatti
 
Azure architecture design patterns - proven solutions to common challenges
Ivo Andreev
 
Cloud First Architecture
Cameron Vetter
 
MS Cloud Design Patterns Infographic 2015
James Tramel
 
Ms cloud design patterns infographic 2015
Kesavan Munuswamy
 
Applicare patterns di sviluppo con Azure
Marco Parenzan
 
Cloud Design Patterns
Carlos Mendible
 
Software Architecture for Cloud Infrastructure
Tapio Rautonen
 
Summer School Soa EAP Asanka 18 Jun
WSO2
 
Cloud Design Patterns Book from Microsoft
Kesavan Munuswamy
 
Cloud design pattern using azure
Karthikeyan VK
 
Cloud Design Patterns
Karthikeyan VK
 
SOA Solution Patterns
WSO2
 
Cloud Design Patterns - PRESCRIPTIVE ARCHITECTURE GUIDANCE FOR CLOUD APPLICAT...
David J Rosenthal
 
Cloud application architecture with Microsoft Azure
Guillermo Zepeda Selman
 
Best Practices for Large-Scale Websites -- Lessons from eBay
Randy Shoup
 
Cloud-native Data: Every Microservice Needs a Cache
cornelia davis
 
Cloud architecture
Mahmoud Moussa
 
The top 6 microservices patterns
Abhishek Sood
 
Azure Application Architecture Guide
Masashi Narumoto
 
Ad

More from Taswar Bhatti (13)

PPTX
Get productive with python Visual Studio 2019
Taswar Bhatti
 
PPTX
Nodejsvault austin2019
Taswar Bhatti
 
PPTX
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to know
Taswar Bhatti
 
PPTX
Intro elasticsearch taswarbhatti
Taswar Bhatti
 
PPTX
Using Vault for your Nodejs Secrets
Taswar Bhatti
 
PPTX
Devteach 2017 OAuth and Open id connect demystified
Taswar Bhatti
 
PPTX
Devteach 2017 Store 2 million of audit a day into elasticsearch
Taswar Bhatti
 
PPTX
An introduction to Microsoft Bot Framework
Taswar Bhatti
 
PPTX
Dev days 1 Introduction to Xamarin Taswar Bhatti
Taswar Bhatti
 
PPTX
Xamarin forms introduction by Taswar Bhatti and Ahmed Assad
Taswar Bhatti
 
PPTX
Docker for .NET Developers
Taswar Bhatti
 
PPTX
Docker for .NET Developers
Taswar Bhatti
 
PPTX
Akka.Net Ottawa .NET User Group Meetup
Taswar Bhatti
 
Get productive with python Visual Studio 2019
Taswar Bhatti
 
Nodejsvault austin2019
Taswar Bhatti
 
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to know
Taswar Bhatti
 
Intro elasticsearch taswarbhatti
Taswar Bhatti
 
Using Vault for your Nodejs Secrets
Taswar Bhatti
 
Devteach 2017 OAuth and Open id connect demystified
Taswar Bhatti
 
Devteach 2017 Store 2 million of audit a day into elasticsearch
Taswar Bhatti
 
An introduction to Microsoft Bot Framework
Taswar Bhatti
 
Dev days 1 Introduction to Xamarin Taswar Bhatti
Taswar Bhatti
 
Xamarin forms introduction by Taswar Bhatti and Ahmed Assad
Taswar Bhatti
 
Docker for .NET Developers
Taswar Bhatti
 
Docker for .NET Developers
Taswar Bhatti
 
Akka.Net Ottawa .NET User Group Meetup
Taswar Bhatti
 
Ad

Recently uploaded (20)

PDF
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
PPTX
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PDF
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
PDF
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
PPTX
Transforming Mining & Engineering Operations with Odoo ERP | Streamline Proje...
SatishKumar2651
 
PDF
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
PPTX
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
PDF
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
PDF
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
PDF
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
PDF
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
PPTX
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
PPTX
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PDF
Top Agile Project Management Tools for Teams in 2025
Orangescrum
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PPTX
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
PDF
MiniTool Partition Wizard Free Crack + Full Free Download 2025
bashirkhan333g
 
PDF
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
PPTX
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
TheFutureIsDynamic-BoxLang witch Luis Majano.pdf
Ortus Solutions, Corp
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
Transforming Mining & Engineering Operations with Odoo ERP | Streamline Proje...
SatishKumar2651
 
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
Finding Your License Details in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Top Agile Project Management Tools for Teams in 2025
Orangescrum
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
MiniTool Partition Wizard Free Crack + Full Free Download 2025
bashirkhan333g
 
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 

Cloud Design Patterns - Hong Kong Codeaholics

  • 2. Ponder • For every 25 percent increase in problem complexity, there is a 100 percent increase in solution complexity. • There is seldom one best design solution to a software problem. • If cars were like software, they would crash twice a day for no reason, and when you called for service, they’d tell you to reinstall the engine.
  • 3. Who am I • Taswar Bhatti – Microsoft MVP since 2014 • Global Solutions Architect/System Architect at Gemalto • In Software Industry since 2000 • Native Hong Kong, but live in Canada now • I know Kung Fu (Languages)
  • 4. What I am not
  • 6. Agenda • What are Patterns? • The External Configuration Pattern • The Cache Aside Pattern • The Federated Identity Pattern • The Valet Key Pattern • The Gatekeeper Pattern • The Circuit Breaker Pattern • The Retry Pattern • The Strangler Pattern • Questions
  • 11. Itunes when I use it
  • 12. What are Patterns? • General reusable solution to a recurring problem • A template on how to solve a problem • Best practices • Patterns allow developers communicate with each other in well known and understand names for software interactions.
  • 14. External Configuration Pattern • Helps move configuration information out of the application deployment • This pattern can provide for easier management and control of configuration data • For sharing configuration data across applications and other application instances
  • 18. Problems • Configuration becomes part of deployment • Multiple applications share the same configuration • Hard to have access control over the configuration
  • 20. When to use the pattern • When you have shared configuration, multiple application • You want to manage configuration centrally by DevOps • Provide audit for each configuration
  • 21. When not to use • When you only have a single application there is no need to use this pattern it will make things more complex
  • 22. Cloud Solution Offerings • Azure Key Vault • Vault by Hashicorp • AWS KMS • Keywhiz
  • 24. Cache Aside Pattern • Load data on demand into a cache from datastore • Helps improve performance • Helps in maintain consistency between data held in the cache and data in the underlying data store.
  • 27. When to use the pattern • Resource demand is unpredictable. • This pattern enables applications to load data on demand • It makes no assumptions about which data an application will require in advance
  • 28. When not to use • Don’t use it for data that changes very often
  • 29. Things to consider • Sometimes data can be changed from outside process • Have an expiry for the data in cache • When update of data, invalidate the cache before updating the data in database • Pre populate the data if possible
  • 30. Cloud Offerings • Redis (Azure and AWS) • Memcache • Hazelcast • Elastic Cache (AWS)
  • 32. Federated Identity Pattern • Delegate authentication to an external identity provider. • Simplify development, minimize the requirement for user administration • Improve the user experience of the application • Centralized providing MFA for user authentication
  • 35. Problem • Complex development and maintenance (Duplicated code) • MFA is not an easy thing • User administration is a pain with access control • Hard to keep system secure • No single sign on (SSO) everyone needs to login again to different systems
  • 37. When to use • When you have multiple applications and want to provide SSO for applications • Federated identity with multiple partners • Federated identity in SAAS application
  • 38. When not to use it • You already have a single application and have custom code that allows you to login
  • 39. Things to consider • The identity Server needs to be highly available • Single point of failure, must have HA • RBAC, identity server usually does not have authorization information • Claims and scope within the security auth token
  • 40. Cloud Offerings • Azure AD • Gemalto STA and SAS • Amazon IAM • GCP Cloud IAM
  • 42. Valet Key Pattern • Use a token that provides clients with restricted direct access to a specific resource • Provide offload data transfer from the application • Minimize cost and maximize scalability and performance
  • 45. Valet Key Pattern Client App Generate Token Limited Time And Scope Storage
  • 46. When to use it • The application has limited resources • To minimize operational cost • Many interaction with external resources (upload, download) • When the data is stored in a remote data store or a different datacenter
  • 47. When not to use it • When you need to transform the data before upload or download
  • 48. Cloud Offerings • Azure Blob Storage • Amazon S3 • GCP Cloud Storage
  • 50. Gatekeeper Pattern • Using a dedicated host instance that acts as a broker between clients and services • Protect applications and services • Validates and sanitizes requests, and passes requests and data between them • Provide an additional layer of security, and limit the attack surface of the system
  • 54. When to use it • Sensitive information (Health care, Authentication) • Distributed System where perform request validation separately
  • 55. When not to use • Performance vs security
  • 56. Things to consider • WAF should not hold any keys or sensitive information • Use a secure communication channel • Auto scale • Endpoint IP address (when scaling application does the WAF know the new applications)
  • 58. Circuit Breaker Pattern • To handle faults that might take a variable amount of time to recover • When connecting to a remote service or resource
  • 61. Client Circuit Breaker Api Closed State Timeout Closed State Open State Half Open State After X Retry Closed State
  • 63. When to use it • To prevent an application from trying to invoke a remote service or access a shared resource if this operation is highly likely to fail • Better user experience
  • 64. When not to use • Handling access to local private resources in an application, such as in-memory data structure • Creates an overhead • Not a substitute for handling exceptions in the business logic of your applications
  • 65. Libraries • Polly (http://www.thepollyproject.org/) • Netflix (Hystrix) https://github.com/Netflix/Hystrix/wiki
  • 67. Retry Pattern • Enable an application to handle transient failures • When the applications tries to connect to a service or network resource • By transparently retrying a failed operation
  • 69. Retry Pattern • Retry after 2, 5 or 10 seconds
  • 70. When to use it • Use retry for only transient failure that is more than likely to resolve themselves quicky • Match the retry policies with the application • Otherwise use the circuit break pattern
  • 71. When not to use it • Don’t cause a chain reaction to all components • For internal exceptions caused by business logic • Log all retry attempts to the service
  • 72. Libraries • Roll your own code • Polly (http://www.thepollyproject.org/) • Netflix (Hystrix) https://github.com/Netflix/Hystrix/wiki
  • 74. Strangler Pattern • Incrementally migrate a legacy system • Gradually replacing specific pieces of functionality with new applications and services • Features from the legacy system are replaced by new system features eventually • Strangling the old system and allowing you to decommission it
  • 77. When to use • Gradually migrating a back-end application to a new architecture
  • 78. When not to use • When requests to the back-end system cannot be intercepted • For smaller systems where the complexity of wholesale replacement is low
  • 79. Considerations • Handle services and data stores that are potentially used by both new and legacy systems. • Make sure both can access these resources side-by-side • When migration is complete, the strangler façade will either go away or evolve into an adaptor for legacy clients • Make sure the façade doesn't become a single point of failure or a performance bottleneck.
  • 80. Questions? Taswar Bhatti System Solutions Architect (Gemalto) Microsoft MVP http://taswar.zeytinsoft.com @taswarbhatti

Editor's Notes

  • #3: For every 25 percent increase in problem complexity, there is a 100 percent increase in solution complexity. There is seldom one best design solution to a software problem. If cars were like software, they would crash twice a day for no reason, and when you called for service, they’d tell you to reinstall the engine.