The outermost of SAE’s architecture is Level 7(OSI), which provides load balance and health check, etc.
This is an http reverse proxy, mainly taking charge of responding to user’s HTTP request, analyzing and forwarding it to the backend web server pools.
SAE servers’ architecture is distributed, so this means we need load balance for these servers to ensure each request’s quick response.
Load balance is mainly used in proxy and forwarding. When user’s request reaches Level 7, load balance analyses it and then forwards it to the server whose load is lower.
Level 7 will check up backend servers’ status automatically. If Level 7 doesn’t receive server’s feedback for a certain while, it will identify this server as unavailable and won’t forward request to it any more.
SAE’s web servers take the distributed code deployment way. Developers submit code to the Deploy Front, and then the code will be synchronously deployed to all SAE’s web servers, just like every server gets one copy of the code. If some web servers were dead, client’s request could also be redirected to another living one in order not to affect the application’s running. This will greatly improve the app’s stability.
In addition, SAE also provides an entire distributed web service solution, including distributed database, distributed file system, distributed timing service, page fetching and image service, etc.
SAE, as a public cloud platform, will first face the problem of application’s isolation. Without good isolation, the platform would not operate long-term stably. SAE sandbox isolates the application in its own secure and reliable environment, showing in the following aspects:
SAE Memcache is a distributed cache service, provided by SinaAppEngine to store user’s small amount of data by shared ways.
As SAE’s web service environment is distributed, SAE Memcache is supposed to be enabled when users need to cache small-structure data, like key-value. This can provide quick data access response and reduce the backend storage pressure.
SAE Memcache system is a general memcache pool. Every user who is going to use Memcache will face the entire service system instead of one single Memcache instance.
3.In traditional Memcache, all the users share one LRU link; this would cause interference between user data exchange, like A’s data might be replaced by B’s. So we need to install different Memcache instances to keep these distinct LRU links.
3.Domain supported. Different domains have distinct memory limit and LRU. Developers can set up memory limit according to data importance, and these data LRU links won’t be interfered by each other.
SAE supports nearly all the characters of MySQL. Users can create database schemas and tables on SAE and manage them through standard MySQL client; this entire process has no difference compared with the original MySQL, therefore we don’t need any code modification.
Additionally, each MySQL group contains one master database, several slaves and one for backup. This can greatly improve the database performance and ensure data reliability.
As traditional relational database’s scalability is not that satisfied in distributed environment, NoSQL has gradually come into our vision. And because more and more developers are getting used to take NoSQL as usual database development tool, SAE also provides NoSQL service to meet this requirement.
KVDB is a distributed key-value storage service developed by SAE, to support the large amount of key-value data storage on public cloud platform. KVDB has massive storage capacity, 100G for each developer, supporting about one billion records. Developers can use KVDB to store simple-structure data, like friend relationship.
KVDB has high performance and high reliability. According to our benchmark, the speed for both reading and writing can reach up to 100,000 queries per second. KVDB is running under the structure of one master and several slaves. SAE provides hot backup and regularly cold backup. When some database was dead, we would switch to a living one automatically.
For data service, SAE mainly uses replication to ensure the high reliability. SAE’s data storage service adopts two kinds of replication, the active and the passive. For instance, the synchronization between master and slave Binlog on SAE is typical passive replication: User’s task request is read into the master database, and be synchronized to the slave by backend process. Once the master was down, the slave would be quickly switched as master. In addition, some of SAE’s service use active replication (double-write) to ensure the HA, like Cron. When developers set up a Cron in configuration file, appconfig.yaml, the information of this timing task will be double-written into several persistent databases for later execution.
Every APP is running separately in SAE’s runtime environment. Application cannot jump over the sandbox to get others’ code, which is the insurance for code security.
Apart from the password, security code is also needed when deploying code online or through SVN and this is a plus for code security.
Every application might face the problems of being attacked and malicious fetched from unidentified IP, mainly shown in two aspects: app data leakage and bandwidth over-consumption. SAE’s App firewall is designed to solve this problem. Developers can limit certain IP’s visit frequency (minute/hour/day) and network flow at the control panel, and effectively protect our own application data and bandwidth by setting black/white lists.
The application level problems are mainly caused by user’s code security defect, which include SQL injection, cross site script and Trojan linked. As a solution, SAE provides the APP Health Check service to detect code security problems and will inform you the result directly.
Besides developers need to enhance our own cyber-security awareness and strengthen the computer security, SAE also provides a security code protection mechanism. First, SAE will check the security code’s login IP; validate the cell phone number for IP from another region. Second, if users want a higher level security, you can apply for SAE cell phone dynamic password as a replace of security code.
Cron is the crontab service developed by SAE. Clients who want to set up triggers for certain timing actions may use this, like regular ranking and so on. Cron’s excitation is triggered in HTTP ways, while what’s really executed is code from developer’s apps. Cron is deployed in distributed environment with high reliability, and is isolated between each other. Different points are triggered at the same time but only one is to be executed after distributed lock’s election.
TaskQueue is designed by SAE for developers to execute a list of tasks sequentially by asynchronous HTTP ways. First, users need to create a queue at online management platform, and then push tasks into it which will be executed right after pushed. TaskQueue’s job execution is achieved by HTTP methods and what really executed is code from developer’s apps. So the execution is limited by the longest time of HTTP. TaskQueue is deployed in distributed environment with high reliability. Each worker is isolated from the others and spontaneously executes the task.
DefferedJob is for developers to configure an off-line task execution schedule. It is not limited by HTTP longest execution time, which is the main difference from TaskQueue. This is because DefferedJob is executed at system level language so there is no time limit; while TaskQueue is triggered by HTTP methods.
Cloud-storage service become easier to realize based upon SAE Storage.
Storage provides several kinds of the data security insurance:
SAE has many multiplex backbone network (China Telecom, China Unicom, China Mobile and Education network line) CDN nodes covering nearly all China’s big cities. Now these nodes are opened for clients to use this high quality CDN service.
After enable CDN service, data in Storage will be pushed to every CDN nodes. Users will receive data from the nearest nodes when try to fetch it and this will greatly improve the access performance.
SINA Short Message Service is a comprehensive message service supported by SINA Wireless. Users can send short message via China Mobile, China Unicom or China Telecom network, and the arrival rate is above 90%.
Geo. Location service is usually used in the situation of searching routine, bus lines, IP location and maps.
Chinese Word Segmentation means divide certain sequence of Chinese characters into one-by-one words. It is the basis of text mining. Segmentation with higher accuracy for certain Chinese paragraph would help computers understand what those really mean. SAE’s word segmentation is the Chinese sentence analysis system developed based on Hidden Markov Model, which mainly includes Chinese word segmentation, part-of-speech tagging, named entity recognition and new word identification.