Placeholder Image

字幕列表 影片播放

  • creating these classes requires equipment and service.

  • Is that cost money?

  • If you appreciate this education, please think about going to Eli the computer guy dot com and offering a one time or monthly recurring donation.

  • Welcome back.

  • So today's video I want to talk about S O A or service oriented architecture.

  • So this is a way of designing your I T infrastructure.

  • Where you focus primarily on the service is that are required and not really this servers themselves.

  • So when we talk about client server architectural, we talk about something like an extreme server providing email service is or a routing remote access server providing VPN servers.

  • One of the issues as an administrator is not only are you responsible for the configurations and the connections in order to connect to those service is, but you're also responsible for dealing with the operating system, dealing with patches, dealing with anti virus dealing with all of those things.

  • So basically, when you're looking at administering your infrastructure, not only are you do you have to deal with the service is that are actually needed by your users, but you're worried about all of the underlying components that actually provide those service is so we start looking at a service oriented architecture.

  • What becomes very interesting here.

  • Is this a different way of looking at your architecture?

  • Basically, the idea being If What if?

  • What if the server or whatever is providing the service simply becomes a black box to you?

  • You're no longer worried about the operating system updates.

  • They're no longer worried about the anti virus or any of those other things required to maintain the server.

  • All you're really worried about is the connection between the client applications or the users, and the service is that they are trying to get to.

  • And so why this becomes very important is in the modern world when we start looking at cloud computing infrastructure and we start looking at all these service is that are available from cloud computing providers.

  • If you start thinking about things Maur as a service versus as a server, you get to do some interesting things again with your infrastructure.

  • So if you're simply thinking about something like a database service, like in the old days, so if you're going to have a my sequel database, so you're gonna be running a website with my sequel Back End or something like that in the old days that my sequel database would be on a server, probably Olynyk server, that would have something like my sequel, Insult.

  • And so you is the administrator.

  • You be responsible for my secret database and you'll be responsible for the mice equal running on Olynyk server.

  • And you'd be responsible for the Lenox operating system itself.

  • And you're responsible for all the hardware that provides everything for you.

  • And so that could be That could be a little difficult.

  • That requires a lot of time and energy.

  • And so one of things you could be thinking I was like, Well, do I really want my sequel server?

  • Right?

  • That sounds a little weird here, but do I really want my sequel server, or do I simply want some kind of database service?

  • My software has to connect to a database.

  • Do I really care whether or not if I own that particular server, or how that particular server actually runs?

  • So something some of the interesting things you can do with servers oriented architecture is if you build things out, you can start with your own.

  • My sequel server so you can have my single database and my sequel server.

  • And you can have all that up and running and you're responsible for everything.

  • And then you start thinking about it like, you know what?

  • You know I don't really wanna I don't really want to run my own sequel my own my sequel server.

  • Because if the CPU fan fails or something like that, everything goes down.

  • So then you can start thinking about Well, okay, I need these service.

  • I need a service that provides a my sequel data vice connection and so that you can go to a company.

  • I'll show you this in a little bit, such as Digital ocean.

  • And they actually have database as a service service is so you can actually migrate your data to them.

  • And they actually run my sequel in their cloud so that you now get all of them.

  • My sequel database service, is that you need, but you're no longer happy.

  • Never on your server.

  • But then again, if you're sitting there anything about the service oriented architecture, right?

  • Is it even okay?

  • We don't really need the physical server.

  • I don't really want to worry about the operating system.

  • Here's an interesting question.

  • Here's the interesting question.

  • Do you really actually care if it's even my sequel?

  • They may be sitting there thinking like, Well, wait a minute.

  • Well, if I need a I need, um, my sequel database in order to run my WordPress or whatever else.

  • Of course, I need my sequel.

  • Well, no, actually, you really don't.

  • You just need something compatible with my sequel.

  • You need something that understands my sequel, sequel statements, um, structure, query, language statements and can do something with that.

  • And so that's where you can go to something like eight of us.

  • Aurora.

  • So that becomes very interesting.

  • So a.

  • W S.

  • Aurora doesn't actually run my sequel.

  • So it's a database as a service that is compatible with my sequel.

  • But it's not actually my sequel, and with that, you get some very interesting things that you could D'oh!

  • You can have databases all the way up the 64 terabytes and size, and you can do a lot of new interesting things with it because basically what Amazon has done is, they said Okay, we know that we have clients that use software that requires.

  • My sequel is a back end.

  • The problem is, my sequel as it is, has issues just like everything does.

  • And so they said, Hey, what if we redesign the entire back?

  • And what if we re just redesigned how our database itself actually functions?

  • But we allow applications that require my sequel to be able to communicate with that database in the standard way that my sequel is able to communicate?

  • And so this is a way you are now getting the database service that is compatible with my sequel but is not even actually my sequel anymore.

  • So this is where we get to with service oriented architecture again.

  • When you start looking at E mail, service is for your company.

  • Do you really want in exchange server, right.

  • So if you have an exchange server with your company, that means you have the extreme server software installed on your server, which means you have to deal with the Windows operating system on your server, plus a deal.

  • You have to have a physical machine, so we start thinking about a service oriented architecture versus a server.

  • You started thinking Well, really, I just need e mail service is.

  • I don't really care if its extensive.

  • I don't really want to dio with Windows.

  • There will be frank with you.

  • So what provider or what other way could I get?

  • The e mail service is for my end users without being hyper focused on what the actual product is, something like exchange.

  • And so this becomes important.

  • The modern world, as we go forward is what we can do is if we start looking at things like service is instead of the actual products and servers, then we no longer have to be married to these particular vendors, right?

  • Because that's one of the big issues in the technology world is sometimes cos they're doing great things.

  • Sometimes vendors are doing amazing things.

  • They just everything they touch turns to gold is beautiful, the price points good.

  • That quality is good, everything's great.

  • But again, with all these companies, they'll keep doing that for, like, 556 years, the way amazing.

  • And then something happens, they get a new CEO.

  • Something else do what happens on.

  • Then they start putting out trash, right?

  • They start putting out Windows Vista anyways, so that probably run into right and the old client server Architecture is if you're dealing with extreme server.

  • All right, if your email service is our provided by an exchange server, And so the way you think of email service is as just an exchange server, The problem is, if Microsoft puts out a really crap product, you're most likely gonna have to buy that new crap product.

  • The reason being is because you're not thinking about email service is your thinking about exchange server?

  • So one of things you can start thinking about is like, Well, if you start building your infrastructure Maur just off of the service, then if Microsoft does something stupid, then you can transition over to another provider that will then provide you the e mail service is that you want.

  • So that's one of the cool things now where a lot of people don't realize how flexible things have become over the last decade or so.

  • But the fact of the matter is, is that you kind of a company that's using something like an exchange server.

  • They can go from the exchange server, migrate over.

  • All they need is email service is or calendar service and that type of thing.

  • They my migrate over to Google Premier APS.

  • Basically business class APS.

  • They could go there.

  • They could be there for five or six or however many years.

  • If that starts going to hell, that you go over to something like office 3 65 because now they're no longer married to the one particular product.

  • All you're looking at is I need a particular type of service.

  • You start to see this with things such as storage.

  • Storage becomes very important when you're building out cloud computing infrastructure.

  • And so if you go to Amazon or if you go to Azure, even if you go to digital ocean now, basically, storage has simply become a service.

  • Right?

  • So for you, for you as the IittIe administrator, what do you care about with story, Right.

  • So you have to tow upload backup files or you have to have data stored somewhere for your infrastructure up on the cloud.

  • What do you really care about?

  • You care about price point, you require you care about robustness and up time, basically, that you can get to your data when you need to get to your data.

  • Uh, you're worried about whether your your security policies and that type of stuff will work properly with within whatever infrastructure and you're worried about.

  • Maybe some things like Hippo, our PC I compliance or that type of thing, right?

  • Notice when I talk about the things that you're worried about is a 90 administrator.

  • One of things that you shouldn't be worried about is what operating system is running your story.

  • Service's things you shouldn't be worried about is what specific hardware is running.

  • Your storage service is right.

  • Things you don't want to be worried about is again the maintenance and all the underlying stuff for your store service is.

  • So if you're sitting in there and before back in the old days when we thought about, like, file basically files they're sharing her file storage, you would have a file server and so that file servers was most likely a del machine or an HP machine, and that most likely had a Windows server operating system on it.

  • And then you would have your raid and then you would have everything else.

  • And so that was a very particular product.

  • Now, if you can start thinking about like, Well, I don't really care if I have a window servant Really care if I have a Lennox server?

  • I don't really care about this technology server.

  • I just need a store red that that that deals with these requirements and then you go to digital ocean and then you can go toe the eight of us.

  • Then you can go toe ashore.

  • Then you can go to sign ology, and then you can look at Windows Server and then you can look at the new Lenox offerings.

  • And then, if you're simply looking at it as a service that's being provided, you can and go.

  • You figure out, you know which one of these options fits your needs at the moment, and then you can go with that option.

  • And then as things go in the future, since you're not really married to that particular product, then again, five or six or 10 years from now, you can look and go.

  • Okay, well, this is what we built out before, But now you know, we think the service's will be provided from this different place better.

  • And so that's the important thing to be thinking about when you're thinking about the service oriented architecture versus the client server architecture, the client server architecture you're not only worried about the service is being provided by the server, but you also had to deal with the software and you also to do with the operate system.

  • And you also do the hardware anyhow to deal with the antivirus and all of that kind of thing, right?

  • All of that was your responsibility.

  • When you when you're dealing with a service oriented architecture, you're just you're hyper focused on the service isn't themselves that are being provided.

  • And then basically, how you look at it is how those service is provided are more of a black box.

  • You're worried about the connection.

  • You're worried about the connection between your users or your system, and the service is you're not so focused on on what the actual a back end of those service is our.

  • And when you start looking at things that way, there is a lot of new cool options on the table.

  • So we know as soon as I start talking about like Black box service is Oh, I'm starting to make a lot of people scared like what?

  • What what, what, what do you mean?

  • I don't really know how this service is air being an offer to me.

  • What do you mean?

  • It's a black box where I don't really know what's going on on the other side.

  • Eli, Eli.

  • I don't really trust that.

  • Well.

  • The first thing that I'll say for anybody that starts screaming and who have been hollering about black box service is, is the fact of the matter is you most likely don't really know what the hell's going on in your own infrastructure anyway.

  • It's very interesting when you start talking about cloud computing infrastructure, and people start getting really scared about cloud computing infrastructure.

  • They have a big blind spot.

  • They have a big blind spot for how much they literally don't know what's going on in their own server rooms.

  • There's this idea that because you can see a physical machine that somehow that is safer or more secure, more reliable or something else than a machine that you can't see.

  • But the reality is at the end of the day is its most likely.

  • Your machines are far more vulnerable than the cloud service is that are being provided to you again, really think about it.

  • How robust is your your update scheme?

  • How robust is your preventive maintenance scheme?

  • How robust is your auditing of your security policies and making sure all user accounts have been disabled or deleted once people have left?

  • Are you really sure?

  • Are you really sure There's no global adamant accounts that are just kind of wandering through your system that people would just happen to foot forgotten about?

  • You know, basically, if you're dealing with a legacy infrastructure, somebody created a global admin account a decade ago And, yeah, it's just kind of kind of their, you know, their for the hacking if somebody wants to be able to get an access to it.

  • So I think that's one of the big things.

  • A lot of people, when they think about black box service, is they start me like, Oh, I don't know about that.

  • But the reality is, is when you look at your Windows server so you have a Windows 2012 server or 2016 server, and you're looking at that server.

  • The first question I really want you to ask yourself is, Do you really know what's going on?

  • in this area.

  • You really know what's going on, you know.

  • You know.

  • You know, you know, you just want a think thatyou.

  • D'oh!

  • So with these black box service's again, if you start going, eight of us restore it'd or is your for databases or anything like that, I would argue you have about as much understanding of what's going on in their black boxes as you do on your actual server yourself.

  • The other thing they have to be thinking about, too is that when you're dealing with these multibillion dollar companies that they're hyper focused on security.

  • Right when Netflix runs off of eight of us, when major corporations run off of azure, if it is your has downtime or resort has a major security problem literally, they're they're they're they're huge.

  • 1,000,000,000 $100 billion business can literally disappear in the blink of behind if they have a major security vulnerability if they have a major issue, whereas again, think about with your own infrastructure, you know, with your extreme, sir.

  • Okay, you've got your email extreme server.

  • Are you really sure what will happen if the motherboard fails on it?

  • Are you really confident everything has been updated on that exchange server.

  • Are you absolutely positive that nobody has root directory access to wear?

  • The email store is contained on that exchange server and that some ransomware can't possibly get in there and basically encrypt your root directory.

  • Are you absolutely positive about that?

  • So that's one of things to be thinking about from first, cause I know a lot of people.

  • They're like, Ah, black Boxes Way.

  • Don't know what's going on with our systems, literally.

  • We don't again like like with the n s A people, right?

  • The n ece was literally, uh, getting their hands on Cisco equipment a cz as it was being sent to distributors.

  • They were then opening the Cisco equipment.

  • They were then adding their own little spyware hardware to that Cisco equipment.

  • They were then ceiling everything up and let him to go on its way.

  • So literally, even when you buy equipment directly from the vendor, you don't really know what specifically going on in that equipment with the Chinese.

  • The Chinese intelligence agencies at one time they were infecting in 500 gig hard drives at the manufacturer, so they were actually putting viruses and spyware into hard drives at the manufacturer that was then getting shipped out.

  • The idea being is back then 501 terabyte hard drives were large hard drives, and so the idea was, those were the hard drives.

  • Most likely that we're going to go into government institutions and large organizations.

  • So that was a way to get viruses and spyware past whatever security procedures that they had.

  • And so this is an important thing to be thinking about again.

  • You have this idea like the black box.

  • I don't really know what's going on.

  • You know, you don't really know what's going on going on with anything.

  • So So that's the first thing they think about.

  • The next thing to be thinking about with this whole black box idea is the even.

  • Start building your own infrastructure based off of the idea of essentially having black boxes now.

  • And what do I mean by that?

  • So right now, in a lot of people build out client server architecture.

  • Everything is essentially on the same plane, right?

  • So you have your active directory server and the other file server, and you ever database server and you have your email server, and you have all of those within the same sub net within the same security groups.

  • Again, client computers are able to access all of those different servers relatively easily.

  • And this is why we get so many ransomware attacks right is because if everything is more or less on the same sum that everything is except accessible, then if a piece of ransomware is able to compromise something such as an administrator account, it is then able to get into those servers and then do things such as, basically encrypt an entire hard drive.

  • And so one of things you could be thinking about is, even if you don't start planning to use Cloud Service is yet think about building your own infrastructure based off of a service oriented architectures, right?

  • So think about it, right?

  • So if you need something like database service is, so let's say you have a Web server and you have a database server and they do whatever it is you need your company to do.

  • Right now.

  • The Web server on the database server, most likely sitting on the same network, they're just as vulnerable to each other.

  • There's a whole bunch of issues going on.

  • They're so one of the things you can start thinking about.

  • It's like, Well, what if we can start separating this?

  • What if we put the database server behind a firewall?

  • We have that firewall.

  • So only the specific ports that are required for the database connection are open.

  • Right?

  • So think about it this way.

  • So now you have your dad of a service.

  • So a service ornate architecture.

  • So your service simply happens to be provided by this particular server.

  • Then you put up the firewall and then you say Onley, these particular ports are open, and then you secure things.

  • So then your Web server hazarding communicate to the to the my sequel server through the firewall.

  • So if you have that firewall up, you don't have sssh open.

  • You don't have the SNB.

  • You're the FTP ports you have don't have any other ports open.

  • Basically, the only way to get to that database server is through the firewall with the specified ports.

  • That's a way that you can then start making your infrastructure Maur secure based off of a service oriented architecture methodology.

  • Then from there, once you have that divided up, they fight it off.

  • Once you've built everything out to communicate in this fashion, then at that point, if you do want to go up and you want to start using Web service such as, like a oh digital ocean for their for their my sequel database as a service or something like eight of us Aurora, then it becomes much easier just to be able to migrate and move the infrastructure.

  • Because you've already started designing your infrastructure around these concepts again.

  • The same thing is true with, like your file servers and nor normally now your file server in your active directory server there, sitting on the same network.

  • It's very easy to access, you know, access one or the other.

  • And so one of things we think it was like Okay, well, if we're gonna have storage if we start thinking about not a file server, but you start thinking about storage, So how would we do a storage and a service or into architecture?

  • Even if it's within our own data center and the same thing is true, it's like OK, well, maybe I would build out a cluster this way so I'd have a storage cluster using a store, two spaces and, oh, Microsoft or something like that So I would build this out, and then again, I would put the firewall up.

  • And this is how the permissions would operate so on and so forth, and you start building.

  • Building your infrastructure based off of these service is being provided and not based off of just the server when the other things, too, that this makes it a lot easier when you start doing things like planning for the future.

  • We're thinking about budgeting because one of big problems when you look at I t infrastructure is if you look at everything is just your IittIe infrastructure, right?

  • That's your active directory servers and email servers and database servers and all of that.

  • You're trying to figure out how much money you need for the rest of the year, or how much money you're gonna need next year.

  • It could be very difficult to figure out where the money should be allocated.

  • Well, one of things I think t consider is if you start doing a service oriented architecture type methodology.

  • So here here is your database cluster.

  • Here is your database service is here are your file service's.

  • Here are your computer.

  • Your virtualization service's Here are your VP, and service is Once you've separated all of those things out, it becomes much easier to do auditing and new reports and see how the service's are actually being provided to your end users.

  • How fast things are, how reliable things are are things up to to the performance that they should be.

  • And so that's one of things you can seek you can look at, Is it?

  • Everything's been divided out and you have your database service is over here.

  • Then it's easier to say, OK, how are our database service is doing?

  • Okay, so this is our database, you know, server provided the database service is for for whatever servers needed.

  • How do we feel just about the database?

  • How do we feel about the database service is, and that's when you can have people.

  • Well, you know, I'm a little nervous because we only have one database server s Oh, it's a single point point of failure.

  • It does back up.

  • But if that single thing fails, then it's gonna take us a day to get it back up.

  • right.

  • And so, if you're looking at it that way, and you're only looking at just the database service is for your infrastructure, and then you can start thinking about Okay, Well, should we then make a database cluster so we can put multiple database servers so they could be a cluster?

  • If one fails, it will be okay because you have other machines, and then you can look at you can think about the money.

  • You can look thing about the budget, and now that you're only looking in that you can go.

  • Okay, well, we could create, you know, a cluster of five these machines.

  • But if we could create Cluster five of these machines and it's gonna be $2000 per server so that's gonna be $10,000 outlay to create that cluster.

  • Or again if all we're thinking about his service is or, you know, look at what our database service is air actually doing.

  • Maybe if we put them up to Digital ocean or eight of us Aurora again, then then we're gonna be paying $50 a month for the service.

  • But we're not going to have to tow put out that that full outlet.

  • You know, that's one way to be thinking about again.

  • If you start thinking about Story Service's versus simply a Windows file server, you can sit there and you can say OK, Microsoft, you know, with storage spaces and how they deal with stores.

  • You know, that's very nice, But again, Scientology has, um, some pretty cool options out there.

  • Organ eight of us.

  • The You can start looking at your infrastructure an entirely different way when you start looking at it from a service is type type, idea them from this server itself.

  • And as you start as you start sectioning off your infrastructure into their own little black boxes, it then becomes easier to manage.

  • It becomes more secure because again, you only have the specific firewalls and service is open that need to be open.

  • And it becomes easier for planning and budgeting in the future because instead of saying, Oh, I need the money, it's upgrade the servers.

  • You can say we have a bottleneck in the storage.

  • Stored is a bottleneck right now.

  • Therefore, we need to improve storage databases.

  • Air doing funny in a database service is doing fine, so we don't have to worry about that, so it allows you.

  • It makes it easier to start focusing on the things that you really need to focus on.

  • Let's first look at the horrible way.

  • Horrible way.

  • A lot of client server architecture is currently built, so against you understand a little bit better.

  • Why this is an awful thing and why you hear about so many security incidents in the real world s O.

  • Nowadays again right, you'll have your building and you'll have your nice little server room.

  • And a lot of times in your silver room, you'll actually only have a couple of servers, right, and many times those servers will do numerous different things.

  • So you'll have your active directory server, which will also be your file server, which will also be something called your amount remote, a routing and remote access server.

  • That's your VPN server.

  • It also sometimes be your email server.

  • They really should not run exchange on an active directory server, and basically you'll have all of these different service is provided by one or two different servers.

  • Those will be on a sub net.

  • Those will be on a network and basically all of the client computers within that building within that facility on that land will be able to communicate with those servers to be get the access to service is that they need so they need.

  • Active directory service is a file servers VPN email, whatever else they're able to connect now.

  • The problem with this is, is that every service that is provided by a server not only has a service that you're giving to get active directory or email or file or whatever else, but it also has vulnerabilities.

  • Right?

  • File servers have specific vulnerabilities, right?

  • You're able to actually load files onto a file server.

  • That's the entire frickin point of a file server.

  • But that on its own, is a vulnerability.

  • If somebody can get some kind of nefarious file on your file server and who knows, maybe they can trigger an event to happen.

  • Like when an antivirus scan happens, maybe they can find a vulnerability in your anti virus software.

  • So when the anti virus scans that particular file, then that file is able to gain access to your anti virus software, and then it's able to compromise the server well.

  • The issue is is again.

  • If everything is running on the same box, then you start adding up vulnerabilities.

  • So you have a final several vulnerability and email server vulnerability, VP and vulnerability, Active directory vulnerability.

  • It just a Microsoft vulnerability.

  • Maybe your your del.

  • You've got Adele System and has some kind of oh S and M P agent or something like that on there.

  • And so that's a vulnerability.

  • Got another vulnerability, right?

  • And so basically, if you have one server providing all of these service is you then start racking up all of these vulnerabilities.

  • And so somebody might be a good compromise your files, your file server component.

  • And once that could compromise a final server component there, then able to gain access to the A email service is and the ones have gained access to the e mail service is maybe they can get into the active directory service is and then everything goes to hell again.

  • The big problem here, too, is if you're thinking normally, you know, you've got the client machines and so these these client systems or let's say Windows client systems, and so you try to lock them down.

  • But what happens if a hacker comes in and he just he just attached is or she just attach is their little box to the network and again, since everything is on the same network, since all of the service's are provided by the same servers.

  • If you know who this person just puts a little raspberry pi or an Intel nuke onto the network, it can start trying to find some vulnerability and something.

  • And as soon as it's able to compromise one system, it then has a foothold and start trying to attack everything else.

  • And so this is the nasty old way of doing client server architecture That is just as bad.

  • If you don't like that, so then you have the new kind of way of doing client server architecture.

  • We start talking about virtualization.

  • One of things you start talking about with virtualization is you start building it so that each server on Lee provides one service, right.

  • So instead of having one physical machine on that will provide active directory and email and VPN and all of that, what you do is you start creating instances of machines in order to do one specific thing, so you have an instance of an active directory server.

  • So there's this instance this server on Lee does active directory service is so it only provides active directory service is and so it only has active directory vulnerabilities on.

  • Then you have an instance of a file server, and all that does is provide, you know, service is for files.

  • Then you have your routing a remote access over your your VPN server.

  • And all that does is VPN access, right?

  • And so basically, this is the new way of thinking about doing a client server architecture where, since you can start doing virtualization and hardware has become less expensive, then basically you have a single machine that is providing any particular service.

  • But the issue that you're gonna be running into is basically all of the servers are still more or less running on the exact same network.

  • Right?

  • So, again, you've got all your client computers out here, and instead, now, if I need an active directory service, I go to switch.

  • It sends me to the active directory server.

  • I don't need to share a file and then sends me to file server.

  • I don't need to do VPN service is it sends me to the VPN server, so obviously this is a lot better.

  • But some of the problems you run into is everything is still more or less on the exact same sub net.

  • So if somebody can compromise a server, somebody can compromise a client, a computer, they're able to try toe hack every other system here.

  • And the other issue that you're dealing with with this is again a lot of his Microsoft.

  • Right?

  • So you got a Microsoft active directory server had a Microsoft VPN server Microsoft File server, the whole nine yards, right?

  • So you're still dealing with full fledged servers that are providing the service is and so one of the questions is, you know, what if Microsoft isn't the best provider of storage solutions?

  • What if Microsoft is in the press provider for VP and solutions?

  • Things like that.

  • So that's where you start thinking about hold the whole service oriented architecture, and we started about the service oriented architecture, Basically.

  • Then you start to have the bubbles, then you start to have the bubbles, and so with the bubbles.

  • Basically, let's say you have an active directory, so you have your active directory cluster.

  • You have your active alert director clusters of this will be your security service's, and those will probably need Microsoft.

  • If you're dealing with the legacy systems, they'll be Microsoft.

  • And so here.

  • Basically, what you do is you set up your active directory domain controllers and they're able to communicate.

  • And what you dio is you can put some kind of firewall or you put some kind of routing scheme in place so they're in their own little bubble they're able to provide the active directory service is on the other hand, then you have what, say your Web servers.

  • So then you have your Web servers.

  • These provide your internal websites or possible your external websites that those types of things And there you can start thinking about you know, what is the most appropriate way of delivering websites?

  • Maybe when you start to begin with again, it's running things like a pack.

  • You Web servers?

  • Well, one of things that you can dio is if you have quiet computers, right, you have client computers and they need to access the Web sites really the only way that they need to access those websites is through port 80.

  • Right?

  • So http is poor 80.

  • So what you can do is you can set up a firewall, basically set up a firewall, and you only allow poor 80 traffic to come through to these web servers.

  • So that means S S H is shut off.

  • It means any other.

  • Basically, networking protocol won't be able to work.

  • And so that's able to secure those Web servers better.

  • Then again, like I say, you've got your database servers.

  • Let's say you're running on my sequel again when you'll notice.

  • Here is you have the Web servers right here and then the my sequel servers.

  • Your database servers are actually separated from your Web servers.

  • Eso you look at whatever ports my sequel requires, And so your Web servers then start accessing you're my sequel servers again through a firewall, you have the ports set up.

  • So on Lee, the ports that are that are specifically required in order allow my sequel traffic to go through.

  • We'll go through.

  • And so the interesting thing as you start looking at these kind of bubbles, right?

  • One of things here is that the end users, the end users have no access to your my sequel database servers, right?

  • In order for the end users to get something out of my sequel, they have to go to a Web servers.

  • The Web servers then ask for information from the my sequel servers through the network that that you've configured.

  • And so there is no direct path for your client systems to be able to access those my sequel servers.

  • And so, therefore, you're my sickle.

  • Your database servers become a hell of a lot more secure.

  • You're not worried so much about Ransomware being able to get into your database servers and being able to encrypt your root directories because none of the clients the client systems, have network access to to my sequel servers.

  • If somebody is able to compromise an active directory server, active directory servers don't have access to your my sequel service, right, because they have been segmented off.

  • Well, the cool part about this, then again, as you start thinking about a service oriented architecture, is you start going Okay, Well, I got my active directory bubble, so I've got my active directory bubble on again.

  • I'm dealing with Microsoft, so I'm gonna have my active directory.

  • You know, service.

  • Is there going to be a local?

  • Most likely for the next 10 or 20 years.

  • That's just how it is.

  • Okay, so my active directory service is those are going to be run locally.

  • I'm going to have a little active directory cluster on.

  • It's going to be behind its own little firewall.

  • Um, and then you start looking at things like web servers.

  • So then you've got your little web servers again.

  • You have a little fire wall in front of that.

  • Only port 80 is allowed to go through.

  • And you start looking at your web servers and you start thinking, Well, you know, we might be able put these online, but for whatever reason, we get better performance, right?

  • We've got these eons way already own again.

  • A big reason that people do things in the real world is that they already own the equipment.

  • We already own these eon servers with 32 gigs around.

  • Um and actually, they run websites.

  • Really?

  • Well, eso again.

  • So we're gonna if we're looking at this from a service standpoint, An S O s standpoint.

  • Okay.

  • We're just gonna keep our little Apache servers here because that works out really well.

  • But then you start looking at Let's say you're my sequel databases, right?

  • So when you start looking at my sequel databases as simply a service, not a particular server, you might be sitting there going.

  • You know, I'm worried about this.

  • I'm worried about this.

  • The my sequel databases.

  • They've been growing.

  • They've been growing significantly.

  • We've got more users, whatever.

  • They're getting the crap hammered out of them.

  • I'm a little nervous about my sequel databases.

  • I'm worried that we're going to make sure that we're maintaining them properly.

  • I'm worried about the backup solution.

  • I'm worried about all of that.

  • So currently, the Web servers are able to connect to our local my sequel database servers.

  • But oh, I just I just don't like the idea that we're running this.

  • I don't feel confident.

  • So one of things you can think about then is then when you've got the cloud right again, you've got digital ocean.

  • So digital Ocean offers a database as a service.

  • So then you can think, Well, why don't we migrate the my sequel databases up to the digital ocean database as a service and then all we have to do because we've already designed our infrastructure to be this kind of components service based thing.

  • Then all we do is we migrate the data up to Digital ocean.

  • We configure everything, how it's supposed to be.

  • And then now we just point our Web servers to digital ocean instead of our local cluster.

  • And so then we're able to turn that off, and now we're doing dealing with digital ocean.

  • And then again, like when you start looking at it from that, the service oriented way, everything becomes its own components and then as your requirements, Trang, and then you can start moving things around again.

  • So let's say you have the Web servers now and they're communicating up to the digital ocean servers.

  • And then after a while you're like, you know, these servers that we have.

  • They've got an old again.

  • I'm worried about security and all that.

  • So let's go with eight of us for a Web servers, so we'll just migrate our Web servers up to eight of us for service they were then connect to the digital ocean, will create the other connections, feel active directory and all that works.

  • And so things become Maur compartmentalized and again, with all of this is you set this up properly with security, you're starting.

  • Get Maura and Maura layers of security between all of these systems.

  • So if somebody is able to compromise one part of your infrastructure, they're not going to be able to compromise all of your infrastructure.

  • And so this is something just to be looking at again.

  • We kind of diagram and write all of this out.

  • Maybe this gives you a little bit better idea of what I'm talking about.

  • So now that my world class drawing has made everything so clear to you, let's go over to the computer.

  • I want to show you some of the offerings that are available for the my sequel database, right?

  • So my sequel is a database that's been used for a long time now.

  • In the cool part about it, is, is that there are now Mawr options for Maura vendors for not just my sequel Service's, but also my sequel Compatible Service is, and so I just want to show you these my sequel options to kind of give you the idea of the different things that may be available for you.

  • So again, like when you're going out there and you're looking for storage solutions.

  • If you start thinking about storage and not simply a Microsoft file server, then you can start saying again.

  • Well, okay, maybe we do is your store, you know, blob story.

  • They have.

  • Or maybe do eight of us store it.

  • Or maybe you do a sign ology server made.

  • Maybe we do in Lenox, right?

  • You start thinking about the service is being provided rather than the specific product itself.

  • So let's go over and take a look at some of my sequel options on.

  • I think this will make it a little bit clearer for you.

  • So the first thing to look at is just good old fashioned.

  • My sequel.

  • Eso we come here again.

  • We go to my sequel dot com.

  • You can see the my sequel database server that you can download and purchase, and they're talking about all the cool options available for you.

  • They got the Enterprise edition of my sequel Cluster.

  • They have all kinds of cool things, right?

  • So if you want to run my sequel Lok locally, this is where you ago you would download you by your maintenance contracts, you'd figure out how to build your clusters and all that type of thing.

  • But what if you're sitting there going?

  • You know I want a reliable good my sequel service, but I have a little nervous.

  • I don't I don't want to worry about a a CPU fan failing and taking down my My sequel service is for my users.

  • Well, then you can go over to something such as Digital Ocean actually has managed IDENT database is database as a solution.

  • Leave the complexity of database administration who us will handle setting up backing up and updating so you can focus on building APS as if you go down here.

  • You can look at the options that they provide, so this will be a basically is in my sequel database service for you on It's scalable.

  • They have the daily backups built in automated fail over that have ended in the security.

  • So basically, you can go and you're able to rent a my sequel database server service that will provide all of the options that you want.

  • Well, then, one of the things you might be thinking about like Well, you know, I really like my sequel, right?

  • We've already built.

  • We have all of these legacy applications that are using my sequel.

  • Is it back in?

  • But we're running into problems with my sequel itself, possibly the size of the databases or the sizes of the tables.

  • There is just There's a fundamental problem with the back end of my sequel, where you're running into issues, and so that's where you can go over to something like Amazon Aurora And so with Amazon Aurora.

  • This is a compatible database.

  • So they're back and is not actually my sequel.

  • Who the hell knows what's running on the back in that?

  • Maybe if you got dead cats and they're swinging them around and that's what makes the database service is work, I don't know.

  • Basically, you've got my sequel on post grace, equal compatible relational databases.

  • And one of the interesting things here that I absolutely love is so Amazon.

  • Aurora features a distributed, fault tolerant, self healing stored system that auto scales to 64 terabytes of data per database.

  • Instance.

  • And so this is something we think about again.

  • Let's say let's say you built yourself where you have some kind of legacy software that's been using my sequel back end on has been using it for a decade.

  • Right?

  • And so when that software was created, you know, you had I don't know, Maybe you had 1000 1000 customers or something, right?

  • So basically, you had some kind of CR m solution, some kind of customer solution.

  • You know, back 10 years ago, you had 1000 customers, and it really it worked really well.

  • Well, it's been 10 years.

  • You've been growing and growing and growing and growing.

  • The software works great.

  • That was created.

  • But now you're starting to get worried because having 1000 customers, maybe you have two or three million customers on those two or three million customers.

  • They have all kinds of data association associated with their accounts.

  • And so then you start your start worrying about the size of the database itself.

  • Like if the database gets too big under normal mice, equal conditions, you may start running into problems.

  • You might start running.

  • The corruption is that type of thing.

  • And so if you go Oh, okay.

  • What weakened dio is we're going to use a My sequel compatible database service from AWS, such as Aurora.

  • Then again, your software doesn't have to be modified.

  • You can, you can upload.

  • You can import all of your data from the my sequel databases that you already have.

  • You're my sequel connections within PHP or whatever software that you wrote.

  • Whatever coding language you wrote your software in those will be able to communicate with with a new database engine.

  • And so basically all you have to do is you simply have to go in to a couple of different pointers to a couple of different passwords.

  • Do the import and it Basically everything is running, just like it ran yesterday, but it's now running on a database infrastructure that can scale to a much larger size and be much more robust.

  • Then you had previously.

  • And so these are the things to be thinking about again.

  • As you start thinking about your infrastructure Maur as service's versus servers, you can start thinking about these really interesting things that you can d'oh!

  • And so that's a brief overview of a service oriented architecture and why it matters to you with rial I t.

  • Infrastructure now to be clear again whenever I talk about these architectures, whether I'm talking about client server or service oriented or even server lists architectures, the's a RM or ideas, they are methodologies about how you're going to be building out your infrastructure.

  • They're not.

  • They're not hard and fast rules.

  • They're not hard, fast rules.

  • Don't worry for anybody out there that likes patching operating system server operating systems.

  • Don't worry.

  • You're still gonna be packing server operating systems for a long time to come.

  • But this is MME.

  • Or of the concept of how you're going be building how your infrastructure not just so it runs well today, but so that it's easier Thio future proof your infrastructure and move things into the future again.

  • If you just simply have one database server that's on kind of the same plane that the same network is everything else.

  • When you start moving to the future of that might be a little bit difficult for migrating for what you'll be going to next if you start designing things so they so they start getting section off now.

  • So again, even if you just have one single database, sir, you still have one single database, sir, But you take that out of a server, you put it behind a firewall.

  • That's what you should do.

  • You have a lot less ransomware attacks if you put your database servers behind firewalls and didn't allow sssh and a whole bunch of other things to be open.

  • But anyways, you put your, uh, your database server, but find the firewall.

  • You only open up the ports, and now that's acting simply as a service for the rest of your network.

  • Again, you put your file servers, you put them into their own little bubble again behind a firewall with the correct security and all that kind of thing.

  • And so now they're and their own l

creating these classes requires equipment and service.

字幕與單字

單字即點即查 點擊單字可以查詢單字解釋

B1 中級

雲計算--SOA介紹(面向服務的體系結構)。 (Cloud Computing - SOA Introduction (Service Oriented Architecture))

  • 14 0
    林宜悉 發佈於 2021 年 01 月 14 日
影片單字