Posts

Reverse proxy

  Reverse proxy: Reverse proxy is used for proxing backend servers where the IP address and protocol used by the backend server will not be exposed to internet. Reverse proxy handles the request for transport medium like HTTP or TCP serves the request on behalf of the actual server. Here is IP address and protocol will be masked hence we can have a public IP configured for reverse proxy exposed to internet and serves the request on behalf of the actual Web server having private IPs. Protocol conversion will also be supported for example client browser can transport the data using HTTP which will hit the proxy and it will inturn convert to RPC or any properiatery protocol which backend server accepts. Uses of reverse proxy is huge it serves as the following layers before connecting to actual server. Caching - Want to some of the data to be cached for example some webpages, js script or any frequently used data can be cached in Reverse proxy. Authentication and authorization - It can be
Post a Comment
Read more

System design - Design a system that provides cricket score in real-time

Image
 Problem: Design a system that broadcast cricket system score to millions of users online.  Requirement: Consider 10 millions of users online accessing the server at the same time. Each want to get the live update of cricket score. Latency requirement is 100 millisec not more than that. There can be n no of matches happening at the same time.  Functional: 1. Each user can login to the system using his credentials. 2. User can go to dashboard showing multiple matches going on with basic details like run, wicket, current playing teams. 3. Once user selects a match going on it will show the details of who played runs, who is currently playing, who is serving balls etc. Non-Functional: 1. Througput of the system should be high handling at least 1 million of connections. For this use a high end machine having more RAM and CPU. 2. Need a LB for balancing the load. Since we are going to use Server send events in HTTP as transport medium we need a L7 LB. Use least connection as algorithm used
Post a Comment
Read more

How to validate if the software has been corrupted or started by a malicious software

Code signing certificate: If we downloading a software from internet for example Adobereader.exe from internet how can you validate if this from a trusted source and its not tampered during transit. For this reason we use code signing certificate and sign it in our build system using signtool.exe passing .pfx file containing certificate and private key (if private key not present pass it separately).  Who will provide the code signing certificate: A Intermediatery CA or CA will provide you code signing certificate which can be organization validated or domain validated or Extended validated. EV is a special way of approving a certificate its so stringent that CA will validate the organization financial statement and go in person to validate the presence of office. For all other validation just personal identification, legal documents and domain/site details will do, This is needed so a hacker can not impersonate as other valid domain. How it is generated: First a organization or develo
Post a Comment
Read more

Public key cryptogrphy - How certificate validation works using certificate chain

Application of certificate- Its widely used as a mean for identity, passing the asymmetric public key used for key exchange, also provides integrity of certificate. In case if the client or server in TLS or SSL handshake want to trust the client/server it will validate the certificate of server/client by verfying the certificate signature.  What is digitial certificate - When I want a server using HTTPS communication I need to purchase a SSL certificate for my domain. The reason is when a browser does ssl handshake it need to validate the authenticity of the website also need to make sure this authenticity is not tampered during the transit. For this problem we use certificate. Certificate contains mainly two parts like attributes and signature.  Attribute contains - Issuer, Subject name like google.com, public key algorithm, public key etc. Signature - This is crucial part of having integrity and authenticy of the certificate. For eg if I am getting an end entity ceritificate using in
Post a Comment
Read more

System Design - Upload files in Server farm

Image
 Requirement: There are server farms with multiple servers each having different volume size of storage you need to write a service that can perfrom CRUD operation in files upload, update, get and delete. While uploading you have to split the files at random size and upload in server farm. Also there should be an operation for search using grep command that can search the files in a particular folder or files.  Assume we have 10,000 users are uploading an average of 500MB file size per second. Resource calculation: Storage - 10,000*500*60*60*24 = 432 PB per day * 365 days = 157680 PB file storage needed for year DB - 10,000 * 175 bytes *60*60*24 = 1.51 PB per day * 365 days = 551.15 PB per year storage Architecture: Have a microservices placed after the LB, the microservice can expose the REST endpoints (/operate/file and /operate/search) which can take operations.  POST - Upload the file name for the folder path. While uploading we need to split the files into multiple files before up
Post a Comment
Read more

API Gateway

Advantages of API Gateway ProxySingle point of entry - client doesn’t need to know what is the IP address or microservice they only know the API gateway domain IP. API composition - client can ask for product details in one API end point that can have catalog info, likes, comments, pictures in different services which collate as one response and send it.  Security - Inorder to use each microservice they need to authenticate and authorize that logic can hardwire in gateway or contact a service for Authentication and authorization and decide to call the API or not. Service discovery - If auto scaled up or down we need a way to know the services available hence API gateway will talk to service registry to get those details and route call. If it tracks different version of the services and API’s. Service partition hidden - suppose we can common service for comments and likes we use the same API in client to get the comments and likes together. Later we split it the client doesnt need to
Post a Comment
Read more

Scope Gaurd for win32 API like closehandle

Problem: Often when writing win32 APIs I need a way to automatically call CloseHandle() for mutex, semaphore, events etc. But the problem writing a code for win32 API is there is not mechanism for automatically calling CloseHandle() function when the scope of the function or class member exits. We have to keep track of return statements and call CloseHandle() in all place we need.  E.g: void SomeOperation() {      WaitforSingleObject(hMutex, INFINITE);       if(do_operation1() != ERROR_SUCCESS)       {         std::cout << "Error operation 1"<<endl;         CloseHandle(hMutex);         return;       }       if(do_operation2() != ERROR_SUCCESS)       {         std::cout << "Error operation 2"<<endl;         CloseHandle(hMutex);         return;       }       //success so close it normally       CloseHandle(hMutex);       return; } So I define my own macro to do this operation using std::bind and class template. #define SCOPED(fun,param)\  auto
Post a Comment
Read more