designing and deploying
play

Designing and Deploying Internet-Scale Services James Hamilton - PowerPoint PPT Presentation

Dec 07, 2023 •496 likes •660 views

Designing and Deploying Internet-Scale Services James Hamilton 2008.12.02 Architect, Data Center Futures e: JamesRH@microsoft.com w: research.microsoft.com/~jamesrh w: perspectives.mvdirona.com Background & Biases 15 years in

  1. Designing and Deploying Internet-Scale Services James Hamilton 2008.12.02 Architect, Data Center Futures e: JamesRH@microsoft.com w: research.microsoft.com/~jamesrh w: perspectives.mvdirona.com

  2. Background & Biases • 15 years in database engine development – Lead architect on IBM DB2 – Architect on SQL Server • Led variety of core engine teams including SQL client, SQL compiler, optimizer, XML, full text search, execution engine, protocols, etc. • Led the Exchange Hosted Services Team – Email anti-spam, anti-virus, and archiving for 2.2m seats with $27m revenue – ~700 servers in 10 data centers world-wide • Architect on Windows Live Platform Services • Currently Data Center Futures Architect • Automation & redundancy is only way to: – Reduce costs – Improve rate of innovation – Reduce operational failures and downtime 12/2/2008 http://perspectives.mvdirona.com 2

  3. Agenda • Motivation & Overview • Recovery-Oriented Computing • Overall Application Design • Operational Issues • Summary Contributors: Search, Mail, Exchange Hosted Services, Live Collaboration Server, Contacts & Storage, Spaces, Xbox Live, Rackable Systems, Messenger, WinLive Operations, & MS.com Ops 12/2/2008 http://perspectives.mvdirona.com 3

  4. Motivation • System-to-admin ratio indicator of admin costs – Tracking total ops costs often gamed • Outsourcing halves ops costs without addressing real issues – Inefficient properties: <10:1 – Enterprise: 150:1 – Best services: over 2,000:1 • 80% of ops issues from design and development – Poorly written applications are difficult to automate • Focus on reducing ops costs during design & development 12/2/2008 http://perspectives.mvdirona.com 4

  5. What Does Operations do? Site Management Architectural Software Total Engineering Total Development 7% 8% Total 7% Requests Total 6% Deployment Management Overhead Total Total 11% 31% Incident Management Problem Source: Deepak Patil, Global Total Engineering Total Foundation Services (8/14/2006) 20% 10% • 51% is deployment & incident management (known resolution) • Teams : Messenger, Contacts and Storage & business unit IT services 12/2/2008 http://perspectives.mvdirona.com 5

  6. ROC Design Pattern • Recover-oriented computing (ROC) – Assume software & hardware will fail frequently & unpredictably • Heavily instrument applications to detect failures Bohr bug: Repeatable functional Bohr Bug Urgent App Alert software issue (functional bugs); should be rare in production Heisenbug Heisenbug: Software issue that only Restart occurs in unusual cross-request timing issues or the pattern of long Failure Reboot sequences of independent Failure operations; some found only in Re-image production Failure Replace Machine out of rotation and power down Set LCD/LED to "needs service" 12/2/2008 http://perspectives.mvdirona.com 6

  7. Overall Application Design • Development and testing with full service – Single-box deployment – Quick service health check • Pod or cluster independence – Zero trust of underlying components • Implement & test ops tools and utilities • Simplicity throughout • Partition & version everything 12/2/2008 http://perspectives.mvdirona.com 7

  8. Design for Auto-Mgmt & Provisioning • Never rely on local, non-replicated persistent state • Support for geo-distribution • Auto-provisioning & auto-installation mandatory – Explicitly install everything & then verify – Manage "service role" rather than servers • Multi-system failures are common – Limit automation range of action • Force fail all services and components regularly – Don't worry about clean shutdown • Often won't get it & need this path tested 12/2/2008 http://perspectives.mvdirona.com 8

  9. Release Cycle & Testing • Ship frequently: – Small releases ship more smoothly – Increases pace of innovation – Long stabilization periods not required in services • Use production data to find problems (traffic capture) – Measurable release criteria – Release criteria includes quality and throughput data • Track all recovered errors to protect against automation- supported service entropy • Test all error paths in integration & in production • Test in production via incremental deployment & roll-back – Never deploy without tested roll-back – Continue testing after release 12/2/2008 http://perspectives.mvdirona.com 9

  10. Design for Incremental Release • Incrementally release with schema changes? – Old code must run against new schema, or – Two-phase process (avoid if possible) • Update code to support both, commit changes, and then upgrade schema • Incrementally release with user experience (UX) changes? – Separate UX from infrastructure – Ensure old UX works with new infrastructure – Deploy infrastructure incrementally – On success, bring a small beta population onto new UX – On continued success, announce new UX and set a date to roll out • Client-side code? – Ensure old & new clients both run with new infrastructure 12/2/2008 http://perspectives.mvdirona.com 10

  11. Graceful Degradation & Admission Control • No amount of "head room" is sufficient – Even at 25-50% H/W utilization, spikes will exceed 100% • Prevent overload through admission control • Graceful degradation prior to admission control – Find less resource-intensive modes to provide (possibly) degraded services • Related concept: Metered rate-of-service admission – Service login typically more expensive than steady state – Allow a single or small number of users in when restarting a service after failure 12/2/2008 http://perspectives.mvdirona.com 11

  12. Auditing, Monitoring & Alerting • Produce perf data, health data & throughput data • All config changes need to be tracked via audit log • Alerting goals: – No customer events without an alert (detect problems) – Alert to event ratio nearing 1 (don’t false alarm) • Alerting is an art … need to tune alerting frequently – Can’t embed in code (too hard to change) – Code produces events, events tracked centrally, alerts produced via queries over event DB • Testing in production requires very reliable monitoring – Combination of detection & capability to roll back allows nimbleness • Tracked events for all interesting issues – Latencies are toughest issues to detect 12/2/2008 http://perspectives.mvdirona.com 12

  13. Dependency Management • Expect latency & failures in dependent services – Run on cached data or offer degraded services – Test failure & latency frequently in production • Don’t depend upon features not yet shipped – It takes time to work out reliability & scaling issues • Select dependent components & services thoughtfully – On-server components need consistent quality goals – Dependent services should be large granule (“worth” sharing) • Isolate services & decouple components – Contain faults within services – Assume different upgrade rates – Rather than auth on each connect, use session key and refresh every N hours (avoids login storms) 12/2/2008 http://perspectives.mvdirona.com 13

  14. Customer & Press Communications Plan • Systems fail & you will experience latency • Communicate through multiple channels – Opt-in RSS, web, IM, email, etc. – If app has client, report details through client • Set ETA expectations & inform • Some events will bring press attention • There is a natural tendency to hide systems issues • Prepare for serious scenarios in advance • Data loss, data corruption, security breach, privacy violation • Prepare communications skeleton plan in advance • Who gets called, communicates with the press, & how data is gathered • Silence typically interpreted as hiding something or lack of control 12/2/2008 http://perspectives.mvdirona.com 14

  15. Summary • Reduced operations costs & improved reliability through automation • Full automation dependent upon partitioning & redundancy • Each human administrative interaction is an opportunity for error • Design for failure in all components & test frequently • Rollback & deep monitoring allows safe production testing 12/2/2008 http://perspectives.mvdirona.com 15

  16. More Information • Designing & Deploying Internet-Scale Services paper: – http://research.microsoft.com/~JamesRH/TalksAndPapers/JamesRH_Lisa.pdf • Autopilot: Automatic Data Center Operation – http://research.microsoft.com/users/misard/papers/osr2007.pdf • Recovery-Oriented Computing – http://roc.cs.berkeley.edu/ – http://www.cs.berkeley.edu/~pattrsn/talks/HPCAkeynote.ppt – http://www.sciam.com/article.cfm?articleID=000DAA41-3B4E-1EB7- BDC0809EC588EEDF • These slides: – Will be posted to http://research.microsoft.com/~jamesrh later in the week • Email: – JamesRH@microsoft.com • External Blog: – http://perspectives.mvdirona.com 12/2/2008 http://perspectives.mvdirona.com 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ILA 38 Conference October 15, 2009 Designing, Developing, and Deploying a Temporary eLoran

ILA 38 Conference October 15, 2009 Designing, Developing, and Deploying a Temporary eLoran

ILA 38 Conference October 15, 2009 Designing, Developing, and Deploying a Temporary eLoran System. By Charles Schue With thanks to Nautel, Inc. &amp; Symmetricom, Inc. 1 The Tale of Two Markets Traditional Markets: (e)Loran Service

461 views • 28 slides
Network Solutions for Small and Medium Business Instructor Slides- Sample Chapter 1 Designing

Network Solutions for Small and Medium Business Instructor Slides- Sample Chapter 1 Designing

HP ExpertOne Designing &amp; Deploying Network Solutions for Small and Medium Business Instructor Slides- Sample Chapter 1 Designing &amp; Deploying Network Solutions for Small and Medium Business Chapter 1 Network Fundamentals 3

420 views • 25 slides
Deploying Machine Learning Models on The Edge Deploying Machine Learning Models on The Edge Yan

Deploying Machine Learning Models on The Edge Deploying Machine Learning Models on The Edge Yan

Deploying Machine Learning Models on The Edge Deploying Machine Learning Models on The Edge Yan Zhang, Mathew Salvaris Microsoft https://github.com/microsoft/deploy-MLmodels-on-iotedge Cloud Analytics Edge Analytics Device/Sensor Analytics

373 views • 34 slides
Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

1 Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with the issues that affect usability and interaction for different individual and groups of people Know the basic tools for designing interactive

525 views • 26 slides
DEPLOYING AND SCALING MICROSERVICES Sam Newman Goto Chicago 2016 @samnewman Building

DEPLOYING AND SCALING MICROSERVICES Sam Newman Goto Chicago 2016 @samnewman Building

DEPLOYING AND SCALING MICROSERVICES Sam Newman Goto Chicago 2016 @samnewman Building Microservices DESIGNING FINE - GRAINED SYSTEMS Sam Newman @samnewman Core Principles @samnewman Core Principles Artifacts @samnewman Core Principles

2.36k views • 190 slides
deploying a wsn on an active volcano Clay McLeod September 29, 2015 1 references Paper

deploying a wsn on an active volcano Clay McLeod September 29, 2015 1 references Paper

deploying a wsn on an active volcano Clay McLeod September 29, 2015 1 references Paper Werner-Allen, G., Lorincz, K., Ruiz, M., Marcillo, O., Johnson, J., Lees, J., &amp; Welsh, M. (2006). Deploying a wireless sensor network on an active

779 views • 58 slides
Experiences in deploying the high-end Experiences in deploying the high-end visualization

Experiences in deploying the high-end Experiences in deploying the high-end visualization

Experiences in deploying the high-end Experiences in deploying the high-end visualization application in the visualization application in the transatlantic GLIF environment transatlantic GLIF environment Marek Baewicz marqs@man.poznan.pl

427 views • 26 slides
Cost-Effective Resource Allocation for Deploying 1 Vinay Setty vsetty@mpi-inf.mpg.de Pub/Sub

Cost-Effective Resource Allocation for Deploying 1 Vinay Setty vsetty@mpi-inf.mpg.de Pub/Sub

Cost-Effective Resource Allocation for Deploying 1 Vinay Setty vsetty@mpi-inf.mpg.de Pub/Sub on Cloud Published in ICDCS 2014 Roman Vitenberg Maarten van Steen Gunnar Kreitz Guido Urdaneta Cost-Effective Resource Allocation for Deploying

904 views • 41 slides
Stagnation of deploying of Stagnation of deploying of Jun Takei 4 G and beyond Are you using

Stagnation of deploying of Stagnation of deploying of Jun Takei 4 G and beyond Are you using

Stagnation of deploying of Stagnation of deploying of Jun Takei 4 G and beyond Are you using 3G? y g How do you use 3G phone other than making voice How do you use 3G phone other than making voice call? Why not are you using 3G

183 views • 4 slides
Designing Designing, Making and T , Making and Tes.ng es.ng Samp mple

Designing Designing, Making and T , Making and Tes.ng es.ng Samp mple

Designing Designing, Making and T , Making and Tes.ng es.ng Samp mple Holder for Electron Parama magne.c Resonance Nana Shumiya, Physics Diablo Valley College

351 views • 12 slides
into the cloud What We Are re Doin ing TTS is currently deploying a nationwide V2I/I2V

into the cloud What We Are re Doin ing TTS is currently deploying a nationwide V2I/I2V

Delivering the traffic signal into the cloud What We Are re Doin ing TTS is currently deploying a nationwide V2I/I2V system for automotive OEMs, Tier 1s, and other services No DSRC equipment is required Interface at ATMS,

333 views • 15 slides
Deploying Large Scale AVB/TSN Networks Jeff Koftinoff, Meyer Sound Laboratories, Inc. June 19,

Deploying Large Scale AVB/TSN Networks Jeff Koftinoff, Meyer Sound Laboratories, Inc. June 19,

Deploying Large Scale AVB/TSN Networks Jeff Koftinoff, Meyer Sound Laboratories, Inc. June 19, 2015 Deploying Large Scale AVB Networks ACT 1 Deploying Large Scale AVB Networks What does putting audio/video on a

872 views • 63 slides
DISTRICT ENERGY: Deploying Clean Energy Microgrids in the Nations Capital Prepared for the

DISTRICT ENERGY: Deploying Clean Energy Microgrids in the Nations Capital Prepared for the

DISTRICT ENERGY: Deploying Clean Energy Microgrids in the Nations Capital Prepared for the Department of Energy and Environment September 2015 Deploying Microgrids in the District: Phase I Analysis and Outputs 2 About this Study This

454 views • 27 slides
Designing All Sky Camera for Designing All Sky Camera for the AMISR the AMISR REU Student :

Designing All Sky Camera for Designing All Sky Camera for the AMISR the AMISR REU Student :

Designing All Sky Camera for Designing All Sky Camera for the AMISR the AMISR REU Student : Raktim Sarma Mentor : Dr. Qian Wu Programming Guide : Alice Lecinski High Altitude Observatory ( HAO) Outline

1.52k views • 22 slides
Deploying And Supporting Perl 6 Jonathan Worthington UKUUG Spring 2007 Conference Deploying And

Deploying And Supporting Perl 6 Jonathan Worthington UKUUG Spring 2007 Conference Deploying And

Deploying And Supporting Perl 6 Jonathan Worthington UKUUG Spring 2007 Conference Deploying And Supporting Perl 6 Jonathan Worthington UKUUG Spring 2007 Conference Deploying And Supporting Perl 6 Overview Yesterday: the Perl 6 language

946 views • 39 slides
Class 14 Slides SLIDE what is the designing principle how does designing principle

Class 14 Slides SLIDE what is the designing principle how does designing principle

Class 14 Slides SLIDE what is the designing principle how does designing principle differ from premise how do you find the designing principle examples of designing principle examples of designing principle from

87 views • 8 slides
Graceful Degradation Fault-tolerance, or graceful degradation, is the property that enables a

Graceful Degradation Fault-tolerance, or graceful degradation, is the property that enables a

Graceful Degradation Fault-tolerance, or graceful degradation, is the property that enables a system (often computer- based) to continue operating properly in the event of the failure of (or one or more faults within) some of its

728 views • 14 slides
ValueX Vail Conference Kevin C. Smith, CFA NVIDIA Presentation Founder and CEO June 20, 2014

ValueX Vail Conference Kevin C. Smith, CFA NVIDIA Presentation Founder and CEO June 20, 2014

ValueX Vail Conference Kevin C. Smith, CFA NVIDIA Presentation Founder and CEO June 20, 2014 Crescat Capital LLC Investment Process Proactive Risk Management Global Fundamental Macroeconomic Data-Driven Themes Models 2 Crescat Global

958 views • 38 slides
Fred a new GPU-based fast-MC code and its applications in proton beam therapy A. Schiavi Fast

Fred a new GPU-based fast-MC code and its applications in proton beam therapy A. Schiavi Fast

MCMA 2017 - Napoli Fred a new GPU-based fast-MC code and its applications in proton beam therapy A. Schiavi Fast paRticle thErapy Dose evaluator Collaboration A. Schiavi, V. Patera, M. Senzacqua, Univ. La Sapienza Roma /INFN (Italy)

1.67k views • 26 slides
Recent Developments and Issues for MEA Test Plan By Thomas I. Valdez Jet Propulsion Laboratory,

Recent Developments and Issues for MEA Test Plan By Thomas I. Valdez Jet Propulsion Laboratory,

Recent Developments and Issues for MEA Test Plan By Thomas I. Valdez Jet Propulsion Laboratory, California Institute of Technology NASA FUEL CELL MEETING Hyatt Regency San Francisco at Embarcadero Center WEDNESDAY, AUGUST 17, 2005 Elect

477 views • 14 slides
How mobile-friendly is your organizations website? Melissa Clark VP of Project Management

How mobile-friendly is your organizations website? Melissa Clark VP of Project Management

1 How mobile-friendly is your organizations website? Melissa Clark VP of Project Management #swxmobile 2 Mobile Landscape Mobile Web Native SMS Apps 3 Mobile Optimized Web Custom Mobile Web How mobile-friendly is your

387 views • 15 slides
Tomorrows Exascale Systems: Not Just Bigger Versions of Todays Peta -Computers Thomas

Tomorrows Exascale Systems: Not Just Bigger Versions of Todays Peta -Computers Thomas

Tomorrows Exascale Systems: Not Just Bigger Versions of Todays Peta -Computers Thomas Sterling Professor of Informatics and Computing, Indiana University Chief Scientist and Associate Director Center for Research in Extreme Scale

596 views • 22 slides
The Bio-chemical Information Processing Metaphor as a Programming Paradigm for Organic Computing

The Bio-chemical Information Processing Metaphor as a Programming Paradigm for Organic Computing

The Bio-chemical Information Processing Metaphor as a Programming Paradigm for Organic Computing (CHEMORG III) Gabi Escuela, Peter Kreyig, and Peter Dittrich Friedrich-Schiller-University Jena, Department of Mathematics and Computer Science,

1.06k views • 39 slides
Lessons from Building a Visualization Toolkit for Massively Threaded Architectures Robert

Lessons from Building a Visualization Toolkit for Massively Threaded Architectures Robert

Lessons from Building a Visualization Toolkit for Massively Threaded Architectures Robert Maynard Principal Engineer, Kitware This research was supported by the Exascale Computing Project (17-SC-20- SC), a joint project of the U.S. Department

1.34k views • 64 slides

More recommend