Everybody’s Gone Surfin’, Surfin’ WWW
From the keystrokes of typing a URL, to seeing the page flash across your screen, the flow of information is expansive and swift.
For this journey, it starts with DNS, or the Domain Name System. This is a hierarchical and decentralized naming system for items connected to a private network, or to the Internet. This means the hardware and software that is made available to a network is organized into a structure and allocated to various locations or individuals using that network. It’s the complete antithesis of centralized systems, where the majority of functions are carried out by one centralized location. The DNS server communicates to the Internet using a trade of information; The provided URL that requests the hosting server’s IP and the return of that address. This trade of information refers to TCP/IP, or Transmission Control Protocol/Internet Protocol, a standardized set of rules that allow computers to communicate on a network, whether it be a private network, or communications on the Internet.
The next step along the journey is the load balancer, where the distribution of application traffic occurs. Having this hardware, whether virtual or not, allows communication between different servers to create an improved user capacity and ensure more reliability for applications. For instance, if maintenance is needed, there’s a structure in place to accommodate users already within the site. Upon accessing the load balancer, a firewall occurs and the first defense of network security is met.
The firewall monitors incoming and outgoing network traffic through three different ways. The first way is through a Packet-Filtering Firewall, where validation is based on a myriad of parameters, whether it be IP addresses, port numbers, Differentiate Services Code Point (DSCP), type of service (ToS), and even parameters with the IP header. This is accomplished using Access Control Lists (ACL) that match criteria to either permit or deny access. The second way pertains to Open System Interconnection (OSI), a seven layered model featured in the above diagram, where specific functions occur within specific layers and accomplish specific tasks to create a whole unit. For the implementation of the Application/Proxy Firewall, the work is done on layer 7, or the application layer and a proxy is used on behalf of the client. To put it simply, the user’s request goes to the firewall and the firewall acts for the user. Lastly there is the Reverse-Proxy Firewall where like the previous a proxy is used, but instead it’s used to protect the servers instead of the clients. One advantage to note is the use of Secure Sockets Layer (SSL) termination, where the application server isn’t burdened like it can become in the Application/Proxy Firewall. A benefit of this is the ability to decrypt a plain-text format of the traffic that occurred.
It’s upon this point that we encounter HTTPS/SSL termination. Hypertext Transfer Protocol Secure (HTTPS) refers to encrypted HTTP data transferred over a secure connection and the previously mentioned Secure Socket Layer refers to the encrypting process that occurs to prevent eavesdropping. While most know SSL from their certificates on online shopping checkout windows, SSL is used in securing many other Internet protocols, such as email. Since the implementation of SSL in 1995, what started as 40-bit encryption has now been updated to a 128-bit and higher encryption for a protocol standard, echoing the ever growing need for online security.
From this point the load balancer will route traffic between however many web servers are linked within the system. Each web server has a very similar setup, starting with the use of a firewall. As mentioned before, these firewalls add another layer to security by protecting that particular web server being used. Once the request is validated, the web servers communicate in this example by using MySQL (“My” for the co-founder’s daughter and “SQL” for Structured Query Language) as an open-source relational database management system (RDBMS) used for creating, modifying and extracting data, as well as control user access through a Master Slave relationship. This communication between servers is done by assigning a master MySQL database server to communicate with any slave MySQL database servers by automatically copying data and distributing it along the server network. For each of these MySQL databases, an application server is used to run the necessary applications in the appropriate environment. As well as running web applications, application servers are used in distributing and monitoring software updates as well as many more uses. For any system monitoring, the server containing the master MySQL database is communicated with and any updates can be administered through the parameters of the existing Master Slave relationship. It is worth noting that although MySQL is just one available option for anyone building a database server, there are many other options, both free and behind a paywall, that can work well within many different systems.
Once this part is reached and the user is able to communicate with the database, it’s time to bring it all back, display the contents and allow the user to enjoy the features of the given application. Although there are many different applications and ways to implement servers, the growing need for secure connections and organized structures will lend its hand into even more elaborate systems. In order to properly protect all the hard work that goes into the technical advancements made and yet to come, a complete understanding of the system layout is necessary. The Internet has proven itself to be an ever expanding labyrinth of data and with the tremendous strides already made, it’s safe to say we’ve only just begun.
— — — Written by Kathleen McKiernan for Holberton New Haven — — —