Hi everyone! I’m Kix Panganiban, Platform Engineer at Altitude Games. Last September 24, Amazon Web Services (along with AWS User Group Philippines, Altitude Games, and Quickfire Games) held a meetup at A-Space. We shared techniques to leverage cloud services in building great web apps and games. Here’s the recap of the insights shared by the speakers.
Putting your server in the cloud
Altitude Games’ Platform Engineer, Kevinsky (Sky) Dy, talked about the advantages of using Infrastructure-as-a-Service (IaaS) providers in deploying the backbone of your app. Back in the day, owning a server meant having to manually handle infrastructure hardware: lay out network cables, set up an internet connection, and install operating systems. And that was just the beginning of a long and arduous setup process. Whereas nowadays, all it takes are a few clicks and anyone can build a production-ready data center in minutes, with providers such as Amazon Web Services (AWS), Heroku, and Microsoft Azure
Sky explained the importance of making your servers redundant and highly available, ensuring they are always online so you can access data and services on demand. If your server is located in an area that suddenly experiences a power interruption, chances are your data will be inaccessible. This means you’re not going to earn the revenue that you should have been earning during the downtime. Luckily, IaaS providers also often come with high availability options. For example, AWS offers Availability Zones – making your servers accessible from multiple places. So if a server goes down in one area, its replicas in other zones will kick in to take its place.
Finally, Sky used Altitude’s own stack as an example: RESTful Python-Django powered API’s residing on AWS Elastic Cloud Compute (EC2) servers, backed by an AWS Relational Database Service (RDS), and an AWS Elasticache. Altitude’s stack also utilizes CloudWatch and Push Notification Service (called SNS) for centralized logging.
Securing your IT infrastructure
Isaac Sabas of Pandora Security Labs explained what it means to have a truly secure infrastructure. By definition, a secure server means your data has Confidentiality, Integrity, and Availability (CIA). Using bank accounts as an example, only you should have access to account details (confidentiality), your bank statement should be accurate (integrity), and you can access your account when you need it (availability). You should properly identify which parts of your infrastructure are the asset, network, application, and data, and apply the CIA principles on each of them.
Security is divided into three important dimensions: defensive, offensive, and administrative. Defensive security involves a principle called threat intelligence, which helps you identify against which threats to protect your system. For example, web applications are commonly vulnerable against SQL injection attacks, and could easily be defended with proper threat intelligence. Offensive security involves penetration testing, or launching attacks on your own system to study how well it holds. And finally, administrative defense is simply knowing which people are best assigned to which roles, and which roles are best active in either defensive or offensive security.
Making machines do the heavy lifting
Tim Dumol of Kalibrr shared the importance of automation in creating a robust and highly scalable infrastructure. More than the convenience of making the machine do heavy and mundane tasks, Tim pointed out that automation is important in getting your system back on its feet in case crap happens.
Linters such as PyLint, JsLint, and RuboCop are handy tools in introspecting your code for errors even before compiling and building your application. Continuous Integration (CI) tools such as Travis and Jenkins are great for automatically initializing a build after every push of your code, making it easier to focus on writing your code instead of worrying about what comes next.
It’s also crucial to ensure that software and code that run on your development machines and in production are exactly the same. Differently-versioned software on each environment introduces the risk of having configurations available on one environment, and not on the other. Tools such as Vagrant and Ansible help solve this problem by ensuring that code and software are the same on all machines, including your laptop and your servers.
Kalibrr’s tech stack is available at StackShare.io. You can find out more about Kalibrr by visiting https://www.kalibrr.com/
Accelerating application delivery
White Widget CEO and CTO Andrea Levinge focused on the highly popular HTTP server nginx (pronounced engine x). Andrea compared it to its much older and arguably more popular competitor, Apache, using a chess grandmaster analogy. Individual HTTP requests are opponents with their own chess boards, lined up in a long queue in front of the grandmaster. Apache handles such opponents by going to one of them, making its move on the board, and waiting for the opponent to make their move… and so on until the game ends. This type of process is blocking: all other opponents (requests) have to wait in line until the grandmaster (Apache) finishes the game. Blocking processes are resource-expensive, making it much harder for a server to scale.
nginx, on the other hand, tackles this problem using a different approach. It doesn’t wait for opponents to make a move before moving on to the next. Instead, it makes a move soon as an opponent finishes making theirs, effectively responding to requests as they arrive. This makes nginx event-driven: easily scaling up by spawning worker processes as demand increases, and effectively allowing it to make moves on as many available boards as possible.
Finally, Andrea pointed out that nginx can also act as a reverse-proxy and load balancer, allowing you to distribute back-end workload on various application servers while keeping it virtually invisible to the clients. It also natively supports FLV and Mpeg-4 streaming, two of the most common media types on the internet, making it a more efficient choice for streaming. nginx Plus (the paid version) offers native content caching support, as well as advanced monitoring and health check features.
Overall, it was a very informative night attended by different sectors of the industry. Everybody went home with new insights, new tools in their arsenals, and bellies full of pizza. See you again next time!