Any patterns for high availability of a Windows Service? - windows

Situation
I have a windows service which I would like to make highly available.
I have two unclustered servers (Windows server 2003 standard edition).
The question is:
What options do I have to make my service highly available in an automated way?
I can think of the asymmetric master-slave option which consists of keeping the service running on both machines with a communication heartbeat between them so one acts as the master and the slave takes over automatically whenever the master does not respond.
Do you know any other ways to implement this?
note: Please don't point me to this answer, I do NOT/won't/can't have clusters.

If you're windows service is hosting a web/wcf service, you can configure your client to have a primary service url and a secondary service url. Then you can modify the client connection logic to use the secondary service when connection to the primary service fails.
You can do this transparently by adding a router service which will do the logic above. Basically proxying the operations for whichever service it is connected to. But this adds another point of failure, the router service.
The simplest i cant think of is to make sure to set the service recovery options on your windows service/s. Something like this http://code.google.com/p/daemoniq/wiki/WindowsServiceRecoveryOptions
HTH

I suggest checking MS Patterns and Practices web site, there you could find advice on this topic (for example http://msdn.microsoft.com/en-us/library/ms998414.aspx)

Related

Deploying an Internal API

I basically have an API that is going to be used with a web app and a mobile app. I don't want the API to publically available, where should I deploy it then? is there a way without using AWS? Thanks, Nav :)
There are multiple ways of doing this. This is a sensitive topic, as this is an opinion-based field.
However, I will try to answer below - and challange your way of approaching this.
It really depends on your 'operational' skills, funds, need for security, deadline(s) etc.
Basically you need to make an endpoint available on the www, without everybody being able to connect.
You could either:
Deploy a virtual machine or web app. in Azure/AWS/GCP/... and whitelist the IP's you need to connect from.
Rent a VPS from any provider, and deploy your application here - Again, whitelisting. (Edit: Not phones, since this IP changes constantly. A proxy can be implemented here (potential bottleneck), or any authentication mechanism like OAuth, JWT, Certificates etc. can be implemented either on the ingress controller (e.g. NGINX) or the application itself.)
Deploy the application on your Home-PC, order a static IP to your home and make a forwarded port and set up security on your premise (not recommended, and raises and bunch of other headaches)
Get in touch with a company that hosts web applications (Can be quite expensive)
Based on the limited information provided in your question, there is a ton of options, nice-2-haves and factors that comes in to play when choosing the setup that suits your needs.
You should also consider; VPN usage, Backup/disaster recovery, data leaks, redundancy, the need for future deploys, how you would access your environment in six months....
I hope this answered your question, but also raised a few for you to answer yourself.
Finally, I'd recommend you looking for inspiration here.
EDIT:
Question:
Whitelisting mobile IP's.
VPS selected.
Answer:
This becomes quite a task when mobile phones tend to change IP's frequently.
Since you are looking further into the VPS setup, you are more in control of the setup and can choose to look into OAuth and JWT.
Links:
OAuth - https://oauth.net/getting-started/ https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps
NGINX JWT - https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-jwt-authentication/
So - At the end of the day, you can make your app use a proxy (potential bottleneck) and whitelist this IP, or make the endpoint open (any -> 443) and implement an authentication mechanism like the ones mentioned above.
Consider implementing a DMZ zone for incoming traffic from the web.
https://en.wikipedia.org/wiki/DMZ_(computing)
and put your application behind this zone, making sure that the only the DMZ zone is facing the internet, and the server hosting your application is talking to the server in the DMZ.
Again, this is quite a big topic and is hard to simplify to a stackoverflow post.
If you are hosting the app on AWS you have a couple of options.
API Gateway now supports private endpoints. These endpoints can not be called via the public internet. That means if your app is hosted on AWS only the internal services of the app can call the end point. i.e. front end to database etc. I've used this method for internal micro services such as placing in house app data onto kinesis streams.
Alternatively, if you don't want to use API Gateway you have lots of options. Most of which would involve you creating rest APIs from where ever you plan on hosting your code. This could be on the server it's self or some sort of container.
API Gateway Private Endpoint Reference:
https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/

Microservices. What is difference between Service registry and service discovery

I am new to Microservices. I came across terms Service registry and service discovery.
What I understood is when a new service (or service instance) comes up, then it will register itself with the "service registry". It is also mentioned that the client can contact a service registry and get the list of IP-ports where that service is available.
In that case, what is the role of "service discovery".
Edit
Accepted answer. Also, more theoretical details were found https://www.nginx.com/blog/service-discovery-in-a-microservices-architecture/
End to end process of registering services to a central place and reaching out to target service using service registry is service discovery.
This is pretty much like using DNS for finding IP address of a site and then reaching that site using the IP address.
I am a user of Kubernetes and it also talks on similar lines:
https://kubernetes.io/docs/concepts/services-networking/service/#discovering-services
In short, service discovery is not a module with the specific role but the steps involved in connecting from serviceA to serviceB end-to-end.
t;dr: Service Discovery is used when the client doesn't know what service they want at first, so they start by asking for a list of services that are available.
Disclaimer: I suspect that the term is used in different ways by different systems. So take the textbook answer I give here with a grain of salt.
In general, service registry systems follow a Broker Pattern (or something similar), and fall into two categories:
White-pages brokering: clients know exactly what service they're looking for and ask for it by name
Yellow-pages brokering: clients know what kind of service they need performed, but they don't know the exact service that they want
Both systems connect clients to services, and both involve services that use a Register Pattern to enter themselves into the registry.
But yellow-pages systems require a preliminary Service Discovery step. In the Service Discovery pattern,
The client first asks for a list of services from the broker.
The client selects a service from the list.
The client requests a connection to a service from the list.
Image source: Hasan Gomaa, Software Modeling & Design (Cambriduge University Press, 2011), p. 283.

WSO2 ESB proxy service on Windows

i'm using the WSO2 ESB to integrate several services on the Windows virtual machine.
I used the simple proxy to map the services deployed on it. But the problem is what i can't access them from outside it nevetheless the port 8280 where services are deployed is open for internet, but i can see only blank page instead. What could be wrong?
Another question is i was trying to map the WSO2 ESB management console itself to be availbe from outside the machine using simple proxy, and i'm failed, it loads me the this is what i see on trying the service.
Could you please give me a hint on how to resolve this issue? is it possible to share the esb mgmt console using the ESB itself?
Thanks a lot in advance,
Do u have proxy in the middle? It looks like on screenshot webpage missing all pictures, meanwhile css was loaded successfully.
Another question which kind of virtual machine u use? For example in virtualbox by default virtual machine behind NAT.
I wasn't able to connect to server on virtual machine from host only opposite way server on host available in virtual machine.
To make server in virtual machine available on host need to configure network as bridge.
Not sure if it helps, but I think I had a similar problem in our corporate network after I applied all the security patches (poodle,Diffie-Hellman etc.). I had to configure the addresses in catalina.xml (if i remember right) that are/under which allowed to access the admin console. Cannot tell you more details because I'm on holiday :-)
Maybe it's worth to give it a try.
Another example from real life. HTTP Response from external resource was application/json, status of response 200 OK. ESB configured to use
<messageFormatter contentType="application/json"
class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
but content was simple text/plain.
During parsing body of http response exception was thrown and just silently was written to log, without any fault message processing. Just empty response to client.
To clarify that services reachable, there is echo service by default on server, which respond content equal to request. Try to use it.
was trying to map the WSO2 ESB management console itself to be availbe
from outside the machine using simple proxy
By default the management console tries to enforce the port 9443 for dynamic links (JSP) pages. That's why you see only part of the pages and you shouldn't be able to log on.
what you can do is edit the repository/conf/tomcat/catalina-server.xml and to the Connector running the port 9443 you can add an attribute proxyPort="443", the carbon console will be happy to run on 443.
For the services, my educated guess would be on the firewall / network rules, however without other information I cannot answer (or - they are working, just you may not try to access them by simple browser request)

Accessing WSO2 ESB, GREG and AS from external machine

I worked over the last weeks with wso2 products using some of the tutorials which were posted on the wso2 site.
Unfortunately I only found tutorials, where all the products run on the same machine.
What do I have to do, if I want to run the products on different machines. I want a configuration where:
- ESB runs on machine 1
- AS and GREG run onmachine 2
- Proxy-services in the ESB or a web servcie in AS are invoked from machine 3
I run these examples on some macs, I think the main problem are the ports which are used. Can somebody help me with the configuration?
Can you elaborate your configurarion problem?
With this configuration you have to be sure that from one server you can ping the another servers and that in each server you have the ports 9443 and 9763 (by default) open to the network. this is the only requirement you need.
What you are trying is nothing new. In a typical production deployment each of the servers run in their own physical/virtual machines.
when you are calling a service, you calling an endpoint uniquely identified by IP address:port/contextPath
If the setup is in the same local machine the IP address would be 'localhost'.
First you have to learn the tcp/ip basics, the question is not related to wso2 servers IMHO.

Windows hosting environment for application instances?

My team has developed a server application, each customer has its own instance of the server application that is hosted locally within our data center. The applications opens a number of TCP, UDP, SIP and RTP connections used by remote clients.
I have some questions regarding hosting of the server instances, in the current situation we make use of exe-files that are executed via a self-developed "Host Controller" using the System.Diagnostics.Process namespace to run the instances.
The reason for this is that individual instances of the application shall not affect other instances in the event of crashes, etc.
Is this a good choice of hosting? Is there any kind of infrastructure for hosting these applications similar to IIS, or can I also host these applications in IIS?
I am looking for a more stable hosting solution for those server applications, I've been looking for previous threads on the subject but does not find any good answers. The company wants to host the applications locally so a cloud-based solution is not the right answer here.
All answers are gratefully received, thanks in advance!
Looking at your question, I believe that you already have a hosting server in your data center. What you're asking is ... your development method like creating a separate instances for each remote connection is suitable or not? Am I right? Or you need help to find out a correct type of hosting (VPS, Reseller, Cloud or Dedicated) for this ?
I believe that separating instances from each other is a very good idea ... but it will increase the load on the server.

Resources