Get best of the week

Client-server architecture in pictures



A familiar picture? But you are constantly confronted with this architecture - when you buy a movie ticket online, book a ticket to the sea or make an appointment with a doctor.

On the client-server architecture all sites and Internet services are built. It is also used by desktop programs that transmit data over the Internet. Therefore, IT professionals need to understand what it is and how it works.

I will talk about this in the article. I’ll explain on fingers, with examples and funny pictures =) If you like video format more, you can watch my youtube video on the same topic.

Content




What is it and how it works


Here we have a certain Vasya who decided to buy a car. Such as in advertising - fast, powerful, beautiful! She just stands like the tail of an airplane, Vasya does not have that kind of money.



Of course, Vasya can dig up for several years, and then buy a car. But you want to here and now! Yes, and a vehicle is needed ...

And Vasya does not know how to save - received a salary, bought the main one, paid for housing, that's all! The rest can be spent. For such people, there are banks where you can come and take money on credit.



Of course, then you will overpay, returning them back. Interest is horse. But now you can already afford to buy something expensive.

Vasya thought, estimated and said:

- Yes, I want it that way! I can pay 100 rubles from my salary to the bank, but I can’t save it. I will spend it.

Therefore, Vasya goes to the bank and says:

- I am Vasily Ivanov, I want a car loan for 1000 rubles.



Clerk Katya has to check his credit history. Suddenly he can’t be given a loan, does he have a bad story? Maybe he already scored 10 credits and not one pays? Or maybe he is a terrorist at all ?! It is necessary to check that the operators do not know black lists by heart.



Katya has a special program for checking customer data. This program can be either web or desktop:

  • Web - open in browser like google or facebook
  • Desktop - on a computer, like a word or calculator

It doesn’t matter if Katya is looking at the browser or just at the program. In any case, it will be a client. The client is your application. The one with which our operator is working.



Katya drives the program “Vasily Ivanov” and receives information on the client - is he on the black lists? Was there a credit history before? Etc. But what happens in the giblets of the application?



Katya entered the data on the client. But when she clicked "check", the client sent a request to the server:

- Give me information on Vasya Ivanov!



The server sent a request to the database, database:

- Select * from clients where fio = 'Vasily Ivanov'. (Give me all the information on the name 'Vasily Ivanov')



The base replied:

- Here you have everything I found.



The server returned this information to the client:



And the client has already drawn it for Katya:



Katya looks:

- Yeah, the credit history is good.



And he proposes to Vasya:

- Please, if you want to take a loan, we are ready to allocate 1000 rubles for 12 years at 80% per annum. Arranged?



Vasya is pleased:

- Yes, everything suits me, give me more money, and I ran after the car!
Everyone is happy, everyone is happy.



Katya doesn’t even know which way the data in the program did when she drove her client’s full name there. But you and I must find out what kind of a path this is. And why all these difficulties? Why such a structure? Why is there a client, why is there a server?


Why do I need a client



Everything is simple here - the user is working with the client. It is needed to turn the bytes of the program code into a beautiful and understandable picture. The user is not a programmer, he does not understand the programming language or sql. He understands molds and buttons. We draw them in the client.




Why do we need a server



He is more powerful. There

can be many Clients. In the example with the bank, we can have 10 branches in 10 cities of Russia, and each branch has 10 operation agents. One thousand Katek, and each has a separate computer.



But we want the application to work quickly. So that it does not stupid and does not freeze, unnerving the operator and making the client wait. So, the car needs a powerful one. But if every operator’s computer is made powerful, you will have to invest a lot of money!

Therefore, we transfer all the basic logic to the server. And now we are doing it powerful! And client machines can be cheap, because they have only logic in the style of “request information and beautifully render”.


No code duplication

If we had only client machines, each of them would have the same logic processing code, the entire database, all the terrorist directories and so on. But since the server and the database are placed in separate links, a lot of space is freed from the client machine ... And the code.

No need to duplicate the code, because all the main logic is taken out to a more powerful server.




This is safer.

On the server and in the database information is stored that is inaccessible to a simple operator. It:

  • Customer data
  • Information about his finances
  • Bank blacklists
  • ...

Why show this information to everyone and everyone? The operator sees only her interface. I drove a full name - I got an answer whether to give a loan or not. All. She doesn't need anything else.

There are clerks who are ready to merge customer information for denyushki. There are dishonest people who are ready to accidentally look over their shoulders. Or maybe the client himself is such a person. Imagine, Vasya shoves the fragile Katya, sits down at her computer, and transfers millions to her account until it is tied up by guards.




Why do we need a base


What does the database have to do with it? Here we have our server, even if it stores all the information. It happens, sometimes the database is simply not needed and we still have a two-tier client-server architecture.



In this case, the server stores all the data in memory. But only if the server crashes, or just reboots, all information will be lost. Everything that was in memory is erased when the system is turned off.

DB (database) - a separate software product that allows you to:

  • Quickly fetch information
  • save information even when restarting the system.

That is, if the network suddenly disappears, the base freezes, the machine with the base reboots, or something else happens, our changes will not be lost. This is called persistence. It is achieved through transactions that roll back when something goes wrong. But in this article we will not delve into this topic))

Yes, there may not be a base. But when it is, we are confident in the safety of data and can easily search for it.




Architecture advantages


We summarize the advantages of architecture:

  1. A powerful server is cheaper than 100+ powerful client machines - if we want the application to not slow down, we need a good machine. You will have one. Or a few, if the load is large, but clearly less than the number of customers.
  2. — , « » « , 100 ».
  3. — . , .



One link has

fallen - everyone is resting. If the server has fallen or the base has fallen off, that is, one link has deteriorated - everything, everyone is in a stupor, everyone is resting. Hundreds, thousands, and even millions of customers, if any, no one can work. All the operation officers are sadly looking at the window “Sorry, something went wrong” and shrug their hands in front of the client.



That is why in business critical software the architecture is complicated and even duplicated. A bank with thousands of tellers cannot afford a downtime. Therefore, they use a server cluster - one fell, the rest work.



How then does the client understand where to send the request to him?

A balancer is placed in front of the servers, and the client sends a request there. No matter how many servers are put in the cluster, the client is not interested. It has one URL - the address of the balancer.



And now the client receives a request:

- Give me all the information on Vasya Ivanov.

The balancer says:

- Guys, a new request! Who is less loaded?



First server:

- I have 5 requests in the queue.

Second:

- And I have 2. The

balancer sends a request to the second server.



Such a scheme is used for a highly loaded application - when there are so many requests that one server simply can not cope with them.

Facebook, amazon, google - millions of users go there. One server cannot handle them. Therefore, they put a cluster, and the balancer shares the load between them. And in this case, in the cluster there may be not 2 servers, but 10, 15, as long as we need, we set as many.



In doing so, we can balance the database in the same way. We can have several copies of the databases on a variety of machines, and the balancer sends requests to either one or the other.



This scheme is called hot standby - when we have several servers running in parallel, and the balancer distributes the load between them.

There may also be a cold reserve scheme - when our second server is a backup “just in case”. All requests go to the first server, the second rests.



But if something happens to the first server and it dies, the balancer will redirect the load to the second server:





At this time, administrators will have time to deal with the problem on server 1.

The cold reserve scheme is used when one server is able to withstand the load and give a good speed. But the application is business critical and simple unacceptable.

It can be simple not only because something bad happened. There is also a regular application update. Both backup schemes allow you to upgrade painlessly. If there are two servers in the cluster, the update will look like this:

  1. Redirect all the load to server 2
  2. Stop server 1
  3. Updating server 1
  4. We launch it and direct the entire load on it
  5. Stop server 2
  6. Update it
  7. We launch
  8. Divide the load again (if it's a hot reserve)

That is, the application does not stop working at all!

Thus, redundancy schemes help us eliminate the problem of "1 link has fallen - everyone is resting." The client will never know that one or more servers in the cluster are dead, everything has worked for him, and it works.





High cost

Server equipment is expensive. There you can not put a regular SSD for a home computer. Why? Because hardware requirements for servers are completely different for hardware + there is support for specific functions:

- HDD has a special controller firmware, which is optimized for disk operation in RAID, this is not necessary at home.

- SSD has the presence of a group of capacitors that store energy in case of power failure, so that there is enough time to throw data from the DDR cache into non-volatile memory and the data does not break.

SSD - a fast-working disk, HDD - normal. RAID - when we connected N disks together, and the DDR cache is RAM

Plus, server solutions usually have a much longer warranty: 5 years, not a year.




For the price they differ by 2 times. For example, SSD:

  • for a home gigabyte costs 16.53r
  • for a server enterprise gig costs 32 rubles

Figures for December 2019. This is if not branded iron to take, but from the manufacturer.

It seems not much different, right? But the point is that for a house 1 TB is enough for the eyes - and everything will fit in photos, and movies, and a bunch of applications ... And sometimes 10 TB will be not enough for a database. And if you make a cluster, then we multiply the cost by 2, if not more. Therefore, the price difference seems huge, but when converted to gigabytes, a small one comes out.

Do not forget that at home you just need to keep your photos, and even those are usually in the cloud. And on the server is a business-critical functionality that eats up dofig of resources and which must be duplicated in case "suddenly the first dies."


Need to hire a system administratorツ

We need to hire a system administrator who will monitor all our application servers and databases. Add his salary to the cost of equipment!



What to test


To understand what to test, you need to understand what a person is dealing with.

The user is working with a client. It can be a web or desktop application, not the point. The operator Kate was given a workplace, they showed which program to run and how to work with it. She does not know about the availability of servers and databases, she works only with the client.



Therefore, the tester first checks the client! Because the server can work perfectly, you can even write tests at the API level and they will all be green, and it seems that everyone is hurt! And the user will download the report and see the error. Oh.

The server is running, an error has occurred on the client. And do not care about hundreds of "green" autotests. The user still has an error. And our task is to look from his point of view.



However, if you have access to the application server and its database - it is worth checking them too! So we can see the "future bug". For instance:

  • We saved the product card - the system draws it and says that everything is fine. Everything is fine on the client!
  • We checked the database - and there part of the fields remained empty, the developer incorrectly indicated the name of the field in the database. And the information was lost.

What the user now sees in the client is just a cache, "what I entered is what I display." If you do not check the database, such a problem may not even open up right away. The user opens the product card - some of the fields are not filled:

- Well, probably they were not filled.

And they were filled! Just saving crookedly worked. Therefore, if we only have a black box, then we need to check, "Is the data really saved?" Saved? Open the card in a new window or call the information through the API method.

If you have access to the database - just check on it that everything is fine. If you have access to server logs, check them for errors.



In addition to ordinary users, there are evil people who try to stick into our application and steal money / data. They do not use a client or server - they do not have access there. They try to intercept data from the client to the server, or from the server to the database.



Well, if bad people can do this, then the tester must be able to do it too! Because the tester provides information about our product.



The tester examines the vulnerabilities and then tells the team:

- Guys, so I checked, we have such and such potential holes. Let's think about whether we need to close them somehow or not.

That is not the fact that they will fix the problem. Maybe you have a non-critical application - the data will not leak, you do not store money. Then nobody will bother once again, because testing for security is expensive, there are few specialists.

But some basic checks like sql injections or XSS attacks are worth exploring and checking on your application. At least to understand their criticality. After all, if the attack breaks the client - well, let himself be Pinocchio. And if the attack puts the server, it is not very good. And one must at least know what it happens from.


Total




The client is the program with which the user works. He doesn’t know whether this is the whole program on his computer, or somewhere a server with a base or even a whole RAID is hiding behind it. It works in a browser or with a desktop application. And all he needs to know is where to poke.

The client does not need a lot of memory, disk space and other resources. Therefore, jobs are relatively cheap. And this is exactly what we need, especially if we need to purchase equipment for thousands of bank operating officers.

Server - a computer on which the application itself is stored. All code, all logic, all additional materials and reference books. For example, the FIAS address directory or the legal entities directory of the register of legal entities - they also occupy a place, both on their own and in the application memory.

Sometimes they say “application server” and “database server”. This is normal, because in fact the server is just a machine, a computer. And the database and application server are usually stored on different machines, for the sake of security. In this case, if they say "application server" - we are talking about the second link of our scheme.

Applications are very different. There are resource-intensive, they need a lot of memory and disk space. There are "lungs" that can be deployed even on a home computer.

DB (database) - data warehouse. Here you can easily search for information + are sure that it will remain, even if something breaks in the application.

How much space is needed for the database depends on the amount of data. There are huge bases in banks, where 1tb will be few. And there are very small ones that you can install on your machine. For instance,XAMPP can be supplied. And it’s unlikely that you cram so much data into it that you won’t have a place for them.

There may not be a separate base, then the structure will become two-tier: client-server. And that’s all!

The scheme is conditional, in real life we ​​will at least have more customers. And if the application is heavily loaded, then there will be several servers and several databases:



PS - look for more useful articles in my blog under the tag “useful”

More articles:


All Articles