Bitrix gives knowledge - all #FailOverConf materials

On April 8, the already traditional conference dedicated to the fault-tolerant and fast web, FailOverConf, took place.

As you already know, this time we decided to completely change its format. We set a goal - the widest possible coverage of the audience, which will be able to gain useful and practical knowledge. Therefore, the conference was made completely online and free. And it seems that the goal has been achieved. :) About 2,500 people attended the event.
')
And now, as we promised earlier, we are publishing all the conference materials (presentations and video).

Programming languages

“Going to Failover: how does language affect architecture and why do fault-tolerant projects choose Go?” (Alexey Naidyonov, ITooLabs) - presentation

During its very short history, the Go language has gained the most popularity among developers of distributed fault-tolerant and high-loaded systems. Why did this happen? What benefits, obvious, and not so, are Go developers? Should you choose Go for your future failover project?

In the report, I will give a brief overview of the Go language, talk about the history of its emergence and development, and give typical examples of use in the industry. I will also share the experience of operating a scalable fault-tolerant telecommunications system and talk about how and why we rewrote it on Go, and what we got in the end.



“How did Badoo switch to PHP7 and save $ 1M?” (Yuri Nasretdinov, Badoo) - presentation

- Introduction
- Experiments with HHVM
- Corrections in the kernel and extensions
- Change testing infrastructure
- Utilities and application code
- “Running into battle” and results



“Defensive Programming and Strong Typing: From Python to JavaScript” (Grigori Petrov, Voximplant) - presentation

- Microservices, errors and fault tolerance
- Why we make mistakes: complexity and Miller's wallet
- Installation of traps for errors using strong typing
- Strong typing: C #, Java, Python, PHP, Ruby, JavaScript
- Gradual Type Checking

Databases and NoSQL

"Tarantool: Use Cases" (Denis Anikin, Mail for Mail ) - presentation



"Variants of building fault-tolerant systems based on PostgreSQL" (Mikhail Kulagin, Postgres Professional) - presentation

1. Approaches to building fault-tolerant systems on the example of OpenSource MySQL and PostgreSQL DBMS
1.1. Logical and physical replication
1.2. Approaches to the construction and problems of multimaster systems
1.3. Strengths and weaknesses of each approach, the points of possible data loss

2. PostgreSQL resiliency features
2.1. Synchronous and asynchronous stream replication
2.2. Configuration features and monitoring points

3. Automating Failover Cluster Management Using the Example of Pacemaker / Corosync
4. Options for building logical replication in PostgreSQL
5. The immediate future of Postgres: current developments

Operation and monitoring

“Mail.Ru Group media projects: work days of the amusement park director” (Stanislav Mikhalsky, Mail.Ru Group) - presentation

The average daily audience of Mail.Ru media projects is approximately ten million visitors, generating approximately sixty million views. In my speech I will tell:
- about how we ensure uninterrupted work in conditions of such a high load.
- about common “bottlenecks” for all these projects, as well as about individual product and technological nuances
- about monitoring, DevOps and domino effect when using external services
- about whether there is a difference between one and ten projects in terms of resiliency, recovery and prevention,
- advantages and disadvantages of scaling and caching
- and of course a couple of tales and oddities from an eyewitness.



“Fault tolerance 99.999% do-it-yourself” (Nikolay Macievsky, WEBO Software) - presentation

I will tell you how to use the available tools to ensure maximum accessibility for web projects, and how much it can cost. I will touch upon the issues of availability and reliability of hosting, point of site failure, DNS balancing and IP Anycast. Also I will tell you how for a short time and a modest budget to guarantee the availability of 4-5 nines.



“24x7 tracking of key business scenarios on your site. Automatically " (Stepan Ovchinnikov, Intervolga) - presentation

- You need to be sure that the key scenarios of the site: main, catalog, order, basket, personal account - always work.
- It is necessary that you learn about errors before customers.
- It is necessary that such a “functional monitoring” cost cheap, and work well.

We tell the points: Problem - Solutions - Who is suitable - What can be checked - Reports - Real cases - Cost - Connection algorithm.



“Fault tolerance from the point of view of the service provider - a recipe from Acronis” (Ivan Prokhorov, Acronis) - presentation

- Why is fault tolerance important to the service provider? - What needs to be protected and from what? - 404 or 500 - how to fight? - Fast recovery - myth or reality?



“Predictive maintenance - the use of machine learning to reduce the cost of monitoring and operation. Algorithms and Technologies ” (Alexander Serbul,“ 1C-Bitrix ”) - presentation

Covering a web project with a grid of tests is not enough to prevent accidents, detect attacks and preventive response to changes in operating conditions. A new approach - analyzing metrics and preventing accidents (identifying threats) with the help of machine learning algorithms - will not only reduce the cost of ensuring fault tolerance, but also react before problems arise! Interesting - come, we will tell in simple words and we will show on examples how it works.

Fail-safe development

“Continuous Integration. Release management as it is ” (Ivan Mikheev, Agima) - presentation

The delivery process of the developed functionality is always based on compromises between delivering quickly and in order not to lose quality. Moreover, the more time spent on the deploy, the less time is left for quality. The problem is becoming more urgent with each stage of growth in production volumes. There are a variety of different methodologies and technologies designed to standardize deployment processes and releases, and in my report I want to talk about what process we have set up for ourselves and how it helped us to devote more time to quality.

- Adjustment of software delivery processes in customized web development - how to start organizing “chaos”;
- Time profit - saving time with proper deployment (in the short and long run), comparing options for manual and automated deployment using the example of our projects;
- Tools that we used at different stages of our growth: GIT, gitolite, gitlab, TeamCity etc.
- Simple, but such important hooks - how easy it is to make these technologies bring you real benefit and save the developers time;
- Automatic deployment, continuous delivery, builds and auto-tests - when you really need it, and when you can neglect it - using the example of various types of our projects;
- Previously, it was “compiled”, now it is “tested” - inadequately long delivery process - how to get rid of blocker autotests.

Backups

“Organizing backup of complex online stores” (Evgeny Potapov, Summa IT) - presentation

1. Backing up the database.
1.1. How often do backups? Than?
1.2. How to ensure the safety of "fresh data".
1.3. Fast recovery after the "human factor", accidental deletions.

2. Backup of static files, code and configuration files
2.1. Backup files - backup, sync.
2.2. Rapid recovery from large backups, pitfalls
2.3. Backup Configuration Files

3. Monitoring and verification of backups
3.1. Monitoring the process of creating backups.
3.2. Monitoring storage backups.
3.3. Test deployment of backups.

Security

“Who Protects Your Website?” (Mikhail Kondrashin, Trend Micro Russia) - presentation

Cloud technologies are the future for all IT and now you need to imagine how the protection used against traditional threats, such as remote hacking and malicious code, will fit into a new reality. Even a superficial analysis shows that traditional approaches do not work satisfactorily. It is imperative that the security provided by the cloud service provider is seamlessly docked with the company's internal security system. On the other hand, this security must take into account the specifics of the tasks that the customer solves in the cloud. Each resource transferred to the cloud must be provided with protection that is configured individually and undergo regular audits determining the current level of security. Only in this case, the transfer of the IT component to the cloud will not compromise security.



“Tempesta FW: Yet Another Web-accelerator?” (Alexander Krizhanovsky, NatSys Lab)

Tempesta FW is an open source web accelerator and firewall hybrid developed specifically for processing and filtering large amounts of HTTP traffic. Tempesta FW is built into the Linux TCP / IP stack and carries a lightweight in-memory NUMA-optimized database for storing Web cache and filtering rules. The main usage scenarios of the system are protection from the application-level DDoS and simply delivering large amounts of HTTP traffic with low hardware costs.

In the report I will tell about:
- why do we need another Web accelerator and how does it differ from Nginx, Varnish, HAProxy and even TUX and kHTTPd;
- typical use scenarios (CDN, cloud, filtering networks, etc.);
- main features (caching, load balancing, filtering);
- Frequent questions related to the implementation of the project in the OS kernel, performance and reliability;
- system requirements, examples of configurations and, just how to build and run all this.



“How to achieve an A + rating for an SSL certificate on your website and other aspects of hosting security” (Igor Cherednichenko, Rusonyx) - presentation

- The pitfalls of SSL, how not to offend anyone.
- Pros and cons of standard openssl.
- SSL raise the speed of negotiation.



“Analytical review of Internet content protection tools” (Maxim Levin, CDNvideo) - presentation

- Modern methods of theft of different content and the scale of the problem.
- The enemy will not pass: how to protect the content before it was stolen.
- Late to drink borzhom? .. How to protect the content after it was stolen.
- Do not touch the exhibits! Methods of protection of graphic content.
- Melodies and rhythms of modern pirates. Methods of protection of audio content.
- And now - slides! Methods of video content protection.



“Web application security 101 or an introduction for non-information security professionals” (Denis Bezkorovainy, Cloud Security Alliance) - presentation

- Who and how attacks web applications and what it is worth defending.
- Web application security audit - what to choose? Static code analysis and dynamic analysis of web applications - the pros and cons, the scope.
- Systems of active protection of web applications - typology, deployment options, scope.
- Security monitoring and attack detection.
- Plan of response to attacks and incidents, corrective measures, practical recommendations.

Performance

“How we made Cyber ​​Monday” (Alex von Rosen, 220 Volt Group of Companies) - presentation

- What to do if today you learned that in a month and a half you need to launch a highload project.
- Highload-team.
- Highload playground.
- How to run and not fall.
- What to do next.



* * *

Like, cher, retweet! :) And - see you next year!