# Introduction

Distributed systems should be designed to function correctly in ALL circumstances. If server updates to a new version, can the client still work?

Distributed system models helps in

* classifying and understanding different implementations
* identifying their weaknesses and their strengths
* crafting new systems out of pre-validated building blocks

The structure and organization of systems and the relationship among their components should be designed with the following goals in mind:

* To cover the widest possible range of circumstances
* To cope with possible difficulties and threats
* To meet the current and possibly the future demands

Architectural models provide both a pragmatic starting point and a conceptual view to address these challenges. Depending upon the functionality and requirement you have to choose the right architecture and right model.

## Challenges

* Widely varying models
    * High variation of workload(request variance), partial disconnection of components(wireless network client, whose responsibility to handle this and what kind of protocol to use) or poor connection.
    * Solution: The structure and the organization of systems allow for distribution of workloads, redundant services and high availability
* Wide range of system environments
    * Heterogeneous hardware, operating systems, network and performance. Web looks different on PC and mobile phone.
    * Solution: A flexible and modular structure allows for implementing different solutions for different hardware, OS and networks.
* Internal problems
    * Non synchronized clocks, conflicting updates, various hardware and software failures
    * Solution: The relationship between components and the patterns of interaction can resolve concurrency issues, while structure and organization of components can support fail over mechanisms. We want to have error handling and logs which can help to fix a problem
* External problems
    * Attacks on data integrity, secrecy and denial of service
    * Security has to be built into the infrastructure and it is fundamental for shaping the relationship between components
    
This is the reason why we need all of these models.

# Physical Models

It is a representation of the underlying hardware elements of a DS that abstracts away specific details of the computer/networking technologies. Physically where do we place the servers to realize disaster recovery.

The baseline model is a small set of nodes. They can be in the same building or different buildings.

Three Generations of DSs

* Early DSs[70-80s]: LAN-based, 10-100 nodes
* Internet-scale DSs[early 90-2005]: Clusters, grids, P2P
* Contemporary DSs: dynamic nodes in **mobile systems** that offer location-aware services, **Clouds** with resource pools offering services on pay-as-you-go basis

# Architectural Models

An architectural model of a distributed system is concerned with the placement of its parts and relationship between them.

* Client-Server(CS)(master-slave model, not that scalable, but easy to implement) and peer process models(highly scalable)
* CS can be modified by:
    * The partitioning of data/replication at cooperative servers
    * The caching of data by proxy servers or clients
    * The use of mobile code(travel across internet) and mobile agents
    * The requirements to add or remove mobile devices
    
The architecture of a system is its structure in terms of separately specified components. Its goal is to meet present and likely future demands. Major concerns are making the system reliable, manageable, adaptable and cost-efficient.

Architectural models simplifies and abstracts the functions of individual components. The placement of the components across a network of computers define patterns for the distribution of data and workloads. (Google can have proxy servers in different countries). It also concerns the interrelationship between the components i.e., functional roles and the patterns of communication between them.

An initial simplification is achieved by classifying processes as:

* Server processes
* Client processes
* Peer processes(cooperate and communicate in a symmetric manner to perform a task)

## Software Architecture and Layers

The term software architecture referred:

* Originally to the structure of software as layers or modules in a single computer
* More recently in terms of services offered and requested between processes in the same or different computers

Breaking up the complexity of systems by designing them through layers and services

* Layer: a group of related functional components
* Service: functionality provided to the next layer

For example, from bottom to top layer, there maybe security layer, messaging layer and GUI layer.

<img src="img/img12.png" width="400">

A networked computer operating system is a perfect example of this layering. User’s interact with applications and services using the GUI or CLI(command-line). Applications and services depend on middleware and OS functions to do anything useful (RPC/RMI/TCP+IP). Middleware/OS access the hardware and network links directly to send and receive information.

### Platform

The lowest hardware and software layers are often referred to as a platform for distributed systems and applications.(This includes network, computing system, OS) The low-level layers provide services to the layers above them, which are implemented independently in each computer.

Major example:

* Intel x86/Windows
* Intel x86/Linux
* Intel x86/Solaris
* SPARC/SunOS
* PowerPC/MacOS

Even thought these platforms are reasonably disparate (Unix, Windows) & (x86, PPC, SPARC) they still have a core set of services and middleware in common. This is essential to enable these platforms to communicate, interoperate and collaborate together with minimal effort. We don't want to be converting between little endian/big endian or have to care about the specifics of each platform at the higher level.

### Middleware

A layer of software whose purpose is to mask heterogeneity present in distributed systems and to provide a convenient programming model to application developers.

Major examples:

* Sun RPC(Remote Procedure Call, available on most Unix platform)
* OMG CORBA(Common Object Request Broker Architecture)
* Sun Java RMI(available on any platform there is a compliant JVM install)
* Microsoft .NET(It is becoming a standard, and is available for Windows/Linux/MacOS)
* Google AppEngine(you only focus on logic, no need to worry about low-level implementation, creating number of processes and scalability of multiple users/nodes will be taken care of)
* Microsoft Azure

## System Architecture

The most evident aspect of DS design is the division of responsibilities between system components(applications, servers, and other processes) and the placement of the components on computers in the network.

Moving some load to client (e.g. applet execution) can improve response and allow SOME disconnection access, but can be a security risk.

Moving complexity to server can reduce client requirements and lower the entry bar (e.g. server based CGI/PHP, client only needs browser)

### Client Server

<img src="img/img13.png" width="400">

Client processes interact with individual server processes in a separate computer in order to access data or resources. The server in turn may use services of other servers. A web server is often a client of file server.

Process play an role of client, server and peer. Within a physical PC, there can be many servers.

<img src="img/img14.png" width="400">

<img src="img/img15.png" width="400">

Picture above shows a typical interaction for a single threaded, monolithic client. A client requests some processing or information from a server that it needs. It waits in a blocking fashion for the reply containing the result. It is a synchronized communication.

For an asynchronized communication, rather than wait for the reply, it does something else.

Services may be implemented as several server processes in separated host computers. 

<img src="img/img16.png" width="400">

This topology is extremely common. A web site like Google serves approximately 100M searches a day. It is obviously simply not feasible to serve them from a single server. Google uses clusters containing tens of thousands of machines offering equivalent services, and you are redirected (via DNS and other means) to one of them. Can also be redirected at protocol or application level. Similar techniques can be used for Oracle databases, that are replicated over many servers to offer redundancy and performance.

### Proxy servers

<img src="img/img17.png" width="400">

A cache is a store of recently used data. 

Web proxy servers can operate at client level, at ISP level and at edge/gateway levels to improve performance and reduce communication costs for frequently accessed data. Caching can even be used for dynamic data (such as a Google search). This reduces the load on the web servers and improves the performance for end users by reducing the time taken for a dynamic request. Google uses this technique extensively! It can also lower the traffic of the Internet.

### Peer Processes

<img src="img/img18.png" width="400">

All of the processes play similar roles, interacting cooperatively as peers to perform distributed activities or computations without distinction between clients and servers. Eg, music sharing systems Napster.

* Peer model suits ad-hoc(non-generalizable) groupings of participants. Can be used very effectively.
* No central point of failure (reliable)
* No central point of control (difficult to deny service for adversaries)
* Some peers will typically contribute more than others (i.e. seed or super-peer)

### Variants of Client Server Model

#### Mobile code and Web applets

<img src="img/img19.png" width="400">

Applets downloaded to the clients give good interactive response. Mobile codes such as Applets are potential security threat, so the browser gives applets limited access to local resources.

The load is distributed. It is highly scalable. Internet traffic can be minimized. Eg, a paint program.

From a server perspective, they cannot control the client environment so there are integrity issues there as well (e.g. client applet not suitable for online banking!)

#### Mobile Agents

It is a running program(code and data) that travels from one computer to another in a network carrying out an autonomous task, usually on behalf of some other process. Bring application (which is small) to data rather than the other way around.

* Advantage: flexibility, savings in communication cost
* Software maintain on the computers within an organization

There is potential security threat to the resources in computers they visit. The environment receiving agent should decide which of the local resource to allow(e.g., crawlers)

Agents themselves can be vulnerable, they may not be able to complete task if they are refused access.

It can be a useful approach (e.g. data indexing/mining) if data is spread over wide geographical areas.

#### Thin clients and computer servers

<img src="img/img20.png" width="400">

* Network computer: download OS and applications from the network and run on a desktop at runtime
* Thin client: Windows-based UI on the user machine and application execution on a remote computer

#### Mobile devices and spontaneous networking

The world is increasingly populated by small and portable computing devices. W-LAN needs to handle constantly changing heterogeneous, roaming devices. Need to provide discovery services: registration service to enable servers to publish their services and lookup service to allow clients to discover services that meet their requirements.

Need common standards! e.g My phone can list all available wireless networks. I can join one (that I am permitted) and receive an IP via DHCP.

Emerging standards such as bonjour broadcast to nearby computers to advertise resources and peripherals available, such as printers, music collections, web sites, ftp sites, video conferencing services.

### Design Requirements/Challenges

Basic CS model, responsibility is statically allocated. File server is responsible for file, not for web pages. Peer process model, responsibility is dynamically allocated, in full decentralized music file sharing system, search process may be delegated to different peers at runtime.

* Performance issues
    * Responsiveness: support interactive clients, use caching and replication
    * Throughput
    * Load balancing and timeliness
* Quality of Service
    * Reliability
    * Security
    * Adaptive performance: with change of number of users, the performance will not degraded
* Dependability issues
    * Correctness, security and fault tolerance
    * Dependable applications continue to work in the presence of faults in hardware, software and networks
    
Mirrored (replicated services) and caching can improve reliability, throughput and scalability more than a single server approach. To ensure our replicated cluster is not unbalanced we can rebalance via DNS redirection, process migration

# Fundamental Models

Fundamental models are concerned with a formal description of the properties that are common in all of the architectural models. It concerns interaction(between processes), failure and security models. Whatever architecture you choose, the fundamental models remains as it is.

All architectural models are composed of processes that communicate with each other by sending message over a computer network.

Models addressing time synchronization, message delays, failure, security issues are:

* Interaction Model - deals with performance and the difficulty of setting of time limits(how long do I have to wait for a response) in a distributed system
* Failure Model - specification of the faults that can be easily exhibited by processes
* Security Model - discusses possible threats to processes and communication channels

## Interaction model

Computation occurs within processes.

The process interact by passing messages, resulting in:
* Communication(information flow)
* Coordination(synchronization and ordering of activities) between processes

Two significant factors affecting interacting processes in a distributed system are:
* Communication performance is often a limiting characteristic(latency)
* It is impossible to maintain a single global notion of time

### Performance of communication channel

The communication channel in our model is realized in a variety of ways in DSs. E.g., implementation of:
* Streams
* Simple message passing over a network

Communication over a computer network has performance characteristics:
* Latency: A delay between the start of a message's transmission from one process to the beginning of reception by another
* Bandwidth: The total amount of information that can be transmitted over in a given time. Communication channels using the same network, have to share the available bandwidth
* Jitter: The variation in the time taken to deliver a series of messages.(That is some data reaches you within 1 second while others may take 2 seconds) It is very relevant to multimedia data.

### Computer clocks and timing events

Each computer in a DS has its own internal clock, which can be used by local processes to obtain the value of the current time. Therefore, two processes running on different computers can associate timestamp with their events. However, even if two processes read their clocks at the same time, their local clocks may supply different time. This is because computer clock drifts from perfect time and their drift rates differ from one another. Even if the clocks on all the computers in a DS are set to the same time initially, their clocks would eventually vary quite significantly unless corrections are applied. There are several techniques to correct time on computer clocks. For example, computers may use radio receivers to get readings from GPS with an accuracy about 1 microsecond.

### Two variants of the interaction model

In a DS it is hard to set time limits on the time taken for process execution, message delivery or clock drift.

Synchronous DS(A type of two-way communication with virtually no time delay, allowing participants to respond in real time) - hard to achieve:
* The time taken to execute a step of a process has known lower and upper bounds
* Each message transmitted over a channel is received within a known bounded time
* Each process has a local clock whose drift rate from real time has known bound

Asynchronous DS(A type of two-way communication that occurs with a time delay, allowing participants to respond at their own convenience) - There is no bound on:
* Process execution speeds
* Message transmission delays
* Clock drift rates

### Event ordering

In many DS applications we are interested in knowing whether an event occurred before, after or concurrently with another event at other process.

Consider a mailing list with users X, Y, Z and A.

<img src="img/img21.png" width="400">

Inbox of User A looks like:

<img src="img/img22.png" width="300">

Due to independent delivery in message delivery, message may be delivered in different order.

If messages m1, m2, m3 carry their time t1, t2, t3, then they can be displayed to users accordingly to their time ordering.

## Failure Model

In a DS, both processes and communication channels may fail - they may depart from what is considered to be correct or desirable behavior.

Types of failures:
* Omission Failure - refer to cases where the process or communication channel fails to perform a requested action
* Arbitrary Failure - the most tricky to deal with, where any type of error can occur. Corrupt data, unexpected responses
* Timing Failure - related to synchronous messages, where a set bound (clock drift, message ack, process execution time) exceeds defined bounds

<img src="img/img23.png" width="400">

Communication channel produces an omission failure if it does not transport a message from "p"'s outgoing message buffer to "q"'s incoming message buffer. This is known as "dropping messages" and is generally caused by a lack of buffer space at the receiver or at gateway or by a network transmission error.

If multiple processes are running, all of them are communicating. Then all the messages will be queued in the buffer.

Omission and arbitrary failures:

<img src="img/img24.png" width="400">

Timing failures:

<img src="img/img25.png" width="400">

It is possible to construct reliable services from components that exhibit failures. For example, multiple servers that hold replicas of data can continue to provide a service when one of them crashes.

A knowledge of failure characteristics of a component can enable a new service to be designed to mask the failure of the components on which it depends, checksums are used to mask corrupted messages.

## Security Model

The security of a DS can be achieved by securing the processes and the channels used in their interactions and by protecting the objects that they encapsulate against unauthorized access.

<img src="img/img26.png" width="400">

Use "access rights" that define who is allowed to perform what operation on a object.

<img src="img/img27.png" width="400">

To model security threats, we postulate an enemy that is capable of sending any process or reading/copying/modifying message between a pair of processes.

Threats form a potential enemy: threats to processes, threats to communication channels and denial of service(creating unwanted requests exceeds the capability of a server, the service become inaccessible to legitimate users)

<img src="img/img28.png" width="400">

Encryption and authentication are used to build secure channels. Each of the processes knows the identity of the principal on whose behalf the other process is executing and can check their access rights before performing an operation.