Distributed Application Architecture Patterns

9 Security Patterns

Security is a broad topic and many patterns have been created to address it, such as in [147]. However, while most of them do pertain to distributed systems, few are focused on the architecture of the system itself. This chapter presents a few useful patterns for enhancing the security of a distributed system directly through its architecture.

The Identity Provider & Federated Identity patterns in § 9.1 shows two common ways to handle authentication and authorization in a distributed system
The Gatekeeper pattern in § 9.2 instead uses distribution to its advantage to isolate security incidents in a limited environment

Other patterns that could be considered part of this category include [148]:

Ambassador and Offload to Gateway can be used to improve network security, especially in legacy systems
Bulkheads can be used to limit the blast radius of a security incident
Claim Check can be used to protect sensitive data in communication by hiding them in a secure data store

Notable omissions in this category due to the methodology described in § 1 include:

Quarantine by Microsoft [149], as it is a process, not an architectural pattern
Valet Key by Wilder and Microsoft [14, p. 115, 129] as it is only useful in cloud environments

Distributed Application Architecture Patterns

An unopinionated catalogue of the status quo

Methodology

Scope of this work

Existing resources

Selection process

Pattern construction

Design and implementation

Inspiration

Visual style

Technologies

Visual language

Design process

Overview

Prerequisites

Pattern categories

Conventions used

Example application

Communication Patterns

Gateway Routing

Abstract service locations from the clients

Publisher–Subscriber (Pub–Sub, Topics)

Asynchronous one-to-many communication

Asynchronous Request–Reply

Asynchronous two-way communication

Decomposition Patterns

Sidecar

Language-agnostic, locally-running supporting components

Ambassador

Handle network communication on behalf of a service

Offload to Gateway

Move common functionality to a gateway to offload backend services

Backend for Frontend (BFF)

Reduce backend complexity by specialising for each frontend

Scalability Patterns

Competing Consumers & Load Balancer

Continuous parallel request processing

Partitioning (Sharding)

Scale out by separating tasks or data into logical partitions

Scatter–Gather

Asynchronously distribute workloads and aggregate results

Externalised Configuration

Centralised configuration management

Resilience and Reliability Patterns

Bulkheads

Use logical partitions to isolate failures

Queue-Based Load Leveling

Use a messaging queue to manage and cope with peaks in demand

Retry

Do not fail because of transient errors

Health Monitoring

Proactively check and react to service failures

Rate Limiting

Control the rate of incoming requests to prevent overload or starvation

Leader and Followers

Decentrally appoint a replaceable group leader

Performance and Latency Patterns

Circuit Breaker

Isolate failure with controlled recovery

Colocate

Improve network reliability by decreasing the distance between services with high coupling

Aggregating Gateway

Aggregate multiple service requests into a single client response

Claim Check

Reduce message sizes by storing large payloads externally

Command and Query Responsibility Segregation (CQRS)

Isolate data store reads and writes to prevent contention

Security Patterns

Identity provider & Federated Identity

Centralise authentication to reduce the attack surface

Gatekeeper (Service Firewall)

Protect services by validating and sanitising incoming requests in a limited environment

Consistency Patterns

Transaction-Based Processor

Use transactions to encapsulate atomic processes

Transactional Outbox

Atomically send a message and update the database

Saga

Sacrifice isolation for increased availability during a distributed transaction

Choreography-Based Sagas

Distribute responsibility for a saga across participating services

Orchestration-Based Sagas

Centralise responsibility for a saga in a single service

Event Sourcing

Store data as a sequence of changes to preserve history

Migration and Compatibility Patterns

Anti-Corruption Layer (ACL)

Mediate between modern and legacy systems

Incremental Replacement (Strangler Fig)

Replace a legacy system step-by-step

Messaging Bridge

Connect two services with incompatible messaging middleware

Bibliography