Availability - HackMD

# Availability ``` > database mytypedb status replica 1) 10.1.17.23: - availability : available - role : primary - uptime : 12h 3m - syncing : 0 / 34,321 - term : 51 2) 10.1.17.15: - availability : available - role : secondary - uptime : 3d 8h 14m 2s - syncing : 21 / 34,319 - term : 51 3) 10.1.17.37: - availability : unavailable ``` - Highly available, primary / secondary clustering model based on Raft - Tolerates non-majority failures - event driven, asynchronous architecture - Automated client / server failover - Client can discover all servers automatically - Client transitions from a failing server to the next one that is functioning # Throughput ``` database mytypedb status request 1) 10.1.17.23 (primary): - last 1 second : 15,541 writes, 21,756 reads - last 1 hour : 50,206,440 writes, 78,211,600 reads - last 24 hours : 1,204,954,560 writes, 1,879,312,402 reads 2) 10.1.17.15 (secondary): - last 1 second : 0 writes, 21,346 reads - last 1 hour : 0 writes, 78,219,745 reads - last 24 hours : 71,318,976 writes, 1,880,718,223 reads 3) 10.1.17.37 (secondary): - last 1 second : 0 writes, 22,001 reads - last 1 hour : 0 writes, 78,220,472 reads - last 24 hours : 0 writes, 1,881,631,782 reads ``` - Every server can serve read-any-replica transactions, allowing for linear throughput - Automated client / server load-balancing - Client can discover all servers automatically - Client load-balances read-any-replica queries # Authentication ``` root@10.1.17.15# ./typedb console --cluster=10.1.17.15:1729 --username admin Password: ************ > user create tomas Password: ************ > user tomas password Password: ************************ > user delete tomas ``` - Server access protected with credentials, ensuring data safety and security: - User credential management - Database management - Session / transaction - The credentials are safely stored at rest using cryptographic hash functions (currently BCrypt) # User Authentication - authentication ensures only users with the right credential can get in - role-based authorisation framework provides granular access control - who can manage user credentials and databases - who can read and write data - create and assign custom roles to users as needed by your organisation - credentials safely stored at rest (using BCrypt, an instance of cryptographic hash functions) --- TypeDB Cluster ensures users are authenticated to communicate to the database, and that only users with the right authorisation can perform user/database manage operations or access specific databases. TypeDB Cluster allows you to define user roles that have tailored privileges with respect to read or write operations on give database schema or data. --- Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla --- ``` > role create role1 [access:db1:*, access:db2:data:read] role created. > role list +-----+---------------+-------------------------+ | no. | name | privileges | +-----+---------------+-------------------------+ | 1. | admin | user:create | | | | user:list | | | | user:delete | | | | database:create | | | | database:list | | | | database:delete | | | | access:*:*:* | | 2. | role1 | access:db1:* | | | | access:db2:data:read | | 3. | role2 | access:db2:* | +-----+---------------+-------------------------+ > role get role1 permission add access:db3:data:read role updated. > user create user1 [role1] password: user created. > user get user2 role add [role2] user updated. > user get user2 password set password: user updated. > user list +-----+--------+-----------------+ | no. | name | role | +-----+--------+-----------------| | 1. | admin | admin | | 2. | user1 | role1 | | 3. | user2 | role1 | | | | role2 | +-----+--------+-----------------+ ``` # Encryption ``` root$ tshark -i eth0 -f "tcp" -f "dst ip 10.1.17.15" -f "dst port 1729" \ -T fields -e "data.data" -z "follow,tcp,ascii,0" 43 packets captured =================================================================== Follow: tcp,ascii Filter: tcp.stream eq 0 Node 0: 10.1.17.2:59947 Node 1: 10.1.17.15:1729 126 46 EnCt245fd8f82a976d84690296a8ddd386964f068dcfa45fd8f82a976d84690296a8djtxyjxNQYAA zof2yx2AjpGlNakGmQzhMRYKeHjpS4Wn4+8jcDYtgPucSkldHlraTZbY0fN/8hsTwRt+d98U8N5mX9B6 xV+c3gukaypsmFaXU6eyTO2R525LaphqzaUIyJnhB9VSAqGC8evoCnZHuO9QqlwUnQ41xbzEHSwfJKcA UFysL/bblPS5dJvqMTvHOEGM3LXUlEmxZQbyJj5tPUFIoCyQPDWJ1UUqbJjzr3Z+Fpv2BdK4M0g6Scat aNBBy3B1b59xJNjzJpJi26VFN6wY6oS6FFfO5VNV3WcE1T35Oe+Vhruh5oAZzOOEnTuBhOt3kR+A1H+q ``` - client to server communication protected with TLS, ensuring the safety of data exchange between the application and the server - server to server communication protected with ZMQCurve, ensuring the safety of data replication between servers --- - Fully-encrypted communication between client to server, and between servers. - Client-server communication encrypted using TLS, and between servers using CurveZMQ - ensures privacy: data being transported cannot be seen by a third party - ensures authenticity: the parties exchanging information are who they claimed to be - ensures integrity: data cannot be tampered with by a third party --- Server-to-server communiation is encrypted using the ZMQCurve protocol, ensuring the safety of data replication across the cluster. Client-to-server communication is encrypted using the TLS protocol, ensuring the privacy, authenticity, and integrity of data transmitted to and from the the database server. # Cluster Management ``` root$ ./typedb cluster --username=admin \ > --address=10.1.17.15:1729:1730:1731 \ > --cluster=10.1.17.37:1729:1730:1731 root$ root$ ./typedb console --cluster > > cluster 10.1.17.23 terminate Asking 10.1.17.23 to leave the cluster and shutdown... Server 10.1.17.23 has left the cluster > > cluster 10.1.17.37 left Server 10.1.17.37 has left the cluster ``` - Supports the ability to upscale and downscale cluster size - with an easy to use command - done robustly without compromising security and data consistency --- - Manage your cluster - scale up / down depending on the availability and throughput needs - data consistency is guaranteed: - before, during, and after changing the cluster size - in the event of failure during changing the cluster size - automated propagation of new cluster information to all servers and user applications / clients --- TypeDB Cluster provides the ability to easily scale up or down the cluster to meet changing application demands. Data replication and consistency are transparently managed before, during and after cluster transformation, including in the event of cluster resizing failure. TypeDB Clients also allow applications discover new cluster servers automatically. # Live Backup ``` > database mytypedb backup status - status : scheduled - frequency : Every 7 days - next : Mon 07 Jun 2021 12:26:33 UTC > > database mytypedb backup now > > database mytypedb backup schedule start=2021-06-21T12:00:00 every=7d > > database mytypedb backup 4 delete > > database mytypedb backup 3 restore The following backup will be restored: (id: 3) Mon 21 Jun 2021 12:26:02 UTC Press [Y] to continue or [n] to cancel: Y Restoration is in progress ... ``` - Create backup on-the-fly on a running system sacrificing availability - Create a schedule for performing periodic backups - Robust restore functionality --- - very granular, per-commit backup, allowing for precise data restoration - zero risk of data loss: everything is immediately backed up - incremental execution: minimising CPU, storage, and network overhead - powerful functionality exposed via simple to use CLI tool --- TypeDB Cluster provides a granular live backup mechanism, that allows applications to recover from any disaster, to the latest database version of a successfully committed transaction. This minimises the possibly of data loss significantly. Backup operations perform incrementally, minimising CPU usage, storage usage, and network overhead. Backup restore operations can be performed via simple commands in the CLI.