Designing High‑Availability, High‑Performance, Scalable and Secure Architecture for Large Web Applications

Architecture Evolution Timeline

Large websites face challenges from massive users, high concurrency, and huge data.

Initial Stage

Large sites start from small sites with a single server.

Application and Data Separation

As traffic grows, a single server cannot meet demand, requiring separation of application and data.

After separation, three servers are used: application server, file server, and database server.

The hardware requirements differ: the application server needs a fast, powerful CPU; the database server needs fast disks and large memory; the file server needs large storage capacity.

Using Cache

Increasing users cause database pressure, leading to latency; caching can reduce this load.

According to the 80/20 rule, 80% of accesses target 20% of data; caching this hot data improves speed and reduces write pressure.

Two cache types exist: local cache on the application server and remote distributed cache on dedicated cache servers.

Application Server Cluster

Cache alleviates database pressure, but a single application server becomes a bottleneck during peak traffic.

Clustering adds servers to share load, enabling horizontal scalability.

Load balancers distribute user requests across the cluster; more users simply add more servers.

Read‑Write Separation

Even with cache, write operations and some reads still hit the database, which becomes a bottleneck at scale.

Most mainstream databases support master‑slave replication; configuring a master‑slave pair enables read‑write separation.

Application servers write to the master; the master replicates changes to the slave, and reads are served from the slave. Middleware abstracts this separation for the application.

Reverse Proxy and CDN

As the user base grows globally, access speed varies by region; CDNs and reverse proxies cache content to improve experience.

CDNs cache at ISP data centers close to users, while reverse proxies cache at the central data center before forwarding requests.

Distributed File System and Distributed Database

After read‑write separation, further scaling may require distributed databases and file systems.

Distributed databases are used only when a single table becomes extremely large; otherwise business‑level sharding is preferred.

NoSQL and Search Engine

Complex business scenarios demand non‑relational storage (NoSQL) and search engines for efficient retrieval.

Business Splitting

Large sites split their business into multiple product lines, each deployed as an independent application, communicating via hyperlinks, message queues, or shared storage.

Distributed Services

As modules proliferate, overall complexity grows exponentially, making deployment and maintenance difficult.

Common business functions (e.g., user management, product management) are extracted into reusable services deployed independently.

Architecture Patterns

To solve high concurrency, massive data, and high reliability challenges, large internet companies have created reusable solutions that form architecture patterns.

Layered

Layered architecture divides a system horizontally into layers (application, service, data), each with a single responsibility.

Layers can evolve independently as long as interfaces remain stable.

Layers may be deployed on the same physical machine initially, but later need to be separated for scaling.

Segmentation

Segmentation splits the system vertically into cohesive, loosely coupled modules.

Large sites break functionality into many independent applications, each managed by a dedicated team.

Distributed

Layered and segmented modules are deployed on different servers, enabling distributed deployment.

Distributed systems introduce challenges: network latency, increased failure probability, data consistency, and operational complexity.

Common distributed solutions include distributed services, databases, computing, configuration, locks, and file systems.

Cluster

Clustering multiple identical servers with a load balancer improves concurrency and availability; adding servers expands capacity, and failover ensures continuity.

Cache

Cache stores data close to compute resources to accelerate access; examples include reverse proxy, Redis, and CDN.

Cache works when data hotspots exist and the cached data remains valid for a period.

Asynchronous

Asynchronous architecture decouples components via message queues, improving availability, response time, and smoothing traffic spikes.

Improves system availability.

Accelerates website response.

Mitigates traffic peaks.

However, asynchronous processing may affect user experience and requires product‑design support.

Redundancy

24/7 operation requires redundant servers and data backups; failover mechanisms ensure continuity when a server crashes.

Automation and Security

Automation covers CI/CD, automated testing, deployment, monitoring, alerting, failover, degradation, and resource allocation.

Security measures include authentication, encryption, captchas, protection against XSS/SQL injection, content filtering, and risk control for critical operations.

Core Architectural Elements

Architecture is an abstract description of a software system’s overall structure and components, guiding design.

Beyond functional requirements, five non‑functional attributes are essential: performance, availability, scalability, extensibility, and security.

Performance

Performance optimization techniques include browser caching, CDN, local and distributed caches, asynchronous queues, server clusters, multithreading, indexing, SQL optimization, and appropriate use of NoSQL databases.

Availability

High availability is achieved through redundancy, load balancing, stateless servers, data replication, automated testing, and continuous delivery.

Scalability

Scalability is measured by the ability to add servers to clusters, use load balancers, employ efficient cache routing, and scale databases via sharding or NoSQL solutions.

Extensibility

Extensibility is measured by low coupling between products; new features can be added without impacting existing services.

Event‑driven architecture and distributed services enable transparent addition of new functionality.

Security

Security architecture protects against attacks and safeguards data through authentication, encryption, captchas, XSS/SQL injection defenses, content filtering, and risk control mechanisms.