How 360 Secures Massive Data with Custom NoSQL and Open‑Source Backend

Common MySQL Middleware Development

In 2011, 360’s backend services lacked a unified solution for MySQL high‑availability, horizontal scaling, and load balancing. The team surveyed several open‑source projects (e.g., MySQL‑Proxy, ProxySQL, Cobar), selected the most suitable candidates, and performed a three‑stage validation:

Requirement analysis : define SLA (99.99% availability), latency (<5 ms for read/write), and deployment constraints (single‑month development cycle).

Prototype testing : integrate the candidate into a sandbox environment, simulate failover, and measure throughput and latency under 10 k QPS.

Pilot rollout : deploy the middleware to a low‑risk product line, monitor operational metrics for two weeks, and iterate on bugs and performance bottlenecks.

After successful pilots, the middleware was packaged as an internal library and reused across dozens of product lines, reducing duplicated effort and ensuring consistent MySQL reliability.

Hybrid NoSQL Engine “Bada”

Bada is a home‑grown NoSQL system designed to meet 360’s multi‑IDC (data‑center) requirements. Its architecture blends a traditional master‑slave model with a decentralized peer‑to‑peer layer:

Data placement : writes are first accepted by a local master node, then asynchronously replicated to peer nodes in other IDC clusters.

Conflict resolution : vector clocks are used to detect concurrent updates; the system automatically merges divergent versions based on timestamp and application‑defined rules.

Latency & performance : for 4 KB operations the average read/write latency is ≈1 ms, with peak throughput of 150 k ops/s on a 12‑node cluster.

Supported data structures : String, List, Set, Hash, all compatible with the Redis protocol, enabling seamless migration of large‑scale Redis workloads.

The engine was presented at the 2015 China Database Technology Conference under the title “Bada – Building a Hybrid Master‑Slave/Decentralized NoSQL Architecture”.

Security Architecture of 360 Cloud Disk

360 Cloud Disk protects user data through multiple layers:

Transport encryption : client‑server communication uses a proprietary cloud‑storage protocol encrypted with SSL/TLS.

File vault : files stored in the vault are encrypted with a per‑user key before upload, preventing plaintext exposure on the client side.

Antivirus integration : uploaded files are scanned by 360’s cloud‑antivirus engine before being made available to other users.

Fragmented storage : each file is split into dozens to hundreds of encrypted fragments; fragments are distributed across at least three geographically separated servers, making reconstruction impossible without the user’s key.

Redundancy : each fragment is replicated on three distinct servers in different data centers, ensuring durability against hardware failures or natural disasters.

These measures collectively guarantee confidentiality, integrity, and high availability for user data.

PHPTrace – Online Tracing for PHP

Traditional PHP debuggers (Xdebug, Xhprof) require process restarts or introduce noticeable overhead, which is unsuitable for production environments. PHPTrace, open‑sourced by 360, provides a lightweight, attach‑on‑demand tracer with the following capabilities:

Attach to any running PHP‑FastCGI or CLI process without restarting the interpreter.

Record function entry/exit timestamps and call stacks in real time.

Export trace data in JSON or CSV for offline analysis.

Zero performance impact when not actively tracing, because the tracer hooks are disabled by default.

Engineers can use PHPTrace to pinpoint latency spikes, identify unexpected crashes, or verify code paths in live services.

Open‑Source Contributions

360’s infrastructure projects, including the MySQL middleware, Bada, and PHPTrace, are hosted on GitHub at https://github.com/Qihoo360. The repositories contain build instructions, CI pipelines, and contribution guidelines for the community.