Create a Scalable, Resilient & Fault Tolerant 3-Tier Architecture

SITUATION

You have been asked to design and create a highly available, scalable, fault-tolerant 3 Tier architecture for your company’s new web application. A 3 tier architecture is a client-server design with a presentation tier, a logic tier, and a data tier that is each developed and maintained as independent modules on separate platforms. A tier can be thought of as a layer. I will use the analogy of looking at movie times in your area using a web application to break down each layer.

1. A Web Layer (presentation tier) transmits HTML/JS/CSS content to browsers. It’s the most visible layer and defines the application’s overall look and presentation to your end users. This layer displays your web page with fields to enter, like the movie (Black Panther: Wakanda Forever), dates, times, and zip code.
2. That information is then passed to the Application Layer (logic tier). This layer uses an application server and processes the business logic for the application. This might be written in C#, Java, C++, Python, Ruby, etc.
3. A Data Layer is a database management system that provides access to application data. This could be MariaDB, MySQL, PostgreSQL, etc. The database system runs the query and returns the results (a list of showtimes within your geographic area) to the application layer, which formats it into a web page.
4. The page is then returned to the browser, where the Web layer displays it on a laptop, phone, or another device.

M’Baku wasn’t the main character but my favorite and funniest 😂

MISSION EXECUTABLES

1. Create a VPC, subnets, and Internet gateway, and edit route tables.
2. Configure Security Groups to only allow traffic from one tier to the next in succession, beginning with our Web-ALB and ending with the database tier
3. Create the database tier using RDS (free tier).
4. Create an Application load balancer for the web tier (Internet-facing) and application tier (Internal-facing).
5. Create EC2 Auto-scaling groups for the Web and Application tiers. Configure security groups, so the web tier only accepts traffic from the ALB (Application Load Balancer), and the application tier only accepts traffic from the web tier security group.
6. Verify that the web tier can be accessed from the Internet and ping the application tier.

STEP 1: Create a VPC, subnets, and Internet gateway

Start off by navigating to your AWS console and typing VPC in the search bar, then select Create VPC.

Following the diagram, we’ve created a VPC with two availability zones. Each AZ has a Nat Gateway, public and private route tables, and subnets for each respective layer within our 3-Tier architecture.

STEP 2: Web Tier Launch Templates & AutoScaling Group

In the left pane, under Instances, select Launch Templates > Create Launch Templates. After providing a unique name for your template, check off the box labeled Auto Scaling guidance. Choose Amazon Linux AMI> t.2micro instance type> create new key pair (lab9).

We will create a new Security Group (WEB_SG) and associate it with the Lab9-VPC we created. You will need to add rules to allow traffic through ports 80 (HTTP) and 22 (SSH).

Under “Advanced network configuration,” I also selected “Auto-assign public IP”

To efficiently update all packages and install the “Apache” web server, I also added the following bootstrap under “User data” under “Advanced details” in the launch template before clicking “Create launch template.”

#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
EC2AZ=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone) 
echo '<center><h1>This Amazon EC2 instance is located in Availability Zone: AZID </h1></center>' > /var/www/html/index.txt
sed "s/AZID/$EC2AZ/" /var/www/html/index.txt > /var/www/html/index.html

2.1 Auto Scaling Group

After launching your template, you’ll be brought to the Launch template dashboard. From there, select your template to highlight it, and under Actions, select Create Auto Scaling Group (ASG). ASG creation involves about seven steps after providing a unique name, you will need to select your VPC and subnets to the association.

Choose a load balancer to distribute incoming traffic for your application across instances to make it more reliable and easily scalable. You can also set options that give you more control over health check replacements and monitoring. Our WEB-ALB will be internet-facing.

We will opt to create a target group and check off ELB health checks. EC2 Auto Scaling automatically replaces instances that fail health checks. If you enable load balancing, you can enable ELB health checks and the EC2 health checks that are always enabled.

The next phase involves choosing your group size by selecting desired, minimum and maximum capacity. I also enabled the Target tracking scale policy, which creates another instance when the average CPU reaches 50% or above.

There is an optional step to create a tag for your newly created instance. The last stage involves reviewing your configuration and, assuming no changes are needed, create your ASG and navigate to instances in the left pane to test your instances.

Head to your newly create ALB to test your application. Ensure that your ALB has the WEB-SG attached to it, allowing inbound traffic from HTTP. Copy your ALB DNS name and navigate to a browser for the final function check of our Auto Scaling Group and Load balancer.

If I refresh the same page, our load balancer should switch to our alternate AZ.

STEP 3: App-Tier Launch Templates & AutoScaling Group

Since I did not have any code to run a true application for this tier, I repeated the steps for the web tier but used the private subnets for the auto-scaling group. I created a new security group titled APP_SG that only allows traffic from the web tier’s security group WEB_SG as the source and SSH access to admins.

Instead of creating an entirely new launch template, I modified the WEB_LT with the configuration required for this layer.

Upon successful deployment, SSH into your Web_Tier_Instance and use the ping command on both of your App_Tier_instance to test connectivity across the board.

STEP 4: Database Tier

Search for “RDS” in the AWS Management Console and choose Create database. We will use the standard instead of easy create, MySQL will be the engine option, and the free tier will be the template type.

Provide a name for the DB instance identifier and set your admin credentials. The instance type will be burstable class db.t3.micro

Choose “Don’t connect to an EC2 compute resource” This is not required since our data can only be accessed through the application tier. Select our current VPC, and we will create a subnet group. Ensure there is no public access to the database. Create a new Security Group that will allow traffic on port 3306 from the Application tier. Check your configurations and create your database.

Note: We did not enable “Multi-AZ deployment” of an “RDS” instance,however, you can always do this later by selecting a running RDS instance and clicking “Modify” > “Enable Multi-AZ deployment.”

It will take a few minutes to create our database in the meantime, let's navigate to Security groups to modify our DB_SG to only allow traffic from APP_SG over port 3306.

The last step will be to check our database and validate our subnet associations.

The main focus of designing this architecture was ensuring there was no single point of failure within the design. Fault Tolerance refers to a system’s capacity to continue functioning even if some components fail -translation, zero downtime. We achieved this by using AWS Auto Scaling Groups to scale up compute resources (EC2 instances) as demanded by load, thereby safeguarding the machines from failures. Our Elastic Load Balancers can detect unhealthy instances within its pool of Amazon EC2 instances and automatically reroutes traffic to healthy instances. I used to get these two mixed up since a fault-tolerant system is considered highly available. The distinction comes in the form of redundancy. Simply put, high availability allows room for failure with a quick recovery, while fault-tolerant systems offer zero downtime at great cost.

The caveat for implementing a fault-tolerant system is its cost, as companies have to shoulder the capital and operating expenses for running its required numerous resources. I hope you found this tutorial to be useful. Please feel free to connect with me on Linkedin

I lied there is one more step. Make sure to tear down all the resources you deployed, so you don’t get charged for a lab environment. The resources deployed were:

• 2 Auto Scaling Groups
  -2 Launch Templates
• 2 Application Load Balancers
  -2 Target Groups
• 2 Nat Gateways
• VPC
  -Internet Gateway
  -2 Public Subnets
  -4 Private Subnets
  -Route Tables
• Relation Database

Are you looking to scale awareness for your software startup? Check out Circuit.

We offer free expert advice and bespoke solutions to help you build awareness and adoption for your tech product or service.

More content at PlainEnglish.io.

Sign up for our free weekly newsletter. Follow us on Twitter, LinkedIn, YouTube, and Discord.