If there is one lesson I’ve learned from eight years selling Application Delivery Controllers, it it that centralized never scales, is a single point of vulnerability and failure, and promotes an authoritarian posture. Centralization is an anti-pattern. Don’t do it. Ever. Specifically, design defensively against centralization:
- Even if you only need one data base now, make distribution part of your selection criteria because you should be keeping user session state for very large numbers of front-end servers in the data base, such that packets can go to any front-end server from any source address and the application doesn’t barf when you have a million concurrent users on five continents.
- Even if you have to “fall-back to TLS” use IPSec as your primary security mechanism, especially if you are writing your own client. IPSec ESP in transport mode guarantees that your application messages don’t get read, slowed down, modified, or otherwise tampered with even if there are middle-boxes or NATs in the way, and it doesn’t depend upon the broken CA system for privacy.
- Never expect that you can rely upon the network to maintain transaction state for you. There are enough people who’ve made money on the fact that TCP isn’t very smart that the lesson should be that TCP isn’t smart enough for you to build your success upon and you should “L4-proof” your application in the design phase so that it doesn’t rely upon ports, the TCP state machine, or SSL/TLS sessions being consistent all the way through the user session.
- Use an application layer transport that is agnostic to whatever is going on lower in the stack. HTTP is good enough for almost everything. SIP+SDP, BEEP, and XMPP are worthy considerations as well. Don’t use protocols that open separate sockets for command and data channels. Don’t use protocols that try to push their will down the stack or try to out-smart the network (eg. PCP, UPnP, etc.).
- Use domain names for everything – never ask a user or administrator to enter an IP address. No one wants to type in sixteen octets of hexadecimal address.
- Design, build, and performance test using IPv6-only. Having functionally infinite addresses changes things. A lot. Use IPv6 addresses in all of your designs and manuals.