September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
xxv
序二
无论是网站可靠性工程还是安全性工程,其核心关注点都是保持系统可用。发布失败、容
量不足和配置错误等事件都可能让系统不可用(至少在短期内不可用)。安全性或隐私事
件会破坏用户的信任,也会削弱系统的实用性。因此,系统安全是网站可靠性工程师的头
等大事。
在设计层面,安全性已经成为分布式系统的高级动态属性。从早期使用无密码账户的基于
UNIX
的电话交换机
(没有人使用调制解调器去拨号,至少人们是这样认为的),到静态用
户名
−
密码对和静态防火墙规则,我们已经走了很长一段路。如今,我们改用限时有效的
令牌访问机制,因而每秒要对百万级的请求进行高风险评估。对动静态数据的精细加密,
再加上密钥频繁轮换,使得密钥管理成为处理敏感信息的网络、进程和存储系统的附加依
赖项。构建和运营此类基础安全软件设施需要原始系统设计人员、安全工程师和网站可靠
性工程师紧密协作。
分布式系统的安全性对我个人而言具有更多的意义。从大学时代至加入
Google
前
,我有
一个关于进攻性安全(
offensive
security
)的副业,主要关注网络渗透测试。我从分布式系
统的脆弱性和攻守双方的不对称中学习到,防守方需要抵御所有可能的攻击,而攻击方只
需要找到单个可利用的弱点进行突破。
在理想情况下,
SRE
会涉及关键设计的讨论和实际系统的变更
。作为
Gmail
的早期
SRE
技术负责人之一,我开始将网站可靠性工程师视为预防不良设计和不良实现影响系统安全
性的最佳防线之一。实际上在系统变更时,网站可靠性工程师是最后一道防线。
Google
的两本关于
SRE
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.