September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
272
|
第
16
章
防灾规划和准备能从两个方面减轻这一风险:事件管理方面和技术方面。在事件管理方
面,灾难是迫在眉睫且严重的,
Google
指
派了一组事件管理人员来全职处理这个问题。
为了降低风险,团队需要识别受影响的系统,包括供应商固件镜像,并制订一个全面的
计划。
在技术方面,网站可靠性工程师已为
Linux
内核实现了深度防御措施
。运行时补丁或
ksplice
借助函数重定向表实现
,能在不重启新内核的前提下解决许多安全问题。
Google
有
一套内核发布原则:定期将新版内核推送到整个机器集群上,该过程在
30
天内完成
。如
果需要,我们有明确的机制来提高此标准操作程序的推出速度
8
。
如果无法使用
ksplice
修复
漏洞,还可以快速执行紧急部署。但在本例中,可以通过内核
splice
来处理两个受影响的函数
:
tcp_collapse_ofo_queue
和
tcp_prune_ofo_queue
。网站
可靠性工程师能在不对生产环境产生不利影响的前提下,将
ksplice
应用于生产系统
。由于
部署过程已经过测试和批准,网站可靠性工程师很快就取得了领导层的同意,可以在冻结
代码期间应用该补丁。
16.8
小结
当考虑如何从头开始加快灾难恢复测试和防灾规划时,可行的方法看似有点多。但在小范
围内应用本章中的概念和最佳实践也是可以的。
首先,确定最重要的系统或关键数据,然后确定要如何应对会对组织造成影响的各种灾
难。要确定组织在没有服务的情况下可以运行多长时间,以及灾难影响到的人员或其他系
统的数量。
迈出重要的第一步后,就可以逐步扩展覆盖范围,最终形成一套强大的防灾策略 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.