Distributed Cache/Session where should I turn? [closed] - asp.net

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am currently looking at a distributed cache solution.
If money was not an issue, which would you recommend?
www.scaleoutsoftware.com
ncache
memcacheddotnet
MS Velocity

Out of your selection I've only ever attempted to use memcached, and even then it wasn't the C#/.NET libraries.
However memcached technology is fairly well proven, just look at the sites that use it:
...The system is used by several very large, well-known sites including YouTube, LiveJournal, Slashdot, Wikipedia, SourceForge, ShowClix, GameFAQs, Facebook, Digg, Twitter, Fotolog, BoardGameGeek, NYTimes.com, deviantART, Jamendo, Kayak, VxV, ThePirateBay and Netlog.
I don't really see a reason to look at the other solution's.
Good Luck,
Brian G.

One thing that people typically forget when evaluating solutions is dedicated support.
If you go with memcached then you'll get none, because you're using completely open source software that is not backed by any vendor. Yes, the core platform is well tested by virtue of age, but the C# client libraries are probably much less so. And yes, you'll probably get some help on forums and the like, but there is no guarantee responses will be fast, and no guarantee you'll get any responses at all.
I don't know what the support for NCache or the ScaleOut cache is like, but it's something that's worth finding out before choosing them. I've dealt with many companies for support over the last few years and the support is often outsourced to people who don't even work at the company (with no chance of getting to the people who do) and this means no chance of getting quality of timely support. On the other hand I've also dealt with companies who'll escalate serious issues to the right people, fix important issues very fast, and ship you a personal patch.
One of those companies is Microsoft, which is one of the reasons that we use their software as our platform. If you have a production issue, then you can rely on their support. So my inclination would be to go with Velocity largely on this basis.
Possible the most important thing though, whichever cache you choose, is to abstract it behind your own interface (e.g. ICache) which will allow you to evaluate a number of them without holding up the rest of the development process. This means that even if your initial decision turns out not to work for you, you can switch it without breaking much of the application.
(Note: I'm assuming here that all caches have sufficient features to support what you need from them, and that all caches have sufficient and broadly similar performance. This may not be a valid assumption, in which case you'll need to provide more detail in your question as to why it isn't).

You could also add Oracle Coherence to your list. It has both .NET and Java APIs.

From microsoft : App fabric
Commerical : NCache
Open source : RIAK
We tried a couple in the end we use the SQL session provider for asp.net/mvc yes there is the overhead of the connection to the DB but our DB server is very fast and the web farm has loads of capacity so not an issue.
Very interested in RIAK has .net client and used by Yahoo - can be scaled to many manu server

Related

Best tool: Distributed load test for asp.net applications [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
We want a high performance testing tool for a distributed scenario
We want to collect data from clients and from server (memory usage, cpu usage, response time, .net calls etc).
Most of our applications are using .Net 4.0 or Classic Asp.
We have 4 servers. We want 1 controller and three agents working together for testing, collecting data.
What's the best tool for this scenario?
ps: We've tried Visual studio 2012 ultimate and it seems promising. I don't know other tools that fits the scenario.
Give Load Tester a try: http://www.webperformance.com/load-testing/ (disclaimer: I work there). It has a monitoring agent that will run on your Windows servers to collect the metrics you mentioned and a lot more. It also collects client-side metrics such as page load time. The LITE version is free and can run simple tests with unlimited users.
Take a look at Rational Performance Tester. I was about to purchase a license for one of our projects but didn't push through for reasons not related to the software. Looked promising back then.
I would split things up to keep it simple.
First I would check what the average requests per seconds is when using your servers to generate load. For that there is a small tool included in Apache Http Server called ab.exe. It's easy to setup to generate requests.
If you think that you get acceptable response times all is well.
If not, use something like Jetbrains DotTrace (in your app) to collect data when generating load from one server.

SQL Server vs Access Database for Web: Compelling Arguments [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I know you're think "hands down SQL Server" (as am I) but I'm finding myself in delicate situation that requires I "sell" this to my new supervisor (not a developer).
What I'm looking for are compelling arguments for non technical people and some that are "slightly" technical but don't really understand the differences. I'm having a hard time convincing my current shop that this is not only extremely inefficient but dangerous in so many ways. I won't be able to give them a dissertation however to convince them. What arguments can I give them "quickly" that will make them understand how serious this could be?
Thanks!
It depends really. I'd suggest sql express if money is the problem though.
Also there is this:
http://support.microsoft.com/kb/303528
Microsoft Jet is not intended for use with high-stress server
applications, high-concurrency server applications, or 24 hours a day,
seven days a week server applications. This includes server
applications, such as Web applications, commerce applications,
transactional applications, and messaging server applications. For
these types of applications, the best solution is to switch to a true
client/server-based database system, such as Microsoft Data Engine
(MSDE) or Microsoft SQL Server. When you use Microsoft Jet in
high-stress applications such as Microsoft Internet Information Server
(IIS), you may experience any one of the following problems: Database
corruption Stability issues, such as IIS crashing or locking up Sudden
failure or persistent failure of the driver to connect to a valid
database that requires re-starting the IIS service
You don't provide any info to really answer this. what is your application all about? what load will it need to handle? how much data will it retain? what are the backup and availability requirements? etc...
if you are building a little web page for internal use only, Access may get you there. for anything else, or for future expansion, for better tool integration, SQL Server is the right tool. Just download the free express version and build you application. the available features and compatibility with the purchased version are worth it alone. When you outgrow access you'll have to throw away everything and start again, with sql server express you can migrate without changing anything.

Are there any guides on configuring ASP.NET Trust levels on IIS [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am looking for either a best practice, supported, guide from Microsoft or a bloggers/developers guide of the same. Or both.
I am setting up some servers for hosting and I want to configure them with just enough permissions. I have done this before where I modified the Medium trust and gave it database permissions etc but I only briefed over it.
I want to setup solid machines with the respective, common, permissions that people use. Is there maybe a resource that explains in detail what each trust level has by default? That way I could compare and go from there.
To start the security, I have made a rule on my machines that I only create dedicated application pools per site/user. I know Microsoft say that each website is virtually seperate, even in the shared application pool space, but I just don't trust it.
I also know I shouldn't run in Full Trust as I am opening up my server to all kinds of attacks.
I have a bit of knowledge on this but not enough so hopefully you lot can help me. I'm not wanting to be spoon fed what to do, I have no problem figuring it out, I just can't find the info to start with.
I appreciate your help.
Anthony
I'm running:
Windows 2008 RC2 64 bit with IIS7.5 and a combination of 2.0/3.5 and 4.0 application pools.
The strict best practice is "don't let anything do anything to anything" but that is counterproductive in general -- if you aren't taking HTTP requests, you don't have a working HTTP application server.
That said, your question is very general and very nebulous. The first key question is "what sort of hosting scenario is this?" For example, full trust isn't necessarily a bad thing in a dedicated scenario, or even a shared server between "friendly" apps that should trust each other. But it is bad in a hotel server situation where you've got random guests sharing space.
The second question is what sorts of apps are you hosting? You've got completely different frontages depending on what you are doing -- spammers don't try as hard as thieves. Spies try even harder.

How does Drupal's security compare to Plone's? [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
How does Drupal's security compare to Plone's?
Note:
It will be great if the comparison includes V.7 for Drupal and V.4 for Plone.
Thanks
There's a good overview of how Plone handles the top 10 security issues in the web app world here:
http://plone.org/products/plone/security/overview
Organizations like the FBI, CIA and European Network and Information Security Agency (ENISA) all use Plone, if that is an indication.
Plone has the best track record in security of any major CMS, and we take it very seriously. We have an architecture that is built around sandboxing, proper ACLs and a powerful security model.
Drupal has a pretty horrible security record (see the CVE numbers quoted in another comment), as do the other two major PHP-based frameworks (Wordpress and Joomla). Plone is Python-based, but you probably know that already.
Plone makes it easier to write secure add-ons, since we have a proper security model that makes it pretty hard to write code that is inherently insecure. This is different from any other system out there, and is another core differentiator.
(And yes, this answer is biased, I'm one of the founders ;)
The security of the main framework is pretty solid in both cases; the problems are almost always found in the add-on modules, so you need to evaluate each module you plan to use individually.
When searching the "CVE" official common vulnerabilities database, you get the following figures:
Last 3 years: plone 8, drupal 282.
Last 3 months: plone 0, drupal 9
The basic architecture of plone is apparently much more secure. I don't know drupal, actually, but I do know plone. There are no sql injection bugs as there's an non-sql object database behind it. It is a long-running python program, basically, instead of PHP scripts, which makes it easier to have a good solid security mechanism that's harder to break or mis-handle.
(Note: I just did a simple keyword search at http://web.nvd.nist.gov/view/vuln/search . Not all the results I see for drupal can be attributed to drupal, there seem to be some os-level vulnerabilities that somehow show up in the search results).
It's difficult to compare Plone and Drupal on equal metrics. CVEs is not the end-all comparison, and it's arguable how valuable it even is, as an indication of the relative security of the software. Of those 282 Drupal CVEs, how many were for Drupal core? Not 282.
limi can argue that the architecture is more secure, and point to Plone's response to the OWASP Top Ten. Drupal can do the same. And the "who uses it" argument? Well, whitehouse.gov uses Drupal, as well as a large number of other governmental and "enterprise" organizations.
There are several orders of magnitude more developers using Drupal; the higher numbers of vulnerabilities found can just as easily be attributed to more people bothering to look for them. These stats could easily be security by obscurity.

How many public high traffic websites are built with ASP.NET? [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
This is really a 2 part question. First of all, I just wanted to know how common is asp.net in the real world?
Secondly, I just want to know what are the read world scenario regarding scaling a asp.net site? http://highscalability.com/ almost never talked about the asp.net stack. Does anyone have any reason article that talks about how to scale an asp.net app?
Thanks.
I don't have numbers but based on the number of .net questions on so I'd say it's pretty common For your second question seehttp://highscalability.com/plentyoffish-architecture
MySpace uses ASP.NET (source). A lot of big sites do. I would ignore the Plenty of Fish example though. From my recollection of stories I've read about it, they're just using HttpHandlers for output, skipping the Webforms stuff altogether. You could probably get Webforms to scale though if you absolutely had to. Most popular frameworks can handle high load, it just depends on the code and who's writing it. Anyone can program a site in any framework that won't scale but not vice versa.
As for how to scale, the biggest thing is caching, caching, caching. All big sites cache extensively. Facebook has thousands of servers just for caching. That's just a start though.
Yes asp.net is used in the real world. I have been following how Stackoverflow has been created since I first heard about it over a year ago and have taken away a lot of lessons. Following how stackoverflow will scale in future as their demand grows is pretty interesting and they are making a lot of their information public. Plus the podcasts are hilarious :)
Its hard to say how widespread ASP.NET is in the world but I think it is very widespread compared to PHP, Java and other server technologies. And I'm convinced that ASP.NET is as scalable as anything else you'll try.
If you wan't a starting point to read about ASP.NET performance you could take a look at chapter 6 of the P&P book "Improving .NET Application Performance and Scalability". It's from 2004 so it might be a little outdated.
To give a couple of examples of high traffic sites running ASP.NET you just have to look at http://www.microsoft.com/ or https://stackoverflow.com/. if your site is smaller than these (and it probably is) scalability wont be you biggest concern. You should probably be more concerned about writing maintainable code.
Plenty of Fish with about 1,2 billion pageviews/month
Over 9000.
Realistically I've run into many high traffic websites StackOverflow as an example that use ASP.NET
One thing that is useful for high scalability is the ability to add more servers if needed and still be able to maintain your current session using various ASP.NET session state technologies.

Resources