Field of the Invention
Embodiments of the present invention generally relate to distributed computing systems and methods, and more specifically to improving security and reliability in a networked application environment.
Description of Related Art
A broad variety of computing applications have been made available to users over computer networks. Frequently, a networked application may be provided using multiple interacting computing nodes within a distributed computing architecture. For example, a web site may be provided using a web server (running on one node within the distributed computing architecture) configured to receive requests from users for web pages. The requests can be passed to an application server (running on another node within the distributed computing architecture), which in turn processes the requests and generate responses passed back to the web server, and ultimately to the users.
Another example of a networked application includes a content distribution system used to provide access to media titles over a network. Typically, a content distribution system may include various servers such as access servers and content servers. Clients may connect to the servers using a content player, such as a gaming console, computing system, computing tablet, mobile telephone, or network-aware DVD player. The content server stores files (or “streams”) available for download from the content server to the content player. Each stream may provide a digital version of various forms of video or other content, such as a movie, a television program, a sporting event, user generated content, or a staged or live event captured by recorded video. Users access the service by connecting to a web server, where a list of content is available. Once a request for a particular title is received, the title may be streamed to the client system over a connection to an available content server.
In systems such as these, various conditions may result in a reduction in security or reliability. In one example, certain maximum limits may be placed on various types of resources. Exceeding the limit for a given resource may result in reduced access to the networked application, up to and including complete loss of service. In another example, one or more portions of a networked application may be vulnerable to attack from external applications seeking to breach the security of the distributed computing architecture. In at least some cases, the vulnerabilities may not be easily detectable until the portions of the networked application are deployed within the distributed computing architecture. In yet another example, one or more access control lists (ACLs), such as security groups, may be established within the distributed computing architecture in order to specify which sources can communicate to which destinations over which communication ports. However, the distributed computing architecture may not provide a means to determine the configuration of the various ACLs or to monitor changes to ACL configurations over time. In yet another example, security certificates may be utilized to authenticate receivers of encrypted messages over networks to ensure that exchange of confidential information, such as passwords, remain secure. Such security certificates may expire at a specific time determined by the web application that created the certificate. In such a case, the security certificate must be replaced by a corresponding certificate with a later expiration date. Failure to replace a security certificate prior to the expiration date may result in rejection of further encrypted communications with the networked application and a corresponding loss of service. As the foregoing illustrates, what is needed is a more automated way to manage security and reliability within a networked application environment.