Systems Architecture and Design
1. Architecture Design Principles
Key Concepts
Abstraction: Abstraction: Hiding implementation details to reduce complexity
1. A database API that hides SQL complexity, allowing developers to use
simple method calls instead of writing complex queries
Here's an example of how a database API can abstract SQL complexity through
method calls:
Instead of writing this raw SQL query:
SELECT customers.customer_id, customers.name, customers.email,
COUNT(orders.order_id) AS total_orders,
SUM(orders.amount) AS total_spent
FROM customers
LEFT JOIN orders ON customers.customer_id = orders.customer_id
WHERE customers.signup_date > '2023-01-01'
GROUP BY customers.customer_id, customers.name, customers.email
HAVING COUNT(orders.order_id) > 5
ORDER BY total_spent DESC
LIMIT 10;
A developer could use an abstracted method call like:
# Using an ORM (Object-Relational Mapping) like SQLAlchemy
top_customers = (
Customer.query
.filter(Customer.signup_date > datetime(2023, 1, 1))
.join(Order, isouter=True)
.group_by(Customer.id, Customer.name, Customer.email)
.having(func.count(Order.id) > 5)
.with_entities(
Customer.id,
Customer.name,
Customer.email,
func.count(Order.id).label('total_orders'),
func.sum(Order.amount).label('total_spent')
)
.order_by(desc('total_spent'))
1
� .limit(10)
.all()
)
Or even simpler with a custom repository pattern:
# Using a custom abstraction layer
top_customers = customer_repository.find_top_spenders(
since_date=datetime(2023, 1, 1),
min_orders=5,
limit=10
)
This abstraction hides the SQL complexity while allowing developers to work
with familiar programming concepts and object-oriented interfaces.
Eg:2
Network switches abstracting physical connections, letting devices
communicate without knowing the physical network layout
Modularity: Modularity: Dividing systems into independent, interchangeable
components
1. Modern browsers with separate modules for rendering, JavaScript
execution, and network communications
2. Vehicle design with modular systems (engine, transmission, electrical)
that can be developed and tested independently
Encapsulation: Encapsulation: Bundling data and methods that operate
on that data
1. A banking class that encapsulates account balance data and withdrawal
methods, ensuring withdrawals cannot exceed balance
2. Printer driver encapsulating complex printer commands, exposing only
simple print, scan, and copy methods
Separation of Concerns: Separation of Concerns: Dividing a system
into distinct sections addressing separate issues
2
� 1. Web application separating user authentication, business logic, and data
storage into distinct components
2. Modern OS separating user interface, application execution, and
hardware management
Single Responsibility Principle: Abstraction: Hiding implementation
details to reduce complexity
Modularity: Dividing systems into independent, interchangeable
components
Encapsulation: Bundling data and methods that operate on that data
Separation of Concerns: Dividing a system into distinct sections
addressing separate issues
Single Responsibility Principle: Each component should have only one
reason to change
e.g:
1. Email service with separate components for composition, delivery,
storage, and spam filtering
2. E-commerce platform with distinct services for product catalog, shopping
cart, payment processing, and order fulfillment
Architecture Patterns
Client-Server: Separates responsibilities between service providers and
consumers
Microservices: Building applications as suites of small, independent
services
Layered Architecture: Organizing components into horizontal layers
(presentation, business, data)
Event-Driven: Components communicate through events rather than
direct calls
Service-Oriented: Services communicate over a network using standard
protocols
Client-Server:
1. Web browsers (clients) requesting and rendering pages from web servers
2. Email clients connecting to mail servers to send/receive messages
Microservices:
1. Netflix's platform with separate services for user profiles,
recommendations, content delivery, and billing
3
� 2. E-commerce site with independent services for inventory, search,
reviews, and checkout
Layered Architecture:
1. Enterprise application with UI layer, business logic layer, and data access
layer
2. Network protocol stack (OSI model) with seven distinct layers from
physical to application
Event-Driven:
1. Stock trading platform where price changes trigger buy/sell orders
automatically
2. IoT system where sensor readings trigger alerts and automated responses
Quality Attributes
Scalability: Ability to handle growing workloads
Reliability: System's ability to perform required functions under stated
conditions
Availability: System's ability to be operational when needed
Performance: Response time, throughput, and resource utilization
Security: Protection against unauthorized access and attacks
Maintainability: Ease of modifying and extending the system
Quality Attributes:
Scalability:
1. Cloud-based application that adds server instances during peak traffic
hours
2. Database system that partitions data across multiple servers as volume
grows
Reliability:
1. Aircraft navigation system with multiple redundant components and
failure detection
2. Banking transaction system with journaling and rollback capabilities
Availability:
4
� 1. Cloud infrastructure with 99.99% uptime achieved through redundant
data centers
2. Healthcare system with failover capabilities to ensure continuous patient
monitoring
Performance:
1. Search engine returning results in under 200ms by using distributed
caching
2. Video streaming service that adjusts quality based on available bandwidth
Security:
1. Payment system using tokenization to prevent storing actual credit card
numbers
2. Multi-factor authentication system combining passwords, biometrics, and
security keys
Maintainability:
1. Well-documented codebase with automated testing covering 90% of
functionality
2. System with clear interfaces allowing component replacement without
affecting others
2. Hardware Specifications
Computing Resources
CPU: Processing power, cores, clock speed, cache
Memory (RAM): Capacity, speed, type (DDR4, DDR5)
Storage: Type (SSD vs. HDD), capacity, access speed, RAID
configurations
GPU: For graphics-intensive or parallel computing applications
Hardware Selection Factors
Workload requirements: Processing intensity, memory usage patterns
Growth projections: Future scaling needs
Cost constraints: CAPEX vs. OPEX considerations
Energy efficiency: Power consumption and cooling requirements
Form factor: Space constraints, rack units required
5
�3. Software Specifications
Operating Systems
Selection criteria: Compatibility, security, support, performance
Configuration: Resource allocation, services, security hardening
Middleware
Application servers: Managing business logic and application execution
Message brokers: Facilitating communication between components
Databases: Structured vs. unstructured, relational vs. NoSQL
Development Frameworks
Selection based on: Development speed, performance, team expertise
Compatibility considerations: With existing systems and architecture
2. Hardware Specifications
Computing Resources:
CPU:
1. Intel Xeon server processor with 64 cores at 3.4GHz and 108MB cache
for database servers
2. ARM-based mobile processor optimized for energy efficiency in
smartphones
Memory (RAM):
1. 128GB DDR5-4800 ECC memory configuration for virtual machine
hosts
2. 16GB low-power LPDDR5 memory for ultrabook laptops
Storage:
1. NVMe SSD RAID 10 array providing 8TB of fast, redundant storage for
transaction processing
2. Hierarchical storage with SSD cache and large-capacity HDDs for video
archiving
GPU:
1. NVIDIA A100 GPUs for machine learning model training and inference
6
� 2. AMD Radeon Pro graphics cards for CAD/CAM workstations
Hardware Selection Factors:
Workload requirements:
1. High-frequency trading platform requiring ultra-low latency components
2. Data archiving system prioritizing storage capacity over processing speed
Growth projections:
1. E-commerce platform sized for 5x current peak load to accommodate
five-year growth plan
2. Modular server rack design allowing incremental addition of computing
nodes
Cost constraints:
1. Cloud-based solution chosen over on-premises to avoid upfront hardware
investment
2. Selecting enterprise-grade components with longer lifespan to reduce
total cost of ownership
Energy efficiency:
1. Data center using liquid cooling to reduce air conditioning costs
2. Server processors that dynamically adjust clock speeds based on
workload
Form factor:
1. Blade server chassis fitting 42 compute nodes in a standard rack
2. Small form factor industrial computers for space-constrained
manufacturing environments
3. Software Specifications
Operating Systems:
Selection criteria:
1. Linux chosen for web servers due to security, performance, and lower
licensing costs
2. Windows selected for desktop environments due to application
compatibility and user familiarity
7
�Configuration:
1. Database server configured with large memory pages and optimized I/O
scheduling
2. Web server hardened by disabling unnecessary services and
implementing strict file permissions
Middleware:
Application servers:
1. Apache Tomcat handling Java servlet execution for enterprise
applications
2. Node.js managing real-time connections for collaborative editing
platform
Message brokers:
1. Apache Kafka handling high-volume event streaming between
microservices
2. RabbitMQ managing task queues for distributed processing systems
Databases:
1. PostgreSQL providing ACID-compliant transactional database for
financial systems
2. MongoDB storing flexible document data for content management
systems
Development Frameworks:
Selection based on:
1. React.js chosen for front-end development due to component reusability
and team expertise
2. Django selected for rapid development of data-driven applications with
built-in admin features
Compatibility considerations:
1. .NET Framework used to integrate with existing Windows-based
enterprise systems
2. Java Spring chosen to leverage existing middleware and container
infrastructure
8
�4. Network Considerations
Network Architecture
Topologies: Star, mesh, hierarchical designs
Segmentation: VLANs, subnets, security zones
Redundancy: Multiple paths, equipment redundancy
Connectivity
Bandwidth requirements: Based on data transfer needs
Latency considerations: Impact on application performance
Protocol selection: TCP/UDP, application-specific protocols
Network Security
Defense-in-depth: Multiple security layers
Access control: Authentication and authorization
Encryption: In-transit and at-rest data protection
Monitoring: Traffic analysis, intrusion detection
Topologies:
1. Star topology in office networks with centralized switches and redundant
connections
2. Mesh topology in data centers providing multiple paths between every
server
Segmentation:
1. Hospital network with separate VLANs for administrative, clinical, and
guest systems
2. Corporate network with DMZ for public-facing services and internal
zones for sensitive data
Redundancy:
1. Dual internet connections from different providers with automatic
failover
2. Redundant core switches with link aggregation between critical network
segments
Connectivity:
9
�Bandwidth requirements:
1. Video conferencing service requiring 5Mbps per HD stream
2. Medical imaging network provisioned for transferring multi-gigabyte
scan files
Latency considerations:
1. Gaming servers located near user populations to minimize ping times
2. Financial trading systems using dedicated fiber connections to reduce
latency
Protocol selection:
1. UDP for real-time voice communications where occasional packet loss is
acceptable
2. TCP for financial transactions where delivery confirmation is essential
Network Security:
Defense-in-depth:
1. Corporate network with firewall, IDS/IPS, endpoint protection, and data
loss prevention
2. Military system with physical security, air-gapped networks, and
encrypted communications
Access control:
1. Zero trust architecture requiring verification for every access request
regardless of location
2. Role-based access control system limiting resource access based on job
function
Encryption:
1. TLS 1.3 securing web traffic with forward secrecy and authenticated
encryption
2. Full-disk encryption protecting data on mobile devices in case of theft
Monitoring:
1. Security information and event management (SIEM) correlating logs
across network devices
10
�2. Network traffic analysis identifying abnormal patterns indicative of data
exfiltration
11
