Hardware is the key - more toys!

HTTPS will REALLY kill the server - a single serve will be hard pressed with 10,000 ssl connections.

I suggest load balancing multiple servers (client's will still only have to go to a single ip address) and using a SSL accelerator to offload the encryption from the server.

Also, thier f/w will have to allow 443 (HTTPS).

Another question - do the clients have to stay in constant contact? or only when needing the realtime data?

Difficult to answer your question as I really don't understand the app....

 

off the top of my head, cuz i'm busy with other things at the moment..

1 server ? woaaaah.. that's risky with than many users..

create somethign scalable and in a clustered environment , with a dedicated switch, and a backup switch all of course running gbic modules to plenty of fibre ?

an iscsi initiator with snapshot technology works for us and may help in this situation ?

allowable downtime associated with this 1 server ?

what if this 1 server goes down ?

have you planned for any disk failures , backups fault tolerance ?

 

There'll be a rewrite rule to redirect requests from port 80 to 443... forgot to mention that. Firewall will allow 443.

Clients will probably have to stay in constent connection with the server since data can arrive at any minute.

Basically, the server needs to let the client know that data has changed on the server after the User makes a request. Data may not change on every client request, but there is the possibility that it might.

 

The problem here is that I'm building the application, not the infrastructure. Supposedly they "know" about infrastructure and this is not what I do.

I really need more information about it though before presenting anything to them.

 

anytime we build app layer, we bring in db's and programmers galore..

 

^ same is true for my regular 9 to 5; however, I often take contracts on the side... and this is what I usually get

 

i read this thread real quick.. but here goes

you can proxy out to 443 using an 80 proxy.. just make sure your proxy supports that... also make sure you double check your transpency of the proxy especially for domain name authentication on the client certificate side.

if you are using SSL, i would recommend the use of SSL accelerators (I believe one such product is Nortel Alteons) to help reduce overall load on the actual application servers...

no point in pulling, just push the data since there is no real schedule to adhere to and u need it realtime... push seems better IMO. (until i know/read more)

 

10k user with 1 server?... from an infrastructure perspective.. this is the weakest link....

no matter how well your app is written... 1 server is not gonna cut it... so i agree with Simon...

 

speaking on infrastructure fortification/redundancy.. you need to keep in mind all the DRP solutions as well as the number of concurrent sessions a particular technology can support (.NET/Java/DB Connections/etc)....

depending on the technology you can use clustering, load balancing, active/passive recovery, SANs (common mounts), etc...

 

thanks 4 everyone's input & help... lots to consider here.