软件体系结构之质量属性课件

Ch.5DesigningtheArchitectureInstructor:TanLiwei软件设计与体系结构软件体系结构之质量属性referenceSoftwarearchitectureinpractice–ch1,ch5,ch7contentsDesigningArchitecture:AchievingQualities软件体系结构之质量属性ArchitectureBusinessCycle(ABC)CreatingthearchitectureHowdoesthearchitectcreateanarchitecture?(Multiplechoice):Byre-usingapproachesfromotherarchitectures通过重用来自于其他体系结构的方法

Byinventingnewapproachesoutofthinair无中生有地发明新方法

Bymagic耍魔术，变一个CreatingthearchitectureArchitectsprimarilyworkbyusingpreviously-triedsolutionsLargescale:PatternsandstylesSmallscale:TacticsStyles,patterns,andtacticsrepresentconceptualtoolsinthearchitect’s“toolbag.”Professionalarchitectsalwayskeeptheirtoolbaguptodate.风格，模式和策略是体系架构师的工具箱中的概念工具。专业的体系架构师会不断更新自己的工具箱。PatternsandstylesThemoderntermis“patterns”butearlypapersonsoftwarearchitecturewroteabout“softwarearchitecturestyles.”Stylesinarchitecturewereanalogoustostylesinhouses:Victorian(multi-story,lotsoffrilly(镶褶边的)wooddecorations,tallwindows,basicallysquarefootprint…)Colonial(brickfront,pillarsorcolumns,usuallysymmetricalfront…)Ranch(single-story,sprawling,notverydecorated…)大农场PatternsandstylesIndependentcomponentpatternsCommunication-processesEventsystemsImplicitinvocationExplicitinvocationDataflowpatternsBatchsequentialPipe-and-filterLayersData-centeredpatternsBlackboardrepositoryVirtualmachinepatternsInterpretersRule-basedsystemsCall-returnpatternsMainprogramandsubroutineObjectorientedStyles->PatternsThen,thedesignpatternscommunityarrived.Architecturalstyleswereclearlyjustpatterns,whosescopeofdesignwasthewholesystem–thatis,whosescopewasthearchitecture.Now,architecturalpatternsistheterminuse.Therearebooksofarchitecturalpatterns,e.g.,Buschmann,F.,R.Meunier,H.Rohnert,P.Sommerlad,andM.Stal.1996.Pattern-OrientedSoftwareArchitecture,Volume1:ASystemofPatterns.Wiley.现在到了设计模式时代，体系结构风格显然就是模式，其设计范围是整个系统。现在使用的术语是体系结构模式。关于体系结构模式的经典图书ArchitecturalpatternsThesearebroadly-scopedsolutionstopreviouslyencounteredproblems.Anarchitecturalpatternisfoundrepeatedlyinpracticeisapackageofdesigndecisionshasknownpropertiesthatpermitreusedescribesaclassofarchitectures模式会在实际应用中被不断地重复；它是一个设计决策包；具有众所周知的可重用的属性；模式描述了一类体系结构。ArchitecturalpatternsApatternisdeterminedanddescribedbyasetofelementtypesforexample,datarepositories,processes,andobjectsasetofinteractionmechanismsorconnectorsforexample,subroutinecalls,events,andpipesatopologicallayoutofthecomponentsasetofsemanticconstraintscoveringtopology,elementbehavior,andinteractionmechanismsInaddition,apatternisdescribedbywhenandwhytouseit模式的描述：组成元素的类型、交互机制或连接器、组件的拓扑规划、语义约束以及何时为什么使用该模式。ArchitecturalpatternsThesearewidelyknownandincludemanyfamiliardesignapproaches:LayeredPipe-andfilterClient-serverThinclientThickclientAsynchronousSynchronousN-tierclient-serverEtc.Peer-topeerAgent-basedsystemsService-orientedarchitecturesEtc.Observe:No“universal”listPatternscanbecombined:e.g.,layeredclient-serverPatternscanbespecializedChoiceofpatternstouseisnotrandom!注意：不可能列出所有的模式；多个模式可以组合；模式可能是专门化的；模式的选择不是随机的。TacticsAnarchitecturaltacticisafine-graineddesignapproachusedtoachieveaqualityattributeresponse.Tacticsarethe“buildingblocks”ofdesignfromwhicharchitecturalpatternsarecreated.体系结构策略是一种可获得质量属性响应的细腻的设计方法。策略可看作用来搭建体系结构模式的积木块。TacticsWhatisitthatimpartsportabilitytoonedesign,highperformancetoanother,andintegrabilitytoathird?Theachievementofthesequalitiesreliesonfundamentaldesigndecisions.Atacticisadesigndecisionthatinfluencesthecontrolofaqualityattributeresponse.Wecallacollectionoftacticsanarchitecturalstrategy.是什么向外界传达一个设计的灵便性、高性能和可集成性？依赖于基本的设计决策。策略是指影响质量属性响应控制的设计决策。策略的集合叫做体系结构战略。AvailabilityTactics可用性策略keepfaultsfrombecomingfailuresoratleastboundtheeffectsofthefaultandmakerepairpossible.使缺陷不要成为失败，或者至少限制缺陷的影响并使修复成为可能。AvailabilityTacticsfaultdetection.故障检测Ping/echo,Heartbeat,Exceptionsfaultrecovery故障恢复Faultrecoveryconsistsofpreparingforrecoveryandmakingthesystemrepair.Voting,Activeredundancy,Passiveredundancy,Spare,Shadowoperation,Stateresynchronization,Checkpoint/rollbackfaultprevention故障预防Removalfromservice,Transactions,ProcessmonitorFaultdetectionPing/echoOnecomponentissuesapingandexpectstoreceivebackanecho,withinapredefinedtime,fromthecomponentunderscrutiny.usedwithinagroupofcomponentsmutuallyresponsibleforonetask.usedbyclientstoensurethataserverobjectandthecommunicationpathtotheserverareoperatingwithintheexpectedperformancebounds."Ping/echo"faultdetectorscanbeorganizedinahierarchy,inwhichalowest-leveldetectorpingsthesoftwareprocesseswithwhichitsharesaprocessor,andthehigher-levelfaultdetectorspinglower-levelones.Thisuseslesscommunicationsbandwidththanaremotefaultdetectorthatpingsallprocesses.一个组件发出ping信号，期待在预计的时间内从要监视的组件收到响应它用于一组共同负责一个任务的组件。可以被客户端用来测试服务器及通信信道能在预计的性能约束内操作FaultdetectionHeartbeat(deadmantimer).Inthiscaseonecomponentemitsaheartbeatmessageperiodicallyandanothercomponentlistensforit.Iftheheartbeatfails,theoriginatingcomponentisassumedtohavefailedandafaultcorrectioncomponentisnotified.Theheartbeatcanalsocarrydata.Forexample,anautomatedtellermachinecanperiodicallysendthelogofthelasttransactiontoaserver.Thismessagenotonlyactsasaheartbeatbutalsocarriesdatatobeprocessed.一个组件周期性地发出心跳（heartbeat）消息，其它组件监听之。如果没听到心跳，说明前者已经失效，通知纠错组件。心跳也可携带数据。例如自动出纳机周期性地向服务器发送最新交易日志。FaultdetectionExceptions.例外Onemethodforrecognizingfaultsistoencounteranexception,whichisraisedwhenoneofthefaultclassesisrecognized.Theexceptionhandlertypicallyexecutesinthesameprocessthatintroducedtheexception.发现错误的另一种方法是使用例外，它在错误发生时抛出。例外处理器通常位于抛出例外的进程中。FaultrecoveryVotingProcessesrunningonredundantprocessorseachtakeequivalentinputandcomputeasimpleoutputvaluethatissenttoavoter.Ifthevoterdetectsdeviantbehaviorfromasingleprocessor,itfailsit.Thismethodisusedtocorrectfaultyoperationofalgorithmsorfailureofaprocessorandisoftenusedincontrolsystems.Ifalloftheprocessorsutilizethesamealgorithms,theredundancydetectsonlyaprocessorfaultandnotanalgorithmfault.在冗余的处理器上运行的进程获得相同的输入并计算出一个输出值，将之送到投票器，若投票器从一个处理器检测到异常行为，放弃之。此方法被用于纠正有缺陷的算法运算或处理器的失效，常用于控制系统中。若所有的处理器使用同样的算法，则该冗余只能检测处理器失效，不能检测算法失效。FaultrecoveryActiveredundancy(hotrestart).主动冗余Allredundantcomponentsrespondtoeventsinparallel.Consequently,theyareallinthesamestate.Whenafaultoccurs,thedowntimeofsystemsusingthistacticisusuallymillisecondssincethebackupiscurrentandtheonlytimetorecoveristheswitchingtime.Synchronizationisperformedbyensuringthatallmessagestoanyredundantcomponentaresenttoallredundantcomponents.所有的冗余组件同时响应事件。结果，他们处于同样的状态。错误发生的停机时间通常是微秒级。需要进行同步，做法是把送往任一个组件的消息同时送其他冗余组件。FaultrecoveryPassiveredundancy(warmrestart/dualredundancy/tripleredundancy).被动冗余Onecomponent(theprimary)respondstoeventsandinformstheothercomponents(thestandbys)ofstateupdatestheymustmake.Whenafaultoccurs,thesystemmustfirstensurethatthebackupstateissufficientlyfreshbeforeresumingservices.Synchronizationistheresponsibilityoftheprimarycomponent,whichmayuseatomicbroadcaststothesecondarytoguaranteesynchronizationThedowntimecanusuallybelimitedtoseconds.一个组件（主组件）对事件响应，同时通知其他组件（备份）更新状态。当错误发生，恢复服务前系统必须保证备份状态足够新。同步是主组件的职责，它使用自动广播来保证同步。停机时间通常是秒级。FaultrecoverySpare.备用的Astandbysparecomputingplatformisconfiguredtoreplacemanydifferentfailedcomponents.Itmustberebootedtotheappropriatesoftwareconfigurationandhaveitsstateinitializedwhenafailureoccurs.Makingacheckpointofthesystemstatetoapersistentdeviceperiodicallyandloggingallstatechangestoapersistentdeviceallowsforthesparetobesettotheappropriatestate.Thedowntimeforthistacticisusuallyminutes.使用一备用的计算平台来替换许多不同的失败组件。当失败发生时，必须重启到适当的软件配置下，并初始化状态。做法是周期性地向持久化设备保存系统状态的检查点，并把所有的状态变化记录到持久化设备下，以便备用设备恢复。停工期通常以分钟计。FaultrecoveryShadowoperation.镜像操作Apreviouslyfailedcomponentmayberunin"shadowmode"forashorttimetomakesurethatitmimicsthebehavioroftheworkingcomponentsbeforerestoringittoservice.失败的组件可以运行于镜像模式一段时间以保证它在恢复服务前仿真正常组件的行为。FaultrecoveryStateresynchronization.状态再同步Thepassiveandactiveredundancytacticsrequirethecomponentbeingrestoredtohaveitsstateupgradedbeforeitsreturntoservice.Theupdatingapproachwilldependonthedowntimethatcanbesustained,thesizeoftheupdate,andthenumberofmessagesrequiredfortheupdate.Asinglemessagecontainingthestateispreferable,ifpossible.Incrementalstateupgrades,withperiodsofservicebetweenincrements,leadtocomplicatedsoftware.被动与主动冗余策略要求被恢复的组件在回到服务前使其状态升级。升级步骤依赖于可忍受的停工期、更新的大小和更新要求的消息数量。如果可能的话，包含状态的简单消息是首选的。FaultrecoveryCheckpoint/rollback.检查点/回滚Acheckpointisarecordingofaconsistentstatecreatedeitherperiodicallyorinresponsetospecificevents.Sometimesasystemfailsinanunusualmanner,withadetectablyinconsistentstate.Inthiscase,thesystemshouldberestoredusingapreviouscheckpointofaconsistentstateandalogofthetransactionsthatoccurredsincethesnapshotwastaken.检查点是周期性或在发生特定事件时创建的一致性状态的记录。有时系统以不寻常的方式失败于可检测的不一致状态。此时，系统应该用以前的一个一致状态的检查点和检查点之后发生的事务记录来恢复。FaultpreventionRemovalfromservice.移除服务Thistacticremovesacomponentofthesystemfromoperationtoundergosomeactivitiestopreventanticipatedfailures.Transactions.事务Atransactionisthebundlingofseveralsequentialstepssuchthattheentirebundlecanbeundoneatonce.Processmonitor.进程监视器Onceafaultinaprocesshasbeendetected,amonitoringprocesscandeletethenonperformingprocessandcreateanewinstanceofit,initializedtosomeappropriatestateasinthesparetactic.SummaryofavailabilitytacticsModifiabilityTacticsTacticstocontrolmodifiabilityhaveastheirgoalcontrollingthetimeandcosttoimplement,test,anddeploychanges.控制可修改性的策略致力于控制软件实现、测试、和配置改变的时间和成本可根据目标把修改策略分组:(1)localizemodifications:减少直接被修改影响的模块数量(2)Preventtherippleeffect:把修改限制到局部模块(3)Deferbindingtime:控制部署时间和成本LocalizeModifications局部修改受影响的模块数与修改的成本没有精确的关系，但把修改限制到少量的模块通常可以减少成本。这里给出5种限制范围的策略：Maintainsemanticcoherence.保持语义一致性Semanticcoherencereferstotherelationshipsamongresponsibilitiesinamodule.Thegoalistoensurethatalloftheseresponsibilitiesworktogetherwithoutexcessiverelianceonothermodules.语义一致性指一个模块中各职责间的关系。目的是保证模块内各职责一起工作而没有对其它模块的额外依赖。LocalizeModifications局部修改Anticipateexpectedchanges预见期望的修改Consideringthesetofenvisionedchangesprovidesawaytoevaluateaparticularassignmentofresponsibilities.Thetacticofanticipatingexpectedchangesdoesnotconcernitselfwiththecoherenceofamodule’sresponsibilitiesbutratherwithminimizingtheeffectsofthechanges.Inrealitythistacticisdifficulttousebyitselfsinceitisnotpossibletoanticipateallchanges.Forthatreason,itisusuallyusedinconjunctionwithsemanticcoherence.预先考虑将来的修改提供了一种评估职责分派的方法。这种方法并不关心模块职责的一致性本身，而是要把修改带来的影响降到最低。现实中这种策略很难单独使用，因为预期所有的修改是不可能的，因此，常常与语义一致性联合使用LocalizeModifications局部修改Generalizethemodule.使模块一般化Makingamodulemoregeneralallowsittocomputeabroaderrangeoffunctionsbasedoninput.Theinputcanbethoughtofasdefiningalanguageforthemodule.Themoregeneralamodule,themorelikelythatrequestedchangescanbemadebyadjustingtheinputlanguageratherthanbymodifyingthemodule使模块更一般化允许计算更多的基于输入的功能。该输入可看着为模块定义了一种语言。模块越一般化，要求的修改就越能通过调整输入语言来实现，而不用修改模块。LocalizeModifications局部修改Limitpossibleoptions.限制可能的选项Modifications,especiallywithinaproductline,maybefarrangingandhenceaffectmanymodules.Restrictingthepossibleoptionswillreducetheeffectofthesemodifications.修改，特别是生产线上的修改，范围非常广泛，因此会影响许多模块。限制可能的选项可以减少修改带来的影响。PreventRippleEffects防止涟漪效应Arippleeffectfromamodificationisthenecessityofmakingchangestomodulesnotdirectlyaffectedbyit.修改的涟漪效应指当修改一个模块时，必须修改另一个受到间接影响的模块的必要性。IfmoduleAischangedtoaccomplishaparticularmodification,thenmoduleBischangedonlybecauseofthechangetomoduleA.Bhastobemodifiedbecauseitdepends,insomesense,onA.比如，由于模块B因为某种原因依赖于模块A，当模块A被修改时，那么都有哪些依赖呢？PreventRippleEffects-typesofdependenciesSyntaxof语法data.ForBtocompile(orexecute)correctly,thetype(orformat)ofthedatathatisproducedbyAandconsumedbyBmustbeconsistentwiththetype(orformat)ofdataassumedbyB.B要使用A产生的数据，要求A提供的数据与B所要求的在类型（或格式）上一致Service.ForBtocompileandexecutecorrectly,thesignatureofservicesprovidedbyAandinvokedbyBmustbeconsistentwiththeassumptionsofB.B使用A提供的服务，服务的签名必须一致。PreventRippleEffects-typesofdependenciesSemanticsof语义data.ForBtoexecutecorrectly,thesemanticsofthedataproducedbyAandconsumedbyBmustbeconsistentwiththeassumptionsofB.生产者提供的数据的语义必须与消费者所需要的一致。service.ForBtoexecutecorrectly,thesemanticsoftheservicesproducedbyAandusedbyBmustbeconsistentwiththeassumptionsofB.服务的语义也要一致。PreventRippleEffects-typesofdependenciesSequenceof顺序data.ForBtoexecutecorrectly,itmustreceivethedataproducedbyAinafixedsequence.Forexample,adatapacket‘sheadermustprecedeitsbodyinorderofreception(asopposedtoprotocolsthathavethesequencenumberbuiltintothedata).B的正确执行依赖于从A收到的数据的顺序control.ForBtoexecutecorrectly,Amusthaveexecutedpreviouslywithincertaintimingconstraints.Forexample,Amusthaveexecutednolongerthan5msbeforeBexecutes.B的正确执行依赖于A在之前的某个时间约束下执行完PreventRippleEffects-typesofdependenciesIdentityofaninterfaceofA.接口的标识Amayhavemultipleinterfaces.ForBtocompileandexecutecorrectly,theidentity(nameorhandle)oftheinterfacemustbeconsistentwiththeassumptionsofB.A可能有多个接口，B的正确执行要求接口的标识（名称或操作）与B所假定的一致LocationofA(runtime).运行时的位置ForBtoexecutecorrectly,theruntimelocationofAmustbeconsistentwiththeassumptionsofB.Forexample,BmayassumethatAislocatedinadifferentprocessonthesameprocessor.B的正确执行要求A运行的位置与B的假定一致。如B可能要求B处于同一处理器的不同进程中。PreventRippleEffects-typesofdependenciesQualityofservice/dataprovidedbyA.质量ForBtoexecutecorrectly,somepropertyinvolvingthequalityofthedataorserviceprovidedbyAmustbeconsistentwithB‘sassumptions.B的正确执行依赖于A提供的数据或服务的质量Forexample,dataprovidedbyaparticularsensormusthaveacertainaccuracyinorderforthealgorithmsofBtoworkcorrectly.比如要求传感器提供的数据达到一定的精度PreventRippleEffects-typesofdependenciesExistenceofA.B的正确执行要求A必须存在ForBtoexecutecorrectly,Amustexist.Forexample,ifBisrequestingaservicefromanobjectA,andAdoesnotexistandcannotbedynamicallycreated,thenBwillnotexecutecorrectly.ResourcebehaviorofA.ForBtoexecutecorrectly,theresourcebehaviorofAmustbeconsistentwithB‘sassumptions.ThiscanbeeitherresourceusageofA(AusesthesamememoryasB)orresourceownership(BreservesaresourcethatAbelievesitowns).B对A的资源行为有要求，比如要求A使用某资源或拥有某资源PreventRippleEffects-tacticsNoticethatnoneofourtacticsnecessarilypreventtherippleofsemanticchanges.Hideinformation.隐藏信息Informationhidingisthedecompositionoftheresponsibilitiesforanentity(asystemorsomedecompositionofasystem)intosmallerpiecesandchoosingwhichinformationtomakeprivateandwhichtomakepublic.把实体的职责分解为若干较小的部分，并选择哪些应该是private，哪些public。即把易变的部分分拆出去。PreventRippleEffects-tacticsMaintainexistinginterfaces.保持现有接口IfBdependsonthenameandsignatureofaninterfaceofA,maintainingthisinterfaceanditssyntaxallowsBtoremainunchanged.若B依赖于A的接口名称和基调，保持接口及其语义允许B保持不变。PatternsthatimplementthistacticincludeAddinginterfaceAddingadapterProvidingastubA.PreventRippleEffects-tacticsRestrictcommunicationpaths.限制通信路径Restrictthemoduleswithwhichagivenmodulesharesdata.Thatis,reducethenumberofmodulesthatconsumedataproducedbythegivenmoduleandthenumberofmodulesthatproducedataconsumedbyit.限制共享数据的模块。即限制为同一模块提供数据的生产者的数量，或限制消费者的数量。Thiswillreducetherippleeffectsincedataproduction/consumptionintroducesdependenciesthatcauseripples.PreventRippleEffects–tacticsUseanintermediary.使用中间物IfBhasanytypeofdependencyonAotherthansemantic,itispossibletoinsertanintermediarybetweenBandAthatmanagesactivitiesassociatedwiththedependency.Theintermediaryare:data(syntax).Repositories(bothblackboardandpassive)actasintermediariesbetweentheproducerandconsumerofdata.service(syntax).Thefacade,bridge,mediator,strategy,proxy,andfactorypatternsallprovideintermediariesthatconvertthesyntaxofaservicefromoneformintoanother.若B对A有任何非语义的依赖，在B和A之间插入一个中间物来管理与依赖相关的活动是可能的。中间物可以是：数据（语法）。仓储是数据的生产者和消费者之间的中间物。服务。把服务从一种形式转换为另一种形式的语法。PreventRippleEffects-tacticsidentityofaninterfaceofA.Abrokerpatterncanbeusedtomaskchangesintheidentityofaninterface.IfBdependsontheidentityofaninterfaceofAandthatidentitychanges,byaddingthatidentitytothebrokerandhavingthebrokermaketheconnectiontothenewidentityofA,Bcanremainunchanged.locationofA(runtime).AnameserverenablesthelocationofAtobechangedwithoutaffectingB.Aisresponsibleforregisteringitscurrentlocationwiththenameserver,andBretrievesthatlocationfromthenameserver.中间物可以是：

A的接口身份。使用broker(中间人)来屏蔽接口的改变

A的位置（运行时）。使用一个名字服务器使得A的位置的改变不会影响到B。PreventRippleEffects-tacticsresourcebehaviorofAorresourcecontrolledbyA.Aresourcemanagerisanintermediarythatisresponsibleforresourceallocation.Certainresourcemanagers(e.g.,thosebasedonRateMonotonicAnalysisinreal-timesystems)canguaranteethesatisfactionofallrequestswithincertainconstraints.A,ofcourse,mustgiveupcontroloftheresourcetotheresourcemanager.existenceofA.Thefactorypatternhastheabilitytocreateinstancesasneeded,andthusthedependenceofBontheexistenceofAissatisfiedbyactionsofthefactory.中间物可以是：

A的资源行为。使用资源管理器来负责资源分配。

A的存在。工厂模式有在需要时创建实例的能力，故B在A的存在上的依赖可通过工厂的动作来解决。DeferBindingTime延迟绑定时间Thetwotacticcategorieswehavediscussedaredesignedtominimizethenumberofmodulesthatrequirechangingtoimplementmodification.Ourmodificationscenariosincludetwoelementsthatarenotsatisfiedbyreducingthenumberofmodulestobechanged–timetodeployandallowingnondeveloperstomakechanges.Deferringbindingtimesupportsbothofthosescenariosatthecostofrequiringadditionalinfrastructuretosupportthelatebinding.前边讨论的两类策略用来最小化在实现修改时要求改变的模块数量。我们的修改场景中包括不通过减少改变的模块数量来满足的两个元素－配置时间和允许非开发人员进行改变。延迟绑定时间支持这两个元素，但需要额外的基础构造来支持延迟绑定DeferBindingTime延迟绑定时间Manytacticsareintendedtohaveimpactatloadtimeorruntime,suchasthefollowingRuntimeregistrationsupportsplug-and-playoperationatthecostofadditionaloverheadtomanagetheregistration.Publish/subscriberegistration,forexample,canbeimplementedateitherruntimeorloadtime.Configurationfilesareintendedtosetparametersatstartup.Polymorphismallowslatebindingofmethodcalls.Componentreplacementallowsloadtimebinding.Adherencetodefinedprotocolsallowsruntimebindingofindependentprocesses.许多策略试图影响装载时间或运行时间，例如：运行时注册配置文件试图在启动时设置参数。多态性允许推迟方法调用的绑定。组件替换允许装载时绑定。SummaryofmodifiabilitytacticsPerformanceTacticsperformancetacticsistogeneratearesponsetoaneventarrivingatthesystemwithinsometimeconstraint.性能上的策略就是在某个时间约束内对到达系统的事件产生响应PerformanceTacticsTwobasiccontributorstotheresponsetimeResourceconsumption.ResourcesincludeCPU,datastores,networkcommunicationbandwidth,andmemory,butitcanalsoincludeentitiesdefinedbytheparticularsystemunderdesign.Blockedtime.AcomputationcanbeblockedfromusingaresourcebecauseofContentionforresourcesAvailabilityofresourcesDependencyonothercomputation对响应时间有两个基本的贡献者：资源消费。资源包括CPU、数据存储、网络通信带宽和内存，也可包括由特定的系统定义的实体。阻塞时间。一个计算可能被阻塞到要使用的资源上，因为争夺资源、资源的可用性或者对其他计算的依赖。PerformanceTacticsthreetacticcategories:resourcedemand资源需求resourcemanagement资源管理resourcearbitration资源仲裁ResourceDemandOnetacticforreducinglatencyistoreducetheresourcesrequiredforprocessinganeventstream.Waystodothisincludethefollowing.Increasecomputationalefficiency.Onestepintheprocessingofaneventoramessageisapplyingsomealgorithm.Improvingthealgorithmsusedincriticalareaswilldecreaselatency.Reducecomputationaloverhead.Ifthereisnorequestforaresource,processingneedsarereduced.资源请求的来源是事件流。资源需求的两个特征是资源流中的事件间的时间间隔（请求资源的频率）和每次请求消耗多少资源。减少延迟的一个策略是减少处理事件流所需要的资源。具体做法包括：提高计算效率。即改善临界区中使用的算法。减少计算的管理开销。如果一个资源可以不要，那么处理就被简化了。ResourceDemandAnothertacticforreducinglatencyistoreducethenumberofeventsprocessed.Thiscanbedoneinoneoftwofashions.Manageeventrate.Ifitispossibletoreducethesamplingfrequencyatwhichenvironmentalvariablesaremonitored,demandcanbereduced.Controlfrequencyofsampling.Ifthereisnocontroloverthearrivalofexternallygeneratedevents,queuedrequestscanbesampledatalowerfrequency,possiblyresultinginthelossofrequests.另一个策略是减少处理的事件数量。这也可以分两个方面：管理事件速率。如果可能减少监控的环境变量的抽样频率，则资源需求可减少。控制抽样频率。如果对外部产生事件的到达没有控制，队列中的请求可能以较低的频率采样，可能导致请求丢失。ResourceDemandOthertacticsforreducingormanagingdemandinvolvecontrollingtheuseofresources.Boundexecutiontimes.Placealimitonhowmuchexecutiontimeisusedtorespondtoanevent.Sometimesthismakessenseandsometimesitdoesnot.Foriterative,data-dependentalgorithms,limitingthenumberofiterationsisamethodforboundingexecutiontimes.Boundqueuesizes.Thiscontrolsthemaximumnumberofqueuedarrivalsandconsequentlytheresourcesusedtoprocessthearrivals.减少或管理资源要求的另一策略是控制资源的使用：控制执行时间。对用于响应事件的执行时间进行限制。有时这样做有意义有时没有。对迭代的数据相关算法，限制迭代的次数是一种控制执行时间的方法。控制队列尺寸。即控制队列中到达的请求的最大数量。因而控制了使用的资源。ResourceManagementIntroduceconcurrency.Ifrequestscanbeprocessedinparallel,theblockedtimecanbereduced.Maintainmultiplecopiesofeitherdataorcomputations.Clientsinaclient-serverpatternarereplicasofthecomputation.Increaseavailableresources.Fasterprocessors,additionalprocessors,additionalmemory,andfasternetworksallhavethepotentialforreducinglatency.即使资源请求没法控制，对资源的管理也会影响响应时间，一些控制策略包括：引入并发。如果请求可以并行处理，阻塞时间可以减少。维持数据或计算的多个拷贝。如CS模式中的客户是计算的多个复制品。复制的目的是减少竞争。增加可用的资源。如更快的处理器，更多的处理器，增加内存，更快的网络，都是减少延迟的潜在方法。ResourceArbitrationFirst-in/First-out.FIFOqueuestreatallrequestsforresourcesasequalsandsatisfytheminturn.Fixed-priorityscheduling.Fixed-priorityschedulingassignseachsourceofresourcerequestsaparticularpriorityandassignstheresourcesinthatpriorityorder.semanticimportancedeadlinemonotonicratemonotonic有资源竞争,就有资源计划,如处理器、缓存、网络等。架构师的目标就是要理解各资源的使用特性，选择谐调的调度策略。一种安排策略概念上有两部分：优先权分配和调度。优先权安排可以象先进先出那么简单，也可以与请求的最终期限或语义重要性绑在一起。安排的标准包括最优资源使用率、请求的重要程度、最小化使用的资源共享数量、最低延迟、最大化吞吐量、防止饿死以保证公平等等。架构死需要意识到可能冲突的标准，以及所选策略对满足标准的影响。只有当指派的资源可用，高优先权的事件流才被调度。有时这依赖于资源抢占策略。如：随时抢占、仅在特定的抢占点抢占、不能抢占正执行的进程资源等。几种常用的调度策略如下：先进先出。使用FIFO队列，平等对待所有的资源请求，轮流处理。固定优先权。为每个资源请求源赋予特定的优先权，并安该顺序分派资源。分派依据包括：语义重要性、最终期限单调、速率单调（即对周期性事件流，周期短优先）ResourceArbitrationDynamicpriorityschedulingroundrobin.Roundrobinisaschedulingstrategythatorderstherequestsandthen,ateveryassignmentpossibility,assignstheresourcetothenextrequestinthatorder.earliestdeadlinefirst.Earliestdeadlinefirstassignsprioritiesbasedonthependingrequestswiththeearliestdeadline.Fixed-priorityscheduling.动态优先权调度循环调度（轮式调度）。把资源排成环，每次调度后，环中的下一个优先权最高。最早最终期限优先。ResourceArbitrationStaticscheduling.Acyclicexecutivescheduleisaschedulingstrategywherethepreemptionpointsandthesequenceofassignmenttotheresourcearedeterminedoffline.静态调度循环执行调度是这样一种调度策略，抢占点和资源分派顺序离线决定。SummaryofperformancetacticsSecurityTacticsTacticsforachievingsecuritycanbedividedintothoseconcernedwithresistingattacksthoseconcernedwithdetectingattacksthoseconcernedwithrecoveringfromattacks.获取安全性的策略可以分几类：那些与抵抗攻击相关的；检测攻击相关的；从攻击中恢复；ResistingattacksAuthenticateusers.Authentication（鉴定）isensuringthatauserorremotecomputerisactuallywhoitpurportstobe.Passwords,one-timepasswords,digitalcertificates,andbiometricidentificationsprovideauthentication.Authorizeusers.Authorization（授权）isensuringthatanauthenticateduserhastherightstoaccessandmodifyeitherdataorservices.抵抗攻击的方法：鉴别用户。确保用户或远程计算机确实是它所声称的那一个。相关技术包括口令、一次性口令、数字证书、生物测定等。授权用户。给予授权用户访问或修改数据的权力。ResistingattacksMaintaindataconfidentiality（机密）.Datashouldbeprotectedfromunauthorizedaccess.Confidentialityisusuallyachievedbyapplyingsomeformofencryptiontodataandtocommunicationlinks.Encryptionprovidesextraprotectiontopersistentlymaintaineddatabeyondthatavailablefromauthorization.Communicationlinkstypicallydonothaveauthorizationcontrols.Encryptionistheonlyprotectionforpassingdataoverpubliclyaccessiblecommunicationlinks.维持数据机密性。机密性通常通过某种形式的机密技术来达到。对于通信链路来说，一般没有授权控制方法，加密是唯一的保护手段。ResistingattacksMaintainintegrity.Datashouldbedeliveredasintended.Itcanhaveredundantinformationencodedinit,suchaschecksumsorhashresults,whichcanbeencryptedeitheralongwithorindependentlyfromtheoriginaldata.Limitexposure.Attackstypicallydependonexploitingasingleweaknesstoattackalldataandservicesonahost.Thearchitectcandesigntheallocationofservicestohostssothatlimitedservicesareavailableoneachhost.维护完整性 数据应按意图交付。它可能包含冗余信息如检测位或哈希码，必须全部交付给接收方。限制曝露 典型攻击是从主机的一个弱点入手进而攻击所有数据和服务。架构师可设计服务对主机的分配以便限制每个主机可用的服务。ResistingattacksLimitaccess.Firewallsrestrictaccessbasedonmessagesourceordestinationport.限制访问 使用防火墙基于消息来源或目标端口限制访问