IT ConsultingIT Consulting advises how to build solutions that fulfill the business strategy. It is a how-to guide for technology. The deliverables are:
- Inject requirements needed to make the solution work. Frequent omissions include security, availability, disaster recovery, and response time.
- Create a detailed design, including data flows and software versions.
- Develop project plans to integrate the solution into business workflows.
- Prototype complex technologies to learn and mitigate delivery risks.
Sub-Second Response TimeA fast website enhances the user experience. It becomes accessible to slower client technologies at geographically remote locations. The Google Page Insights tool identifies some of the items outlined in this section.
Number of URLs per PageThe number of URLs on a web page is a count of separate downloadable packages. The fewer there are, the faster the page loads.
The following chart shows the number of CSS files per page across 100,000 websites. Fast sites have zero as per Google guidelines. Besides reducing the number of downloads, it allows the browser to start rendering the page immediately. Content Management Systems (CMS) frequently deemphasize speed resulting in many CSS files, as shown in the following chart.
Payload EfficiencyAn efficient payload minimizes the bytes downloaded to get the desired effect. However, technical complexity leads to inadvertent bloating. The following chart shows the ratio of visible text over the file size. It outlines that 13% of websites allocate 1% or less of the payload to the printed word. The 4 to 15% range tends to be optimal because of the inherent overheads built into the HTML and HTTP standards. There are many ways to increase payload efficiency. The most effective are:
- Send mobile-sized images to mobile devices and larger ones to desktop displays.
- Optimize image file type. For example, SVG files for charts and logos because they are smaller.
- Tune image file settings. Specific adjustments depend on the file type. For example, setting JPEG quality to 60% typically causes no visible degradation but reduces file sizes.
- Strip excess spaces and comments from text files before deploying them to production.
- Compress all content sent over the network. JPG and PNG have built-in compression, but all types benefit from web server compression.
Multi-Regional DeploymentsA multi-regional deployment places stand-alone web servers in several geographic regions. These servers contain the entire website and respond to user requests from the closest server. It is significantly faster and more robust than a Content Delivery Network (CDN) in front of a single backing website.
Websites Designed for PerformanceA fast website design considers page response time when making each design decision. Tacking performance on as an afterthought does not work very well. The following techniques speed up response times.
- Remove bloated technology. Most Content Management System (CMS) dump thousands of files into the web server directory before considering the content. An efficient design adds the first file when making the first page.
- Tune the hardware and software configuration based on load testing. Many hosting providers do not allow load testing.
- Select a hosting provider that guarantees hardware capacity for the website. Many hosting providers have inconsistent performance because one server hosts hundreds to thousands of websites.
- Use speed as one of the criteria to select software and services. For example, how fast is your DNS service provider relative to the competition? How about the network latency?
- Keep software updated because newer standards like HTTP/2 and TLS 1.3 are faster than most websites use.
Highly Available DesignThe cloud significantly reduced the investment needed for a high availability design that prevents outages from happening in the first place. The following sections outline a few methods to increase uptime.
Software CurrencyMany issues get fixed by applying current patches. However, most webservers are out of date. For example, WordPress powers over half of the websites but only they only patch the current version. The following chart shows that 81% of websites were out of support. The advantages of software currency include:
- Fixes known issues.
- Add new security features and remove out-of-date options.
- Access to security patches.
- Compatibility between system components.
Testing EnvironmentsWebsites significantly mitigate risks by testing and fixing issues before deploying into production. Classes of testing include:
- Run 3rd party testing tools against the site for SEO, performance, security, social sharing, HTML syntax, etc. These ensure the page works well in the internet ecosystem.
- Compare performance with different system designs, hardware, and software.
- Test multiple disaster recovery scenarios.
- Verify the ability to roll forward and back production updates because they are the most error-prone IT task.
Network RedundancyBGP is the internet protocol supporting concurrent network connections. A robust data center has many BGP connections to improve speed and reliability. However, a significant number of data centers have a single connection while others have over 30.
Blue / Green DeploymentA Blue/Green deployment tests production candidate deployments before sending them production load. If the candidate fails after rolling forward, it can roll back to the older system. The old environment remains in place until the new one proves stable, say after a week. The approach maximizes uptime with the most problematic IT task.
CyberattackCyberattacks continue to escalate in sophistication and frequency for many reasons. A solid security design:
- Make the website look unattractive to an attacker.
- Layer the protections to mitigate the risk of any one vulnerability.
- Detects and blocks suspicious activity.
- Logs activity to support forensic analysis.
- Plan and test for recovery from cyberattack.
Hard Disk RedundancyHard disk redundancy supports continuous uptime even when one disk fails. Unlike other types of hardware redundancy, disk redundancy is more cost-effective. It is relevant because disks are a frequent failure mode that results in data loss.
Server RedundancyCloud solutions changed the design patterns for server redundancy. The client does not have pre-purchase redundant capacity. Instead, they deploy new servers on-demand when the old one fails. They rely on the cloud provider having excess capacity.
Disaster RecoveryDisaster recovery is the ability to recover from unexpected events. It's a matter of time before a solution crashes. Planning for that event mitigates the impact on the business.
Disaster Recovery RequirementsIT disasters are a fact of using technology. They have well-known failure mechanisms making it straightforward to plan and test for recovery. A good set of recovery modes include:
- Test environments and procedures to ensure everything works before depending on it.
- Script the automation to mitigate the risk of human errors.
- Plan to purge ransomware and malware from the website.
- Automate hardware replacement with a script.
- Support roll forward and back of deployment updates.
- Run load test scripts to stress the systems while running response times and disaster recovery tests.
Business ContinuityBusiness continuity includes disaster recovery and the surrounding business processes. IT supports continuity planning by:
- Provide documentation to auditors and respond to their queries.
- Support continuity testing and fix discovered issues.
- Write scripts to simulate failure scenarios.
Recovery Point Objective (RPO)The RPO is the maximal possible time between the last backup and the point of failure. It represents the maximal time window for data loss. The business needs to know what the RPO means and have a plan to manage the impact. Database roll-forward recovery is a technology designed to drive RPO to zero. However, the implementation can get complex. Failure to manage RPO can have significant business impacts.
Failure Detection TimeThe failure detection time is between a failure event and the start of recovery. A well-designed monitoring solution detects many types of failure and shrinks the detection window.
Recovery Time Objective (RTO)The recovery time objective (RTO) is the time from deciding to recover systems to completion. Modern cloud designs can recover the most straightforward data centers and applications in 15 minutes. Recovery should include all the standard failure modes, including hardware, internet, and cyberattack.
Content MigrationContent migration replicates the text and images of a website to a new hosting platform. Most migrations are a solution to underlying technical issues. So they should NOT replicate the underlying technical problems. The content migration should clear up the deployment, including:
- Fix broken links and redirects.
- Make the display work on mobile devices.
- Resize and optimize images for the web.
- Remove bloat that slows down response times.
Transition PlanningThe transition plan preserves the links from the internet to the website. There is probably no point in planning without organic traffic, but bad planning can cause catastrophic traffic loss.
The transition should include optimization of the URL on the website. Those can include:
- MMove URL for all from the domain name of the hosting provider to the website. Several hosting platforms build their domain reputation by putting client content like images under their domain name.
- Update all the URLs on the page to SEO-friendly names.
- Standardize URL names, such as lowercase with a hyphen between words.
- Remove the www prefix to shorten the name.
- Migrate to HTTPS.
3rd Party Testing ToolsThere are many 3rd party testing tools to validate how the website works. They include:
- Google Rich Results Test promotes enhanced results for products, addresses, and further details.
- Google Mobile-Friendly Test for usability on mobile devices.
- Google Page Speed Insights for page response times.
- Facebook for Developers for social sharing on Facebook, text messages, and other social platforms.
- Twitter Card Validator for social sharing on Twitter.
- W3C Markup Validation Service to remove HTML errors to help ensure the page displays consistently across web browsers.
- Qualys SSL Labs to validate HTTPS security settings.