Building large scale systems has become increasingly common under modern Internet industry.

Three Tier Architecture

When we start to develop a large scale system, we usually use a three tier architecture methodology to build it:

  • The client tier: responsible for interacting with the user via a Graphical User Interface (GUI) and submitting requests via the network to the mid tier.
  • The mid tier: responsible for gathering requests from clients and executing transactions against the data tier.
  • The data tier: responsible for physical storage and manipulation of the information represented by application queries and the responses to those queries.

The benefits of a three tier architecture include:

  • Centralization of business logic for ease of maintenance
  • Separation of user interface logic from data access logic
  • The ability to spread work over several machines ( load balancing )
  • When the client tier is a browser, an independence from the platform used to execute user interface logic, allowing a broader reach for the application

System Design Aspects


A system is said to be scalable if it can handle an increased load without redesign. The lion’s share of the cost of system development is usually labor, so being able to adjust to increasing load without having to rewrite every time ten new users are added is a crucial feature.


Large scale systems often need to be highly available. Availability is the ability of a system to be operational a large percentage of the time – the extreme being so-called “24/7/365” systems. The largest challenge to availability is surviving system instabilities, whether from hardware or software failures.


In a two node cluster, when the first node fails, we’ve lost our backup, and there is now a single point of failure, jeopardizing the high availability characteristics we so carefully crafted our system around. For this reason, manageability is an important aspect of successful large scale system design.


Security is an important aspect of system design, and all the more so for distributed systems, since they are often open to attack from agents at any of millions of worldwide locations. Therefore, system designers need to carefully consider what mechanisms they will use for authentication and authorization.

Development practices

Properly speaking, this last ingredient is not an aspect of the system itself, but rather an element of the process used to develop the system. Still, employing proper development practices is a fundamental that must be kept in mind during planning, as much as scalability, availability, manageability, and security.

Things to consider

  • API Design
    • GraphQL
    • Restful API
    • gRPC
  • Data Consistency
    • Database Management
    • Database Maintenance
    • Event Driven Architecture
  • API Gateway
    • Authentication and Authorization (End User)
    • Entitlement (Consumer App)
    • Rate Limiting (Consumer)
  • Security
    • Web Application Firewall (WAF)
  • Service Mesh
    • End to end TLS
    • Service to service authentication
    • Rate Limiting
    • Zero Trust Network
  • API Standards and Documents
    • OpenAPI
    • Protobufs
    • Service starter scaffolding
    • Client typing generation and distribution
    • Service side validation
  • Monitoring
    • Distributed tracing
    • Logging


This is the end of post