I am new to system design & learning basic system design concepts but recently an interviewer has asked me a question.
"Design independent auth service with authorization for scale. Assuming it would be used for 1 million users concurrent."
So how would someone scale/architect a microservice handling authorization & Authentication for 1 million users concurrently?
It would be great if explained with an example in a way that a beginner(like me) to system design could understand.
Thank You.
Note: I know how to write a microservice architecture but failed to understand how to design a microservice architecture that scales to 1 million users concurrently.
It depends on the system design/architecture and the components / software layers in use. Based on use-case scenario/architecture, horizontal scaling by addition of instances or vertical scaling by addition of RAM etc.. can be deployed. In general, for systems that require large / high-traffic, horizontal scaling shall be preferred.
Perform few profiling / performance tests to decide on the approach by gathering related data / symptoms for analysis from your existing system. Determine maximum requests the current system can handle per second based on the result outcome and as per it you may need to increase the number of CPU cores of your system/server for handling such a number of concurrent requests.
Based on your system architecture, one of the approach can be considering the option of having a Load Balancer at entry point of your system that shall dispatch the requests to other servers / microservices in round robin manner or to respective pool of application specific servers / location specific servers. In this way it reduces the stress on the system and helps in scaling, application response times.
You can move towards a cluster based architecture for handling many concurrent sessions where you can have an orchestrator that will help in dynamic scaling up or down of replicas configured for microservices based on the burst in traffic or utilization of resources.
Typical solution can be based on API Gateway based deployment as it brings in security by handling the authentication and authorization from the external entities / callers up to the microservices. Here, for the external requests, the API gateway will do the load balancing, hiding of microservices, takes care of authorization and subsequently perform authentication and routing of the request to the respective microservice.
For a near perfect design, you may need to do performance test / load test / profiling on your components both software & hardware with the chosen approach and check if the various system requirements / performance metrics are met and decide accordingly.