Securing Netflix Studios At Scale

Over the years, Netflix has evolved from a streaming company to a full-fledged studio. Being a tech company, we wanted to leverage that expertise to build a studio of the future. In this future world, there is an application for every part of the process – from creative, to production, to marketing, and eventually all the way to playback. We call it the “Studio in the Cloud.”

As you can imagine, one of the biggest concerns for these applications is security because of all the sensitive information related to pre-release content. So how do we get these applications on the internet as fast as possible and as securely as possible?

Well, we already have a secure gateway for streaming customers, so why don’t we also leverage it for Studio applications? That’s exactly what we did, and it has streamlined deployment while also increasing security. It has been an unmitigated success story.

Read this entry...

Keeping Netflix Reliable Using Prioritized Load Shedding

Running Zuul at Netflix, we often see traffic spikes. Typically the spikes are caused by retry storms because of bugs on device builds or service deploys, and more rarely due to DDoS attacks or network failures. Zuul needs to maintain availability for both itself and its backends when faced with unsustainable load. As a result, we need to reduce the load, meaning customer requests will be throttled. Of course, the interesting question is, which requests do we drop?

We’ve invested in building a system to prioritize traffic and shed the lower priority non-playback traffic first, progressively increasing to higher priorities.

You can read the full blog post here, it has a lot of detail but here’s the real money shot:

Load shedding

Read this entry...