SmartFoxServer搭建多人在线游戏技术方案

The following diagram illustrates the final server architecture of our fictitiousVirtuaParkproject:

下图说明了VirtuaPark项目的最终架构：

· Web Server: since most of the server side calls will be directed to the SmartFoxServer extension, including user registration, password recovery etc..., we will probably be able to handle all the web traffic with a single web server machine. Additionally, in order to avoid a single point of failure, we may want to keep a spare mirror machine in case the web server goes down.

· Web服务器：由于在服务器端调用大部分将被引导到SmartFoxServer的扩展，包括用户注册，密码恢复等..，我们大概会能够处理一个Web服务器计算机上的所有Web流量。此外，为了避免单点故障，我们可能需要一个备用Web服务器防止停机。

· SmartFoxServer: each instance will run on a high-spec dual-core, dual-CPU machine capable of handling at least 8 - 14.000 users (this includes chats, instant messenger, multiplayer games, etc...) for a total of 40.000 or more concurrent users.

· SmartFoxServer的：每个实例将运行在一个高规格的双核心，双CPU计算机的处理能力至少8 - 14.000用户（包括聊天，即时通讯，多人游戏等..）一共有40.000或更多的并发用户。

· Database Server: the database will process the requests coming from all region instances. For this reason we decided to use a clustered solution, in order to guarantee the best availability of the service.

· 数据库服务器：数据库将处理请求的来至所有地区的实例。为此，我们决定使用群集的解决方案，以保证最佳的服务可用性。

( You can read more about performance and scalability in this f.a.q.)

» Securing the Virtual World虚拟世界安全

We've seen that MMOGsarepretty complex applicationsbased on various server technologies, and for each of them we could write an entire book that delves into specific security concerns. Since this article is centered around theSmartFoxServertechnology we will take a look at some common sense techniques and best practices to reduce the amount of hacking to the minimum possible.

我们已经看到，MMOG的不同的服务器上非常复杂的应用技术为基础，并为他们每个人，我们可以写一整本书，到具体的安全问题，热情洋溢。由于本文是围绕SmartFoxServer的技术为核心，我们将采取一些技术常识的外观和最佳做法，以减少黑客攻击。

· Basic security tools:SmartFoxServer comes with a basic set of security tools that can be configured to avoid typical hacking attempts like connection and message flooding. To avoid these problems we provide anti-flood filters and an IP filter that prevents too many connections from a single IP address. Additionally the server is extremely paranoid with connected sockets that don't perform a login request. Such connections can't interact with the server and they are shut down after a configurable amount of time.

· 基本的安全工具：SmartFoxServer的安全性与可配置，避免典型的黑客喜欢尝试连接和消息泛滥一套基本的工具来。为了避免这些问题，我们提供抗洪过滤和IP过滤，防止从一个单一的IP地址连接过多。

· Server public requests:SmartFoxServer exposes a number of public commands that any client can invoke on the server, provided that they successfully logged in. Among these requests we have: login request, join request, public and private messages etc... All these public commands are heavily validated by the server to avoid malicious requests and they can be inhibited through the configuration file, to avoid unwanted requests. You can learn more aboutdisabling public requests here

· 服务器公共请求：SmartFoxServer的暴露了许多命令，任何公共客户端可以调用，如果他们成功地登录。我们将有以下请求：登录请求，加入请求，公共和私人信息等..所有这些公共命令是由服务器验证很大程度上避免恶意请求，它们可以抑制通过配置文件，以避免不必要的请求。

· Server side logic:it is vital that all the application logic is kept on the server side, as the Flash client can be easily reverse engineered and modified to perform malicious calls. Additionally you should be paranoid with every client request and heavily validate them, especially in prize-based games, transactions that involve money informations and similar ...

· 服务器端的逻辑：它是至关重要的，所有的应用逻辑是保存在服务器端，Flash客户端可以很容易地进行逆向工程和改造以执行恶意呼叫。此外，你应该与每一个客户请求重验证它们，尤其是在获奖的游戏，涉及金钱的交易，信息和类似...

· Money / Prize transactions:if you run prize-based games (whether it's money, goods, services etc...) you will certainly attract the interest of hackers. In order to achieve the best security you should run your prize transactions betweenSmartFoxServerand an external SSL-enabled web server. This way the communications happens between the two servers, hidden fromindiscrete eyesand through a highly secure protocol.

· 货币/获奖交易：如果您运行奖金为基础的游戏（无论是金钱，货物，服务等..），你一定会吸引黑客的兴趣。为了达到最佳的安全性，你应该运行SmartFoxServer的你的奖金之间的交易和启用了SSL的外部Web服务器。这样通信发生在两个服务之间，隐藏不分开的和高安全的协议。

· Client side hardening:since SWF files are easily reverse engineered with a decompiler, it is crucial to make the life of the hacker-wannabe as hard as possible. There probably isn't a perfect solution for completely securing the client application, but you can achieve good-enough results by combining various techniques:

· 客户端：由于SWF文件很容易被反编译逆向工程设计，。有可能不是一个完全安全的客户端应用的完美解决方案，但你可以通过各种技术结合良好，足够的结果：

1. Make your code modular and make it load different external pieces. Also try to obfuscate the file-name strings inside your swf files. 使你的代码模块化，使不同的外部负载件。

2. If you are loading external XML data containing sensitive informations about other application resources, encrypt it. 如果您正在载入外部XML数据，包括对其他应用程序资源敏感信息，对其进行加密。

3. Use a code obfuscator: the decompiled source code will become extremely hard to read and understand.如果您正在载入外部XML数据，包括对其他应用程序资源敏感信息，对其进行加密。

4. Use the cross-domain policy file to stop unwanted domains. If someone steals your client application and tries to upload an hacked version on another website, the connection to your servers will be refused. 使用跨域策略文件来阻止不需要的域。如果有人偷了你的客户端应用程序，并尝试上传到其他网站的破解版本，您的服务器的连接将被拒绝。

5. With the latest Actionscript 3.0 you can transfer entire swf files as byte arrays through the socket. By doing so you will skip the browser cache and make it very hard to capture. 随着最新ActionScript 3.0中，您可以通过套接字传输字节数组作为整个SWF文件。这样就可以跳过浏览器的缓存，使其很难捕捉。

» Development tips and tools开发技巧和工具

Now that we have analyzed the client/server architecture, scalability and security concerns, we should finally be able to put our hands on the keyboard and jump right into coding...

现在我们已经分析了客户机/服务器架构，可扩展性和安全问题，我们应该最终能够把键盘上的编码...

Even if the temptation is strong we should hold on for a moment and discuss a few more aspects of the development that we haven't mentioned so far.VirtuaParkwill probably be a great success if we clearly have in mind what we want to achieve, and if we have set a number of realistic goals in terms of money, time and resource investments.

即使是强大的诱惑，我们应坚持了一会儿，讨论一些更多的，我们没有提到的这些发展方面。VirtuaPark可能是一个巨大的成功，如果我们清楚地在想什么，我们想要达到的，如果我们建立在金钱，时间和资源投资方面的现实的目标数。

The following is a list of important aspects that should be taken into account before starting to develop our virtual world: 下面是一个应该考虑之后才开始发展我们的虚拟世界中的重要方面名单：

· Planning:as obvious as it may sound, a project like this requires careful planning. It is really advisable to write down one ore more documents that contains all the aspects of the application, the architecture overview, a list of features, the estimated resources needed and a small business plan.
The document typically requires a number of reviews and, as you get more into the details, you will probably realize that the it won't be possible to pack all the features in the first release. You will probably need tosplit the project in multiple development phasesso that you can set a realistic schedule for the initial release.
Additionally, starting (relatively) small lowers the risks of failures because you can receive user feedback at an earlier stage and fix what is not working before it's too late.

· 规划：那么明显，因为它可能声音，像这样的项目需要认真规划。这实在是最好写下一矿多文件，其中包含所有的应用程序，该架构概述，功能列表方面，估计所需的资源和一个小的商业计划。
该文件通常需要大量的评论数量，当你进入更多的细节，你可能会认识到它不可能装在第一个版本的所有功能。你可能会需要分割在多个发展阶段的项目，以便您可以设置初始释放现实的时间表。
此外，从（相对）降低了小故障的风险，因为你可以在早期阶段得到用户的反馈和解决什么是不工作。

· Prototyping: creating quick-and-dirty prototypes is usually a great way to verify if an idea will work as expected. When facing new challenges like those involved in the creation of an MMO, this is the best approach to avoid rewriting large pieces of code that were supposed to "just work".
SmartFoxServerallows to quickly prototype server side code with highly productive scripting languages such as Actionscript and Python which can significantly cut down the development/prototyping times.

· 原型：创建快速的原型通常是一个伟大的方式来验证一个想法，如果将正常工作。面对这样一个网络游戏中的参与创造这些新的挑战，这是最好的办法，以避免重写代码，被认为“just work”。
SmartFoxServer的允许快速原型服务器，高生产力的脚本和Python等语言为ActionScript可以大大减低/原型时代的发展端代码。

· Documentation:keeping documents that describe the application in all its aspects is essential to avoid forgetting ideas that you have discussed and never put into writing. Additionally it makes it easier to instruct new members of the team or to explain the project to people outside the company.
The same goes for both client side and server side code. Maintaining the habit of adding clear comments to the source code will literally save hours of staring at the screen with no clue about where to start, and avoid tedious debugging sessions.

· 文件：保存文件，描述了各方面的应用是必须避免忘记了你从来没有进入讨论并提出书面意见。此外，它可以更容易地指导新的团队成员或解释项目向公司以外的人。
这同样适用于客户机端和服务器端代码。避免繁琐的调试会话的习惯。

· Versioning:this is an essential tool when coding in a team. By keeping your code versioned you reduce the chances of loosing code, you get a central repository for the project files and you can let multiple developers work on the same files simultaneously. When everyone is finished coding they just need to submit their changes to the central repository. Modifications made by other team members will be merged automatically, and in case the same part of code was modified by another developer, you will be asked to resolve the conflicting code sections. If at any time a new piece of code breaks the application you can quickly roll back to the previous version without wasting precious time.
There are many commercial and free versioning tools available, we recommend starting fromSVN, which is free and open-source.

· 版本：这是一个重要的工具，当在一个团队编码。通过保持你的代码版本可以减少代码的失去的机会，你会获得一个项目文件的中央存储库，你可以让多个开发人员在同一文件同时工作。当大家都完成编码，他们只需要提交更改到中央存储库。其他团队成员提出的修改将自动合并，并在代码相同的情况下，另一部分是由开发者修改了，你会被要求解决冲突的代码部分。如果在任何一次新的代码块打破了应用程序，您可以快速回滚到以前的版本不浪费宝贵的时间。
有许多商业和免费的版本控制工具，我们建议开始从SVN，它是免费和开源。

· Logging:debugging multi-user applications can sometimes be an horrible nightmare. In order to avoid long and frustrating debugging sessions, it's highly adivsable to log a lot of informations on both client and server sides. This will allow you to easily check what's going on on both ends of the application while testing.
SmartFoxServerutilizes the JDK Logging API to output informations to the OS console and log files. The API are also accessible through the extensions, using any of the available languages (java, actionscript, python)

· 记录：调试多用户应用程序可以是一个可怕的恶梦，有时。为了避免长期和令人沮丧的调试会话，它的高度adivsable登录客户端和服务器端的信息很多。这将允许您轻松地检查什么回事的两端，而测试中的应用研究。
SmartFoxServer的利用JDK的API来记录信息输出到OS控制台和日志文件。这个API还可以通过扩展，利用现有的任何一种语言（Java中，ActionScript,python）

· Beta phase:a limited public beta phase is essential to do the final testings. Once the application has been sufficiently tested internally, it is time to publish it live and let a selected group of users play with it and report issues. This can be done in various ways: by recruiting professional beta testers, by inviting selected users / gamers in signing up for beta access, by letting anyone register for a beta account without restrictions.
The important part of this phase is to receive as much feedback as possible from players, in order to seek and squash the final bugs. This also allows you to see how many resources are being used in a real-life environment and foresee what will happen when the application will reach a larger audience.

· 测试阶段：一个有限的公共测试阶段是必不可少的做最后的测试。一旦应用程序已得到充分的内部测试，现在是时候将其发布现场，让一组选定的用户报告的问题。这可以通过各种方式：一是通过招聘，邀请签署注册测试访问让任何人都没有限制注册一个测试帐号，选择用户/玩家的专业测试人员。
这个阶段的重要组成部分，是从玩家获得尽可能多的反馈，以寻求最终的错误。这也让你看看有多少资源被用在现实环境中，预见会发生什么事时，应用程序将达到更多的观众。