Technical overview of AGS
Overview
AccelByte Gaming Services (AGS) is a fully managed Software-as-a-Service (SaaS) platform developed by AccelByte. AGS enables game developers to build and launch their online games without having to develop and manage their own backend services.
Components
AGS includes these components out of the box:
- Service endpoints: Services grouped into multiple logical service areas.
- Game SDKs: The SDKs cover Unreal and Unity (talk to us if your game uses another game engine).
- Admin Portal: You can use this web portal to administer AGS modules and change their behavior to suit your game.
- Server SDK to extend AGS: This includes custom services and custom tooling to solve specific game needs.
Services Architecture
The first thing to know about AGS is that the services are organized as loosely coupled microservices, each serving a set of REST APIs. This section covers some other important points about the services.
We adopted Open Authorization (OAuth 2.0) as the standard to authorize all clients (public and confidential) to communicate with AGS services. All communication between various microservices and clients is secured using JSON Web Tokens (JWT).
The services communicate with each other either Synchronously (using REST HTTPS calls), or using Asynchronous Messaging using Message Broker.
AGS clients communicate with the services using HTTPS. This includes the game client, game server, website, or any custom tools. The one exception is the Lobby Service—which uses persistent secure WebSocket (WSS) connections.
Lastly, each microservices manages its own persistence logic, to minimize the blast radius whenever things go wrong in individual services. Since AGS supports multiple games natively, every AGS component uses namespaces to handle logical partitioning of player data for each game.
Deployments and Namespaces
AGS supports two models of deployments: Public Cloud and Private Cloud. For both models, AccelByte is responsible for maintaining and operating the environments 24x7.
AGS is designed to handle one studio (root) namespace, as well as multiple game namespaces. Namespaces act as a logical partitioning on all player data and service configurations, and every AGS component adheres to this principle.
More details about namespace management can be found in the Access Service Guides.
Scalability
Every Service in AccelByte Gaming Services supports a response time target of less than 200ms (in and out from our data center). We also have internal goals for horizontally scalable throughput (requests per minute) per unit of infrastructure. These goals vary based on the nature of the service.
We start performance testing once the software is stable. We simulate how our users use our services and create load test clients to simulate the concurrent load caused by that usage profile. In the course of our performance testing, several different tests are done.
- Load test - These tests ensure the service is stable under its expected capacity and the expected throughput and response time requirements are met.
- Scalability test - These tests ensure throughput scales horizontally (up and down) with the amount of parallel hardware.
- Resilience test: Tests that ensure our services will behave correctly under unexpected conditions (e.g., unavailable dependencies due to network failure). These test also check that services will return errors to the callers but not create cascading effects on other components.
- Stress test A special case of resilience test when higher than normal load is encountered (e.g., caused by unexpected events of failure on hardware scaling)
An iterative approach is used in load testing our services as illustrated in the diagram below.
Security and Compliance
AccelByte takes information security seriously. We have implemented best practices for protecting customer data across all our systems, processes, and products. Specifically, AccelByte has implemented the appropriate internal controls to meet the ISO 27001 requirements. These requirements provide a comprehensive framework for managing information security risks, including those associated with software development and deployment. This covers topics such as access control, network security, incident management, and information security governance. AccelByte is in the process of reviewing our ISO 27001 implementation with an independent external auditor. We expect to achieve our certification in 2023.
AccelByte contracts with an independent third-party cybersecurity vendor to perform regular penetration testing against all AGS services and infrastructure. AccelByte also uses Orca Security's platform for identifying and assessing potential security vulnerabilities, and for continuous monitoring to proactively track, identify, and investigate potential security events and anomalies.
In addition to these internal information security measures, AGS also provides a service that helps you ensure your game's compliance with the European Union's General Data Protection Regulation (GDPR), as well as the California Consumer Privacy Act (CCPA) of the state of California.
For more information, see Introduction to legal compliance.
24x7 Monitoring and Operation
AGS maintains comprehensive logging, monitoring, and alerting for every component of our backend. This includes the frontend ingress points, to the application load balancers, to the service mesh, to the applications/services themselves—all the way down to the infrastructure.
Every client and game environment (development and production) is monitored by a 24x7x365 Live Operations (LiveOps) team with detailed runbooks for troubleshooting and mitigating incidents detected by our monitoring systems, or reported by our clients and their players. LiveOps incident response time, as well as time to resolution or mitigation, for production environments is backed by our SLA.
The AGS monitoring tech stack starts with detailed logging for every container with Fluent Bit (or Fluentd) scraping, parsing, indexing, and shipping logs to Amazon Managed OpenSearch. The AGS Admin Portal lets clients search and filter logs from their Dedicated Servers and from AGS services including Lobby, Matchmaking, and more. This greatly simplifies end-to-end troubleshooting.
Comprehensive metrics for AGS infrastructure and services are collected and stored in Amazon Managed Prometheus (AMP). This include metrics generated by custom log searches/queries. Clients can explore these metrics via Grafana dashboards. AMP's Alert Manager is also where we define a comprehensive set of alert rules covering hundreds of signals that ensure the healthy operation of your game clients—as well as AGS services and infrastructure.
Finally, alerts generated by AMP's Alerts Manager are routed to OpsGenie, which notifies our 24x7x365 Live Operations teams. The teams respond to alerts and run our incident response process from initial troubleshooting, through root cause analysis and on to mitigation and resolution. As part of this process, the teams also identify opportunities to improve detection, prevention, and response. In addition to the automated ticket systems, customers can also submit Live Service Incident tickets via their AccelByte Support Portal or via email. The reports all get routed to Opsgenie and trigger the same process.
Cross-Platform Support
AGS natively supports cross-platform with these capabilities:
- Cross-Identity: Login from multiple platforms, and linking a single AccelByte account to multiple platform identities.
- Cross-Presence: Enforcement of Single Point of Presence from the Lobby service.
- Cross-Progression: Store player progression on Cloud Save or Stats so players can continue their progression on another platform.
- Cross-Play: Cross-Platform Matchmaking Engine. This includes automatic sync of Session and Party information to the user's current Platform.
- Cross-Social: Platform agnostic Friends List.
- Cross-Commerce: Virtual Wallet system and Entitlement Sync to reconcile and fulfill purchases from Platform Stores.
- Customizing and Extending AGS: AGS supports code-level customization and extensions using AGS Server SDK.
You can customize (or override) AGS built-in functionality by registering your own gRPC server endpoint on specific service endpoints. For instance, you can provide a gRPC endpoint to override Matchmaking matching logic, Loot Box behavior, etc. For more details, please refer to the individual AGS Service Guides to identify which services and features support code-level customization.
You can also extend AGS capabilities by using the Server SDK (available in several languages such as Golang, Java and Python) to write your own Backend service endpoints, or to write your own Tools that fit your workflow better. For more details, please refer to the Extendguide.