Architecture and protocols

A detailed guide to the use of the "reverse pyramid" in system architecture and network protocols: from prioritization of the critical path and minimal contracts to circuit versioning, progressive degradation, QoS, observability and antipatterns. With examples (REST/gRPC/Events) and a checklist for production.

Event-Driven Core (EDC) Design Practice Guide: Event Types and Schemas, Delivery Semantics (at-least/exactly-once), Idempotency, Partitioning and Order, Outbox/CDC, Sagas and CQRS, Versioning, Safety, and Observability. With ready-made templates and checklists for production.

CQRS (Command Query Responsibility Segregation) Practice Guide: When to Apply, How to Design Write and Read Models, Consistency (eventual vs. strong), Projections and Replications, outbox/CDC, Sagas and Transactional Boundaries, Storage Selection, Observability, Security, Testing, and Migrations. With templates for payments, KYC and balances.

A step-by-step introduction to Event Sourcing: key concepts (aggregate, event, snapshot, version), event design and circuit evolution, optimistic concurrency, state and projection reconstruction, testing, security (PII/GDPR), performance and antipatterns. With practical examples (payments, orders, balances) and a checklist for production.

Engineering Guide to Exactly-Once Semantics (EOS): Delivery and Processing Differences, end-to-end vs. hop-by-hop, Architectural Patterns (Transactional Log + Sink, Outbox, Idempotent Shiki), Kafka EOS Engine, Flink/stream-processors, Deduplication and Versioning, Failure Testing, cost and trade-offs. With a production checklist and anti-patterns.

Idempotency How to Guide: Key Types (operation/event/business), Scope and TTL, Deduplication Stores, Optimistic Versions, upsert/merge-syncs, HTTP Idempotency-Key, gRPC/Streaming, Queues and Brokers. With table templates, pseudocode of transactions, antipatterns, failure tests and a checklist for production.

Complete guide to versioning API for REST/gRPC/GraphQL/Event-driven: when to release major, how to live on additive changes, where to keep the version (URI, media types, headers, protobuf packages, event names), how to do negotiation, dual-run, sunset, gateway routing, and compatibility tests. With checklists, anti-patterns and ready-made templates.

A practical guide to building and operating a schema registry: schema types (JSON Schema/Avro/Protobuf/GraphQL SDL), compatibility modes (BACKWARD/FORWARD/FULL), version and migration management, additive evolution rules, validation in CI/CD, event cataloging and API, roll-out/rollback strategies, security and auditing. With examples, templates and checklists.

Backward compatibility: additive-first principles, tolerant reader, minimum warranty contract, schema evolution (JSON Schema/Protobuf/Avro/GraphQL), versioning rules, safe/dangerous changes, deprecate and dual-run strategies, testing in CI/CD and observability. With examples for REST/gRPC/Events and checklists.

Forward compatibility guide: principles of tolerant writer/reader, capability negotiation, default degradation, error and version contracts, compatibility modes in schema registers (FORWARD/FULL), patterns for REST/gRPC/GraphQL/Event-driven, testing and metrics. With checklists, examples and anti-patterns.

A practical guide to streaming data: event vs processing, windows and watermarks, order and lagging data, operator status, transactionality and idempotency, sources/receivers, scaling and backpressure, testing and restarts, security and cost. With templates, anti-patterns and checklists for production.

Practical comparison of batch and stream processing: selection signals, SLO/SLA, data freshness and cost, typical architectures (Lambda/Kappa/Hybrid), windows and retro corrections, storage and formats, reliability and idempotency, testing and observability. With checklists, anti-patterns and reference patterns for analytics, product features and integrations.

A comprehensive guide to global host distribution, from network topology and routing to data consistency, fault tolerance, security, and observability. Practical patterns, metrics, type errors and comparison of approaches (CDN, edge, federations, p2p).

Multi-Tenant Core Design Practice Guide: Isolation Models (Data/Computation/Network), Request Routing, Configuration and Customization by Tenant, Security and Compliance, Billing and Limits, DB Schemes, Non-idle Migrations, Observability, SLO, and Tenant-Level Failover.

A complete guide to tenant isolation and limit management in multi-tenant systems: models and isolation levels (data/computing/network/operations), RLS and tenant key encryption, RBAC/ABAC, per-tenant quotas and rate-limits, noisy neighbor protection, observability and billing, DR/cascade-free incidents, checklists, and typographical errors.

Practical guide to limiting and quotas: models (Token/Leaky Bucket, GCRA, windows), distributed limiters, limits on plans and tenants, caps for competition, VIP prioritization, protection against "noisy neighbor," idempotency and retray, response header standards, observability, billing and checklists before sale.

Practical guide to implementing Circuit Breaker and managed degradation: switch states and algorithms, timeouts and retrays with jitter, idempotency keys, bulkhead isolation, fallback scripts (read-only, cache, gray responses), traffic prioritization, observability and testing (chaos, game days), checklists and typical errors.

A complete guide to Dead Letter Queue (DLQ) and poisonous messages: reasons for appearance, routing strategies (DLQ/DLT, parking lot, quarantine), retray and backoff policies, idempotency and deduplication, schemes and validation, delivery order and semantics, secure redrive, observability and checklists for produced

A practical guide to sagas and distributed transactions: consistency models (eventual/compensating/TCC), orchestration vs choreography, step and compensation design, idempotency and outbox, deduplication, timeouts and retrays, observability and testing, type errors, and production checklists.

Step-by-step guide to Outbox pattern: how to atomically capture business state and events, eliminate "two-letter," achieve "effective exactly-once" through outbox + inbox, configure CDC/redrive/DLQ, make idempotent producers/consumers, maintain order, multi-tenancy and multi-region, and telemetry, tests and checklists for production.

Field guide to transactional messaging: delivery models (at-least/at-most/exactly-once), local and distributed transactions, outbox/inbox, idempotent producers and consumers, fixing offsets along with effects, redrive and DLQ, order and deduplication, multi-tenancy/multi-region, observability and check - production lists.

A pragmatic explanation of the CAP theorem and accompanying trade-offs: what is network partitioning, how CP differs from AP, why "CA" is a myth in failures, how PACELC (latency vs. consistency) helps, what consistency models exist, how to make architectural decisions for multi-region, microservices and queues. Checklists, type errors and quick recipes.

Pragmatic guide to consistency models: linearizable, sequential, serializable, snapshot isolation, per-session guarantees (read-your-writes, monotonic, causal), bounded staleness and eventual, as well as their impact on latency, availability and cost. We analyze quorums, clocks (Lamport/vector), CRDT, typical anomalies (write skew, phantom), selection checklist and quick recipes for multi-region and multi-tenant systems.

A practical guide to materialized views (MVs): what it is and how it differs from caches, how to design incremental updating (CDC/streaming), REFRESH schedules, indexes and partitioning, consistency and freshness, multi-region and multi-tenant, observability, tests, type errors, and production checklists.

A practical guide to Read Models and projections in CQRS: when they are needed, how to design denormalized models for specific requests, how to build a stream of updates (CDC/events), ensure idempotence and order, manage freshness, multi-tenancy and multi-region. Examples of schemes, upsert patterns, observability, redrive/recalculation playbooks and pre-sale checklist.

Practical architecture of the content catalog engine for iGaming: domain model (Game/Provider/Collection/Placement), ingest and normalization of metadata, localization and multimedia, filters and search, ranking signals (RTP/volatility/popularity/marketing), personalization, compliance/geo-blocks, multi-tenant and multi-region, API (REST/GraphQL), caching/projections, SLO/observability, playbooks, and checklist.

Architectural guide to "per currency catalogs" for iGaming/SaaS: how to normalize price points, betting limits, jackpots and promos by currency; where to get courses (FX), how to cache and round, how to take into account commissions/spreads, how to resolve provider restrictions (RGS/PSP) and multi-tenant/multi-region rules. Projections, idempotency patterns, SLO "freshness" of courses, compliance and checklists.

Engineering RTP configuration model for iGaming: terms (theoretical/effective/realized), hierarchy of settings (by provider/game/variant/tenant/region/currency), priority and merge rules, validation and certification, jackpot/bonus buy/feature impact, monitoring and SLO, anti-abuse and drift, canary releases and A/B, change auditing and playbooks.

Engineering model of the limit hierarchy for iGaming/SaaS: types (hard/soft, quotas/rate limits, monetary/time/quantitative), dimensions (tenant/region/currency/channel/game/player/session/device), priority order and merge, application points (gateway/domain/provider), idempotency and audit, observability and SLL O, playbooks and pre-sale checklist.

A practical guide to Feature Flags and release strategies: flag types (release, ops, kill-switch, experiment, permission), targeting and segmentation, progressive rollout, canary and dark releases, TTL/" debt "policies, consistency and multiservice dependencies, audit trail, observability and SLO, bagfix playbooks. Examples of schemes, YAML configs, SDK/Edge contracts, pre-sale checklist.

Practical SemVer standard for the platform: what to count as breaking/minor/patch, how to version REST/gRPC/GraphQL/events/database schemas, provider adapters and client SDKs. Depriction policy, compatibility, negotiation, pre-release/metadata, changelog, release automation (Conventional Commits, CI/CD), checklists and anti-patterns.

Engineering model of reliable delivery of webhooks: levels of guarantees (best-effort, at-least-once, effectively-exactly-once), key order, idempotency, signature and anti-replay, retrays with backoff + jitter, DLQ and redrive, quotas and fair-queue per tenant, observability and SLO, schema versioning, and incident playbooks. Example headings, useful formats, and reference policies.

Engineering standard for signing and verifying requests for APIs and webhooks: threat models, primitive selection (HMAC, asymmetry, mTLS, JWT, HTTP Message Signatures), canonicalization, timestamps and nonce, anti-replay, 'kid' and key rotation, dual-secret, multi-lease and regions, observability, and playbooks. Examples of headers, pseudocode, error schemes and checklist.

OAuth 2 reference architecture. 1/OpenID Connect (OIDC) for platform core: threads (Auth Code + PKCE, Device, Client Credentials), PAR/JAR/JARM, DPoP/mTLS, tokens (AT/RT/ID), exchange tokens (RFC 8693), RAR/Consent, session & logout, multi-tenancy and regions, PDP integration (RBAC/ABAC), front and back protection, key rotation (JWKS), observability, playbooks, and production readiness checklist.

S2S (service-to-service) authentication reference architecture for the platform core: trust models (mTLS, SPIFFE/SPIRE, service JWT), short-lived credits via STS/Token Exchange, audience/signatures and key rotation (KMS/HSM), mesh/sidecar and gateway patterns, multi-tenant/regions and trust-domains, Zero Trust, observability, playbooks, and production readiness checklist. Schemata, YAML/JSON fragments and anti-patterns.

Platform standard for cryptographic key management: classification (KMS/HSM, root/role/session), life cycle and rotation (scheduled/forced/rolling, dual-key), identification ('kid'), regionality and multi-tenant, JWKS and signature policies, envelope encryption and KD- F, secrets for integrations, audit and compliance, observability, incident playbooks and production readiness checklist. YAML/JSON examples and practical templates.

A practical guide to encrypting data "at rest" in products and infrastructure: goals and boundaries of protection, threat model, choice of algorithms and modes, key hierarchy, KMS/HSM, rotation, multi-lease, performance, testing, audit and operation. Suitable for platform teams, security architect and developers.

A practical guide to managing secrets in platforms and applications: classification of secrets, life cycle, repositories (Vault/KMS/Secret Manager), issuance and rotation (dynamic secrets), access control and audit, integrations with Kubernetes/CI/CD/Cloud, secure runtime delivery, emergency procedures, observability and checklists. Related to At Rest/In Transit encryption and key management.

A practical guide to building audits and unchangeable logs: threat model, event taxonomy, schemas and correlation, time requirements, delivery channels, retention and retention policies, cryptographic invariability (append-only, hash chains, signatures, time stamps), multi-lease, privacy, exploitation, testing and checklists. Suitable for platform and product teams, SecOps/Compliance and architects.

Practice Guide for Personal Data Tokenization (PII): Targets and Threat Model, Token Types (Reversible/Irreversible, Deterministic/Nondeterministic, FPE), Token Volt Design, Key Hierarchy and KMS/HSM, Detokenization and Access Control API, Multi-tenancy, DB/BI/ML Integrations, Rotation and crypto removal, performance and fault tolerance, testing, checklists, and FAQs.

Practical guide to building observability: taxonomy of signals (logs, metrics, traces, profiling), single context (trace_id), schemes and standards (JSON, OpenTelemetry), collection/storage/search architecture, SLI/SLO and error budget, alert by symptoms, selection of aggregates and sampling, multi-rent, privacy and security, cost and retention, testing, checklists and runbook 'and.

Distributed Trace How-To: Trace/span, W3C Trace Context and Baggage, Sampling (head/tail), span links for asynchronous, correlation with metrics and logs (exemplars), brokers and batches, retrays and idempotency, multi-lease and privacy, storage and cost, trace platform SLO, testing, checklists and runbook 'and. Based on OpenTelemetry standards and compatible stacks.

A practical guide to progressive delivery and management of staging environments: types of environments, preview stands, phicheflags, canary and phased rollouts, SLO gates, database migrations, rollbacks and anti-patterns. Suitable for monoliths and microservices, on-prem and cloud.

Complete guide to downtime: principles, patterns (rolling, blue-green, canary), routing and drainage of connections, readiness/liveness samples, DB migrations (expand-migrate-contract), caches and sessions, queues and outbox, rollbacks, test plans and anti-patterns. Suitable for monoliths and microservices, on-prem and cloud.

A detailed guide to inheriting configurations in distributed systems: models (hierarchies, layers, composition), conflict resolution and merge algorithms, schematics and validation, environments and multi-tenancy, secrets and security, versioning and migrations, testing and observability. With examples for YAML/JSON, Kubernetes (Helm/Kustomize), Terraform and Ansible.

Graceful degradation guide for distributed systems and products: degradation principles and levels (client, edge, service, data), degradation "ladders" and triggers, templates (brownout, partial response, read-only, stale-while-revalidate, admission control, load shedding), SLO/erroneous budget policies, observability and risk management. Case studies for Nginx/Envoy/Istio, Kubernetes, Kafka and UI/mobile clients, checklist and anti-patterns.

Deep guide to edge caches and POP (Points of Presence) networks: levels and topologies (tiered/shield), keys and 'Vary', TTL/STALE/SWR, disability (Surrogate-Key, BAN, event-driven), origin protection (origin shielding, signed URL/cookie), geo-routing and anycast, HTTP/2-3 and QUIC, image/compression optimization, edge-compute (Workers/Functions), data privacy and regionality, observability (hit/byte-hit, offload, TTFB), anti-patterns and implementation checklist. Sample configurations for Nginx, Varnish, Envoy/Edge, CloudFront/Workers-like.

Tiered Storage Design How-To Guide (Hot/Warm/Cold): Load and SLO Profiles, Engine and Media Selection, Lifecycle Policies (ILM), Replication and Compression Schemes, Partitioning and Indexing, Caching and Tiered-Storage, Compliance (PII/Retention), Backup and DR Examples for Elasticsearch, S3/Glacier, GCS/Azure, PostgreSQL/ClickHouse, Kafka/Pulsar and Kubernetes (StorageClass/PVC).

A practical guide to building task queuing systems: push/pull models, routing and load balancing (round-robin, fair share, priorities, WFQ/WRR), delivery semantics (at-least/at-most/effectively exactly-once), retrai and DLQ, visibility/timeouts, idempotence and dedup, planning and SLA classes, auto-scaling of workers, sharding and multi-tenancy, observability and checklists. Examples for RabbitMQ/AMQP, SQS, Kafka/NATS JetStream, Celery/Sidekiq/Resque, Redis queues.

Practical comparison of message/task delivery semantics: failure patterns where "real exactly-once" is possible and where it is a marketing myth; how to build effectively exactly-once over at-least-once with idempotency, transactions, and deduplication. Patterns (Outbox/Inbox, Upsert, idempotent keys, SAGA), examples for Kafka/NATS/Rabbit/SQS and DB (PostgreSQL/Redis), anti-patterns, metrics, test playbooks and selection checklist.

Distributed deduplication design guide: where and how to remove duplicates (edge, broker, service, storage), key selection (natural/composite/fingerprint), time windows and order (watermarks, out-of-order), data structures (SET/TTL, LRU, Bloom/Cuckoo, Count-Min), transactional patterns (Inbox/Outbox, UPSERT, sequence/versioning), log compression, reprocessing and backfill, metrics and exploitation. Examples for Redis/SQL/Kafka/NATS/ClickHouse/Flink/Kafka Streams, checklist and anti-patterns.

Practical guide to ensuring order in brokers and queues: types of guarantees (per-partition, per-key, global, causal), where order is lost (retrai, parallelism, multiconsuming), how to save it (keys/parties, sequence/versioning, transactions, sticky-routing), how to "fix" out-of-order in stream processing (buffers, windows, watermarks) and what to do with "poisonous" messages. Разбор Kafka, RabbitMQ, NATS/JetStream, SQS FIFO, Pub/Sub; checklists, anti-patterns, and sample configurations.

A practical guide to designing identifiers in distributed systems: requirements (uniqueness, orderability, entropy, readability, security), comparison of UUID v4/v7, ULID, KSUID, Snowflake-like schemes, database sequences and content-address IDs (SHA-256). Prefix and multi-tenancy patterns, collisions and birthday paradox, index effects and hot pages, URL-safe encodings (Base32/58), anti-patterns and implementation checklist. Examples for PostgreSQL, Redis, Go/Node/Python.

A practical guide to distributed locks: when they are really needed, what models (lease, fencing, quorum) are, how to build locks on etcd/ZooKeeper/Consul/PostgreSQL/Redis, why "Redlock" is controversial, and how to avoid split-brain. Consider CP vs AP, TTL/renewal, owner discovery, priorities and fairness, deedlocks and priority inversion, observability and test playbooks. Code examples and checklists.

A practical guide to choosing a leader in distributed systems: when you need it, what models exist (lease, epoch, quorum), Raft/Paxos/Bully comparison/ZAB Gallery, etcd/ZooKeeper/Consul/Kubernetes implementation, how to avoid split-brain, how to set up TTL/heartbeat/backoff, what to write (epochs, fencing-token), how to test files (GC pauses, network partitions) and what metrics/alerts to hold. Implementation checklist, anti-patterns and code snippets.

System consensus guide: why it is needed and how it differs from quorum reads/records; time and failure models (Crash vs Byzantine), safety/survivability properties, quorum and re-configuration, state machine and replication log. Разбор Raft, Paxos/EPaxos, ZAB, Viewstamped Replication, PBFT/Tendermint/HotStuff; comparison by latency, throughput, and operational complexity. Read patterns (lease/read-index), snapshots, reconfiguration, geo-distribution and anti-patters. With selection checklist and examples.

API Perimeter Design How-to Guide: API Gateway and ingress Roles, Routing Schemes (L7 Rules, Canary Weights, Geo/Latency), Security (mTLS, OAuth2/OIDC, NMAC/Signatures, WAF, Quota/limiter), Interoperability (Versioning, Transformation, Scheme Validation), Protocols (REST/g RPC/GraphQL/WebSocket/SSE, HTTP/2/3), stability (timeouts/retries, circuit breaker, idempotency), observability, caching, as well as checklists, anti-patterns and test playbooks. Examples on Envoy/NGINX/Kong/Traefik and cloud API gateways.

Engineering comparison of gRPC and REST for iGaming platforms: when to choose binary gRPC (low latency, streaming, strict contracts), and when REST (browser compatibility, partner integrations, caches/CDN). We analyze real-time betting schemes, quotes, anti-fraud, payments and KYC, the impact of the protocol on SLO/SLA, idempotency and audit, API gateways and service mesh, security and versioning, observability and test playbooks. Ready-made patterns, anti-patterns and selection checklist.

A practical guide to pagination design in high-load systems: comparison of offset and cursor approaches, opaque token design, sample consistency, indexing, cross-shard navigation, security, and UX. Examples for REST, GraphQL and gRPC, test recommendations, metrics and SLOs.

Complete guide to index design and query optimization in relational and non-relational databases: structure selection (B-Tree, Hash, GIN/GiST, BRIN, Bitmap), composite and partial indexes, partitioning and sharding, statistics and cardinality, execution plans, join strategies, query rewriting, butching, caching and SLO. Examples for PostgreSQL/MySQL, ClickHouse, MongoDB, Elasticsearch/Opensearch. Anti-patterns, implementation checklist, and observability.

A practical guide to working with time in distributed systems: UTC vs local time, IANA timezones, DST, "double" and missed minutes, leap-seconds/world, schedulers, events and logs, data models, API contracts, testing and observability. Patterns, anti-patterns and checklists for architects and developers.

Role Engine Engineering Design and Implementation Guide: RBAC, ABAC and their hybrids; data model, PDP/PEP, caching, access context, SoD/PoLP, multi-tenancy, object and field-level protection, auditing, and observability. Patterns, anti-patterns, sample schemas, and pseudo decision code.

Policy as Code Implementation How-To: Policy Models and Domains (Security, Access, Compliance, Infrastructure), PDP/PEP Architecture, Storage and Versioning, Testing and Static Analysis, Bundle Allocation, Caching and Performance, Exception Management, Telemetry, and Auditing. Schemes, patterns, anti-patterns and examples (OPA/Rego, Cedar, Kyverno, Gatekeeper, AWS IAM).

Distributed Systems Contract Testing Guide: Contract Types (HTTP/gRPC/GraphQL/Kafka), Consumer-Driven Model, Schema Version and Evolution, Negative and Invariant Checks, Stable Generation, Pact/contract-broker/Schema Registry, CI Embedding/CD, compatibility matrix, and anti-patterns. Sample schemes, pseudocode and checklists.

A Practical Guide to Testing the Robustness of Distributed Systems: Goals and Metrics, the "Steady State" Hypothesis, Fault Injection (Network/CPU/Memory/Disk), Dependency Degradation, Retrai/Timeouts/Breakers/Backprescher/Shading, Isolation (bulkheads), Data Quorums, Anti-Fragility, Game Day, and Automation in CI/CD. Patterns, anti-patterns, checklists, and pseudocode.

A practical guide to building productive systems through load, stress, spike and prolonged (soak) tests. Traffic model (open/closed), SLI/SLO metrics, power and buffer planning, profiling and bottleneck finding, correct stands and data, automation in CI/CD. Tools (k6/JMeter/Gatling/Locust), recipes, anti-patterns and checklists.

A practical guide to chaos engineering: formulation of "steady state," design of experiments, injection of failures (network/CPU/memory/disk/db/dependencies), guardrails and security, observability and metrics, game days, automation in CI/CD, rollback strategies and maturity of practice. Sample scripts, checklists, and pseudocode.

A practical guide to green architecture: metrics (PUE/CUE/joules per request), energy and carbon models, carbon-aware planning, hardware and algorithm selection, code and data efficiency, network and storage patterns, ML optimization, telemetry and gates in CI/CD. Patterns/anti-patterns, checklists, and pseudocode.

A practical guide to creating and operating reference implementations (Reference Implementations, RI): goals and boundaries, repository architecture, protocol and schema conventions, conformance tests and golden files, CI/CD, sample clients and SDKs, production "Jordan-minimum" settings (security, observation, perf baselines), version policy and compatibility matrix, anti-patterns and architect checklist.

How to design and execute "textbook" migrations: types of migrations (data, schemes, services, queues, regions/clouds), dependency inventory, expand-migrate-contract strategy, phases (preparation, shadows/double write, switching, verification, rollback), tools (feature flags, CDC, backfill), telemetry and SLO, checklists, playbook templates and examples of runbooks.

Practical Guide to Threat Modeling and Risk Management: Asset and Trust Inventory, DFD/Data Outlines, STRIDE/LINDDUN/PASTA Frameworks, Risk Scales (DREAD/CVSS), Risk Register, Control Selection and Design (prevent/detect/respond), Safety by Principle (Least Privilege, Zero Trust, KMS/secrets, PoLP), supply chain (SBOM/SLSA/IaC policies), privacy, gates in SDLC and maturity metrics. Templates, checklists, sample charts and policies as code.

Step-by-step guide to working with external and internal service level agreements: terminology (SLA/OLA/UC), criticality matrix, metrics and SLO/SLI, availability and support windows, credit mechanisms, fines/bonuses, DPA and security, escalation and incident process, monitoring "outside," gates in CI/CD, multi-provider strategies, exit plans, and contract tests. Contract item templates, checklists, and sample policies as code.

Practical guide to data retention: classification and retention cards, legal requirements (GDPR/CCPA, etc.), ILM processes (ingest → hot/warm/cold → archive → deletion), TTL/policies as code, key shredding (crypto-erasure), backups vs archives vs WORM, stream retention (Kafka), database and file storage, eDiscovery/Legal Hold, compliance monitoring and gates in CI/CD. Checklists, anti-patterns and YAML/Rego/SQL working examples.

A practical guide to designing a multi-cloud architecture: target drivers (SLO, compliance, sovereignty, cost), topological patterns (Active/Active, Active/Passive, DR-Only, Poly-Service), network layer (GSLB/Anycast, peering, egress control), data and consistency (CDC, CRDT, bidirectional replication), identity and secrets, service meshes and multiclusters, observability, SDLC/IaC/policies as code, FinOps/carbon, fake testing and games. Checklists, anti-patterns and YAML/pseudocode examples.