intro to web architecture chapter 1
Post on 09-Apr-2018
222 Views
Preview:
TRANSCRIPT
-
8/8/2019 Intro to Web Architecture Chapter 1
1/42
Introduction To Web Architecture
-
8/8/2019 Intro to Web Architecture Chapter 1
2/42
ER/CORP/CRS/OS30/003
Version no: 2.02Copyright 2004,
Infosys Technologies Ltd
Course Objectives
Understand the Request - Response Cycle
Understand the various options available in terms of servers
To be able to understand the various types of components of a web application
Understand interaction between the components
Understand the tier-ed architecture of Internet Applications
This course covers
Http Request and its contents
Http Response and its contents
Introduction to various Web servers
Introduction to various types of components
N Tier architecture
-
8/8/2019 Intro to Web Architecture Chapter 1
3/42
ER/CORP/CRS/OS30/003
Version no: 2.03Copyright 2004,
Infosys Technologies Ltd
Course Objectives (Contd)
To be aware of the issues involved in security, performance at the client and serverend
Understand the need of Confidentiality, Authentication, Authorization, PerformanceManagement for web applications
To appreciate architecture documents
Overview of basic Sun Architecture
Overview of basic Microsoft Architecture
Awareness of the security, performance issues in web applications.
The second chapter covers architecture documents, Sun Architectures, Microsoft
Architectures etc.
-
8/8/2019 Intro to Web Architecture Chapter 1
4/42
ER/CORP/CRS/OS30/003
Version no: 2.04Copyright 2004,
Infosys Technologies Ltd
Session Plan
1 lecture session
Basics of Web Architecture
Overview of Sun and Microsoft Architectures
The first chapter covers overview of World Wide Web, the meaning of basic terms popularly
used in architecture documents of web applications.
It also covers awareness about security and performance related issues.
Few sample Architecture documents using Microsoft and Sun Technologies are covered inthe second chapter.
-
8/8/2019 Intro to Web Architecture Chapter 1
5/42
ER/CORP/CRS/OS30/003
Version no: 2.05Copyright 2004,
Infosys Technologies Ltd
References
Current Web Architecture found online athttp://www.objs.com/survey/WebArch.htm
Introduction to Web Architecture found online athttp://www.w3.org/2001/tag/2002/11ac-tag-tb/
Architecture of the World Wide Web found online athttp://www.w3.org/TR/webarch/
Andres, Great web architecture book, IDG books,1999
Derek & Atkins, Internet Security - Professional Reference, Publisher Techmedia,2001
Comer Douglas E, Computer Networks and Internets 2nd edition, Publisher PrenticeHall, 2000
-
8/8/2019 Intro to Web Architecture Chapter 1
6/42
ER/CORP/CRS/OS30/003
Version no: 2.06Copyright 2004,
Infosys Technologies Ltd
Basics of Web Architecture
30 minIssues involved in security, performance ofWeb applications
30 minComponents of a Web Application
20 minWeb Servers
20 minBasic Terms in Web Architecture
Estimated DurationTopic
This chapter covers the meaning of basic terms like Web Server, App Server etc.
It also covers the working of Web Servers , various components hosted by the servers
The chapters aims at introducing security, performance issues of Web applications
-
8/8/2019 Intro to Web Architecture Chapter 1
7/42
ER/CORP/CRS/OS30/003
Version no: 2.07Copyright 2004,
Infosys Technologies Ltd
Differences in Internet and World Wide Web
Internet : The Internet is a network of networks
Information travels over the Internet, via a protocols (TCP/IP)
The World Wide Web, (popularly known as web) is the way of accessing information over the medium of the Internet.
the model of sharing information and that's why is sits on the of the Internet
-
8/8/2019 Intro to Web Architecture Chapter 1
8/42
ER/CORP/CRS/OS30/003
Version no: 2.08Copyright 2004,
Infosys Technologies Ltd
Web Architecture
Why architect the Web Applications?
What is N "Tier architecture?
Usually developers would like to attack the programming as soon as they encounter aproblem.We must realize there is lot more to programming than simple coding.
Coding web-application without architecting it can result in critical problems at the later stagebecause Web applications run under environments like browser, web servers , applicationservers and they communicate using specific protocols like HTTP
One can compare this to building a huge complex without involving a good architect or by by-passing the Architecture stage.
The architecture is the winning factor of the web-application ( which might become the losingfactor if not handled properly).
In this course we will talk about architecting the Web applications and the importance of thesame.
What is usual N Tier architecture of Web applications?
In an web application, usually the terms tier and layer are used interchangeably.
N "Tier architecture can be defined as two or more levels arranged one above anotherwhere each level serving distinct and separate tasks like presentation, business logic, dataaccess etc.
Any number of such levels (or tiers) can be arranged above another.Web Applications usually use N-tier architecture because it provides a model for flexible/reusable/ maintainable application.
By breaking up a system into tiers, developers only have to modify or add a specific tier,rather than rewriting the whole application
, if a particular tier (say database) needs change or if the application needs to scale up.
An example for the same in real life is that a CAR is more scalable than 3 wheeler which ismore scalable than a Bi-Cycle.
-
8/8/2019 Intro to Web Architecture Chapter 1
9/42
ER/CORP/CRS/OS30/003
Version no: 2.09Copyright 2004,
Infosys Technologies Ltd
N "Tier architecture
Data Tier also known as back end tier
The Presentation Tier also known as front end tier
The Business Logic Tier also known as brain of the application
Data Tier: Is always a part of Web-application.
Though System can exist without data tiers, all real-life examples explicitly need a data tierto handle the complex requirements of data storage.
This layer is the Database Management System (usually RDBMS).
It can be very complex like a high-end product (Oracle/SQL Server), which do include
features like backups/recovery/query optimization etc.Or it can be the simplistic plain text files.
Famous formats of structured, plain text files are CSV files, XML files, etc.
This tier is to deal with the storage and retrieval of the information.
It is not about manipulating or styling the data. It is also known as back end tier
The Presentation Tier : This layer provides an interface for the end user into your
application.
It takes the results of the Business Tier (mentioned below) and renders the data into formatslike HTML (for browser users) or WML (for Mobile users) or the other formats readable by
the end user of the system. It is also known as front end tier.
The Business Tier :This is called as brain of the application. It contains business rules usedfor data manipulation etc. For example, if you're creating a application to calculate the tariff
of a courier then you might want to consider the details like weight, delicacy , mode ofsending for a courier. Also the discount depends on who is sending the courier etc. This
logic is called as business Logic.
-
8/8/2019 Intro to Web Architecture Chapter 1
10/42
ER/CORP/CRS/OS30/003
Version no: 2.010Copyright 2004,
Infosys Technologies Ltd
Web server E.g. Tomcat, IIS
Application Server E.g. Weblogic, WebSphere
Basic Terms in Web Architecture
We will go through meaning of some basic terms before we understand the complete structure ofthese tiers.
Web server
Is a computer that serves Web pages to specific clients like Web Browser.
When you type www.infosys.com in the browser, then it searches for a Web Server corresponding tothis URL on the web.
Every web server has an IP address and host name.
For example, the URL http://www.infosys.com sends a request to the server which maps to thedomain name infosys.com.
The Web server then fetches the page named index.html and sends it to your browser.
Any computer which has web server software (for ex: Apache/Tomcat) installed on the same is calledas Web server.
This machine is usually it is connected to the Internet so that it can be accessed from anywhere.
But for the servers which are used over intranet, the access is limited and thats why they do not needto have connection to Internet.
Application Servers
A machine having a software called Application Server( for example WebSphere/ Inprise ApplicationServer) installed on the same and which provides various services to many types applications is called
application server.For Examples, An application might need to store its data in Database.
The ready made product called application server can help in this by creating the required connectionsto the database. This reduces the burden on the application developer and helps in increasingproductivity.
Example: There are various companies who have developed application Server Products.
Example Weblogic by Bea, Oracle 11i AS Portal Server
-
8/8/2019 Intro to Web Architecture Chapter 1
11/42
ER/CORP/CRS/OS30/003
Version no: 2.011Copyright 2004,
Infosys Technologies Ltd
Basic Terms in Web Architecture (Contd)
Directory service
Search engines
Persistence
Directory service
Directory service is repository for information about objects located on networks, such as applications,files etc. Directory services provides a consistent way to name (or register) these objects when theyare created, describe their functionality, locate them from client machines, access their methods, andprovide secure way to connect to them.
With web applications, there are various network resources that need to be contacted from variouslocations.
Such resources register themselves with Directory Service. While registering a unique name has to beprovided to these objects. Directory service acts as database to store this unique name and thecorresponding object.
The clients contact directory service to find the relevant objects by providing the corresponding name.( Just like you use the telephone directory by providing the appropriate employee ID)
Directory Service then identifies these resources and makes them accessible to users according to theaccess rules specified for the resource. Ideally, the directory service should be developed in such waythat the client need not depend on the network topology or protocols to access any resource.
For example Java Naming and Directory interface, Lightweight Directory Access Protocol
Search engines
A program that searches documents for specified keywords and returns a list of the documents thatmatch the specified keyword is called as Search engine.
For ex: Google.com
Although search engine is generic word, the term is often used to specifically describe systems like
Google, Alta Vista and Excite that enable users to search for documents on the World Wide Web
Persistence service
Persistence Service is offered by various application servers to persist the volatile data into thedatabase. The volatile data is usually in the form of Objects or sometimes in form of a new Markuplanguage named XML.
Persistence is the service which can automate the storage of this volatile data into the database
-
8/8/2019 Intro to Web Architecture Chapter 1
12/42
ER/CORP/CRS/OS30/003
Version no: 2.012Copyright 2004,
Infosys Technologies Ltd
Basic Terms in Web Architecture (Contd)
Load balancing
Transaction management
Authentication / authorization service
Load balancing
Load balancing is distributing processing and communications activity evenly across acomputer network so that no single device is overwhelmed. Load balancing is especiallyimportant for networks where it's difficult to predict the number of requests that will be issuedto a server. Busy Web sites typically employ two or more Web servers in a load balancingscheme. If one server starts to get swamped, requests are forwarded to another server with
more capacity. Load balancing can also refer to the communications channels themselves.
Transaction management
In the scenario of a web application, Transaction Management becomes even more crucialbecause various clients would be contacting the same resource simultaneously. The codeincluded in the web application needs to clearly indicate the begin and the end oftransactions and the various isolation levels associated with a transaction. This can either bedone with code or can be done with the help of Application Server. Application Serverprovides a facility to declare the isolation levels of transaction and auto generates code forthe same. This is called as Declarative Transaction management. It is one of the mostpopular service provided by different application severs.
Authentication / authorization service
Authentication service helps is identifying a user and authorization service helps to find outwhether the user has access rights to the required resource. Example: JASS (JavaAuthentication / authorization service) helps in fulfilling authentication / authorizationrequirement
-
8/8/2019 Intro to Web Architecture Chapter 1
13/42
ER/CORP/CRS/OS30/003
Version no: 2.013Copyright 2004,
Infosys Technologies Ltd
Web Servers
Web Browsers
HTTP
Web Server
WebSite Web Content
(HTML Pages)
Web Browser here acts as a Client providing us a means to send the request to the server.
Various browsers like Internet explorer and Netscape Navigator are famous products in thebrowser market.
Web Server provides services to the clients which are sending request over HTTP protocol.
-
8/8/2019 Intro to Web Architecture Chapter 1
14/42
ER/CORP/CRS/OS30/003
Version no: 2.014Copyright 2004,
Infosys Technologies Ltd
HTTP Protocol
HTTP/1.0 was the originalversion
HTTP 1.1
HTTP1.1. providesPersistent Connection
Web Browser
Web Server
File System
Document
Request
Web server
searches for
the document
on file system
Server retrieves
the document
Server sends the
document to Browser
This last step of hanging up after each interaction was accurate with HTTP1.0. HTTP1.1 provides Persistent Connection that can be used by the browser
for the next request/response. While using HTTP1.1 the connection would notbe closed. Instead the same connection is used in the next interaction by thebrowser.
Hangs upHangs up
Reads the contents of the filesand displays it
Copies the contents of the file into thesocket
Writes HTTP/1.0 200 OK \n\n.
Reads a local file named /index.html
And that HTTP 1.0 is a valid protocolversion
Sees that the GET is the knowncommand
Reads up until the second end of the line(\n)
Writes GET/index.html HTTP/1.0 \n\nAccepts the Connection
Connects to Port 80Listens to Port 80
ServerClient
-
8/8/2019 Intro to Web Architecture Chapter 1
15/42
ER/CORP/CRS/OS30/003
Version no: 2.015Copyright 2004,
Infosys Technologies Ltd
HTTP Protocol ( Contd )
HTTP defines a simple request -response protocol
Client sends the Request to server - HTTP Request
Server sends the Response to the client - HTTP Response
Application Layer protocol on TCP/IP Suite
Stateless Protocol
HTTP Request is sent to the server and the Server sends a response in the format that is
understood by the client.
Though this cycle sits on HTTP, the underlying still remains the TCP-IP.
What is Stateless:
Stateless means having no information about what occurred when the user previouslyaccessed this application.
Current applications maintain state, which means that they remember what you were doinglast time you used the application.
It means you can change the application according to a users previous interaction/ personal
likings in terms of fonts/colors.
The HTTP protocol is stateless because each request for a new Web page is processed
without any knowledge of previous pages requested.
This is one of the main drawbacks to the HTTP protocol.
So the programmer find it difficult to code the web sites that intelligently react to the userinput.
Because maintaining state is extremely useful, people have developed techniques to addtrack the state.
These include server APIs, cookies etc. You will learn about cookies and these APIs in
further course.
-
8/8/2019 Intro to Web Architecture Chapter 1
16/42
ER/CORP/CRS/OS30/003
Version no: 2.016Copyright 2004,
Infosys Technologies Ltd
Http Request : GET Vs POST method
With POST, the data is not cached either in thehistory or in the bookmark so it is more secure.If the user bookmarks a GET page, the
querystring info will also be saved withit. A querystring also shows up in the
history list .Get isnt very secure.
The form data is available on STDIN,which is ahandle for the standard input . It defines theinput stream for the program.
In the server script that handles thesubmitted information, the form data isretrieved from the QUERY_STRINGenvironment variable .Environmentvariables are the variables that areautomatically created by the server foreach process.
PostGet
In GET, since the form data is part of the URL, ends up in the server logs while as in POST
data does not make it into the server logs
GET has a limit on the length of the querystring which depends on the browser (usually 255)
and there is almost no size limits on a HTTP header.
The data sent in the querystring is visible in the address bar and thats why not very safe.The data sent using the POST method is not visible in the address bar and thats why it is
more safe.
-
8/8/2019 Intro to Web Architecture Chapter 1
17/42
ER/CORP/CRS/OS30/003
Version no: 2.017Copyright 2004,
Infosys Technologies Ltd
HTTP Request
An HTTP Request can have an initial line (method , URL, Protocol Ver. )
Zero or More header lines (its configuration and acceptable doc formats)
a blank line
an optional message body (additional data)
Demo : Eg. http://www.infy.com/index.html GET /index.html HTTP/1.0
User_Agent: Mozilla/3.0Gold
Accept: text/plain
Accept: text/html
-
8/8/2019 Intro to Web Architecture Chapter 1
18/42
ER/CORP/CRS/OS30/003
Version no: 2.018Copyright 2004,
Infosys Technologies Ltd
HTTP Response
An HTTP Response can have Initial line or Status line ( Server HTTP Ver, Status-code, Reason)
Headers - Description of the header info in the response Message body - Actual information requested
-
8/8/2019 Intro to Web Architecture Chapter 1
19/42
ER/CORP/CRS/OS30/003
Version no: 2.019Copyright 2004,
Infosys Technologies Ltd
Example of HTTP Response
Eg. Response for /index.html HTTP/1.0 Status 200 OK
Server : NCSA/2.0 Date: Mon, 10 Mar 2003 12:04:04 GMT
Content-type: text/html
Content-length: 5800
Last-modified:
XYZ Home Page
... other content of /index.html ...
-
8/8/2019 Intro to Web Architecture Chapter 1
20/42
ER/CORP/CRS/OS30/003
Version no: 2.020Copyright 2004,
Infosys Technologies Ltd
Various components of Web Application
Web Servers host Various components of Web Applications E.g. Active Server Pages ( ASP) /ASP.NET
Technology is developed by Microsoft.
ASP uses scripting language as VB Script
ASP .NET uses any compliant language like VB. NET or CSharp as scripting language
Active Server Pages
Abbreviated as ASP, a specification for a dynamically creating Web page with a .ASPextension that uses scripting languages usually VB Script or Jscript code for creating thedynamic web page. When a browser requests an ASP, the Web server generates a pagewith HTML code and sends it back to the browser.
-
8/8/2019 Intro to Web Architecture Chapter 1
21/42
ER/CORP/CRS/OS30/003
Version no: 2.021Copyright 2004,
Infosys Technologies Ltd
Various components of Web Application (Contd..)
Java Servlets Technology is developed by Sun.
Defined as Java Program best suited to handle and route Web requests
Java Servlets
Servlets are the units of Java programs that handle Web requests and routes the request tothe appropriate element for processing. It can also generate dynamic HTML but is not well
suited for the same being a Java Program. This is a technology by Sun Microsystems.
-
8/8/2019 Intro to Web Architecture Chapter 1
22/42
ER/CORP/CRS/OS30/003
Version no: 2.022Copyright 2004,
Infosys Technologies Ltd
Various components of Web Application (Contd..)
Java Server Pages Technology is developed by Sun.
Uses Java as a scripting language
Java Server Pages
Abbreviated as JSP, a specification for a dynamically creating Web page with a .JSPextension that uses scripting language as Java for creating the dynamic web page. When a
browser requests an JSP, the Web server generates a page with HTML code and sends itback to the browser.
This is a technology by Sun Microsystems.
-
8/8/2019 Intro to Web Architecture Chapter 1
23/42
ER/CORP/CRS/OS30/003
Version no: 2.023Copyright 2004,
Infosys Technologies Ltd
Various components of Web Application (Contd..)
Web Services Is a standard that can be implemented in many technologies
Provide data and services to other applications
Web Services:
Are units of logic providing data and services to other applications (usually to the remote andheterogeneous clients).
Applications access Web services via standard Web protocols.
For example, if CNN provides the temperature of various cities in world through web service
then various sites can call this web service and receive the data in the standard format.
-
8/8/2019 Intro to Web Architecture Chapter 1
24/42
ER/CORP/CRS/OS30/003
Version no: 2.024Copyright 2004,
Infosys Technologies Ltd
Few Popular Web Servers
Microsofts Personal Web Server
+ Freeware+ Easy to setup and use
+ ASP support
- Vulnerability : On Win95/98 allows files on the server to be read by an unauthorized user
Best suited for testing and serving small web sites
Mainly used for personal web pages.
Can host web applications like Active Server Pages ( ASP)
-
8/8/2019 Intro to Web Architecture Chapter 1
25/42
ER/CORP/CRS/OS30/003
Version no: 2.025Copyright 2004,
Infosys Technologies Ltd
Few Popular Web Servers.
Microsofts Internet Information Server
+ performance and security enhancements.
+ Well-integrated server administration tools
+ Easy to configure & Better Clustering.
- Only runs on Windows OS like WinNT Server /2000/XP
Best suited for MS Platforms
Mid Range Web server
It can be used for developing commercial web sites as well as for the intranet web sites for acompany.
Many sites used for the internal purpose in Infosys are working on IIS.
Mainly used to host web applications like Active Server Pages ( ASP)
-
8/8/2019 Intro to Web Architecture Chapter 1
26/42
ER/CORP/CRS/OS30/003
Version no: 2.026Copyright 2004,
Infosys Technologies Ltd
Apache - A PATCHy Server Origin: NCSA
+ Multi-platform support, protocol support HTTP/1.1+ Overall performance and robustness
- More extensive technical support requires the purchase of a third-party support contract
High-end enterprise server for Unix and Win32
Most preferred Web server
Few Popular Web Servers
Apache is one of the oldest web severs which is still taking lots of market share even today.
Now a days lots of plug in software are available for Apache which makes it possible to host
various types of web applications like
Active Server Pages ( ASP)
Java Servlets
Java Server Pages
Java Servlets.
-
8/8/2019 Intro to Web Architecture Chapter 1
27/42
ER/CORP/CRS/OS30/003
Version no: 2.027Copyright 2004,
Infosys Technologies Ltd
Few Popular Web Servers
WebSphere: Web Server by IBM+ Support for various web applications like Servlets/JSP
+ Unique services provided to communicate with the Legacy systems running onMainframe Ex: CICS Transaction Gateway
Best suited for large scale sites involving communication with legacy systems
It works on various platforms including IBM Mainframes
-
8/8/2019 Intro to Web Architecture Chapter 1
28/42
ER/CORP/CRS/OS30/003
Version no: 2.028Copyright 2004,
Infosys Technologies Ltd
Performance of Web Application
Performance of a web application is directly depending on the actual end-userresponse time.
Performance of many Web sites depends on the load on the site at peak time
Performance in a Web application is very important because the Web applications are
accessed remotely.
When there is single user, web applications might provide good response but what about the
loads of users?
Imagine Testing a Web applications performance for 1 lakh simultaneous requests.We cannot do this by manual testing. So performance testing is normally conducted in asimulated environment with the help of performance testing tools.
If the performance is not satisfactory, then various measures need to be taken to tackle theissues.
In further chapter, we will look at various inherent problems in web applications likeperformance and security.
-
8/8/2019 Intro to Web Architecture Chapter 1
29/42
ER/CORP/CRS/OS30/003
Version no: 2.029Copyright 2004,
Infosys Technologies Ltd
Heterogeneity involved in Web Apps
Traditional apps generally have 1, 2 or 3 software pieces talking to each other
e.g. VB ODBC (Open Database Connectivity) - SQL Server, or PowerBuilder - Nativedrivers - Sybase, or IBM 3270 - CICS - DB2
Generally, the entire solution is from one or two collaborating vendors
The wire protocol for communication between collaborating parts is proprietary;implying that it is difficult or impossible to extend the solution: i.e. replace the VBclient with a different kind of client
It is essential to understand history of applications before we begin with the basic terms of webarchitecture.
A Traditional application consists of the User Interface as the front tier and the Database at the backend. The connectivity is done with the help of standards like Open Data Base Connectivity, JavaData Base Connectivity etc.
Usually all the tiers are coded with the help of products developed by a single company.
Also the protocols used were proprietary because of that.
The users of applications were known in advance.
With the evolution of WWW (World Wide Web) we also need to concentrate on
a) Searching the correct application before calling it. This is done with the help of UniversalResource Locators
b) Represent the data in the standard data formats
c) Use the required protocols for communication between different tiers
d) Prepare for the large base of unknown users :
Elaboration:
Demography of users in a traditional applications are generally known in advance. Their login pattern,
usage pattern, general behavior, etc are known in advance. Generally, users on an intranet are
reasonably predictable.
While as profile of users in an application exposed to the Internet is not known.
They could be genuine buyers, hackers, frivolous people, frauds, or people all out to have
some fun.
Transaction rate is not known upfront; could vary by time of the day (or night!); there could be
sudden peaks and troughs
-
8/8/2019 Intro to Web Architecture Chapter 1
30/42
ER/CORP/CRS/OS30/003
Version no: 2.030Copyright 2004,
Infosys Technologies Ltd
Issues involved in performance of Web applications
Following are the main reasons because which performance issues occur in WebApplications
Web application inherently needs lots of layers as compared to traditional application. Manyof these layers are remote.
The load of an application (in general and at any given time) cannot be estimatedaccurately.
And there is no seamless integration between multivendor products used in all these layers,so the performance of an application is not always predictable.
Performance might go down because of the extra mechanism added like security
The issues can be further categorized as
a) Component level issues
b) Issues at the server level
For some issues related to security and performance, the server level solution works well.
For example, if the performance is decreasing because of the increase in load at peakhours, then the load balancing feature of a web server can be used. (The feature isdiscussed in detail in the sub-sequent slides). With this feature the load is spread outamong various server machines.
At the same time some care need to be taken at component level too.
The programmer needs to make sure that components are capable of spreading out acrossvarious servers and still provide the required functionality.
To take care of this the component has to be built according to the rules of certain standard.
-
8/8/2019 Intro to Web Architecture Chapter 1
31/42
ER/CORP/CRS/OS30/003
Version no: 2.031Copyright 2004,
Infosys Technologies Ltd
Issues involved in security of Web applications
Following are the main reasons because which security issues occur in Web Applications
Users not known in advance Because of various types of users are connecting to a web application, the set of resources
that they can access has to be limited depending on the user profile
Information send out to particular user has to be protected
In the subsequent slides we will study about the various issues, their impacts on server side
and at the component level
-
8/8/2019 Intro to Web Architecture Chapter 1
32/42
ER/CORP/CRS/OS30/003
Version no: 2.032Copyright 2004,
Infosys Technologies Ltd
Load balancing
Server 1Server 2
Server 3
Browser
Load Balancing Software decides which server to direct traffic to
The solution to catering to the issue of heavy load on Servers is Load balancing.
Assume that a courier industry is running across various geography locations and need to maintainthe centralized repository of the data. In this case a single web server used by such application, maynot be able to take the load from various requests coming in from different locations.
For many such reasons, Popular web sites need ways to spread their load out - usually across
multiple machines, and sometimes across multiple sites.
Examining the access patterns for the site is crucial to the performance tuning and load balancingprocess.
Scalability of the servers is enhanced by a technique known as load balancing.
Quite a few times load balancing in database servers can be done with the concepts of disk arrayswhere there is single DB server software and an array of multiple disks ( few of which can be fall backdisks) to store the data.
But with web server or application server disk arrays dont help always because its not just thequestion of storing the data but it also about various interlinked components running simultaneouslywhich are contacted by load of users at a time.
In this case a clustering of multiple servers (not just multiple disks) sharing the incoming load helpsbetter.
Round robin between these server is the most popular mechanism of spreading the load.
The figure in the slide illustrates the concept of a load-balanced Web server mechanism.
-
8/8/2019 Intro to Web Architecture Chapter 1
33/42
ER/CORP/CRS/OS30/003
Version no: 2.033Copyright 2004,
Infosys Technologies Ltd
Consequences
The programmer needs to make sure that components are capable of
spreading out across various servers
still provide the required functionality.
If proper care is not taken while coding these components then when components are
spread across multiple servers , the clients of these components get affected.
For example,
In the past, a component named tariffCalculation was used by another component (Calledas client) which was also present on the same machine where tariffCalculation component
was deployed.Now with the recent load balancing requirement, this component is spread across variousservers and so are the clients. This reflects certain change in the details of the
tariffCalculation component that are be known to the client.
If the component has built-in facilities to accommodate these changes, then using loadbalancing is done smoothly.
To take care of various such issues the component has to be built according to the rules of
certain standard.
-
8/8/2019 Intro to Web Architecture Chapter 1
34/42
ER/CORP/CRS/OS30/003
Version no: 2.034Copyright 2004,
Infosys Technologies Ltd
Standards available for building Components - CORBA
CORBA
CustomerCustomer
ItemItem
ShipmentShipmentOrderOrder
AccountAccount
BookBookTV
TV
PCPC
has
places
contains
creates
can be
Java onWin95C++ on Unix
COBOL on MVS
CORBA: Short for Common Object Request Broker Architecture, an architecture that
enables pieces of programs, called objects, to communicate with one another regardless ofwhat programming language they were written in or what operating system they're runningon.
For example, a program coded in Java can call a function in COBOL with help of thistechnology
The diagram shows three modules of an enterprise application namely
Customer: Coded in Java
Account : Coded in C++
Order Processing: Coded in COBOL
These are interrelated modules and the interaction is made possible with CORBA
technology.
-
8/8/2019 Intro to Web Architecture Chapter 1
35/42
ER/CORP/CRS/OS30/003
Version no: 2.035Copyright 2004,
Infosys Technologies Ltd
COM+
ObjectObject
ServerServer
ClientClient
COM+ : Component Object Model +, an extension of the Component Object Model (COM)
to receive the standard services from the servers like MTS (Microsoft Transaction Server)
COM+ was developed by Microsoft
The diagram shows the server, the object and the client.
The object contains the required logic which is needed by the client.
The server takes care of various objects by providing them services like persistence,
transaction management etc
The client contacts the required object and receives the results.
-
8/8/2019 Intro to Web Architecture Chapter 1
36/42
ER/CORP/CRS/OS30/003
Version no: 2.036Copyright 2004,
Infosys Technologies Ltd
.NET
VisualStudio.NET
C# VB.NET JScript Any .Net Compliant Language
Common Language Specification (Basis of Common Language Runtime)
ASP.NET Windows Forms
ADO .Net and XML
Base Class Library / . Net Framework
Common Language Runtime ( CLR)
Windows OS COM+ Services
.NET : Is suite of products for operating, managing and creating the workflow of Web
Applications and web services
.NET is a different subject in itself. The brief introduction of each part is stated below.
The order is from Bottom to Top
Windows is the OS and .Net currently runs only on windows platform
COM+ Services are services like Life Cycle Management/ Transaction Management/Persistence.
The CLR Common Language Runtime makes sure that the objects written in differentlanguages can communicate with each other.
Base Class Library is the ready made set of classes for faster code development
ADO.NET and XML ADO .NET is the Microsoft way for the application to talk to thedatabase. The base class library also gives extensive support for reading and manipulatingXML files. ADO .Net is the XML based technology.
ASP. NET is the is server side code which would be hosted on the IIS Server and it can bedeveloped in any .NET compliant language like VB .NET, C Sharp etc
Windows Forms are required for console based application. They are used to create the
graphical user interface.
Common language Specification Is published by Microsoft . It describes the rules of a.Net compliant language. Any language which follows these rules can be used in .NET Sothis in turn is an invitation for the vendor companies to write more and more .NET compliant
languages
Visual Studio .NET is the powerful Integrated Development Environment for developing thecode using .Net technology
-
8/8/2019 Intro to Web Architecture Chapter 1
37/42
ER/CORP/CRS/OS30/003
Version no: 2.037Copyright 2004,
Infosys Technologies Ltd
J2EE
AppletContainer
Application
ClientContainer
WebContainer
JSP/Servlet
EJB Container
EJBsDatabase
Web Component Enterprise Component
The diagram shows the typical Four tier architecture.
In this architecture, the request is initiated from browser/java application.
The request is received by the web server and is routed to the
appropriate Servlet component.
Enterprise JavaBeans (EJB) is a Java API developed by Sun
Microsystems that defines a component architecture for multi-tierclient/server systems.
Servlet analyzes the request and passes it on to the EJB for processingthat needs the business logic and data access.
EJBs in turn produces the results and the JSP formats the results andsends it back the browser.
-
8/8/2019 Intro to Web Architecture Chapter 1
38/42
ER/CORP/CRS/OS30/003
Version no: 2.038Copyright 2004,
Infosys Technologies Ltd
Catering to the problem of Confidentiality
Following are the two main techniques used to cater the problem of Unknown UserProfiles in the web applications.
Authentication
Authorization
Various ready APIs are available for the same JAAS (Java Authentication and Authorization Service
Various techniques like Single signon are also widely used by sites Microsoft Passport etc
Authentication:
Let us consider the example of Campus connect link on the Infosys Web-site.
Whenever anybody accesses the Campus connect web application from Infosys Web-site, the username andpassword is checked to make sure that only authentic users get to entry in the application. This process ofidentifying an individual, based on a username and password is called as authentication.Most of the web-sites ask you to explicitly register to get this username and password.
Most of the Intranet application uses your Windows (OS) login-id and password to authenticate you.
Authentication is distinct from authorization , which is the process of giving access to certain objects of system tocertain individuals based on their identity. For example delete department can be accessed only by certain groupof people.
Authentication just ensures that the user name and password is valid but does not deal with the access rights ofthe individual.
Authorization
The process of granting or denying access to a resource is called as Authorization. Most of the web-applicationfirst complete authentication and then go for authorization, which allows the user access to resources based onthe user's identity.
For example, in campus connect application only few users would have access to modify the course material keptat the site while as the students would be able to view the contents. This checking is done through authorization.
Single signon
It is a process of authentication where the user, or client, can enter one name and password and have access to
more than one application or access to a number of resources within an enterprise. Single signon takes away theneed for the user to enter further authentications when switching from one application to another.
Single signon is abbreviated as SSO.
Microsoft .NET Passport gives users a single, convenient way to sign in to multiple Internet sites and servicesusing one sign-in name and password.
It also allows to store personal information in the .NET Passport profile and, if you choose, automatically sharethat information when signed in so that personalized services can be provided.
-
8/8/2019 Intro to Web Architecture Chapter 1
39/42
ER/CORP/CRS/OS30/003
Version no: 2.039Copyright 2004,
Infosys Technologies Ltd
Techniques for Authentication
Following are few techniques Applying Operating System level authentication, by impersonating login credentials of the
client.
Authenticating the client programmatically.
Token wise authentication.
Examples: Digital certificate
A) Applying Operating System level authentication, by impersonating login credentials of the
client.
This involves a setting with the server software which instructs the server to request the OS
level credentials (for example Windows Login Id and Password) and authenticate the usersby their OS dependant credentials
Usually the Intranet Systems prefer this authentication so that the existing set of Logids andaccess permission can be utilized
B) Authenticating the client programmatically involves creating a set up of Users Ids and
access control Lists of these users and their roles. Many software products like LDAPAuthentication Techniques can be used in this case.
C) Token wise authentication is covered in next slides.
-
8/8/2019 Intro to Web Architecture Chapter 1
40/42
ER/CORP/CRS/OS30/003
Version no: 2.040Copyright 2004,
Infosys Technologies Ltd
Catering to the problem of Information Protection
Secure communication is ensured by using an industry standard protocol called SSL(Secure Socket Layer)
Cryptography Symmetric and A-Symmetric key Encryption for confidentiality
Certificates for authentication and non-repudiation
SSL
SSL is short form of Secure Socket Layer is a protocol designed by Netscape Communications toenable encrypted, authenticated communications across the Internet. URLs starting with https:// areknown to use this layer
Cryptography
Is the process of protecting information by transforming it into an unreadable format, called cipher text.Only those who possess a secret key can decipher (or decrypt) the message into plain text.
With the electronic security is becoming increasingly important, Cryptography is widely used to protectthe data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacy
because it's effective and free.
Cryptography systems can be broadly classified into symmetric-key systems that use a single key thatboth the sender and recipient have, and asymmetric-key systems that use two keys, a public keyknown to everyone and a private key that only the recipient of messages uses.
Digital certificate
Is an attachment to an electronic message used for security purposes. The common use of a digitalcertificate is to verify that a user sending a message is the one who he or she claims to be, and toencode the reply and send it to receiver.
A person who wishes to send an encrypted message applies for a digital certificate from a CertificateAuthority (CA)
The CA issues an encrypted digital certificate containing the applicant's public key and a variety ofother identification information. The CA makes its own public key readily available through printpublicity or perhaps on the Internet.
The recipient of an encrypted message uses the CA's public key to decode the digital certificateattached to the message, verifies it as issued by the CA and then obtains the sender's public key andidentification information held within the certificate. With this information, the recipient can send anencrypted reply.
The most widely used standard for digital certificates is X.509.
-
8/8/2019 Intro to Web Architecture Chapter 1
41/42
ER/CORP/CRS/OS30/003
Version no: 2.041Copyright 2004,
Infosys Technologies Ltd
Summary
We Covered What is WWW
The Basic Terms of Web Architecture
The tier-ed architecture of Web Applications
Various options available in terms of servers
Various types of components of a web application
Awareness about the issues involved in security, performance at the client and server end
-
8/8/2019 Intro to Web Architecture Chapter 1
42/42
ER/CORP/CRS/OS30/003
Version no: 2.042Copyright 2004,
Infosys Technologies Ltd
Thank You!
top related