Sponsored By

Architecting A
Web-Enabled Solution
Objectives
 In this session we will examine
 The main goals in designing and
architecting a Web-based application
 How Windows® 2000 and the .NET
Enterprise Servers can help you reach
those goals
 Key decisions and trade-offs in the design
of a Windows-based Web solution
Agenda
 Introduction to application architecture
 Architecting for manageability
 Architecting for security
 Architecting for scalability
and availability
Architecting A Building
 A building must be
 Big enough
 Strong enough
 Secure enough
 Maintainable
 The building should
usually integrate
with existing
infrastructure
services such as
water, gas,
and electricity
Architecting An Application
 Applications must
provide sufficient
 Scalability
 Availability
 Security
 Manageability
 They often need to
integrate with
existing systems
Services And Tiers
Presentation Business Data
Windows 2000 Infrastructure
MSCS

DCOM
NLB
Win 32
ODBC

DHTML
HTTP
XML ADO
ADSI

COM+
ASP
OLE-DB
ISAPI
HTML
The .NET Enterprise Servers
Presentation Tier Options
<>

XSL
DHTML ASP

ISAPI
HTML
Business Logic Options

+
ASP COM+
Interpreted Compiled
Re-use within application Re-use by any application
Deploy in Web site Deploy anywhere
Can use COM+ Transactions Can use ALL COM+ services
Script Any COM language
Data Tier Options
SQL Server Active Directory Exchange Server

OLE-DB
OLE-DB
CDO
ADSI
OLE-DB
HTTP
HTTP FILE

HTTP-DAV
Agenda
 Introduction to application architecture
 Architecting for manageability
 Architecting for security
 Architecting for scalability
and availability
Manageability Requirements
As a developer,
As an I As a business manager I
need to manage
administrator, need to be able to respond
I needthetorapid
manage to a changing market and
development
the deployment and analyse business data
maintenance
and monitoring of the
of
theapplication
application
Site Development
Commerce Server 2000 solution sites
SQL Server

Virtual Root
Pipelines

Global.asa

Components
Active Directory
ASPs Templates
Business Management
 Commerce Server Business Desk
 Internet Explorer 5.5 based admin UI
Business Desk Example
Targeting
 Define custom properties for users, pages,
products, etc.
 Income (currency), driving license (Boolean)
 Create Expressions based on the properties
 High earner = income > 20000
 Driver = driving licence is true
 Create target groups based on Expressions
 Wealthy drivers = high earner + driver
 Target advertisements and discounts at
specific profiles
 Show Porsche advert to wealthy drivers
Application Administration

Application Center 2000

Windows Network Load Balancing (NLB)

Demonstration
 Managing a Web farm with
Application Center 2000

Server 1 Server 2
Agenda
 Introduction to application architecture
 Architecting for manageability
 Architecting for security
 Architecting for scalability
and availability
Security Requirements
And we need to use We need to ensure that
encryption
By exposingfor our no-one can access
to the Web, sensitive data on our
sensitive data
application
we’re creating many internal network via the
security issues Internet

We’ll also want to

authenticate users, either
using Active Directory or
a custom database
Network Connectivity
Security
 Internet security and Acceleration Server 2000
 Multi-layered firewall protection
 High Performance cache
 Use two firewalls to create a DMZ
Firewall Implementation
Single ISA Server Installation
ISA

Domain? DMZ Internal

Network
Dual ISA Server Installation
ISA ISA

DMZ Internal
Domain? Network
User Authentication
 Anonymous login
 Can still use cookies for non-intrusive profiling
 Suitable for content publishing sites
 Custom form-based authentication
 User data stored in any data source
 Most common solution for e-commerce sites
 Windows integrated login
 User data stored in Active Directory™
 Digest authentication from any browser
Using SSL For Encryption
 Public key encryption used to pass the
session key
 Session key used to encrypt all traffic

Browser makes an HTTPS connection and the level of encryption

is negotiated
Server sends the browser its public key

Browser creates session key and encrypts it with server’s public key
Session key is now used for all traffic in this (stateful)
session
Agenda
 Introduction to application architecture
 Architecting for manageability
 Architecting for security
 Architecting for scalability
and availability
Scalability And Availability
Requirements
The site will need to We’ve also got to
support concurrent provide 24x7 access
access by a considerable
number of users
Basically, we need to
please all of the people,
And it must still provide
all of the time!
acceptable performance
in a cost effective way
Scaling Up And Scaling Out
 Scaling Up: Increasing resources
in a server
 Scaling Out: Adding servers
to balance the load
State Management Choices
 Storing state on the Web server
 Restricts ability to load balance
 ASP Session object does not provide
adequate scalability
 Storing state on the client
 Cookies
 URL parameters, hidden form fields
 XML Data Islands
 Storing state on the database server
 Key used to map user session to
database records
 Database caching will improve performance
State And Server Affinity
No Affinity Client IP Affinity

Request Forwarding Multiple Web Farms

Demonstration
 Request forwarding

Server 1 Server 2
Deploying Components
Web Application Database
Farm Cluster Cluster

WMI

Optimal Sensitive/ Data

performance re-usable intensive
business logic
logic
Defining Process
Boundaries
 Performance versus fault-tolerance
Performance

IIS IIS IIS IIS

ASP ASP
ASP ASP
COM+
COM+ COM+ COM+

(Default)

Fault Tolerance
Component Load Balancing
(CLB)
 Provided by Application Center Server
 Only activations are load balanced
 Based on response time and round-robin
AppServer1
AppServer1: 10ms
AppServer2: 15ms AppServer2
AppServer3: 20ms Web Farm

AppServer3
SQL Server Failover
™

Clustering
 Active/passive clustering

 Active/active clustering
SQL Server Standby Servers
 Log Shipping used to apply transaction
log to standby server
 Can be used as a read-only data source
 On failure of the primary server,
rename the standby server

RO
SQL Server Data Partitioning
 Partitioned views are updateable
 Queries are optimised for
distributed data

Sales (US) Sales (UK) Sales (Asia)

Sales
Demonstration
 Partitioned views
Partitioned View Issues
 Only very large databases will benefit
 Small database performance will suffer
 Partitioning should be designed from
the outset
 Keep as much related data on the same
physical server as possible
 Build data dependant routing logic into
the application server
 Try to connect to the server storing most of
the required data
Call To Action
 Minimize business logic in ASPs, use
components instead
 Minimize out of process/remote calls
 Scale out rather than up
 Minimize application tier state
 Use SSL only where required
 Partition large volumes of data