Web-based Architectures

           Fulvio Corno, Dario Bonino




08/10/09            Web Architectures   1
Outline

      Reference  Architecture
      Web server
      Application server
      Database server
      Networks...
N-Tier architectures
                                               Each level/tier has a
              Browser          ...
General Architecture

Internet            ISP                   Client


            ISP
                     Web &       ...
Components
      One   or more connections to the Internet
       by means of an Internet Service Provider
       (ISP).
...
What is a server?
  Two senses:
    A process that runs on a host that relays
     information to a client upon the clien...
What is a server ?
 The offered functionalities depend on:
   The kind of server software (daemon /
    service)
   The ...
e-Business Architecture
      Web Servers        N-tier
                         Site
 Application Servers                ...
Clarifications

      Architectures  can be very different,
       depending on the site/application
       requirements....
Outline

      Reference  Architecture
      Web server
      Application server
      Database server
      Networks...
Web server
      Manages      the HTTP protocol (handles
           requests and provides responses)
             Receiv...
Web Server (2)
 Multi-threaded
   means that inside each server's process,
    there are two or more threads, each one
  ...
Example
                      Internet               Web        HTML
                                             server  ...
Performance measures
      Latency:      time required for providing a 0
           byte http page. Includes the server
 ...
Delay time
     T  = Latency + ByteHTML / Throughput
      This equation is valid if:
            The other architectur...
The most adopted web
  servers




                               Source: http://news.netcraft.com/
08/10/09   Web Archite...
Authentication server
 Web Servers are often used to verify the user
 identity.
 There are several authentication levels:
...
HTTP Authentication




08/10/09   Web Architectures   18
Secure Web Server

 Most Web Servers can handle authentication
 and encrypted communication for security-
 sensitive infor...
Secure Web Server (2)
 How does it works?
   To prepare a web-server for accepting
    secure (https) connections the adm...
Secure Web Server (3)
                                         Trust store

           3. verifies certificate      Server...
Outline

      Reference  Architecture
      Web server
      Application server
      Database server
      Networks...
Application server
      Dynamic   page generation
      Manages the site business logic
      It's the middle tier bet...
Example
            Internet      Web               Application Database
                          server

 Client


     ...
Dynamic page generation


      Elaboration   of user-provided data /
       requests
      Page generation from content...
User provided data
     Users          can send data to a given site for:
            Logging in
            Performing...
XHTML FORMs
     In       XHTML
              <form method=”GET” action=”search”>
                ........
             ...
XHTML FORMs (2)
     GET
            Data is encoded in the URL (URL-encoding)
            GET http://www.mysearch.com/...
Technologies
 The application server can manage:
   Standalone applications (run by the
    application server)
         ...
Technologies (2)

     Enterprise           frameworks
              J2EE
                   Servlets
                ...
CGI / Fast CGI
     CGI  stands for “Common Gateway
       Interface”
            CGI is a standard protocol for interfa...
CGI
             http    Web                             run
    client
                    server                        ...
FastCGI
             http    Web                     CGI     run
    client
                    server                  sc...
Sever-side scripting
     Scripts: programs written in different
      languages (Visual Basic, Java, PHP)
     They are...
Server scripting
  (ASP, JSP, PHP, …)
                                             run
                                   ...
ASP example

 <html>
 <body>
 Today's date is: <
 %response.write(date())%>
                                 Today's date ...
ASP Example (2)
     client       http://www.mysite.com/today.asp
                                                        ...
PHP example

 <html>
 <body>
 Today's date is: <?php
 echo date(“d/m/Y”);?>
                                 Today's date ...
JSP Example
 <%@page import="java.util.*, java.text.*" %>
 <html>                          Today's date is: 10/20/2006.
 <...
Enterprise frameworks

     Quick glance on servlets... more data
      afterwards
     The application server is a “ser...
Java Servlets

  client
                   Web Server
                                                  Java Servlet
     ...
Summary


                                              File system
                    servlet
client       http
        ...
Web Sessions
     The HTTP protocol is stateless (without
       memory)
            Every request is independent from t...
Requirement

     We  must build an abstraction of a
      “navigation session”
     Session = sequence of pages, visite...
The problem: example
     The   user enters            login:   fulvio   home.html

      username &               passwo...
The problem: example
     The   user enters            login:    fulvio   home.html

      username &               passw...
The problem: example
     The   user enters            login:    fulvio    home.html

      username &               pass...
Example: home.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
  <he...
Possible solutions


     URL rewriting
     Hidden FORM variables
     Cookies
     Cookie-based session management

...
URL rewriting

     We  may modify the text of all links in the
       pages, to pass every time, with the GET
       met...
Hidden variables
     We  may add some hidden variables into a
       FORM
              <input type="hidden" name="user...
Hidden variables: drawbacks



     We  must repeat all variables in all pages
     Only FORM-based navigation
         ...
Cookies
     Cookies   are “small” parcels of information
       that the server may store on the browser
            In...
Cookie-based solution


     When   login.php validates the password, it
      sets a cookie on the browser
     The pag...
Cookies in PHP
     Writing:      setcookie("name", "value")
            bool setcookie ( string name [, string value [,...
Cookies: pros


     Only one set-cookie is needed, at the first
      page receiving the information
     Many cookies ...
Cookies: cons

     Impossible  to store “large” information
     Storing a lot of cookies is “impolite”
     Trusting ...
Session management
     We  may store many different variables by
      using one only cookie
     The cookie is used to...
Session variables
    A set of (name, value) couples
     May be stored
            In the web server memory
          ...
Sessions in PHP (1/3)

     Session     activation: session_start()
            No parameter. Must be called before any ...
Sessions in PHP (2/3)

     Session      variables usage
            Special vector $_SESSION will store all variables
 ...
Sessions in PHP (3/3)


     Session      closing:
            Expires automatically after 20-30 minutes
            Ex...
Example: login.php
                                               <html>
<?php                                          <h...
Example: mail.php
<?php
session_start() ;
?>
<html>
<head>
<title>La tua posta</title>
</head>
<body>
<?
  if(isset($_SESS...
Outline

      Reference  architecture
      Web server
      Application server
      Database server
      Networks...
Database server
     Stores the data on which the application
      server works.
     Executes the queries issued by th...
Database server
      Queries          are almost always in SQL
             SELECT * FROM table;
             ....

  ...
Example
      The      “/search” application converts the
           client-provided parameters “query=coffee”
          ...
Example (2)
     The  database server selects the proper data
       and provides results in form of a “rowset”.
        ...
Example (3) (PHP)
        <?php                The application composes the query
         $query = “SELECT doc_id FROM ke...
Technologies
      SQL     is the standard query language
            Legacy extensions are available
            Exten...
Performance and issues
     The   database server is a critical component
     It is very difficult to optimize, if reco...
Database servers

      Commercial      solutions
            Oracle
            IBM DB2

            Microsoft SQL se...
Comprehensive platforms
 There are several solutions which allow to
 seamlessly use an Application Server together
 with a...
ASP
                     Built-in ADO
                                                                  ORACLE
VBScript / ...
Servlet /JSP

              Web Server
Client
             Java Runtime
                                      Database
   ...
Summary
                                                   Database


                                                  Fi...
Outline

      Reference  Architecture
      Web server
      Application server
      Database server
      Networks...
Network Infrastructure
      Allows         to
            Connect the site to the Internet
            Inter-connect t...
Example 1

Internet


            ISP
                     Web &           Transaction        Database
                  a...
Example 2

Internet


            ISP
                     Web &           Transaction     Database
                  auth...
Example 3

Internet

                              LAN2              LAN3
            ISP
                     Web &      ...
Internet connection

       The    link bandwidth limits the number of
           concurrent accesses
               #Us...
Local networks

      Usually     based on
             Ethernet (10 Mb/s)
             Fast Ethernet (100 Mb/s)

     ...
Firewall
      Filters   out undesired network traffic
            Outgoing
            Incoming

      Protectsfrom h...
Proxy & Cache
      The      two functionalities are often integrated
           into a single server/device
            ...
Proxy & Cache (1)

Client

                                  The Internet

             Proxy




                        ...
Proxy & Cache (2)

Client

                                     The Internet

                Proxy




             Cache...
Outline

      Reference  Architecture
      Web server
      Application server
      Database server
      Networks...
Load balancer

      Routes  the client request towards a proper
       server (when more than one server is
       avail...
Example
  (round-robin DNS)




08/10/09    Web Architectures   91
Example
  (reverse proxy, I)




08/10/09     Web Architectures   92
Example
  (reverse proxy, II)




08/10/09     Web Architectures   93
Outline

      Reference  Architecture
      Web server
      Application server
      Database server
      Networks...
Requirements

     Extension/improvement     of already existing
      information systems with new functionalities
    ...
Current market
     Over  1 billion dollars in 2001
     Both small and big vendors
     More than 25 different applica...
Main features
     From   the developer perspective
       the application server forces the                 client
     ...
Addressed problems
            concurrency
            providing access to all possible production
             database...
Pros

     Can   simplify the development of new
       systems
            Many technical issues already addressed by t...
Cons

     Considerable      start-up effort
            Can be quite complex to use
            Requires specialized d...
Main features
     Support      for business and application logic
            Technologies: COM, CORBA, Java-specific R...
Other features
            Web deployment: Internet, Intranet, ...
            Transaction processing monitors

        ...
J2EE
     Multi-tieredapplication model
     Based on the Java technology
     The various components usually run on
  ...
J2EE (2)




08/10/09    Web Architectures   104
J2EE Client Tier

     Web        Clients (thin client)
              Dynamic pages + Web Browser
     Applets
        ...
J2EE Client Tier (2)


     Application      Client (thick client)
            Java application running on the client ma...
J2EE Web Tier
     Servlets
              Java programming language classes that
               dynamically process requ...
J2EE Business Tier
     logic that solves or meets the needs of a
      particular business domain such as banking,
     ...
J2EE Beans

     Session      beans
            Represent a transient conversation with a client
            When the c...
J2EE Beans (2)


     Entity     beans
            represent persistent data stored in one row of a
             databas...
J2EE EIS Tier

 Enterprise Information System tier
   handles EIS software including:
            Enterprise resource pl...
Available platforms
              Apache: Tomcat
              Apple: WebObjects
              ATG: Dynamo
           ...
Available platforms (2)
              Interactive Business Solutions: EAS
              IONA: Orbix ASP 6.0
           ...
Available platforms (3)

              Pramati Technologies: Pramati Server
              SAP AG: Web Application Server...
Microsoft .NET framework




08/10/09   Web Architectures   115
Microsoft .NET framework (2)
     Can  be exploited by .NET compliant
       languages (language neutral)
            C#...
Microsoft .NET framework (3)

     .NET     Framework Base Classes
            Common class libraries
            Can b...
Web Forms

     Provide  a unified tool for designing web
       interfaces
            Can use HTML, DHTML or WML to dr...
Web Forms (2)

    A     Web form is composed of 2 parts:
            A template: HTML based layout information for
    ...
Web Forms (3)


     Web   forms render differently depending on
       the browser capabilities:
            Internet E...
Available platforms



     Microsoft   IIS + .NET framework




08/10/09               Web Architectures   121
Upcoming SlideShare
Loading in …5
×

Web Architectures

7,497 views
7,408 views

Published on

Architectures of web applications: main layers in modern web applications.

Published in: Education
1 Comment
11 Likes
Statistics
Notes
  • what is the role of the ISP in website communication?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
7,497
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
565
Comments
1
Likes
11
Embeds 0
No embeds

No notes for slide

Web Architectures

  1. 1. Web-based Architectures Fulvio Corno, Dario Bonino 08/10/09 Web Architectures 1
  2. 2. Outline  Reference Architecture  Web server  Application server  Database server  Networks, proxy, cache  Load balancer  Enterprise frameworks 08/10/09 Web Architectures 2
  3. 3. N-Tier architectures  Each level/tier has a Browser well defined role  One or more servers Internet implement each tier/layer Web  More servers can share the same Authentication hardware or can run on dedicated devices Application  Communication between tiers/levels is Database achieved through the network 08/10/09 Web Architectures 3
  4. 4. General Architecture Internet ISP Client ISP Web & Transaction Database authentication server(s) Server(s) server(s) LAN 08/10/09 Web Architectures 4
  5. 5. Components  One or more connections to the Internet by means of an Internet Service Provider (ISP).  One or more servers implementing each tier/level of the architecture.  One or more physical networks for interconnecting the servers.  One or more network devices (router, firewall, switch) which implement communication and security policies. 08/10/09 Web Architectures 5
  6. 6. What is a server? Two senses:  A process that runs on a host that relays information to a client upon the client sending it a request.  A host computer on a network that holds information (eg, Web sites) and responds to requests for information In our reference architecture the first sense is better (many servers can run on the same host computer). 08/10/09 Web Architectures 6
  7. 7. What is a server ? The offered functionalities depend on:  The kind of server software (daemon / service)  The network stack on the host  The operating system  The hardware  CPU  Storage & Memory (I/O)  Communication capabilities (Network) 08/10/09 Web Architectures 7
  8. 8. e-Business Architecture Web Servers N-tier Site Application Servers Third-party services Database Servers Ads Payment Authorization Certification The Internet 08/10/09 Web Architectures 8
  9. 9. Clarifications  Architectures can be very different, depending on the site/application requirements.  Usually some services are delegated to third-party, e.g. payments, security, advertisement. These services belong to a different e-Business framework. 08/10/09 Web Architectures 9
  10. 10. Outline  Reference Architecture  Web server  Application server  Database server  Networks, proxy, cache  Load balancer  Enterprise frameworks 08/10/09 Web Architectures 10
  11. 11. Web server  Manages the HTTP protocol (handles requests and provides responses)  Receives client requests  Reads static pages from the filesystem  Activates the application server for dynamic pages (server-side)  Provides an HTML file back to the client  One HTTP connection for each request  Multi-process, Multi-threaded or Process pool 08/10/09 Web Architectures 11
  12. 12. Web Server (2) Multi-threaded  means that inside each server's process, there are two or more threads, each one able to execute its own task independently from the others  threads share a main process context, a crashing thread may more easily crash the whole application Multiprocess  A pool of processes are used, and reused. 08/10/09 Web Architectures 12
  13. 13. Example Internet Web HTML server files Client http request path URL HTML display http response page send browser TCP/IP server file system 08/10/09 Web Architectures 13
  14. 14. Performance measures  Latency: time required for providing a 0 byte http page. Includes the server activation time, the request decoding time, the file access time, the transmission time and the time for closing the connection.  Unit of measure: http/s or s/http  Throughput: maximum speed at which infinite-sized pages can be sent.  Unit of measure: Bytes (Mbytes)/s  #Requests /s 08/10/09 Web Architectures 14
  15. 15. Delay time T = Latency + ByteHTML / Throughput  This equation is valid if:  The other architecture elements (I/O subsystem, network, ...) are not overloaded  The web server has not yet reached its maximum workload  Example:  Latency: 0,1s  ByteHTML: 100kBytes  Throughput: 800kBytes/s  T= 0,1s+ 100KBytes / 800KBytes/s =0,225s 08/10/09 Web Architectures 15
  16. 16. The most adopted web servers Source: http://news.netcraft.com/ 08/10/09 Web Architectures 16
  17. 17. Authentication server Web Servers are often used to verify the user identity. There are several authentication levels:  Session (cookie)  Based on username/password  Application level  Http authentication  Web server  Digital signature  Web server extensions 08/10/09 Web Architectures 17
  18. 18. HTTP Authentication 08/10/09 Web Architectures 18
  19. 19. Secure Web Server Most Web Servers can handle authentication and encrypted communication for security- sensitive information, such as payment transactions, and corporate log-ons. Secure communication has impact on the Sever performances (slower) 08/10/09 Web Architectures 19
  20. 20. Secure Web Server (2) How does it works?  To prepare a web-server for accepting secure (https) connections the administrator must create a public key certificate for the web-server.  This certificate must be signed by a certificate authority, who certifies that the certificate holder is who he says he is  Certificates are distributed to the site users (they load them in their browser) 08/10/09 Web Architectures 20
  21. 21. Secure Web Server (3) Trust store 3. verifies certificate Server cert. 5. verifies certificate Client cert. 1. requests protected resource Client 2. presents certificate Server 4. presents certificate 6. accesses protected resources Client Server keystore keystore Client cert. Server cert. 08/10/09 Web Architectures 21
  22. 22. Outline  Reference Architecture  Web server  Application server  Database server  Networks, proxy, cache  Load balancer  Enterprise frameworks 08/10/09 Web Architectures 22
  23. 23. Application server  Dynamic page generation  Manages the site business logic  It's the middle tier between the client browser and the data residing on a database  Implements the session mechanisms  Different technologies and architectures are available 08/10/09 Web Architectures 23
  24. 24. Example Internet Web Application Database server Client http com- para- query URL meters & POST mand display http page send data HTML browser TCP/IP server application database 08/10/09 Web Architectures 24
  25. 25. Dynamic page generation  Elaboration of user-provided data / requests  Page generation from content repositories (database)  Provision of time-dependent information 08/10/09 Web Architectures 25
  26. 26. User provided data  Users can send data to a given site for:  Logging in  Performing queries  Reserving flights or hotels  ...  Data is gathered by means of FORMs  XHTML FORMs  Several input fields  A submit button 08/10/09 Web Architectures 26
  27. 27. XHTML FORMs  In XHTML  <form method=”GET” action=”search”> ........ </form>  <form method=”POST” action=”search”> ........ </form>  GET transfers data in the URL  POST transfers data in the HTTP message body 08/10/09 Web Architectures 27
  28. 28. XHTML FORMs (2)  GET  Data is encoded in the URL (URL-encoding)  GET http://www.mysearch.com/search? query=coffee  POST  Data is encoded in the HTTP message  POST http://www.mysearch.com/search  Message body: query=coffee  In both cases /search identifies the application to be executed by the Application Server 08/10/09 Web Architectures 28
  29. 29. Technologies The application server can manage:  Standalone applications (run by the application server)  CGI  Fast CGI  Server-side scripting (interpreted by the application server)  ASP (Active Sever Pages)  PHP (PHP: Hypertext Processor)  JSP (Java Server Pages) 08/10/09 Web Architectures 29
  30. 30. Technologies (2)  Enterprise frameworks  J2EE  Servlets  EJBs (Enterprise Java Beans)  Web Services  .NET  ASP .NET  Web Services 08/10/09 Web Architectures 30
  31. 31. CGI / Fast CGI  CGI stands for “Common Gateway Interface”  CGI is a standard protocol for interfacing external application software with an information server, commonly a web server. (wikipedia)  For every request a new application process is spawned  Fast CGI  Speeds up the CGI by using a multi-threaded persistent process  the process is executed by the host Operating System (OS) 08/10/09 Web Architectures 31
  32. 32. CGI http Web run client server wait Web run CGI client server script Web CGI client server script Web html CGI client server script http Web client server 08/10/09 Web Architectures 32
  33. 33. FastCGI http Web CGI run client server script wait Web run CGI client server script Web CGI client server script Web html CGI client server script http Web CGI client server script 08/10/09 Web Architectures 33
  34. 34. Sever-side scripting  Scripts: programs written in different languages (Visual Basic, Java, PHP)  They are interpreted by the Web Server directly or through extension modules  Faster than CGI as  Interpreters are loaded together with the web server  Pages are actually mixes of  XHTML  Instructions to be interpreted 08/10/09 Web Architectures 34
  35. 35. Server scripting (ASP, JSP, PHP, …) run wait http Web client server script Web client server script Web client http server script 08/10/09 Web Architectures 35
  36. 36. ASP example <html> <body> Today's date is: < %response.write(date())%> Today's date is: <br/> 10/20/2006. The server's local time is: < The server's local time %response.write(time())%> is: 10:08:30 AM. </body> </html> 08/10/09 Web Architectures 36
  37. 37. ASP Example (2) client http://www.mysite.com/today.asp <html> 6 1 today.asp <body> Today's date is: <%response.write(date())%> 2 <br/> Web Server The server's local time is: <%response.write(time())%> </body> 3 </html> 4.Interpretation Sever-side module <html> <body> 5 Today's date is: 20/10/2006 <br/> The server's local time is: 10:08 A.M. </body> </html> 08/10/09 Web Architectures 37
  38. 38. PHP example <html> <body> Today's date is: <?php echo date(“d/m/Y”);?> Today's date is: <br/> 10/20/2006. The server's local time is: <?php echo The server's local time date(“h:i:s”);?> is: 10:08:30 AM. </body> </html> 08/10/09 Web Architectures 38
  39. 39. JSP Example <%@page import="java.util.*, java.text.*" %> <html> Today's date is: 10/20/2006. <body> The server's local time is: Today's date is: 10:08:30 AM. <% Date today = new Date(); SimpleDateFormat formatter = new SimpleDateFormat(“dd/MM/yyyy”); out.println(formatter.format(today)); %> <br/> The server's local time is: <% formatter.applyPattern(“hh:mm:ss a”); out.println(formatter.format(today));%> </body> </html> 08/10/09 Web Architectures 39
  40. 40. Enterprise frameworks  Quick glance on servlets... more data afterwards  The application server is a “servlet container”  Servlet are Java Based (so a Java Virtual Machine is needed) 08/10/09 Web Architectures 40
  41. 41. Java Servlets client Web Server Java Servlet Java code Runtime unload http request load Business http response logic execution 08/10/09 Web Architectures 41
  42. 42. Summary File system servlet client http ASP Scripted JSP page PHP HTML Web server page 08/10/09 Web Architectures 42
  43. 43. Web Sessions  The HTTP protocol is stateless (without memory)  Every request is independent from the previous one(s), and cannot “remember” the previous path of a given user  Input variables in each page may only depend on the FORM in the immediately preceding page  Users, on the other hand, need to feel the impression of a “continuous” navigation, where a choice made in a page is “remembered” for all successive pages. 08/10/09 Web Architectures 43
  44. 44. Requirement  We must build an abstraction of a “navigation session”  Session = sequence of pages, visited on the same site by the same user with the same browser, in the same navigation stance, having a logic sequentiality 08/10/09 Web Architectures 44
  45. 45. The problem: example  The user enters login: fulvio home.html username & password: **** VAI password on the first page he visits  The next page will be a dynamic page “validating” the login  All successive pages should know the user name... 08/10/09 Web Architectures 45
  46. 46. The problem: example  The user enters login: fulvio home.html username & password: **** VAI password on the first page he visits login.php?user=fulvio&pass=xyzq  The next page will Login accepted. login.php Welcome, fulvio be a dynamic page Check your mail! “validating” the login  All successive pages should know the user name... 08/10/09 Web Architectures 46
  47. 47. The problem: example  The user enters login: fulvio home.html username & password: **** VAI password on the first page he visits login.php?user=fulvio&pass=xyzq  The next page will Login accepted. login.php Welcome, fulvio be a dynamic page Check your mail! “validating” the login ?? mail.php User: fulvio  All successive pages should know the ? Your mail: XXX user name... 08/10/09 Web Architectures 47
  48. 48. Example: home.html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Pagina di login</title> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> </head> <body> <h1>Insert your data</h1> <form method="GET" action="login.php"> Username: <input type="text" name="user" /> <br /> Password: <input type="password" name="pass" /> <br /> <input type="submit" /> </form> </body> </html> 08/10/09 Web Architectures 48
  49. 49. Possible solutions  URL rewriting  Hidden FORM variables  Cookies  Cookie-based session management 08/10/09 Web Architectures 49
  50. 50. URL rewriting  We may modify the text of all links in the pages, to pass every time, with the GET method, all desired variables.  <a href="mail.php?user= <?php echo """ . $_GET["user"] . """ ?> >  We must modify each and every link with this strategy 08/10/09 Web Architectures 50
  51. 51. Hidden variables  We may add some hidden variables into a FORM  <input type="hidden" name="user" value="fulvio" />  Invisible to the user, cannot be modified by the user  Accessible to the server page ($_REQUEST["user"]) and can be modified by the server (value="xxxx") 08/10/09 Web Architectures 51
  52. 52. Hidden variables: drawbacks  We must repeat all variables in all pages  Only FORM-based navigation  No <a href="..."> links! 08/10/09 Web Architectures 52
  53. 53. Cookies  Cookies are “small” parcels of information that the server may store on the browser  In the http response, the server adds a “set cookie” command  The browser promises to send back all cookies to the server at each successive http request A cookie is a 4-tuple composed of  Name  Value  Expiration (date/time)  Domain 08/10/09 Web Architectures 53
  54. 54. Cookie-based solution  When login.php validates the password, it sets a cookie on the browser  The page mail.php may read the cookie that will be received by the browser at the next request 08/10/09 Web Architectures 54
  55. 55. Cookies in PHP  Writing: setcookie("name", "value")  bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, int secure]]]]] )  Must be called before any HTML contents (including spaces!)  Reading: $_COOKIE["name"]  Checking: if( isset($_COOKIE["name"]) ) ...  Deleting: setcookie("name", "") 08/10/09 Web Architectures 55
  56. 56. Cookies: pros  Only one set-cookie is needed, at the first page receiving the information  Many cookies may be set, one for each variable  No need to modify links nor FORMs 08/10/09 Web Architectures 56
  57. 57. Cookies: cons  Impossible to store “large” information  Storing a lot of cookies is “impolite”  Trusting data coming from the browser may be unsafe  The browser might (legitimately) refuse to send the cookies back 08/10/09 Web Architectures 57
  58. 58. Session management  We may store many different variables by using one only cookie  The cookie is used to store a “magic number”, different for each new session  name="session" value="123456"  The server stores (somewhere) all session variables associated to that number  Session=123456 ⇒ { "user" = "fulvio", "language" = "IT" } 08/10/09 Web Architectures 58
  59. 59. Session variables A set of (name, value) couples  May be stored  In the web server memory  In a file private to the web server (ex. session.123456.vars)  In a database table (Session, Name, Value)  On every new page, the received cookie will “unlock” the associated variables, and make them available to the server page. 08/10/09 Web Architectures 59
  60. 60. Sessions in PHP (1/3)  Session activation: session_start()  No parameter. Must be called before any othe action  Creates a new session, or reconnects to the existing one  Creates a cookie with a name like PHPSESSID123456 08/10/09 Web Architectures 60
  61. 61. Sessions in PHP (2/3)  Session variables usage  Special vector $_SESSION will store all variables associated to the session  $_SESSION["user"] = "fulvio"  echo $_SESSION["user"]  if ( isset( $_SESSION["user"] ) ) ... 08/10/09 Web Architectures 61
  62. 62. Sessions in PHP (3/3)  Session closing:  Expires automatically after 20-30 minutes  Expires automatically when the browser is closes  May be “reset” with session_destroy() 08/10/09 Web Architectures 62
  63. 63. Example: login.php <html> <?php <head> <title>Check login</title> session_start() ; </head> <body> $user = $_REQUEST["user"] ; <?php $pass = $_REQUEST["pass"] ; if($login == 1) if($user == "fulvio" && $pass == "xyz") { { echo "<p>Welcome, $user</p>n"; // login OK echo "<p>Check your <a $_SESSION["user"] = $user ; href="mail.php">mail</a></p>n" ; $login = 1 ; } } else else { { echo "<p>ERROR: invalid login, <a href="home.html">retry</a></p>n" ; // login errato } $login = 0 ; //echo "<p>Password: $pass</p>n" ; } ?> ?> </body> </html> 08/10/09 Web Architectures 63
  64. 64. Example: mail.php <?php session_start() ; ?> <html> <head> <title>La tua posta</title> </head> <body> <? if(isset($_SESSION["user"])) { $user = $_SESSION["user"] ; echo "<p>Ecco la tua posta, $user</p>n" ; /* stampa la posta... */ } else { echo "<p>ERRORE: devi prima fare il <a href="home.html">login</a></p>n" ; } ?> </body> 08/10/09 </html> Web Architectures 64
  65. 65. Outline  Reference architecture  Web server  Application server  Database server  Networks, proxy, cache  Load balancer  Enterprise frameworks 08/10/09 Web Architectures 65
  66. 66. Database server  Stores the data on which the application server works.  Executes the queries issued by the application server:  Updates the stored data  Inserts new data  Provides back query results  The most frequent/complex queries can be implemented internally as stored procedures (pre-compiled queries with parameters) 08/10/09 Web Architectures 66
  67. 67. Database server  Queries are almost always in SQL  SELECT * FROM table;  ....  Often adopts the relational database model  Other models can be used  Object model  Triple model  The most advanced/complete solutions are called Transaction servers 08/10/09 Web Architectures 67
  68. 68. Example  The “/search” application converts the client-provided parameters “query=coffee” into a database query  SELECT doc_id FROM key_doc_index, keywords WHERE key_doc_index.key_id = keywords.id AND keywords.key = “coffee” doc_id key_id id key 1 0 0 Java = coffe? NO 12 35 35 Coffe = coffe? YES 42 99 37 Mug 08/10/09 Web Architectures 68
  69. 69. Example (2)  The database server selects the proper data and provides results in form of a “rowset”.  In each row there is a valid entry extracted from the stored data  The “/search” application iterates through the received data by means of a “cursor”  The data is formatted/elaborated and the content of the “/search” result page is built  The search result is sent back to the user 08/10/09 Web Architectures 69
  70. 70. Example (3) (PHP) <?php The application composes the query $query = “SELECT doc_id FROM key_doc_index, keywords WHERE key_doc_index.key_id = keywords.id AND keywords.key = $_REQUEST[“query”];”; The query is sent to the db-server and a rowset containing the results is returned $rowset = mysql_query($query); while($row = mysql_fetch_row($rowset)) { //elaborate data } ?> The application elaborates the data 08/10/09 Web Architectures 70
  71. 71. Technologies  SQL is the standard query language  Legacy extensions are available  Extensions can empower the standard SQL but tie the application to a specific database server  Interaction with the application server  ODBC, JDBC, ADODB, ...  Socket & Pipe  Data access  Files stored on the server file-system  Files stored in ad-hoc partitions / disks 08/10/09 Web Architectures 71
  72. 72. Performance and issues  The database server is a critical component  It is very difficult to optimize, if recognized as the bottleneck of a given architecture  Performance depends on many factors:  The kind of database server  The Operating System of the host machine  The CPU power  The Memory availability and architecture  The I/O subsystem performance 08/10/09 Web Architectures 72
  73. 73. Database servers  Commercial solutions  Oracle  IBM DB2  Microsoft SQL server  Open source  PostgreSQL  MySQL  Derby 08/10/09 Web Architectures 73
  74. 74. Comprehensive platforms There are several solutions which allow to seamlessly use an Application Server together with a Database Server.  Low-end applications  Microsoft ASP  PHP  Java Servlet or Java Server Pages (JSP)  High-end applications  Java 2 Enterprise Edition  Microsoft .NET 08/10/09 Web Architectures 74
  75. 75. ASP Built-in ADO ORACLE VBScript / JScript SQL Server Objects Scripting: ODBC database Custom Objects User Data Web Server FileSystem O.S. 08/10/09 Web Architectures 75
  76. 76. Servlet /JSP Web Server Client Java Runtime Database server Servlet JDBC 08/10/09 Web Architectures 76
  77. 77. Summary Database File system servlet client http ASP Scripted JSP page PHP HTML Web server page 08/10/09 Web Architectures 77
  78. 78. Outline  Reference Architecture  Web server  Application server  Database server  Networks, proxy, cache  Load balancer  Enterprise frameworks 08/10/09 Web Architectures 78
  79. 79. Network Infrastructure  Allows to  Connect the site to the Internet  Inter-connect the servers on which the site relies  Composed of:  Dedicated links, Local networks  Network devices  Switches, Routers and Firewalls  Performance-related elements  Proxies, Caches, ... 08/10/09 Web Architectures 79
  80. 80. Example 1 Internet ISP Web & Transaction Database authentication server(s) Server(s) server(s) (& mainframe) LAN 08/10/09 Web Architectures 80
  81. 81. Example 2 Internet ISP Web & Transaction Database authentication server(s) Server(s) server(s) (& mainframe) LAN1 LAN2 LAN3 08/10/09 Web Architectures 81
  82. 82. Example 3 Internet LAN2 LAN3 ISP Web & Transaction Database authentication server(s) Server(s) server(s) (& mainframe) LAN1 08/10/09 Web Architectures 82
  83. 83. Internet connection  The link bandwidth limits the number of concurrent accesses  #Users/Time = Bandwidth / Page_size  The connection reliability is critical  Reduced down-time  Minimum Bandwidth shall be granted 08/10/09 Web Architectures 83
  84. 84. Local networks  Usually based on  Ethernet (10 Mb/s)  Fast Ethernet (100 Mb/s)  Gigabit Ethernet (1000Mb/s)  Can be segmented for facing high network traffic  Routers / Switches  Multiple network interfaces on servers 08/10/09 Web Architectures 84
  85. 85. Firewall  Filters out undesired network traffic  Outgoing  Incoming  Protectsfrom hacker's attacks and prevents data stealing  Cannot address  Denial of service attacks  Applications vulnerabilities / bugs  Increases the overall latency 08/10/09 Web Architectures 85
  86. 86. Proxy & Cache  The two functionalities are often integrated into a single server/device  Proxy: intercepts the client http requests and mediates the access to the Internet thus hiding the client identity.  Cache: stores the results of client requests avoiding to access the remote server in case of repetitive requests.  More useful for clients than for servers 08/10/09 Web Architectures 86
  87. 87. Proxy & Cache (1) Client The Internet Proxy Remote Server 08/10/09 Web Architectures 87
  88. 88. Proxy & Cache (2) Client The Internet Proxy Cache Remote Server 08/10/09 Web Architectures 88
  89. 89. Outline  Reference Architecture  Web server  Application server  Database server  Networks, proxy, cache  Load balancer  Enterprise frameworks 08/10/09 Web Architectures 89
  90. 90. Load balancer  Routes the client request towards a proper server (when more than one server is available)  Continuously monitors each server workload  Manages request queues  Selects the most suited server 08/10/09 Web Architectures 90
  91. 91. Example (round-robin DNS) 08/10/09 Web Architectures 91
  92. 92. Example (reverse proxy, I) 08/10/09 Web Architectures 92
  93. 93. Example (reverse proxy, II) 08/10/09 Web Architectures 93
  94. 94. Outline  Reference Architecture  Web server  Application server  Database server  Networks, proxy, cache  Load balancer  Enterprise frameworks 08/10/09 Web Architectures 94
  95. 95. Requirements  Extension/improvement of already existing information systems with new functionalities  High availability of the published content  Security  Reliability  Scalability 08/10/09 Web Architectures 95
  96. 96. Current market  Over 1 billion dollars in 2001  Both small and big vendors  More than 25 different application servers available  IBM  Microsoft  Sun  Oracle  Netscape  BEA  ... 08/10/09 Web Architectures 96
  97. 97. Main features  From the developer perspective the application server forces the client separation between  business logic Middle tier  presentation logic Presentation  database logic level  Real 3-tiers architecture with Application level clear separation between the database and the application logic. DB 08/10/09 Web Architectures 97
  98. 98. Addressed problems  concurrency  providing access to all possible production databases  network connection management  database connection pooling  legacy database support  designing a management console  clustering support  load balancing  fail-over  extensibility of development framework and performance 08/10/09 Web Architectures 98
  99. 99. Pros  Can simplify the development of new systems  Many technical issues already addressed by the framework  Developers can focus their attention on the application-specific features/issues  Allow to easily build and manage very complex systems 08/10/09 Web Architectures 99
  100. 100. Cons  Considerable start-up effort  Can be quite complex to use  Requires specialized developers (higher formative needs)  Training (2-6 month)  Shall adhere to the programming standards defined by the framework 08/10/09 Web Architectures 100
  101. 101. Main features  Support for business and application logic  Technologies: COM, CORBA, Java-specific RMI  Framework: Microsoft .NET, Enterprise JavaBeans.  Multi-threaded access  Database connection pooling  Clustering support, load balancing and fail-over features  Transaction Integrity.  Connectivity to legacy systems like mainframes and older transaction and database systems.  Secure transactions and support for SSL/HTTPS 08/10/09 Web Architectures 101
  102. 102. Other features  Web deployment: Internet, Intranet, ...  Transaction processing monitors  Transaction processing and performance oriented features  Support for working with other application servers  Integration with development tools and features oriented towards accelerating development  Integration with Enterprise resource planning packages like SAP/R3 and Peoplesoft.  ... 08/10/09 Web Architectures 102
  103. 103. J2EE  Multi-tieredapplication model  Based on the Java technology  The various components usually run on different machines  Client-tier components run on the client machine.  Web-tier components run on the Java EE server.  Business-tier components run on the Java EE server.  Enterprise information system (EIS)-tier software runs on the EIS server. 08/10/09 Web Architectures 103
  104. 104. J2EE (2) 08/10/09 Web Architectures 104
  105. 105. J2EE Client Tier  Web Clients (thin client)  Dynamic pages + Web Browser  Applets  Small Java application embedded in a web page  Execute on the client virtual machine  They often require a Java Plugin and they pose some serious security issues (applet sandbox) 08/10/09 Web Architectures 105
  106. 106. J2EE Client Tier (2)  Application Client (thick client)  Java application running on the client machine  Richer user interface  Can directly interface Enterprise beans (otherwise can interface Servlets over http) 08/10/09 Web Architectures 106
  107. 107. J2EE Web Tier  Servlets  Java programming language classes that dynamically process requests and construct responses  Java Server Pages (JSP)  text-based documents that execute as servlets but allow a more natural approach to creating static content  Java Server Faces (JSF)  provides a user interface component framework for web applications (based on servlets and JSPs) 08/10/09 Web Architectures 107
  108. 108. J2EE Business Tier  logic that solves or meets the needs of a particular business domain such as banking, retail, etc.  Beans  body of code having fields and methods to implement modules of business logic  3 kind of Beans  Session Beans  Message Beans  Entity Beans (Java Persistence Entities) 08/10/09 Web Architectures 108
  109. 109. J2EE Beans  Session beans  Represent a transient conversation with a client  When the client finishes executing, the session bean and its data are gone  Message beans  Allow a business component to receive messages asynchronously  Session bean + message listener 08/10/09 Web Architectures 109
  110. 110. J2EE Beans (2)  Entity beans  represent persistent data stored in one row of a database table  If the client terminates, or if the server shuts down, the persistence manager ensures that the entity data is saved 08/10/09 Web Architectures 110
  111. 111. J2EE EIS Tier Enterprise Information System tier  handles EIS software including:  Enterprise resource planning (ERP)  Mainframe transaction processing  Database systems  Legacy information systems 08/10/09 Web Architectures 111
  112. 112. Available platforms  Apache: Tomcat  Apple: WebObjects  ATG: Dynamo  BEA: WebLogic  Borland: Enterprise Server  Caucho: Resin  Desiderata Software: Blazix  Fujitsu Siemens Computers: BeanTransactions  Fujitsu Software Corp.: Interstage  Gefion Software: LiteWebServer  HHPN: XliRAD  Hitachi: Cosminexus  IBM: Websphere 08/10/09 Web Architectures 112
  113. 113. Available platforms (2)  Interactive Business Solutions: EAS  IONA: Orbix ASP 6.0  Ironflare: Orion  Jboss: Jboss  Jetty: Mort Bay Consulting  Macromedia: JRun Server  New Atlanta Communications: ServletExec  Novell: exteNd  ObjectWeb: JonAS  OpenConnect  OC://WebConnect  Oracle Application Server 10g  Persistence: Power Tier for J2EE 08/10/09 Web Architectures 113
  114. 114. Available platforms (3)  Pramati Technologies: Pramati Server  SAP AG: Web Application Server  Secant: ModelMethods  Sun Microsystems: Sun Java System Application Server  Sybase: EAServer  TmaxSoft: JEUS  Together: Enhydra Server  TradeCity Cybersoft: Rexip Appserver  Trifork: Enterprise Application Server 08/10/09 Web Architectures 114
  115. 115. Microsoft .NET framework 08/10/09 Web Architectures 115
  116. 116. Microsoft .NET framework (2)  Can be exploited by .NET compliant languages (language neutral)  C#, C++  JScript  Visual Basic  ASP .NET  Class libraries for web-based services  IntroducesWeb Forms, Web Services and Windows Forms  Web forms -> web interfaces  Windows forms -> windows GUIs 08/10/09 Web Architectures 116
  117. 117. Microsoft .NET framework (3)  .NET Framework Base Classes  Common class libraries  Can be used by any .NET language  Provide many ready-to-use functionalities  CLR: common language runtime  Similar to the Java Virtual Machine  Converts the MSIL code (Microsoft Intermediate Language) into executable code 08/10/09 Web Architectures 117
  118. 118. Web Forms  Provide a unified tool for designing web interfaces  Can use HTML, DHTML or WML to draw the controls on the web page depending on the browser capability  Incorporate the logic behind each control  It is possible to associate a specific code to each GUI element (the code is executed on the server) 08/10/09 Web Architectures 118
  119. 119. Web Forms (2) A Web form is composed of 2 parts:  A template: HTML based layout information for all the GUI elements  A component: contains the logic to be hooked to each GUI element  The GUI is rendered on the client side  The hooked code is executed on the server side 08/10/09 Web Architectures 119
  120. 120. Web Forms (3)  Web forms render differently depending on the browser capabilities:  Internet Explorer (DHTML)  Netscape / Mozilla (HTML)  WAP device (WML) 08/10/09 Web Architectures 120
  121. 121. Available platforms  Microsoft IIS + .NET framework 08/10/09 Web Architectures 121

×