Guidelines: Technical Infrastructure Architecture

Microsoft Windows DNA® is a platform that consists of a combination of Microsoft server products and application services provided by the Microsoft Windows® 2000 and Windows NT operating systems. It is comprised of numerous application development technologies, application services and system services and it provides a framework within which n-layer/n-tier applications can be developed.

Logical Architecture View vs. Deployment Architecture View

These guidelines will use the term “layer” to refer to the logical architecture of the application and the term “tier” will refer to the deployment architecture of the application. For example, presentation “layer” refers to the logical group of components that provide the presentation operations (user interface) for the application. Presentation “tier” refers to the one or more processors (machines) on which the presentation “layer” components are hosted.

One aspect of the Windows DNA platform is to use logical layers to partition the components of an application. The standard three layers include: presentation, business logic and data. The first figure below depicts an example of this three layer logical architecture. The second figure depicts an example of a three-tier deployment architecture.

Presentation Layer and Presentation Tier

The presentation layer in a Windows DNA-based application consists of components that manage the presentation of information and interaction with the users.

Presentation layer components are routinely deployed on end user workstations as components or presented in a browser using Hyper-Text Markup Language (HTML). These end user workstations typically comprise the presentation tier or client tier (in classical client/server architecture) of the deployment architecture for the application. See Concepts: Distribution Patterns for more information on the different types of application deployment/distribution architectures.

The presentation layer of a Windows DNA application may be comprised of components that provide different levels of client services to the user. The types of clients range from thin or HTML browser-based clients, to rich-native or Win32-based applications. The table below lists the range of client types and the basic functionality in each one.

Client Type	Functionality
Thin Web Client	This is a least common denominator browser-independent client typically using a widely supported protocol such as HTML 3.2. Publicly accessible Internet sites will typically support this type of client.
Thick Web Client	This is an HTML/Dynamic HTML (DHTML)/eXtensible Markup Language (XML) client using advanced browser features. Client-side scripting, ActiveX controls and other browser-specific features may be used. Internet and Intranet sites that can control or dictate the type of browser that will be used to access their content, will construct presentation tiers using this client type.
Rich Native Client	This is a Win32-based application. Internet-based protocols such as Hyper-Text Transport Protocol (HTTP) and/or Intranet-based protocols like Distributed COM (DCOM) may be used to communicate with the business logic layer components hosted on servers in the business logic tier. This client type is typical of an internal business application, but can also be used to develop hybrid Internet applications. These hybrid applications often consist of a Win32-based container that hosts browser components, and/or uses Internet-based protocols to interact with the business logic layer.

Each of these client types communicates with the business logic layer portion of the application to perform the real work of the application.

Business Logic Layer and Business Logic Tier

The business logic layer contains the business rules that comprise most of the application’s functionality. The business application logic is contained in custom and off-the-shelf COM+ components and applications that are hosted on one or more business logic tier servers.

In a Web-based environment, additional application logic may be contained in a Microsoft Internet Information Services® (IIS) hosted Active Server Page (ASP) script. However, to maximize performance and reusability of application logic, this should be minimized.

The COM+ application accesses the data layer by either directly utilizing Microsoft Universal Data Access® (UDA) services or by utilizing other COM+ applications that perform the data access.

Data Layer and Data Tier

The data layer either exposes information directly through UDA interfaces or through data-layer COM+ components that encapsulate subsequent UDA-based access to one or more data sources. The UDA technologies of Open DataBase Connectivity (ODBC), OLE DB and ActiveX Data Objects (ADO) are used to access data services/sources. Stored procedures and Structured Query Language (SQL) strings are typically used when accessing relational data sources such as Microsoft SQL Server®, and can be considered part of the data layer.

The data tier consists of the entire set of nodes that host the data stores for the application. The range of possible configurations includes the simple (single-node, single database) to the complex (multiple workstations with replicated databases, with mainframe nodes and data stores).

Technical Infrastructure Parameters

Scalability

Scalability of an application or system can be described as the ability to increase the amount of processing performed by the application without impacting the design for the application. One way to quantify the scalability of a Windows DNA-based application is in terms of the application’s ability to handle a certain number of simultaneous users. Windows DNA-based applications achieve scalability by separating the presentation, business logic and data layers onto one or more separate physical tiers. This is known as horizontal scalability. In a Web environment, the IIS component of either the Microsoft Windows NT or Windows 2000 operating system serves the presentation layer portion of the application to a Web browser. This layer can be scaled by using Transport Control Protocol (TCP)/Internet Protocol (IP) load-balancing services, which are part of the Microsoft Windows NT and Windows 2000 operating systems, in order to achieve linear scalability. This is particularly effective on systems where little or no state is maintained, such as content-only Internet sites.

Scalability on the business logic tier is accomplished by spreading COM+ components across different physical servers in the business logic tier based upon their functional role, or by replicating components in a redundant manner.

To achieve scalability in the data layer, both horizontal and vertical partitioning of the access components and the physical data stores can be used to spread data access requests across multiple servers within the data tier.

Finally, vertical scalability for Windows DNA-based applications can be implemented across all tiers by adding hardware capacity to existing machines, or by replacing low-end machines with higher-end machines with larger memory capacity and a higher number of processors per machine. The Windows 2000 operating system provides support for increasing vertical scalability with Microsoft Windows® 2000 Server, Advanced Server®, and Data Center Server® Editions. The Advanced Server and Data Center Server editions of Windows 2000 include support for both increased memory per server and a higher number of processors per server.

Availability

The availability of an application/system can be defined as the ability of the application to withstand failures and remain operational. Availability for Windows DNA-based applications is achieved by designing deployment architecture infrastructures that have both redundancy and fail-over capabilities. For the presentation tier, availability is achieved by using TCP/IP load-balancing services with two or more mirror-imaged IIS platforms. The fail-over detection functions that are part of the Microsoft Windows NT and the Windows 2000 TCP/IP load-balancing service, help to maintain high levels of availability at this tier. At the business logic and data layers, where long-term or persistent state must be maintained, clustering can be used to improve application availability. The fail-over clustering capabilities of the Windows NT and the Windows 2000 operating systems can be used with shared-disk-subsystems to achieve maximum availability. In addition, third-party fail-over and replication solutions can be used to achieve availability.

The final key to system availability is network infrastructure redundancy. Designing a network topology that has multiple network paths between each server or cluster, and multiple Internet/Intranet access points to the front-end presentation tier servers, is paramount to ensuring availability.

Security

System security considerations are either physical or network oriented. Physical security concerns require controlled access to computer rooms, sensitive computer equipment, computer media, and so on. Network security is concerned with controlling access to all network accessible points of a system. This includes securing the network itself with routers and firewalls. It also includes securing the computers that comprise the system by ensuring that all services and protocols are eliminated if not needed, and secured if required. Finally, appropriate presentation tier client machine access control mechanisms must be chosen. Technologies like Secure Sockets Layer (SSL) and client certificates are examples of client access control mechanisms.

Management

The technical infrastructure requirements for the management portion of a Windows DNA-based application is defined by the management services and the network and computer hardware that are required to utilize the management services. The primary goal of the management services is to maintain the health of the application. The management system should monitor the network and computer systems to ensure they are accessible, functioning properly and that network and system capacity is adequate. The management system infrastructure may also be used to distribute and to update new system content, including application modules and data.

Infrastructure Considerations

This section describes the specific infrastructure alternatives for deploying Windows DNA-based applications. The infrastructure alternatives for each of the three layers are described. At the simplest level, all of the application logical layers can be co-located on a single machine. For very straightforward applications with limited technical infrastructure parameter requirements, this may be sufficient. The following sections will focus upon systems with more rigorous technical infrastructure requirements. Any of the approaches recommended below can be scaled back to meet the particular needs of less demanding environments.

Presentation Tier Infrastructure

Rich Native Client Infrastructure Considerations

The infrastructure of the presentation tier will differ based upon the type of client presentation services that are being used. Rich native Win32-based client applications that are communicating with the business logic layer portion of the application through DCOM will not include any type of IIS/ASP/HTML/DHTML services that are part of a thin/thick Web client presentation tier infrastructure. Additionally, this type of application will typically be deployed on a private network environment and will have fewer public infrastructure security issues to consider. The following scalability, availability, security and management considerations must be made for rich native Win32-based presentation tier applications:

Rich Native Client Scalability

The presentation tier portion for the application will be running on Win32-based end-user workstations. These machines must be sized properly to achieve acceptable application performance. Memory (standard and video), disk capacity and performance, video size and resolution, processor performance, and network interface performance must all be considered. Additionally, the volume of data that will be transferred between the business logic layer COM+ application and the Win32 client application, along with the total number of clients that will be supported, must be factored into network capacity planning.

Rich Native Client Availability

Redundant network access points from the end-user workstation to the business logic tier servers may be needed. This is the primary availability issue to be considered with the rich native client application presentation tier because increasing availability of the end-user workstation through any other means is typically cost prohibitive.

Rich Native Client Security

Security for Win32-based presentation tier applications will typically use native Windows NT or Windows 2000 security protocols such as NTLM and Kerberos through DCOM.

Rich Native Client Management

Application deployment strategies to end-user workstations must be taken into account. Tools such as Microsoft System Management Server® (SMS) and Microsoft Windows 2000 IntelliMirror® management technologies can be used to assist in distributing application components to workstations.

Thin/Thick Web Client Infrastructure Considerations

Thin Web client and thick Web client solutions introduce the requirement of providing IIS/ASP/HTML/DHTML delivery services. Additional complexities that thin Web client-based infrastructure architectures introduce are public infrastructure security requirements, fault tolerance and scalability issues with the IIS/ASP/HTML/DHTML delivery services servers.

Thin/Thick Web Client Scalability and Availability

To address scalability and availability concerns, redundant mirror-image servers running IIS/ASP services can be used. Windows 2000 Advanced Server includes Network Load Balancing (NLB) services to transparently present a single IP address for multiple servers and to share the network traffic load across NLB-enabled machines. Other techniques of performing load balancing include DNS round robin name resolution and various third-party hardware based solutions. One of the advantages that NLB has over many other solutions is its ability to detect failure conditions. The NLB network stacks on each of the NLB-enabled machines actively monitor the health of the other nodes. Any node that is no longer offering a service can be automatically removed from the list of NLB-enabled machines, while the other NLB-enabled machines continue to offer the service.

The same network redundancy and network traffic considerations that are part of a rich native Win32-based solution need to be factored into a thin/thick Web client-based infrastructure architecture.

Thin/Thick Web Client Security

Public infrastructure security concerns are addressed with a combination of physical network security access tools such as firewalls and access-list controlled routers as well as implementing some type of client access control techniques. Client access control can include the use of x.509 certificates, forms-based logon procedures, Microsoft Site Server, Commerce Edition® member management services and other third-party authentication services.

Thin/Thick Web Client Management

Tools such as Microsoft Site Server, Commerce Edition and a variety of third-party tools can be used to gather site statistics and other traffic related information to help determine future usage needs and to assist in capacity planning. IIS content management and deployment tools such as Microsoft FrontPage® and Microsoft Visual InterDev® can assist in moving IIS-based applications from development/test platforms onto production platforms.

Business Logic Tier Infrastructure

The infrastructure of the business logic tier is focused on efficiently hosting COM+ applications. In pure Win32-based applications, the presentation layer components, which are located on an end-user’s workstation(s) in the presentation tier, would use DCOM to request COM+ application services on the business logic layer. The presentation layer, in a thin Web client application, is hosted in an end-user’s browser communicating via HTTP, with server side IIS managed scripts (ASP pages) and components. The ASP pages and/or components would in turn use COM/DCOM to request COM+ application services on the business logic layer.

Business Logic Tier Scalability and Availability

To achieve scalability on the business logic tier, COM+ application components can be statically load-balanced across multiple machines. The COM+ applications can either be housed on multiple mirror image COM+ application servers or the COM+ applications can be distributed across servers based upon functional application characteristics. Or, a combination of these techniques can be used. When mirror image servers are used, a fixed number of presentation layer clients are assigned to each business logic layer COM+ application server machine. Alternatively, when functional application characteristics are used to distribute the COM+ applications across machines, all requests for a particular application function are routed to the same server. An example of this type of architecture would be a high-volume, time sensitive application feature such as airline reservation processing. This processing can be directed to one class or to a set of machines while lower-volume, less time sensitive services such as frequent-flyer benefits and account information would be directed to a different class or set of machines. These are course-grained techniques for component load balancing. Finer grained approaches based on dynamic load balancing algorithms will be available in future Windows DNA products.

Achieving availability in the current COM+ environment is attainable only by building some type of fail-over capability into the application logic. In the near future, Microsoft will release solutions that transparently bring both load-balancing and fail-over services to COM+ applications.

Business Logic Tier Security

Security at this layer may include physical network security access tools such as firewalls and access-list controlled routers to add another layer of network security between the presentation layer infrastructure and the business/data layer infrastructure. Operating system-based Access Control List (ACL) security along with COM+ role-based security may be used to secure operating system and application resources.

Business Logic Tier Management

Monitoring the health and performance characteristics of the COM+ applications running on this tier are the primary management objectives for this tier. The Microsoft Transaction Server® (MTS) product administrative tools for the Windows NT operating system, and the COM+ Component Services administrative tools that are part of Windows 2000 operating system provides cursory information about the health of COM+ applications. There are several third-party tools that provide more robust monitoring capabilities that focus on tracking the application’s availability, reliability and functionality. To minimize the impact on a production system’s performance characteristics, these monitoring tools should be placed on their own network segment. The resource-intensive console-portion of the management tool should be run on a machine that is separate from the production application.

Data Tier Infrastructure

The data tier infrastructure hosts data layer COM+ components and the data server products that those applications access. The same solutions for business logic layer infrastructure apply to hosting the data tier COM+ components. The infrastructure options for server products such as Microsoft SQL Server are different from COM+ applications. The following sections discuss the scalability, availability, security and management options that are unique to the data tier infrastructure.

Data Tier Scalability

To improve scalability in Microsoft SQL Server, both vertical and horizontal partitioning of data can be used to spread the overall load of the database server access across multiple machines. Vertical partitioning of data can be used to allocate tables across multiple servers based upon functional application characteristics. An example of this type of partitioning would be placing inventory data on one machine and order data on another machine. The key to this type of partitioning is selecting datasets for each server that efficiently and equitably spread the load across all the servers. SQL Server’s distributed query capabilities can be used to combine or to join data across servers.

When vertical partitioning of data is not applicable, horizontal partitioning can be used to segment data equally across multiple servers using a unique key. An example of this would be allocating half of an employee records table to one server and the other half to another server. The employee’s social security number may be used to determine on which server the employee information would reside. The information determining which server contains which set of employee records, could be managed using hard-coded application logic or with Microsoft SQL Server’s partitioned view capabilities. The requirement for extra application-level logic is one of the disadvantages of horizontal partitioning.

Data Tier Availability

Microsoft clustering technology can be used to increase availability of the Microsoft SQL Server product. The two-node, fail-over clustering capabilities of Windows 2000 Advanced Server can be leveraged to increase system availability. Both active-active and active-passive (warm standby) configurations are possible. The choice of which configuration to use should be based upon the performance characteristics of the application. Active-active configurations are best suited for applications where maximum performance is required and during brief periods when fail-over may occur, decreased performance is acceptable. Active-passive configurations are best suited where consistent performance characteristics are required all of the time, even during brief periods when fail-over may occur.

Data Tier Security

The data tier security is similar to the business logic tier security considerations. Additional layers of firewalls/routers may be needed depending upon the sensitivity of the data being accessed. Additionally, with the COM+ role-based security, SQL Server’s integrated security features can be leveraged to minimize the need for hard-coding account and password information in any application code.

Data Tier Management

As with the business logic tier, monitoring the health and performance characteristics of the COM+ applications is one of the primary management objectives of the data tier and the considerations mentioned in the business logic tier apply here. Additionally, the availability and performance characteristics of Microsoft SQL Server need to be monitored. Microsoft SQL Server exposes a large number of Windows 2000 and Windows NT performance monitor counters, that can be used for analysis and several third-party tools are also available for this purpose. However, care must be taken not to impact production system data services performance when using these monitoring tools. The same separate network segment and console machines requirements that were mentioned in the business tier discussion apply here as well.