Sunday, July 24, 2005
« A variety of physical n-tier options | Main | Speaking of mobile objects (agents) »
Extending the 3-tier conversation to the web

Mike has requested my thoughts on 3-tier and the web – a topic I avoided in my previous couple entries (1 and 2) because I don’t find it as interesting as a smart/intelligent client model. But he’s right, the web is widely used and a lot of poor people are stuck building business software in that environment, so here’s the extension of the previous couple entries into the web environment.

 

In my view the web server is an application server, pure and simple. Also, in the web world it is impractical to run the Business layer on the client because the client is a very limited environment. This is largely why the web is far less interesting.

 

To discuss things in the web world I break the “Presentation” layer into two parts – Presentation and UI. This new Presentation layer is purely responsible for display and input to/from the user – it is the stuff that runs on the browser terminal. The UI layer is responsible for all actual user interaction – navigation, etc. It is the stuff that runs on the web server: your aspx pages in .NET.

 

In web applications most people consciously (or unconsciously) duplicate most validation code into the Presentation layer so they can get it to run in the browser. Thus is expensive to create/maintain, but is an unfortunate evil required to have a half-way decent user experience in the web environment. You must still have that logic in your actual Business layer of course, because you can never trust the browser - it is too easily bypassed (Greasemonkey anyone?). This is just the way it is on the web, and will be until we get browsers that can run complete code solutions in .NET and/or Java (that's sarcasm btw).

 

On the server side, the web server IS an application server. It fills the exact same role of the mainframe or minicomputer over the past 30 years of computing. For "interactive" applications, it is preferable to run the UI layer, Business layer and Data Access layer all on the web server. This is the simplest (and thus cheapest) model, and provides the best performance[1]. It can also provide very good scalability because it is relatively trivial to create a web farm to scale out to many servers. By creating a web farm you also get very good fault tolerance at a low price-point. Using ISA as a reverse proxy above the web farm you can get good security.

 

In many organizations the reverse proxy idea isn’t acceptable (not being a security expert I can’t say why…) and so they have a policy saying that the web server is never allowed to interact directly with the database server – thus forcing the existence of an application server that at a minimum runs the Data Access layer. Typically this application server is behind a second firewall. While this security approach hurts performance (often by as much as 50%), it is relatively easily achieved with CSLA .NET or similar architecture/frameworks.

 

In other situations people prefer to put the Business layer and Data Access layer on the application server behind the second firewall. This means that the web server only runs the UI layer. Any business processing, validation, etc. must be deferred across the network to the application server. This has a much higher impact on performance (in a bad way).

 

However, this latter approach can have a positive scalability impact in certain applications. Specifically applications where there’s not much interactive content, but instead there’s a lot of read-only content. Most read-only content (by definition) has no business logic and can often be served directly from the UI layer. In such applications the IO load for the read-only content can be quite enough to keep the web server very busy. By offloading all business processing to an application server overall scalability may be improved.

 

Of course this only really works if the interactive (OLTP) portions of the application are quite limited in comparison to the read-only portions.

 

Also note that this latter approach suffers from the same drawbacks as the thin client model discussed in my previous post. The most notable problem is that you must come up with a way to do non-chatty communication between the UI layer and the Business layer, without compromising either layer. This is historically very difficult to pull off. What usually happens is that the “business objects” in the Business layer require code to externalize their state (data) into a tabular format such as a DataSet so the UI layer can easily use the data. Of course externalizing object state breaks encapsulation unless it is done with great care, so this is an area requiring extra attention. The typical end result are not objects in a real OO sense, but rather are “objects” comprised of a set of atomic, stateless methods. At this point you don’t have objects at all – you have an API.

 

In the case of CSLA .NET, I apply the mobile object model to this environment. I personally believe it makes things better since it gives you the flexibility to run some of your business logic on the web application server and some on the pure application server as appropriate. Since the Business layer is installed on both the web and application servers, your objects can run in either place as needed.

 

In short, to make a good web app it is almost required that you must compromise the integrity of your layers and duplication some business logic into the Presentation layer. It sucks, but its life in the wild world of the web. If you can put your UI, Business and Data Access layers on the web application server that’s best. If you can’t (typically due to security) then move only the Data Access layer and keep both UI and Business layers on the web application server. Finally, if you must put the Business layer on a separate application server I prefer to use a mobile object model for flexibility, but recognize that a pure API model on the application server will scale higher and is often required for applications with truly large numbers of concurrent users (like 2000+).

 

 

[1] As someone in a previous post indirectly noted, there’s a relationship between performance and scalability. Performance is the response time of the system for a user. Scalability is what happens to performance as the number of users and/or transactions is increased.

Architecture | Distributed OO
Sunday, July 24, 2005 8:47:26 AM (Central Standard Time, UTC-06:00)  #    Disclaimer  |  Comments [7]  |  Related posts:
Using CSLA Light, Part 1
Repost from an MSDN forum discussion
CSLA Light object serialization
Prototype Silverlight data portal
My philosophy on using new technologies
Why enable the data portal behind a web service?
 Tracked by:
"Extending the 3-tier conversation to the web" (YaYoGakk) [Trackback]
"Cookies, Sistemas Distribu" (Rui Quintino) [Trackback]

Sunday, July 24, 2005 10:29:58 AM (Central Standard Time, UTC-06:00)
Rocky,

"In the case of CSLA .NET, I apply the mobile object model to this environment. I personally believe it makes things better since it gives you the flexibility to run some of your business logic on the web application server and some on the pure application server as appropriate."

Hey, you had me at OO and configurable remoting. I won't just read anyone's 800 page book. :) I'm just trying to remove the CSLA training wheels after reading your massive book.

"Since the Business layer is installed on both the web and application servers, your objects can run in either place as needed."

You didn't choose to answer my previous question regarding the CSLA way to run some BL on the DataPortal side (pure application server as you called it), or on the UI side (obviously referring to 4-tier web CSLA apps). Either my question was just too dumb (very possible), or you figure all CSLA grasshoppers should work this out for themselves. :) I'm stubborn, so let me try again.

Maybe I should start with my CSLA assumptions/understandings... you can shoot them down if I have it wrong.

1) You only have two choices with CSLA web apps out of the box (you could always customize), and those two choices are 1) 3-tier (no remoting) 2) 4-tier (remoting).
2) If 3-tier, my "how to run BL in both places (UI web server vs CRUD DataPortal application server) is moot... i.e. everything is running on the same server.
3) With CSLA 4-tier web apps, only DataPortal CRUD methods/processing happens on the 3rd tier... i.e. BL would run on the 2nd tier web server.

Correct so far?

So back to my original question pertaining to 4-tier. If I want to run SOME processing intensive BL on the DataPoral, and some BL on the web server, WHAT IS THE MECHANISM/TECHNIQUE. I guess I should add a 4th assumption to the list above:

4) BL is not CRUD, or found in the CSLA standard CRUD methods.

I used the example of retrieving a couple of thousand rows into a collection with CSLA CRUD retrieval, and then wanting to iterate through that collection for BL reasons. Again, the idea is to offload BL processing from the dbms in n-tier in a disconnected fashion, so this would seem to be basic n-tier BL processing 101.

Bottom line, it would seem in 4-tier CSLA web app land, I would want to be able to run some non-CRUD BL on the 3rd tier, and some on the 2nd tier. Rocky, how do I do that with CSLA? All hints would be very appreciated. :)

I guess if this was in the book, I might not receive a passing grade at this point.



Mike
Monday, July 25, 2005 8:54:54 AM (Central Standard Time, UTC-06:00)
Mike, the way the DataPortal works is that it transfers the object across the network and then invokes one of the DataPortal_xyz methods on the server (Create, Fetch, Update, Delete). What you do in those methods is entirely up to you. In most cases all those methods do is interact with the database(s) directly, effectively giving you a thick client model.

However, there's nothing stopping your DataPortal_xyz methods from interacting with your object or with other objects on the server. Many people have most of their logic running on the web server (or client workstation), with some logic in the DataPortal_xyz methods - thus splitting the business processing between the client (web server) and app server tiers.

It is totally possible to create your object as a data transfer object (DTO) where the object's properties have no business logic at all, and all the logic is in the DataPortal_Update method. This is as close to a stateless object as CSLA allows you to get, and it effectively allows you to create a thin client implementation with CSLA .NET.

In this latter model, the DataPortal_Update method would invoke private methods on the object so all data is validated, calculations performed, etc. and then the data would be inserted/updated/deleted in the database. That's exactly what you'd do in any thin client model, just within the confines of the CSLA .NET model where only the DataPortal_xyz methods are ever directly invoked on the server.
Rockford Lhotka
Monday, July 25, 2005 11:18:26 AM (Central Standard Time, UTC-06:00)
Rocky,

"What you do in those methods is entirely up to you. In most cases all those methods do is interact with the database(s) directly, effectively giving you a thick client model.

However, there's nothing stopping your DataPortal_xyz methods from interacting with your object or with other objects on the server."

OK... I just work with/around the DataPortal methods. I'm the OO rookie, but doesn't that workaround amount to non-OO... i.e. I slide in some code (or a call to code) in a CRUD method due to physical framework constraint, rather than have that code/method code exist and called as it logically falls out with BL needs? Maybe this will all fall into place better for me once I get into developing a CSLA application for real... i.e. beyond the book project tracker example.

It seems like one could use the COMMAND example you explained in one of your posts where you could have a stored procedure exectuted from the DataPortal side (I think you described an embedded DataPortal class). Instead of using that technique to execute a stored procedure, one may just use the technique to run processing intensive BL via the DataPortal server. Maybe this would allow design of BL to happen on the basis of "when and where you would like to invoke it" rather than slide non-update logic into CRUD updates, and non-retrieval BL into CRUD retrievals.

Anyway, I appreciate the response. I've spent may too much time in CSLA theory land... it's time to sling some code. :)

btw... you really do hate web UI don't you? :) I don't blame you, what a ****** ****. Still, it seems like one of the big selling points for CSLA on SOME projects would be the ability to serve both Windows and Web UI from the same CSLA plumbing. I've always thought in terms of in-house/intranet users as Win Forms, and outside vendors and customers as Web Forms.I just read your Netrun chapter last night, and now my thinking has changed to where a FINITE set of users, for example vendors, would also be Win Form candidates... as long as installing Netrun on those machines made more sense than a Web Forms interface for them (complex UI interface begs for Win Forms, but very simple needs may be covered with Web Forms just fine). It looks like you can go a long way to avoid Web Forms unless you have external users(i.e. vendors,customers). Also assumed there is some form of OLTP needs for those customers. In that case, the potential for a shared CSLA seems to exist, and CSLA becomes PRICELESS (maybe there is a commercial in there some where). Of course, as soon as you have SOME Web Forms, you have the issue of asking if duplicate UI is warranted. Intranet apps with Netrun do seem to make Web Forms a very wrong choice for internal users, but design considerations still seem to be at play for external users (vendors, customers, etc).

Mike
Monday, July 25, 2005 11:35:33 AM (Central Standard Time, UTC-06:00)
Mike, all code has a single entry point - OO or not. What you do after that single entry point is up to you. When writing OO code we try to immediately invoke objects from the entry point, thus minimizing the procedural concepts. However, all code is procedural in its very first invocation :)

The DataPortal_xyz methods are merely the server-side entry points. Yes they are procedural, but so is your client-side entry point.

You are right about the Command object - it can be used by the client-side objects to invoke server-side processing. Often this executes a database command, but it could as easily create and interact with a series of server-side CSLA business objects. This latter variation is often called a Process object, because the Command object is orchestrating a server-side process by using a set of objects.

Regarding web UI - I don't "hate" it really. I just find it frustrating and limiting. It is perfect for wide reach applications, but is really expensive and complex for line-of-business type applications. Unfortunately (and frustratingly) a lot of people try to use the web for LOB apps - either giving their users a mainframe terminal experience or spending comparatively large amounts of money to develop a UI that could have been many times cheaper and better if done in Windows Forms.

You are absolutely right that one of the key benefits of CSLA is to have a common object model that can be used by both Windows and web UIs. In many (most?) cases this works very well. In high-scaling web environments however (maybe 1000+ concurrent users) you must alter your object model to conform to the realities of the web technology. While a normal object model can easily handle thousands of users with an intelligent client, in the web you are forced to switch to a more API-based model.

Obviously this only impacts a very small number of applications, since the vast majority of applications have less than ~1000 concurrent users. But at some point in there you'll find that the only way to make the web work is to have your web and app servers be a simple passthru for the data to ferry between user and database - obviously with business logic applied on the way through as well.
Rockford Lhotka
Monday, July 25, 2005 12:25:20 PM (Central Standard Time, UTC-06:00)
>If you can’t (typically due to security) then move only the Data Access layer and keep both UI and Business layers on the web application server.

Just one relatively small comment on this very good piece. I find that that it's usually different types of hardware devices that force the data away from the web/app physical tiers, i.e. commercial RDBMS with different disk partitions for t-logs, RAID devices and even good old COLD backup, rather than real ‘security’ rationale. Put another way, the data tends to move to a dedicated DB physical cluster setup due to differing hardware requirements compared to the web/app cloned chickens on the farm.

One thing I would like to see discussed more in general is the 'Voodoo Security' concepts of a physical application tier in a web app. I still find a lot of data center managers who think that by having a single network 'point of entry' to their DB crown jewels that it will somehow 'slow down' or help out a web/app farm instance that has been compromised. There still seems to be the continued belief that a physical separation between the app and the database is because of security - that somehow say a TDS connection under a different set of credentials to those of the active user will halt a compromise. Too many architects take the concept of a DMZ literally and on faith, in that if the application credentials get taken then the database will be 'different'. In some ways where the users roles aren’t proliferated on to the DB connection (say, DB vendor neutrality or not burdening the DB with LDAP ACL based access) then it is actually a worse situation to be in, as in I can come into a web app as a lowly user, compromise the current credentials and then have a free-for-all in terms of raw data access. The app must be able to talk to the db, and the key mechanism has already been compromised for me to get that far, i.e. the stack or thread local storage.

Personally I think this is for the same reasons people take their shoes off at airports – it is theatre to ease the mind rather than security per se.

Anyway, apologies for far too long for a comment Rocky, but I just wanted to comment back that I *do* think a data physical tier is nearly always required, but it's for hardware profiles and not really for security. What do people think?

- David
David Ing
Monday, July 25, 2005 4:43:25 PM (Central Standard Time, UTC-06:00)
David, I agree that the Data layer needs to be on its own tier. For security and a whole host of other reasons around management and so forth.

But that's separate from the Data Access layer (typically your ADO.NET code). Obviously your Data Access layer needs security access to the Data layer & tier - otherwise it couldn't function. One would assume that the Data layer/tier will only provide minimal access to the Data Access layer - but of course in many applications the Data Access layer requires broad read/write access to most/all of the database...

I think that's where the idea of having the Data Access layer on its own tier for security comes into play. If the Data Access layer is on an app server, then only the code on that app server needs to have the credentials required to get at the Data layer/tier. Neither the UI nor Business layers (running on the web server) have those credentials.

As I noted, I am not a security expert, nor do I play one on TV. I'm merely repeating what I've heard time and time again from the security people at clients where I've worked. Who knows if they are experts or not either, but they are the ones in charge and so I play by their rules :)
Rockford Lhotka
Monday, July 25, 2005 5:47:41 PM (Central Standard Time, UTC-06:00)
"Who knows if they are experts or not either, but they are the ones in charge and so I play by their rules :)"

Wow... a famous book author still has to follow the rules. How depressing. If they can't answer "yes" to "have you written a book on security", then..... :)

Mike
Comments are closed.