Professional Documents
Culture Documents
Reference Architecture
Application Infrastructure
Architecture Blueprint
Abstract
This WSSRA blueprint focuses on business requirements and architectural considerations for the
infrastructure upon which applications are implemented in an enterprise organization.
Information in this document, including URL and other Internet Web site
references, is subject to change without notice. The entire risk of the use or
the results of the use of this document remains with the user.
The example companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted herein are fictitious. No
association with any real company, organization, product, domain name,
email address, logo, person, places, or events is intended or should be
inferred.
Complying with all applicable copyright laws is the responsibility of the user.
Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in
any form or by any means (electronic, mechanical, photocopying, recording,
or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation. Microsoft may have patents, patent applications,
trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you
any license to these patents, trademarks, copyrights, or other intellectual
property.
© 2005 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, BizTalk, MSDN, and Visual C# are
either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 •
USA 00
Table of Contents
INTRODUCTION..........................................................................................................................................1
WHO SHOULD READ THIS BLUEPRINT.................................................................................................................1
ENTERPRISE DESIGN................................................................................................................................2
BUSINESS NEED................................................................................................................................................2
ARCHITECTURE DEFINITION................................................................................................................................3
Application Infrastructure Architecture Concepts and Terminology.......................................................4
.NET and COM Component Models...................................................................................................................7
What Applications Need and How Infrastructure Provides It.................................................................8
Internet Information Services..............................................................................................................................9
.NET Framework................................................................................................................................................9
COM+.................................................................................................................................................................9
Message Queuing..............................................................................................................................................10
ARCHITECTURE DESIGN....................................................................................................................................10
Application Deployment Considerations...............................................................................................10
Application Client Types........................................................................................................................12
Thin Clients.......................................................................................................................................................13
Thick Clients.....................................................................................................................................................13
Web Service Clients..........................................................................................................................................13
Transactions...........................................................................................................................................14
Application Infrastructure for the Development Life Cycle...................................................................14
LOGICAL DESIGN............................................................................................................................................16
Design Option 1–Internal Only, 2-Tier..................................................................................................17
Advantages........................................................................................................................................................18
Disadvantages....................................................................................................................................................18
Design Option 2–Internal Only, 3-Tier..................................................................................................19
Advantages........................................................................................................................................................19
Disadvantages....................................................................................................................................................20
Design Option 3–External 2-Tier (Data Source Internal).....................................................................20
Advantages........................................................................................................................................................21
Disadvantages....................................................................................................................................................21
Design Option 4–External 3-Tier (Data Source Internal).....................................................................22
Advantages........................................................................................................................................................22
Disadvantages....................................................................................................................................................23
Design Option 5–External 3-Tier (App and Data Source Internal).......................................................23
Advantages........................................................................................................................................................24
Disadvantages....................................................................................................................................................25
Design Option 6–Internal 2-Tier (Departmental Data Source).............................................................25
Advantages........................................................................................................................................................26
Disadvantages....................................................................................................................................................26
Design Option 7–External 3-Tier (Departmental Data Source)............................................................27
Advantages........................................................................................................................................................27
Disadvantage.....................................................................................................................................................28
Design Option 8–Departmental 2-Tier..................................................................................................28
Advantages........................................................................................................................................................28
Disadvantages....................................................................................................................................................29
Design Option 9–Departmental 2-Tier (Internal Data Source).............................................................29
Advantages........................................................................................................................................................30
Disadvantages....................................................................................................................................................30
Design Option 10–Any Trust Zone to External/Public Web Service......................................................30
Advantage.........................................................................................................................................................31
Disadvantage.....................................................................................................................................................31
ARCHITECTURE DEPENDENCIES..........................................................................................................................32
SERVICE DEPENDENCIES...................................................................................................................................32
STANDARDS AND GUIDELINES...........................................................................................................................32
HARDWARE REQUIREMENTS..............................................................................................................................33
AVAILABILITY.................................................................................................................................................33
SECURITY.......................................................................................................................................................34
Security Design......................................................................................................................................35
Security Lockdowns................................................................................................................................37
SCALABILITY..................................................................................................................................................37
MANAGEABILITY.............................................................................................................................................38
PERFORMANCE................................................................................................................................................38
SUPPORTABILITY.............................................................................................................................................39
CONSOLIDATION..............................................................................................................................................39
INTEROPERABILITY...........................................................................................................................................39
Using Microsoft Windows as an Integration Environment....................................................................40
Interoperability–Web Services...............................................................................................................42
Previous Service Versions......................................................................................................................43
LOCALIZATION................................................................................................................................................43
CDC DESIGN CONSIDERATIONS..........................................................................................................44
BUSINESS NEED..............................................................................................................................................44
ARCHITECTURE DESIGN....................................................................................................................................44
Sample Applications...............................................................................................................................44
Architectural Design for Fitch and Mather 7.0..................................................................................................45
Architectural Design for Nile............................................................................................................................45
LOGICAL DESIGN............................................................................................................................................46
Application Architecture Design............................................................................................................46
AVAILABILITY.................................................................................................................................................49
SECURITY.......................................................................................................................................................49
Security Lockdowns................................................................................................................................49
SCALABILITY..................................................................................................................................................49
MANAGEABILITY.............................................................................................................................................50
INTEROPERABILITY...........................................................................................................................................50
SERVICE DEPENDENCIES...................................................................................................................................50
SBO DESIGN CONSIDERATIONS...........................................................................................................51
ARCHITECTURE DESIGN....................................................................................................................................51
SUMMARY...................................................................................................................................................52
REFERENCES.............................................................................................................................................53
APPLICATION ARCHITECTURE............................................................................................................................53
COM...........................................................................................................................................................53
COM+.........................................................................................................................................................53
MESSAGE QUEUING.........................................................................................................................................53
.NET............................................................................................................................................................54
Introduction
There are five defined fundamental architectures in Windows Server System™
Reference Architecture (WSSRA). These architectures are:
• Network
• Storage
• Application Infrastructure
• Management
• Security
This blueprint focuses on business requirements and architectural considerations
for the infrastructure upon which applications are implemented in an enterprise
organization. These applications can be externally focused (as in a supply chain
management or an e-commerce application), internally focused (as in a
manufacturing system or a human resource application), or restricted to only
certain users within a department. This blueprint also discusses the deployment
of sample applications in selected representative scenarios, including Fitch and
Mather 7.0, and Nile.
Considerations for application infrastructure are based on patterns of
architecture, design, and deployment described in the Microsoft® TechNet
Patterns and Practices library. For further information, refer to the following URL:
msdn.microsoft.com/practices/
The sections in this blueprint provide different levels of guidance. At the
enterprise level, the guidance deals with the entire organization's architecture.
Such guidance is the appropriate starting point for any architecture design
process, as it addresses the most far-reaching planning issues encountered by
enterprise architects. The subsequent sections provide guidance that is specific
to each of our scenarios. These scenarios are outlined in the Introduction to
Windows Server System Reference Architecture, and a further level of detail is
provided in the Introduction to Architecture Blueprints Blueprint.
Business Need
The development, deployment, and operation of enterprise applications require a
rich application infrastructure. Such an infrastructure must meet the
requirements of the information technology (IT) organization for availability,
security, scalability, and manageability and provide facilities for applications to
meet these requirements. Such facilities include:
• Hosting environments for execution of application components.
• Dispatching mechanisms for communication between application
components.
• Management instrumentation to enable service-level monitoring and
problem diagnosis.
• Data storage for both structured and unstructured data.
Application infrastructure needs to provide elements that can be scaled both
horizontally and vertically to support increasing demand. For example, as an
organization's e-commerce site becomes more popular and the number of clients
increases, the application infrastructure should be able to grow to meet the
increasing demand. Infrastructure elements should be highly available, scalable,
and should support the levels of service defined for them. They must also provide
applications with the flexibility to meet their service requirements, which may
include providing mechanisms such as partitioning and clustering.
Depending on the complexity and size of an application, changes to a production
environment can be quite risky without extended testing in a lab that simulates a
production environment. The application infrastructure must be able to support a
separate integration and staging environment where applications can be tested
for full functionality before they are deployed to production servers. The staging
environment may not be of the same scale as the production environment, but
should have all its critical elements.
Security, which is essential for any organization, is also important from the
application infrastructure perspective because certain elements are accessed by
external clients as well as internal ones. Organizations typically maintain
sensitive and confidential data that cannot be compromised at any cost, such as
Architecture Definition
The WSSRA environment provides the following application infrastructure
elements from Microsoft, each of which helps create a solid foundation for
deploying and operating mission-critical applications:
• Windows Server™ 2003 operating system: Provides a secure,
manageable, and flexible platform.
• The .NET Framework: Provides a secure and manageable execution
environment for application code as well as the means to make
application components available as Web services. The ability to Web-
enable application components provides increased interoperability in
heterogeneous computing environments. In addition, .NET Framework
provides Common Language Runtime (CLR), which supports multi-
language object-oriented programming and a rich set of class libraries for
building both Web and thick-client applications.
• Internet Information Services (IIS): Provides a reliable, high
performance, and configurable HTTP request dispatching service that
serves as the basis for processing both traditional Web requests (such as
Hypertext Markup Language (HTML), Active Server Pages (ASP), and
Common Gateway Interface (CGI) scripting), and .NET Remoting and Web
service requests. IIS also offers Simple Mail Transfer Protocol (SMTP) and
File Transfer Protocol (FTP) facilities.
• COM+: Provides a robust and richly instrumented component-hosting
environment that facilitates efficient component execution, fault isolation,
and management.
• Message Queuing (also known as MSMQ): Provides asynchronous
message queuing services with reliable message delivery.
As the following figure shows, these application infrastructure elements need the
support of low-level software, hardware, and networking services. The figure
depicts how different representative components of the network, hardware, and
application infrastructure work together to run enterprise applications.
Applications such as Microsoft SQL Server™, BizTalk® server, Commerce Server,
Content Management Server, and custom applications use the core services of
application infrastructure elements (such as IIS, COM+, Message Queuing, and
UDDI) running on Windows Server 2003. In addition, the applications and
application infrastructure elements use the network infrastructure to provide the
underlying transport for information transfers.
Active
Network Services DNS DHCP IIS COM+ MSMQ UDDI
Directory
Application
Infrastructure
Elements
Windows Server 2003 / .NET Framework
Other Network
Routers Leased Lines Switches Network Infrastructure
Devices
UI Components
UI Process Components
PresentationLayer
WebTier
Service Interfaces
Business Business
Business Entities
Workflows Components
Business Layer
Data Layer
ApplicationTier
CDC
Inter-Component Communication
In either component model, a component is considered to be running “remotely”
from its caller if it runs outside of its caller’s execution context—for example, on
a different computer or within a different execution space (process) on the same
computer. For COM, the execution context or container where a component runs
is known as an apartment, whereas for .NET the execution context of a
component is known as an Application Domain (AppDomain). When two
components that are running in different execution contexts communicate with
each other, they require the services of application infrastructure to complete the
communication. This may involve communication that spans machines,
networks, and even location boundaries. In COM, this may take the form of
Distributed COM (DCOM), while in .NET it may take the form of .NET Remoting or
Web services. In either case, there will be some type of application configuration
that is required on both client and server machines. The type of configuration will
vary by application. In the case of .NET-connected applications, configuration
information may take the form of an extensible markup language (XML) file that
is distributed with the application (such as a web.config file), while DCOM may
.NET Framework
The .NET Framework refers to the Common Language Runtime (CLR) that
manages the execution of application code and the .NET Framework class
libraries that applications call for common programming services such as data
manipulation, communications, threading, and data access. In addition, .NET
defines a cross-language object-oriented programming model and the native
ability to make available application capabilities as Web services.
For more information about the .NET Framework, refer to the Middleware
Services Blueprint.
COM+
COM+ provides an execution environment in which components can be run. It
also provides a set of services that are critical for scaling applications to support
large numbers of users, including the following:
• Distributed transaction coordination, which ensures the integrity of
databases.
• Queued components, which provide asynchronous execution and can help
applications handle network failures.
• Object pooling, which allows applications to support larger numbers of
users than would otherwise be possible.
COM+ defines the notion of a “COM+ application” as the administrative unit to
which the deployed .NET and traditional COM components belong. On a given
computer, there can be one or more COM+ applications, and each application
can host one or more components. A given component cannot belong to more
than one COM+ application unless COM+ partitioning is enabled. For more
information on COM+ partitioning, refer to COM+ Partitioning at the following
URL:
msdn.microsoft.com/library/en-us/cossdk/htm/pgservices_partitions_1gdb.asp
Some characteristics of a component’s execution environment are properties of
the COM+ application to which it belongs (for example security context), while
others are properties of the component itself (for example, transactional and
poolable capabilities). Additional information on various COM+ services can be
found at:
msdn.microsoft.com/library/en-us/cossdk/htm/pgservices_partitions_1gdb.asp
Architecture Design
The design of an application infrastructure architecture must meet several
competing types of requirements. Issues such as availability, security, scalability,
and manageability must be addressed while accommodating the prerequisites of
application deployment and transaction handling. Design choices that meet one
subset of requirements may not meet other requirements and often have
consequences that affect the application design. For example, some techniques
for increasing availability or scalability of an application entail replicating layers
of the application on multiple, clustered nodes. However, implementing
replication can introduce security challenges and increase the complexity of
managing the deployed application.
Most of the requirements for application infrastructure, including its installation,
configuration, and deployment of application elements (code, configuration data,
application data, and schemas) arise from the ways in which the applications use
the infrastructure, as well as from the particular architectural patterns upon
which the application is based. In addition, the client types that the application
supports need to be considered. Finally, the characteristics of how transactions
are managed within the application and the way in which the application is
developed can affect the application infrastructure architecture. These
considerations are addressed in the following sections.
Thin Clients
In the case of a thin client, client computers access the application from a Web
browser. The browser essentially formulates and posts HTTP/HTTPS requests to
the Web server (for example, IIS) and then renders the UI that is sent to it from
the server in response to that request. The Web server serves as the HTTP/HTTPS
request dispatching facility; this means that it routes the request to the proper
piece of application code and routes the application’s response back to the
proper client. The application code that handles these HTTP/HTTPS requests
could be an ISAPI extension or filter (.dll), a traditional ASP page (.asp), an
ASP.NET page (.aspx), or a Web Service handler (.asmx). In any case, these initial
handlers of an HTTP/HTTPS request are typically referred to as the presentation
layer. This layer, aside from managing the user interface, also delegates the
processing of business functions to components of the business layer. The
business layer components may actually run in the environment of their caller, or
they may run on a separate computer. In either case, the data layer would
typically run on a separate set of failover clustered servers.
Thick Clients
In the case of a thick client, the presentation layer and possibly some portion of
the business and data layers may run in the client process on the client
computer. Thick client implementations require some type of client installation.
The introduction of the .NET Framework has greatly simplified and reduced the
risks associated with deploying thick client applications to user’s desktops. For
more information about .NET-connected thick client applications, refer to the
Middleware Services Blueprint.
Development
Environment IntegrationEnvironment TestEnvironment StagingEnvironment ProductionEnvironment
Logical Design
As mentioned previously, application deployment must be flexible to meet
availability, security, scalability, and manageability requirements. Differing
degrees of deployment flexibility result in different options for the application
infrastructure installation and configuration. Because applications are designed,
developed, and deployed to meet specific business and infrastructure
requirements for each enterprise, the number of possible application deployment
combinations is very large. This section illustrates some common deployment
configurations to provide a basis for discussion of the elements described earlier.
Web/App - UI/SI/BC/DA/SA
SQL (1433)
Internal SQL
RDBMS
RDBMS
Advantages
In the Internal Only, 2-Tier design, most elements of the application run on a
single tier (except the database). Therefore, all cross-tier and cross-firewall
issues are eliminated, resulting in the following advantages:
• There are no cross-server remoting issues.
• The deployment is simplified.
• It is simpler to determine availability.
Disadvantages
The disadvantages of running both the presentation and business layers on the
same tier in the Internal Only, 2-Tier design include:
• The layers cannot be independently scaled.
• The layers are not availability independent.
PROXY
Internal SQL
Web - UI/SI App - BC/DA/SA
SQL(1433)
RDBMS
RDBMS
Advantages
The advantages of the Internal Only, 3-Tier design option include:
• Independent scaling of presentation and business layers is feasible.
• Fault isolation and insulation from resource abuse is provided between
presentation and business layers.
• Independent availability of presentation and business layers is allowed.
Firewall
Load Balanced
SOAP-HTTP(80)/HTTP(443) Cluster
HTTP (80)/HTTPS(443)
Web/App - UI/SI/BC/DA/SA
SQL (1433)
Firewall
Internal Trust Zone
SQL
SQL
Internal SQL
RDBMS
RDBMS RDBMS
RDBMS
Advantages
The advantages of the External 2-Tier (Data Source Internal) design option
include:
• The advantages identified in option 1 of having the presentation and
business layers run on the same tier.
• The firewall provides an additional security barrier between the untrusted
security zone and the data source.
Disadvantages
The disadvantages of the External 2-Tier (Data Source Internal) design option
include:
• The disadvantages identified in option 1 of having the presentation and
business layers running on the same tier.
• Firewall configuration for access to database is required.
Firewall
PROXY
SQL (1433)
DTC (rpc ports)
Firewall
Internal Trust Zone
RDBMS RDBMS
RDBMS RDBMS
Advantages
The advantages of the External 3-Tier (Data Source Internal) design option are
the same as the advantages identified in option 2, with respect to presentation
and business layers running on different tiers.
PROXY
HTTP (80)/HTTPS(443)
Web - UI/SI
SQL (1433)
RDBMS
RDBMS
App - BC/DA/SA
Advantages
The advantages of the External 3-Tier (App and Data Source Internal) design
option include:
• Independent scaling of presentation and business layers is allowed.
• Fault isolation and insulation from resource abuse between presentation
and business layers is provided.
• Independent availability of presentation and business layers is allowed.
• Business logic and sensitive metadata (database connection strings, for
example) is kept in a more secure setting.
Web/App - UI/SI/BC/DA/SA
SQL (1433)
DTC (rpc ports)
Firewall
Department Trust Zone
SQL
RDBMS
RDBMS
Advantages
The advantages of the Internal 2-Tier (Departmental Data Source) design option
are similar to those of design option 1. In addition, this design option provides
application access to sensitive departmental data without allowing the users to
directly access the data.
Disadvantages
The disadvantages of the Internal 2-Tier (Departmental Data Source) design
option are the same as those identified in design option 1.
Firewall
SOAP - HTTP (80)/HTTPS (443)
PROXY
SQL (1433)
SQL
RDBMS
RDBMS
Advantages
The advantages of the External 3-Tier (Departmental Data Source) design option
are the same as those identified in design option 6.
Load Balanced
Cluster
Department
SQL
RDBMS
RDBMS
Advantages
The advantages of the Departmental 2-Tier design option are the same as those
identified in design option 6.
PROXY
SQL
SOAP - HTTP (80)/HTTPS (443)
DTC (rpc ports)
RDBMS
RDBMS
SQL (1433)
Firewall
SQL (1433)
Web/App - UI/SI/BC/DA/SA
Disadvantages
The disadvantages of the Departmental 2-Tier (Internal Data Source) design
option are the same as those identified in design option 6.
PROXY
SQL
RDBMS
RDBMS
SQL (1433)
Firewall
SQL (1433)
Web/App - UI/SI/BC/DA/SA
Advantage
The main advantage of the Any Trust Zone to External/Public Web Service design
option is that it allows monitoring and restriction of outbound traffic.
Disadvantage
The main disadvantage of the Any Trust Zone to External/Public Web Service
design option is that applications may be required to obtain credentials to pass
through the proxy (depending on the nature of the proxy).
Service Dependencies
The following table lists the relationships between application infrastructure
architecture and the services upon which the architecture depends. It is possible
to implement an architecture without using all these services, although the
resulting architecture would be reduced in scope or scale accordingly.
Hardware Requirements
Some types of servers are better suited than others to perform specific tasks and
to host different products and technologies. Hardware requirements depend on
the specific usage model of each group of users, including Web customers,
application managers, and software engineers. For example, Web servers are
typically computers with good memory and processing power. However, they are
not required to have robust storage capabilities (such as redundant array of
independent disks (RAID) mirroring), because most of the data is stored in a
more robust fashion elsewhere. However, Web servers should be duplicated and
clustered to guard against server overload or potential failure of one server.
For more information on hardware requirements of individual application
components, refer to the following Service Blueprints:
• Data Services Blueprint
• Web Application Services Blueprint
• Middleware Services Blueprint
Availability
Applications can be available only to the extent that their elements are available.
An application's availability can be improved by physically separating its critical
components from other computers and components that could fail. For example,
long running business processes can be implemented on an independent tier of
clustered servers so that a server failure in the Web farm does not prevent
business processes from being completed.
Application availability is difficult to measure because applications are typically
composed of numerous logical layers and can be deployed to multiple physical
tiers, sometimes with firewalls between them. For example, a simplistic measure
of Web site availability may be obtained by sending a simple HTTP request to the
Web site and acknowledging an appropriate response. However, this
request/response interaction will not exercise all elements of the application. A
better approach to measuring application availability is to independently “ping”
the layers/tiers of an application and wait for appropriate responses. However,
even this does not truly measure availability, because application failures often
Security
Security is one of the principal challenges of assembling distributed applications,
especially those that cross multiple physical tiers separated by firewalls.
Although security is discussed in depth in the Security Architecture Blueprint,
issues specific to application architecture are mentioned here.
Application infrastructure often implements security mechanisms in addition to
those provided by traditional infrastructure security components such as
firewalls, proxies, and virtual private network (VPN). Examples include
applications that restrict execution of code only to permitted clients, or to those
that encrypt the data that is passed to components. When designing applications
architects must take into consideration such items as the identity under which
their code will execute, the authentication method used to establish that identity
(if any), the necessary ports that need to be opened on any firewalls, and the
required services that will need to be running on both clients and servers.
The notion of security has many dimensions in the context of an application,
including:
• Identity authentication such as credential checking and certificate-based
non-repudiation.
• Restricted network traffic, including closing ports on firewalls and filtering
in proxies.
• Restricted access to data sources such as SQL Server.
• Restricted access to file system objects (that is, NTFS security).
• Maintaining data integrity through the use of secured channels and signed
messages.
• Maintaining data privacy through the use of secured channels, user access
through a virtual private network (VPN), and encrypted message passing.
The .NET Framework provides a code-based security model in which the privilege
to run a piece of code is based on the evidence its caller presents to the CLR.
This security model permits the application to restrict callers of a specific module
to those callers that present sufficient evidence (for example, digital signatures
loaded from a permissible location). The details of this security model are
provided in the Middleware Services Blueprint.
Security Lockdowns
Security lockdowns can be implemented through Group Policy, which provides
directory-based desktop configuration management. Group Policy may define
configurations for groups of users and computers. Settings may be specified for
registry-based policies, security, software installation, scripts, folder redirection,
and remote installation services using Group Policy.
Group Policy settings are contained in a Group Policy object (GPO), and can be
applied to users and computers by associating a GPO with the Active Directory
containers in which the users and computers reside. For example, an
organization may stipulate that application servers (running .NET Framework) will
not host Web services, and use Group Policy to disable the IIS service on those
servers.
In addition, several security lockdowns may be used among the various
application infrastructure elements in order to discourage casual deployment of
an application. These lockdowns must be overridden using management tools for
the various infrastructure elements required for successful deployment of an
application (such as IIS, .NET and COM+). For more information, refer to the Web
Application Services Blueprint and the Middleware Services Blueprint.
Scalability
The general approach to scalability is to partition the application into
architectural layers, which can be deployed to separate physical tiers that can be
scaled out independently. In practice, there is often a one-to-one relationship
between an application load at the point of entry into the application (for
example, the presentation layer) and the load at subsequent downstream layers
in the application for a given call path within it.
The entire architecture must be taken into account when identifying bottlenecks.
For example, even if the database server has the capacity to handle twice the
peak load, the entire system may be bottlenecked by some specific aspect of the
application, such as thread-contention or the network interface. By planning
ahead for scalability, it is possible to avoid such bottlenecks in the application.
For more information on scalability, refer to the relevant Service Blueprints:
• Web tier: Refer to the Web Application Services Blueprint.
• Application tier: Refer to the Middleware Services Blueprint.
• Data tier: Refer to the Data Services Blueprint.
Performance
The performance of an application is typically measured at the coarsest level by
the elapsed time for a representative request to be processed, which can be
measured from the client’s perspective or from the various points of entry in the
application’s layers on whatever tiers that are deployed. This measurement is
different from how efficiently an application processes a request with respect to
the resources it consumes, such as central processing unit (CPU), random access
memory (RAM), disk space, and network bandwidth.
Application performance can be improved by tuning the application design and
by scaling out with additional infrastructure. For further information, refer to the
following Service Blueprints:
• Data Services Blueprint
• Web Application Services Blueprint
• Middleware Services Blueprint
Consolidation
Application consolidation involves running portions of two or more applications
on a single tier, including tiers that are cloned among nodes in a load balanced
cluster. For example, assume that a typical Web application is deployed so that
its presentation layer runs on one tier (a load balanced cluster) running IIS, its
business layer runs on another tier (another load balanced cluster), and its
database runs on a third tier (a failover cluster). If the respective layers of a
separate yet similarly architected application were deployed on the same tiers, a
distinct set of challenges would arise from the infrastructure perspective,
including:
• Insulation of one application from the effects of another application.
• Accounting for resource use per application.
• Diagnosing problems (because the diagnostic practice cannot affect other
applications running on the same machines).
• Infrastructure change management. For example, if you change the
version of Microsoft ActiveX® Data Objects (ADO) for one application, you
have changed it for all, requiring more coordination among applications
for infrastructure changes. This can also include “application
infrastructure” in the form of application frameworks (for example, shared
or common class libraries).
Interoperability
Application interoperability consists of making programming calls to, and
accepting programming calls from, external systems. Web Services is the
emerging technique of choice, although several other techniques are widely
used, including:
• Electronic Data Interchange (EDI) for business-to-business
communications.
• SNA (LU6.2/APPC, LU2/3270, X/5250) for integration with older mainframe
applications.
• X.25 for facilitating WAN connectivity.
Regardless of the integration technology used, the challenges that must be
overcome include:
NetWare
Interoperability–Web Services
Windows Server 2003 provides extensive support for using and hosting Web
services. Web Services Enhancements (WSE) provide routing, referral, inspection,
security, transactions, attachments, and other facilities to support the extended
capabilities necessary to make Web services viable in an enterprise. Windows
Server 2003 delivers a revolutionary application environment to build, deploy,
and run XML Web services, enabling applications to take advantage of the
loosely coupled principles of Internet computing.
Feature Description
Native XML Web Windows Server 2003 offers native support for XML Web service
Services Support standards, including XML, SOAP, Universal Description, Discovery, and
Integration (UDDI), and Web Services Description Language (WSDL).
Enterprise UDDI Windows Server 2003 includes Enterprise UDDI Services, a dynamic and
flexible infrastructure for XML Web services. This feature allows
companies to run their own internal UDDI service for intranets or
extranets. Developers can easily and quickly find and reuse the Web
services that are available within the organization, and IT administrators
can catalog and manage the programmable resources in their network.
With UDDI services, companies can build and deploy smarter, more
reliable applications.
Support for XML Web services are deeply integrated into Windows Server 2003;
Localization
For details on localization of an application and the effects on application
infrastructure, refer to the following Service Blueprints:
• Data Services Blueprint
• Web Application Services Blueprint
• Middleware Services Blueprint
Business Need
The application infrastructure architecture for an application that runs exclusively
inside a CDC scenario has the following unique characteristics:
• Largely trusted users.
• The possibility of using integrated security.
• A smaller subset of the security threats possible than when touching the
public Internet.
• A smaller set of users (typically).
• The ability to control client loads and ship client code to browser (for thin
clients).
• Potential inclusion of thick client applications, which implies software
distribution challenges.
As mentioned in the "Enterprise Design" section in this blueprint, the primary
concern for the application infrastructure architecture in a CDC scenario is to
provide a sound framework for the execution of mission-critical enterprise
applications.
Architecture Design
All the service definition options presented in the “Enterprise Design” section are
applicable in a CDC scenario. Design decisions include:
• Whether to adopt a 2-tier or 3-tier approach to application deployment.
• Whether the application is to be accessible externally or within the
organization.
• Whether the location of the data source is external or internal to the
organization.
Sample Applications
For the CDC scenario, the test labs implemented the following sample
applications in three representative architectural design variations:
• Fitch and Mather 7.0 (as distributed with VS.NET 2003)
• Nile 3.0
Logical Design
This section provides information about the logical design choices that were
made to deploy the three sample applications in the CDC scenario.
Web/App - UI/SI/BC/DA/SA
SQL (1433)
Internal SQL
RDBMS
RDBMS
Figure 15. First Design Variation (Internal Only, 2-Tier) for Sample Applications
In this variation, the presentation, business, and data layers of Nile 3.0 are
deployed to a load balanced clustered Web/App tier while the tables and stored
procedures are deployed to a failover clustered data tier.
In the second architectural variation, a decision was made to implement the
External 3-tier (Data Source Internal) design in the test labs. In addition to
what the previous variations provide, this variation illustrates solutions for the
following application architectural challenges:
• Component remoting within a domain
• Database access through a firewall
Recall that in the External 3-tier (Data Source Internal) design, the
presentation layer runs on the Web tier in the perimeter trust zone, the business
layer runs on the app tier in the perimeter trust zone, and the data source
Firewall
PROXY
Firewall
Internal Trust Zone
RDBMS
RDBMS
Figure 16. Second Design Variation (External, 3-Tier, Data Source Internal) for
Sample Applications
In this variation, the Fitch and Mather 7.0 sample application has its presentation
layer deployed to a load balanced clustered Web tier, the business layer
deployed to a load balanced clustered app tier, and the tables and stored
procedures deployed to a failover clustered data tier. The GAM module is also
deployed to the app tier.
Security
Application infrastructure security for a CDC scenario is dependent on the
security of the individual service components that constitute the architecture. For
more details on the security of service components, refer to the security section
in the following Service Blueprints:
• Web Application Services Blueprint
• Middleware Services Blueprint
• Database Services Blueprint
Security considerations for the application infrastructure architecture as a whole
were discussed in the "Enterprise Design" section in this blueprint. Overall
security architecture for the CDC scenario is described in the Security
Architecture Blueprint.
Security Lockdowns
Security lockdown requirements for application infrastructure architecture are
discussed in the "Enterprise Design" section earlier in this blueprint. There are no
additional security lockdown requirements for deploying application
infrastructure architecture in a CDC scenario.
Scalability
Application infrastructure scalability for a CDC scenario is based on the scalability
of individual service components that constitute the architecture. Details about
the scalability of the service components can be found in the scalability sections
of the individual Service Blueprints, which discuss different scaling options such
as scale up and scale out; they also contain information about different
technologies and parameters for scaling different services.
Interoperability
Given that a CDC scenario could involve different kinds of interoperability, the
following design options are possible:
• Access to an external Web service.
• Publishing a Web service to an external client.
• Integration with existing systems.
• .NET/COM interoperability.
For more information on advantages and disadvantages of these design choices,
refer to the "Enterprise Design" section in this blueprint.
Service Dependencies
Application infrastructure service dependencies for the CDC scenario are the
same as those discussed previously in the "Enterprise Design" section in this
blueprint, namely:
• Middleware Services (.NET Framework, COM+, and Message Queuing)
• Web Application Services
• Data Services
• File Services
• Network Services
• Certificate Services
• Infrastructure Management Services
Architecture Design
There is no application infrastructure architecture in a branch office that uses
centralized services from a centralized or regional data center.
Application Architecture
• A discussion of design principles for multi-tier applications with particular
relevance to Windows Server 2003:
msdn.microsoft.com/library/en-us/dnbda/html/bdadotnetarch001.asp
• Patterns and practices: Microsoft's recommendations for architects,
software developers, and IT professionals responsible for delivering and
managing enterprise systems on the Microsoft platform.
msdn.microsoft.com/practices/
• "Application Architecture for .NET: Designing Applications and Services"
msdn.microsoft.com/library/en-us/dnbda/html/distapp.asp
• “Microsoft's Application Server: Windows Server 2003,” Directions on
Microsoft, December 2002 edition:
www.directionsonmicrosoft.com/
COM
• "Microsoft Component Services"
www.microsoft.com/com/wpaper/compsvcs.asp
COM+
• COM+ 1.5 features:
msdn.microsoft.com/msdnmag/issues/01/08/ComXP/ComXP.asp
• Preliminary Platform SDK documentation for new features in COM+ 1.5:
msdn.microsoft.com/library/en-us/cossdk/htm/whatsnewcomplus_350z.asp
• COM+ partitions:
msdn.microsoft.com/library/en-
us/cossdk/htm/pgservices_partitions_1gdb.asp
• "Configuring Microsoft Distributed Transaction Coordinator (MSDTC) to
Work Through a Firewall"
support.microsoft.com/default.aspx?scid=KB;EN-US;q250367and
Message Queuing
• "About Message Queuing"
msdn.microsoft.com/library/en-us/msmq/msmq_about_intro_25bb.asp