HomeDigital EditionSys-Con RadioSearch Java Cd
Advanced Java AWT Book Reviews/Excerpts Client Server Corba Editorials Embedded Java Enterprise Java IDE's Industry Watch Integration Interviews Java Applet Java & Databases Java & Web Services Java Fundamentals Java Native Interface Java Servlets Java Beans J2ME Libraries .NET Object Orientation Observations/IMHO Product Reviews Scalability & Performance Security Server Side Source Code Straight Talking Swing Threads Using Java with others Wireless XML

Create A Foundation, by Matt Creason

As most of you reading this article know, the application server market is growing and every company, large or small, can visualize the benefits an application server infrastructure could bring to their organization. But why then, even with the vast amount of benefits available, have companies not adopted an application server as the foundation for their organization?

The reason is they're making it more complex than it really is. Though it's by no means a small chore, it is a large puzzle, but one that can be pieced together by maintaining focus. The focus should be on the three major inherent benefits an application server infrastructure will bring to a company.

  • Scalability: The ability to meet system demands
  • Robustness: Confidence in being efficient, stable, and proven
  • Security: The competence to reduce loss of information and quash customer fear
To remain focused on these benefits that will create the foundation for your application server infrastructure, you must continue to answer three simple, yet complex, questions:
  • Who is the target audience?
  • What is the agreed or implied level of service expected?
  • What level of security must you maintain in your environment?

These questions can usually be answered definitively, but only for a certain point in time. Therefore, to ensure that you maintain a strong foundation, your company must revisit these questions to keep up with a moving target. Every time you pose these questions to your organization there will most likely be negotiation and compromise, but remember that a solid foundation is a balanced one. Keeping this in mind, let's discuss three application server infrastructure models that your company could use: development, small-business, and enterprise.

Development Model
The development model is an all-in-one solution, literally. The Web server, the JSP engine, and the application server all run on the same box. Though this model works, it tends to construct more roadblocks than remove them. The only positive argument is a financial one. It's cheap and your company only has to invest in one piece of hardware and in a limited amount of CPU- or MHz-priced software licenses to house and run the different pieces of the infrastructure mentioned above.

Because everything runs on one box, points of failure begin to compound as the development model is built. First, there's no contingency for software or hardware redundancy. Without Web server redundancy, should the Web server go down, there's no point of entry into the application(s), given the premise that these are browser-based application(s).

This same theory applies if the application server software process should fail, but with even more severe consequences. Instead of just affecting browser clients, all the application(s) become unusable, therefore disabling all supported client models for the affected application(s). Not only is this model risky on the surface, the risk is compounded by the high memory and I/O intensive processes these servers place on one piece of hardware. These discrepancies directly impact an infrastructure's ability to be scalable and reliable.

In addition, this model lacks any implementation of a firewall. As a result, there's no allowance for a demilitarized zone, which makes this infrastructure highly vulnerable to hackers. Security must come from either a custom authentication application or utilization of the application server vendor's security protocols. Though vulnerable and maybe not the most scalable or robust application server infrastructure, this configuration is a solid and cost-effective development environment. It could even be run as a successful departmental infrastructure designed to serve a small target audience that expects a reasonable level of service, and requires minimal security.

Small-Business Model
A small-business model divides tasks among multiple pieces of hardware to gain high throughput and redundancy capabilities. In this configuration, the Web server and the application server have been separated, and the JSP engine can reside with either one based upon the chosen vendor's software ability to integrate a JSP engine into their respective product. Though to get the highest reliability, scalability, and security, the JSPs should be run within your application server in order to take full advantage of the inherent pooling and security mechanisms provided. This is the most common model used when companies choose to build an application server infrastructure. The popularity of this model is a direct result of a balance of maintaining scalability, robustness, and security with the financial impact of purchasing and supporting additional hardware.ebugMode(). Therefore, all code enclosed within if (DEBUG){...} is compiled.

The first and most obvious benefit of separating the Web and application server processes across at least two pieces of hardware is that you now have the ability to implement a firewall between the two. This provides your organization and customers with the necessary security to protect both entities in the e-business space. A second benefit of this model is that you alleviate the stress placed on the "all-in-one" or development model of those high I/O and memory-intensive processes by splitting them across separate pieces of hardware. As a result, your infrastructure eliminates the Web and application server processes from "stepping" on each other, thereby greatly reducing the possibility of the aforementioned catastrophic failure. Finally, this configuration allows your organization to easily scale your infrastructure to meet system demands. Ease of scalability directly stems from the inherent increase in manageability and the ability to monitor with finite precision the appropriate Web or application server process.

With this enhanced sense of infrastructure awareness your organization can remove the finger of blame being thrown around between the two processes, which usually correlates directly to organizational structure, and focus on solving the problem rather than discussing whose problem it is. By concentrating on the issues, your organization will be able to react to a projected or actual loss of level of service by bringing online only those additional server resources that are required.

The drawbacks to the small-business model are financial and security. There's an increased financial burden in terms of the additional capital expenditures of hardware and the manpower to maintain these systems. In terms of security, even though this model incorporates a firewall, it does not build a demilitarized zone required by some organizations. But by maintaining the focus on our target audience of a small business, most do not require such a strict security construct. Despite these facts, the small-business model is a proven one and has been shown to balance fiscal responsibility with an ability to be highly scalable, robust, and secure.

Enterprise Model
Now we come to the granddaddy of the infrastructure models, the enterprise model. The enterprise model is the one that every company strives to achieve, but can't always afford. This model is often large and complex, and therefore places a high fiscal demand on a company, which must be taken into consideration. Though theoretically there is only a single hardware addition of a firewall between the application server and the database, the complexity of being able to manage this behemoth grows exponentially because it usually involves multiple clusters and redundancy.

This growth affects your bottom line by dramatically increasing your need for manpower to manage and monitor this infrastructure. In addition, there's the additional hardware cost of adding a firewall. With this said, and though these costs can be significant, most organizations that are in the enterprise space already know that in order to play, you must pay.

The benefits this model brings to an organization are simple. It incorporates and provides the same level of high reliability and scalability that the small business model would, but wraps a stringent security framework around the application server infrastructure. By adding this security "wrapper," the enterprise model creates the highly sought-after demilitarized zone. This is a transition zone from one world to another, or from the Internet to inside your organization, which allows only certain protocols on specific listeners to enter into your environment. An enterprise model provides a company with the most scalable, robust, and secure infrastructure available that can serve any space, provided your organization can justify the financial costs.

As presented, these models hinge not only on the technical aspects of scalability, robustness, and security, but have a high dependency on financial requirements. This is emphasized in no short order due to the "dot-bombs" that have fallen by the wayside lately. Yes, some of the companies were doomed from the start, but most did not plan and build a scalable infrastructure that was fiscally feasible. Because even for "techies" this is a reality, and I thought it important that you know not only how to build your company's application server infrastructure, but that you also have some understanding of the financial investments required to implement this foundation.

In closing, keep your eye on the ball while you build and maintain an application server infrastructure by continually revisiting and focusing on:

  • Who is the target audience?
  • What is the agreed or implied level of service expected?
  • What level of security must you maintain in your environment?
Author Bio
Matt Creason is a system consultant with the Internet Applications Division of Sybase, Inc. He is a current member of the IEEE and the IEEE Computer Society.
[email protected]

All Rights Reserved
Copyright ©  2004 SYS-CON Media, Inc.
  E-mail: [email protected]

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.