Architecting a Web
Download
Report
Transcript Architecting a Web
主辦單位:
協辦單位:
贊助廠商:
Architecting A
Web-Enabled Solution
Miles Sun 孫三才
技術副總
恆逸資訊股份有限公司
目標
本場次將包含
架構 Web-based Application 主要設計目標
如何應用 Windows® 2000 以及 .NET
Enterprise Servers 來達成相關設計目標
架構 Windows-based Web Solution 時應注
意事項
本場次議程
Application Architecture 介紹
針對管理性 (Manageability)架構設計
針對安全性 (Security)架構設計
針對延展性 (Scalability/availability)架構
設計
如同架構一個建築物
建築物必須
夠大
夠堅固耐用
夠安全
容易維護與管理
建築物通常也必須整合
既有的基礎架構. 例如:
水, 電 ,瓦斯等等
架構一個 Application
Applications必須充
分提供
Scalability
Availability
Security
Manageability
Applications通常也
必須整合既有的系統
微軟N-Tier應用程式架構
Presentation
Business
Data
微軟N-Tier應用程式架構 – 平
台服務
MSCS
DCOM
Win 32
DHTML
HTTP
NLB
XML
ASP
ISAPI
HTML
ODBC
ADO
ADSI
COM+
OLE-DB
微軟N-Tier應用程式架構 .NET Enterprise Servers
Presentation Tier Options
<>
XSL
DHTML
ASP
ISAPI
HTML
Business Logic Options
+
ASP
COM+
Interpreted
Re-use within application
Compiled
Re-use by any application
Deploy in Web site
Deploy anywhere
Can use COM+ Transactions
Can use ALL COM+ services
Script
Any COM language
Data Tier Options
SQL Server
Active Directory
Exchange Server
W
OLE-DB
OLE-DB
CDO
ADSI
OLE-DB
HTTP
HTTP
FILE
HTTP-DAV
本場次議程
Application Architecture 介紹
針對管理性 (Manageability)架構設計
針對安全性 (Security)架構設計
針對延展性 (Scalability/availability)架構
設計
管理性 (Manageability)需求
身為一個系統開發者,
我需要管理快速的系
統開發以及系統需求
變更維護
身為一個系統管理
者, 我必須管理系統
的deployment ,
以及系統的監控
身為一個企業經理人, 我需要快
速的回應市場需求變化以及
business data 的分析
E-Commerce Site 開發
Commerce Server 2000 solution sites
SQL Server
Virtual Root
Pipelines
Global.asa
Components
ASPs
Templates
Active Directory
Business Management
Commerce Server Business Desk
Internet Explorer 5.5 based admin UI
Business Desk 管理範例
Targeting
Define custom properties for users, pages,
products, etc.
Create Expressions based on the properties
學員認證= MCSE
Create target groups based on Expressions
學員認證
學員認證= MCSE + MCSD
Target advertisements and discounts at
specific profiles
Show Porsche advert to wealthy drivers
應用系統管理
Application Center 2000
Windows Network Load Balancing (NLB)
展示範例
以 Application Center 2000 管理 Web
Farm
DDCS
DDCS2
Application Center 2000
可以協助您…
COM+ 叢集
前端網站叢集
開發環境
SQL叢集服務
SQL
Internet
網
路
負
載
平
衡
元
件
負
載
平
衡
Stager
轉驛站
SQL
Dev Servers
開發伺服器
VSS
程式碼控制
防火牆
防火牆
Application
Center 2000
Application
Center 2000
本場次議程
Application Architecture 介紹
針對管理性 (Manageability)架構設計
針對安全性 (Security)架構設計
針對延展性 (Scalability/availability)架構
設計
安全性 (Security)需求
應用系統放上 Internet
後, 我們將面臨許多與安
全性相關的問題
我們也想要透過
Active Directory 或
是 資料庫對使用者
身分辨識
我們必須確保沒有任何
人能夠透過 Internet 來
存取我們內部網路的機
密資料
同時我們必須對機密性資
料(sensitive data)作加
密
網路連結安全性
Internet security and Acceleration Server 2000
Multi-layered firewall protection
Packet , protocol, content type, intruder detection
High Performance cache
Use two firewalls to create a DMZ
防火牆(Firewall)實作
Single ISA Server Installation
ISA
Domain?
Internal
Network
DMZ
Dual ISA Server Installation
ISA
Domain?
ISA
DMZ
Internal
Network
使用者認證
Anonymous login
Custom form-based authentication
Can still use cookies for non-intrusive profiling
Suitable for content publishing sites
User data stored in any data source
Most common solution for e-commerce sites
Windows integrated login
User data stored in Active Directory™
Digest authentication from any browser
利用 SSL作資料加密
Public key encryption used to pass the
session key
Session key used to encrypt all traffic
Browser makes an HTTPS connection and the level of encryption
is negotiated
Server sends the browser its public key
Browser creates session key and encrypts it with server’s public key
Session key is now used for all traffic in this (stateful) session
本場次議程
Application Architecture 介紹
針對管理性 (Manageability)架構設計
針對安全性 (Security)架構設計
針對延展性 (Scalability/availability)架構
設計
延展性(Scalability)與
Availability 需求
本系統必須能夠同
時支援大量使用者
而且必須在可接受的成
本下完成
我們也必須提供 24x7 零當
機存取
向上延展 Scaling Up 與 向外
延展 Scaling Out
Scaling Up: 增加同一台伺服器的 資源
Scaling Out: 增加多台伺服器以達到負
載平衡 (load balance)
Windows 2000 Clustering
Network Load
Balancing
用戶端
IIS Web 伺服器或
其他以 IP 為基礎的服務
Component Load
Balancing (COM+)
COM+ Components
應用程式伺服器
叢集式服務
Cluster Service
SQL, Exchange, File
資料庫伺服器
Windows Clustering 應用時機
技術
應用時機
Web Server Farm
Terminal Services
VPN Connections
Streaming Media Services
COM+ Applications
Applications auto Sync
File/Print Servers
Database/Messaging
E-Commerce Sites
Network Load
Balancing
網路負載平衡
Component
load Balancing
元件負載平衡
Cluster Service
(WolfPack)
叢集式服務
Application Center 2000
Single Application Image
Deployment
Management
MMC console to control entire Web Farm
Monitoring
Wizard interface to deploy new server
Seamless replication of services
Event Logs and System Status
Clustering for scalability
Components and Web Farms
State Management
Storing state on the Web server
Storing state on the client
Restricts ability to load balance
ASP Session object does not provide
adequate scalability
Cookies
URL parameters, hidden form fields
XML Data Islands
Storing state on the database server
Key used to map user session to
database records
Database caching will improve performance
State 與 Server Affinity
No Affinity
Client IP Affinity
Request Forwarding
ASP Sessions on a Cluster
state
? =A
Server A
Server B
Server C
3.3.3.3
3.3.3.3
3.3.3.3
Application Center
Cluster using NLB
A
INTERNET
A
A
Proxy 1
Proxy 2
4.4.4.4
5.5.5.5
A
A
A
1.1.1.1
2.2.2.2
A
Proxy Farm (AOL)
展示範例
Network Load Balance - Request
forwarding
DDCS
DDCS2
Defining Process
Boundaries
Performance versus fault-tolerance
Performance
IIS
IIS
IIS
ASP
ASP
COM+
IIS
ASP
ASP
COM+
COM+
COM+
(Default)
Fault Tolerance
Component Load Balancing
55%
85%
34%
Application Center
Cluster using NLB
62%
27%
9%
90%
76%
22%
12%
Server A
Server B
Server C
3.3.3.3
3.3.3.3
3.3.3.3
1.1.1.1
2.2.2.2
COM+ Cluster using
COM+ Load Balancing
Component Load Balancing
(CLB)
Provided by Application Center Server
Only activations are load balanced
Based on response time and round-robin
AppServer1
AppServer1: 10ms
AppServer2: 15ms
AppServer3: 20ms Web Farm
AppServer2
AppServer3
展示範例
Component Load Balancing
DDCS
DDCS2
™
SQL Server Failover
Clustering
Active/passive clustering
Active/active clustering
SQL Server Standby Servers
Log Shipping used to apply
transaction log to standby server
Can be used as a read-only data source
On failure of the primary server,
rename the standby server
RO
SQL Server Data Partitioning
Partitioned views are updateable
Queries are optimised for
distributed data
Sales (台北)
Sales (台中)
Sales
Sales (高雄)
Partitioned View 注意事項
只有對非常大的資料有幫助
Partitioning should be designed from
the outset
小資料庫 performance反而降低
Keep as much related data on the same
physical server as possible
在 Application Server 中建立與資料相關
的 routing logic
Try to connect to the server storing
most of the required data
立刻行動
盡量減少將 business logic 寫在 ASPs, 最
好用 components 來代替
盡量減少out of process/remote calls
盡量利用 Scale out , -而不是 Scale up
盡量減少application tier state
只有在必要處使用 SSL
Partition 非常大量的資料