主辦單位:主辦單位:
協辦單位:協辦單位:
贊助廠商:贊助廠商:
Architecting A Architecting A Web-Enabled Solution Web-Enabled Solution
Miles Sun Miles Sun 孫三才孫三才技術副總技術副總恆逸資訊股份有限公司恆逸資訊股份有限公司
目標目標 本場次將包含本場次將包含
架構架構 Web-based Application Web-based Application 主要設計目標主要設計目標 如何應用 如何應用 WindowsWindows®® 2000 2000 以及 以及 ..NET NET
Enterprise Servers Enterprise Servers 來達成相關設計目標來達成相關設計目標 架構架構 Windows-based Web Solution Windows-based Web Solution 時應注時應注
意事項意事項
本場次議程本場次議程 Application Architecture Application Architecture 介紹介紹 針對管理性 針對管理性 ((Manageability)Manageability) 架構設計架構設計 針對安全性 針對安全性 ((Security)Security) 架構設計架構設計 針對延展性針對延展性 (Scalability/availability)(Scalability/availability) 架構架構
設計設計
如同架構一個建築物如同架構一個建築物 建築物必須建築物必須
夠大夠大 夠堅固耐用夠堅固耐用 夠安全夠安全 容易維護與管理容易維護與管理
建築物通常也必須整合建築物通常也必須整合既有的基礎架構既有的基礎架構 . . 例如例如 ::水水 , , 電 電 ,, 瓦斯等等瓦斯等等
架構一個 架構一個 ApplicationApplication
ApplicationsApplications 必須充必須充分提供分提供 ScalabilityScalability AvailabilityAvailability SecuritySecurity ManageabilityManageability
ApplicationsApplications 通常也通常也必須整合既有的系統必須整合既有的系統
微軟微軟 N-TierN-Tier 應用程式架構應用程式架構PresentationPresentation BusinessBusiness DataData
MSCSMSCS
NLBNLB
微軟微軟 N-TierN-Tier 應用程式架構 – 平應用程式架構 – 平台服務台服務
ASPASPISAPIISAPI
DHTMLDHTML
HTMLHTML
Win 32Win 32
COM+COM+
HTTPHTTP
DCOMDCOM
ADOADO
OLE-DBOLE-DB
ADSIADSI
ODBCODBC
XMLXML
微軟微軟 N-TierN-Tier 應用程式架構 應用程式架構 -- .NET Enterprise Servers .NET Enterprise Servers
Presentation Tier OptionsPresentation Tier Options
ASPASP
ISAPIISAPI
HTMLHTML
DHTMLDHTML
<><>
XSLXSL
Business Logic OptionsBusiness Logic Options
++ASPASP COM+COM+
InterpretedInterpreted CompiledCompiled
ScriptScript Any COM languageAny COM language
Re-use within applicationRe-use within application Re-use by any applicationRe-use by any application
Deploy in Web siteDeploy in Web site Deploy anywhereDeploy anywhere
Can use COM+ TransactionsCan use COM+ Transactions Can use ALL COM+ servicesCan use ALL COM+ services
Data Tier OptionsData Tier Options
OLE-DBOLE-DB
HTTPHTTP
SQL ServerSQL Server Active DirectoryActive Directory
OLE-DBOLE-DB
ADSIADSI
OLE-DBOLE-DB
CDOCDO
HTTPHTTP
HTTP-DAVHTTP-DAV
FILEFILE
Exchange ServerExchange Server
WW
本場次議程本場次議程 Application Architecture Application Architecture 介紹介紹 針對管理性 針對管理性 ((Manageability)Manageability) 架構設計架構設計 針對安全性 針對安全性 ((Security)Security) 架構設計架構設計 針對延展性針對延展性 (Scalability/availability)(Scalability/availability) 架構架構
設計設計
管理性 管理性 ((Manageability)Manageability) 需求需求身為一個系統開發者身為一個系統開發者 , , 我需要管理快速的系我需要管理快速的系統開發以及系統需求統開發以及系統需求
變更維護變更維護
身為一個系統管理身為一個系統管理者者 , , 我必須管理系我必須管理系
統的統的 deploymentdeployment , , 以及系統的監控以及系統的監控
身為一個企業經理人身為一個企業經理人 , , 我需要我需要快速的回應市場需求變化以及快速的回應市場需求變化以及
business data business data 的分析的分析
SQL ServerSQL Server
E-Commerce Site E-Commerce Site 開發 開發 Commerce Server 2000 solution sitesCommerce Server 2000 solution sites
Active DirectoryActive Directory
PipelinesPipelinesVirtual RootVirtual Root
ASPsASPs
Global.asaGlobal.asa
TemplatesTemplates
ComponentsComponents
Business ManagementBusiness Management
Commerce Server Business DeskCommerce Server Business Desk Internet Explorer 5.5 based admin UIInternet Explorer 5.5 based admin UI
Business Desk Business Desk 管理範例管理範例TargetingTargeting
Define custom properties for users, pages, Define custom properties for users, pages, products, etc.products, etc. 學員認證學員認證
Create Expressions based on the propertiesCreate Expressions based on the properties 學員認證學員認證 = MCSE= MCSE
Create target groups based on ExpressionsCreate target groups based on Expressions 學員認證學員認證 = MCSE + MCSD= MCSE + MCSD
Target advertisements and discounts at Target advertisements and discounts at specific profilesspecific profiles Show Porsche advert to wealthy driversShow Porsche advert to wealthy drivers
Application Center 2000Application Center 2000
應用系統管理應用系統管理
Windows Network Load Balancing (NLB)Windows Network Load Balancing (NLB)
展示範例展示範例 以 以 Application Center 2000 Application Center 2000 管理 管理
Web FarmWeb Farm
DDCSDDCS DDCS2DDCS2
Application Center 2000Application Center 2000可以協助您…可以協助您…
VSSVSS
SQL 叢集服務
防火牆 防火牆
SQLSQL
開發環境
Dev Servers
開發伺服器
SQLSQL
程式碼控制
Internet
VSSVSS
程式碼控制
Stager轉驛站Stager轉驛站
前端網站叢集
Application Center
2000
WebServer
WebServer
WebServer
網路負載平衡
COM+Server
COM+Server
COM+Server
元件負載平衡
Application Center
2000
COM+ 叢集
本場次議程本場次議程 Application Architecture Application Architecture 介紹介紹 針對管理性 針對管理性 ((Manageability)Manageability) 架構設計架構設計 針對安全性 針對安全性 ((Security)Security) 架構設計架構設計 針對延展性針對延展性 (Scalability/availability)(Scalability/availability) 架構架構
設計設計
安全性 安全性 ((SecuritySecurity)) 需求需求應用系統放上 應用系統放上 Internet Internet 後後 , , 我們將面臨許多與我們將面臨許多與安全性相關的問題安全性相關的問題
我們也想要透過我們也想要透過 Active Directory Active Directory 或是或是 資料庫對使用資料庫對使用者身分辨識者身分辨識
我們必須確保沒有任何我們必須確保沒有任何人能夠透過 人能夠透過 Internet Internet 來存取我們內部網路的來存取我們內部網路的機密資料機密資料
同時我們必須對機密性同時我們必須對機密性資料資料 ((sensitive datasensitive data))
作加密作加密
網路連結安全性網路連結安全性
Internet security and Acceleration Server 2000Internet security and Acceleration Server 2000 Multi-layered firewall protectionMulti-layered firewall protection
Packet , protocol, content type, intruder detection Packet , protocol, content type, intruder detection High Performance cacheHigh Performance cache
Use two firewalls to create a DMZUse two firewalls to create a DMZ
Domain?Domain?
Domain?Domain?
防火牆防火牆 ((Firewall)Firewall) 實作實作Single ISA Server InstallationSingle ISA Server Installation
ISAISA
DMZDMZ Internal Internal NetworkNetwork
Dual ISA Server InstallationDual ISA Server Installation
ISAISA ISAISA
DMZDMZ Internal Internal NetworkNetwork
使用者認證使用者認證 Anonymous loginAnonymous login
Can still use cookies for non-intrusive profilingCan still use cookies for non-intrusive profiling Suitable for content publishing sitesSuitable for content publishing sites
Custom form-based authenticationCustom form-based authentication User data stored in any data sourceUser data stored in any data source Most common solution for e-commerce sitesMost common solution for e-commerce sites
Windows integrated loginWindows integrated login User data stored in Active DirectoryUser data stored in Active Directory™™
Digest authentication from any browserDigest authentication from any browser
利用 利用 SSLSSL 作資料加密作資料加密 Public key encryption used to pass the Public key encryption used to pass the
session keysession key Session key used to encrypt all trafficSession key used to encrypt all traffic
Browser makes an HTTPS connection and the level of encryption Browser makes an HTTPS connection and the level of encryption is negotiatedis negotiated
Server sends the browser its public keyServer sends the browser its public key
Session key is now used for all traffic in this (stateful) Session key is now used for all traffic in this (stateful) sessionsession
Browser creates session key and encrypts it with server’s public keyBrowser creates session key and encrypts it with server’s public key
本場次議程本場次議程 Application Architecture Application Architecture 介紹介紹 針對管理性 針對管理性 ((Manageability)Manageability) 架構設計架構設計 針對安全性 針對安全性 ((Security)Security) 架構設計架構設計 針對延展性針對延展性 (Scalability/availability)(Scalability/availability) 架構架構
設計設計
延展性延展性 ((Scalability)Scalability) 與 與 Availability Availability 需求需求本系統必須能夠同本系統必須能夠同時支援大量使用者時支援大量使用者
而且必須在可接受的成而且必須在可接受的成本下完成本下完成
我們也必須提供我們也必須提供 24x7 24x7 零零當機存取當機存取
向上延展 向上延展 Scaling Up Scaling Up 與 向外與 向外延展 延展 Scaling OutScaling Out Scaling Up: Scaling Up: 增加同一台伺服器的 資源 增加同一台伺服器的 資源
Scaling Out: Scaling Out: 增加多台伺服器以達到負增加多台伺服器以達到負載平衡載平衡 (load balance)(load balance)
Windows 2000 Clustering Windows 2000 Clustering
用戶端用戶端
IIS Web IIS Web 伺服器或伺服器或其他以 其他以 IP IP 為基礎的服務為基礎的服務
Network Load Network Load BalancingBalancing
SQL, Exchange, FileSQL, Exchange, File資料庫伺服器資料庫伺服器
叢集式服務叢集式服務Cluster ServiceCluster Service
COM+ ComponentsCOM+ Components應用程式伺服器應用程式伺服器
Component Load Component Load Balancing (COM+)Balancing (COM+)
IIS Web IIS Web 伺服器或伺服器或其他以 其他以 IP IP 為基礎的服務為基礎的服務
Network Load Network Load BalancingBalancing
SQL, Exchange, FileSQL, Exchange, File資料庫伺服器資料庫伺服器
叢集式服務叢集式服務Cluster ServiceCluster Service
COM+ ComponentsCOM+ Components應用程式伺服器應用程式伺服器
Component Load Component Load Balancing (COM+)Balancing (COM+)
Windows Clustering Windows Clustering 應用時應用時機機 技術技術
應用時機應用時機Network Load Network Load BalancingBalancing
網路負載平衡網路負載平衡
Component Component load Balancingload Balancing
元件負載平衡元件負載平衡
Cluster Service Cluster Service (WolfPack)(WolfPack)
叢集式服務叢集式服務
Web Server Farm Web Server Farm Terminal ServicesTerminal Services VPN ConnectionsVPN Connections Streaming Media ServicesStreaming Media Services COM+ ApplicationsCOM+ Applications Applications auto SyncApplications auto Sync File/Print ServersFile/Print Servers Database/MessagingDatabase/Messaging E-Commerce SitesE-Commerce Sites
Application Center 2000Application Center 2000
Single Application ImageSingle Application Image DeploymentDeployment
Wizard interface to deploy new serverWizard interface to deploy new server Seamless replication of servicesSeamless replication of services
ManagementManagement MMC console to control entire Web FarmMMC console to control entire Web Farm
MonitoringMonitoring Event Logs and System StatusEvent Logs and System Status
Clustering for scalabilityClustering for scalability Components and Web FarmsComponents and Web Farms
State ManagementState Management
Storing state on the Web serverStoring state on the Web server Restricts ability to load balanceRestricts ability to load balance ASP Session object does not provide ASP Session object does not provide
adequate scalabilityadequate scalability
Storing state on the clientStoring state on the client Cookies Cookies URL parameters, hidden form fieldsURL parameters, hidden form fields XML Data IslandsXML Data Islands
Storing state on the database serverStoring state on the database server Key used to map user session to Key used to map user session to
database recordsdatabase records Database caching will improve performanceDatabase caching will improve performance
State State 與與 Server AffinityServer AffinityNo AffinityNo Affinity Client IP AffinityClient IP Affinity
Request ForwardingRequest Forwarding
ASP Sessions on a ClusterASP Sessions on a Cluster
INTERNETINTERNET
1.1.1.11.1.1.1 2.2.2.22.2.2.2
Server AServer A Server CServer CServer BServer B
3.3.3.33.3.3.3 3.3.3.33.3.3.3 3.3.3.33.3.3.3Application Center Application Center Cluster using NLBCluster using NLB
Proxy 1Proxy 1 Proxy 2Proxy 2
4.4.4.44.4.4.4 5.5.5.55.5.5.5Proxy Farm (AOL)Proxy Farm (AOL)
A
A
A
A
A
?? == AA
A
A
statestate
展示範例展示範例 Network Load Balance - Request Network Load Balance - Request
forwardingforwarding
DDCSDDCS DDCS2DDCS2
Defining Process Defining Process BoundariesBoundaries Performance versus fault-tolerancePerformance versus fault-tolerance
IISIIS
ASPASP
COM+COM+
IISIIS
ASPASP
COM+COM+
IISIIS
ASPASP
COM+COM+
IISIIS
ASPASP
COM+COM+
PerformancePerformance
Fault ToleranceFault Tolerance
((Default)Default)
Component Load BalancingComponent Load Balancing
Server AServer A Server CServer CServer BServer B
3.3.3.33.3.3.3 3.3.3.33.3.3.3 3.3.3.33.3.3.3Application Center Application Center Cluster using NLBCluster using NLB
1.1.1.11.1.1.1 2.2.2.22.2.2.2
COM+ Cluster usingCOM+ Cluster usingCOM+ Load BalancingCOM+ Load Balancing12%12%90%90%9%9%85%85%34%34% 27%27% 22%22%76%76%62%62%55%55%
Component Load Balancing Component Load Balancing (CLB)(CLB) Provided by Application Center ServerProvided by Application Center Server
Only activations are load balancedOnly activations are load balanced Based on response time and round-robinBased on response time and round-robin
AppServer1AppServer1
AppServer2AppServer2
AppServer3AppServer3
Web FarmWeb Farm
AppServer1: 10msAppServer1: 10msAppServer2: 15msAppServer2: 15msAppServer3: 20msAppServer3: 20ms
展示範例展示範例 Component Load BalancingComponent Load Balancing
DDCSDDCS DDCS2DDCS2
SQL ServerSQL Server™™ Failover Failover ClusteringClustering Active/passive clusteringActive/passive clustering
Active/active clusteringActive/active clustering
SQL Server Standby ServersSQL Server Standby Servers
Log Shipping used to apply Log Shipping used to apply transaction log to standby servertransaction log to standby server Can be used as a read-only data sourceCan be used as a read-only data source
On failure of the primary server, On failure of the primary server, rename the standby serverrename the standby server
RORO
SQL Server Data PartitioningSQL Server Data Partitioning
Partitioned views are updateablePartitioned views are updateable Queries are optimised for Queries are optimised for
distributed datadistributed data
Sales (Sales ( 台北台北 )) Sales (Sales ( 台中台中 )) Sales (Sales ( 高雄高雄 ))
SalesSales
Partitioned View Partitioned View 注意事項注意事項 只有對非常大的資料有幫助只有對非常大的資料有幫助
小資料庫 小資料庫 performanceperformance 反而降低反而降低 Partitioning should be designed from Partitioning should be designed from
the outsetthe outset Keep as much related data on the same Keep as much related data on the same
physical server as possiblephysical server as possible
在 在 Application Server Application Server 中建立與資料相關中建立與資料相關的 的 routing logic routing logic
Try to connect to the server storing Try to connect to the server storing most of the required datamost of the required data
立刻行動立刻行動 盡量減少將 盡量減少將 business logic business logic 寫在 寫在 ASPs, ASPs,
最好用最好用 components components 來代替來代替 盡量減少盡量減少 out of process/remote callsout of process/remote calls 盡量利用 盡量利用 Scale out , -Scale out , - 而不是 而不是 Scale upScale up 盡量減少盡量減少 application tier stateapplication tier state 只有在必要處使用只有在必要處使用 SSLSSL Partition Partition 非常大量的資料非常大量的資料