Business reference architecture: business to consumers
Chapter 4: Physical Design Stage
Microsoft Corporation
May 2001
Summary: This chapter discusses the physical design phase of the Microsoft Solutions Framework (MSF) related to the business reference architecture application consolidatedretail.com. In the logical design phase, the project development team applies the actual physical design constraint to the logic design created in the logical design phase. The goal of this activity is to identify a set of components and then determine which components already exist and which components must be created. At the end of this stage, the results recorded the results in a clearly defined technical specifications, which will become a blueprint for building applications.
Introduction
The physical design phase is to apply the actual physical design constraint to the transition phase of the logical design. After identifying logical components, the next task is to analyze which components already exist, which components can be reused or modified, and which components must be created.
As mentioned above, the physical design process is considered from the perspective of developers. The result of this phase is a design or blueprint for a complete implementation, while writing a technical specification document, and the development team will use this document to build an application.
Physical stages can be divided into three smaller task stages, as shown below:
Study: At this stage, the development team will determine the physical infrastructure constraint and solution requirements, and process the conflict between the two. In addition, the development team will also determine expected implementation techniques. Analysis / Rationalization: The Development Team will select the implementation technology to use and determine how to meet the defined business needs. Implementation: The development team will select a programming model, specify the component interface and select the development language.
The rest of this chapter will discuss these three tasks in detail, and examples are given in the appropriate place.
research work
The first task involved in the physical stage is to study and collect information about the following topics:
Physical solution demand physical constraints available available
Customer demand is contained in a demand document, further defined in a logical phase; however, the development team may need to study and determine actual constraints and existing technologies.
Determine physical solution requirements
Physical solution demand is dedicated to guiding the need for infrastructure design. In Chapter 1, we define the following system requirements:
Globalized performance / reliability scalability availability can manageable security accessibility
The following sections will be detailed for each topic.
Globalization (international)
Globalization (or international) is a process that needs to pass the core content of the development program. In this process, it is no longer based on a single language or regional design and code design, and the prepared source code is more convenient to create a program. Different language versions.
Globalization allows you to transplant your application to different cultural environments. In early programming, this only means supporting multiple languages (for example, supporting Unicode), but now you have to choose what kind of interface, such as determining color, navigation layout, and page structure.
When conducting globalization, there is a need to carefully review some of the well-known geographic and cultural issues involved in the application or web page. The steps to globalize include: studying language and cultural issues, requiring language experts to verify some well-known issues, if possible, companies in specific sales areas representatives to verify some well-known issues.
To support these cultural differences, you can define the following physical needs:
The ability to use nvarchar in the database without using varchar to provide custom interface
performance
Performance is generally measured with "system total throughput" and "response time".
System total throughput
The total throughput of the system uses the "number of transaction per second" to measure, reflecting the ability of the system to perform a particular collection (called transaction) of the service request. For e-commerce applications, transactions may be executed in turn until the end of events:
The user came to the site. Users browse the directory and find the desired product. Users add the product to the shopping cart. User registration. User checkout. TPS is the maximum number of systems that can handle these transactions per second. As described in business needs, when using the following development configuration, the business reference architecture application is designed to handle 4800 such transactions per hour:
[(4) PIII 500MHz, 1GB RAM, server runs IIS and Commerce Server] [(1) PIII 500MHz, 1GB RAM, server runs SQL Server]
Response time
The response time is the amount of time between the user request and the system response, which is the user's most concerned performance indicator. Response time is usually represented by a percentage and response seconds. For example, "90% of all requests should be within 5 seconds" means that 90% of its requests must get the server within 5 seconds before the user believes that the application is running.
The business reference architecture application requires 95% of all requests within 5 seconds.
Scalability
Scalability refers to the ability to increase site capacity when adding resources. From a user point of view, this means that the site can provide an acceptable response time when a large number of users access the site at the same time.
We have already mentioned in the previous chapters, and there are two ways to increase scalability: "Upward extension" and "outward extension".
Expand upward
"Up" is to enhance the processing power of the server by using a better and / or faster CPU, a larger RAM, faster disk, and the like. This method is very effective, especially on the data layer, some large databases on this layer require relatively strong processing capabilities. However, due to the increase in hardware costs with the processing power, the closer the server, the closer to the top, and this method is more inclusive.
Outward extension
"Outward Extension" refers to a plurality of servers that use a cluster (also known as "web field") to share processing workload. The Web field costs more costly, and provides more flexible, scalable solutions. When the load on the site increases, you can easily add the server into the web domain.
To enable extension extensions, you must avoid using server-specific session memory (such as SESSION objects in ASP) to reserve information. The reason is as follows:
The user session will be included in a particular server (session dependen), which will destroy the request to the server to the server's network load balancing policy. In addition, the reliability of the server domain will also be damaged because the user session cannot be transferred to other servers when the original server fails (and lost session status information in its memory). Memory resources are consumed by the front-end server in the details of the storage user session state, thereby reducing memory available to process requests and cache content. If a popular site can attract a large number of users in a short period of time, the memory demand in status maintenance may be very large. For partial resolution of memory requirements, Commerce Server uses a high speed cache. Cache will be made to the configuration file architecture, discounts, and business activities.
Usability
Availability refers to the ability to connect and use resources in a timely manner at any time.
One way to understand high availability is to compare it with "fault". These terms describe two different references for measurement availability. "Fault" is defined as 100% availability within 100% time (where the environment is in place). The design purpose of the fault tolerant system is to "ensure" availability of resources.
High availability resources are almost always operating in operation for clients and are accessible. Therefore, it does not have a single point of failure. Server clusters and network load balancing is two ways to keep system resources available.
Before deploying the site, the following methods should be used to prevent the server from malfunction:
Geographic location data center. Uninterrupted dual power supply. data backup. The server of the cluster is equivalent to the role of a single server. Data replication. Network load balancing, that is, multiple identical server assumers to ensure availability, scalability, and exact user experience. Manageability
Manageability is the ability to perform site management tasks. For e-commerce applications, it includes the product catalog, special promotions, shipping costs, tax rates, user accounts, and the use of sites, trends provide reporting mechanisms, and more.
If you have a comprehensive management infrastructure, the business manager can configure the site to adopt a corresponding countermeasure based on the market trend and competitors.
safety
If the security of the most basic form is ensured, it ensures that data or devices are protected to prevent unauthorized people from accessing or use them. In an e-commerce application environment, you should protect the following information:
Sensitive user information credit card number unapproved product data
The design of application security mainly includes three aspects: "Authentication", "Authorization" and "Encryption".
Authentication
There are two main methods to be used in user authentication in distributed solutions (eg, e-commerce sites). It is generally described with the "counterfeit / delegate" model and "trustee server" model.
Both models assume that the N layer application is used. In this example, the user is connected to the intermediate layer (specifically the web domain), the web domain sequentially access the rear end layer (specifically the SQL Server database) or services. The difference between these two methods is to use the security account to access backend data.
The "counterfeit / delegate" model is in the "counterfeit / delegate" model, the user provides secure credentials to the intermediate layer application, and then the intermediate layer application uses the user's secure credentials to access the backend database. The intermediate layer application is essentially in the "counterfeit" user, represents the user to retrieve data. Figure 4-1 illustrates the "counterfeit / delegate" model:
Figure 4-1: "Counterfeit / Entrusted" model
The "Trustee" model is verified by the user in the "Trustee" model, and the intermediate layer application is authenticated, usually a combination of check user names and passwords. The intermediate layer application believes that the user's identity is correct, it uses the "own security account" to access the backend database. In addition to the intermediate layer applications, users have no right to access backend data. In this method, there are actually two authentication operations. First, the web application authenticates the user, and the database server authenticates the web application. Figure 4-2 illustrates the "trustee server" model:
Figure 4-2: "Trustee" model
Authorize
Authorization refers to access to a particular user or service to access resources. After the user passes authentication, the user should request a specific function from the application. Permissions or "Authorization" can be assigned to users to perform certain tasks and cannot perform other tasks. In a secure environment, it is very important to limit the access level to authorized users.
Security experts often talk about "minimum authority principle". This is an empirical rule that the user should have sufficient permissions to perform the tasks required to perform, "but should not have more permissions."
encryption
Encryption is another way to ensure safety, encoding data to prevent unauthorized access.
Depending on the position of the encryption, encryption can be performed on many levels. Typically, encryption can be performed on the server, transfer or on the client.
The encryption on the server encryption server refers to the process of encrypting data stored and transmitted in the server infrastructure. After encrypting the data in the server infrastructure, it is ensured that the accessed sensitive data is unused due to the encrypted events. The user's credit card data is an example of dealing with data encryption. When the service layer stores the user's credit card information in the data layer, it is very important to encrypt the data. If a hacker invades the system and obtains access to the table for saving the encrypted credit card information, then the information does not have any use of hackers. If the credit card information is not encrypted, the application is negligible for the application on data security. Transfer encryption transfer encryption is specifically used to process data transmitted between servers and clients. For example, when the user submits an HTML form to the server, the user enters into the form Use Hypertext Transfer Protocol, HTTP to transmit, and then receive by the server. During transmission, the data may be stealing and tampered, which can be solved by encrypting data when transmitting. The data transmitted on the Internet can be encrypted in the following way: Install the security certificate on the web server, configure the Secure Socket Layer, SSL) port, use HTTP encryption form HTTPS as the transport protocol. The server certificate can be purchased from one of the certifications listed in http://www.microsoft.com/security/ (English). You can use Microsoft Certificate Services to publish an independent certificate, which will allow you to test SSL security on a single server. Please use the Web Server Certificate Wizard installation certificate that can be accessed through the site properties in the Internet Services Manager. When building SSL sites, it should be appreciated that the HTTPS: // prefix must be included in the hypolip or redirection of the user who has never encrypted session to the encrypted session. This specifies that the user's browser will communicate with the server using HTTPS. Client encryption client encryption is specifically used to process data residing on the client. For example, if a file is public, it is encrypted, then only the file with the correct decryption key can be used. For general e-commerce applications, client encryption is not as important as transmission and server encryption, but in some cases it may require this encryption method. Accessibility
Accessibility refers to the ability to access the site from a variety of devices or browsers. The Internet is developing forward with incredible speed, and the device accessing the Internet has also become a five-flowers. Therefore, making e-commerce applications can be accessed by a variety of devices and is a very difficult task on these devices.
The key to supporting multiple clients is to separate the representation from the content. Many methods can do this, including the logic written in the ASP page to generate different responses based on the client, or redirect different devices to alternate sites. However, one of the best ways to indicate logic from content is to use XML. If the data can be represented by XML, you can use the XSL style sheet as a specific type of client to render data. By applying different style sheets, you can represent the same content for different clients. Figure 4-3 illustrates this concept.
Figure 4-3: Separating the representation from the content
Determine available prior art
Available techniques refer to the techniques, products or services that can be used in the solution. Using existing technologies to achieve functions in economical, this is not necessarily to build these features. For example, when building a web application, you need an operating system as the foundation of the solution, but there is no need to build an operating system yourself.
Since there is no need to build an operating system every time you build an application, you will also do not need to build all parts of the web solution itself. Many experts believe that the future applications will be built using existing services, which can constitute an application only need to be re-combined. Therefore, it is important to collect information about which technologies can be used in the solution. In the next task involved in the physical design phase, the design team will analyze this information and determine which techniques (if any) can meet the needs of specific applications being discussed.
operating system
Any modern app is built on the operating system. The operating system not only provides an interface with hardware communications, but also provides a public framework for building an application. It is important to select a mobile system that supports object-oriented methods and public frames (applications can run and communicate on this frame).
Windows 2000 Server platform
Microsoft® Windows 2000 Server provides a rich set of content for application developers. Many major e-commerce sites on the Internet are running on Windows 2000, including Buy.com, barnesandnoble.com, Dell.com, and Intel.com.
Internet service
Another core part of a web-based application is an Internet service. WEB-based applications require an Internet service platform that is responsible for basic web services, such as response to client's HTTP requests, HTTPS requests, and other requests. A good Internet service platform should also provide site management capabilities and dynamic content programming models.
Microsoft Internet Information Services
Microsoft® Internet Information Services (IIS) is a web server built in Windows 2000. IIS provides a rich Internet service package, including ASP, DAV, Web Folders, FrontPage Extensions, FTP, multi-site hosts, and other support.
Express service
As mentioned in the "Accessibility" section, it is very important to separate the content and representation, and only this can access the content from multiple clients. This separation is also very important to simplify globalization.
As mentioned earlier, a method of separating the logic from the content is to use XML and XSL simultaneously. In addition to using XML and XSL, you can build complex page logic in the ASP page itself in accordance with an entity such as browscap.ini files, user_agent strings, and the like.
Microsoft XSLISAPI Filter
An alternate technology that can be implemented is a Microsoft® XSLisapi filter. ISAPI represents an Internet service application programming interface, which is the foundation of IIS. The filter is placed above ISAPI and provides the corresponding functionality when the web server receives a client or service request. For example, the ASP engine (ASP.DLL) is an extension running on ISAPI.
The XSLISAPI filter is used to intercept all documents with XML or PASP file name extensions. PASP file name extension is dedicated to applications used with the XSLisapi filter. Documents with this extended file are considered to be a standard ASP file (with certain restrictions) that can generate effective XML (rather than HTML) output. The output content of the PASP script is then converted based on the same rule of the XML file that applies the ISAPI filter to the XML file of the request.
After retrieving XML, the next step in the process is to convert data to certain types of valid tags (the client can display these tags). For browsers, this may be HTML; for mobile phones that support WAP, this may be WML. You can get xslisapi documentation from the following web location: http://msdn.microsoft.com/code/default.asp? Url = / code / sample.asp? Url = / msdn-files / 026/002/187 / msdncompositeDoc.xml (English). Figure 4-4 illustrating the concept of xslisapi filter:
Figure 4-4: XSLISAPI filter function
data service
For the construction of an e-commerce solution, it is also important to have a function of storage, retrieval, and managing data. These services are encapsulated into a database server. It is very important for corporate database servers, high performance, good hairiness, and scalability.
SQL Server 2000
Microsoft® SQL Server 2000 is a SQL database server that provides enterprise-level performance, scalability, and good concurrency. It also provides enrichment of XML, strict security, and powerful analysis tools.
business platform
If you start building an enterprise e-commerce solution from scratch, you will spend a lot of time and human resources resources. If you make full use of e-commerce functions in existing products, you will significantly shorten the development time of the entire program and save a lot of development costs.
Microsoft® Commerce Server 2000 is developed with existing features.
Commerce Server 2000
Commerce Server 2000 is a comprehensive product that encapsulates many features of the e-commerce solution into a package. Commerce Server 2000 provides advanced management capabilities, strong scalability and good performance. For more information, please visit the Microsoft Commerce Server website, which is: http://www.microsoft.com/commerceserver (English).
Analysis / rationalization
After the completion of the physical design phase, the work is followed by analysis and rationalization. Analysis and rationalization refers to the analysis of information collected during the study and makes decisions based on this information.
Use existing technology
When the design team considers the use of the prior art, it must be weighing the factors that may affect the solution. The possible factors are listed below, but it is not necessarily comprehensive:
Ability: Can this technology achieve business functions? Household costs: Whether the technology is cost effective? It is necessary to consider the cost of product, development, upgrade, license, deployment, and operation. Experience: What experiences and professional skills do this technology require developers? Do you have training costs? Is there an unknown fees? Mature and innovation: Is this product mature? Is it received by the market? Does the product have innovative, is it the latest technology? Is it still popular? Deploy: Is this technology difficult to implement? Supportability: Can this technology get support? Architecture: Whether the technology implements an acceptable architecture? Does the architecture meet the needs of enterprises? Scalability: Can this technology expand to meet the development requirements? Interoperability: Can this technology work together with existing systems in the organization? Performance: Can this technology provide the desired performance? Reliability: Can this technology meet the reliability requirements of the application? Availability: Whether the technology can handle application requirements without causing the solution to fail? Manageable: Is this technology easy to manage? Security: Whether the technology meets security needs? Standard compatibility: Whether the technology is compatible with recognized standards? Other factors, such as project schedules and budget constraints, and other internal projects that may involve it, should be considered.
Windows 2000 Server
Windows 2000 Server is an operating system for a business reference architecture because it provides a set of features specializing in corporate application design. These include the following functions:
Server type selection: The Windows 2000 Server platform can run on a variety of servers. In an environment of a business reference architecture solution, it is very important to expand the extension to extension. Depending on the application load requirements, organizations can choose to deploy solutions on two or more servers running Windows 2000 Server or Windows 2000 Advanced Server. To get the best performance and allow the load to be distributed on multiple servers, use the Microsoft 2000 DataCenter Server network and network load balancing (NLB). Scalability: By using Microsoft Windows 2000 Cluster Services and Network Load Balancing, Windows 2000 Advanced Server and DataCenter Server can expand.
By running the two servers, sharing a common storage mechanism, the cluster service ensures continuous services. If one of these servers fails, the other can take over. Due to the construction of redundancy in the system infrastructure, the application can reduce the downtime to zero.
Figure 4-5 illustrates the concept of a cluster.
Figure 4-5: Server in the form of a cluster
Windows 2000 Advanced Server and Datacenter Server can also extend outward through NLB. In this method, multiple servers are displayed as a single unit with a single IP address, and the application load is evenly distributed on these servers. When a server in the NLB settings fails, NLB automatically detects a failed system, transfer its load to other systems, and then restart your computer.
Figure 4-6 illustrates the concept of NLB.
Figure 4-6: Network load balancing
Availability: Windows 2000 Server provides a solution with high availability by using cluster services and NLB services in Windows 2000 ADVANCED Server or Windows 2000 DataCenter Server. Use NLB services and cluster services to eliminate single point failures. Reliability: The Windows 2000 Server platform implements the reliability of "5 9" to ensure that the normal running time is as high as 99.999%, which is equivalent to less than 5 minutes per year. In an enterprise e-commerce environment, the downtime means that the direct income of millions of dollars will bring trouble to customers, incur their complaints. Therefore, reliable operating systems are unsearched parts of the enterprise solution. Performance: Windows 2000 Advanced Server and DataCenter Server implement Symmetric Multiprocessing, SMP support, which enables the server to be valid for the processor of Advanced Server up to 8, and the processor for Datacenter Server is up to 32. In addition, Advanced Server also includes enhanced memory capabilities, allowing the server to have up to 8GB of memory; for Datacenter Server, the server allows the server to reach 64GB. Manageable: Windows 2000 Server provides a wide range of tools that allow you to manage the site and connect to Microsoft Management Console (MMC) to manage server features in a centralized location. Some management features in Windows 2000 include event records, performance monitoring, terminal services, and Windows Management Code (WMI), WMI), WINDOWS Management. Security: Windows 2000 provides a secure environment that strictly controls access to files or services through Active Directory, Security / Authentication Protocol, and communication encryption. Component Services: Windows 2000 COM service provides developers and administrators with application capabilities. This built-in function allows development of distributed transaction applications without having to develop a underlying infrastructure that supports a minimum unit of transaction or asynchronous operation. You can find more information about Windows 2000 Server in the following location: http://www.microsoft.com/windows2000 (English). Microsoft Internet Information Services (IIS)
Microsoft IIS is provided with Microsoft Windows 2000, which provides a rich platform for using Internet Submit content. Since IIS is integrated at the operating system level, it allows development and deployment to directly write solutions in the computational infrastructure.
IIS provides an Internet service for a business reference architecture solution because it provides and has a rich feature set along with the operating system. Two critical IIS features are Active Server Pages (ASP) and Internet Services Application Programming Interface (ISAPI).
XSLisapi
The XSLISAPI filter provides a service for the business reference architecture solution. After using the XSLisAPI filter, the content can be completely separated and the representation is fully separated, allowing the custom content to be sent without modifying the ASP code.
If you don't want to use XML and XSL at the same time, you can use another method: Build complex page logic in the ASP page itself. However, this method has two main disadvantages: First, complex display logic in the code may be difficult to manage; second, running this logic requires huge overhead. XSLisapi intercepts all requests for documents with XML or PASP file extensions. PASP file name extension is dedicated to applications used with the XSLisapi filter. Documents with this extended file are considered to be a standard ASP file (with certain restrictions) that can generate effective XML (rather than HTML) output.
The XSLisapi filter is then transmitted to the client using the XSL Style Table to translate the XML output of the PASP or XML page using the XSL style sheet to send the converted output content to the client.
There is also another benefit using the XSLisapi filter that can be allocated according to different skills groups, making the development process easier to manage. For example, graphics designers can create XSL according to their own interface specification, while ASP developers only need to consider how to pass the correct data to the interface.
SQL Server 2000
SQL Server 2000 provides data services for business reference architecture solutions. It provides a complete enterprise database solution that Commerce Server 2000 will depend on its data service. For many e-commerce solutions, you only need to install SQL Server on Windows 2000 DataCenter Server to provide the desired level of scalability. For sites that store data volume, you can create SQL Server databases on multiple servers and use "Distributed Partition View" to implement data access and updates across physical servers.
Commerce Server 2000
The development team is selected for Commerce Server 2000 because it is built for Windows 2000 platform and provides an e-commerce application with a rich set of content development, deployment, and management tools. About 80% of Commerce Server is defined in a logical phase, and the cost required for development is low. These objects are implemented as a COM object that can be used for ASP pages.
Commerce Server 2000 provides the following features:
Integration with other services and software features: Because Commerce Server 2000 is designed specifically for Windows 2000, its architecture can be integrated with the operating system. Commerce Server takes advantage of the Com feature in Windows 2000 Server, providing a solid foundation for enterprise e-commerce applications. Commerce Server can also be well integrated with Microsoft® BizTalkTM Server to reduce certain process management functions and external communications. Pipeline components: "Pipeline Components" is a set of configurable custom COM objects that are sequentially called to perform specific business processes. In the Commerce Server solution, most custom business classes can be implemented as a pipeline component to manage business processes in a simple way. (Pipeline assemblies are just some of the COM components of iPipeLineComponent). This allows Commerce Server to identify the pipe assembly to components suitable for Commerce Server, and can then be called by the pipeline. In the reference architecture application, the pipeline assembly is used to handle processes such as "customer order processing" and ensure that the tasks required to process orders in order. Management Infrastructure: Designing and Building Management Framework for e-commerce sites not only costs a lot of resources, but its workload is generally greater than the development efforts of the e-commerce application itself. The management infrastructure of Commerce Server is to attract the main factors that ultimately use Commerce Server. Commerce Server BizDesk is available with Commerce Server. BizDesk is DHTML-based applications that run on IE 5.5 or higher, allowing administrators to manage auctions, promotions, catalogs, orders, and users, and provide a rich set of analytical tools. Because BizDesk is completely DHTML, it can also be used to remotely manage the e-commerce solutions built on Commerce Server. This approach places the BizDesk application load on the client and does not affect the performance of the e-commerce site. Meet business needs
After determining the prior art that can be used, the development team must determine how these technologies meet the previously mentioned business needs. In order to meet these needs, the development team must make certain key decisions on tools, processes and methods. These decisions should be viewed in an environment that must meet specific business needs.
Globalization
As mentioned earlier, globalization refers to the ability to transplant the application into different cultural environments. In order to meet this demand, the content and representation of the user must be "global". During globalization, content can be divided into two types:
Static content - the content you can find on the interface and the interface itself. Dynamic content - "Dynamic Build" and display it to the user.
The following section describes the issues involved and key decisions made to two content globalization.
Static content
Static content includes text and interface itself on the interface, and must be localized for the specified cultural or language. The xslisapi filter is a localized: Allow the development team to use different interface designs for different languages, and then deploy applications as different websites or different virtual directories. By using this method, users can choose their own language and then redirect to the appropriate site.
Note: The reference architecture application has not been global; however, the application uses the XSLisapi filter, so it has the ability to achieve globalization.
Dynamic content
Dynamic content consists of content generated by the application "dynamic".
If the application will support different languages, it must support different character sets. The Unicode standard is a character set that contains characters in all languages in the world. Using the Unicode standard ensures that all languages can be represented in dynamic data. To support Unicode standards, all database fields that save character data must use data types such as nvarchar, nchar, and so on. At the same time, the business layer must support the use of Unicode. Therefore, the business reference architecture solution always uses the Unicode standard throughout the application.
performance
To get the best performance, the design team must make multiple key decisions. First, to maximize system total throughput (ie, the overall efficiency and performance of the application), the design team should solve the following key issues:
Seale language selection asynchronous processing
Minimize seal
One way to improve system throughput is to minimize the encapsulation. To do this, the best way is to reduce the remote procedure call of the website to the components in other locations. Many e-commerce sites reside in the area of dedicated Web servers, while business components are located in separate application server clusters. Although this architecture can effectively ensure system security, especially when the application server is separated from the firewall or package filter switch and the web domain; but the architecture will have a negative impact on the response time because each of the components Extractions must be sealed through the network connection.
Business Reference Architecture Application The components are deployed on the same server where the web is located, so it avoids cross-network encapsulation and shorten the response time. (Commerce Server provides most business components used by the reference architecture application, which will be installed on the web server.)
language selection
Language selection also affects performance. For example, although components created for Commerce Server pipes can be written in a scripting language, but for enterprise applications, components should be built using lower-level languages (such as Microsoft® Visual Basic® Development Systems or C ) to get optimal performance. Although the components like ADOs are almost the same in the Visual Basic component and the C components, complex business routines are run faster in C . Therefore, select C as a build language for all components in a business reference architecture application.
Asynchronous treatment
In order to minimize the response time, many processes should be designed as asynchronous operation. For example, when the user checks, it is not necessary to wait for the system to send an email to confirm before he receives the interface response.
Scalability
Solving scalability issues may be a very daunting task. The first method of extending applications is to expand up, mainly for a single server to configure a better performance, thereby increasing speed. For the upward expansion, although the desired design factors are relatively small, this method of satisfying the need is too expensive because hardware prices have rising index with performance.
Another way to solve the scalability problem is to add more servers, which are called "outward extensions". Although the extension extension is more cost-effective, it needs to consider more design factors. As previously discussed, the biggest problem extends to extension is to maintain session information.
In order to successfully expand, the business reference application should meet the following requirements:
Do not use the ASP session object to maintain session status because it introduces server session affinity and requires IIS to maintain session status in memory. With the assistance of the Commerce Server object, the user session status between the two page requests is saved in the database and can be retrieved by the new page request. Although this session maintenance method leads to some additional database overhead for each page request, it can meet the scalability requirements of the site. A single high-end database server (or cluster) can provide status saving services for the entire front-end server field. When the user logs in, a session cookie will be sent to the user, and the status data of the related user account is retrieved as the "Find Field". Each session cookie is not stored on the user's hard drive, so they can also be enabled even on the most secure user browser. If each session cookie is disabled in the user browser, the user will not be able to log in to the site. Manageability
If you select Windows 2000 Server and Microsoft Commerce Server, you will have a powerful management infrastructure. As previously described, Commerce Server provides powerful management interfaces in BizDesk, while Windows 2000 also provides powerful management interfaces through Microsoft Management Console and other components.
safety
In order to meet the security requirements defined for the reference architecture application, the design team has made the following issues:
Authentication
In the two available models of "counterfeit / delegate" and "trustee server", the design team selected the authentication scheme of the "trustee server" model as a business reference architecture application.
Because the "counterfeit" model is counterfeited each user, the solution must be an account for each user of the site. In intranet-based small applications, users are very small, and the restrictions are user-based, so the "counterfeit" model can run well; however, in a large solution, the "counterfeit" model will soon be difficult to control . Therefore, the design team chose a simpler "trustee server" model, which provides better performance and is more convenient to manage.
Authorize
In order to follow the minimum permissions described in the "Research" section of the physical phase, the design team is to choose deployment and design:
IIS virtual root directory permissions: After deployment, the site should be set to have read-only permissions to the virtual root directory. NTFS Permissions: After deployment, the Windows account for anonymous access to the folder containing the web application file only has read-only permissions. Accessible for anonymous customers: Business reference architecture solutions should use cookies to identify users who do not authenticate, and they should redirect them to the Login page when the user wants to check out or access any configuration file management page. Verified customers' permissions: Even users pass authenticated users, they should also be appropriately restricted. For example, system administrators can use Commerce Server BizDesk tools to restrict access to specific configuration files by hiding or only read-only permissions to users.
As for the database itself, there is more authorization issues. The unique direct permissions for the database have the accounts assigned to the intermediate layer application (this example is Commerce Server), and the account permission should be restricted to provide the minimum permissions required to provide data services to the site. Therefore, statement authority (such as DROP TABLE) is not assigned to the account.
encryption
As an example application that should be easy to install and check, the business reference architecture application does not implement encryption. However, in e-commerce system products, when transmitting sensitive data such as passwords or credit card details, encryption sessions should be used.
Although encryption in an e-commerce product environment is necessary, it should be avoided using SSL to connect when transmitting insensitive data. This is because a certain overhead is required when establishing an encrypted session, involving transmitting the public key of the server to the browser, and generating and exchanges the session key used by the encrypted session. Browser independent
The reference architecture application uses the XSLISAPI filter to meet the independence needs of the browser. It provides a first-class mechanism that separates content and representation, which is necessary to reasonably handle different browsers.
achieve
The final step in the physical phase is to apply decisions about constraints, demand and technology to logic design, and actually define physical realization programs. In this stage, the internal structure of the programming model, the component interface, and each component will be determined.
Identification component
Each component of the business reference architecture will discuss in detail in the second part of this "Developer Guide". The encoding method, the components used, and the code segment and the definitions thereof will be described in this section. For more information, please refer to the developer's comment provided by the code itself.
Create specification
At the end of the "implementation" phase, the development team must form a detailed technical specification to form a detailed technical specification. This document will become a blueprint for building an application, and the development team is used to use it when forming an expert group, preparing a list, assignment task, and creation testing and deployment plans.
to sum up
This chapter describes what components will be used to determine which components will be included. Which technologies are used, which can be subdivided into three smaller phases; and summarize the development business reference architecture application consolidatedRetail. The basis. Among the entire project development cycle, the ultimate goal of the physical design phase is to apply the actual physical design constraint to logic design, and write a reasonable technical specification to guide development.
The next part of this guide will focus on the actual code provided in the "Business Reference Architecture: Enterprise to Consumers" applications. As mentioned earlier, this application is developed as a reference example, and some modifications are required when used as the product.