3.

Enabling Web and Software Technologies

3.1 Client / Server Architectures and the Internet

3.2 Internet Protocols and Internet Infrastructure 3.3

Multi-Tier Architectures
Three-tier Architectures
Enterprise Architectures: J2EE Architecture, .NET Architecture
3.4 Platform Choices and Connectivity Options

Electronic Commerce (WS-02/03) 3-1

Three-Tier Architectures: Presentation Tier
Presentation Tier:
Purpose: Content Visualizations (static and dynamic HTML
pages, WML pages).
Internet

Sample Realization Technologies:

o Web Server for static content,
Presentation Tier
o Engines for dynamic content.

Business Logic
Tier

Database Tier

Electronic Commerce (WS-02/03) 3-2

Three-Tier Architectures: Business Logic Tier
Business Logic Tier:
Purpose: Modeling of Business Processes and Business / Domain
Objects
Refined View:
Internet
o Business Processes
o Containers managing the Business Objects‘ life-cycle and provide
search functionality
Presentation Tier o Business Objects

Business Processes define the interface to the users: „What can a user
Business Logic do in an ECommerce system (shop, knowledge portal, expert site)?“
Tier They
o use the containers to

Database Tier • create new business objects (empty shopping cart)

• delete unused business objects (sold products) and

• find business objects (product #4711, a user)
o manipulate business objects (ex: change user state to „logged in“).
Electronic Commerce (WS-02/03) 3-3
Three-Tier Architectures: Database Tier
Database Tier:
Purpose: Persistence, Failure recovery for Business Objects,
Business Process State and more.
Internet

Sample Realization Technologies:

o Java: RDBMS and JDBC (Java Database Connectivity)
Presentation Tier

Business Logic
Tier

Database Tier

Electronic Commerce (WS-02/03) 3-4

3. Enabling Web and Software Technologies
3.1 Client / Server Architectures and the Internet

3.2 Internet Protocols and Internet Infrastructure 3.3

Multi-Tier Architectures
Three-tier Architectures
Enterprise Architectures: J2EE Architecture, .NET Architecture
3.4 Platform Choices and Connectivity Options

Electronic Commerce (WS-02/03) 3-5

Enterprise Architectures
Current Enterprise (Server-Side) Component Architecture:

J2EE / Enterprise JavaBeans (EJB): Java-based component architecture

+ Platform neutral
- Language dependent (Java). Requires components to be written in the
Java language (adding components using CORBA is not yet practical)
Microsoft .NET: Microsoft-platform component architecture (following DCOM)
+ Language independent: Components can be written is any .NET
supported language. Example: C#, J#, VisualBasic.NET, C++,
+ Components are developed using existing IDE (VisualStudio.NET)
- Platform dependent: Bound to Microsoft Windows as platform (officially called
platform-neutral)
You can learn more about Component Architectures in the Software Architectures,
Architectures for Enterprise Applications, and Web Engineering lectures.

Electronic Commerce (WS-02/03) 3-6

J2EE Architecture
The Java 2 Enterprise Edition (J2EE) platform defines a Java-based architecture for
(web-based) Enterprise Software Systems.

The J2EE architecture follows the three-tier component architecture, i.e., it has a logical
software partitioning into the layers:
o The presentation layer contains components dealing with user interface and user
interaction.
Technologies: Java Server Pages (JSP), Java Servlets and/or Java Applets.
o A business logic layer contains business process and business entity
components that work together to solve business problems.
Technologies: Enterprise JavaBeans.
o A data layer is used by the business logic layer for persistence of entity states and -
optionally - process states. Central to the data layer are one or more databases
that house the persistent states [Roman99].
Technologies: RDBMS (Oracle, MS SQL Server, MySQL, ...)
Electronic Commerce (WS-02/03) 3-7
 Mô hình J2EE (2)

Tầng trình diễn Trình bày

Danh mục Vật giá Thực hiện

Hợp phần Hợp phần Hợp phần
Lớp kinh doanh logic

DB Driver

Lớp lưu trữ

Dữ liệu

Electronic Commerce (WS-02/03) 3-8

 Enterprise JavaBeans (EJB)
Enterprise JavaBeans (EJB) is a server-side component architecture that enables and simplifies the
process of building enterprise-classes for distributed object applications in Java. By using EJB, you
can write scalable, reliable, and secure applications without writing your own complex distributed
object framework [Roman99].
Enterprise JavaBeans là một phần của kiến trúc J2EE. The Enterprise JavaBeans là
những thành phần thực hiện các lớp logic kinh doanh. Enterprise JavaBean components
can be
o Các đối tượng không liên tục (Session Beans) hoặc
O Các đối tượng liên tục (Entity Beans)

Enterprise JavaBeans được triển khai đến một EJB máy chủ (máy chủ ứng dụng), in which they
are running inside an EJB Container that realizes
o Persistence
o Transactions

o Transparent Distribution o
Concurrency Support

o Recovery / Transparent fail-over for entity beans - and optionally for session beans  The
components (EJBs) do not have to provide these functionalities.

Electronic Commerce (WS-02/03) 3-9

EJB Specification(s)
The EJB specification defines roles and components and describes how components
should work together. The specification is implemented by several EJB server vendors.

Further reading:

o www.java.sun.com/products/ejb/index.html (EJB home page) o

www.theserverside.com (EJB spec 2.0 book by Ed Roman available online)
o An EJB vendor comparison can be found at
http://www.flashline.com/Components/appservermatrix.jsp

Electronic Commerce (WS-02/03) 3-10

EJB: Choice of Application Server
Criteria for EJB Servers:

o Compliance to J2EE requirements

o Proven real-world deployments
o Suitability for application to be deployed (e.g. if the application just consists of JSPs /
Servlets and is not expected to include EJBs or Java Messaging Services (JMS))
o Stability

o Integration with third-party tools o Tools

supporting the deployment process o Administration:
Ease-of-maintenance and usability o After-sales
support
Evaluation of EJB servers: Evaluation of application servers, since almost all leading EJB server
products can be downloaded / requested for an limited-time evaluation
Important:
Evaluation helps find performance patterns of the servers for the given application domain, as well
as make evident whether the performance comes “built-in” in the server, or is a result of server-
specific enhancements, which would create problems with portability of the application.
[Kaleem00]
Electronic Commerce (WS-02/03) 3-11
J2EE / EJB Reference Implementation by Sun
Sun provides a reference implementation of the J2EE platform and the EJB
specification:

o Downloadable from http://www.java.sun.com/j2ee/

o Not very performative but good for a start o
Includes Cloudscape database

o Easy to configure (Configuration tool included)

o Usable for sample (toy) systems
o Free

Other EJB Servers are: o

BEA: WebLogic Server o
IBM: WebSphere

o jBoss: jBoss Server (Open Source project)

o ...

Electronic Commerce (WS-02/03) 3-12

Microsoft .NET Architecture
The .NET architecture comprises:
Presentation Layer:
o Microsoft Active Server Pages Plus (ASP+), comparable to Java Server Pages (JSP); a new
version of ASP that supports compilation of ASPs into the Common Language Runtime (CLR) -
and therefore supports ASP scripts that use any language with an Intermediate Language (IL)
binding.
o Win Forms and Web Forms: new UI component frameworks accessible from Microsoft Visual
Studio (development environment).

Business Logic Layer:

o Component Architecture: Component Object Model Plus (COM+); the enhanced Windows
Distributed Component Architecture (DCOM).
o Active Data Objects Plus (ADO+), a new generation of ADO) data access components that
use XML and SOAP (Simple Object Access Protocol, see chapter 6) for data interchange.
o A set of base components, accessible from the common language runtime, that provide
various functions (networking, containers, etc.).

Electronic Commerce (WS-02/03) 3-13

Microsoft .NET Architecture (2)
Business Logic layer continued...
o C#, a "new" language for writing classes and components, that integrates
elements of C, C++, and Java, and adds additional features, like metadata tags,
related to component development.
o Common Language Runtime (CLR): Programming language-specific code is
compiled into a common IL (Internal Language) bytecode format. IL code is then
compiled into machine-language and run.
Storage Layer:
o Microsoft Transaction Server (MTS) for persistency of COM objects

Electronic Commerce (WS-02/03) 3-14

Comparison J2EE / .NET (1)
Programming language
C# (spoken: „C sharp“) vs. Java:
o C# and Java both derive from C and C++. Most significant features (e.g., garbage
collection, hierarchical namespaces) are present in both. C# borrows some of the
component concepts from JavaBeans (properties/attributes, events, etc.), adds
some of its own (like metadata tags), but incorporates these features into the
syntax differently.

Java runs on any platform with a Java VM. C# only runs in Windows for the
foreseeable future.
o C# is implicitly tied to the Common Language Runtime (CLR), and is compiled
entirely into native code (just-in-time compiled bytecode is possible).

Java code runs as Java Virtual Machine (VM) bytecodes that are either interpreted
in the VM, compiled to native code or Just-in-time compiled).

[Farley00]
Electronic Commerce (WS-02/03) 3-15
Comparison J2EE / .NET (2)
Runtime & Distribution
IL Common Language Runtime vs. Java Virtual Machine and CORBA IDL and ORB:
o .NET common language runtime allows code in multiple languages to use a
shared set of components, on Windows. Underlies nearly all of .NET framework
(common components, ASP+, etc.).

Java's Virtual Machine spec allows Java bytecodes to run on any platform with a
compliant JVM. In addition, CORBA allows code in multiple languages to use a
shared set of objects, on any platform with an ORB available. However, CORBA is
not nearly as tightly integrated into J2EE framework as COM+ is integrated into
.NET.

[Farley00]
Electronic Commerce (WS-02/03) 3-16
Comparison J2EE / .NET (3)
Distribution & Data Exchange
ADO+ and SOAP-based Web Services vs. JDBC, EJB, JMS and Java XML Libraries
(JAXP)
o ADO+ is built on the premise of XML data interchange (between remote data
objects and layers of multi-tier apps) on top of HTTP (this is called SOAP). .NET's
web services in general assume SOAP messaging models.
o EJB, JDBC, etc. leave the data interchange protocol at the developer's discretion,
and operate on top of either HTTP, RMI/JRMP (Java-specific remote method
invocation protocol) or the Internet InterObject Protocol (IIOP).
Server-Side Web Service Architecture
Active Server Pages+ (ASP+) vs. Java Server Pages (JSP)
o ASP+ uses Visual Basic, C#, and other languages for code snippets. All get
compiled into native code through the common language runtime (as opposed to
being interpreted each time, like ASPs).
o JSPs use Java code (snippets, or JavaBean references), compiled into Java
bytecodes (either on-demand or batch-compiled, depending on the JSP
implementation). [Farley00]
Electronic Commerce (WS-02/03) 3-17
Comparison J2EE / .NET (4)
Graphical User Interface / Web Interface
Win Forms and Web Forms vs. Java Swing:
o Win Forms and Web Forms support rapid application development (RAD) through
the MS Visual Studio Integrated Development Environment (IDE) - no other IDE
support currently available.
o Java lacks similar standardized web components (e.g., based on JSP). Some
proprietary components are available through Java IDEs, etc.
standardized Swing (Java-based GUI) support is available in many Java IDEs and
tools.

[Farley00]
Electronic Commerce (WS-02/03) 3-18
3. Enabling Web and Software Technologies
3.1 Client / Server Architectures and the Internet

3.2 Internet Protocols and Internet Infrastructure 3.3

Multi-Tier Architectures
3.4 Platform Choices and Connectivity Options

Platform Choices, Connectivity Options: ISP vs. ASP

Organizational Structures

Electronic Commerce (WS-02/03) 3-19

Platform Choices for Web Servers
Common web servers:
o Apache

o Internet Information Server (IIS)

o Oracle Web Server

o Jigsaw (W3C reference implementation in Java)

o Java Web Server (Sun product)
Web Servers provide only basic functionality. Extensions relevant to ECommerce are
provided as modules.

Modules (proxy, JSP / Servlet server, distributed authoring and versioning, ...)
o must be purchased separately
o can be integrated easily into the web server

Electronic Commerce (WS-02/03) 3-20

Pricing Issues

Web Server Platform Price Remarks

Apache Linux, Windows NT 0€ Open Source

/ 2000 / 98

Microsoft Internet Windows NT N/A Included in Windows

Information Server NT Server
(IIS)

Oracle Web Server Windows NT, Examples: Included in Oracle

Solaris Internet Application
• 1Pr-Intel-500 Mhz:
Server (iAS)
2500 U$
• 2Pr-SPARC-300 MHz:
4500 U$

Electronic Commerce (WS-02/03) 3-21

Web Server Extension: WebDAV
Web-based Distributed Authoring and Versioning (WebDAV): Allows for multi-user, concurrent
document manipulation over the Web. Some features:
o Document Editing: Editors use a check-out / check-in protocol to edit documents
o Document Folders: The WebDAV collection abstraction allows to map server repository
directories to the Web
o Documents Versioning: supported via additional standard DeltaV

WebDAV supported on the client-side, some examples:

o Windows supports mapping of WebDAV collections to so-called WebFolders.

o MS Office tools have integrated WebDAV support

Technical realization: Extension of the HTTP protocol by new methods.

Integration with WebServer, e.g.,

o Integration into Apache web server via the mod_dav module. o

WebDav functionality is integrated into the Tomcat Servlet Engine For
further information see www.webdav.org

Electronic Commerce (WS-02/03) 3-22

Log Files
Web Servers will log requests and responses in special log files (.log). They help
analyze the usage of the web server / resources as well as help detect attempts on
restricted areas.

Information to log:
o Request

o Response o Date
and time o Session key
(User) o Requested
resource

There is a standard log file format that can be analyzed with off-the-shelf statistics tools
(commercial & Freeware).

Electronic Commerce (WS-02/03) 3-23

Web Appearance and Hosting Solutions
Solution providers are specialized service providers that connect electronic businesses to
the Internet. Apart from Internet connection, they might furthermore
o Lease servers to companies
o Maintain corporate servers
o Provide standard software (e.g., Database Servers, Application Servers, Content
Management Systems, Shop systems).

These services provider models are common:

o Internet Service Provider (ISP)

o Service Providers - provide Internet Services and Servers (SP) o

Application Service Provider (ASP)

Furthermore, a company can choose between different connectivity options

o Network services only (Internet connection only)
o Full outsourcing (Servers and Software Systems are maintained at the ASP

Electronic Commerce (WS-02/03) 3-24

Internet Service Provider (ISP)
An Internet Service Provider (ISP) is a legal person / company providing network access
to the Internet.
The ECommerce business company must provide everything else.

Shop Software OpenShop, Intershop

Application
Servers Content Management System Vignette, CoreMedia

YOU Database Oracle Database

Operating System Sun Solaris

Hardware Sun Enterprise

ISP Network ISION

Putting up a system at an Internet Service Provider is also called co-location.

Electronic Commerce (WS-02/03) 3-25
Service Provider (SP)
The service provider provides Internet access and hardware (servers). The
ECommerce business company provides application and database software.

Shop Software OpenShop, Intershop

Application
Servers Content Management System Vignette, CoreMedia
YOU Database Oracle Database
Operating System Sun Solaris
SP Hardware Sun Enterprise

Network

Electronic Commerce (WS-02/03) 3-26

Multi-Hosting (Virtual Hosts)
A server can manage several web hosts. Incoming requests are dispatched to the
appropriate web host using the HTTP request HOST field.
This is often used by service providers to maintain several web appearances on one
computer.

Example: Internet
Host: www.this.com:80/entry.html
Request for
Host: www.that.com:80/entry.html
entry.html

www.this.com www.that.com

entry.html entry.html

Server: 134.28.70.1
Electronic Commerce (WS-02/03) 3-27
Application Service Provider (ASP)
The ECommerce business company may provide additional application executables.
Application Service Provider (ASP) provides everything else.

Shop Software OpenShop, Intershop

YOU Application
Servers Content Management System Vignette, CoreMedia

Database Oracle Database

Operating System Sun Solaris
ASP Hardware Sun Enterprise

Network

Examples for SP and ASP solution providers:

o www.hostingsolutions.com, www.netfirms.com/
Electronic Commerce (WS-02/03) 3-28
ASP Shop Solutions
Low-cost online shop / mall solutions usually comprise: o
Domain name: Usually setup with an email address
o Shop homepage + authoring tools: ASP provides authoring tools for web content creation. Offline web
content can be deployed to ASP server.

o Inclusion of multimedia content: Graphics, audio and video clips, server-side includes.
o Statistics: Functionality to retrieve statistical information about shop.

o Basic online product catalogs: Usually hierarchical product categories. Exclude product variants.
o Shopping cart functionality

o Order functionality: Merchant is notified of orders by mail. Order processing done by merchant.
Usually such solutions do not comprise

o Credit-card validation and payment processing o

Integration of payment processing with financial software o
Transaction tracking

Electronic Commerce (WS-02/03) 3-29

Business Connectivity Options: ISP Solutions
1a) Network Services for
1b) Network Services only
corporate clients only

Corporate Clients Corporate Purchased

LAN only LAN Servers

Dial-Out Dial-Out & Dial-In or

Out Services Only In / Out Leased Line

ISP ISP

Net Net

Easy maintenance,
Lowest Cost suitable for low
volume services
Electronic Commerce (WS-02/03) 3-30
Business Connectivity Options: SP / ASP Solutions
3) Mixed solution
2) Full outsourcing
Corporate Purchased,
Intranet
LAN
Server

Remote
maintenance

SP / ASP SP / ASP
Purchased / Purchased /
Leased Leased,
Server Internet Server

Net Net

No up-front investment, Keep servers

low risk close to their users
Electronic Commerce (WS-02/03) 3-31
Internet, Intranet and Extranet (1)
Intranet: Computers inside a company that are connected via internet-
Definition
based protocols (HTML: HTTP, FTP, Mail: SMTP, POP3) and are not
accessible from outside.
Why an intranet is not sufficient:
o A company that has several local branches or has field staff needs to provide
access to its intranet to externals. Furthermore, a company may want to provide
access to internal information to its business associates.
Example: Boeing subcontractors must allow Boeing access to their workflow systems for
inter-organizational workflows.

Solution: Creating an extranet.

A company‘s extranet provides secured access to its intranet and to

Definition
additional information and services that may not be part of its intranet.
Access to the extranet is secured via a firewall.

Electronic Commerce (WS-02/03) 3-32

Internet, Intranet and Extranet (2)

Internet

Services and Information Services and Information

of the Extranet of the Intranet
Electronic Commerce (WS-02/03) 3-33
Internet, Intranet and Extranet (3)
Classification [Merz99]

Access to the Internet Intranet Extranet

company‘s
network
Predominant public, customers employees employees, business
use for: associates, subcontractors

Security No authentication, Authentication, Authentication, authorization,

no authorization Authorization non-repudiation (traceability)

Online- Mailing lists, Chat, Mailing lists, groupware, Mailing lists, inter-
Community Search Engines, workflow systems, organizational workflows.
services knowledge management knowledge management
systems
Data exchange Marketing Employment lists, tender catalogs, pricing lists,
information, document repositories, terms and conditions, product
Product administrative data information, distribution
information information, XML / EDI

Electronic Commerce (WS-02/03) 3-34

Virtual Private Networks (VPN) (1)
A Virtual Private Network is a network that is constructed by using public
Definition
wires (the Internet) to connect network nodes, such as distributed
enterprise departments, etc. VPNs use encryption and other security
mechanisms at their borders to ensure that only authorized users can
access the network and that the data cannot be intercepted.[Web00]
VPNs are used to
o connect a company‘s extranet with its field staff over the internet. Data transfer is
encrypted, access requires authentication.

o connect several companies‘ extranets over the Internet.

Requirements

o Security measures for the extranet

o Encrypted data exchange
NOTE: In a VPN with several parties involved, every two companies will want to create a
VPN on their own. In this case, a public key infrastructure (PKI) becomes useful.
For Public Key Infrastructure (PKI) see later chapters
Electronic Commerce (WS-02/03) 3-35
A Single Corporate Virtual Private Network

LAN

Corporate Modem dial-in /

Internet
VPN leased line

LAN

Electronic Commerce (WS-02/03) 3-36

Virtual Private Networks (VPN) (2)
Realizations of a VPN:
by Black boxes: Devices that are plugged between computer systems and LAN
connection.
+ Independent of hardware systems and operation system
+ Security services for systems that cannot integrate security internally (e.g.,
“dumb” terminals)

+ Application independent
+ Ease of maintenance.
by Security (sub)layer in end systems. This is hardware and operation system-
dependent. The security (sub)layer is integrated transparently into the Internet
protocol layer.

+ Cheaper solution +
End-to-end security
NOTE: As VPNs require the management of numerous keys/passwords, there is an
interest to set up a public key infrastructure (PKI), see chapter 5.

Electronic Commerce (WS-02/03) 3-37