Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
.NET Application Design Considerations Mark Sapossnek CS 594 Computer Science Department Metropolitan College Boston University A couple of additions And many deletions By Jim Fawcett CSE681 – Software Modeling and Analysis Summer 2003 Agenda Design Model and Process .NET System Architecture .NET Design Patterns Security Scalability Availability Design Model and Process Microsoft Enterprise Services Framework Services-Based Application Design Model Design Process Design Principles Design Model and Process Services-Based Application Model Application 1 Application 2 User Services Can be implemented as Web Services Business Services Data Services Design Model and Process MSF Design Process Overview Conceptual Logical Scenarios Physical Objects and Services, UI, Logical DB Components, UI, Physical DB http:// Design Model and Process Conceptual Design Conceptual Logical Scenarios Physical Objects and Services, UI, Logical DB Components, UI, Physical DB http:// The goal of conceptual design is to understand what the users do and to identify business needs. The output is scenarios or use cases. Design Model and Process Logical Design Conceptual Logical Scenarios Physical Objects and Services, UI, Logical DB Components, UI, Physical DB http:// The goal of logical design is to lay out the structure of the solution and the communication among elements. The output is a set of objects and services, high-level user interface design, and logical database design. Design Model and Process Conceptual Physical Design Physical Conceptual Logical Scenarios Objects and Services, UI, Logical DB Components, UI, Physical DB http:// The goal of physical design is to apply real-world technology constraints to the logical model, including implementation and performance considerations. The output is a set of components, UI design for a particular platform, and physical database design. Design Model and Process Design Principles Understand and solve the business problem Communicate effectively with users and project teams Design based on a modular approach Consistent Distributable (Web-centric) Implementation language-independent Flexible Reusable Reliable Balance innovation and discipline through each iteration Pay attention to the Enterprise Architecture and Infrastructure Agenda Design Model and Process .NET System Architecture .NET Design Patterns Security Scalability Availability .NET System Architecture Distributed System Architecture Rendering engine Input/Output Presentation logic I/O Processing Business logic Data logic Data engine Everything Else Data Management Database .NET System Architecture Windows DNA Application Architecture Rendering engine HTML 3.2 Browser Presentation logic IIS/ASP (.asp) Business logic Data logic Data logic Data engine COM Components SQL Server Database .NET System Architecture .NET Application Architecture Rendering engine HTML 3.2 Browser Presentation logic IIS/ASP (.aspx, .ascx) Business logic Data logic Data logic Data engine .NET Assemblies Web Services SQL Server Database .NET System Architecture Web Service Architecture Rendering engine Presentation logic Business logic Data logic Data logic Data engine SOAP Clients Web Service (.asmx) .NET Assemblies SQL Server Database .NET System Architecture Web Services Application Model Partner Web Service Web Services Internet + XML Partner Web Service YourCompany.com Application Business Logic Tier Data Access and Storage Tier Other Applications Agenda Design Model and Process .NET System Architecture .NET Design Patterns Security Scalability Availability .NET Design Patterns Samples IBuySpy (http://www.ibuyspy.com/) MSDN Sample: Duwamish 7.0 MSDN Sample: Fitch & Mather Stocks 7.0 Using Uniform Modeling Language (UML) Discuss design patterns of each sample application IBuySpy Example E-Commerce Store Front Selling fictional spy equipment Shows how to build a portal site Demonstrates use of ASP.NET applications .NET Design Patterns IBuySpy Portal Sample .NET Design Patterns IBuySpy Design Patterns Clean code/HTML content separation using server controls Pages that are constructed from dynamically-loaded User Controls Configurable output caching of portal page regions Modular site layout defined by XML configuration file .NET Design Patterns IBuySpy Design Patterns XML serialization that maps XML config file to custom config classes Cached config settings automatically reloaded when file changes Role-based security to control user access to portal content Duwamish Example A Sales and Inventory system for a book store. Functions: Point of Sale Order Entry Shipping and Receiving Catalog .NET Design Patterns Duwamish Sample Application .NET Design Patterns Duwamish Activity Diagram .NET Design Patterns Duwamish Sequence Diagram .NET Design Patterns Duwamish Design Patterns Move processing to the data rather than moving data to the processing Pass all data back to the client in a method call Minimize the time that a database resource is locked Use Binary/HTTP for remoting .NET Design Patterns Duwamish Design Patterns Use ASP.NET within its Web layer and utilize the ASP.NET caching features Publish a single XML Web service named CatalogService to expose its book catalog search functions to the Internet Fitch & Mather Example A Web-based expense reporting system for a fictional company Original implementation was ASP and COM Ported to .NET and COM+ What is COM+ ? COM+ provides the following services: Transaction services Security services Synchronization services Queued components Event Service JIT Activation and Object Pooling In Memory Database Load Balancing Many of these services are available administratively as well as programmatically. COM+ Application COM+ Server Application (DLLHOST.EXE) Component Context proxy manager proxy Component DLL RPC channel interceptor stub client context client object .NET Design Patterns Fitch & Mather 7.0 Sample A port of the MSDN Fitch & Mather 2000 sample to .NET technologies Not a complete deployable application Focus on Performance Technology porting issues from the Windows DNA architecture to the .NET Framework Legacy integration and interoperability Real-life deployment scenarios in a distributed computing environment. .NET Design Patterns Fitch & Mather 7.0 Architecture .NET Design Patterns Fitch & Mather 7.0 Activity Diagram .NET Design Patterns Fitch & Mather 7.0 - Transactions Transaction Composability Transactions are composed by a transaction root object from individual transactional or nontransactional objects Transaction root objects are located at a layer above the data access layer No objects in data access layer marked for requiring new transaction Objects that perform write operation must at least support transactions .NET Design Patterns Fitch & Mather 7.0 - Security Use forms authentication with the combination of forms and role-based security Show login page and verify user credentials on access to restricted resources Issue an authentication cookie as means of re-acquiring user identity at a later stage. Based on the user’s identity/roles, replace the principal object on the current thread to reflect the identity of the user. In the application OnAuthenticateRequest event handler of Global.asax, automatically replace the principal on the thread every time authentication happens. On BLL and DAL components, place code segments into the constructor of each class to verify the identity of the user and whether they are authenticated. Throw an exception if they are not. .NET Design Patterns UML Models Agenda Design Model and Process .NET System Architecture .NET Design Patterns Security Scalability Availability Security Overview Security is A PAIN: Authentication Privacy Authorization Integrity Nonrepudiation Who‘s there? No eavesdroppers What are you allowed to do? Did the data get changed? Keep your promises As always: understand the requirements E.g. Search vs. bank account vs. news Do you just need personalization? Security Questions to Ask Authentication How does the user provide their credentials? Where are credentials stored? Temporary or persistent Security Authentication Approaches IIS/Windows Basic, Digest, NTLM, Kerberos, Certificates ASP.NET Windows Forms-based (cookie) authentication Microsoft Passport authentication Custom authentication Security Forms-Based Authentication Easy to implement ASP.NET provides redirection Custom Login UI (no popup dialogs) Custom credential verification Custom application roles Support for advanced usage Application defined data Control over cookie lifetime, paths Security Authorization Strategies ASP.NET Windows Security & ACLs URL Authorization Custom Authorization All applications Declarative Method Authorization Explicit Authorization Agenda Design Model and Process .NET System Architecture .NET Design Patterns Security Scalability Availability Scalability How Do You Handle Success? … Scalability Approach 1 – Scale Up … SMP: Symmetric MultiProcessor Can only get so big Expensive Scalability Approach 2 – Scale Out … … Less expensive, though more to manage Symmetric (load balancing) or asymmetric (partitioning) Scalability Approach 3 – Partition Database Scale out with database … … Scale up database Partition database Scalability Design for Scalability Design a stateless application if possible Use a database for state management Run on a cluster of Web servers Use caching or offline content generation Partition the database tier or the Web tier Use stored procedures Use transactions intelligently Use asynchronous programming techniques Benchmark your application – performance measurement and tuning Scalability Use a Database for State Management Design your Web application to run on a cluster of Web servers Shared nothing, stateless This means you must manage user session state somewhere other than the Web server Use a database Scalability Single Stateless Application Server A single stateless server running your application code Application Code Scalability Multiple Identical Stateless Application Servers The application code is cloned across a set of identical servers Application Code Application Code Application Code Scalability Partition the Database Tier Functional Each functional area of the site gets its own DB This allows you control over how you deploy into the production environment Dedicated hardware to certain functions Class of hardware per function Table Takes some planning SQL Server 2000 makes this easier than ever before Huge scale opportunity for large tables Scalability Partition the Web Tier Just like database functional partitioning, you can dedicate clusters to application functions WWW.mydomain.com is handled by one cluster SEARCH.mydomain.com is handled by another cluster You can also create clusters of clusters Use DNS Round Robin to distribute traffic across multiple load balanced clusters that serve one function Scalability Partition the Web Tier Use DNS Host names or hardware solutions to distribute traffic to dedicated clusters Once you have a stateless application, this is how you achieve huge scale Scalability throttling with inexpensive hardware Scalability Benefits of Partitioning More control over traffic flow through the application Users who are searching or registering are moved off of the WWW cluster to keep the response time of the WWW cluster snappy Application and server tuning can be different for each function Search servers may have more memory, more CPUs than the servers handling WWW Scalability Benefits of Partitioning Different content management techniques can be used on different functions WWW may be primarily static content or dynamically generated offline. WWW may use XML and XSL for high performance UI formatting and internationalization Registration requires real-time database access and custom code Administration of the clusters can be handled separately Database partitioning gives you scale-out capabilities at the database tier Scalability Using Stored Procedures There is a real performance benefit to stored procedures Compiled code in the database DBA can tune stored procedures Can’t tune embedded SQL Good separation (API) between table structure and application code Tradeoff is database portability Scalability Using Transactions Intelligently Transactions are powerful but they do have overhead Use them intelligently Not every COM component ‘requires’ a transaction Design your components with your transactions in mind Be aware of the transactional semantics of the underlying database Long-lived locks in the DB will kill application performance Look for blocking and deadlocks when testing Scalability Using Messaging Use store and forward where applicable Can provide a high degree of scalability by decoupling the user experience from the backend processing MSMQ Underlying messaging technology on Windows COM+ Queued Components Combines ease of COM programming with MSMQ Tradeoffs Manual implementation of 2 phase commit semantics (Compensating Transactions) Scalability Performance Tuning Performance Tuning is the process by which you measure individual operations on your site Still a bit of a black art Need to measure for detail but analyze with a holistic view of the system Database performance is key; focus there first Know your tools PerfMon WAST SQL Server Profiler SQL Server Index Tuning Wizard SQL Server Query Analyzer Scalability Framework/CLR Best Practices Enable Web Garden: run applications in multiple worker processes (with processor affinity) Use Early Binding: Late Binding requires work at runtime “Pre-JIT” to start up faster (available in beta 2) Make chunky and not chatty calls Implement Dispose method on the object that cleans up your resources and release the reference (set to null) once you are done Scalability Framework/CLR Best Practices Use value type for small data Do not cache strings or arrays length: Strings are immutable For best inlining performance Minimize the use of virtual methods Use sealed types if possible Scalability ASP.NET Best Practices Disable “ViewState” if you are not doing Postback Disable session state for all pages or Web Methods that don’t require/need session data Set to “readonly” if you read but do not update session state Design pages around these ASP.NET built-in caching features Always use System.Data.SqlClient for SQL Server Access Use DataReaders for ASP.NET data access Scalability ASP.NET Best Practices Avoid apartment threaded COM components Migrate apartment threaded components to .NET Alternatively, enable the <%@ AspCompat=“true” %> directive for pages that utilize apartment COM objects Always generate early-bound managed wrappers for COM components (avoid late bound hit) Recommend UI Logic in ASP.NET Pages Business and data logic in re-usable components User Controls for UI reuse Recommend web pages & components run in same process Leverage web services only for application to application communication (not intra application) Agenda Design Model and Process .NET System Architecture .NET Design Patterns Security Scalability Availability Availability What Is High Availability? The question you must ask yourself is: How much downtime can my organization afford without losing productivity, profits, sales, etc.? It is a combination of people, process, AND technology Availability How Much Availability Do I Need? Understand the business need Five nines (99.999% uptime) is 5 minutes of downtime per year Formulas for downtime: % Uptime/year = (8760 - # of total hours down per year)/8760 % Uptime/month = ((24 * # of days in the month) - # of total hours down in that calendar month)/(24 * # of days in the month) % Uptime/week = (168 - # of total hours down in that week)/168 Availability How Do I Achieve High Availability? It’s deceptively simple … Plan and prepare Deploy systems to create redundancy – this is the key to high availability from a technology standpoint Use more than one method – avoid a single point of failure Test, test, test Monitor on a continuous basis Availability Improved Availability with ASP.NET ASP.NET has been designed with assumption that failures will occur on systems Designing for failure reduced fragility Detects/recovers from common problems Access violations, memory leaks, deadlocks Preemptive cycling of applications Time- and request-based settings Net Result: Users should never think that an ASP.NET application is down or unavailable Conclusion Follow design process Understand the architecture and design trade-offs Study design patterns of other .NET applications Build security into the overall design Chose appropriate design patterns for scalability and availability Resources Microsoft Solutions Framework http://www.microsoft.com/business/micro soft/mcs/msf.asp Microsoft Operations Framework http://www.microsoft.com/business/micro soft/mcs/mof.asp General .NET information http://msdn.microsoft.com/net .NET Framework SDK