n-Tiered - .NET across multiple servers [modified]
-
I actually asked another version of this before but this time I am just curious about the .NET to .NET part. I no longer work for the company that was attempting this but it still makes me curious. The company wanted to have a web server, an app server, and the database (SQL) server. I get the web and database servers, I've done that. What I dont understand is why go through all the trouble to take all of the business logic and place it on an App Server behind the fire wall and only do presentation code on the web server. How feasible is this with .NET? They are currently doing this with Classic ASP and VB6 because they have a way to tell the app to use the COM objects on another box or something along those lines but with .NET it seems that you have to have another web server behind the firewall for this to work because you would need to be able to either use a web service or .NET remoting right??? Cleako -- modified at 9:40 Thursday 15th February, 2007
-
I actually asked another version of this before but this time I am just curious about the .NET to .NET part. I no longer work for the company that was attempting this but it still makes me curious. The company wanted to have a web server, an app server, and the database (SQL) server. I get the web and database servers, I've done that. What I dont understand is why go through all the trouble to take all of the business logic and place it on an App Server behind the fire wall and only do presentation code on the web server. How feasible is this with .NET? They are currently doing this with Classic ASP and VB6 because they have a way to tell the app to use the COM objects on another box or something along those lines but with .NET it seems that you have to have another web server behind the firewall for this to work because you would need to be able to either use a web service or .NET remoting right??? Cleako -- modified at 9:40 Thursday 15th February, 2007
Security is the first thing that comes to mind. When dealing with an internet based application you only expose what you absolutely need to. By exposing your presentation layer machine only you given yourself a small amount of risk. Now - no matter how much your server gets attacked - that is the only part of the business that will be affected. If there are other internal machines that rely on the business layer they will be able to use that business layer just fine while your internet users are the only ones having trouble. Patrick Allmond http://allaboutfocus.com
-
Security is the first thing that comes to mind. When dealing with an internet based application you only expose what you absolutely need to. By exposing your presentation layer machine only you given yourself a small amount of risk. Now - no matter how much your server gets attacked - that is the only part of the business that will be affected. If there are other internal machines that rely on the business layer they will be able to use that business layer just fine while your internet users are the only ones having trouble. Patrick Allmond http://allaboutfocus.com
Would this be implemented using the .NET Remoting/Web Service option? It seems to me that if you expose the internal server using web protocols that it could be hacked.
Cleako
-
I actually asked another version of this before but this time I am just curious about the .NET to .NET part. I no longer work for the company that was attempting this but it still makes me curious. The company wanted to have a web server, an app server, and the database (SQL) server. I get the web and database servers, I've done that. What I dont understand is why go through all the trouble to take all of the business logic and place it on an App Server behind the fire wall and only do presentation code on the web server. How feasible is this with .NET? They are currently doing this with Classic ASP and VB6 because they have a way to tell the app to use the COM objects on another box or something along those lines but with .NET it seems that you have to have another web server behind the firewall for this to work because you would need to be able to either use a web service or .NET remoting right??? Cleako -- modified at 9:40 Thursday 15th February, 2007
-
I actually asked another version of this before but this time I am just curious about the .NET to .NET part. I no longer work for the company that was attempting this but it still makes me curious. The company wanted to have a web server, an app server, and the database (SQL) server. I get the web and database servers, I've done that. What I dont understand is why go through all the trouble to take all of the business logic and place it on an App Server behind the fire wall and only do presentation code on the web server. How feasible is this with .NET? They are currently doing this with Classic ASP and VB6 because they have a way to tell the app to use the COM objects on another box or something along those lines but with .NET it seems that you have to have another web server behind the firewall for this to work because you would need to be able to either use a web service or .NET remoting right??? Cleako -- modified at 9:40 Thursday 15th February, 2007
cleako wrote:
What I dont understand is why go through all the trouble to take all of the business logic and place it on an App Server behind the fire wall and only do presentation code on the web server.
That's interesting, because I did some work for a company wanting to do the same thing. However, the reasoning there was to first develop an App server with a rich presentation client, then a web server as merely a different sort of rich presentation "client". In both cases, the business logic would be on the app server. As to feasible, regardless of what technology you use, it's actually very difficult. They never succeeded. I think it's doable though. Marc
People are just notoriously impossible. --DavidCrow
There's NO excuse for not commenting your code. -- John Simmons / outlaw programmer
People who say that they will refactor their code later to make it "good" don't understand refactoring, nor the art and craft of programming. -- Josh Smith -
cleako wrote:
What I dont understand is why go through all the trouble to take all of the business logic and place it on an App Server behind the fire wall and only do presentation code on the web server.
That's interesting, because I did some work for a company wanting to do the same thing. However, the reasoning there was to first develop an App server with a rich presentation client, then a web server as merely a different sort of rich presentation "client". In both cases, the business logic would be on the app server. As to feasible, regardless of what technology you use, it's actually very difficult. They never succeeded. I think it's doable though. Marc
People are just notoriously impossible. --DavidCrow
There's NO excuse for not commenting your code. -- John Simmons / outlaw programmer
People who say that they will refactor their code later to make it "good" don't understand refactoring, nor the art and craft of programming. -- Josh SmithTheir thought is that it is safer having the business logic on the app server, but I thought that .NET took care of the security issue by building the code into DLLs.
Cleako
-
I actually asked another version of this before but this time I am just curious about the .NET to .NET part. I no longer work for the company that was attempting this but it still makes me curious. The company wanted to have a web server, an app server, and the database (SQL) server. I get the web and database servers, I've done that. What I dont understand is why go through all the trouble to take all of the business logic and place it on an App Server behind the fire wall and only do presentation code on the web server. How feasible is this with .NET? They are currently doing this with Classic ASP and VB6 because they have a way to tell the app to use the COM objects on another box or something along those lines but with .NET it seems that you have to have another web server behind the firewall for this to work because you would need to be able to either use a web service or .NET remoting right??? Cleako -- modified at 9:40 Thursday 15th February, 2007
Isolating the business logic behind the firewall may be an attempt to reduce the attack surface of the application. The risk is that once a web server is attacked, the attacker can then discover the attack path through the firewall. Another reason to use an n-tier infrastructure is to reduce the load on the web server. The risk in this scenario is that a performance bottleneck can be created between web server and app server by relatively slow network technology. .NET remoting does not require the HTTP protocol, and therefore, has no requirement for a web server. One way to think of .NET remoting is an evolution of the COM/DCOM model. The risk here is that you are restricted to Microsoft technologies on both communication endpoints. Web services requires a web server, and is restricted to the HTTP protocol. If you really want to start to understand the ins and outs of n-tier development in relation to .NET, locate a copy of "Microsoft® .NET Distributed Applications: Integrating XML Web Services and .NET Remoting" by Matthew McDonald copyright 2002 It references ASP.NET 1.x, and it provides examples of how to evolve a VB6/COM application to .NET. This is an easier said than done process. HTH, onemorecoder