A systematic divide-and-conquer approach can be applied to the software development portion of the web site production process by dividing the problem into discrete parts and addressing their respective development issues separately.
One paradigm for doing this is to decompose the system architecture into three tiers, or layers. This approach, referred to as a 3-tiered (or, more generally, n-tiered) architecture (see White et al. 1998æ Sadtler et al. 2000), divides the architecture into the following tiers:
Tier 1. Presentation Tier: Includes the user interface, typically a web browser
Tier 2. Business Logic Tier: Includes the web server and any server-side programs that run under it, such as CGIs or Java Servlets
Tier 3. Services Tier: Includes legacy systems, databases, and other back-end services.
The Presentation tier refers to the user platform. Typically this is a web browser running on a personal computer, but it can also refer to a Java applet running in a browser, a Java application running by itself, or any other client software capable of accessing the web server.
The Business Logic tier includes the web server, CGIs, and other web server technologies that run within the web server (such as server-side includes), or in support of it (such as server plug-ins). For many web projects, only Presentation and Business Logic layers are used.
For more complex sites, such as those serving dynamic content or web applications a third tier, the Services tier, is also used. The Services tier includes databases and other legacy systems that provide information and back end services (such as transactions) for the web server.
There are many advantages to using a 3-tiered architecture, including easier development and maintenance and improved scalability and security. By separating the services, business logic, and presentation, system components can be more focused and cohesive, and less coupled, or dependent, on how other system components are implemented. In addition, by logically (and physically) separating the tiers, components of any tier can be upgraded or maintained relatively independently of the other tiers.
Finally, 3-tiered architectures are often used to map out security measures for the system. Typically, this is done by placing firewalls between each of the tiers. In a standard deployment, the firewall between the Presentation and Business Logic tiers is called the protocol firewall, and it limits which services can be provided by the Business Logic tier the Presentation tier.
For example, the protocol firewall may allow HTTP requests through to the web server, but not Telnet requests that would allow outside users to control the web server. Between the Business Logic tier and the Services tier, a domain firewall is placed that only allows services to be provided to machines within a trusted domain, that is, those in the Business Logic tier.
This type of security structure provides a multilayered defense against potential security threats from outside the system. The main goal for many companies is to protect the legacy systems inside the Services tier, as that tier may contain the most sensitive and mission-critical data.
The Business Logic tier serves as a buffer zone, often called the demilitarized zone (DMZ), which protects the security of the legacy systems in the event that any single machine is compromised.
Of course, good security contributes to system usability because an exploited system may not be able to provide the information or services to the users when they need it. Perhaps more important, users expect that companies collecting personal information over the Web (e.g., credit card numbers) will safeguard that information. A system that is not secure will not be trusted and will not be used.
No Comments so far ↓
There are no comments yet...Kick things off by filling out the form below.