Chapter 4: Selecting the Runtime Patterns

User node

The user node is most frequently a personal computing (PC) device supporting a commercial browser, for example, Netscape Navigator or Internet Explorer. The browser is expected to support SSL and some level of DHTML. Increasingly, designers need to also consider that this node might be a pervasive computing device, such as a Personal Digital Assistant (PDA).

Pervasive user node

A pervasive user node is a catch-all category of portal users that includes all mobile (non-desktop) connected end-user devices other than a Web browser. In most current scenarios, this includes devices such as mobile phones, personal digital assistants, and text pagers .

Domain Name Server (DNS) node

The DNS node assists in determining the physical network address associated with the symbolic address (URL) of the requested information. The Domain Name Server node provides the technology platform to provide host to IP address mapping, that is, to allow for the translation of names (referred to as URLs) into IP addresses and vice versa.

Public key infrastructure (PKI) node

PKI is a system for verifying the authenticity of each party involved in an Internet transaction, protecting against fraud or sabotage , and for non repudiation purposes to help consumers and retailers protect themselves against denial of transactions. Trusted third-party organizations called certificate authorities issue digital certificates - attachments to electronic messages - that specify key components of the user's identity. During an Internet transaction, signed, encrypted messages are automatically routed to the certificate authority, where the certificates are verified before the transaction can proceed. PKI can be embedded in software applications, or offered as a service or a product. e-business leaders agree that PKIs are critical for transaction security and integrity, and the software industry is moving to adopt open standards for their use. In the context of the topologies defined in this IBM Redbook, PKI supports the authentication of the server to the browser client and the confidentiality, using the SSL protocol.

Gateway node

Gateway nodes switch between the different networks to establish communication between pervasive devices and the Web applications. This only means that the two parties can communicate with each other. It does not mean that they will understand each other. Communicating and passing data between the two parties is one thing, but adapting the content and translating between different protocols is another. The content translation is done by the Transcoding Proxy node.

Firewall node

A firewall is a hardware/software system that manages the flow of information between the Internet and an organization's private network. Firewalls can prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets , and can block some virus attacks -- as long as those viruses are coming from the Internet. A firewall can separate two or more parts of a local network to control data exchange between departments. Firewalls provide the first line of defense for protecting private information, but comprehensive security systems combine firewalls with encryption and other complementary services, such as content filtering and intrusion detection.

Firewalls control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

• Screening routers (the Protocol firewall)

• Application gateways (the Domain firewall)

Two levels of firewall nodes provide increasing protection at the expense of increasing computing resource requirements. They have different levels of security implementation:

• The Protocol firewall is typically implemented as an IP Router and is basically configured with filters. It protects from access to unauthorized services in the DMZ and also can avoid inadequate LAN bandwidth usage.

• The Domain firewall prevents unauthorized access to servers on the internal network by limiting incoming requests to a tightly controlled list of trusted servers in the DMZ. In an n- tier architecture, it prevents the user from accessing any critical data or application directly.

Load Balancer node

The Load Balancer node provides horizontal scalability by dispatching HTTP connections among several, identically configured Web servers. The Load Balancer component distributes interactive traffic across a number of hosts using dynamically updated rules for load balancing, while providing a single system image to the client system. It is used to achieve scalability through the use of multiple servers, and high availability through being able to dynamically vary the algorithms by which a host is selected if one host fails or becomes overloaded.

Transcoding Proxy node

The Transcoding Proxy node is a legacy component from earlier Pervasive solutions. This node is responsible for the content transformation between the content provider (server) and the pervasive devices (client).

This node appears on the diagram in a lighter shade , indicating that it is a legacy component.

Web presentation server node

The Web presentation server node provides services to enable a unified user interface. It is responsible for all presentation- related activity. In its simplest form, it serves HTML pages and runs servlets and JSPs. For more advanced patterns, it acts as a portal and provides the access integration services (Single Sign-On, for example). It interacts with the personalization server node to customize the presentation based on the individual user preferences or on the user role. The Web presentation server allows organizations and their users to standardize and configure the presentation of applications and data in the most efficient way, while enabling fine-grained access control.

Application server node

The application server node provides the execution and communication runtime environment for the business logic of the application. The business logic may be self-contained on the application server node. If not, the application server node is responsible for interacting with back-end applications and retrieving data from back-end data sources. The application server node typically enables infrastructure services such as persistence, resource connection pooling, scalability, failover, administration, and support for Java.

Web application server node

A Web application server node is an application server that includes an HTTP server (also known as a Web server) and is typically designed for access by HTTP clients and to host both presentation and business logic (it includes the Web presentation server and the Application Server node).

Web server redirector node

In order to separate the Web server from the application server, a so-called Web server redirector node (or just redirector for short) is introduced. The Web server redirector is used in conjunction with a Web server. The Web server serves HTTP pages and the redirector forwards servlet and JSP requests to the application servers. The advantage of using a redirector is that you can move the application server behind the domain firewall into the secure network, where it is more protected than within the DMZ.

Personalization server node

The personalization server node works with the Web presentation server node to customize the presentation with data that matches a user's interest. The personalization server identifies the type or class of the user based on information available about the user. Based on this classification, data taken from a content datastore either in the Personalization tier or from back-end sources is selected for presentation to the user. It provides the mapping function of user classification to content data.

Collaboration node

The collaboration node provides synchronous and asynchronous modes of communicating between organizations. We call this a community . A community is empowered by collaborative work between users. The collaboration node provides interactive discussions (interactive messaging and chat functionality) and the sharing of documents/ideas (team room environment).

Content management node

The content management node provides for the management of digital assets (for example images, documents, and "pieces" of text) and applies a workflow and security rules (for example access control) to each discrete asset. Note that assets can also be referred to as resources (as they are in WebSphere Content Publisher). The content management node will commonly include and/or leverage the following functions:

• Content type/category identification

• Workflow (based on a user's role and/or the type of content)

• Versioning (including rollback to previous versions)

• Handling of static or dynamic content

• Transcoding/reformatting of content (more recently added to handle multiple end-user channel device types)

• Storage of content to multiple data source types (for example DBMS, file systems)

Search and indexing node

A search and indexing node provides a function to catalog and/or index the content data sources. This will provide the capabilities to locate specific content (for example product or catalog information) and to update this search capability when updates are added (via indexing). In addition, this information can be indexed in a manner that provides the Presentation and Personalization server an ability to find information that is associated with the actions taken by the end user. For example, this could provide for cross-selling or up-selling on a commerce site, which is a specific form of Implicit Personalization. For more details, refer to the Predictive Personalization runtime pattern at:

• http://www-106.ibm.com/developerworks/patterns/access/at3-runtime.html

Pervasive devices services node

This node includes three services. In some cases, not all three services are implemented. The services can also be separated onto separate nodes.

• Notification

  The notification node provides message interchange between users and their applications. It allows users to subscribe to services, define the delivery method and specify rules for how and when the information will be delivered.

• Synchronization

  The synchronization node enables handheld computing devices to link remotely to desktop applications and synchronize data with several applications like mail servers, relational databases, etc. The mobile device can synchronize using several channels such as a modem, cellular phone, the Internet, wireless, an intranet, a local area network (LAN) or a wide area network (WAN).

• Device manager

  The device manager node provides identification, configuration, inventory management and software distribution to devices such as personal digital assistants (PDAs), handheld PCs, smartphones, wireless access protocol (WAP) devices, or other emerging devices for pervasive computing.

Directory and security services node

The directory and security services node supplies information on the location, capabilities and attributes (including user ID/password pairs and certificates) of resources and users known to this Web application system. This node can supply information for various security services (authentication and authorization) and can also perform the actual security processing, for example, to verify certificates. The authentication in most current designs validates the access to the Web application server part of the Web server, but this node also authenticates for access to the database server.

To provide Single Sign-On services, a Lightweight Directory Access Protocol (LDAP) directory is used.

Shared file server node

The timely synchronization of several Web servers is achieved by using a shared file system as the content storage and capitalizing on the replication capability of this technology. In a Web environment with several Web application servers, this component can be a centralized repository for HTML, Java and JSPs files, facilitating their management and update process to serve all the application servers. Any changes or updates to the content of the application server can be done on the file server.

Database server node

This node's function is to provide persistent data storage and retrieval service in support of transactional interactions.

Existing applications and data node

The existing application and data node represents the legacy systems, which are running on the internal network. These elements provide business logic and also persistence of the data.