Although the use of DCOM between a desktop client and a COM+ 1.0 application (or generic DCOM server) is rare over the Internet today, the use of DCOM in a demilitarized zone (DMZ) setting, in which the requirements are substantially similar to firewall issues, is much more common. Therefore, the scenario we'll examine here is Internet Information Services (IIS) running in a DMZ interacting with a COM+ 1.0 application within the corporate firewall, as shown in Figure 7-19.
Figure 7-19. COM+ in a DMZ scenario.
COM Internet Services (CIS) introduces support for a new DCOM transport protocol called the Tunneling Transmission Control Protocol (TCP), which allows DCOM to operate over TCP port 80. This allows a client and a server to communicate in the presence of most proxy servers and firewalls, thereby enabling a new class of COM-based Internet scenarios.
In many Internet situations, the network connectivity between a client and a server is subject to a number of restrictions:
In practice, the net effect of such restrictions is that a client and a server will probably have a very narrow set of protocol and port combinations available to carry out a conversation. Because DCOM dynamically selects network ports in a range (1024-65535) in which Internet-to-intranet network traffic is typically not allowed, it's not possible to reliably use the existing DCOM transport protocols over the Internet, although they are perfectly suitable for intranets. Moreover, firewalls are often set up to restrict access to port 135, upon which DCOM depends for a variety of services.
The Tunneling TCP protocol introduces a special handshake at the beginning of each DCOM connection that allows the connection to pass through most firewalls and proxies. After this handshake, the wire protocol is simply DCOM over TCP. This means that the protocol is transparent to both client and server. Neither the client code nor the server code needs to be modified to use CIS. Also, all the DCOM-over-TCP protocol services are available—including DCOM security and lifetime management (that is, "pinging") services.
The Tunneling TCP protocol is illustrated in Figure 7-20 and proceeds as follows:
Figure 7-20. The Tunneling TCP protocol.
For more information regarding CIS, refer to http://msdn.microsoft.com/library/backgrnd/html/cis.htm.
A Tunneling TCP protocol limitation
The Tunneling TCP protocol has the following requirements:
Note that because of these requirements, CIS does not support callbacks. For example, your applications cannot perform notifications by using the connection point or advise sink mechanisms. However, if the CIS client can function as a CIS server, nothing prevents the client from receiving DCOM calls—including callbacks.
The Simple Object Access Protocol (SOAP) is a proposed standard defining a protocol for accessing objects over the Internet. While products supporting SOAP were not yet available at the time of this writing, we expect them to become available shortly.
SOAP defines an RPC mechanism using HTTP as the transport and XML documents for encoding request and responses. The primary objective of SOAP is to provide an object invocation mechanism built on Internet standards. In particular, one of the important design goals of SOAP is that it be usable over today's World Wide Web infrastructure, specifically with regard to the use of proxies and firewalls.
For details about the SOAP protocol, visit http://msdn.microsoft.com and search for SOAP.