220 likes | 374 Views
ASP Architectures for Web-based Collaboration Reliability - Scalability - Security - Usability. Oliver G ü nther Institute of Information Systems Humboldt University, Berlin, Germany. Overview. What is ASP ?
E N D
ASP Architectures for Web-based Collaboration Reliability - Scalability - Security - Usability Oliver Günther Institute of Information Systems Humboldt University, Berlin, Germany
Overview • What is ASP? • MMM (Middleware for Method Management): our original proposal for an ASP market infrastructure • TeamToolz: an ASP for marketing and advertising • Challenges: reliability – scalability – performance – usability – interoperability – security • Solutions: three-tier architecture – proxies – XML - proprietary encoding techniques • Demonstration of the TeamToolz production system • Conclusions and future work
Application Service Providers • IDC: a contractual service offering to deploy, host, manage, and rent access to an application from a centrally managed facility • a.k.a. software renting/leasing a.k.a. application hosting a.k.a. hosted service • No local installation, software is used via a Web browser • But note: user data is stored at ASP facility • ASPs are clearly on the rise – Humboldt study 2001: • 90% of Neuer Markt companies are familiar with ASP • 23% are using ASPs or have concrete plans to do so
MMM - an Early ASP Architecture • MMM: Middleware for Method Management • An electronic marketplace for scientific (in particular, statistical) software • Developed 1994-1999 at Humboldt University • Key features • ASP approach (“From Systems to Services”) • Method usage via Web browser • Method management and communication via XML • Pay-per-use • Easy method check-in for providers
Pay Customer Provider Register Specify Browse Search Query Read XML Metadata Service Input Data Execute Post Execute Post Result Post APIs Search Engines Electronic Marketplace Distributed Computing Infrastructure Payment Infrastructure The MMM Marketplace (1997)
What is TeamToolz? TeamToolz is a web-based collaborative application that helps marketing departments manage: • people • projects • business information • creative content associated with developing and launching marketing and advertising campaigns. TeamToolz is an Application Service Provider (ASP).
Multiple handoffs & interdependencies Complex delivery challenges BUSINESS PARTNERS No version control CREATIVE AGENCY Outdated information MARKETING DEPARTMENT BRAND CONSULTANT Lost work PR FIRM No project visibility MEDIA PLANNING BUYING Delayed approvals Accountabilities unclear TRADESHOW SPECIALIST INTERACTIVE AGENCY Poor auditing/tracking PRODUCTION VENDORS Content missing associated instructions The Problem: Ad Campaigns Today
CREATIVE AGENCY BUSINESS PARTNERS MARKETING DEPARTMENT INTERACTIVE AGENCY PR FIRM MEDIA PLANNING BUYING BRAND CONSULTANT PRODUCTION VENDORS TRADESHOW SPECIAL The TeamToolz Solution • Manage project workflow from start to finish • Route and track deliverables • Create audit trail • Build best practices • Manage digital brand assets • Store and share files in one central location (ASP approach) • Manage people and assign tasks • Link all stakeholders, regardless of location and affiliation • Provide role-based access to all project-related information • Conduct virtual meetings (via WebEx)
The Challenges (April 2000) • Reliability: how to get from 95% uptime to 99.99% uptime on a 365/24/7 basis • Scalability: how to grow from 300 to 3,000,000 seats • Performance: how to reduce response times from 5 seconds to 1 second • Interoperability: how to integrate with existing system solutions (ERP, CRM, media buy, ...) • Security: how to approach the ASP-intrinsic problem of data residing outside the enterprise
Reliability - the Easy Part How we increased uptime from 95% to 99.99 % (on a 365/24/7 basis) at a reasonable cost • IT management: streamlining the deployment schedule increased availability from 95% to 98% • OS switch: switching from NT to Solaris and Linux increased availability from 98% to 99.5% • DB switch: switching from SQL server to Oracle 8i increased availability from 99.5% to 99.9% • Uninterruptible power supply: improving the UPS infrastructure took care of the remaining 0.09% • Remaining downtime: 1 minute a week for scheduled maintenance (bug fixes, system upgrades)
Scalability How to grow from 300 to 3,000,000 seats? • Application server now uses multithreading • Cold Fusion Server was ported from NT to Linux, where it uses Posix threads • Each page request executes as a separate (kernel) thread (rather than as a separate CF process) • Near-linear scaleup in the number of processors due to Linux Symmetric Multiprocessing (SMP) • Proxy server serves as cache for static content, in particular images (note that despite the dynamic nature of the pages, static information still dominates web traffic)
Performance How we cut response times from 5 seconds to 1 second • Cache function of the proxy server helps here too: screen buildup starts right away, while the application server and the database backend are still processing • More generally speaking: strict separation of presentation, application and database backend helps to increase parallelism between the various servers • Stored database procedures allow more efficient database caching (query plans and partial results) • Replaced some CF by Java modules in application layer • Use of a digital asset management system - as opposed to an RDBMS or a simple file system
Interoperability Howto communicatewith existing system solutions (e.g. ERP, CRM, media buy)? • TeamToolz took a leading role in defining adXML, a collection of DTDs for marketing and advertising applications • Models all relevant data exchange <!ELEMENT Request (Advertiser?, Agency?, (InsertionOrder | CancellationOrder | ChangeOrder | AssetDescription | JobStart | TrafficInstruction | MediaAuthorization))> • Interfaces to related approaches such as WF-XML or XML/EDI
Security - the Hard Part • How to approach the ASP-intrinsic problem of data residing outside the enterprise • Obvious measures • SSL • Only proxy server is visible from the outside • IP filtering • Double firewall • One database instance per site • Not so obvious: dataencoding schemes • Sensitive information is encoded before transfer to ASP • ASP stores and manipulates only encoded data • ASP output has to be decoded before presentation
User ASP Input Data D Transformed Input Data T(D) Transformation T Service S Service S Solution S(D) Pseudo-Solution S(T(D)) Retransformation U Security (cont.) • Problem No. 1: How to find T’s and U’s for a given S • Problem No. 2: How to do all this without the user noticing?
Security (cont.) • How to find T’s and U’s for a given S • Customization process to determine eligible S’s, T’s and U’s (note that U is not always T-1) • S: budget management, T: scaling, U: T-1 • S: calendaring, T: linear transformations, U: T-1 • Problem with timeshifts: alerts • events should only be moved to the past • alerts need to be delayed
Browser Browser Browser Vendor Client Agency Public Internet Internet Firewall Firewall Top Tier (Presentation Layer) Proxy Server Presentation Server (ColdFusion) Middle Tier DAM Server (Artesia TEAMS) Application Server (ColdFusion/Java) (Business Logic) XML Private Intranet Bottom Tier (Storage Backend) System Architecture HTTP “DMZ” Servlets NFS NFS SQL SQL Network Attached Storage Relational Database (Oracle 8i)
CREATIVE AGENCY MARKETING DEPARTMENT BUSINESS PARTNERS INTERACTIVE AGENCY PR FIRM MEDIA PLANNING BUYING BRAND CONSULTANT PRODUCTION VENDORS TRADESHOW SPECIAL Summary: What TeamToolz Does • TeamToolz streamlines the marketing process and complements existing ERP and CRM solutions • Application for managing creative content • workflow • digital asset management • people management • Application Service Provider • hosted service • priced per seat per month
Summary: ASP Essentials • Reliability: 99.99% availability on a 365/24/7 basis • structured processes, stable system software, safe building, redundant hardware with failover • Scalability and Performance: how to handle millions of seats and keep response times below one second • multithreading, proxy servers, load balancers • Usability and Interoperability • market research, focus groups, XML • Security: how to make users feel safe about their data • proxy, SSL, firewalls, separate DB instances • browser plug-ins for encoding and decoding