COMP3121 COMP3121 E-Business E-Business Technologies Technologies Richard Henson Richard Henson University of Worcester University of Worcester October October 2010 2010
COMP3121COMP3121E-Business TechnologiesE-Business Technologies
Richard HensonRichard Henson
University of WorcesterUniversity of Worcester
OctoberOctober 20102010
Week 2: Client-Server Week 2: Client-Server systems and E-commercesystems and E-commerce
Objectives:Objectives: Describe the client-server modelDescribe the client-server model Explain what a communications protocol is and Explain what a communications protocol is and
why comms protocols are so crucial for client-why comms protocols are so crucial for client-server networksserver networks
Understand the rationale for using server-end Understand the rationale for using server-end scripting, rather than having all the code on the scripting, rather than having all the code on the client machineclient machine
Produce a working server script running on an IIS Produce a working server script running on an IIS platformplatform
Client/Server NetworksClient/Server Networks Server end:Server end:
access control to the network and its resources controlled by logon service
access to resources depends on user rights – assessed by logon data
Client-end:Client-end:
user who wishes to access network resources
server
client
Why are networks so important?Why are networks so important? Client-serverClient-server connection only made when user connection only made when user
requests information requests information therefore very efficient…
Client-server processes involve distributing Client-server processes involve distributing computingcomputing requires communication between processesrequires communication between processes
Any client-server systems must therefore:Any client-server systems must therefore: communicate 100% effectivelycommunicate 100% effectively use an entirely reliable set of protocolsuse an entirely reliable set of protocols TCP/IP has proven to be reliable set of TCP/IP has proven to be reliable set of
communications protocols over many yearscommunications protocols over many years
Why is knowledge Why is knowledge of networks important?of networks important?
Any worthwhile E-Any worthwhile E-Business system Business system
usually works usually works across:across: at least two different at least two different
systems systems a digital link including a digital link including
the Internetthe Internet
client
server
Network(s)
Request and responsesRequest and responses Organisation of application processing
across a client-server network… Client:
requests services or information from another computer (e.g. the server)
Server: responds to the client's request by sending
the results of the request back to the client computer
Request and responsesRequest and responses
client requests information
server processes the request, sends a response back to the client
CLIENT SERVER
RESPONSE
Send RequestRead Results
Process RequestSend Back Results
ClientProgram
REQUEST
ServerProgram
Internet CommunicationsInternet Communications
Based on principles of client/server Based on principles of client/server networkingnetworkingEITHER Internet computer can EITHER Internet computer can ““playplay”” the the
role of client or role of client or the role of the role of serverservere.g.(1) A user in one university sends an e.g.(1) A user in one university sends an
email to a user in another university:email to a user in another university:» ““A” client sends email to “B” serverA” client sends email to “B” server
(2) When a reply comes back…(2) When a reply comes back…» ““B” client sends email to “A” serverB” client sends email to “A” server
““Middleware”Middleware”
A layer(s) of SOFTWARE that sits between client and serverA layer(s) of SOFTWARE that sits between client and server
Could “glue” together incompatible formatsCould “glue” together incompatible formats
More on More on MiddlewareMiddleware Middleware can join users to raw data and Middleware can join users to raw data and
applications!applications! Attractions range aroundAttractions range around “future-proofing” “future-proofing”
incompatible computing systems can co-operate and interact incompatible computing systems can co-operate and interact with each other – can be glued together to deliver with each other – can be glued together to deliver applications to the user seamlesslyapplications to the user seamlessly
applications independent of the underlying network applications independent of the underlying network infrastructureinfrastructure
integration with legacy systemsintegration with legacy systems (protecting investment in (protecting investment in older technology)older technology)
GGives organisations time to decide what to do with ives organisations time to decide what to do with older systemsolder systems e.g. during w2k “panic”!e.g. during w2k “panic”!
Bandwidth and Client/Server Bandwidth and Client/Server processesprocesses
Messages transferred between client Messages transferred between client and server via networkand server via network
Bandwidth and Client/Server Bandwidth and Client/Server processesprocesses
Data transfer: the faster the better…Data transfer: the faster the better… most effective on LANs - nowadays 1000 most effective on LANs - nowadays 1000
Mbits/sec or moreMbits/sec or more between connected Internet computers bandwidth between connected Internet computers bandwidth
needs to be as high as possible - 2 Mbits/sec needs to be as high as possible - 2 Mbits/sec upwards upwards
Slow connections…Slow connections… data takes longer to get throughdata takes longer to get through so longer time to get a response backso longer time to get a response back server could even “time out”server could even “time out”
Early Network ProtocolsEarly Network Protocols Challenge for client-server data to be RELIABLY Challenge for client-server data to be RELIABLY
transferred between Internet sitestransferred between Internet sites one purpose of the protocolone purpose of the protocol
» detect errors and resend if necessarydetect errors and resend if necessary
Early model (TCP/IP)…Early model (TCP/IP)… used in early days of Unix (1970s) used in early days of Unix (1970s)
communication between nodes separated into four layers of communication between nodes separated into four layers of abstraction, computerized through just 4 software layers:abstraction, computerized through just 4 software layers:
» Physical Network access layerPhysical Network access layer
» Internet layer – became IP protocolInternet layer – became IP protocol
» Transport or Host-Host – became TCP protocolTransport or Host-Host – became TCP protocol
» Application layer – became FTP and SMTPApplication layer – became FTP and SMTP
THE OSI seven layer modelTHE OSI seven layer model In 1978, the network model expanded to In 1978, the network model expanded to
SEVEN software layersSEVEN software layers included a further three levels of abstraction from included a further three levels of abstraction from
physical network through to screen display, this physical network through to screen display, this was the MINIMUM number OSI committee could was the MINIMUM number OSI committee could agree onagree on
helpful for efficient client-server communication helpful for efficient client-server communication across different networks, with different protocolsacross different networks, with different protocols
First used in the extended (7 layer…) TCP/IP First used in the extended (7 layer…) TCP/IP protocol stackprotocol stack remains to present day…remains to present day…
OSI-compliant Internet ProtocolsOSI-compliant Internet Protocols
When any OSI application layer file (e-mail When any OSI application layer file (e-mail message, HTML file, GIF file, URL request, message, HTML file, GIF file, URL request, and so forth) is sent from one place to another and so forth) is sent from one place to another on the Internet…on the Internet… at OSI level 4, the TCP protocol divides it into at OSI level 4, the TCP protocol divides it into
"chunks" or packets of an efficient size for routing "chunks" or packets of an efficient size for routing through packet switchingthrough packet switching
At OSI Level 3:At OSI Level 3:» packets are created and IP addresses are addedpackets are created and IP addresses are added» used in conjunction with packet-switching to navigate used in conjunction with packet-switching to navigate
packets from source to destination across the physical packets from source to destination across the physical networknetwork
How a message is “sent”How a message is “sent”
Physical Physical LayerLayer
Data link Data link LayerLayer
Network Network LayerLayer
Transport Transport LayerLayer
SessionSessionLayerLayer
Presentation Presentation LayerLayer
Application Application LayerLayer
Physical Physical LayerLayer
Data link Data link LayerLayer
Network Network LayerLayer
Transport Transport LayerLayer
SessionSessionLayerLayer
Presentation Presentation LayerLayer
Application Application LayerLayer
TransmitTransmitStationStation
ReceiveReceiveStationStation
AH DATA
PH AH DATA
SH PH AH DATA
TH SH PH AH DATA
NH TH SH PH AH DATA
LH NH TH SH PH AH DATA LT
DATA AH
DATA AH PH
DATA AH PH SH
DATA AH PH SH TH
DATA AH PH SH TH NH
LT DATA AH PH SH TH NH LH
LinkLink
Preparation of data to send Preparation of data to send across the networkacross the network
File/message “chunking” into packets…File/message “chunking” into packets…TCP orders the file into units of data of a TCP orders the file into units of data of a
specific size containing header information specific size containing header information (for routing) and the data itself(for routing) and the data itself
this allows packets to be routed between this allows packets to be routed between an origin and a destination on the Internet an origin and a destination on the Internet or any other or any other packet-switchedpacket-switched network network
Packet Size & ManagementPacket Size & Management
Traditional TCP/IP used packets with 48 Traditional TCP/IP used packets with 48 bytes data + 5 bytes headerbytes data + 5 bytes header latest implementations: e.g. 768 bytes + headerlatest implementations: e.g. 768 bytes + header
Large messages broken into many packetsLarge messages broken into many packets Sometimes very small messages are Sometimes very small messages are
combined and share a packetcombined and share a packet
dataheader
Contents of a basic 53 byte Contents of a basic 53 byte TCP/IP “packet”TCP/IP “packet”
1. The main body of information to send (48 1. The main body of information to send (48 bytes)bytes)
2. The packet header (5 bytes) containing:2. The packet header (5 bytes) containing:where to send packet (destination IP address)where to send packet (destination IP address)where packet came from (source IP address)where packet came from (source IP address)error checking information - CRC error checking information - CRC TTL (time to live) in case it gets lost!TTL (time to live) in case it gets lost!
Movement of Data by Movement of Data by Packet-switching Packet-switching
IP protocolIP protocol addressing and routing the packet addressing and routing the packet each packet separately numberedeach packet separately numbered
Individual packets for a given file may take Individual packets for a given file may take different routes through the Internetdifferent routes through the Internet
When all packets have arrived at their When all packets have arrived at their destination:destination: TCP at the receiving end reads the packet numbersTCP at the receiving end reads the packet numbers reassembles the packets into the correct order to reassembles the packets into the correct order to
recreate the original filerecreate the original file
Packet-switchingPacket-switching Known as “connectionless” (as opposed to Known as “connectionless” (as opposed to
“connection-oriented”, like the public “connection-oriented”, like the public telephone system)telephone system) unlike the latter, packets do not follow one another unlike the latter, packets do not follow one another
in order down a particular pathin order down a particular path Most Internet traffic uses packet switchingMost Internet traffic uses packet switching
requires no connection channelsrequires no connection channels breaking communication down into packets allows breaking communication down into packets allows
the same data path(s) to be shared among many the same data path(s) to be shared among many users in the networkusers in the network
WWW-related Application WWW-related Application Layer (layer 7) ProtocolsLayer (layer 7) Protocols
FTP (file transfer protocol)FTP (file transfer protocol) predates the wwwpredates the www used to upload/download files between user computer used to upload/download files between user computer
and the Internetand the Internet» FTP client program contacts an FTP server FTP client program contacts an FTP server » requests the transfer of a filerequests the transfer of a file» FTP server responds by transferring the file to the clientFTP server responds by transferring the file to the client
HTTP (hypertext transfer protocol)HTTP (hypertext transfer protocol) Used, usually via the Internet:Used, usually via the Internet:
» to upload requests for web pages from a browser on a client to upload requests for web pages from a browser on a client computer to a web servercomputer to a web server
» to download web pages from a web server to a browser on to download web pages from a web server to a browser on a client computera client computer
Can also be used to send data between client and serverCan also be used to send data between client and server
HTTP and HTML as “middleware”HTTP and HTML as “middleware”
CLIENT SERVER
RESPONSE
Send RequestRead Results
Process RequestSend Back Results
ClientProgram
REQUEST
ServerProgram
Web Browser (HTML page)
Web Server (Server Script)
Web Static Client-Server Web Static Client-Server Model (simplified – excluding Model (simplified – excluding
the “local” server)the “local” server)
More about HTTP and Client-More about HTTP and Client-Server ComputingServer Computing
Client and server systems work right up to the Client and server systems work right up to the application layerapplication layer communication therefore needs to function accordingly…communication therefore needs to function accordingly…
Tim Berners-Lee invented HTTP to facilitate web-Tim Berners-Lee invented HTTP to facilitate web-based application layer communicationbased application layer communication
To allow client-server interaction, Tim designed To allow client-server interaction, Tim designed HTTP to integrate well with his basic web page HTTP to integrate well with his basic web page formatting language - HTMLformatting language - HTML HTML language GET command instructs the client process HTML language GET command instructs the client process
to get data for the serverto get data for the server HTML POST command sends client data either using an HTML POST command sends client data either using an
email protocol or using HTTPemail protocol or using HTTP
Web Dynamic Web Dynamic Client-Server ModelClient-Server Model
HOW Server-Side Processing HOW Server-Side Processing worksworks in a typical web- in a typical web-based client-server based client-server application:application:1.1. The HTML form displayed The HTML form displayed
on a web browser at the on a web browser at the client end collects dataclient end collects data
2.2. Using HTTP the form data Using HTTP the form data is sent to a web serveris sent to a web server
Web Dynamic Web Dynamic Client-Server ModelClient-Server Model
The web server The web server processes the data processes the data according to instructions according to instructions on a specified server on a specified server scriptscript
Using HTTP, the results Using HTTP, the results of processing generated of processing generated as specified by the as specified by the script are sent back to script are sent back to the clientthe client
The web browser on the The web browser on the client machine displays client machine displays the results on a web the results on a web page in a specified page in a specified positionposition
Web Dynamic Web Dynamic Client-Server modelClient-Server model
This gets even This gets even more complex more complex when a database, when a database, and database and database programming, are programming, are also involved at also involved at the server end…the server end…
Introduction to Server-scriptingIntroduction to Server-scripting
The following apply to ALL types of The following apply to ALL types of scripting…scripting…scripts need to use real programming codescripts need to use real programming code
» note: HTML is a FORMATTING language, NOT note: HTML is a FORMATTING language, NOT a programming languagea programming language
both client and server ends have both client and server ends have programming code:programming code:» client end…embedded within a HTML pageclient end…embedded within a HTML page» server end… could be embedded or separateserver end… could be embedded or separate
Languages used for Languages used for Server ScriptingServer Scripting
Much has been tried since HTML became interactive Much has been tried since HTML became interactive in the early 1990s:in the early 1990s: Can use an existing language in a completely separate file, Can use an existing language in a completely separate file,
which is already compiled and ready to go:which is already compiled and ready to go:» the original approach: .cgithe original approach: .cgi» any language could in theory be usedany language could in theory be used» in practice “C” was usually favouredin practice “C” was usually favoured
Can use an existing language embedded in a HTML fileCan use an existing language embedded in a HTML file» The Microsoft .asp approach, using embedded VB source codeThe Microsoft .asp approach, using embedded VB source code» The Sun .jsp approach, using embedded Java (Script) sourceThe Sun .jsp approach, using embedded Java (Script) source
Can invent a new scripting language that is “HTML-like” and Can invent a new scripting language that is “HTML-like” and easily embeds with HTMLeasily embeds with HTML
» Cold Fusion .cfCold Fusion .cf» Preprocessor Hypertext processing .phpPreprocessor Hypertext processing .php
Microsoft’s first attempt Microsoft’s first attempt at server scripting…at server scripting…
In 1996, Microsoft introduced active server pages In 1996, Microsoft introduced active server pages (asp)(asp) hugely successfulhugely successful soon became more popular than .cgisoon became more popular than .cgi
However, in spite of the great success of asp, big However, in spite of the great success of asp, big problems were emerging…problems were emerging… by 2000, hackers were attacking Microsoft servers and by 2000, hackers were attacking Microsoft servers and
finding many security holes in IISfinding many security holes in IIS» Microsoft only coped by offering hotfixesMicrosoft only coped by offering hotfixes
further problem: used VB source codefurther problem: used VB source code» if server not secure, code could be copied or compromisedif server not secure, code could be copied or compromised» Scripts could not be truly “object oriented”Scripts could not be truly “object oriented”
ASP becomes ASP.NETASP becomes ASP.NET
Microsoft’s new approach to server scripting Microsoft’s new approach to server scripting for the new millennium…for the new millennium… building on asp principlesbuilding on asp principles new system that used “intermediate language”, new system that used “intermediate language”,
rather than source code on the serverrather than source code on the server much more difficult to hackmuch more difficult to hack
Problem was… they had to scrap the .asp Problem was… they had to scrap the .asp environment, and adopt a new architecture…environment, and adopt a new architecture…known as the .net frameworkknown as the .net framework as many developers were accustomed to .asp this as many developers were accustomed to .asp this
took awhile to catch on!took awhile to catch on!
Alternative Alternative Scripting LanuguagesScripting Lanuguages
JSPJSP PHPPHP PERLPERL Cold FusionCold Fusion
JSPs (Java Script Pages) Produced by Sun Microsystems
extension of the JavaTM Servlet technology
According to Sun, Servlets:“fit seamlessly into a Web server framework
and can be used to extend the capabilities of a Web server with minimal overhead, maintenance, and support.”
» platform-independent» 100% pure Java» enhanced performance» separation of logic from display» ease of administration» extensibility into the enterprise
PHP files (Hypertext Pre-processor) Originally designed for Linux-based systems
executed on a type of web server called Apache
Integrate well with a Linux database and a free-to-download SQL-supporting product called MySQL
Can now run happily on IISnow getting very popular with non-Linux platforms
Can download the environment directly from the PHP website:http://uk2.php.net/downloads.php
PHPs (continued) “free” Only for serious programmers Cut-and-paste code still needs an
environment like Dreamweaver Popular with those who dislike Microsoft! Unix-based Servers running PHPs
considered to be more secure against hackers than Windows 2000/IIS running aspbut asp.net on Windows 2003/IIS v6 is another
matter…
PERLPERL
Invented by Larry Wall in 1987Invented by Larry Wall in 1987 Became popular as a web programming Became popular as a web programming
language in the late 1990slanguage in the late 1990s Features of C but an interpreted Features of C but an interpreted
language (like Java)language (like Java) Not for programming novices…Not for programming novices…
Cold Fusion Originally produced by Altair with its own
scripting language (CFML) for the Microsoft platformarguably easier to use than asp
Purchased by Macromedia in 2003 (Dreamweaver, Flash, Director, etc.)Dreamweaver has good support for Cold Fusion
scripting Now also available for the Java environment Macromedia itself now part of Adobe
Platforms for developing a website Platforms for developing a website running server-scriptsrunning server-scripts
Computer capable of supporting Windows Computer capable of supporting Windows XP/2003/Vista/7 or an equivalent operating XP/2003/Vista/7 or an equivalent operating systemsystem
TCP/IP protocol stack running on serverTCP/IP protocol stack running on server Web Server software such as:Web Server software such as:
Internet Information ServerInternet Information Server ApacheApache
Broadband connection to the InternetBroadband connection to the Internet
Basic Infrastructure required to Basic Infrastructure required to put a server-system “on-line”put a server-system “on-line”
Typical networking server software:Typical networking server software:Windows NT/2000/2003/2008Windows NT/2000/2003/2008Unix (many types; Linux increasing Unix (many types; Linux increasing
popularity)popularity) A Firewall to keep the server secureA Firewall to keep the server secure
security is a BIG issue in e-commerce security is a BIG issue in e-commerce
More typical Infrastructure to go More typical Infrastructure to go online (existing local network)online (existing local network)
Make sure the internal “client-server” computer Make sure the internal “client-server” computer network is securenetwork is secure
EITHER Use the firewall computer as a router to EITHER Use the firewall computer as a router to separate the internal (local) network from the separate the internal (local) network from the External (i.e. Internet) network External (i.e. Internet) network diverts data between the Internet and the local networkdiverts data between the Internet and the local network will only work if the network will need to be running an will only work if the network will need to be running an
appropriate protocolappropriate protocol
OR, if necessary, use a gatewayOR, if necessary, use a gateway» converts data into appropriate protocol and diverts it between converts data into appropriate protocol and diverts it between
the Internet and the local networkthe Internet and the local network» Can be used to link networks running different protocolsCan be used to link networks running different protocols
Firewall & Security mattersFirewall & Security matters Servers MUST ALL be correctly Servers MUST ALL be correctly
configuredconfigured The Firewall or Proxy Server will them The Firewall or Proxy Server will them
make sure that:make sure that: internal users do not access unauthorised internal users do not access unauthorised
sitessites unauthorised remote Internet users do not unauthorised remote Internet users do not
access the local networkaccess the local network
Putting the Secured network Putting the Secured network on-lineon-line
A digital connection is needed between the A digital connection is needed between the router/gateway and a computer connected to the router/gateway and a computer connected to the InternetInternet
PROVIDED THAT THE NETWORK IS SECURE, PROVIDED THAT THE NETWORK IS SECURE, there is no need to worry about payment systems…there is no need to worry about payment systems…
secure (VPN) Internet connections can be made to credit secure (VPN) Internet connections can be made to credit card authorisation and payment sites using “Merchant card authorisation and payment sites using “Merchant Server” softwareServer” software
Regular monitoring of the network is essential to Regular monitoring of the network is essential to ensure that unauthorised users are not trying to ensure that unauthorised users are not trying to gain accessgain access
Web Hosting and ISPs Web Hosting and ISPs (Internet Service Providers)(Internet Service Providers)
Only the largest corporate enterprises Only the largest corporate enterprises are likely to be part of the Internetare likely to be part of the Internet
Most businesses need to find a partner Most businesses need to find a partner who will provide a link between the who will provide a link between the connection medium and the Internet connection medium and the Internet that meets their needsthat meets their needsMany Internet service providers availableMany Internet service providers availableThe problem is usually “which to choose”, The problem is usually “which to choose”,
rather than finding a partner…rather than finding a partner…
Web HostingWeb Hosting Two possibilities:Two possibilities:
ISP provides hosting and web space, B2C ISP provides hosting and web space, B2C manages websitemanages website
ISP provides hosting AND manages websiteISP provides hosting AND manages website ISP will also provide:ISP will also provide:
the all important IP address that will allow a the all important IP address that will allow a presence on the Internetpresence on the Internet
the domain name that will allow other the domain name that will allow other Internet users to find the websiteInternet users to find the website
Criteria for choosing a Criteria for choosing a web host (apart from cost!)web host (apart from cost!)
Amount of web space?Amount of web space? Bandwidth availability?Bandwidth availability? Hardware & OS?Hardware & OS? Uploading techniques?Uploading techniques? Protocols supported?Protocols supported? URL available?URL available? type of server scripts supported?type of server scripts supported? Site management tools?Site management tools? Databases supported?Databases supported?
Exercise for Next WeekExercise for Next Week
Search Google for web hostsSearch Google for web hosts How many available?How many available? How could you choose?How could you choose?
Use the following URL to compare web hosts Use the following URL to compare web hosts and their offerings:and their offerings: http://www.hostindex.com/voteresults.shtmhttp://www.hostindex.com/voteresults.shtm
Select criteria for an e-commerce hosting Select criteria for an e-commerce hosting solution that fit with comparison datasolution that fit with comparison data
Choose a suitable web host (server) for an Choose a suitable web host (server) for an e-commerce solutione-commerce solution
Thanks for listeningThanks for listening