iRAD.NET - A White Paper by Broden, Inc.,

April 2002 Summary:

Broden's rapid application development model for Internet/Intranet and Web Services applications is called iRAD.NET. iRAD systems typically fill the B2B or B2C markets, and involve querying large databases. iRAD systems are built using components making for maximum code re-use and maintainability. At the same time, iRAD systems are designed for high availability, scalability, and performance. What's more these eBusiness solutions are custom built in a matter of a few months. The purpose of this paper is to describe the technology behind the systems.

.NET Foundation:
iRAD.NET systems are built on top of Microsoft’s .NET platform.  This platform includes the core framework that provides a managed and protected application execution environment.  .NET includes high speed data technologies by way of ADO.NET and a robust and scalable web platform in ASP.NET.  ADO.NET and ASP.NET are successors to the already proven and successful ADO and ASP technologies.  .NET is designed to deliver software as a service and to that end includes all the plumbing to build applications that integrate with XML and SOAP.  These are open Internet standards that allow for the delivery of information and other application services to all sorts of devices from standard web browsers on PC’s to mobile browsers on Phones and PDA’s.

Distributed Architecture:
If there is one key that makes the rapid design and development of enterprise class web systems possible, it is the partitioning of the application into tiers. The industry has been using this approach for some time now, and the Internet naturally lends itself to it. Microsoft’s .NET platform provides even more options for distributing an application.  Core business logic can be packaged into components known as Class Libraries and these can then be deployed as DLL’s on the same machine or made available on other machines as Web Services or accessed via .NET remoting.

The middle tier:
In iRAD systems all business logic is stored in the middle tier. This middle tier consists of one or more components typically built in Visual Basic.NET. These components are object-based. That is, they have an "object-oriented like" interface. The objects have a well-defined interface with methods and properties. Broden uses standard object modeling tools, like Visio to lay out the exact design of the objects in the middle tier. A first cut of this model usually comes out of the analysis phase, and is kept up to date all through system development. This model is a great means of ensuring that the system contains the needed functionality. Two significant advantages are realized from encapsulating all business rules in the middle tier: 1) Code reuse, and 2) Parallel development. The beauty of the middle tier is that the business routines can be used by a variety of programs and interfaces. Obviously the main web system makes use of them, but other programs including administrative utilities can use the very same business rules. A change to the rules in one place will affect all systems making use of them. It doesn't matter if these are web based or client/server based. This helps keep maintenance costs low. The other main benefit of this approach is parallel development. The development process can kick into high gear with programming of both the user interface and business layers continuing at full speed. Separate developers are used for these layers so that the system can be developed on Internet time! The middle tier makes all this possible!

The data tier:
All of the iRAD systems involve access to critical business data. Broden has over 100 years of collective experience in data modeling. During the analysis phase a normalized data model is constructed to store the needed data. The data model, like the object model, is a very important communication tool between all parties on the development team. Visio, also an enterprise class data-modeling tool, is used to maintain the data model during the life of the project. Broden's premier choice of database server is Microsoft's SQL Server. SQL Server has made great strides in its latest releases, and continues to topple old standing processing benchmarks. In iRAD systems, standard SQL statements in stored procedures perform all data access. Stored procedures are kept on the database server, and are the fastest way to retrieve and update data. This is because execution and query plans are computed and stored ahead of time. All communication between the business and data tiers is done via ActiveX Data Objects (ADO). ADO.NET is a layer that sits on top of OLE-DB, and permits access to a variety of data sources from non-relational files like Excel spreadsheets to small-scale databases like Access and SQL Anywhere to large relational databases management systems like SQL Server and Oracle to OLAP servers like SQL Server Analysis Services and Hyperion Essbase. ADO.NET also includes a high performance library that bypasses ODBC and OLE-DB and talks the native language of SQL Server.  A lot of buzzwords, we realize, but ADO.NET basically permits us to access data from virtually any source.

The user interface:
The user interface for iRAD systems is of course, web pages. These web pages are special pages known as Active Server Pages (ASP). ASP.NET is an extension to Information Internet Server (IIS), Microsoft's web server. Thus the web site is run on a Windows NT or Windows 2000 server machine. ASP.NET pages can contain code (in any .NET language like VB or C#) that is run on the server before or as the HTML output is prepared for transmission to the client. The primary purpose of the server side code in iRAD systems is to interact with the business components, and render the results with a professional and user-friendly look and feel. Where there is a need for client side script, it is written in JavaScript so as to win the greatest number of browsers. Microsoft Internet Explorer and Netscape Navigator are certified for use with iRAD systems. Keep in mind that iRAD systems are very thin on the client. This means that all the software is installed and updated on the servers, because this is where almost all the processing is done. Data transmitted across the Internet or phone line to the client browser is as small as possible-only what's needed to fill the current page. Further action taken by the user results in requests sent to the server for processing.

Scalability
The performance of a web site is dependent on a number of factors including hardware configuration and user load. iRAD sites are built to scale. They are built on top of products like SQL Server and Internet Information Server that are already used in mainstream Internet sites serving a large number of concurrent users and taking a great many hits each day. In addition the .NET components used in the middle tier are  able to handle multiple requests simultaneously. Still there are a number of considerations in application design to make for scalability. Here are a few iRAD system features that contribute to this:

Connection Pooling
Connections to the database server must be opened and closed for processes run by any and all pages. This necessitates the use of database connection pooling. Microsoft’s .NET managed environment automatically handles connection pooling.  Database connections continue to remain open for a short time to service any future requests without actually re-opening a database connection.

Farming Out
In cases where a very heavy load is expected, web server requests may be spread across multiple machines, each running a web server (IIS). This is known as a web farm. This technology is also known as load balancing, and requires either Windows NT Server Enterprise Edition (Windows Load Balancing Service-WLBS), or Windows 2002 Advanced Server (Network Load Balancing-NLB).

Availability
Where high availability is desired, Microsoft Cluster Service may be employed in connection with Network Load Balancing described above. This allows for one server to take over in the event of a failure on another. This may be utilized for the IIS servers, as well as SQL Servers (Enterprise Edition). Also, redundancy of data may be needed. For disaster recovery, SQL Server supports log shipping from one server to another remote server. In case of catastrophic failure at the primary server, the second server can recover within minutes and continue offering service to customers.

Security
Security is of grave concern, particularly when the site is made available on the Internet It is a function of both hardware and software. iRAD systems work well in conjunction with hardware or software based firewalls-only the standard HTTP port is used during server/client communications. In addition, a digital certificate may be obtained for use on the server by encryption infrastructures like Secure Sockets Layer (SSL). Where the security of data transmission between the database servers and web servers is a concern, the SQL Server Multiprotocol Net-Library can be used and configured to encrypt packets. Finally, all users of iRAD systems must log in to authenticate their access to resources. This “user id" is stored on the server. A user is not allowed access to another's data by merely copying a URL.  Also, the .NET Framework includes a granular evidence-based security system to control what an application can and can’t do.  It collects this information based on such things as who wrote the code, what the code is trying to do, and who is trying to run the code.