Skip to main content

Self-Service::Agent application pattern::Runtime patterns

Overview

In the Agent application pattern, the agent tier serves as an integration point for delivery channels in the presentation tier, allowing access to individual back-end applications. In the Runtime pattern, the functions of the Agent tier are performed by a process manager node. The functions of the presentation tier are performed jointly by a Web server redirector and the application server.

Key to this pattern is the use of an operational data store to provide a single point of access for the process manager node to access relevant business data congregated from a wide variety of dissimilar back-end systems.

Agent application pattern: Runtime pattern

Agent application pattern: Runtime pattern Application ServerIntegration ServerWeb Server RedirectorLightweight Directory Access ProtocollUserDomain Name ServerExisiting ApplicationsDirectory and Security ServicesPublic Key InfrastructureProtocol FirewallDomain Firewall
Design Last Updated: 9-30-2004
(Click a node to get a detailed explanation.)

In addition to presentation logic (for example, JSPs), the application server contains limited business logic, primarily in the form of the controlling servlets required to access the business processes executing in the process manager node. The application server builds a request based on user input and passes it to the process manager.

The process manager node provides the execution engine for the business processes. It has the capability of executing activities in serial or parallel mode. It can invoke back-end services synchronously or asynchronously. In the event that human interaction is required by the business process, this node creates a work item and identifies a particular person or a department responsible for executing that task and adds the work item to its worklist. Processes that are interrupted can roll back completed tasks, returning the back-end applications to their original state.

A database is used to provide a persistent data storage and retrieval service in support of the execution of the process flow. It holds the process execution rules and intermediate results from the execution of certain activities within the context of an end-to-end process flow. The implementation of this node may involve several persistent data technologies (such as DBMS and flat file) for the different data types.

The operational data store (ODS) provides the data required for business execution in one central location. The ODS is populated in real-time or near real-time with current data from the legacy systems. It contains a subset of data that is relevant to the business processing requirements. The process manager node can access a cross-section of data relevant to the current transaction in a single access to the ODS. This provides performance and management advantages over accessing the data from each legacy system individually. Since the data is transformed in the ODS and not on the legacy system, integration of data during mergers and acquisitions can be done rapidly with little or no disruption to the back-end systems. The data provided by the ODS can be used for a full range of business functions, including personalization, cross-selling, and decision-making.

Building an operational data store can be a complex process. When approaching this task, it is advisable to start with the Data Integration pattern approach to design how the ODS will be populated and maintained. Information about data integration and the appropriate IBM products can be found in Patterns: Information Aggregation and Data Integration with DB2 Information Integrator, SG24-7101.In Figure 3-3 on page 43 the Data Integration::Population pattern is shown as an example.

The primary business logic resides in the back-end applications. Selected data from these systems is replicated to the ODS for use by business processes.

Next, review product mappings.

Close [x]

Application server node

The application server node provides the infrastructure for application logic and can be part of a Web application server. It is capable of running both presentation and business logic but generally does not serve HTTP requests. When used with a Web server redirector, the application server node can run both presentation and business logic. In other situations, it can be used for business logic only.

Close [x]

Integration Server Node

The purpose of this node is to interface between any front end access channel, such as the web, a call center, or a client/server ("fat client") PC, and whatever back-end application system is needed (including applications from other companies). It will perform the following kinds of services:

  • Convert protocols from the front end to match whatever the back-end systems understand
  • Decompose a single message from the front end (such as a web server) into several back-end messages (or transactions), and then re-compose the replies
  • Navigate from the front end to whatever back-end system needs to be accessed
  • In more complex cases, control the process or unit of work for a number of back-end interactions based on a request from the front end

The intent is to relieve each front end from having to handle the complexity of interfacing with potentially multiple back-end systems, which may be in different companies. The front end (such as the web server should just need to send a message to the integration server and have it look after the interface.

A second purpose for locating these interface services on the Integration server concerns security. There is a firewall between the web server and the integration server and the web server need have no knowledge of all the back-end addresses. Many location do not want a server located in the DMZ to have access directly to sensitive data and systems. In this case the web server can only send messages to the integration server, nowhere else.

Close [x]

Web Server Redirector Node

In order to separate the Web server from the application server, a so-called Web Server Redirector Node (or just redirector for short) is introduced. The Web server redirector is used in conjunction with a Web server. The Web server serves HTTP pages and the redirector forwards servlet and JSP requests to the application servers. The advantage of using a redirector is that you can move the application server behind the domain firewall into the secure network, where it is more protected than within the DMZ.

Close [x]

LDAP

Lightweight Directory Access Protocol (LDAP) refers to the protocol that is used to communicate from a calling program (running on a node such as a Commerce Server) and a Directory Node. Information is kept on the LDAP-based directory node about such topics as people and/or services.

For example, the directory could be used to store information needed to identify registered shoppers (referred to as authentication). It could also be used to store information about what functions those shoppers are allowed to perform after being identified (referred to as authorization).

Close [x]

User Node

The user node is most frequently a personal computing device (PC) supporting a commercial browser, for example, Netscape Navigator and Internet Explorer. The browser is expected to support SSL and some level of DHTML. Increasingly, designers need to also consider that this node might be a pervasive computing device, such as a Personal Digital Assistant (PDA).

Close [x]

Domain Name Server (DNS) Node

The DNS Node assists in determining the physical network address associated with the symbolic address (URL) of the requested information. The Domain Name Server Node provides the technology platform to provide host to IP address mapping, that is, to allow for the translation of names (referred to as URLs) into IP addresses and vice versa.

Additional Resources

  • (in English) ESS

Close [x]

Existing Applications and Data Node

Existing applications are run and maintained on nodes, which are installed in the internal network. These applications provide for business logic that uses data maintained in the internal network. The number and topology of these existing application and data nodes is dependent on the particular configuration used by these legacy systems.

Close [x]

Directory and security services node

The directory and security services node supplies information on the location, capabilities, and attributes (including user ID/password pairs and certificates) of resources and users known to this Web application system. This node can supply information for various security services (authentication and authorization) and can also perform the actual security processing, for example, to verify certificates. The authentication in most current designs validates the access to the Web application server part of the Web server, but this node also authenticates for access to the database server.

See Also

Additional Resources

  • (in English) ESS

Close [x]

Database server node

This Node's function is to provide persistent data storage and retrieval in support of the user to-online buying transactional interaction.

Customer related data that is stored is relevant to the specific business interaction, for example, the shopping cart and shipping address information. Some sites are registering users and storing customer profile data such as address, clothing sizes, preferences, and gift wish lists that others can access when buying presents. Most sites today do not store credit card information on this server for security reasons.

Also stored here is the product and catalog information used to dynamically build HTML pages for presentation during the shopping process.

The mode of DB access is perhaps the most important factor determining the performance of this Web application, in all but the simplest cases. The recommended approach is to collapse the DB accesses into a single or very few calls. This can be achieved using coding and invoking Stored Procedure Calls on the database. Typically many commerce servers share only one database server in a high volume site, so the technology to implement this node must be able to scale vertically.

Close [x]

Public Key Infrastructure (PKI)

PKI is a system for verifying the authenticity of each party involved in an Internet transaction, protecting against fraud or sabotage, and for nonrepudiation purposes to help consumers and retailers protect themselves against denial of transactions. Trusted third-party organizations called certificate authorities issue digital certificates -- attachments to electronic messages -- that specify key components of the user's identity. During an Internet transaction, signed, encrypted messages are automatically routed to the certificate authority, where the certificates are verified before the transaction can proceed. PKI can be embedded in software applications, or offered as a service or a product. e-business leaders agree that PKIs are critical for transaction security and integrity, and the software industry is moving to adopt open standards for their use.

Close [x]

Protocol Firewall Node

A firewall is a hardware/software system that manages the flow of information between the Internet and an organization's private network. Firewalls can prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets, and can block some virus attacks -- as long as those viruses are coming from the Internet. A firewall can separate two or more parts of a local network to control data exchange between departments. Components of firewalls include filters or screens, each of which controls transmission of certain classes of traffic. Firewalls provide the first line of defense for protecting private information, but comprehensive security systems combine firewalls with encryption and other complementary services, such as content filtering and intrusion detection.

Firewalls control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

  • Screening routers, (the Protocol Firewall)
  • Application gateways (The Domain Firewall)

A pair of Firewall Nodes provides increasing levels of protection at the expense of increasing computing resource requirements. The Protocol Firewall is typically implemented as an IP Router.

See Also

Additional Resources

  • (in English) ESS

Close [x]

Domain firewall node

A firewall is a hardware/software system that manages the flow of information between the Internet and an organization's private network. Firewalls can prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets, and can block some virus attacks -- as long as those viruses are coming from the Internet. A firewall can separate two or more parts of a local network to control data exchange between departments. Components of firewalls include filters or screens, each of which controls transmission of certain classes of traffic. Firewalls provide the first line of defense for protecting private information, but comprehensive security systems combine firewalls with encryption and other complementary services, such as content filtering and intrusion detection.

Firewalls control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

  • Screening routers (the Protocol Firewall)
  • application gateways (The Domain Firewall)

A pair of Firewall Nodes provides increasing levels of protection at the expense of increasing computing resource requirements. The Domain Firewall is typically implemented as a dedicated server Node.

See Also

Additional Resources

  • (in English) ESS