Skip to main content

Electronic Commerce::Enterprise-out application pattern::Runtime patterns

The Patterns Process: Runtime patterns

After you choose an appropriate Application pattern to meet your e-commerce needs, it is time to select the specific Runtime pattern used to design your solution. The Runtime pattern uses nodes to group functional and operational components. The nodes are interconnected to solve a business problem. Each Application pattern has at least one corresponding Runtime pattern. These runtime patterns are based on the Enterprise Solution Structure (ESS) Thin Client Transactional Pattern and are a representative solution for the Electronic Commerce composite pattern.

Each Runtime pattern may have additional variations as well, including:

Depending on the customer requirements, you might need to extend variations or combine them to achieve desired results.

Overview

This is the preferred Electronic Commerce runtime pattern because it provides immediate confirmation of order completion, combined with other information such as shipping details and volume discount pricing. This Runtime pattern utilizes either a (preferred) synchronous or asynchronous connection to back end systems to provide online access to back end systems during checkout and order completion. Enterprise-out designs are based on the ESS Online Buying Reference Architecture. and represent a starting point for selling merchandise over the Web when integration with existing enterprise back-end systems is used to Web-enable existing commerce systems.

The following diagrams are composed of logical nodes that represent a collection or grouping of the major building blocks of the solution. Nodes are used by a lead architect to describe the design at a logical level. They contain a set of components that provide either infrastructure or application functionality. Examples of infrastructure components that could run on a commerce server node include Web servers, Java Virtual Machines, and TCP/IP stacks. Examples of application components that could reside on a commerce server node include HyperText Mark-up Language (HTML) pages, Java, and CGI programs developed by the programming team. Logical nodes map to product instantiations in our next step called "product mappings." In some cases the logical node maps one-to-one to a physical machine; however, this is not always the case. Multiple nodes can be mapped to one machine, or a single logical node can be spread across multiple physical machines.

Enterprise-out application pattern: Runtime pattern

Enterprise-out application pattern::Runtime pattern Retail Customer Protocol Firewall Dispatcher Commerce Server Domain Firewall Integration Server System Management Directory Security Application Database Server Content Creation and Management
(Click a node to get a detailed explanation.)

Enterprise-out basic online shopping process

  1. From a Web browser client, the shopper connects to the commerce site by entering the Web site URL and does one of the following:
    • Logs in to the commerce site if the user is recognized as a registered shopper from a profile on the database server
    • Browses the site anonymously
    • Enters profile information to become a registered user
  2. The user then interacts with the pages of the site. These are either static pages from the commerce server or pages dynamically built with information from the database server.
  3. The user adds items to a shopping cart. The data for the shopping cart is stored on the database server along with required session state information. A cookie is sent to the client browser. This cookie helps the commerce server track the progress of the customer interactions on the commerce site and connect users with their shopping cart.
  4. When the shopper wants to buy (or check out the shopping cart) one of two implementations is taken:
    1. An interaction is performed through the integration node to access the back-end application nodes (such as order processing, pricing, inventory, credit, and shipping) and immediately provide feedback to the shopper such as confirmations and delivery dates. This is the preferred approach.
    2. The less preferred approach is to store the submitted order on the database server for later submission using batch processing. Acknowledgment that the order has been submitted is sent back to the shopper from the commerce server to the Web browser. An e-mail confirmation of delivery, out of stock conditions, and credit problems is later sent by the back-end processing systems. From a user's viewpoint this approach lacks features such as immediate inventory validation, order completion, and estimated shipping details. From the company's viewpoint, this approach provides less direct control of order completion and shipping processes. This approach is similar to the Web-up approach, except that it provides more automated linkage to the batch processes.

Typically, the logon process uses registration data on the database node to identify registered shoppers and encryption technology, such as Secure Sockets Layer (SSL), to protect sensitive transmissions (for example, credit card or address information).

Currently, most sites do not use digital certificates. This Runtime pattern includes directory and security nodes, indicating that the use of technologies such as Lightweight Directory Access Protocol (LDAP) directories and digital certificates is likely in the future. The content creation and management node represents the functions required to create and administer the data on the database and commerce server nodes.

The "ESS Reference Architecture", used by IBM Global Services when delivering online buying projects, provides a much more detailed flow of how this process works and the way the infrastructure interacts. It also provides detailed descriptions of the nodes, including their functions and infrastructure components. The ESS Reference Architecture provides information required to obtain vendor quotes for products necessary to physically implement the logical Runtime pattern.

Enterprise-out application pattern: Runtime pattern=Variation 1

Enterprise-out application pattern: Runtime pattern Example
Content Creation and Management Domain Firewall Domain Firewall Dispatcher Protocol Firewall Database Server Application Application Application Commerce Server Retail Customer Integration Server System Management Security Directory
(where supported, e.g. WebSphere Commerce Suite V5.1)
(Click a node to get a detailed explanation.)

Enterprise-out application pattern::Runtime pattern=Variation 2

Though created for the Electronic Commerce::Web-up application pattern, Variation 2 might prove useful for an enterprise establishing an Enterprise-out solution, because it can provide enhanced load balancing and availability functionality through the use of a duplexed web server and commerce application server. To review this design, visit Web-up Variation 2.

Enterprise-out application pattern: Runtime pattern=Variation 3

Enterprise-out application pattern: Runtime pattern Example
Content Creation and Management Domain Firewall Domain Firewall Domain Firewall Dispatcher Protocol Firewall Protocol Firewall Database Server Application Application Application Commerce Server Retail Customer (Click a node to get a detailed explanation.)

Each project team might need to modify the basic node diagram of how the logical architecture works to accommodate individual client requirements. This variation shows the modifications to produce a client-specific diagram for a major site.

The outsourced commerce front end in this example is connected using a synchronous link to in-house back end order processing systems. The previous example follows a major clothing retailer that wants to expand their sales to the Web. The company intends to outsource the Web front end to the IBM Universal Server Farm and have the back end reside on the company's host systems in their data center. The IBM Universal Server Farm refers to a set of outsourcing sites run by IBM. Server technology from multiple vendors is operated by IBM on behalf of organizations that would rather not manage their own server operations. Frequently in online buying sites, the nodes in the Demilitarized Zone (DMZ) front end and the database server node are outsourced. These are then networked to the company's own data center for back-end order processing.

The reasons for implementing their Web channel with the Enterprise-out runtime pattern variation are discussed below in "Reasons for architectural approach." This approach is quite close to the basic Runtime pattern, but differs in the following ways:

  • The front end commerce site is outsourced and hosted at the IBM Universal Server Farm.
  • The back end resides at the company's in-house data center. Modification here includes communication between the DMZ and the internal network taking place over the Internet using a secure connection between two firewalls (firewalls 4 and 5). This also implies TCP/IP communication to the back end.
  • The retailer chose the preferred approach of linking to the back end order entry systems in a synchronous and online manner. The reasons for this are listed below in "Reasons for architectural approach."
  • A separate batch link exists for publishing and maintaining data that is necessary for administration of the site.

Reasons for architectural approach:

The company had a mandatory business requirement that users have immediate confirmation of orders with shipping, discounts, and pricing information. This data was to be provided through the back end order processing systems. The company was providing immediate confirmation of call center orders and did not want less functionality for its Web customers. The company needed to support the existing call center. The back end systems were already in place with server interfaces and sufficient hours of operation. It was relatively easy to use the same interfaces to support Internet access.

Next, review product mappings.

Close [x]

Retail Customer Node

This Node is a personal computing device, such as a PC, supporting a commercial browser (e.g. Netscape Navigator or Internet Explorer). The level of the browser is expected to support SSL and some level of DHTML. Most online buying implementations will send a "Cookie" to the browser on this node in order to maintain the shopping session. The cookie will contain a session id, which can be used to reconnect with a partially filled shopping basket or order and to re-establish the conversation for each interaction.

Close [x]

Protocol Firewall Node

Firewalls provide services that can be used to control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

  • Screening routers (the protocol firewall in this design)
  • Application gateways (the domain firewall)

The two firewall nodes provide increasing levels of protection at the expense of increasing computing resource requirements. The protocol firewall is typically implemented as an IP router, while the domain firewall is a dedicated server node.

Additional Resources

  • (in English) ESS

Close [x]

Network dispatcher node

The load balancer, or dispatcher, node provides horizontal scalability by dispatching HTTP requests among several, identically configured Web servers.

Additional Resources

  • (in English) ESS

Close [x]

Commerce server node

This node provides the infrastructure for application logic and can be part of a commerce server node. It is capable of running both presentation and business logic.

Close [x]

Domain firewall node

Firewalls provide services that can be used to control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

  • Screening routers (the protocol firewall in this design)
  • Application gateways (the domain firewall)

The two firewall nodes provide increasing levels of protection at the expense of increasing computing resource requirements. The protocol firewall is typically implemented as an IP router, while the domain firewall is a dedicated server node.

Additional Resources

  • (in English) ESS

Close [x]

Integration Server Node

The purpose of this node is to interface between any front end access channel, such as the web, a call center, or a client/server ("fat client") PC, and whatever back-end application system is needed (including applications from other companies). It will perform the following kinds of services:

  • Convert protocols from the front end to match whatever the back-end systems understand
  • Decompose a single message from the front end (such as a web server) into several back-end messages (or transactions), and then re-compose the replies
  • Navigate from the front end to whatever back-end system needs to be accessed
  • In more complex cases, control the process or unit of work for a number of back-end interactions based on a request from the front end

The intent is to relieve each front end from having to handle the complexity of interfacing with potentially multiple back-end systems, which may be in different companies. The front end (such as the web server should just need to send a message to the integration server and have it look after the interface.

A second purpose for locating these interface services on the Integration server concerns security. There is a firewall between the web server and the integration server and the web server need have no knowledge of all the back-end addresses. Many location do not want a server located in the DMZ to have access directly to sensitive data and systems. In this case the web server can only send messages to the integration server, nowhere else.

Close [x]

Systems Management Node

This node is a logical representation of the functions required to manage all the nodes and components in the system, including the management of problems, changes, performance, configuration of assets, and others.

There are usually two aspects to systems management:

  • A managing aspect (with server components running on one or more systems management servers)
  • A managed aspect (with systems management client components running on every node in the system)

For example, there should be client components running on every node, which are able to accept and install changes sent from a change management server. The changes may be either pulled from the client on demand, or pushed from the server with centralized control. On critical nodes, there may also be problem management components that send a "heartbeat" back to a central monitoring site. If a heartbeat is missed, the managing site raises an alert.

It is important to remember that there is not only a server side but also a client side to systems management. The client side needs to reside on all nodes in the system. The one exception would be unmanaged workstations of the general public or of other business partners. In these cases, a particular organization would have no control and limited ability to provide systems management.

Close [x]

Security Node

This node is a logical representation of the functions needed to manage the security of a system. It works in conjunction with the Directory Node. Think of the directory as the repository that holds:

  • Data about security such as user IDs and associated passwords, or digital certificates (used to authenticate a user)
  • Lists of services that a user is authorized to perform (authorization or access control)

Think of the security node as holding the set of components that define the decisions to be made. The node may perform the actual security processing; for example, verify certificates. The authentication in most current designs validates the access to the Web Application Server, but it can also authenticate the access to the Database Server.

The security domain describes the components needed to implement the technical dimension of security and how these components interact to implement the technical aspects of a security policy.

The components that implement security are distributed throughout the network. It's unlikely there's a node in the system that does not include some components implementing some aspect of security. The Security Node represents centralized services that support security on other nodes.

The treatment of security combines network design for security with a particular emphasis on achieving a secure implementation of Internet and Intranet network access. Security is built by use of the following security services:

  • Confidentiality: providing privacy by protecting sensitive information from access unless authorized
  • Identification and Authentication: identifying entities, verifying their identities, and assuring individual accountability
  • Access Control: providing mechanisms for granting access to authorized and authenticated users
  • Data Integrity: providing detection of the unauthorized modification of data
  • Non Repudiation: assuring that any transaction that takes place can subsequently be proved to have taken place (also called accountability)
  • Isolation: providing protection by isolating a resource and therefore restricting potential access to it
  • Audit: monitoring and review of security-relevant events

Together these services must provide end-to-end security, integrating security facilities across heterogeneous environments.

Close [x]

Directory Node

Directory Services provides an integrated LDAP server that easily integrates with other LDAP servers to provide for the directory needs of an e-business solution.

Close [x]

Application node

Existing applications are run and maintained on nodes that are installed in the internal network. These applications provide for business logic that uses data maintained in the internal network. The number and topology of these existing application and data nodes is dependent on the particular configuration used by these legacy systems.

Close [x]

Database Server Node

The database server node's function is to provide persistent data storage and retrieval in support of the user-to-business transactional interaction. The data stored is relevant to the specific business interaction, for example, bank balance, insurance information, current purchase by the user, and so forth.

Note that the mode of database access is perhaps the most important factor determining the performance of this Web application, in all but the simplest cases. The recommended approach is to collapse the database accesses into a single call or very few calls. This can be achieved through coding and invoking stored procedure calls on the database.

Close [x]

Content Creation and Management Node

This node represents the functionality supporting the creation of the data that resides on the Database Server and Commerce Server Nodes. It also represents the function to manage and stage that data into production on the servers. The functionality of this node is quite broad, and might be thought of as encompassing an entire subsystem.

The timely synchronization of several Web Servers is sometimes achieved by using a Shared File System as the content storage, capitalizing on the replication capability of this technology.

Close [x]

LDAP

Lightweight Directory Access Protocol (LDAP) refers to the protocol that is used to communicate from a calling program (running on a node such as a Commerce Server) and a Directory Node. Information is kept on the LDAP-based directory node about such topics as people and/or services.

For example, the directory could be used to store information needed to identify registered shoppers (referred to as authentication). It could also be used to store information about what functions those shoppers are allowed to perform after being identified (referred to as authorization).

Close [x]

SSL

Secure Sockets Layer (SSL) refers to encryption technology which is commonly used between the browser on a users PC and a Web Server Node. It is used to protect the data in messages from being viewed in an un-authorized fashion while travelling over a TCP/IP network. It can also continue to protect the messages as they flow over internal TCP/IP networks between nodes after passing the web server.

Close [x]

Digital Certificates

A digital certificate is an electronic credential issued by a trustworthy organization such as a bank, credit union, or large company. The digital certificate vouches for an individual's, business's, or organization's identity and authority to conduct any transaction over the Internet. The issuing organization is called a Certificate Authority, or CA. VeriSign is an example of an existing CA.

Digital certificates address the issue of ensuring that the owner of a public key is really who he claims to be .This technology provides a mechanism to distribute public keys in a special format called a certificate. In addition to the key itself, the certificate contains information about the sender. The whole package is then signed by the issuing CA using its private key. The receiver of the certificate can then verify the CA's digital signature using the CA's public key. Digital Certificates are made available to the public through on-line directories based on X.500 standards.

Digital certificates are defined by the X.509 standard. A X.509 certificate is typically a small file that contains:

  • Subject's distinguished name
  • Issuer's distinguished name
  • Subject's public key
  • Issuer's digital signature
  • Validity period
  • Certificate's serial number

Close [x]

IBM Global Services

IBM Global Services refers to that organization within IBM that provides professional IT Services and Consulting.

Close [x]

IBM Universal Server Farm

IBM Universal Server Farm refers to a set of outsourcing sites run by IBM. Server technology from multiple different vendors is operated by IBM on behalf of organizations which would rather not manage their own server operations. Frequently in Online Buying sites, the nodes in the DMZ front end and the Data Base Server Node are outsourced. These are then networked to the company's own datacenter for backend order processing.

Close [x]

Enterprise Solution Structure (ESS)

Enterprise Solutions Structure (ESS) is a major IBM initiative to establish a standard architectural framework to support creation, reuse, and maintenance of architecture and design assets. These intellectual capital assets are used by IBM services practitioners for developing and delivering enterprise solutions. ESS draws on experiences with building customer solutions to distill "best practice" structures, models, and sample deliverables. The framework provides a rich set of architectural building blocks for solution architects and provides guidance on when and how to use this content to advantage. Specifically, this architecture provides a common, consistent approach for understanding and documenting business requirements via a business model, designing a logical architecture of key components and services, and finally, implementing a physical architecture based on actual products, platforms, and services.

The term "Reference Architecture" is used to refer to the collection of assets which as a whole describe how to implement a given type of business solution. For example, there is a reference architecture which shows how to implement a call center. There is another one which shows how to implement an online buying application. This site which provides Patterns for e-business is based to a large extent upon the ESS reference architecture assets. The intent is to share a summary of those reference architectures with you in this way.

See Also

Additional Resources