Tuesday, August 25, 2009

TimeTrak: The Webserver

Whenever you do web development, you will inevitably have to use a web server. I use the term 'web server' to generally mean HTTP servers, webservers, and application servers. If your website only dishes out HTML and other static content without server-side processing, you probably just need an HTTP server. If you expect dynamic content and server-side processing, perhaps a webserver is what you need. If you'll be running (web-oriented) programs and services, heavyweight back-end processing, or on vendor-specific stacks, etc, you should research application servers. Application servers can do everything webservers do, and webservers can do everything HTTP servers do.

The choice of a web server depends on the programming language that will be used to implement the business layer (applications, data processing, business rules, generation of content, etc). Don't forget that some web servers might be supported on specific operating system platforms as well e.g. IIS is a Microsoft-only deal. Others can be vendor-specific, requiring you to use their database programs or hardware. Web servers can cost anywhere from free/open-source (e.g. Apache Tomcat) to very expensive enterprise class subscriptions (e.g. Microsoft Web server). The cost is usually for value-added services and features beyond basic web-serving such as multi-processor support, load balancing, clustering, security, availability/redundancy, technical support, or other vendor-specific bells-and-whistles.
The web server is where your application architecture is implemented. The web application will depend heavily on the services provided by the web server, including database access and security.

TimeTrak shall be implemented in Java, and will only need a webserver such as Apache Tomcat. With this setup, I can use the JSP/Servlet container to generate dynamic content, and a JDBC-compliant driver to access the database. I can use the full power of the Java programming language to implement the web application. The business layer shall be implemented with Spring MVC, and data layer with Hibernate. Your choice of web server must support your architecture decisions squarely. This is why some businesses prefer stacks such as those from JBOSS, IBM, or Oracle. Other decisions you must consider before choosing a web server include: how you will be building and deploying the application, testing strategy, and security. Make sure your customer is on-board with the decision, as it is potentially the most expensive if you had to change things completely.

A note about security: after installing a web server, take time to lock it down, as it is the gateway to the outside world. A lot of website security breaches take advantage of web server default settings and other vulnerabilities for which patches and best practices would have saved the day. Make sure you are aware which ports the web server opens, or operating system services it depends on, and secure them accordingly.

Other reading:
http://www.sun.com/bigadmin/content/developer/howtos/webserver_part1.html
http://tools.devshed.com/c/a/How-To/How-To-Choose-The-Web-Server-For-You/
http://webdesign.about.com/cs/webservers/bb/abwebservers.htm