Professional Documents
Culture Documents
Lecture 3:
Client/Server Databases Environment
1
CLIENT/SERVER
ARCHITECTURE
2
Evolution of DBMSs - Modeling
Flat-file system
Often text files for sequential access
© H. Afsarmansesh, 2003
Evolution of multi-user DB environment
Mainframe-based environment
All applications run directly on the main system
Client/Server environment
Operates in networked environments
Client/Server architectures
FAT CLIENT
LAN/
WAN
Thinner CLIENT
LAN/
WAN
Selected
11
Thinner Client:
Processing power only required at the Database server
Authorization, integrity, query/update only at Database
server
Fatter Server:
Processing power and larger memory in one location
Stored procedures can be defined and run at Database
server
A piece of code in the DBMS language (e.g. Oracle’s PL/SQL)
Creates DBMS dependency
Decreased performance
12
© H. Afsarmansesh, 2003
Two-Tier Database Server Architecture – 2 layers
Stored procedures:
Reduce the network
traffic
Improve security
13
Thin CLIENT
LAN/
WAN
Application layer
Application
Server
Database
Server
DB server layer
14
15
A. Benabdelkader ©UvA,
2002/2003
Advantages of 3-tier compared to 2-tier
3-tier architecture is a popular choice for Internet
applications and Net-centric information systems
The architecture provides an increased level of:
Scalability
The load between layers can be measured and adjusted
Flexibility /Reusability
Loose coupling among the data and application
Less reliance on proprietary DBMS languages
Easier to change the DBMS
Performance / Reduced risks
Lower load on client and division of load between the application
layer and the server layer
Lower long term costs
For maintenance and changes in the configuration 16
© H. Afsarmansesh, 2003
Client/Server Architecture - Types of Clients
Fat clients
Client does most of the work
Relatively large and complex
Thin clients
Client is simple and light
A PC configured for handling user interfaces
Limited storage
17
© H. Afsarmansesh, 2003
Client/Server Architecture – Application partitioning
Partitioning a Database application
There is no one optimal client/server architecture
interoperability
Decisions must be made about the placement of the
processing logic
How to partition the environment into two-, three-,
or n-tier architecture
19
Data on the Web sites
20
22
A. Benabdelkader ©UvA, 2002
/2003
Advantages of Web-Databases
DBMS support
data structure, security for access, query languages,
etc.
Platform independence
Standardization
through standard database connectivity layers
Catalogs
Directories (e.g. Yellow pages)
Online-Shopping
Online Auctions
Training courses
Resource libraries
Surveys
Financial Analysis
…
25
© H. Afsarmansesh, 2003
Approaches to Integrate Web and DBMSs
…
26
Presentation Logic
Web browser Tier 1
27
A. Benabdelkader ©UvA, 2002
/2003
Three-Tier Database Architecture
Three layers:
Client (GUI interface, I/O
processing)
the Browser
Application server (Business
rules)
the Web Server
Database server (Data
storage)
the DBMS
28
Connolly © Addison Wesley, 2002
Client/Server Database Environment
‘Thin’ client, requires less power/cost hardware at
the client side
Application maintenance is centralized
Easier to modify or replace one tier without
affecting the others
Separating business logic from database functions,
makes it easier to implement load balancing
Maps quite naturally to the Web environment
…
29
Challenges:
High short-term costs
Tools and training
Incompatible standards
Interaction with Legacy databases
30
31
34
Challenges in Managing Websites
35
38
1- Network-level security
create an account with a user name and password
Web server and DB server on separate LAN away from
other business systems
Minimize sharing of hard disks among servers
Regular monitoring of network and firewall logs
Install probe (attack)-monitor software
39
© H. Afsarmansesh, 2003
Variety of Security levels for C/S Environment -2
2- Operating system-level security
Patch (fix) all known OS vulnerabilities and look
for new ones
Install anti-virus software for: the system boot-
time, file download time, and the email reception
time, for virus detection
Monitor server logs for unauthorized activity, e.g
using IDS Intrusion detective system
Disable non-required services to reduce risk of
unauthorized access, e.g. sending automatic emails during an
Internet access, that is allowed by the OS, should be disabled
40
© H. Afsarmansesh, 2003
Variety of Security levels for C/S Environment - 3
3- Web-server-level security
Restrict number of users on Web server
- Give as few as possible “super users” and administrator
rights
Restrict the access (minimize number of open ports)
- http and https only, if possible
Remove unneeded programs that load automatically when
setting up the server
- Delete demo programs that give hackers the access
details
desired
- Restrict CGI scripts (have security problems) to one
subdirectory
For Unix, only install minimum software for Web server
- Do not boot the default OS that provides a lot of added 41
45