Novell Home

Web Site Maintenance Solution Using iChain/ICS and DirXML

Novell Cool Solutions: Feature
By Cary Andrews

Digg This - Slashdot This

Posted: 15 Feb 2001
 

Version: iChain 1.5

Down time for a company's web site means lost revenue. A company conducting business on the Internet needs to ensure that their web site functions continually, with no interruption of service due to outside attacks or internal maintenance. With two mirrored systems, one on-line (production) and one off-line (development or backup), a company can more easily limit, or even eliminate, downtime of their web site. Novell's iChain/ICS and DirXML technologies make it possible to set up a customer web site maintenance solution to ensure the continual operability and reliability of their systems, while maintaining the ability to modify, enhance, and improve the system. iChain/ICS provides secure access to the web servers while DirXML provides real-time synchronization of the data between the production system and the development or backup system.

iChain Architecture

Refer to Figure 1 during the following explanation of the system components.

Figure 1: iChain/ICS system architecture

The proxy server is a NetWare 5.1 server hosting the ICS appliance. It is setup and configured either in the factory or on site. The proxy server receives user web page requests, authenticates the users, and dispatches the requests to the proper web servers. It provides the secure access to a company's back end web servers and caching of the web pages.

The authentication server is a NetWare, NT, or Solaris box running NDS. It stores the company's web site user accounts in NDS. When a user browses to the company's web site and attempts to access a secured web page, iChain/ICS presents the user with a logon page where the user enters a name and password. The system will then access the authentication server to authenticate the user through NDS. Once authenticated the user has full access to the web site according to the access controls set up via iChain/ICS.

The community server provides the means for users to access a company's web site through predetermined "communities," set up by the company. These communities can provide access based on any number of characteristics: demographic, geographic, interests, etc. Routing and access controls set by the company provide the user with full access to those areas established by the communities.

The final piece of each system is the actual web server or servers where the company stores its web pages. Access to the web servers is controlled by setting up protected resources via the iChain/ICS components on all three servers above. Legacy or new web servers require no modification or component additions to be incorporated into the iChain/ICS system.

DirXML Architecture

Refer to Figure 2 during the following explanation of the system components.

Figure 2: DirXML system architecture

The DirXML technology is composed of several different components. Its main purpose is to provide for the clean movement of data between NDS and any application, directory, or database. To accomplish this, DirXML has a well-defined interface that takes NDS data and events and translates this into XML format. This interface allows the data to flow in and out of NDS in a bi-directional manner.

The data that flows between NDS and the target database will be managed and processed based on the subscriber and publisher channels. These are the means of linking the event systems of both NDS and the target database together so that data flows based on its dynamic characteristics. The control of the data managed by the publisher and subscriber channels is governed by filters applied to each channel. These filters determine which object classes and attributes will be accepted into the channels.

A database-specific piece of code, which knows how to communicate with the target database, is used to hand-off the data to the database once the data has been processed by DirXML. This is called the Database Shim (DB Shim). Shims have been developed to support many popular databases, including NDS. Because NDS is a database it is possible to use DirXML between two NDS databases using the NDS to NDS DirXML connector.

Solution Architecture

Refer to Figure 3 during the following explanation of the system components.

Figure 3: Completed solution architecture

Overview

The web site maintenance system architecture consists of two (or more) iChain/ICS systems set up to provide caching and secure and reliable access to one or more web servers. The two systems, production and development, are completely self contained and are duplicates of each other with the exception of the web access IP address. This duplication is done through the software, not the hardware. The production system is normally accessed by users on the Internet via a public IP address. The development system is accessed by internal personnel via an internal IP address. Each system is fully functional, with the production system being on-line during normal operating conditions.

When a user accesses the web site he enters the production system by logging into an existing account or by creating a new account, a service provided by the web site. The account information is kept in NDS on the authentication server/tree. Because the production and development systems are setup for synchronization via DirXML, account information, modified or new, is copied to the development system. This maintains the development system up to date with all the current real-time users and their account information, including passwords.

System Backup

As stated above, the production and development systems are essentially mirrors of each other. As a result, the development system provides a backup for the production system should a system failure occur. Should such a failure occur, the network administrator can simply change the routing so that users are sent to the development (or backup) system. Downtime is reduced to the time it takes to change the IP address routing, and users will have all their account data present and up to date.

System Development

For a company on the Internet to stay competitive they must evolve. Improvements in their business will necessitate changes in their web site. However, making changes to the on-line production system in a one-system environment requires system down time and testing. The testing is often done with data that has been fabricated for testing purposes. With the iChain/DirXML solution, development work and testing can be done with no effect on the on-line system and no down time at all. Because the data is actual account data replicated from the production system, testing is completely accurate. When the development is completed, tested, and ready for deployment, the IP address routing can be switched over to the development system while the production system is updated. When that is done the routing is changed back to the production system. No downtime is experienced.

System Maintenance

Periodic maintenance of hardware is always required by any company using electronic equipment. With a one-system environment, maintenance requires downtime. With the solution shown here, hardware maintenance can be done on one system while the other carries the load. Switching between systems when there is no equipment failure will not result in any downtime at all since all routes can be active during switching. Once the maintenance is complete the system routing can be returned to normal. No downtime is experienced.

Initial Installation and Setup

If the system is brand new, installation and setup is done per the iChain/ICS and DirXML documentation. Each system is setup and configured independently of each other and then connected with the DirXML connector.

If a one-system environment already exists, adding a second system requires installation and setup on the second system per the iChain/ICS and DirXML documentation. The first system would then need to have the DirXML driver installed and setup so as to be able to communicate with the second. This however, does not require any downtime on the first system if it is on-line or in production. Once the second system is up and running, DirXML will replicate all the NDS information from the first system to the second. No downtime is experienced.

If a multi-system environment already exists where none of the systems are using iChain/ICS or DirXML, it will require installing the products on one system, checking the operation, and then installing the products on the other system. In this scenario, and where one of the systems has all of the users and the other doesn't, DirXML can be used to replicate the users from one system to the other initially. Then, once both systems are up and going, DirXML can be used to continually synchronize the users in both systems.

Success Story: EssentialTalk Network, Calgary, Canada

Overview

In December 2000 EssentialTalk Network went through a successful upgrade from iChain 1.0 to iChain 1.5. The company was running a two-system environment consisting of a production network and a development network. They were on-line with their production system with approximately 5000 user accounts stored in NDS on their ICS proxy server. Because iChain 1.5 changed the storage configuration, it was necessary to move all of the user accounts off their existing proxy server onto the new authentication servers. The goals of the upgrade were as follows:

  • Upgrade both systems to iChain 1.5
  • Preserve all the user account information, including the user's passwords
  • Ensure the production and development systems were duplicates of each other
  • No downtime for their on-line broadcast and web site

Details

EssentialTalk's production system had four servers: proxy, community, NIMS, and Oracle. Their development system was similar, but not exactly the same. The course of action chosen was to upgrade the development system first, transfer the users from production to development using DirXML, upgrade the production system, then replicate the users back to the production system.

The upgrade of the development system to iChain 1.5 went smoothly. iChain installed and configured as planned. The web pages of their web site needed to be modified only because iChain 1.5 had changed some of the files used in self registration. Once the modifications were completed, the web site was tested completely to ensure compatibility. Test accounts were created and were stored on the authentication server. The community services were also installed on the web server. This decision was made by EssentialTalk to conserve hardware. The configuration worked with no problems.

Transferring the users from the production system to the development system had problems, but they were not related to the DirXML product. The production server used to host DirXML needed to be upgraded to the Tao NDS (NDS 85.01r). The upgrade did not work correctly the first time because the server chosen was not holding the master replica of the root partition of the tree. Another server was chosen, made the master replica, and then upgraded to Tao. The upgrade was successful. DirXML was installed on that server and on the authentication server in the development system. The NDS to NDS connector was used to copy the users onto the development system and it worked flawlessly. Once the users were in the development system several logins were performed using actual accounts and all were successful. All the user account information and passwords were copied correctly.

The next step was to transfer the routing and on-line broadcast to the development system so as to maintain the web site. This was accomplished with no downtime or interruption of service. At this time then, the development system was carrying the load of EssentialTalk's system, both the web site and on-line broadcast.

The production system was then powered down and upgraded to iChain 1.5. This went smoothly. It was setup in the same configuration as the development system: proxy server, authentication server, and community/web server. The web site server was tested to ensure it was working correctly, which it was.

Next, DirXML was installed on the authentication server, which was holding the master replica of the production system tree. The first attempt at installing DirXML was unsuccessful because, it was believed, there was an obituary or other problem in the directory that prevented complete installation. During the second attempt at installing DirXML a new object name was used for the DirXML driver folder/object, and it installed without any further problems. The result was a several hour delay, but it did not impact the overall success of the upgrade. When the NDS to NDS connector was configured and enabled, all of the user account information was then replicated from the development system to the production system without any problems. Again, test logins were performed to ensure all account information was present and accurate, which it was. The production and development systems were now mirrored, i.e., duplicates of each other.

The last step was to reroute the public traffic to the production system. This required moving some of the wires in the routing boxes and changing one IP address in the iChain accelerator configuration. This was done, the ICS box was rebooted, and the system came up without any errors. Web site access was tested, account access was tested, and the thumbs up was given. Total downtime for the on-line system was only six (6) minutes. The on-line broadcast was never interrupted; only web site access and account access were unavailable during that time.

Summary

The system upgrade was successful. All of the goals were met, and met with only six minutes of downtime, actually exceeding EssentialTalk's expectations. The use of iChain and DirXML as a solution for mirroring their production and development systems was of great benefit to them, and they would like to make that solution permanent. This experience has shown that iChain and DirXML can be used together to make a very efficient and reliable solution for maintaining web sites and ensuring the continued operation of those sites with minimal interruption of service.

Corporate Information, EssentialTalk Network

The EssentialTalk Network is the internet's first, truly interactive talk media network. They are focused on building a large listening audience by offering compelling discussion topics, popular show hosts, note-worthy guests, and interactive dialog between the hosts and guests via dynamic discussion forums. EssentialTalk is funded by advertising and Business-to-Business relationships with partners who use the power of iChain Communities to transparently integrate EssentialTalk's interactive content into their own websites. Currently, they focus on primarily a North American audience, but plans to enter international markets are underway. EssentialTalk has over 20 hosts, several of whom broadcast remotely from different cities and since their launch in October have already attracted over 5,000 members.

For further information on EssentialTalk, please contact Dr. Mark Genuis, CEO, via e-mail to mark@essentialtalk.com or visit their website at http://www.essentialtalk.com.

For More Info

For more information about the products involved in this solution, see the following:

For more information about Novell Consulting Services, see this page.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell