Friday, April 13, 2012

Web Servers Vs Application Servers

Before going to the comparison regarding web servers vs application servers, let us understand what is a computer server in the first place. A server is a computing device which is responsible for providing various services to its clients. The nature of these services can be anything, like file transferring, resource sharing, etc. Client and server systems provide functions such as centralized access to information, data storage and other resources. So this is what a server does generally. Now let us take a look at the comparison, specifically web servers vs application servers.

Web Servers Explained

When you are trying to explore a web server, you have to consider what hyper text transfer protocol (HTTP) is and then proceed further. HTTP is an application level protocol used for presenting hypermedia information system. Basically, this protocol is used when there are many different types of media involved. Well, web servers are those real or virtual machines that are responsible for delivering content. Clients are those machines or web browsers that request for any such content (HTML pages). Primarily, clients request for the content, but in some cases they have to deliver it as well (while submitting information for creating email accounts, etc.).

An example: Consider that you wish to create an email account. First you type the web address of the email service provider in your browser. The terminal from which you are accessing the website is the client in this case. Once you enter the address, you will see that the URL is changed and now it is starting with "http://...". This action is the indication that hypertext transfer protocol is being used. In a matter of seconds, you see that webpage of the email service provider are loaded onto your browser. This action indicates that the web server has provided content to the browser. And when you provide information to the website (for opening an account), you are basically sending information to the web server.

Important Issues for Security of Web Servers

Remove Unnecessary Services: It is the first thing that any administrator must do. Remove any unnecessary services so that any person with malicious intent does not take advantage of those services.
Remote Access: An administrator of the server must always try to login from a local terminal, so that any unauthorized access from outside can be restricted. Remote access as a policy should be completely denied (but this may not be a very practical solution).
Important Data on Separate Disk: It is a common experience that the data on the drive (same as that of OS) can be exploited by a hacker once he gains access to the root directory. Hence, this data should be placed in a separate disk drive.
Use Scanners: Scans for detecting viruses, malware and spamware must be performed regularly.

Advantages of Web Servers

Virtual Hosting: Used for hosting more than one domain name on the same computer.
Large File Support:They can even support files size in GBs.
Bandwidth Throttling: Using this method, they are able to serve many clients.

Application Servers Explained

Application servers are basically those servers which support the dynamic content requests by different applications. They can be looked upon as a software framework, which do the job of efficient execution of procedures. Application servers are dedicated or designed for handling specific applications such as database management systems like Oracle or MySQL. If the complexity involved in such an application is very large, then all the resources maybe dedicated to it. But this is a rare case, an application server is designed to handle many applications.

An example: Many times, the information that a client requests for needs a lot of computations. These computations maybe beyond the capabilities of the client itself. So they have to be done on the server, and then the results are sent to client. An ATM is a real-life example for this. An ATM does not credit or deposit any money in any bank account. This task is within the domain of the centralized servers of a particular bank. An ATM basically sends the request for withdrawal or deposit of the amount, these actions are then performed by the application server of the bank.

Important Issues for Security of Application Servers

Permissions and Privileges: If needless privileges are assigned to the application software, then a hacker can exploit these services. This way, other tasks of the server could also be hampered.
Monitor and Audit the Server: This is a very important task, as a lot of malicious attempts on the server are discovered by means of audit by itself. Besides, continuous monitoring of the network can help thwart an ongoing security breach.
User Accounts: Disabling all the default accounts that were created while installing the operating system is of paramount importance. A hacker taking advantage of such negligence is simply unacceptable.
Unused Modules and Application Extensions: Again, all the needless things which might take up resources should be removed. This includes unused application modules and extensions.

Advantages of Application Servers

Centralized Configuration: Some changes (like changing a setting for everyone) takes place centrally.
Security: They are able to provide better security to the data, as most of the computation takes place at server side.
Performance: In a heavy usage environment, the client server model provides better security.

This article on web servers vs application servers was an attempt to explain the differences between application servers and web servers. We can simply conclude that web servers are meant for handling webpages, whereas application servers are meant to handle web based as well as desktop applications.

Taking a big step back, a Web server serves pages for viewing in a Web browser, while an application server provides methods that client applications can call. A little more precisely, you can say that:

A Web server exclusively handles HTTP requests, whereas an application server serves business logic to application programs through any number of protocols.



Let's examine each in more detail.
The Web server

A Web server handles the HTTP protocol. When the Web server receives an HTTP request, it responds with an HTTP response, such as sending back an HTML page. To process a request, a Web server may respond with a static HTML page or image, send a redirect, or delegate the dynamic response generation to some other program such as CGI scripts, JSPs (JavaServer Pages), servlets, ASPs (Active Server Pages), server-side JavaScripts, or some other server-side technology. Whatever their purpose, such server-side programs generate a response, most often in HTML, for viewing in a Web browser.

Understand that a Web server's delegation model is fairly simple. When a request comes into the Web server, the Web server simply passes the request to the program best able to handle it. The Web server doesn't provide any functionality beyond simply providing an environment in which the server-side program can execute and pass back the generated responses. The server-side program usually provides for itself such functions as transaction processing, database connectivity, and messaging.

While a Web server may not itself support transactions or database connection pooling, it may employ various strategies for fault tolerance and scalability such as load balancing, caching, and clustering—features oftentimes erroneously assigned as features reserved only for application servers.
The application server

As for the application server, according to our definition, an application server exposes business logic to client applications through various protocols, possibly including HTTP. While a Web server mainly deals with sending HTML for display in a Web browser, an application server provides access to business logic for use by client application programs. The application program can use this logic just as it would call a method on an object (or a function in the procedural world).

Such application server clients can include GUIs (graphical user interface) running on a PC, a Web server, or even other application servers. The information traveling back and forth between an application server and its client is not restricted to simple display markup. Instead, the information is program logic. Since the logic takes the form of data and method calls and not static HTML, the client can employ the exposed business logic however it wants.

In most cases, the server exposes this business logic through a component API, such as the EJB (Enterprise JavaBean) component model found on J2EE (Java 2 Platform, Enterprise Edition) application servers. Moreover, the application server manages its own resources. Such gate-keeping duties include security, transaction processing, resource pooling, and messaging. Like a Web server, an application server may also employ various scalability and fault-tolerance techniques.

No comments: