Systemic Semiotic Design Practice:
Download
Report
Transcript Systemic Semiotic Design Practice:
BUSS 909
Office Automation & Intranets
Lecture 8
Internet, Intranets and Extranets:
Implementation and Management
Clarke, R. J (2000) L909-08:
1
Notices (1)
Students must organise themselves into
Teams in readiness for Assignment 3:
Each team must have 5 students, and must
nominate a Team Leader (if necessary a 6th
student may be allocated to a group)
Teams should, if possible, belong to the same
Tutorial Class
Team membership must be emailed to me prior
to Monday 7th September 12:30 (Week 9)
Clarke, R. J (2000) L909-08:
2
Agenda
Web Servers
Installation
Performance
Maintenance
Security- Firewalls
Testing
Client-side Testing
Server-side Testing
Maintenance and Integration
Web Site Maintenance
Web Applications
Clarke, R. J (2000) L909-08:
3
Web Server Installation
Clarke, R. J (2000) L909-08:
4
Web Server Installation
set up of Web Servers may be nontrivial; the steps are likely to include:
installing a pre-compiled server- for
example, HTTP Deamon Server (httpd)
from NCSA
compilation of a server- to produce the
required binaries
site specific configuration- for httpd you
are required to adjust the contents of
three files
Clarke, R. J (2000) L909-08:
5
Web Server Installation
Installation of the Server- move the
httpd server and its files and directories
to the required locations before starting
the Web Server
Starting the Server- often can run
servers in a prototyping mode for
testing (inetd) or in a standalone mode
for production
Clarke, R. J (2000) L909-08:
6
Web Server Installation
Mapping URLs to Documents- when a URL
does not include a directory path or a
filename, the web server:
either returns the contents of a file called
index.html
or, the file does not exist and the web server
automatically generates a directory index
(similar to ls-1)
Testing the Web Server- exercise the server
via a browser, should as a minimum provide
an index.html
Clarke, R. J (2000) L909-08:
7
Web Server Installation
Setting Up Home Pages- most often the
entry point to a web server is a home pagehome.html. Can have one or many
depending on the number of sites being
hosted
Delegating Document Tree Managementdiscussion has assumed that a single user is
using the web server
in reality content maintenance is the
responsibility of an authoring community- rights
to subdirectories etc
Clarke, R. J (2000) L909-08:
8
Web Server Installation
Conventions for Public Accessserver names should start with www
use a CNAME alias record that maps the web
server name to an actual system name
establish a so called webmaster alias- an email
alias that people can use to send comments, tips
on broken pointers etc.
use signatures on the bottom of HTML pages
mounted on the web server- often implemented
as Server Side Includes (SSIs)
Clarke, R. J (2000) L909-08:
9
Web Server Installation
Announcing the Web Server:
there are no formal procedures for this
but there are well-established norms
send announcement message to the mailing list
at [email protected]
post announcement message to
[email protected] - a CERN moderated
list of servers
send an announcement message to
[email protected] - an NCSA
moderated list
Clarke, R. J (2000) L909-08:
10
Web Server Installation
Apache Web Server Successful Installation!
Clarke, R. J (2000) L909-08:
11
Web Server Performance
Source: Yeager & McGrath (1996)
Clarke, R. J (2000) L909-08:
12
Web Server Performance
Document Distribution and Caching
each web server serves only one
document tree (see L909-06.PPT)
web servers ‘expose’ a seamless view of
information provided by the server, just
as a web browser provides a seamless
view of information on the web
the information provided by the server
may actually be stored and organised in
many different ways
Clarke, R. J (2000) L909-08:
13
Web Server Performance
Document Distribution and Caching
the web server acts as a translator between
a simple logical view of a document tree and
the physical view of files stored on the
server
users do not want to know the complex details of
physical storage but information providers must
understand this
web servers can be configured to provide
documents from a conceptually simpler ‘logical’
document tree rather than the complex ‘physical’
reality
Clarke, R. J (2000) L909-08:
14
Physical View of the Document Tree
Logical View of the Document Tree
root
web
bin
root
usr groups temp
sculpture graphics music
gargoyleproject
metallicaproject
gargoyle
metallica
interactive
gryphon
interactiveproject
gryphon
Mapping
/gargoyles
/metallica
/interactive
Logical URL to Physical Disk
Rules
ALIAS is the name of the
function within the Apache
Server that provides mapping.
MAP /gargoyles/*
MAP /metallica/*
MAP /interactive/*
Source: Yeager & McGrath 1996, 180
/groups/sculpture/gargoyle-project
/groups/sculpture/metallica-project
/groups/music/interactive-project
/groups/sculpture/gargoyle-project/*
/groups/sculpture/metallica-project/*
/groups/music/interactive-project/*
Clarke, R. J (2000) L909-08:
15
Web Server Performance
Document Distribution and Caching
the information service provider may
want the physical organisation as it is:
large servers may have thousands of
documents to serve- more convenient to
break documents into groups to store each
separately
no single logical view will service all the
needs of different users
Clarke, R. J (2000) L909-08:
16
Web Server Performance
Document Distribution and Caching
for high throughput systems it may
be necessary to reduce the load on
the server- two ways to do this:
allocate part of the document tree to
another server
Clarke, R. J (2000) L909-08:
17
Web Server Maintenance
Clarke, R. J (2000) L909-08:
18
Web Server Maintenance
Depending on the type and state of the web
server, it may be necessary to enhance its
capabilities by:
providing additional MIME types (Multimedia
Extension) if necessary
Enabling Server-side includes- similar to include
files in programming languages- however, they
can include not only files but variables
Automatic Directory Indexing- insurance against
users pointing to a directory URL rather than a
file URL when no index.html exists
Clarke, R. J (2000) L909-08:
19
Web Server Maintenance
Updating HTML Documents- don’t need to
reboot the server, just lay the new
documents over the existing ones
Managing/Analysing Log Files- on a
daily/weekly basis the systems
administrator should move or archive the
log files to prevent them from growing to
big- the process should be automated as
part of standard backup procedures
Clarke, R. J (2000) L909-08:
20
Web Server Maintenance
Moving Directory Structures- on occasion
parts of the document tree need to be moved
in order to cope with disk space constraints or
changing system environment
Mirroring Documents and Servers- mirror
(duplicate) part of another hosts directory tree
in order to speed up your server (fetch slow
graphics overnight), or in order to spread your
server’s load across another
Clarke, R. J (2000) L909-08:
21
Web Server Security
Reading 24: Lodin & Scuba (1998)
Clarke, R. J (2000) L909-08:
22
Web Server Security
Firewalls (1)
each company that connects to
WWW provides new opportunities for
crackers
the general solution to secure
internal networks is to construct a
guarded gateway called a firewall
Clarke, R. J (2000) L909-08:
23
Web Server Security
Firewalls (2)
firewalls are the first defense against
unwelcome visits to intranets and
extranets
firewalls comprise software and or
hardware which collectively form a
set of mechanisms that enforce
secure communications traffic
entering or leaving a network domain
Clarke, R. J (2000) L909-08:
24
Web Server Security
Firewalls (3)
firewalls have several different
topologies (as we will show shortly)
in general, firewalls are located
between the internal network and the
internet
an estimated one third of all Internet
connected machines are located
behind firewalls (Liu et al 1994, 497)
Clarke, R. J (2000) L909-08:
25
Web Server Security
firewalls prevent unauthorised
access between networks
it implies that decisions have been
made about what is allowed and
disallowed across the firewall
the decisions are based on the
security policy for the site
Clarke, R. J (2000) L909-08:
26
Web Server Security
firewalls work by examining the IP
packets that travel between the server
and the client
this approach enables the control of
information flow for each of the possible
internet services by
IP address
by port
in each direction
Clarke, R. J (2000) L909-08:
27
Firewalls- Security
(based on Lodin & Schuba 1998, 27)
Outside
(untrusted)
Network
LAN
Firewall
Clarke, R. J (2000) L909-08:
28
Firewalls- Security
attempt to maintain privacy by
protecting data that its entering or
leaving a domain, by preventing
passive wiretapping- data eavesdropping
active wiretapping- data change
traffic outside the firewall or internal
to the domain is not affected
Clarke, R. J (2000) L909-08:
29
Firewalls- Security
firewalls guard intranets and
extranets from an outside and
therefore untrusted network
they may also guard against parts of
the internal intranet from other parts
Clarke, R. J (2000) L909-08:
30
Firewalls- Security
(based on Lodin & Schuba 1998, 27)
LAN A and LAN B are parts of one organisations intranet
LAN A
d
a
b
c
Firewall
Outside
(untrusted)
Network
Firewall
LAN B
d’
e
Firewalls control communication to (a), from (b), or through outside network, although they
cannot control messages within the LANs or external connections through the outside network
Clarke, R. J (2000) L909-08:
31
Firewalls- Security
can protect material within the
domain- stored data, computational
resources, and communication
resources
can be guarded against unauthorised
access, browsing, leaking,
modification, insertion, and deletioncan protect against ‘denial of service
type’ hacks
Clarke, R. J (2000) L909-08:
32
Firewalls- Security
firewalls are generally applied to
Transmission Control
Protocol/Internet Protocol (TCP/IP)
communications which are used in
public Internet and private Intranets
controversies abound on the need
for firewalls- even if they are
deficient, they are a focus for
computer security policy
Clarke, R. J (2000) L909-08:
33
Firewalls- Security
security mechanisms employed by
firewalls correspond to layers in the Open
Systems Interconnection (OSI) model
OSI model views data communication in
terms of movement through a series of
layers (see L909-02.PPT)
1 Physical Layer; 2 Data Link Layer; 3 Network
Layer; 4 Transport Layer; 5 Session Layer; 6
Presentation Layer; 7 Application Layer
Clarke, R. J (2000) L909-08:
34
OSI Model
Intermediate Nodes
User Node
User
Actions
Terminal
Software
or ROM
Routines
Host User
Layer 7
AP
Layer 7
Layer 6
SP
Layer 6
Layer 5
SP
Layer 5
Layer 4
SP/P
Layer 4
Layer 3
Host
P
3
Layer 2
P
2
P
2
Layer 1
P
1
P
1
P
3
P
Layer 3
Protocols
Front-end processor
Front-end
or switching
Node
P
Layer 2
Front-end
Processor
P
Layer 1
Channel
Devices
Cluster Control Unit
Clarke, R. J (2000) L909-08:
35
Firewalls- Security
network address translation uses the
network layer
Layer 3: Network Layer: causes the
physical layer to transfer the frames
from node to node
all seven layers in the model may
employ cryptographic mechanisms
Clarke, R. J (2000) L909-08:
36
Firewalls- Security
packet filtering mechanism operates
primarily on network and transport
layers
Layer 4: Transport Layer: enables user
and host nodes to communicate with
each other; synchronizes fast- and
slow- speed equipment as well as
overburdened and idle units
Clarke, R. J (2000) L909-08:
37
Firewalls- Security
can impose overheads especially
performance limitations (delays) on
the throughput of the intranet
this is becoming less of a concern
due to speed improvements with
hardware (higher processing speeds)
and software optimisations
Clarke, R. J (2000) L909-08:
38
Firewalls- Security
specific operations supported by
firewalls include:
packet filtering- a router allows/denies
the passage of data after checking its
header and contents based on security
rules
network address translation (NAT)hides internal addresses and network
topology of the domain from outside
users
Clarke, R. J (2000) L909-08:
39
Firewalls- Security
circuit-level forwarding (low-level)- groups
packets into connections. Inbound and
outbound connections must connect to a
proxy process before it can proceed. The
proxy makes use of rules to determine
whether the connection should be made.
application-level forwarding (higher-level)firewalls can interpret data in packets in
accordance with protocols and security
rules
Clarke, R. J (2000) L909-08:
40
Firewalls- Security
crytographic mechanisms- enciphering
or deciphering of messages using a
secret code. There are many different
types of crypographic meachanisms
around.
Internet Engineering Task Force for the
IP security (IPsec) protocols
Clarke, R. J (2000) L909-08:
41
Web Applications
Clarke, R. J (2000) L909-08:
42
Web Applications
a number of companies are
implementing ‘mission-critical’ web
based applications
these applications generally utilise
databases
attempt at developing closer alliances
with customers, suppliers, partners, and
employees
Clarke, R. J (2000) L909-08:
43
Web Applications
sophisticated web applications must
support complex Internet/intranet
system configuration
systems level hardware/software, and
networking products must work
together
software elements: JAVA applets,
Microsoft Active X controls, CGI scripts,
SQL code
Clarke, R. J (2000) L909-08:
44
Web Applications
System Configuration: Logical View
Client Workstations
with Web Browsers
Production
Web Server
Application
Server
Firewall
Database
Server
Mainframe
Database
Development
Web Server
Clarke, R. J (2000) L909-08:
45
Web Applications
In terms of complexity, complex web
applications are therefore no
different to traditional systems
development projects
web-based application components
must be thoroughly tested to ensure
that they are reliable, defect-free, and
meets its original design purposes
Clarke, R. J (2000) L909-08:
46
Web Applications
Client-side Components
Standard Windows
GUI Objects
•display text
•images
•backgrounds
•control buttons
•edit fields
•list boxes
•radio buttons
•checkboxes
•cursor
•pull-down menus
•dialog boxes
•forms
Browser
Specific Objects
Special HTML
Extension Objects
•tables
•frames
Multimedia
Objects
Procedural Logic
(Client or Server)
•audio streams
•video streams
•VRML plug-ins
•Java Code
•Javascripts
•Active X controls
•procedural logic
coded with various
proprietary scripting
languages
Navigational
Objects
•text links
•image links
•image map links
NetObjects Support
Clarke, R. J (2000) L909-08:
47
Web Applications
Server-side Components
Firewall
•Prevents unauthorised
access to Intranet
•Implements security
policy and ‘stance’ for
Web Applications
Web Server
Production
•Serves HTML/XML
web pages
•runs CGI scripts to
provide added functions
to web applications
Development
•handles an internal
representation of pages
in a web application
Application
Server
Database
Server
Mainframe
Database
•provides special
purpose applications
necessary to support
a web application
•generally invoked by
passing a request
from a CGI script
•provides database
access for a web
application
•implemented using
SQL commands
•must support the
database needs of a
large number of
potential users
•Central repository for
all data in the
organisation
•Database Server
provides a view on
the necessary
subsets of this
central repository data
NetObjects Support
Clarke, R. J (2000) L909-08:
48
Client-side Testing
Clarke, R. J (2000) L909-08:
49
Client-side Testing
Browser & Desktop
Browser compatibility testing
application operates correctly and
consistently on different types of
browsers (see Reading #22, Berghel
1996)
Desktop configuration testing
verifies that the client-side operates
consistently on different client desktop
machines with different configurations
Clarke, R. J (2000) L909-08:
50
Client-side Testing
Usability & Documentation
Usability testing
user-centric design of the user interface
with multimedia elements, establish that
the user activity matches the users
business task flows
Documentation testing
verifies the accuracy, relevance, userfriendliness, and completeness of
written user guides and online help
Clarke, R. J (2000) L909-08:
51
Client-side Testing
Security
Security testing
verifies that the web application is
immune from unauthorised access
attempts
necessitates the regular determination
of the accuracy of the information on
the web site
determines that links have not been
modified
Clarke, R. J (2000) L909-08:
52
Client-side Testing
Browser & Desktop
Error message testing
proper handling of known error
conditions by the web application
Client load testing
verifies the scalability of the web
application client-side while under
different volumes of data
Clarke, R. J (2000) L909-08:
53
Client-side Testing
Portability & Applet Scripting
Cross-platform portability
verifies that the web application functional
behaviour is consistent across different
client platforms (eg. Windows, Mac, UNIX)
Applet/Script Testing
verifies applet/script behaviour of JAVA
applets, scripts, plug-ins, or Active X
components when downloaded and
executed client-side
Clarke, R. J (2000) L909-08:
54
Client-side Testing
GUI Testing
GUI Testing
verifies the overall functionality of the
Web Application with respect to its
Graphical User Interface environment
Clarke, R. J (2000) L909-08:
55
Server-side Testing
Clarke, R. J (2000) L909-08:
56
Server-Side Testing
Web-server Load testing
Network Load Testing
Application Server Testing
Database Server Load Testing
Clarke, R. J (2000) L909-08:
57
Web Site Maintenance
Link Verification
Clarke, R. J (2000) L909-08:
58
Web Site Maintenance
Link Types
web sites will have several link types
using NetObjects naming
conventions, web sites will have:
internal links that link pages in your site
to other pages in your site, or
external links that link pages in your
site to other web sites
Clarke, R. J (2000) L909-08:
59
Web Site Maintenance
Link Types
it is generally true that the same internal
links get used repeatedly, for example
links to home pages, and those used in
navigation bars
this is not true of external links- may be
used only once in the web site
even small web sites can have masses
of external links
Clarke, R. J (2000) L909-08:
60
Web Site Maintenance
Need for Link Verification
the resources referenced by external
links can be re/moved from the Internet
this leads to a bad link occurring in your
web site over which you have no control
fortunately, there are link verification
tools both freeware and commercial
which can automatically test links in your
web sites
Clarke, R. J (2000) L909-08:
61
Web Site Maintenance
Link Verification Tools
suitable characteristics for link
verification tools include:
should be able to check weblets (that is parts
of your website), not just the entire web
hierarchy
should be able to cope with the situation
where a valid URL points to a web site that is
temporarily down, unresponsive, or slow
ability to restart if interrupted
Clarke, R. J (2000) L909-08:
62
Further Reading
Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994)
Managing Internet Information Services Chapter 18: Setting Up a
Web Server, O’Reilly & Associates, Inc. 299-324
Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994)
Managing Internet Information Services Chapter 20: Web:
Gateways and Forms, O’Reilly & Associates, Inc. 357-380
Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994)
Managing Internet Information Services Chapter 21: Web:
Access Control and Security, O’Reilly & Associates, Inc. 381-390
Berghel, H. (1996) “HTML Compliance and the Return of the
Test Pattern” Communications of the ACM February 39 (2) 19-22
(Reading #22)
Clarke, R. J (2000) L909-08:
63
Luotonen, A. (1998) Web Proxy Servers Prentice Hall PTR Web
Infrastructure Series NJ: Prentice Hall PTR
Fournier, R. (1999) A Methodology for Client/Server and Web
Application Development Yourdon Press Computing Series, NJ:
Yourdon Press, Prentice Hall
Lodin, S. W. and C. L. Schuba (1998) “Firewalls fend off invasions
from the Net” IEEE Spectrum February 1998, 35 (2), 26- 34 (Reading
#24)
Oppliger, R. (1997) “Internet Security: Firewalls and Beyond”
Communications of the ACM May 40 (5) 92-102 (Reading #25)
Wood, D. (1998) “The Search for the Searcher: Use second-rate
search engine software and your users will avoid your Web site in
droves” Systems April 1998, 58-67 (Reading #26)
Clarke, R. J (2000) L909-08:
64
Anonymous (1998) “Serving from the baseline: APC Labs
checks out entry-level Web servers from small-to-medium
businesses” APC Magazine April 1998, 115-124 (Reading #27)
Schwartz, R. L. (1999) “Programming with Perl: Step-by Step
Link Verification” Web Techniques 4 (3) March 1999, 30-34
Yeager, N. J. & R. E. McGrath (1996) Web Server Technology:
The Advanced Guide for World Wide Web Information Providers
San Francisco, California: Morgan Kaufmann
Holden, G. and M. Keller (1999) Apache Server for Windows:
Little Black Book Arizona: Coriolis
Clarke, R. J (2000) L909-08:
65
Links
Web Techniques www.webtechniques.co
NewApps Software Archive http://www.newapps.com/appstopics/
Win_95_HTML_and_Link_Verification_Tools.html
Viable Software Alternatives- Alert LinkRunner http://viablesoftware.com/
Tetranet Software- LinkBot Pro
http://www.tetranetsoftware.com/products/linkbot.htm
Trellian- SiteMapper http://www.trellian.com/mapper/
Aman Software- CyberSpyder Link Test 2.1.5
http://www.cyberspyder.com/cslnkts1.html
Hausherr, Tilman- Xenu's Link Sleuth http://www.snafu.de/~tilman/xenulink.html
comp.lang.tcl Frequently Asked Questions (1998)
http://www.cis.ohio-state.edu/hypertext/faq/usenet/tcl-faq/part1/faq-doc-2.html
Clarke, R. J (2000) L909-08:
66
Bourne Shell (1994)
http://garfield.ir.ucf.edu/manual/aix/bourne.html
CGI Programming 101 (1997-1998)
http://lightsphere.com/dev/class/
Comprehensive Perl Archive Network (1998)
http://ftp.digital.com/pub/plan/perl/CPAN/CPAN.html
IPSec Online (1998)
http://www.data.com/tutorials/bullet_online.html
Clarke, R. J (2000) L909-08:
67