In-Depth
A Corba, DCOM primer
- By Imran Sayeed
- June 26, 2001
You have probably seen more than a dozen articles, seminars and presentations about
the Object Management Group's Common Object Request Broker Architecture (Corba) and Microsoft's Component Model
(COM) Object Model (COM).Unlike previous literature on this subject, however, this article does not compare the
technologies in isolation or discuss the relative merits of interface versus implementation inheritance. Rather,
it focuses on how Corba and Distributed COM (DCOM) provide a solution for developing large-scale, business-critical
applications, and how they assist in the deployment of these applications within the intranet, over an extranet,
across the Internet or simply with a Web front end.
For the purposes of this article, we must first define what is meant by a "large-scale, business-critical
application." Simply stated, any application that implements a critical business process within an organization
-- and as such, directly impacts that organization's bottom line -- is a business-critical application. Typical
examples include the mortgage processing system at a mortgage lender, the claims verification system at an insurance
company, or the inventory management system at a manufacturing plant. Effective, business-critical applications
must also exhibit at least a
majority of the following features:
Scalability: The ability to easily and quickly accommodate an increase in services, whether the increased
demand is due to a tenfold increase in users, a twenty-fold increase in user data, or a hundred-fold increase in
distance from users.
Reliability: The application needs to be available 24x7, which requires fault-tolerant features such
as sophisticated error-handling and recovery, automated restarting upon improper termination, as well as automated
failover to replicas in the event of catastrophic failure.
Security: Since business-critical applications handle company-sensitive information, they need to be
able to authenticate the identity of users, control user access
to particular operations, provide irrefutable evidence of their involvement in a transaction (non-repudiation),
and prevent eavesdropping or tampering with any of the above.
Manageability: Like anything in life, you need to take good care of an application if you want it to
perform optimally for as long as it is needed. This becomes much easier if the application is inherently manageable:
i.e., it can be centrally configured and administered from a system management console, can provide usage and statistical
information that can be used for auditing and performance tuning, and it can support versioning and revision control.
Before looking at how DCOM and Corba assist with the above requirements, it is important to understand each
of these technologies. Since there are numerous books and Web sites that do a good job explaining both DCOM and
Corba, this article will only summarize the key points of each architecture.
COM and Corba both provide a framework for creating and using components that can interface with each other
-- as well as with other applications, libraries, system software and networks -- in a standard, well-defined manner.
While Corba was designed from the ground up to support components that could exist anywhere on the network, the
original implementation of COM ran on a single system. Distributed COM added the ability for COM components to
interface across the network, using a remote procedure call (RPC) based on The Open Group's Distributed Computing
Environment (DCE).
Corba generally uses the Internet Inter-ORB Protocol (IIOP) for communication between components, although it
is possible to use the DCE RPC for this purpose. An essential part of both frameworks is the "value-added"
services -- naming, security, persistence and data access, events and transactions -- they provide to components.
Finally, while DCOM is a Microsoft technology that exists as a single implementation, Corba was defined by a consortium
of vendors called the Object Management Group, many of whom have their own implementations of Corba and its associated
services.
Support for business-critical applications
DCOM and its associated value-added services, including Microsoft Transaction Server (MTS), Microsoft Message
Queue Server (MSMQ), Microsoft Cluster Server (MCS) and Microsoft Management Console (MMC), provide a set of products,
libraries and SDKs for developing business-critical applications. The following section examines in detail how
scalability, reliability, security and manageability are supported:
Scalability: Microsoft Transaction Server provides a set of DCOM interfaces and libraries that allow
applications to easily scale as the number of users and user data increase. MTS provides automated thread management,
which allows individual components to spawn multiple threads to handle increased demand without requiring developers
to write tedious thread code. It also offers resource pooling and database connection multiplexing to more efficiently
distribute user and data load across multiple replicated application components. This load balancing is limited
to a single machine.
DCOM, however, does not provide a centralized naming service. This essential component of a scalable architecture
lets users locate a particular application or component no matter where it resides in the enterprise. This allows
the application to handle an increasing number of geographically dispersed users.
With NT 5.0, currently in beta, DCOM will gain the Active Directory Service Interface (ADSI), which allows components
to seamlessly use a variety of existing naming services such as NetWare Directory Service (NDS), Lightweight Directory
Access Protocol (LDAP) or even the Windows registry.
Reliability: Microsoft Message Queue Server, Microsoft Cluster Server and MTS all help develop and maintain
reliable applications. MSMQ allows applications to use reliable message queues for communication, thus providing
features such as guaranteed delivery of object requests and disconnected operation. This means that even if the
application server machine or network were to become temporarily unavailable, the object requests and operations
would resume after recovery.
MTS allows applications to use distributed transactions to reliably update data across disparate data stores,
while MCS automatically restarts applications and provides automated failover between server machines.
While Microsoft Transaction Server is now in its second version, both MSMQ and MCS are new technologies that
have yet to be "battle-tested."
Security: NT LAN Manager (NTLM) and Microsoft Transaction Server authenticate users and authorize checking
via access control lists (ACLs). The MS Crypto API provides data encryption and integrity to prevent eavesdropping
and tampering, while the Authenticode SDK uses digital signatures to provide non-repudiation. The challenge is
to get all of these pieces working together in a single solution.
Manageability: Microsoft Management Console provides a unified graphical user interface (GUI) for managing
Microsoft Transaction Server- and MSMQ-based components. Features include centralized configuration and administration,
as well as remote deployment of components. Microsoft Transaction Server gathers various statistics about applications
under its control, including transactional outcome, mean time between object requests and overall activity level.
This information can then be viewed in the Microsoft Management Console. However, the Microsoft Management Console
is a brand-new tool; as such, its usability beyond the departmental level is questionable at this time.
While DCOM provides a rich set of tools and technologies for implementing the above requirements, there are
two significant drawbacks to the technology. First, it is essentially a Wintel-only solution; even though DCOM
is available on Unix from Software AG, the technology is at least one revision behind the Wintel release and does
not offer key pieces such as Microsoft Transaction Server, MSMQ and Microsoft Message Queue. Second, many of the
tools are very new and are still maturing in the enterprise space.
The value-added services provided by Corba are collectively known as Corba Services. Currently defined services
in Corba 2.0 include Naming, Events, Life Cycle, Persistence, Relationship, Externalization, Transaction, Concurrency,
Property, Licensing, Time, Trader and Security. Of these, Naming, Events, Transaction, Trader, Security, Life Cycle,
Concurrency and Externalization services are currently available from the major Corba vendors, including Iona,
Borland/Visigenic (now known as Inprise), Expersoft and IBM. The section below details how these services, in conjunction
with the Corba runtime, assist with scalability, reliability, manageability and security.
Scalability: The Object Activation Daemon (OAD) and the Implementation Repository (IR), both part of
the Corba runtime, allow efficient use of resources by only instantiating objects when required. The centralized
Naming service provides location independence for applications and their users, while the Trader service allows
more sophisticated component searches by providing a "Yellow Pages"-like model for registration. Static
load-balancing among multiple replicas of an application is available via the Naming service.
Reliability is provided through the Transaction service, which supports an Open Group Distributed Transaction
Processing (DTP)-compliant model for distributed transactions. While some of the implementations, such as Visigenic's
ITS are new, others, such as Iona's OTM and Visigenic's TPBroker, are based on industry-proven transaction processing
monitors from Transarc and Hitachi. Proprietary extensions to Corba from vendors such as Visigenic and Expersoft
provide failover support for both application servers and server platforms.
Security: Corba defines two security levels: Level 1 and Level 2. Level 1 allows an application that
is unaware of security to participate in a secure domain. It provides user authentication, authorization via ACLs,
data encryption and integrity, and optional non-repudiation.
Level 2 requires applications to be security-aware, thus enforcing stronger versions of the above security policies.
Some Corba vendors, such as Iona and Visigenic, have provided a Secure Socket Layer (SSL) implementation of
IIOP, called Level 0, that allows user authentication and data encryption. Level 1 implementations are currently
available from Iona and IBM, and are based on DCE security. There are no Level 2 implementations currently available.
Manageability: Both Visigenic and Iona have sophisticated tools for centrally configuring and administering
Corba applications. Iona also allows Corba applications to
be centrally managed from any SNMP-compliant system management console, such as OpenView and BMC Patrol. The Transaction
service collects various usage statistics -- such as transactional outcome, mean time between requests and maximum
load per component -- that can be used for performance tuning, and provides extensive logging and auditing features.
While Corba's main strength is allowing developers to use best-of-breed services from different vendors, this
capability is also its biggest weakness. It is very difficult, if not impossible, for example, to get one vendor's
security implementation to work with another transaction service. Since no vendor has a complete solution for addressing
the above requirements, integration issues are introduced when Corba is used to build business-critical applications.
Support for Web applications
But what services do DCOM and Corba provide when applications need to be deployed on the Web, within the intranet,
across an extranet or over the Internet?
Web-based means that the front end or presentation layer of the application is the Web browser. It does not
necessarily mean that the application is deployed over the Internet. Many companies are starting to develop even
LAN or intranet applications with a browser interface because it provides a simplified universal front end and
ease of deployment. Typically, the front is developed using either regular HTML, or if it needs to be more sophisticated,
using either JavaScript/Java or ActiveX. In either case, it is downloaded from the Web server and subsequently
communicates with the application server using HTTP, IIOP or DCOM.
Over and above the requirements for all business-critical applications, Web-based applications should be able
to run in both Internet Explorer and Netscape Navigator -- on all major platforms. This is an important feature,
because one of the main reasons for choosing a Web front end is its universal availability. It should also be quickly
and easily downloadable from the Web server, without any complicated client-side installs. Finally, the application
needs to be well integrated with other browser components such as forms and frames, and, if HTTP-based, with Web
server components such as call-out facilities.
When developing Web applications, DCOM front ends in the form of ActiveX controls can run within Internet Explorer
and, via a plug-in, within Netscape Navigator. Although the ActiveX controls can work on both Wintel and Unix platforms,
they are platform-specific binaries, which means that different binaries are needed for each platform.
ActiveX controls can be packaged into compressed cabinet files for quicker downloads or installed seamlessly
into the browser without user intervention. In addition, DCOM is available natively on all Wintel platforms, so
that regardless of which browser is used, the application does not have to download the runtime services.
Furthermore, Microsoft's Active Server Page technology allows the seamless integration of both HTML and ActiveX
clients with DCOM application servers. It also allows DCOM services such as Microsoft Transaction Server and MSMQ
to be used with Web-based applications.
Several vendors have developed a 100% pure Java implementation of the Corba runtime and services. This means
that Java-based front ends to Corba applications can work on all major browsers and platforms.
Because Netscape Navigator is bundled with the Corba runtime, front ends deployed using Netscape can be downloaded
faster since they do not have to download the runtime. In addition, Corba services are available as compressed
Java archive or Microsoft cabinet files for quicker downloads from the Web server.
The Netscape Enterprise Server provides the Web Application Interface, which allows HTTP-based clients to communicate
with Corba application servers.
Support for Internet/extranets
Business-critical applications that need to work across the public Internet or the semi-public extranet have
several unique characteristics: They are typically deployed across great distances and often through several firewalls;
and they can have either a Web browser interface or a typical client/server GUI. Yet despite the interface used,
both Internet and extranet applications share the key requirements of "bullet-proof" security and firewall
support.
Business-critical transactions executed over the Internet require additional security measures to ensure accuracy,
confidentiality and credibility. These measures include: support for a public-key security infrastructure, such
as SSL, which is able to deal with the unpredictable and anonymous nature of Internet users better than a traditional
private-key system such as Kerberos; two-step verification of the user's identity, based on both a password and
a physical token such as a smart card (often called two-factor authentication); digital notarization of important
transactions via a third party to ensure accuracy and timeliness; and integration of the Internet-specific security
with the existing enterprise security infrastructure to ensure seamless, end-to-end security.
Most major corporations have a fairly elaborate firewall system in place to prevent unauthorized access to their
intranet. Yet for those applications that need access to services inside the intranet this poses a challenge --
many administrators are loathe to open special "holes" in their firewalls for business applications.
A successful Internet-based application should be able to navigate its own firm's firewall to call out to external
business objects, as well as other firms' firewalls in order to invoke their internal business objects.
DCOM currently provides two-factor authentication and Remote Data Service (RDS) support for Internet/extranet
applications. Two-factor authentication is supported through public certificate and smart cards. Currently, there
is limited support for SSL and its integration with NTLM security; however, this will be expanded to include SSL-to-Kerberos
integration in NT 5.0.
Remote Data Service allows data access requests across the Internet to be tunneled through HTTP to allow firewall
traversal. Full DCOM support for firewalls, in the form of HTTP tunneling, is planned for
later this year.
Several Corba vendors support both SSL and two-factor authentication in their implementation, although these
features are still immature. Some, such as Iona and IBM, allow integration of their security solutions with existing
DCE, Kerberos and RACF security.
Both Iona and Visigenic allow HTTP tunneling of Corba object invocations to traverse any firewall, albeit with
an associated performance penalty. Iona also provides an IIOP-aware firewall extension called Wonderwall, which
can monitor and control both incoming and outgoing Corba traffic. While these features are currently proprietary,
they are being standardized for Version 3.0 of the Corba specification due later this year.
Support for intranet apps
Intranet or client/server applications are optimized for use within an organization, have higher network bandwidth
and little or no firewall restrictions. These types of applications can therefore be built with more sophisticated
front ends, both in terms of user interface and functionality. User-interface requirements include rich graphics
support and the ability to integrate the application with popular desktop tools such as Microsoft Office and Visual
Basic. Sophisticated functional requirements might include local object caching and persistence, as well as a publish/subscribe
capability.
DCOM applications can be built with sophisticated user interface and functional features. For example, every
major development environment on Wintel supports the rapid development of graphical DCOM applications. There are
also thousands of ActiveX controls available, either for free or for a nominal charge, that provide additional
charting, graphing or industry-specific features. And because every popular desktop tool natively supports ActiveX,
it is easy to integrate DCOM applications with these tools.
Furthermore, OLE DB and its associated Active Data Objects allow DCOM applications to support persistence, while
MSMQ provides publish/subscribe capabilities.
On the other hand, Corba applications can be integrated with desktop tools using a COM/Corba bridge available
from several Corba vendors. Corba services such as Event and Persistence can also be used to add publish/subscribe
and persistence features to an intranet application.
Integrating DCOM and Corba to support real-world applications
After describing the different ways of deploying business-critical applications and the associated support available
from DCOM and Corba, what are the most common deployment scenarios in the real world? Not surprisingly, the answer
is a combination of the above. Typical real-world applications often have a Web interface to either an intranet
or an Internet/extranet application. Equally pervasive are client/server applications with a GUI front end. Less
in demand are Internet/extranet applications with a non-Web front end. Yet neither technology provides a complete
solution. However, if the subset each provides is inadequate for the required application, it is possible to integrate
the two and thus get the best of both worlds.
There are two ways in which an application developer might want to integrate DCOM and Corba. The first type
of integration is useful for intranet or client/server applications. It involves building the application front
end using DCOM/ActiveX and then integrating it with the back-end Corba application servers using a COM/ Corba bridge.
By using ActiveX for the front end, the application has access to the rich intranet capabilities of DCOM, such
as rich GUI controls and integration with popular desktop tools. By using Corba servers, the application can be
deployed across heterogeneous platforms, allowing it to scale more easily using Corba's centralized Naming service.
The second type of integration is useful for Web-based, Internet/extranet applications. A Corba-based front
end is a 100% pure Java applet that communicates via HTTP-tunneled IIOP with back-end DCOM application servers
typically deployed within Microsoft Transaction Server. The routing mechanism that allows the Corba applet to communicate
with the MTS servers could either be a bidirectional COM/Corba bridge or a custom solution. This integration architecture
allows the 100% pure Java applet to run in any Web browser on any platform, a major requirement for Web applications.
In addition, the Java applet can use SSL security and HTTP tunneling to access application servers through firewalls,
thus allowing it to address major Internet requirements. At the same time, the application utilizes DCOM and Microsoft
Transaction Server for its servers, thereby leveraging the manageability, transaction and thread support of Microsoft
Transaction Server.
DCOM and Corba both provide a solid infrastructure on which to build business-critical applications. While neither
one offers a complete solution today for building every kind of business-critical application, there are scenarios
in which each excels over the other. Which one you choose to use in your organization's environment or whether
or not you decide to integrate them will ultimately be dictated by how you plan to deploy business-critical applications,
and by how important each of their associated requirements are to your company's system.