Containers: A sign components are growing up
- By Neil Ward-Dutton
Today's three main component standards, COM, CORBA and JavaBeans, are presently
evolving from specifications of component architectures to specifications of full
component runtime environments. There has been a lot of hype from vendors of "application
servers" (products that provide runtime services for server-side components, often
combined with Web integration) about how this evolution will help future-proof
applications by insulating developers from differences in underlying middleware
An important development waiting in the wings is the component "container,"
which automatically invokes components specified by developer policies. Such
containers should shield developers from component complexity.
Still, whether it is containers, components or component models, users must
often wonder whether vendors and standards bodies are really telling the truth
when they promote their offerings. Both EJB and the CORBA CCM can be described
as cross-platform standards, although EJB is Java-language-specific. Both EJB
and CORBA CCM are very much paper specifications today. The Microsoft COM standard
is ahead in terms of implementations, but it is best described as a single-platform
solution. All three of the specifications are undergoing repeated change, and
the key software vendors are still lining up decisively behind particular models.
Components are not very interesting in and of themselves. Because the componentware
concept was developed largely to aid in the creation of modular software, almost
all real-world instances of components will execute as part of a larger system.
Components must therefore be able to collaborate in order to perform the functions
of a larger software system.
Component architectures have emerged from two different technologies:
- Compound document frameworks, in which Microsoft technology battled against
technology from a consortium of Apple, IBM, Novell, Oracle, Taligent, WordPerfect
and Xerox. Both Microsoft's Object Linking and Embedding (OLE) and Component
Integration Labs' OpenDoc aimed to give users of office productivity software
the power to author "compound documents," while being able to use their favorite
tools to build individual document elements.
- Distributed object middleware in which, once again, Microsoft technology
battled against a consortium (the OMG). Both camps' middleware technologies
(DCOM and CORBA, respectively) required the use of Interface Definition Languages
(IDLs) to enable software written using different languages to communicate.
In both cases, IDL is used as a least-common-denominator translation mechanism.
All-important is the component architecture. This is the medium via which components
collaborate. It specifies how components represent themselves to each other and
to their execution environment, and it is the mechanism by which components can
communicate at runtime. Sorting through such architectures can be a complex task.
Microsoft's rather confusingly monikered Component Object Model (COM) was
the first component architecture to be used on a significant scale outside suppliers'
laboratories - it was originally released in 1994. COM now underpins all Microsoft's
"modern" 32-bit software - including its Office 97 desktop productivity suite,
Windows 95 and NT operating systems, and development tools.
COM defines a binary standard for the definition of component interfaces -
in other words, for each combination of operating system and hardware that Microsoft
supports, COM defines a standard memory layout for a COM interface. Part of
this standard is a specific set of supported data types (such as integers and
floating-point numbers) that can be passed as arguments of operations in component
interfaces. COM is not just a specification; it is implemented by Microsoft
on each of its operating system platforms.
A programmer can use any language - whether object-oriented or not - from
a long list to build COM components. Language independence is one of the main
reasons for COM's popularity thus far among the ISV community. COM developers
can now choose from a wide range of commodity development tools, and the production
of COM components within the tools is now frequently a painless process.
COM was originally positioned as a client-side component architecture that
underpinned small, GUI-centric components - and, at the time, this made a lot
of sense because Microsoft had no server platform. But through its simplicity,
and precisely because of all the things it does not specify, COM is suitable
for any environment and any type of component. It has emerged as a "lowest-common-denominator"
software layer that can underpin Microsoft runtime services in any context.
The OMG's CORBA
The Common Object Request Broker Architecture (CORBA) is a de jure Object
Request Broker standard, managed by the Object Management Group (OMG). Version
3.0 of the CORBA specification is now complete and has just been approved -
this new version includes (among other things) a component architecture.
CORBA specifies a language- and platform-independent distributed object architecture.
Importantly, the OMG does not provide an implementation of CORBA (unlike Microsoft's
COM) - just a set of specifications. It is up to vendors of CORBA-conformant
ORB products to define binary standards for component interfaces.
Like COM, CORBA is a language-independent distributed computing architecture.
But CORBA, unlike COM, supports abstract data types - which makes mappings of
CORBA IDL to languages like Ada, C and C++ more complete. The CORBA standard
identifies mappings of its IDL to the following programming languages: C, C++,
Smalltalk, Java, Ada and COBOL. Many development tools vendors (such as Borland,
Forté and Dynasty Technologies, to name a few) generate code that works
with CORBA-compliant ORBs.
Several possible rivals appeared in the years following Microsoft's release
of COM - the most promising being OpenDoc. But most recently, the JavaBeans
architecture, which forms a part of the overall Java platform, has emerged as
COM's main competition.
JavaBeans was originally positioned to provide largely GUI-centric functionality
to Java applets and applications - as evidence of this, we need look no further
than the early JavaBeans documentation from JavaSoft, which stressed the importance
of support for graphical layout facilities and for scripting environments in
a component architecture.
JavaBeans is defined as part of, and shipped along with, the newer versions
of the Java Development Kit (JDK) and Java Runtime Environment (JRE). The Java-
Beans runtime libraries run, like other Java code, inside the Java Virtual Machine
Since the JVM smooths out the differences between operating environments and
hardware platforms, JavaBeans does not have to provide a binary compatibility
specification - it is already provided "for free" by the JVM. And, since the
JVM only supports the Java language, there are no cross-language issues (such
as incompatibilities in data type support) to deal with.
The "killer app" for components
Slowly but surely, over the last two years, these standards have been augmented
to make them fit the "killer app" for components - server-side, component-based
applications that can bridge between all those tiresome legacy systems and the
Microsoft has been working on an enhanced version of COM called COM+, which
is a building block of its new Windows DNA 2000 server architecture; Sun has
produced the EJB specification (now on its second revision); and the OMG has
rubber-stamped Version 3.0 of the CORBA specification - which includes a server-side
CORBA component model specification (the CORBA "CCM").
To shed some light on why these developments are important, I will attempt
to answer two key questions:
Containers and components
- What benefits are these evolved component models promising?
- Which features and benefits do the models actually provide?
As middleware has become more sophisticated, and vendors and standards bodies
have developed and formalized more high-level runtime services (such as transaction
support, directory services and security services), middleware products have
become harder to program. Where application servers present basic component
architectures to developers, those developers have to code explicit calls to
high-level services - to start or commit a transaction, for example. In the
kind of sophisticated environment required to implement a multi-user, server-based
application, the array of programming interfaces that must be used can get pretty
Component "containers" hide the interfaces of runtime services from component
developers, and instead automatically invoke them using developer-specified
policies (see Fig. 1). Policies allow developers to specify the "quality of
service" they want provided to components at runtime. A policy might, for example,
state that a given component sends sensitive information and must also be placed
under transaction control, because its methods update data in a number of remote
databases. This policy directs the container to automatically invoke the application
server's security and transaction processing services as necessary.
There are significant promised benefits to the new "container-" based models.
The owners of the new specifications, and the software vendors who support them,
are talking about two important benefits - simpler development of multi-user,
server-based apps (which are pretty hard to build); and runtime environment
portability (where platform typically refers to a middleware product, rather
than an operating system).
COM+, CCM and EJB include container specifications that make it easier to
develop and deploy multi-user component-based apps. More ambitiously, container
"standards" are also touted as enabling developers to develop application components
separate from the app server to which they will be deployed. The theory is that
they will protect users against rocketing application usage demands (users can
buy a more powerful app server and leave the application unchanged) and vendor
Containers will make app servers much more easy to program than other, more
"traditional" middleware products. The theory that container "standards" will
allow users to "plug and play" with app servers is bogus, however. App server
vendors all provide proprietary runtime services (even where the CORBA spec
is strictly adhered to, vendors implement supersets of the standards). Most
users will want to use non-standard features, as they represent the true value-add
of application server products. Those non-standard features may be hidden by
containers, but other application servers may not support them.
Windows DNA 2000 and COM+
Most of Microsoft's server-side component infrastructure is being made available
to its customers as part of its new Windows 2000 operating environment. Because
the infrastructure is built to work with COM components, it is applicable to
code written in any tool or language that supports COM.
- Microsoft Transaction Server (MTS), which can manage distributed transactions
on behalf of COM components.
- Microsoft Message Queuing (MSMQ), a message-queuing product.
- Internet Information Server (IIS), which can be used as a front-end server
(enabling server-based COM components to be invoked via HTTP requests).
- A new In-Memory Database (IMDB), which improves database lookup and manipulation,
and allows components to store transient state somewhere "safe."
- Other services, including an event notification service, and a role-based
security service that allows developers to set authorization policies down
to the level of individual component methods.
- COM+, a container architecture that binds COM components to services provided
by all the elements listed above. Developers configure the COM+ container
using policies (called "declarative attributes" in COM+) attached to each
COM component at design time, and a COM+ compiler then generates associated
helper code to bind correct runtime elements together.
Unlike CORBA, Microsoft's infrastructure does not currently support container-managed
persistence, and so persistence management is left to developers. COM+ and the
associated Windows 2000 services support only one type of component: a type that
allows components to store transient state and have transient identifiers - a
type that is analogous to EJB's and CORBA's session components.
While Microsoft's container infrastructure may only be suited to one type
of component, and may not help with persistence management, it does supply developers
with a good set of choices as to how they can invoke server-based components.
Components can be invoked directly via COM RPC, or indirectly via IIS using
HTTP or via MSMQ (something that Microsoft calls "queued components" - a solution
that allows asynchronous communication between components). With COM+, COM components
can also communicate indirectly using the new event notification service.
The J2EE platform and EJB
Enterprise JavaBeans (EJB) is an extension of the JavaBeans specification
that aims to make Java components suitable for server-based application development.
The EJB specification has two main elements:
- A design-time element that specifies an extension of the JavaBeans component
model. EJBs are JavaBeans with extra capabilities. The architecture of the
component model lets EJB developers add capabilities (like transaction processing
support or persistence) to their beans without writing explicit service or
- A deployment-time element that specifies how beans are packaged and executed
at runtime by a server.
The Enterprise JavaBeans model specifies two types of bean:
- Sessions provide business logic services to a client. They are generally
not persistent - so while they may be transactional, they are not recoverable.
- Entities are representations of persistent data (typically from an RDBMS),
and are transactional and recoverable. Unfortunately, the current version
of the spec does not mandate the implementation of container-managed persistence;
individual middleware or app server vendors are therefore free to implement
this service in a proprietary fashion or not at all. Note: Sun does not yet
provide a generally available implementation of the EJB spec.
The CORBA components spec
The new CORBA CCM, formalized in the CORBA 3.0 specification, was submitted
by a group of vendors led by IBM, BEA, Oracle, Iona and Inprise - and from
Ovum's analysis of those vendors' own application server technology, has
its roots in some work that originally found its way into IBM's ComponentBroker
The CORBA CCM is a cross-language superset of Sun's EJB specification
- in fact, one of the key sections of the specification dictates how EJBs
should interact with CORBA components. The CORBA CCM specifies a number
of different container aspects that support, between them, four different
varieties of server-based components:
- Services, which are stateless components that have behavior, but no
identity - they are best suited to implementing simple command execution
components (for example, the "wrapping" of a legacy transaction).
- Sessions, which are transient components that have behavior, but only
need to take account of state for short periods of time, and do not need
to have persistent identifiers - they are best suited to implementing
things like shopping baskets within e-commerce applications.
- Processes, which are like sessions, but with persistent identities,
and the ability to store their state persistently.
- Entities, which have behavior, persistent state and a persistent entity
that is accessible to application developers via a primary key (just like
a row in a database table).
Processes' and entities' behavior can involve the execution of transactions
- and for both of these component types, transaction execution and persistence
can be delegated to the container or explicitly managed by programmers (if
they so desire).
Components are described using an extension to CORBA IDL called CIDL,
which allows developers to describe not only a component's interfaces, but
also the "policy" that will dictate how the component will be managed at
runtime. These descriptions are used by tools to generate all the "helper"
components that manage the interactions between application developers'
components and a CORBA CCM container.
In the CORBA CCM, components can present multiple interfaces; process
and entity components can also be "partitioned," with each component partition's
persistence being managed independently by the container. This feature is
aimed at enhancing efficiency: When a partitioned component is deployed
and a client requests a component operation, only the component partition
associated with the requested operation is brought into memory. Each component
partition is generated by a CCM-aware development tool as a separate "programming
artifact" - in an OOPL like C++, this corresponds to a class definition.
Some closing points
Component standards remain a moving target, and recent developments in
the component world bear watching.
Recent word that Sun was pulling bits of the Java environment out of the
European Computer Manufacturer's Association (ECMA) standardization process
do not enforce the perception that EJBs are fully an industry standard.
The retreat from standards on Java creator Sun's part will be a letdown
to a lot of people who were banking on the ECMA standard process for stability
of the Java - and EJB - platform. [See "Sun toys with free Forté,
closes door on ECMA," this issue, p.14.]
Meanwhile, indications are that the OMG CORBA Component Model will, over
time, look very much like the EJB model - at least the two will be engineered
to be very compatible. There had been a danger of CORBA users being left
out in the cold as EJB moved forward. CCM gives these people a well-defined
In fact, with the development of container technology, CCM may ease the
task of CORBA development, which until now required developers to become
familiar with a very extensive set of API calls, a very non-trivial task
to say the least. Container architectures hide the complexity inherent in
the underlying middleware system.
For its part, Microsoft has significantly enhanced its component story
of late. Specifically, the company's SOAP platform allows communication
between components using XML over HTTP. For some Internet apps, this will
be preferable to the original COM component model that, at heart, utilizes
an RPC mechanism. XML over HTTP could be a very powerful solution, vastly
speeding the development of third-party component markets, as components
built in Visual Basic, for example, can be accessed over the Internet.
Neil Ward-Dutton is a senior analyst at London-based research firm Ovum.
He specializes in application development, middleware and systems management
Comparing The Models
what we know about these three models for server-side component development
and deployment, which is best?
The table below sets out a few preliminary measures by which it
is worth examining the models as they stand today. The first and second
rows ("component types supported" and "container-managed services")
together provide a measure of how flexible the model is: We can see
from the table that a software product or suite supporting the whole
of the CORBA CCM specification will be able to host quite a wide range
of application functionality - whereas the benefits of COM+ are only
really applicable to a much smaller functionality set. Microsoft's
model has the advantage that an implementation exists; however, both
EJB and the CORBA CCM are paper specifications only.
Unfortunately, we are still in the early days of component models
- all three of the specifications are continually enduring alterations.
Because of the historical animosity between the proponents of the
different models, the positioning of the models and the marketing
of the products that support them will be driven not only by a desire
to serve customers' requirements, but also by political maneuvering.
The CORBA CCM specification seems to present by far the most inclusive,
flexible server-side component model of the three; but until now,
the EJB specification has received the most attention from tools and
middleware vendors - partially because, until recently, it has been
the only alternative to Microsoft's model. However, EJB cannot really
be called a serious standard today; because of various holes and the
lack of a compliance suite, the vendors implementing the specification
are free to implement some critical services in quite proprietary
- Neil Ward-Dutton