Cisco and Microsoft E-Commerce Framework Architecture
On This Page
Overview
Objective
To compete in today's Internet Economy, companies must provide e-commerce sites that are highly available, scalable, and secure. These sites must also be deployed quickly, which is no easy task. However, these are the challenges faced by businesses today in deploying their e-commerce architectures.
To address these challenges, Cisco Systems and Microsoft Corporation have teamed up to create this E-Commerce Framework Architecture. The architecture provides customers an end-to-end solution for the development and deployment of their e-commerce sites. The architecture was fully tested in a joint lab and focuses on delivering the three key requirements for an e-commerce site: high availability, scalability, and security.
The goal of this document is to communicate best practices and test results achieved by Cisco and Microsoft engineers in the collaboration effort. The document shares network configuration recommendations and test results using available Microsoft and Cisco products. The intent of this document is for customers to use this information to replicate and facilitate their own e-commerce deployment efforts.
Audience
This document is intended for technical readers, including network managers, e-commerce architects, Web developers, and application developers.
The Solution
A successful e-commerce architecture requires a merged approach combining expertise from both the network and application development camps. Experience has proven that keeping network operations and application development as separate disciplines does not work. Too often, the network architecture deployed has not been designed to maximize the value of the applications. This results in slow response times or system downtime that may directly result in lost sales, lost profits, and lost customers.
Cisco and Microsoft have teamed together to define a framework architecture for building e-commerce sites that combines the best practices from the worlds of network operations and application development into a single solution. The E-Commerce Framework Architecture takes an end-to-end approach to developing an e-commerce site. This document:
| • | Provides an overview of high availability, scalability and security service requirements |
| • | Details the base components, system configuration, and hardware platform used in the architecture |
| • | Recommends network configuration designs and explains single- and multisite e-commerce architectures |
| • | Documents laboratory test results |
Test Environment
The scope of the joint Cisco and Microsoft collaboration effort was to design an e-commerce framework that was highly available, scalable, and secure, and test it in a lab environment. Technical engineers from both companies, who have helped build and deploy successful e-commerce sites, collaborated on the best ways to combine each company's products to achieve the optimal benefits from an e-commerce site.
The engineers used Duwamish Books {See Appendix – Microsoft Reference for further information}, a sample Microsoft sales and inventory application, to test design concepts and deployed it over a Cisco network architecture. Duwamish Books represents a fictional company that sells its books via an e-commerce site. The Duwamish Books e-commerce site was scaled to simulate thousands of concurrent users.
The entire network configuration was tested on shipping Cisco and Microsoft products. The Cisco products tested included:
| • | Cisco DistributedDirector |
| • | Cisco IOS®-Powered Edge Router |
| • | Cisco Cache Engine |
| • | Cisco Catalyst® Multilayer Switch |
| • | Cisco LocalDirector |
| • | Cisco Secure PIX™ Firewall |
The Microsoft products tested included:
| • | Microsoft Windows® 2000 Advanced Server |
| • | Microsoft Internet Information Services 5.0 |
| • | Microsoft SQL Server™ 7.0 |
The architecture hardware platform consisted of Compaq ProLiant servers on the front-end and back-end network. Compaq DeskPro PCs were used as test machines. The Compaq servers and PCs included Intel Pentium 500MHz processors.
Results
The E-commerce Framework Architecture laboratory focused on tests targeted specifically at high availability, scalability, and security. Test results were within Cisco and Microsoft service requirements in all areas. Not only did the architecture scale as new hardware was added but it remained secure and reliant during the battery of tests conducted. This document contains a complete review of the test results.
Conclusion
The E-Commerce Framework Architecture assists customers in expediting their e-business deployment efforts while reducing network and configuration design time. This paper documents for customers the collaborative work of Microsoft and Cisco Systems to integrate and design a highly available, scalable, and secure Internet site combining the technologies and products of both companies. Customers may benefit from this joint learning and best practices of this endeavor.
The E-Commerce Framework Architecture is based on real world customer examples and has been validated in a laboratory environment. The configuration test results are included in the document. The work detailed in this document provides a solid framework for Web site design and, as new technologies and products emerge, the best practices referenced in this document remain sound guidance for designing a powerful e-commerce solution.
As Internet industry leaders, Microsoft and Cisco have extensive experience in building e-commerce infrastructures. Both companies will continue working together to address future e-business and customer requirements.
Introduction
To create the Cisco and Microsoft E-Commerce Framework Architecture, four main criteria were used to provide direction for the design chosen. Design considerations included:
| • | Representation of baseline design which can be customized as required |
| • | Ease of replication and deployment by customers and partners |
| • | Use of proven products and services from both Cisco and Microsoft |
| • | Leveraging of e-commerce experiences of Cisco and Microsoft |
It was important to provide a baseline solution that could be easily understood and replicated by customers, as well as the Cisco and Microsoft partners and integrators. The products and services that are featured in this e-commerce infrastructure comprise proven products that are readily available and tested, and reference new products that were not available during the testing stage. Although both Cisco and Microsoft constantly release new products, building the baseline design using products and services with a customer-proven track record minimizes risk. The baseline design can readily be upgraded with new technology offerings as they become available. Finally, both Cisco and Microsoft have vast experience in e-commerce design and deployments. The e-commerce infrastructure presented here represents a combination of the best practices from both partners.
E-Commerce Service Requirements
To deploy a successful e-commerce implementation, you must address three key characteristics: high availability, scalability, and security. A solid e-commerce solution can only be achieved through an architecture that meets these requirements across the network, Web applications, database, and server operating system.
Figure 1: E-Commerce Service Requirements
High Availability
High availability is the ability to provide continuous access to e-commerce services for your customers. To deliver these e-commerce services successfully, high availability must be maximized across all layers of an infrastructure to include session and service availability. Session availability is the ability of the infrastructure to maintain the state of a network session in the event of a failure. Service availability is the ongoing ability of users to connect to an e-commerce service in the event of a failure.
A highly available e-commerce infrastructure begins with the right network design. The right network design ensures that failures do not impact the high availability of the overall system. Designing for high availability includes the elimination of any single point of failure by providing redundant network devices and network paths. Then, in the event of a failure, the network must be able to respond quickly by routing around the failed device. In addition, wherever necessary, devices need to provide the stateful failover to a standby unit. This ensures that certain application sessions, such as commerce transactions, do not time out and cause user sessions to be lost.
For additional levels of high availability, you can build a remote site that offers e-commerce services geographically and acts as a backup by taking advantage of geographic load balancing. These solutions vary depending on the degree of transactions desired from the remote location.
High availability can also be achieved at the operating system, system services, and application code layers through a mixture of server redundancy and failover. Within an e-commerce site, server redundancy means that multiple servers are available to process a request. For example, a Web page could be served from any one of the multiple Web servers in the farm. The concept of failover is that a feature is implemented via a specific process; if that process fails then an alternate process automatically steps in and takes over. For example, a database server implements failover to another database server.
Scalability
One of the most common mistakes e-commerce sites make is to underestimate their scaling requirements. This is because scalability is often associated only with performance enhancements such as increased CPU speed, increased network bandwidth, and so forth. However, support for a large number of simultaneous user sessions and commerce transactions must be considered. This means that scalability must be addressed across all facets of an e-commerce infrastructure, including Web applications, databases, server operating systems, and the network.
Estimating scalability requirements can be very difficult. For example, Forrester Research analyzed the growth of 50 e-commerce sites in 1999. The results in their report showed that the growth of these sites varied from 0 to 400 percent. Managing the scalability of an e-commerce site that is growing by 400 percent is not easy. The key is to identify any scalability problems within an e-commerce site and address them as quickly as possible.
Scaling an e-commerce site can be achieved by either scaling up with bigger servers or scaling out with more servers. Scaling up is when a single server is made larger through the addition of processors, memory, disk storage, and so forth. Scaling up requires an operating system, system services, and application code that can use the additional hardware. E-commerce sites can scale up their Web, application, and data servers to increase the number of requests that a site can process. Scaling out is when multiple servers function as a single logic unit or "farm". Scaling out also achieves the desired result of increasing the number of requests that a site can process. As with scaling up, scaling out can be done on any of the logical site layers. E-commerce sites should be positioned to take advantage of both scaling up and scaling out.
When does an e-commerce site scale up versus scale out? In the past, sites typically scaled up their data servers and scaled out their Web servers. The pros and cons of scaling up versus scaling out are generally opposites. For example, the cost associated with scaling up is usually more than the cost associated with scaling out. Likewise, scaling out data servers is more complex than scaling out Web servers, but managing a scaled-out farm is more complex than managing a single server. Finally, scaling up takes advantage of increased hardware capability while the multiple servers in a scale-out solution provide redundancy, which means higher availability. Today's solutions offer e-commerce sites the ability to mix scaling up and scaling out across their Web, application, and data servers. Sites should engineer for the virtually limitless capabilities of scaling out while maximizing the benefits of scaling up. This supports a "pay as you grow" approach to expanding the technology as opposed to a "grow into what you've bought" approach. The result is smaller initial software and hardware investments, which can be expanded as the business grows, and support for the key e-commerce strategies of speed-to-market and lower initial investment.
And finally, an e-commerce site can achieve infrastructure scalability by taking advantage of certain networking products. For example, a networking infrastructure can scale Web servers through the use of server load-balancing products. Server load-balancing products intelligently distribute user requests among a group of servers to maximize server usage. You can also take advantage of content caching to offload user requests for static content from Web servers. This helps accelerate content delivery to the end user and allows servers to focus on more interactive sessions.
Security
Overall, strong security is a major consideration for the e-commerce network infrastructure. Because the nature of an e-commerce network is to conduct financial transactions, it becomes a likely target for malicious activity originating from the Internet community at large. However, the security solution chosen should be based on the nature of the e-commerce business being conducted, the comfort level of the IT organization, and the understanding of associated risks with each degree of security implementation. The security components of an e-commerce solution include five key elements:
| • | Perimeter Security - Protects against malicious activity |
| • | Identity Security - Provides user authentication services |
| • | Data Integrity and Privacy - Ensures confidentiality of data through encryption |
| • | Firewall Security - Provides stateful security services |
| • | Security Monitoring - Recognizes vulnerabilities and detects and reacts to intruders |
Perimeter security provides the first line of defense for an e-commerce network. This security is easily achieved through the use of an edge router or firewall on the network. Security services can be established on the edge router or firewall to protect against malicious activity and only permit valid traffic onto the e-commerce network. For example, an edge router or firewall can be configured to permit only valid Web traffic.
For identity security, authentication is the first task in every request, even if it equates to anonymous or public users. Authentication identifies who is making the request and is the basis of authorization, which controls what content and services a request can gain access to. Authentication can occur through various levels of security, from simple user ID and password combinations to highly encrypted certifications. Security levels can also be intermixed.
To increase data integrity and privacy, e-commerce sites should support Secure Sockets Layer (SSL) connections. SSL can be implemented at the software layer or hardware acceleration cards and can be used to offload processing from the server CPUs.
Firewall security is used in areas of the e-commerce network where stateful security services are required. This is typically in front of database servers that contain confidential customer information to ensure that the integrity of the data is not compromised. Stateful security services track the state of every user session and terminate the connection at the end of the session.
And finally, every e-commerce should include a certain degree of security monitoring. Security monitoring provides the ability to scan your e-commerce infrastructure routinely, detect any potential security holes, and report them to be corrected. Security monitoring also provides the ability to spot an attack in progress, generate an alert, and stop the attack.
E-Commerce Network Building Blocks
A user executing a transaction creates many network connections within an e-commerce site. These connections pass through a series of devices that define the building blocks of the E-Commerce Framework Architecture, as shown in Figure 2. Each of these devices provides different services that are necessary to make an e-commerce site successful. This section provides an overview of the different devices in an e-commerce architecture and the services they offer.
Geographic Load Balancer
A geographic load balancer is used when an e-commerce site is expanded to include geographically distributed sites. A geographic load balancer directs connection requests from clients to the e-commerce site with the closest proximity based on information about the network topology. This helps improve the response times of e-commerce applications as seen by end users, especially when the geographic e-commerce sites are widely distributed.
The use of a geographic load balancer provides scalability to multiple sites, and delivers a high degree of availability by monitoring the state of each distributed e-commerce site. If a site is rendered inoperable, the geographic load balancer stops directing new client connections to the failed site.
Site architects must be ready to handle the complexities of content replication under a geographically load-balanced solution. There will be a delay between when content is originally modified and when it is consistent across all sites. The solution is relatively simple if the business model allows for the sites to continue running during this inconsistency. However, if the business model requires all sites to function only when all content is consistent then some kind of staging and synchronization solution must be implemented.
Edge Router
Edge routers are located at the perimeter of an e-commerce network and provide several functions. Edge routers connect an e-commerce site to the Internet and advertise the site's reachability. Through the use of exterior routing protocols, such as the Border Gateway Protocol (BGP), edge routers propagate the IP addresses used in the front end of the e-commerce network to the Internet community. If redundant connections to Internet service providers (ISPs) exist, the BGP protocol allows for load distribution across multiple Internet connections and failover across such connections.
Edge routers also provide preliminary security services. Through the use of packet filtering or extended access control lists (ACLs), the edge routers can block any unwanted traffic and permit only desired traffic onto the e-commerce network. For example, filters can be applied on edge routers to allow only HTTP Web traffic, SSL traffic, and Domain Name System (DNS) traffic into the network. Filters can also be applied to block traffic with invalid user source addresses that are indicative of a possible malicious attack. For additional security services, edge routers can also provide stateful filtering, which tracks the state of every network connection and terminates them as necessary.
Content Caching
Content caching devices provide accelerated services to e-commerce users by augmenting the capacity of the front-end Web servers to handle client connections. Content caching devices sit in front of Web servers and handle user requests for static content. This solution is very effective in environments that have a high degree of static Web content. The static content includes graphics, text, and toolbars.
In a content caching environment, user Web requests are forwarded to the caching devices. If the content being requested is cacheable, the caching device fills the request and stores a local copy of the content for future requests. Future requests for the same content from the caching device are fulfilled directly. When caching devices fulfill user requests with local content, they offload traffic from the Web servers. This helps improve content download times and increases Web server capacity for more interactive sessions.
Multilayer Switch
Multilayer switches provide the core network switching of an e-commerce site, including the connectivity of Web, application. and database servers. Thus they need to deliver high-performance Layer 2 and Layer 3 switching while supporting services that meet the requirements for availability, scalability, and security in an e-commerce environment.
For example, multilayer switches must support high-speed interfaces, redundant power supplies, quality-of-service (QoS)services, virtual local-area networks (VLANs) high port density, and rapid fault recovery. Plus, the switches must be able to carry a large number of user connections while providing Layer 3 forwarding at millions of packets per second (pps). This ensures that the switch is not a performance bottleneck in the e-commerce network architecture.
Server Load Balancer
Server load balancers help increase the scalability of an e-commerce site. Server load balancing works by distributing user requests among a group of servers that appear as single virtual server to the end user. Its main function is to forward user traffic to the most available or the "best" server that can provide a response to the user. Server load balancers use sophisticated mechanisms to detect the best server. These mechanisms include finding the server with the least connections, the least load, or the fastest response times. They can also detect failed servers and automatically redirect users to the active servers. Ultimately, server load balancing helps maximize the use of servers and improves the response times to end users.
Web Servers
Web servers host the actual site content that clients see on their Web browsers. Web servers generate the presentation services. Whether it is static content, such as graphics, or dynamic content, Web servers are the only systems in direct contact with the end client. In addition, Web servers are the only authorized hosts able to access the back-end database and application services as necessary. The majority of e-commerce sites address their scalability and high availability requirements for presentation services by scaling out their Web servers.
The application servers are responsible for the business logic services. The application servers can be dedicated servers. Alternatively, the services that the application servers provide can be combined with the Web servers or the database servers. The decision is based on how the presentation, business, and database services communicate. If the presentation services make many small requests to the business services then it probably makes sense to move the services closer together. Conversely, if the business services process lots of data into small results then you can move the business closer to data. Additionally, the placement of application servers influences scalability, high availability, and security. There is no "golden rule" and each e-commerce site architects server placement to best meet its business needs. However, because of the ease of scaling out and the low cost of Web servers, many e-commerce sites place application services onto Web servers. This means the application services simply and efficiently inherit the scalability, high availability, and security of the Web servers.
Stateful Firewall
Stateful firewalls provide security services through connection control. They are predominantly used when protecting mission-critical or sensitive data is of the utmost importance. This is typically on the back-end databases and application servers. Firewalls secure the communication to application and database servers by providing stateful inspection on all connections and allowing only authorized devices, such as Web servers, to access data on the servers.
Because firewalls protect the most sensitive data, they play an important role in reaching the servers. Thus, firewalls are often implemented in pairs, whereby one is the active unit and the other is the standby unit. In the event of a failure of the active unit, the standby unit becomes operational. To ensure that connections to the application and database servers are maintained in the event of a failure of the firewall, firewalls must be able to perform stateful failover.
Database Servers
The database servers reside in the back end of the network and house the data for e-commerce transactions as well as sensitive customer information. This is commonly referred to as the data services. Although Internet-based clients do not directly connect to these servers, the front-end Web servers initiate connections to these servers when a client conducts a series of actions such as logging in, checking inventory, or placing an order. Most e-commerce sites scale up their database servers for scalability and implement failover clustering for high availability. Partitioned databases, where segments of data are stored on separate database servers, are also used to enhance scalability and high availability in a scale-out fashion.
E-Commerce Architectures
E-commerce architectures fall into two basic categories: single-site and multisite architectures. This section describes the basic components of the two architectures. Cisco and Microsoft tested both architectures.
Single-Site E-Commerce Architecture
A single-site e-commerce architecture consists of two main sections: the front-end and the back-end network. The front-end network consists of Web and application servers that are accessible from the Internet by users. The network devices that connect the Web and application servers include edge routers, multilayer switches, content caching devices, load balancers, and intrusion detection systems.
The back-end network consists of database servers, firewalls, and multilayer switches. A firewall typically serves as the delineation point between the front-end and back-end sections of the network.
Figure 3 is a functional representation of the single-site implementation with a high degree of redundancy across the network and the servers. This solution can be located at an enterprise site or at a co-location service provider facility. To provide access to the e-commerce network within a co-location facility, additional circuits must be installed from the enterprise site to the e-commerce network. These circuits allow for remote management and integration with back-office systems such as Enterprise Resource Planning (ERP) applications.
Multisite E-Commerce Architecture
A multisite architecture can be constructed in several ways. The architecture typically comprises a main e-commerce site and one or more satellite sites that extend the e-commerce service offerings of a company. The satellite sites can contain a portion or the entire architecture of the main site. The key determining factors in the architecture selection are the degrees of database synchronization desired between the e-commerce sites and the amount of traffic that must be backhauled to a main site.
Companies move to multisite architectures when their user bases expand beyond their local geographies, and they have a requirement to improve the e-commerce application response times to these geographically dispersed users. Multisite architectures also provide a certain degree of redundancy and backup to companies should the primary site fail. The satellite e-commerce sites are connected to the main site over a corporate backbone, such as Frame Relay or ATM. Database synchronization and updates, remote management, and integration with a corporation's ERP system are performed over the corporate backbone. Some of the different types of multisite architectures are discussed below using three scenarios:
In Scenario 1, the front end of a main e-commerce site is replicated and geographically distributed. Because the front end consists primarily of Web servers and their associated content, the ability to replicate and distribute the data on these servers allows the remote sites to handle user requests for static content. Using these remote sites alleviates the need to backhaul user requests for static content to the main site. It also improves the response times on user requests for Web content.
Scenario 2 consists of replicating the front-end network of the main site along with a portion of the back-end network. In this scenario, application servers and associated database servers, which are primarily responsible for maintaining and serving relatively static content, are replicated at a remote site. Information such as user account information, product catalog information, and "specials" information (for example, special discounts, pricing, and so forth) can be replicated on remote servers and alleviates the need to backhaul such traffic to the main site. In this scenario, only traffic involving dynamic information such as a commerce transaction is backhauled to the main site. This solution also improves the response time on user requests for content.
A third scenario involves the creation of a completely redundant site that can host the entire set of e-commerce services should the primary site fail. In this scenario, all databases and applications are completely replicated and synchronized in real time, or as close to real time as possible. Scenario 3 can permit the primary site to completely fail without losing the ability to provide e-commerce services to users. This solution provides the ultimate in e-commerce service availability.
For the purposes of the joint testing between Cisco and Microsoft, Scenario 2 was used. Figure 4 is a functional representation of the multisite site implementation tested.
Cisco and Microsoft E-Commerce Lab Implementation
The following sections outline the actual lab implementation used for the joint Cisco and Microsoft e-commerce architecture validation. All components used in the lab and their associated functions are detailed below.
The "Configuration Recommendation" section outlines recommendations for each component within the network. This section is followed by the methodologies and results of the actual lab testing. Finally, the specific model numbers and configuration files of the network components are provided in the appendix "Cisco Configuration" for reference.
Base E-Commerce Components
The base e-commerce components tested within the joint Cisco and Microsoft framework architecture are as follows:
| • | Cisco DistributedDirector |
| • | Cisco IOS-Powered Edge Router |
| • | Cisco Cache Engine |
| • | Cisco Catalyst Multilayer Switch |
| • | Cisco LocalDirector |
| • | Microsoft Windows 2000 Advanced Server |
| • | Microsoft Internet Information Server 5.0 |
| • | Cisco Secure PIX Firewall |
| • | Microsoft SQL Server 7 |
A high-level representation of these products, relative to one another in an e-commerce network, is shown in Figure 5. The following sections outline the primary function of each of the e-commerce components.
Cisco DistributedDirector
The key enabler for a distributed e-commerce network architecture is a geographic load balancer such as Cisco DistributedDirector. DistributedDirector is responsible for making load-balancing decisions on a geographic level. The load-balancing decisions are made based on a series of collected metrics from the networks participating in offering the distributed e-commerce services.
The primary function of the DistributedDirector is to play the role of an authoritative DNS server for the e-commerce domain (for example, www.cisco.com). A client who wants to access an e-commerce site initiates a DNS request for the appropriate URL. DistributedDirector receives the DNS request and responds with the unique IP address of the e-commerce site's data center that will provide the best service to the end client. The decision by DistributedDirector is based on the collected network metrics.
For the lab, the Cisco DistributedDirector 4700M was used at the main site and the DistributedDirector 2501 was used at the remote site.
Cisco IOS-Powered Edge Router
Whether the e-commerce solution is hosted at a co-location service provider, or self-hosted by the enterprise itself, Cisco IOS-powered edge routers provide the ideal interconnect for Internet access. An e-commerce edge router must enable the main services of e-commerce: security, high availability, and scalability.
Cisco IOS security services provide a secure front-door to any e-commerce network through the use of features such as extended ACLs, integrated stateful Firewall Feature Set (FFS), TACACS+/Radius AAA services, and Kerberized device configuration access.
At the top of the Cisco high availability feature set is The Cisco Hot Standby Routing Protocol (HSRP). Robust routing protocols such as Open Shortest Path First (OSPF) and BGP provide routing availability and load-balancing capability. Cisco edge routers also provide a rich set of QoS features that improve the availability of user sessions during times of peak load on the network.
Regardless of the implemented network size, Cisco offers a variety of router platforms to meet each need while offering the full Cisco IOS suite of services. Larger implementations can benefit from the performance offered by Cisco 7200, 7500, and 12000 high-capacity router platforms. Smaller network implementations can choose the Cisco 3600 Series Routers.
The Cisco IOS routers tested in the lab included two Cisco 7200 Series Routers for the main site and a Cisco 3660 Series Router for the satellite site.
Cisco Cache Engine
Content caching provides an easy method of increasing the scaling and performance of an e-commerce site. An e-commerce provider can deliver accelerated services to its customers by front-ending Web server farms with cache engine clusters such as the Cisco Cache Engines.
In this solution, Web content requests by users are redirected to a Cisco Cache Engine cluster instead of directly forwarding them to the Web servers. If the content that is requested is cacheable, the Cache Engines fulfill the request. When the cache cluster fulfills these requests, it offloads traffic from the Web servers thereby minimizing content download latency and increasing Web server capacity. After a customer requests a particular piece of cacheable content, it is cached so that successive requests are not directed repeatedly to a Web server. Within an e-commerce environment, the Cache Engine cluster only caches the content that is available on the local Web servers. This arrangement is referred to as the Reverse Proxy Caching function.
At the heart of a Cisco caching solution is the Web Cache Communication Protocol (WCCP) that facilitates the link between Cisco IOS-enabled routers and the Cache Engines themselves. Through WCCP, Cache Engines can be clustered to provide scalability and resiliency. In addition, several Cisco IOS Software-enabled routers can use the cache cluster simultaneously for a robust high-availability solution.
Cisco offers several cache products to address a variety of e-commerce solutions. The Cisco Cache Engine 500 Series supports all the enhancements offered by WCCP version 2 to provide a solid e-commerce solution.
For the purpose of the e-commerce testing lab, multiple Cisco Cache Engine 505 devices were used.
Cisco Catalyst Multilayer Switch
Part of the e-commerce architecture includes Web, application, and database servers. To interconnect these servers, high-speed multilayer network switches are required. Cisco provides the Catalyst 5500 and 6000 Multilayer Switches, which offer a highly resilient and scalable switch platform to interconnect servers. The Catalyst Switches offer a high degree of intelligent network services, such as security, high availability, and scalability. For example, the Catalyst 5500 and 6000 platforms offer dual power supplies, fans, and supervisor engines to provide enhanced high availability. In addition, the Catalyst 6000 Series Switch offers wire-rate intelligent services including ACLs for security, QoS for session high availability, integrated server load balancing, and private VLANs for enhanced security. High availability is further enhanced though several optimized Layer 2 and Layer 3 protocols that offer fault recovery in less than 2 seconds in most failure scenarios.
For the lab tests, the Catalyst 6506 Switches were used at the main site, and the Catalyst 5505 Switch was used at the satellite site.
Because security is of primary importance in an e-commerce environment, the Cisco private VLAN feature is used to further enhance such security. The Cisco private VLAN feature, available on the Catalyst 6000 and 3500 Series Switches, is an advanced Layer 2 feature for providing port-based security between adjacent ports within a VLAN. A private VLAN is a VLAN in which ports designated as access ports are allowed to communicate only with ports designated as promiscuous. This ensures that if an attacker compromises the security integrity of one server on a port, access cannot be gained to other Web servers on the network. This prevents the use of adjacent servers as launch pads for further attacks.
Cisco LocalDirector
A top priority in any server-hosting environment is the high availability of the applications themselves. Server load balancing (SLB) provides the key to IP connection load distribution while simultaneously improving the availability of servers. Through many sophisticated features and algorithms, the server load-balancing solutions from Cisco ensure that connection load is fairly distributed among available servers. This allows for ease of configuration should servers and their applications need to be added or removed from service.
Enhanced high availability is provided by Cisco technology and its ability to provide stateful failover and no loss of connection should an SLB path fail. Cisco offers several solutions for server load balancing including the stand-alone Cisco LocalDirector appliance and the integrated IOS SLB function found on the Cisco Catalyst 6000 Family multilayer Switches and the Catalyst 4840G Switches. Each of these products offers all the required services for extreme application availability and high connection throughput. For the purpose of the e-commerce testing lab, Cisco LocalDirector 430 appliances were used.
Microsoft Windows 2000 Advanced Server
The operating system used on both the Web and database servers within the E-Commerce Framework Architecture is Microsoft Windows 2000 Advanced Server. Windows 2000 Advanced Server provides scale-up capabilities by using the latest server hardware for up to 8-way SMP and up to 8 GB of RAM. Additionally, Windows 2000 Advanced Server increases high availability by supporting two-node, high availability clustering, which ensures that critical e-commerce applications are up and running on demand. Windows 2000 Advanced Server also provides additional services such as component services with COM+ and message queuing with Microsoft Message Queue (MSMQ) to the e-commerce sites.
Microsoft Internet Information Services 5.0
Internet Information Services (IIS) 5.0, which provides Web services, is fully integrated at the Windows 2000 Server operating system level. E-commerce sites use this integration during authentication and authorization. For extreme performance, E-commerce sites can develop Internet Server API (ISAPI) filters and applications. This places the e-commerce solution in the same memory space as IIS for the most intensive tasks. Active Server Pages (ASP) provides a quick and easy way to produce dynamic content. Application high availability can be increased through IIS application isolation.
Cisco Secure PIX Firewall
The most highly sensitive and valuable data within an e-business network is housed on back-end database servers. Information, including customer account histories and profiles, product inventories, and financial transaction details, must all be secured from potential malicious activity at all costs. To address such a security concern, stateful firewall services are used to secure connections from front-end Web servers and application servers to back-end database servers.
Cisco offers a set of high-performance stateful firewalls in the PIX Firewall Series, which accommodates extensive load while maintaining high availability. The PIX Firewall offers stateful session inspection, user authentication and authorization, and stateful failover should the firewall fail. The high availability, performance, and security of the PIX Firewall makes it a perfect fit for any e-commerce environment. For the purpose of the e-commerce lab testing, Cisco Secure PIX 520 Firewalls were used.
Microsoft SQL Server 7
Microsoft SQL Server 7 provides database services in the E-Commerce Framework Architecture for reliable storage of persistent data such as transactions, profiles, and catalogs. E-commerce sites can scale up their database capabilities with SQL Server 7 and Windows Advanced Server to 8 processors and 3 GB of RAM. High availability is increased with clustering. For e-commerce sites with large volumes of data, the database can be partitioned across multiple servers to distribute the processing load.
SQL Server 2000, released in August 2000, delivers a new generation of features and functionality that extend its capabilities as a high performance relational database powering Internet solutions.
Configuration Recommendations
The purpose of the Cisco and Microsoft joint initiative was to discover the best way to combine technologies from both companies in an effort to design a solid e-commerce solution. In doing so, both parties were able to jointly discover and develop a series of best practices that relate to the design and configuration of the joint e-commerce solution.
The following sections of this document relay these best practices and configured options within the joint E-Commerce Framework Architecture. The best practice recommendations are organized under the three main deterministic design criteria of e-commerce: high availability, scalability, and security.
For each design component, three main descriptive characteristics are presented. The characteristics include the following:
| • | Service Requirement—outlines the required service from the specified component in terms of high availability, scalability, or security. |
| • | Recommendation— Outlines the recommended configuration for the design component. |
| • | Service Function—Outlines the high-level function of the component. |
For each design component, the specific component's classification is presented in addition to the specific model number that was used in the case of specific network devices.
High Availability
When you consider high availability design, the ability of the redundancy incorporated within a design needs to be strategically applied. It is one thing to create a redundant design by adding extra network components and links ad-hoc, but it is another thing to add the right amount of redundancy and appropriately configure supporting protocols to optimize its effects.
High availability design incorporates four main requirements for deployment:
| • | Elimination of any single point of failure |
| • | Stateful failover where applicable |
| • | Predictable failover recovery mechanisms |
| • | Load-sharing across a redundant design |
In creating the joint E-Commerce Framework Architecture, all single points of failure have been removed through the use of redundancy and proper configuration of supporting protocols.
Cisco DistributedDirector
High Availability Service Requirement: | Provide a load-balancing function between e-commerce sites from a global perspective. Within a distributed architecture, one of the most important design issues is load balancing among different data centers. The Cisco DistributedDirector (DD) offers load balancing to geographically dispersed sites. |
Recommendations: | · Implement one DistributedDirector at the main e-commerce site |
Service Function: | DD has two functional modes : DNS mode and HTTP redirect mode. DNS mode is mainly used within an e-commerce environment and is chosen in this lab verification exercise. The Cisco Network Registrar (CNR) DNS server services the "duwamishbooks.com" domain. DD acts as the authoritative name server for the www.duwamishbooks.com subdomain. |
Cisco IOS-Powered 7200 Series Internet Router
High Availability Service Requirement: | Connect to redundant Internet service providers and provide rerouting capability and best path selection through provider networks. |
Recommendations: | · Implement redundant routers for the headquarter site to eliminate the single point of failure of having only one router. Tie each router into one ISP connection for maximum high availability. |
Service Function: | Multiple routers are used, each one to connect to an individual ISP. The routers share Internal BGP (I-BGP) routing information to allow for optimal routes to be chosen through the two ISPs for return traffic. Should one router, uplink, or ISP fail, the remaining router, uplink, or ISP resumes full service for the e-commerce network. |
Cisco Cache Engine
High Availability Service Requirement: | Provide a caching function for static Web content thereby offloading the real Web servers from their requirement to successively deliver the same static content for identical client requests. |
Recommendations: | · Implement caching on the front-end in those scenarios where heavy amounts of static content are used in the Web pages (for example, graphics, and so forth) and extra front-end capacity is needed. Caching allows for plug-and-play additional capacity for those client requests for static content. The use of caching alleviates the need for additional front-end Web servers. Case-by-case evaluations must be made as to the effectiveness of deploying a caching service. In many cases the current capacity of the front-end Web servers may be sufficient, thereby alleviating the need for caching. |
Service Function: | The use of caching allows Web servers to be relieved of the tasks associated with repetitively responding to client requests for static content. Cache Engines store copies of the static content can respond to client requests without involving Web servers. You must evaluate the effectiveness of cache technology, because it is currently applicable only for static content. If the particular e-commerce site does not possess large amounts of cacheable content, the use of cache engines can pose an unnecessary bottleneck for the overall service. |
Cisco Catalyst 6500 Multilayer Switch
High Availability Service Requirement: | Provides redundant interconnectivity for all redundant Internet appliances, Web servers, and ISP-facing routers. Uses VLANs to create separate broadcast domains. Uses Gigabit EtherChannel® to alleviate single points of failure by creating multiple links between adjacent devices. |
Recommendations: | · Implement redundant switches to alleviate single points of failure. |
Service Function: | Multiple Catalyst Switches allow for multiple routes within the Layer 2 and Layer 3 domains as well as server connections. The use of multiple Layer 2 and Layer 3 paths allows for survival after multiple incidence failures in addition to the simple single failure within the network. |
Cisco LocalDirector
High Availability Service Requirement: | Provide a load-balancing function between mirrored servers adding high availability and capacity to the content delivery systems. |
Recommendations: | There are two functional modes for load balancing to servers offering the exact same content, namely Directed Mode and Dispatch Mode. These modes define the mechanism that is used to directs TCP connections to an actual real server within the mirrored group of servers. Directed mode is sometimes called Network Address Translation (NAT) mode and incorporates an IP and media access control (MAC) address translation to steer the connection towards a real server. Dispatch mode relies on destination MAC address rewrite functionality only, and thus operates at higher speeds. |
Service Function: | The total collection of front-end Web servers is represented to the user community as a single virtual server. Users from the Internet create connections to the virtual server resulting in a load-balancing directive to one associated real server. Depending on the use of Directed or Dispatch mode, the load-balancing mechanism either uses an IP/MAC address or a MAC-only rewrite. Using CVS, specific content within the Web servers can be tracked for availability and accuracy, increasing the overall service high availability. In addition, DFP allows for environmental metrics retrieved from the real servers to be factored into the load-balancing algorithm, enabling connections to be directed to servers relative to their load snapshots. From a high availability perspective, it takes approximately 30 seconds to switch control from the primary LocalDirector to the backup LocalDirector if the primary unit fails. The failover cable transfers heartbeats between the two LDs. The purpose of the Ethernet cable between the pair is to synchronize the state of transactions in progress. |
Microsoft Internet Information Services 5.0 (IIS)
High Availability Service Requirement: | Provide a front-end application driven by HTTP to which clients can connect. The Web servers are the only servers to which the client community will directly connect. |
Recommendations: | · Implement a series of front-end Web servers, each with a mirrored copy of the same content. |
Service Function: | Front-end Web servers are grouped by the specific service they provide to the overall e-commerce configuration, namely basic Web presence, search facilities, SMTP (e-mail), or File Transfer Protocol (FTP) for download. SSL services are similarly segregated from normal HTTP traffic. Each group of systems (for a particular service or function), called a Web cluster, consists of a set of identical systems called clones. All clones in a Web cluster run the same software and have access, either through content replication or from a highly available file share, to the same Web content, HTML files, ASP files, scripts, and so forth. The front-end systems are made highly available through the use of multiple systems in a Web cluster coupled with the LocalDirector load-balancing system. A single virtual IP address for a Web cluster is advertised to the clients. Client requests are made to each Web cluster using this virtual IP address that all the front-end systems in a Web cluster can respond to. Building failure detection into the load-balancing system increases service availability: a system that no longer offers a service can be automatically removed from the load-balance set while the remaining clones continue to offer the service. |
Cisco Secure PIX Firewall
High Availability Service Requirement: | Provide a stateful-aware security function between the front-end Web servers and the back-end database and application servers. |
Recommendations: | · Install Cisco Secure PIX Firewalls in a redundant configuration to take full advantage of the stateful failover functionality. |
Service Function: | In this e-commerce framework, a pair of PIX Firewalls is set up in the main site such that one is active and the other one is standby. All traffic is sent to the active PIX for checking and handling. Only in the event of the primary PIX device or link failure does the standby PIX become active. |
Microsoft SQL Server
High Availability Service Requirement: | Provides resilient database services for the e-commerce applications. |
Recommendations: | · Deploy a duplicate database server with fully replicated components. This configuration removes any single point of failure within the database service. |
Service Function: | Back-end systems are more challenging to make highly available, primarily because of the data or state they maintain. They are made highly available by using failover-clustering technology. Microsoft Cluster Services enable multiple servers to share resources such as SQL Server databases and storage subsystems. The servers in a cluster use a dedicated NIC to detect failed applications or servers by sending periodic messages ("heartbeats") over a dedicated LAN. In the event of a failed server, ownership of resources (such as disk drives and IP addresses) are automatically transferred to a surviving server and the failed server's workload is restarted on the new server. |
Scalability
The scalability of an e-commerce solution is another major concern for the enterprise. All too often e-commerce services become vastly popular in a relatively short period of time thereby driving site load to unexpected levels. When such sites become heavily loaded, it is not feasible to have maintenance windows so that the site can be expanded to handle a larger capacity of transactions. For this reason, it is important to provide a scalable infrastructure immediately to allow for incremental updates to site capacity without interrupting the daily transaction volumes.
The Cisco and Microsoft joint e-commerce allows for gradual increases in capacity without service disruption. The key to providing a scalable service is the ability to increase capacity while maintaining the functional characteristics of the original design. In addition, capacity cannot be added if it might compromise the high availability of the overall service.
Cisco DistributedDirector
Scalability Service Requirement: | Provide a global load-balancing function as a single site is expanded into multiple distributed sites. |
Recommendations: | · Use the DistributedDirector (DD) only when deploying a distributed e-commerce architecture |
Service Function: | The e-commerce solution has two basic scaling methodologies. One approach is to grow a single site by adding more network components, bandwidth, and servers. Another approach is to scale horizontally by building multiple sites. The latter approach is harder to achieve yet offers added benefits of disaster recovery applications and general overall higher availability. The DistributedDirector helps the latter scenario by strategically distributing client connection load among geographically disbursed sites through a DNS facility. A client's proximity is compared to the known locations of the distributed sites to determine the closest facility to route the request. After this site is determined, the client is directed to that site via a DNS response from the DD with the address of the virtual IP within that site. |
Cisco IOS-Powered 7200 Series Internet Router
Scalability Service Requirement: | Provide a scalable interconnection to one or many different ISPs, as additional bandwidth is required. |
Recommendations: | · Create multiple paths through the network infrastructure for higher availability and make use of these paths to allow for load sharing and higher scalability through routing protocol load balancing. |
Service Function: | In order to propagate local IP network routes to the chosen ISPs, you must run EBGP between the e-commerce site and the ISP edge routers. By doing so, the ISP routers learn and propagate the IP network information associated with the e-commerce site. In addition, the border routers within the e-commerce site learn the entire Internet routing tables in order to allow them to collectively determine the optimal path for return traffic to a client. This BGP routing table can be also exchanged with the MSFCs within the Catalyst 6500 Switches to allow them to make an optimal decision on which uplink to use to forward traffic back to the clients. With all four routers, namely the two ISP routers and the two MSFCs that exchange BGP information, load balancing can be achieved across ISPs in an optimal fashion. |
Cisco Cache Engine
Scalability Service Requirement: | Provide additional plug-and-play Web capacity for static content. |
Recommendations: | · Evaluate the composition of the Web server content to determine the amount of static content. If the static content is excessive (graphics, and so forth) and the existing Web servers are heavily utilized, install a caching solution to reduce the load on the Web servers. |
Service Function: | Cache engines provide an effective way to increase scalability in an e-commerce site and improve the perceived performance to the clients without excessive cost. Cache engines are implemented in front of the Web servers, thereby offloading connections. The use of cache engines front-ending Web servers is known as a reverse-proxy arrangement. The Cisco WCCP protocol is implemented in both Cisco's Cache Engine products and Cisco IOS-based routers. Both routers and Cisco Cache Engines communicate with each other using WCCP. Specifically, when an HTTP connection request arrives at a WCCP-enabled router, the router forwards it to one of the Cisco Cache Engines in the cluster. If the Cisco Cache Engine already has the URL cached, it sends back the objects directly to the client thereby offloading the 'real' Web server. Otherwise, it fetches the object on behalf of the client and then responds back to the client. |
Cisco Catalyst 6500 Multilayer Switch
Scalability Service Requirement: | Provide a highly scalable Ethernet interconnect for all servers, network appliances, and routers. |
Recommendations: | · Deploy Catalyst 6500 Multilayer Switches. The Catalyst Switches will offer many upgrade options to provide additional capacity in the future as the e-commerce site grows. |
Service Function: | The multilayer switching component of the e-commerce solution offers vast performance and bandwidth capacity. The Catalyst 6500 Multilayer Switch in its basic configuration offers 32 Gbps of switching capacity, which translates to approximately 15 million pps. This represents an extraordinary amount of capacity relative to other devices in the configuration and will not need to be considered for additional performance upgrades for quite some time in most cases. |
Cisco LocalDirector
Scalability Service Requirement: | Provide scalable server load-balancing services that can allow for additional servers to be added to the loadbalancing function without interruption of service. |
Recommendations: | · Use the 'least connections' predictor algorithm on the LocalDirector to ensure that the available 'real' servers are used most efficiently. |
Service Function: | For server load balancing, the ability to easily add new servers into the pool is mandatory. Not only must this be an easy process, the configured predictor must incorporate the new servers into the algorithm quickly and efficiently. The LocalDirector distributes traffic to servers offering the same content and applications fairly and efficiently using the preconfigured predictor. It load balances traffic to the real servers and helps to avoid server-overloaded situations. Additional servers can be added without disrupting servers already in service. |
Microsoft Internet Information Services 5.0 (IIS)
Scalability Service Requirement: | Provide a scalable architecture for e-commerce application deployment. |
Recommendations: | · Deploy specific functions associated with the e-commerce application (browsing, searching, purchasing, and so forth) on function-specific pools of servers. By increasing the number of Web servers within specific groups, you can increase the capacity of a specific function. The concept of pooling together servers providing a common function is referred to as grouping them into Web clusters, and using a load-balancing system is the principal techniques for increasing the number of clients supported. Applications designed to support a stateless environment enable scalability, both vertical and horizontal, because successive connections can land on any available server without regard for previously stored state. |
Service Function: | Web servers in the front end of the e-commerce infrastructure are assigned based on the specific e-commerce client task they perform. For each task such as browsing, searching, and ordering, a dedicated group of mirrored servers is assigned to provide the e-commerce function. The LocalDirector load balancer distributes connections among the various mirrored servers. As a particular e-commerce function requires more capacity, more mirrored servers are added to the load-balancing algorithm. |
Microsoft SQL Server
Scalability Service Requirement: | Provide scalable and resilient database services that can be expanded with minimal impact to the e-commerce service. |
Recommendations: | · Arrange multiple Microsoft SQL Servers in a clustered arrangement. The clustering capabilities of Windows 2000 Advanced Server enable multiple SQL Servers to be configured to represent one virtual address that provides both high availability and scalability for the e-commerce solution. |
Service Function: | The scalability of database services must be designed into the e-commerce site from the beginning. Transactions must efficiently access data while minimizing the level of contention with each other. |
Security
Security is one of the most important aspects of an e-commerce solution. Without tight security, confidential customer information such as credit card numbers and complete home addresses can be compromised. The effects of any sort of security breach results in a much lower customer confidence in the e-commerce service followed by a substantial loss of business. However, there is a balance between security and the usability of the site. Too much security can lead to very poor performance and a virtually unusable site. For this reason, the joint e-commerce solution proposes a security solution that is sufficient in most e-commerce cases. There will always be varying degrees of integrated security based on the enterprise's comfort level. However, the site is designed in such a way that additional security can be added if required.
The key components of a security solution are ranked in their order of ease of deployment and relative security strength. Those solutions that are typically easy to deploy might not provide an adequate level of security on their own. The best security solution comprises a combination of security options with the ability to add more in the future. The three main network components of an e-commerce security solution include:
| • | Extended Access Control Lists (ACLs) on routers |
| • | Cisco IOS Firewall Feature Set (FFS) |
| • | Cisco Secure PIX Firewalls |
These three network security components are explained in the next section and are in addition to host-based security within the Microsoft components of the e-commerce solution.
Cisco IOS-Powered 7200 Series Internet Router
Security Service Requirement: | Provide in initial line of defense against extraneous traffic entering the e-commerce site. |
Recommendations: | · Apply tight Extended ACLs to the inbound interfaces to the routers. These ACLs need only to allow traffic that is relevant to the e-commerce site. |
Service Function: | The function of the front-end routers is to filter extraneous traffic. Although you might need to permit several TCP/UDP ports using ACLs, at a minimum you must permit HTTP (TCP/80), SSL (TCP/443), and DNS (UDP/53). Other traffic such as ping, Telnet, and FTP are not required and should be denied. In addition, take special precautions to secure the routers themselves. Do not allow login ability from the "outside" network. Use security technologies such as Tacacs+/Radius, SSL/Kerberos, and others to secure and account for access to the router consoles. |
Cisco Catalyst 6500 Multilayer Switch
Security Service Requirement: | Provide a secure environment for interconnection of all network appliances, routers, and servers. |
Recommendations: | · In addition to applying ACLs to the router interfaces, apply wire-rate ACLs to the switch as a secondary security measure. |
Service Function: | The Catalyst Multilayer Switches serve as a second line of defense against unwanted traffic. As a minimum, ACLs can be applied within the Catalyst Switch that provides the same sort of function as those within the routers. All ACLs that are applied within the switch do not pose any performance degradation, as they will run at wire-speed. In addition, you must take special precautions to fully secure the console access to the switches themselves through AAA services. |
Cisco LocalDirector
Security Service Requirement: | Provide server load-balancing services in a secure manner to the front-end Web servers while assisting in the protection from malicious activity reaching the 'real' servers. |
Recommendations: | · Use specific port mapping when creating a virtual IP address, a "real" server designation, and a binding of the two. The object is to allow only TCP port 80 for Web traffic or TCP port 443 for SSL traffic. All other traffic is refused. |
Service Function: | The SLB function of the LocalDirector can have a level of security associated with it using some of the inherent features. One of the main functions of the SLB device from a security perspective is to hide the addresses of the 'real' servers from the outside world. This prevents directed attacks to the real servers themselves. In addition, commands that create VIPs and map VIPs to real servers can be specified to allow only specific TCP ports. This is an important filtering feature, which prevents connections to extraneous ports from reaching the 'real' servers. |
Microsoft Internet Information Services 5.0 (IIS)
Security Service Requirement: | Provide a secure system environment to host the e-commerce application. |
Recommendations: | · Make full use of host-based network security components when building the server. Services like SSL, Web-server-based authentication, and host-based IP filtering offer strong security. |
Service Function: | Individual hosts must be fully secured before any application components can be installed. Several Microsoft documents describe best practices to "harden" a server running Windows 2000 and IIS prior to installing applications. The servers themselves also offer many network-based security features, such as address and port filtering, that further augment the network infrastructure security components. |
Cisco Secure PIX Firewall
Security Service Requirement: | Provide a high level of stateful aware security between the front-end Web servers and the back-end database and application servers. |
Recommendations: | · Use PIX Firewalls in front of the back-end servers to create a secure zone and protect the most valuable customer data. |
Service Function: | The PIX Firewalls provide a stateful-aware boundary between the front-end Web servers and the back-end database and application servers. This piece of the design is critical because the most crucial and private data is stored in the back end. Using the PIX Firewalls, specific policies are installed to only allow communication between the front-end Web servers and the back-end database and application servers. Under no circumstances should any rules allow connectivity from the outside world to anything behind the firewalls. Using NAT, the addresses of the back-end servers are hidden from the outside world. |
Microsoft SQL Server
Security Service Requirement: | Provide a secure system environment to host Microsoft SQL Server databases. |
Recommendations: | · Use Windows-based security instead of SQL Server- based security. |
Service Function: | Just like the Web servers, servers configured to host the Microsoft SQL Server database services must be "hardened" prior to any application installment. Documents located on the Microsoft Web site provide more details on hardening a Windows-based 2000 server and SQL Server. |
E-Commerce Lab Environment
The following diagram shows the physical layout of the joint Cisco and Microsoft e-commerce infrastructure. The lab includes one main site and a satellite site. The main site is fully redundant and serves as the repository for all e-commerce transaction data. The purpose of the satellite site is to scale the front end of the e-commerce service to support additional users. Clients of an e-commerce service spend a long time browsing product or service offerings. The browsed Web content is typically static and can be replicated and pushed to remote sites called satellites. With the ability of the distributed client base to access such static content within close proximity, the overall client experience becomes more enjoyable. Any transactions or requests for dynamic data at the satellite site are backhauled through a private network to the main site.
The following sections detail the configuration of the e-commerce infrastructure tested by Cisco and Microsoft in the lab.
Connectivity Analysis
To better understand the network topology used in the lab, a detailed connectivity analysis is provided below.
When a client on the Internet wants to connect to the e-commerce site, it must first resolve the DNS name of the site itself. In this case, the site is named www.duwamishbooks.com. The device that will inevitably provide this address resolution is the DistributedDirector (DD1). The DistributedDirector evaluates the proximity of the client to the two data centers (main and satellite) and returns the IP address of the closest center. The IP address that is returned is that of the primary LocalDirector. For the case where the main site is chosen, the returned address becomes the virtual IP address in the LocalDirector (LD1), which represents the series of "real" front-end Web servers.
After the client has resolved the IP address, it must connect to the virtual IP address on the LocalDirector (LD1) through the Internet. The front-end routers (R1 and R2) advertise the IP address of the e-commerce network to the Internet via BGP. A connection request from the client travels through the Internet towards the front-end routers. The front-end routers verify that the packet is for a valid protocol (HTTP, SSL, or DNS) and pass the packet to the Catalyst Switch (S1 or S2). The Catalyst Switches (S1 and S2) also propagate the IP network of the virtual IP address to the front-end routers via BGP.
The Catalyst Switches run WCCP, which allows Web requests to be redirected to available cache engines. In this case, the TCP port 80 call of an HTTP request is recognized by the Catalyst Switch and tunneled via a Generic Routing Encapsulation (GRE) tunnel to the Cache Engine (CE1). If the Cache Engine does not have the requested content, the Cache Engine acts on behalf of the client and requests the content from the actual Web servers. To accomplish this, the connection is passed to the primary LocalDirector (LD1) through the Catalyst Switch (S1).
Now that the connection has arrived at the LocalDirector (LD1), the LocalDirector must make a load-balancing decision on which "real" Web server to forward the connection to. After the decision is made, the connection is passed to a Web server running Microsoft IIS and e-commerce applications.
If the Web or application server needs to retrieve data from the database, it makes a call to the database server through the PIX Firewall (PIX1). The PIX Firewall verifies that the connection attempt is to a valid port (SQL defaults to 1433) and a valid source address (Web server) and passes the connection to a Microsoft SQL Server.
After data is returned to the Web or application server, the server must form the Web page and pass the data back to the client. The default route on the Web or application server is set to return data to the default gateway. However, in this scenario, the client has now been masked to look like the Cache Engine (CE1). The data is passed to the Cache Engine through the Catalyst Switch (S1).
The Cache Engine (CE1), now having received the data, caches the data (if possible) and passes the response back to the client through the Catalyst Switch (S1). When the Catalyst Switch (S1) receives the data from the Cache Engine, it uses its BGP routing table to determine the best front-end router to which to pass the data. When the router has been chosen, the data is passed to the front-end router and through the Internet back to the client.
The previous passage describes the typical client request procedure and the function performed by each device. The previous diagram of the lab layout, combined with the device configurations in the appendix, provides the complete picture of the lab configuration and operation.
Configuration Details
The configuration details provided highlight specific aspects of each network device. The entire configuration files of each device are presented in the appendix.
Cisco DistributedDirector
The Domain Name Service (DNS) mode of the DistributedDirector was used in this framework architecture. The DistributedDirector is used to load balance connections between the main site and the satellite site by responding to client DNS requests with specific addresses of the main site or the satellite site.
A primary DNS server for the test domain 'duwamishbooks.com' was set up using the Cisco Network Registrar (CNR) product. This name server refers a recursive DNS request from the client's local DNS server to the DistributedDirector, which serves as the authoritative name server for the www.duwamishbooks.com subdomain. From configured and discovered network metrics, the DistributedDirector resolves the address of www.duwamishbooks.com to the address of a LocalDirector virtual IP address at the main site or the satellite site depending on which one is a better choice for the client. The LocalDirector can then direct the client to one of the Web servers in the Web farm to balance the load on the servers.
The desired configuration of the DistributedDirector was achieved using the following steps:
| • | Specify main (forwarder) DNS name server for the duwamishbooks.com domain: ip name-server <name of CNR server> <IP address of the CNR server for duwamishbooks.com> |
| • | Define the virtual host name to be used for the site: ip director host <www.duwamishbooks.com> |
| • | Define IP addresses of the remote servers and associate them with the virtual host name: ip host <name> <IP address of LD for main site> <IP address of LD for the satellite site> |
| • | Add a ) start of authority (SOA) record that gives the director authority for the subdomain: ip DNS primary <www.duwamishbooks.com> SOA <primary> <contact> [refresh [retry [expire [ minimum ]]]] |
Cisco Cache Engine
The Cache Engines provide content caching services in what is referred to as a reverse-proxy function. This means that the Cache Engines store copies of static Web content that can be served to clients alleviating the need to forward the connection request to the actual real servers. In order to configure the caching service, a relationship must be established between the Cache Engines themselves and routers that are enabled for WCCP. The following commands are configured on the Cache Engines:
| • | Create a list of routers that will forward requests to this Cache Engine: wccp router-list |
| • | Apply the router lists to the Web-cache service: wccp reverse-proxy router-list-number |
| • | Set the WCCP version |