During the logical design phase of the solution life cycle, you design a logical architecture showing the interrelationships of the logical components of the solution. The logical architecture and the usage analysis from the technical requirements phase form a deployment scenario, which is the input to the deployment design phase.
This chapter contains the following sections:
A logical architecture identifies the software components needed to implement a solution, showing the interrelationships among the components. The logical architecture and the quality of service requirements determined during the technical requirements phase form a deployment scenario. The deployment scenario is the basis for designing the deployment architecture, which occurs in the next phase, deployment design.
When developing a logical architecture you need to identify not only the components that provide services to users, but also other components that provide necessary middleware and platform services. Infrastructure service dependencies and logical tiers provide two complementary ways of performing this analysis.
Infrastructure service dependencies and logical tiers are two of the three dimensions of the solution architecture upon which Sun JavaTM Enterprise System is based. The three dimensions are listed below and are also represented in About Logical Architectures.
Infrastructure service dependencies. Interacting software components that provide enterprise services. The software components require an underlying set of infrastructure services that allows the distributed components to communicate with each other and to interoperate.
Logical tiers. A logical organization of software components into tiers that represent the logical and physical independence of software components, based on the nature of the services they provide.
Quality of service. System service qualities, such as performance, availability, scalability, and others that represent particular aspects of a software solution’s design and operation.
For more information on Java Enterprise System architecture concepts, refer to the “Java Enterprise System Architecture” chapter in the Sun Java Enterprise System 5 Technical Overview.
A logical architecture depicts infrastructure service levels by showing the necessary components and their dependencies. A logical architecture also distributes the components among logical tiers that represent presentation, business, and data services that can be ultimately accessed by a client tier. Quality of service requirements are not modeled in the logical architecture but are paired with the logical architecture in a deployment scenario.
When you design a logical architecture, use the use cases identified during the technical requirements phase to determine the Java Enterprise System components that provide the services necessary for the solution. You must also identify any components providing services to the components you initially identify.
You place the Java Enterprise System components within the context of a multitiered architecture according to the type of services that they provide. Understanding the components as part of a multitiered architecture helps you later determine how to distribute the services provided by the components and also helps determine a strategy for implementing quality of service (such as scalability, availability, and others.)
Additionally, you can provide another view of the logical components that places them within secure access zones. The section Access Zones provides an example of secure access zones.
Java Enterprise System consists of interacting software components providing enterprise services that you can use to build your enterprise solution. The following figure shows the key software components provided with Java Enterprise System. The Sun Java Enterprise System 5 Technical Overview provides additional information on Java Enterprise System components and the services they provide.
When identifying Java Enterprise System components for a logical architecture, you need to also identify supporting components. For example, if you identify Messaging Server as a necessary component to a logical architecture, then your logical architecture must also include Directory Server and possibly Access Manager. Messaging Server depends on Directory Server for directory services and Access Manager for solutions requiring single sign-on.
The following table lists dependencies of Java Enterprise System components. Refer to Component Dependencies for a visual representation of dependencies among key components. When designing a logical architecture, use this table and accompanying figure to determine dependent components in your design.
Table 4–1 Java Enterprise System Component Dependencies
Java Enterprise System Component |
Depends On |
---|---|
Message QueueDirectory Server (optional) |
|
Messaging Server (for email notification service)Access Manager (for single sign-on)Web Server (for web interface)Directory Server |
|
Access Manager (for single sign-on)Calendar ServerMessaging ServerInstant MessagingWeb Server (for web interface)Directory Server |
|
Directory Server |
|
None |
|
Application Server or Web ServerDirectory Server |
|
Access Manager (for single sign-on)Directory Server |
|
Directory Server (optional) |
|
Access Manager (for single sign-on)Web Server (for web interface)Directory Server |
|
If configured to use Portal Server Channels: Calendar ServerMessaging ServerInstant Messaging Access Manager (for single sign-on)Application Server or Web ServerDirectory Server |
|
Portal Server |
|
Access Manager (optional, for access control |
The dependencies among Java Enterprise System components listed in Component Dependencies does not list all component dependencies. Component Dependencies does not list dependencies that you must consider when planning for installation. For a complete list of Java Enterprise System dependencies, refer to the Sun Java Enterprise System 5 Installation Guide for UNIX.
The previous section, Component Dependencies does not account for the web container in which Portal Server and Access Manager run. This web container can be provided by Application Server, Web Server, or a third-party product. When designing a logical architecture that includes Portal Server or Access Manager be sure to account for the web container required for these components.
The Java Enterprise System Messaging Server can be configured to provide separate instances that provide the following logically distinct services:
Message Transfer Agent
Message Multiplexor
Message Express Multiplexor
Message Store
These various configurations of Messaging Server provide functionality that can be deployed on separate physical servers and can be represented in different tiers of a logical architecture. Because these configurations for Messaging Server represent logically distinct services in separate tiers, consider them as logically distinct components when designing a logical architecture. The section Example Logical Architectures provides an example of logically distinct components.
The following table describes the logically distinct configurations of Messaging Server.
Table 4–2 Messaging Server Configurations
Subcomponent |
Description |
---|---|
Supports the sending of email by handling SMTP connections, routing emails, and delivering messages to the proper message stores. The MTA components can be configured to support email sent from outside the enterprise (inbound) or sent from within the enterprise (outbound). |
|
Provides for the retrieval and storage of email messages. |
|
Supports the retrieval of email by accessing the message store for email clients, using either IMAP or POP protocols. |
|
Supports the retrieval of email by accessing the message store on behalf of web- based (HTTP) clients. |
Java Enterprise System also contains components that provide access to system services, often from outside an enterprise firewall. Some configurations of Messaging Server can also provide network access, such as Messaging Server configured for message multiplexor. The following table describes Java Enterprise System components that provide remote access to system services.
Table 4–3 Java Enterprise System Components Providing Remote Access
Component |
Description |
---|---|
Provides enhanced directory access, schema compatibility, routing, and load balancing for multiple Directory Server instances. |
|
Provides secure Internet access from outside a corporate firewall to Portal Server content and services, including internal portals and Internet applications. |
|
Provides wireless access from mobile devices and voice access to Portal Server. |
|
Supports the retrieval of email by accessing the message store on behalf of web-based (HTTP) clients. |
Components providing remote access are generally deployed in secures access zones, as illustrated by the example in the section Access Zones.
Java Enterprise System is well-suited for multitiered architecture design, where services are placed in tiers according to the functionality they provide. Each service is logically independent and can be accessed by services in either the same tier or a different tier. The following figure depicts a multitiered architecture model for enterprise applications, illustrating the client, presentation, business service, and data tiers.
The following table describes the logical tiers depicted in Multitiered Architecture Design.
Table 4–4 Logical Tiers in a Multitiered Architecture
Tier |
Description |
---|---|
Contains client applications that present information to end users. For Java Enterprise System, these applications are typically mail clients, web browsers, or mobile access clients. |
|
Provides services that display data to end users, allowing users to process and manipulate the presentation. For example, a web mail client or Portal Server component allows users to modify the presentation of information they receive. |
|
Provides back-end services that typically retrieve data from the data tier to provide to other services within the presentation or business service tiers or directly to clients in the client tier. For example, Access Manager provides identity services to other Java Enterprise System components. |
|
Provides database services accessed by services within the presentation tier or business service tier. For example, Directory Server provides LDAP directory access to other services. |
Multitiered architecture design provides several advantages. During the deployment design phase, the placement of services according to functionality in a multitiered architecture helps you determine how to distribute services in your network. You also can see how components within the architecture access services of other components. This visualization helps you plan for availability, scalability, security, and other quality of service solutions.
This section provides some examples of logical architectures for Java Enterprise System solutions. These examples show how you place logical components within the appropriate tiers of a multitiered architecture and then analyze the relationships between the components by studying the use cases. Use the logical architectures examples in this section as a basis for understanding logical architecture design in Java Enterprise System solutions.
The first example is a basic Messaging Server solution that illustrates how the logically distinct components of Messaging Server interact with other components. The second example shows a logical architecture for an identity-based deployment solution that might be appropriate for a medium-sized enterprise of about 1,000 to 5,000 employees.
The following figure shows a basic logical architecture for a deployment of Messaging Server. This logical architecture shows only the logically distinct components required for Messaging Server. Later figures illustrate the relationships among these components.
Typically, a deployment of Messaging Server is part of an enterprise solution that includes other Java Enterprise System components, as illustrated in Identity-Based Communications Example.
The following table describes the components depicted in Messaging Server Example.
Table 4–5 Components in Messaging Server Logical Architecture
Component |
Description |
---|---|
Email clients |
Client applications for reading and sending email. |
Messaging Server configured as a message transfer agent (MTA) to receive, route, transport, and deliver email messages. |
|
Messaging Server configured as a message multiplexor (MMP) to route connections to appropriate message stores for retrieval and storage. MMP accesses Directory Server to look up directory information to determine the proper message store. |
|
Messaging Server configured as a message store for retrieval and storage of email messages. |
|
Provides access to LDAP directory data. |
The logical architecture does not specify replication of services for the Messaging Server components. For example, enterprise deployments typically create separate inbound and outbound MTA instances but Messaging Server Example shows only one MTA component. The replication of logical components into multiple instances is a design decision that you make during the deployment design phase.
Use cases help identify the relationships among the logical components in an architecture. By mapping the interactions between the components according to the use cases, you get a visual picture of component interaction that is helpful in deployment design.
Typically, you analyze each use case to determine the interaction of components prior to deployment design. The following three use cases are typical for Messaging Server and show interactions among the logical components.
Email client sends login information to Messaging Server Multiplexor (MMP)
MMP requests verification of user ID and password from Directory Server.
Directory Server returns verification to MMP.
MMP requests message list from Messaging Server Message Store (STR).
STR requests user’s LDAP record from Directory Server.
Directory Server returns user’s LDAP record to STR.
STR returns message list to MMP.
MMP forwards message list to email client.
Email client requests message to read from Messaging Server Multiplexor (MMP).
MMP requests message from Messaging Server Message Store (STR).
STR returns message to MMP.
MMP forward message to email client.
Email client sends deletes message action to MMP.
MMP forwards delete message action to STR.
STR deletes message from database and sends confirmation to MMP.
MMP forwards delete confirmation to email client.
Email client sends message composed in client to Messaging Server Message Transfer Agent (MTA).
MTA requests verification of user ID and password from Directory Server.
Directory Server returns verification to MTA.
MTA checks Directory Server for the destination domain for each recipient.
Directory Server returns to MTA the destination domain for each recipient.
MTA forwards message to each recipient.
MTA forwards message to Messaging Server Message Store (STR) to store message in outbox.
MTA sends confirmation to email client.
This example illustrates an identity-based communications solution for a medium-sized enterprise of about 1,000 to 5,000 employees. Typically, an exhaustive business analysis followed by detailed technical requirements analysis is needed to design the logical architecture. However, because this is a theoretical example, assume that the following business requirements have been determined:
Employees of the enterprise require personalized access to internal web sites, communications services, calendar services, and other resources.
Enterprise-wide authentication and authorization provide access to the internal web sites and other services.
Single identity is tracked across all enterprise services, enabling a single sign-on (SSO) that provides access to the internal websites and other services.
Use cases for this example would detail login procedures, reading email, sending email, personalizing the portal, synchronizing calendars, and other similar user activities.
The following figure shows a logical architecture for this type of identity-based communications solution.
For a deployment solution of this nature, there typically are numerous detailed use cases outlining the user interaction with the services provided by the solution. This example focuses on the interaction among components when a user logs into a portal from a web browser client. The example splits this login scenario into two use cases:
User logs in, becomes authenticated, and Portal Server retrieves the user’s portal configuration.
Portal Server retrieves email and calendar information to display in the web client.
The two use cases can be considered one extended use case. However, for this example, the use cases are separated for simplicity.
Web browser client sends user ID and password to Portal Server.
Portal Server requests authentication from Access Manager.
Access Manager requests verification of user ID and password from Directory Server.
Directory Server verifies user ID and password.
Access Manager requests user profile from Directory Server.
Directory Server returns user profile.
Portal Server requests user display profile from Access Manager.
Access Manager returns portal configuration.
Portal configuration is displayed in web browser client.
After successful log in, authentication, and retrieval of portal configuration, Portal Server requests email messages from Messaging Server MMP.
MMP requests message list from Messaging Server STR.
STR returns message list to MMP.
MMP forwards message headers to Portal Server.
Portal Server requests calender information from Communications Express.
Communications Express requests calendar information from Calendar Server backend.
Calendar Server backend returns calendar information to Communications Express.
Communications Express forwards calendar information to Portal Server.
Portal Server sends all channel information to web browser client.
Another way to represent the components of a logical architecture is to place them in access zones that show how the architecture provides secure access. The following figure illustrates access zones for deploying Java Enterprise System components. Each access zone shows how components provide secure remote access to and from the Internet and intranet.
The following table describes the access zones depicted in Access Zones.
Table 4–6 Secure Access Zones and Components Placed Within Them
Access Zone |
Description |
---|---|
Access to the Internet through policies enforced by a firewall between the intranet and the Internet. The Internal access zone is typically used by end users for web browsing and for sending email. In some cases, direct access to the Internet for web-browsing is allowed. However, typically secure access to and from the Internet is provided through the external access zone. |
|
Provides secure access to and from the Internet, acting as a security buffer to critical back-end services. |
|
Provides restricted access to critical back-end services, which can only be accessed from the external access zone. |
Access Zones does not illustrate the logical tiers depicted in the previous examples, but instead focuses on which components provide remote and internal access, the relationship of these components to security measures such as firewalls, and a visual depiction of access rules that must be enforced. Use the multi-tier architecture design in combination with the design showing access zones to provide a logical model of your planned deployment.
The completed logical architecture design by itself is not sufficient to move forward to the deployment design phase of the solution life cycle. You need to pair the logical architecture with the quality of service (QoS) requirements determined during the technical requirements phase. The pairing of the logical architecture with the QoS requirements constitutes a deployment scenario. The deployment scenario is the starting point for designing the deployment architecture, as explained in Chapter 5, Deployment Design.