When Netscape developed its second generation of Web servers, it used that opportunity to release a series of integrated servers for other Internet and intranetservices as well. Many industry observers believe that the intranet market-the use of Internet technologyto meet companies' in-house needs-is as large if not larger than the Internet market. Although some commercial Internet Service Providers (ISPs) have adopted the whole family of Netscape servers, the real market for these high-end products is the intranet.
This chapter describes Netscape's various server offerings, focusing on the common thread: the Java Virtual Machine that makes it possible for each ofthese servers to understand and respond to server-side JavaScript programs.
Netscape is leading a revolution. In 1995, many companies put simple sites on the Web. These sites were characterized by static HTML and perhaps a few CGI scripts. By the end of 1996, the new standard for the Web was LiveWire applications, integrated applications with much of the dynamic content coming from server-side JavaScript. Many pages have dynamic content, whether from server-side JavaScript, client-side JavaScript and Java, plug-ins, or a combination of techniques (including LiveConnect). Netscape's principal competitor, Microsoft, is pushing ActiveX as its integrated solution. As you have seen, Java and JavaScript were written specifically for the Internet and offer built-in capabilities that Visual Basic, Perl, and even C and C++ cannot match.
Although Netscape Communications is best known for its Web browser, the company moved in early 1996 to stake a claim to a broader range of Internet and intranet services. At the Netscape Developer Conference in March 1996, the company described a new set of server products-a catalog server, a proxy server, a mail server, and a news server-as well as second-generation releases of its existing Web servers. The new Web servers were FastTrack, an entry-level product, and Enterprise, a high-end Web server.
Netscape also used the occasion to announce a bundled product: all of the non-Web servers, the Enterprise Server, and LiveWire Pro, a version of Netcape's Web site development environment, specially enhanced to access relational database managers. Netscape calls this bundle SuiteSpot. Figure 17.1 shows the architecture of SuiteSpot.
Figure 17.1: SuiteSpot is a software bundle of servers and tools that work in an integrated fashion.
Perhaps the most important part of the announcement was the fact that each server understands Java and JavaScript. This fact means that a programmer can write code in Java, the object-oriented language designed by Sun Microsystems, or JavaScript, the scripting language developed by Netscape in cooperation with Sun, and have these programs execute on any of the Netscape servers. For example, a programmer can write a JavaScript program to provide filtering and run it on the proxy server.
Netscape's initial entry into the server market was called the Netscape Communications Server. When Netscape introduced the Communications Server, the server market was dominated by free software. The National Center for Supercomputer Applications (NCSA) at the University of Illinois at Urbana made a high-quality server available at no charge over the Internet. Another group, starting with the NCSA server, had implemented bug fixes, made small improvements, and was making its entry, Apache, available-also at no charge. (The members of this informal body call themselves "The Apache Group" after its software.)
Netscape understands that to compete with "free" products it needs to offer four things:
Netscape, of course, learned these lessons in the browser market, and that experience paid off when it began to ship Web servers. For example, Netscape offered graphical administration when the free servers required the administrator to edit complex configuration files. Like the free servers, Netscape's products were made available for download over the Internet-and although undoubtedly many use unregistered copies of the software, Netscape was apparently selling enough copies to justify the practice. Soon Netscape was offering a version of the server that had a feature everyone wanted: secure transactions.
The Netscape Commerce Server was the first popular Web server to offer secure communications. Its Secure Sockets Layer (SSL) met a market demand for a method of safely passing credit card numbers over the Internet. Using the Commerce Server, Webmasters could offer "secure sites" through which visitors could buy products. Netscape's server business boomed.
With the success of the Commerce Server in mind, Netscape decided to include SSL in both of its second-generation servers. SSL had been the primary discriminator between the Communications Server and the Commerce Server. With both FastTrack and Enterprise sporting SSL, Netscape needed a new feature to give users a reason to choose Enterprise over FastTrack.
Netscape came up with five. The Enterprise Server offers the following features:
Of course, by now Netscape is not the only company offering a commercial server that competes against NCSA and Apache, so Netscape has included a number of features that distinguish both of its second-generation offerings from its competitors in general, and its chief competitor, Microsoft, in particular. The second-generation Netscape Web servers offer the following:
An additional benefit of the Enterprise Server is that it integrates easily with Netscape's other servers and with LiveWire Pro, the database-enhanced version of Netscape's Web site development environment. All of these servers share a similar administrative interface; that interface is graphical and is based on Netscape Navigator. This fact means that the site administrator can be anywhere on the Internet, start Navigator, and get onto the site and make changes (assuming the permissions are set up appropriately).
On many intranet sites, the network administrator has two or three
servers on one machine and the rest on another machine. With remote
administration, the administrator can sit in the office and work
on any machine in the system. This interface is consistent across
servers and across platforms. There is very little difference
between the Web server administrative interface on a Sun machine
running Solaris and the same server running on a Windows NT computer.
Caution |
Although the second generation servers all come with SSL, some Webmasters do not enable it, arguing that "it's too much hassle" or that they don't need it because they're not taking credit card numbers. If you use a Netscape second-generation server, you really should turn on the SSL security. Because your server can be administered remotely, anyone who can read your packets can read your administrative username and password and reconfigure your server. Not a pretty picture. |
This multiplatform aspect of Netscape servers has two effects. First, it gives Netscape access to the UNIX market, which is particularly important to ISPs, and to the Windows NT market, important to the intranet. Second, it makes hardware vendors a bit more responsive to their customers, knowing that if they don't satisfy their customer, the customer can move to another vendor and still stay with their same tools and servers.
Recall, too, that the Enterprise Server has SNMP agents that can
connect to off-the-shelf software like HP's OpenView and Sun's
NetManager. The server can be configured to report important SNMP
events so that if the server goes down, the network administrator
is notified.
Tip |
Recall that Netscape offers all five servers, plus LiveWire Pro, as a package. Netscape's pricing for SuiteSpot is competitive. If you plan on getting several servers (but not all five) check out the current price for SuiteSpot. You may save money by buying the package rather than paying for each server separately, and you get LiveWire Pro and the database in the deal. |
Note |
Netscape's pricing and licensing on the new servers offers hope that the price gap between UNIX software and Windows NT software is narrowing. UNIX machines were traditionally department servers with multiple users, while Windows NT evolved out of the desktop single-user models. Today, Windows NT machines and UNIX machines do similar work, and when configured for similar tasks, their prices are competitive. Netscape is among the first software companies to acknowledge this fact by offering its UNIX versions for the same price as the Windows NT software. |
Netscape is well known for its HTML extensions. What is not well known is its work in extending HTTP, the protocol of the Web. One of the limitations of HTTP version 1.0 was that each entity on a page required a separate TCP/IP connection. If a page has, say, five graphics, it requires six successive TCP/IP connections: the first to download the page, the rest for the graphics.
A TCP/IP connection may require many milliseconds to set up and tear down, so a typical page spends much of its download time in network overhead. Netscape has included the keepalive option in its servers. Using keepalive, a browser requests a document, and the server keeps the connection open for a few seconds in case the browser wants more files from the same server. This approach enables some performance gains, particularly with LiveWire, where the server plays a role in generating dynamic content.
Another HTTP extension included in the Netscape servers is byte-range support. In HTTP/1.0, a request for an entity was an all-or-nothing affair. Either you wanted the file or you didn't. Although that approach works well with HTML files and graphics, it is a poor choice for other formats, such as multimedia.
Progressive Networks, developers of the real-time format called RealAudio, found the limitations of HTTP/1.0 so severe that it developed its own (non-HTTP) server. Adobe, developer of the Portable Document Format (PDF) requires byte-range support on a server before its second-generation PDF readers will work. With such support in place, its Acrobat reader can retrieve a PDF file in the same way a user may read a book, giving the user those pages he or she wants to see as the user wants them without having to download the entire document.
The range of choices in servers has clearly become broader and
more complex than it was just a few months ago. Netscape has developed
an online form that makes simple recommendations based on just
a few questions.
ON THE WEB |
http://home.netscape.com/comprod/server_central/query/prod_eval.html This site is home to the online form that recommends a particular Netscape server configuration (see Figure 17.2.) http://home.netscape.com/comprod/server_central/query/guide.html This page contains Netscape's Server Evaluation Guide, which provides additional information about the family of servers. |
Proxy Server Many people think of proxy servers in connection with firewalls and intranet security, but they also have a use in lowering network workload by making local caches of frequently requested documents. A proxy server sits between the client and the actual server, as shown in Figure 17.3. When the client asks for a document, the proxy server checks first to see if it already has a copy. If it does, it returns that copy instead of spending the time necessary to fetch it from the Internet.
Figure 17.3: A proxy server is an important component of a firewall.
Proxy servers can be placed on a firewall and configured to prevent Internet users from retrieving anything they like from the intranet. They are also used by large ISPs to maintain local copies of popular pages. Thus, if an America Online subscriber retrieves a copy of Yahoo's top-level index, it is likely that the copy is fetched from the proxy server rather than the Yahoo site itself.
Netscape reports that some of its intranet customers have had their network traffic drop by 50% since they installed proxy servers. This load reduction enables companies to defer costly upgrades to its networks so that the proxy servers pay for themselves many times over.
An ongoing issue surrounding proxy servers is how to keep documents updated. If Yahoo makes a change to its home page today, how long should it take before users behind proxy servers get the updated version? The answer to that question depends on how Yahoo sets the expiration header field of its page and, of course, how the proxy server is configured.
Most proxy servers offer replication on demand, and this capability is certainly present in the Netscape Proxy Server. Replication on demand means that when a user asks for a document that is not in the cache (or has expired), the server fetches that document from its original server and stores it locally.
The Netscape Proxy Server also offers replication on command. This feature enables the site administrator to configure the server to retrieve popular documents in the middle of the night, when network bandwidth is free. During the workday, a larger percentage of documents can be fetched from the cache, further reducing network loads.
Netscape understands that a common use of a proxy server is to police the gateway between the Internet and the company intranet. Its Proxy Server enables the administrator to restrict access by hostname, URL, or IP address. It also supports a feature Netscape calls the socksdaemon, which enables the administrator to control telnet sessions coming into the site.
Like the Enterprise Server, the Proxy Server supports SNMP. The administrator can set up software agents to talk to the server, and the server can generate alerts if things go wrong.
Because the proxy server supports Java and JavaScript programming, an administrator can set up an application that interacts with visitors' copies of Netscape Navigator, filtering locations and performing other services on behalf of the administrator.
The second-generation Proxy Server supports cache sizes up to 128G-hopefully enough for even the most demanding intranet.
News Server One of the most interesting additions to the Netscape family of servers is the News Server. Many Internet users are familiar with UseNet, the Internet service that distributes thousands of newsgroups to local servers around the world. Figure 17.4 shows a typical UseNet newsgroup, with Netscape Navigator as a newsreader. These servers communicate by using an open protocol called NNTP (Network News Transfer Protocol).
Like Web servers, many free NNTP server packages are available on the Internet. To compete against this free software, Netscape needed to add features not available in the off-the-Internet products. Netscape's contribution was secure news. Like the Web servers, the News Server has SSL. Now a company can set up a secure newsgroup for its customers or resellers and have confidence that the data is encrypted during transmission. End users using Netscape Navigator can read the news by using the secure newsreader built into Navigator.
The major commercial competitors with Netscape for the news server
market are Microsoft (with BackOffice) and IBM (with Lotus Notes).
Table 17.1 shows figures adapted from a Netscape presentation
given March 5, 1996 at the Netscape Developers Conference. Prices
reflect November 1996 retail prices.
Product | ||
Netscape SuiteSpot | ||
Microsoft BackOffice | ||
Lotus Desktop Notes | ||
Lotus Full Notes |
Mail Server Network users do more than just browse Web sites; they also collaborate, often by e-mail. In the days before the Internet was widespread, many intranets were built with proprietary mail protocols. These intranets suffer a performance penalty when its users exchange e-mail with the Internet because the messages must be reformatted from the proprietary format to the Internet standard. Figure 17.5 shows a typical setup for gatewaying a proprietary protocol onto the Internet.
Internet mail servers exchange messages by using the Simple Mail Transfer Protocol (SMTP). End users, whose machines are usually not on the Internet full-time, retrieve their mail from the server by using either the Post Office Protocol version 3 (POP3) or the Internet Message Access Protocol version 4 (IMAP4). The Netscape Mail Server brings SMTP, POP3, and IMAP4 onto the intranet.
Instead of running proprietary mail clients and servers (with gateways onto the Internet), intranet users can run POP3 and IMAP4 mail clients (like Netscape Navigator) and use POP3, IMAP4, and SMTP for all e-mail, whether it stays on the company intranet or goes out over the Internet.
An advantage to staying with the Internet standards is that nontext attachments, stored in a format called Multimedia Internet Mail Extensions (MIME), survive their trip to the intranet. Many proprietary protocols restrict the kind of MIME attachments users can send or receive, so the clip art that was sent from the Seattle office may not be readable by the recipient in the New York office.
An active folklore exists in the UNIX community about the configuration of sendmail, the standard UNIX SMTP server. The configuration file for sendmail can run hundreds of lines long, and few people can claim to understand more than a small part of it. The Netscape Mail Server, by contrast, uses the same Netscape Navigator-based administration system as the other Netscape servers, so an administrator can set up the server without first getting an advanced degree in computer science.
Catalog Server Although there are off-the-Internet versions of proxy servers, news servers, and mail servers, the Catalog Server is something completely new. Most Internet users are familiar with Yahoo, a Web server at http://www.yahoo.com/ that offers pages upon pages of indexes. Figure 17.6 shows Yahoo's top-level index page.
Figure 17.6: The wildly successful Yahoo site was the inspiration for the Catalog Server.
Netscape wanted to be able to offer to the intranet community the sort of catalog represented by Yahoo. In a typical installation, the Catalog Server sits behind the firewall on the intranet. It holds pages of references to company material, as well as related material from the Internet.
Unlike Yahoo, which relies on Webmasters to actively list their sites with the catalog, the Catalog Server can be configured to seek out sites with interesting information. Its record format is based on technology developed as part of the Harvest research project (http://harvest.transarc.com/) at the University of Colorado at Boulder. Because the format is widely available over the Internet, developers can build plug-ins for the Catalog Server in Java or JavaScript. The Catalog Server uses the same text search engine, from Verity, as does the Enterprise Server.
Because the Catalog Server uses open technology, it can search other servers besides those developed by Netscape. For example, the Catalog Server can gather information from NCSA, Apache, and even the Microsoft Web server.
For an in-depth look at Harvest, see Chapter 16, "How to Index and Search the Information on Your Site," in Webmaster Expert Solutions (Que, 1996).
Directory Server One of the recurring problems in intranets is the need to track down information about an individual, a group, or a resource. This information and its users take many forms: people need to know each others' telephone extensions, and a piece of software may need to know a user's setup preferences. Currently, this information is stored in proprietary directories, if it is kept online at all.
The emerging standard in directory services is the Lightweight
Directory Access Protocol (LDAP). (LDAP is more fully defined
in RFC 1777, "Lightweight Directory Access Protocol.")
You can search the online collection of RFCs, starting from http://ds.internic.net/ds/dspg0intdoc.html.
ON THE WEB |
http://home.netscape.com/newsref/ref/ldap.html More information on Netscape's approach is available in Netscape's white paper, "An Internet Approach to Directories," available here. LDAP is derived from the X.500 international standard and is designed to work well with existing X.500 servers (although LDAP is not an X.500 directory). The Netscape Directory Server is based on LDAP. |
Here's an example of how directory lookup works under LDAP. Suppose Bob works at the Jones Company and Alice works at the Smith Company. Also suppose that both companies are using LDAP Directory servers to store information about their employees and have added a record to their Domain Name System (DNS) server that points LDAP URLs to their LDAP server (in much the same way as mail, news, and FTP URLs are routed at many companies).
Alice gets an e-mail from Bob and wants to find out more about him. Also, she knows that his e-mail address is bob@mail.jones.com. Her client asks DNS for information about an LDAP server at jones.com. DNS responds that LDAP requests are handled by ldap://ldap.jones.com. Now her client queries ldap://ldap.jones.com for records that match mail=bob@mail.jones.com. Information in the directory about Bob is returned to Alice.
Suppose that Bob wants to send e-mail to Charles Brown at brown.net but doesn't have Charles' e-mail address. Bob can start by asking his local LDAP server for any information it might have, with a query like:
ldap://ldap.jones.com/cn=Charles%20Brown,o=brown.net
The local LDAP doesn't know Mr. Brown or brown.net, so it issues a query to DNS asking for records matching brown.net. DNS returns ldap://ldap.brown.net. Bob's client can now query Brown's LDAP server for cn=Charles Brown.
In general, directories may be thought of as specialized databases-specialized
in that the number of reads far exceeds the number of writes.
Table 17.2 shows several typical uses for directories.
Application | Type of Record | Type of User |
White Pages | Individual | Person |
Web Catalog | Document URL | Person |
Access Control | User Access Rights | Application |
Certificate | User Public Keys | Application |
Name Server | Network Addresses | Application or Person |
Clearly, some overlap exists in the missions of the Directory Server and the Catalog Server. Netscape makes the distinction that the Catalog Server focuses on free-text queries whereas the Directory Server uses structured queries.
On an intranet, the administrator usually connects all internal LDAP servers so that they replicate themselves. One server is the master for each division; the rest are slaves. This way, anyone in the company can find anyone else by looking on their local LDAP server. Version 1.0 of the Directory Server has enough capacity to serve 100,000 corporate users.
Some of the information on a Directory Server may be confidential. The Netscape product offers access control, just like the other servers. Channel-security-the ability to communicate securely from the client to the server-is provided by SSL 3.0. Channel-security can integrate with the Netscape Certificate Server (described in the following section) and Netscape Navigator to facilitate intranet-wide secure e-mail.
Certificate Server The heart of Netscape's Certificate Server is the branch of mathematics called public-key cryptography. At one time, secret messages could be exchanged only over open lines by encrypting the message in a secret key. The recipient used that key to decrypt the message; anyone intercepting the message who did not have the key received gibberish. For this system to work, the secret key must be sent from the originator to the recipient by a separate, secure channel-typically a courier.
New research in cryptography led to the development of public-key
systems. In these systems, each person in the system has two keys:
a public key and a private one. The sender encrypts the message
by using the recipient's public key. The recipient gets the encrypted
message and decrypts it by using a private key. No separate, secure
channel is required because each person can generate his or her
own key pairs and can safely publish his or her public key (also
known as a certificate).
Note |
The description of public-key technology in this section is somewhat simplified. In reality, public-key encryption takes much longer than secret-key encryption. Consequently, most public-key systems actually generate a secret session key to be used for a single exchange. They then encrypt the session key by using the public key and send the encrypted session key. After both ends have the same secret key, the sender encodes the message by using the secret key-a much faster approach. |
The Netscape Certificate Server is one way of publishing public keys. Suppose Bob wants to send a personal message to Alice at The Smith Company. He might use the Directory Server in much the same way as was described in the previous section, but now he also requests Alice's public key. Alice has previously used the Certificate Server to generate a new key pair, and the Directory Server can fetch her public key from the Certificate Server.
One problem with this scheme is that Bob has no knowledge of what Alice's public key really is-he has to trust the Certificate Server. If someone can set up a server and trick Bob into thinking that he has the recipient's certificate, when he really has a fake one, the bad guy can intercept his mail to Alice and read the messages and then forward them on by using the real certificate. Figure 17.7 shows this sad state of affairs.
The solution to this problem is to use a Certification Hierarchy; the Certificate Server enables an organization to use the services of a Certification Authority (CA). A Certification Hierarchy is a system by which two people who do not know each other can exchange public keys. In its simplest form, they can trust each other's public keys by having one person or organization whom they already know and trust (the CA) vouch for each of them to the other party. In more complex hierarchies, a single CA may vouch for other CAs lower in the hierarchy, so one end user trusts another because he or she "knows somebody who knows somebody who knows somebody" who can vouch for the other user.
Suppose Alice and Bob do not know each other (and Alice certainly doesn't know Bob's public key). To check out Bob's key, Alice examines it to see who has certified his key. She finds that Donna at TrustMee, Inc. has signed Bob's key attesting that this key belongs to Bob. Alice knows TrustMee's security policies and is confident that if TrustMee says this key belongs to Bob, TrustMee checked before they signed it, and, therefore, it really does belong to Bob. On the basis of her trust in TrustMee, she accepts the key as belonging to Bob.
As Certification Hierarchies mature, they rely far less on personal knowledge and trust and more on corporate reputation and stated policy. Organizations are already taking a role in the Certification Hierarchy; you can pay people to check your ID and then attest electronically that you are you. The Certificate Server uses this Certification Hierarchy method today; Netscape envisions a time when all Navigator browser users will have their own certificate attested to by a respected Certification Authority.
You may want to ensure that some applications are accessed only by authorized users. The methods for setting up restrictions are similar on all of the SuiteSpot servers. This section shows how to restrict access to LiveWire applications on the FastTrack Web server.
If you are the server administrator, open the server administrative page. (The URL is http://your.server.domain:administrativePort/httpd-ns/bin/index.) Go to the Administrative Configuration page, and choose the link to Access Control. From here, you can specify which applications (or other parts of your server's document tree) you want to restrict access to.
If you currently have no access restrictions in place, use the steps in the following sections.
Make a User Database If you don't already have a user database, do the following:
Figure 17.8: Use the Manage User Databases form to set up a new user database.
Add Users to the Database From the Access Control page, choose Create User. The resulting form is shown in Figure 17.9.
Figure 17.9: The Create User form enables the administrator to specify an authorized user.
Once the Create User page appears, use the following steps:
Continue in this way to add all of the users who are to be given
access to the application.
Note |
You can also restrict access to specific hostnames or IP addresses. Choose Restrict Access from the Access Control page, and follow the instructions given there. Choose the link to Access Control's Help pages, and go to the section on Denying Access to a Resource for more information. |
Specify What to Restrict From the Access Control page, go to Restrict Access, and use the following instructions:
Specify the Default Access While still on the Restrict Access page, set a default by clicking one of the Action option buttons (typically Deny) for each type of access. Read access corresponds to the HTTP GET method; write access corresponds to the POST method. Figure 17.11 shows the form where you specify default access.
Specify Exceptions Click the Permissions button to specify exceptions for either read or write access (or both). The Allow Access to a Resource page, which appears when you click the Permissions button for read access, is shown in Figure 17.12.
Figure 17.12: You can specify authorized users by database, group, or individual.
When a user attempts to access a restricted resource, the server checks to see whether the host is automatically allowed access (by hostname or IP address). If not, the server checks to see whether it should prompt the user for a username and password. If so, the user is asked to authenticate. If the username and password are valid, the first page of the application is served.
Finishing Up When you submit the Allow Access to a Resource form, you are returned to the Restrict Access page. Because the Allow Access to a Resource form has a Done button, many users mistakenly think that the resource restriction has now been applied. The resource restrictions set up on the Restrict Access page are not applied to the server until you submit the Restrict Access page itself. To finish setting restrictions, take the following last two steps:
The free servers-NCSA, Apache, and others-are distributed with their source code. If a site administrator needs an extension to the server, he or she can find a C programmer to do the deed. Not so with commercial servers.
To make it possible for Netscape servers to be extended in the same way that free servers are, Netscape developed the Netscape Server Application Program Interface (NSAPI). The NSAPI is a series of function calls from an external code resource into the Netscape server. The external code resource is written by a non-Netscape programmer, potentially some of the people who write CGI scripts for Web servers. Although NSAPI was designed with Web servers in mind, Netscape supports the core of the API on each of the new generation of servers.
NSAPI applications are more difficult to write than CGI scripts. NSAPI code actually runs in the server's process. These two facts combine to spell trouble: It is more difficult to get NSAPI code running correctly, and if the NSAPI code fails, it can take the server down with it. The Windows NT versions of the second-generation server include an application version of the server, as well as the service version. This application version makes it easier to test NSAPI code when developing in a Windows NT environment.
The server-side Java API offers a number of advantages over traditional NSAPI. Netscape provides Java NSAPI classes that provide much of the glue between Java and NSAPI. By providing this code, Netscape frees the programmer to develop new application functions as well as new protocols and server action modules. The result is code that runs faster than CGI because it shares the server's process but is less likely to fail because much of the interface code is already written and debugged by Netscape.
Netscape has announced plans for a native Java interface to the
second-generation servers, as part of the Orion technology described
in the second half of this chapter. For more information on the
Java server interface, watch http://home.netscape.com/.
ON THE WEB |
http://www.visigenic.com/ Netscape is bundling Visigenic's VisiBroker for Java ORB into Navigator and has announced that the Orion servers will communicate using the Internet Inter-ORB Protocol (IIOP). Visigenic's site contains plenty of information about its ORB and about writing distributed applications. For more information on the IIOP, see Chapter 8, "Distributed Objects and the IIOP." |
Not only is Netscape supporting a common API on all its servers, it also supports JavaScript applications. Each server has a layer called the Java Virtual Machine (JVM), as shown in Figure 17.13, that can understand either Java or JavaScript. On Web servers, that layer supports the LiveWire Object Framework-four prebuilt objects that offer an interface with the server, the application, the client, and the request.
Figure 17.13: Each Netscape server-not just the Web servers-includes Java and JavaScript support.
The LiveWire compiler converts server-side JavaScript into a file
of bytecodes that are read by the server's JVM at runtime. To
understand the JVM, recall that conventional processors accept
binary instructions in a machine language specific to each
processor family. That is, the machine language for an Intel 80X86
processor in a PC is different from the machine language for an
IBM/Motorola PowerPC processor in a Macintosh. The JVM is a software
implementation of a "virtual processor." Java (and,
consequently, JavaScript) is platform independent because compilers
can write Java "machine language" that runs on the JVM.
Netscape has built a version of the JVM for each major platform.
Note |
In addition to writing JavaScript that can be compiled for the JVM, Sun provides documentation that allows developers to take further advantage of the JVM built into each server. You can extend the JVM, you can port it to new processors, and you can write your own compiler to output bytecodes for the JVM. Anything you write that is targeted for the JVM is highly portable because the JVM is available on so many machines and can easily be ported to new processors and architectures. |
Sun's documentation on the JVM is available at http://java.sun.com:80/doc/language_vm_specification.html. The Java Virtual Machine is also described in detail in the book, Java Virtual Machine by Troy Downing and Jon Meyer (O'Reilly, 1996). For a shorter treatment in the context of Java, see Chapter 36, "Inside the Java Virtual Machine" of Special Edition Using Java, Second Edition (Que, 1996).
Internet Service Providers constitute a community of (mostly) UNIX-loving, technically oriented people who enthusiastically help businesses and individuals get on the Internet. This community does not require much technical support, and they are often content with off-the-Internet tools that are available at no cost.
The intranet community consists of corporate Management Information Systems (MIS) staff who have been trained to keep the system up at all costs. They are a risk-averse crowd, which is generally a good thing for the corporate world. They expect a high degree of redundancy in their Web site and good service agreements with their hardware and software vendors. They also often need to be at or close to the technological cutting edge to stay competitive. Although Windows is stronger in the intranet world than it is on the Internet, the intranet is still a heterogeneous environment in which a mix of clients, servers, and legacy systems must work together in an integrated fashion.
Although the press and popular thinking tout the Internet as the
wave of the future (and they're probably not mistaken), they may
have overlooked the potential of the intranet. Netscape has not
made this mistake; the intranet is a major source of revenue now
and a major area of its technical focus.
ON THE WEB |
http://home.netscape.com/comprod/at_work/white_paper/intranet/vision.html Much of Netscape's vision for the intranet and the future of its products is captured in the white paper, "The Netscape Intranet Vision and Product Roadmap," by Marc Andreessen and the Netscape Product Team. Version 1.0 of this document was posted June 11, 1996, and it has been updated every few months. The document is available online at this URL. |
Although networking is a relatively new technology for many individuals, local area networks (LANs) have been a part of corporate life since the early 1980s. Indeed, the fact that many of these networks were deployed so long ago is something of a problem. When LANs and even wide area networks (WANs) were first deployed, little commercial interest was shown for the TCP/IP family of protocols. Proprietary protocols from Novell, Banyan, and others were used to connect computers. As these networks grew throughout the company, the responsibility usually fell to MIS to make sure that the Macintoshes in the art department could talk to the PCs in accounting. Often the corporate answer was to impose one-size-fits-all solutions, ensuring compatibility at some cost to functionality.
Many of these LANs were primarily used to give desktop computers access to file servers or to provide company-wide e-mail. When corporate users got a taste of CompuServe or America Online at home, these users began to expect more from their company LANs.
Netscape's vision is for what it calls "the full-service intranet." It involves three steps for most corporations:
Netscape proposes four user services available over the full service intranet:
Information Sharing and Management The Web is the basis for electronic publishing on the full-service intranet. In order to make information ubiquitous, Netscape needs to make the technical details disappear. A manager should be able to put up information about his or her corporate department or project by using much the same skills as they use for desktop publishing. Netscape Navigator Gold and LiveWire are part of Netscape's answer to the question, "How can we make everyone on the intranet an information provider?"
If Netscape is successful in making information ubiquitous, so much information will be available that you will have difficulty finding just what you are looking for.
Navigation The Catalog Server is Netscape's solution to the navigation problem. With many documents going online or being modified daily, the prebuilt views in the Catalog Server like What's New and What's Popular are likely to be highly useful. Imagine being able to type a single query and get back all of the company's information-marketing, sales, research, and even logistics-in an organized fashion.
Communication and Collaboration Web-based technology is largely a one-way affair. Certainly a document can include forms that can be routed back to the author as e-mail, but the immediacy of workgroup interaction is lacking. Several good proprietary groupware solutions are available. The open-standards counterpart is based on e-mail and newsgroups. Netscape has built a Mail client and a News client into Navigator and includes a Mail Server and News Server in SuiteSpot.
If a company chooses an all-Netscape solution, it can use the Secure Sockets Layer (SSL) built into Netscape's products to provide secure e-mail and secure news. As a company's security and personnel directory needs increase, it also becomes a candidate for the Directory and Certificate servers, which are described earlier in this chapter.
Application Access Most companies have enormous investments in legacy code and databases. These applications will not go away for a very long time. Using Java and JavaScript, however, intranet solution providers can develop interfaces to give their users access to these applications over the company's intranet or to a wider audience through the Internet-often using Netscape Navigator as a universal client.
LiveWire Pro (also a component of Netscape ONE) is a first step in this direction. A programmer can write an application in server-side JavaScript that makes the Web server and browser into a front-end for a legacy database. In many cases, major parts of the application, such as SQL procedures and triggers, remain intact in the database or in passthrough SQL.
As the needs of the organization change, new content can be interwoven with the database by combining static HTML, client-side JavaScript, server-side JavaScript, and even Java and plug-ins.
All of Netscape's servers support a sophisticated access control mechanism, so access to sensitive information and applications can be restricted based on many different policies.
Netscape appears to be emphasizing the intranet, which demands commercial-grade products with formal technical support agreements. To the extent that Netscape is successful, the Internet is likely to be the beneficiary, as the high-end solutions developed for commercial accounts become available and affordable for the broader market.
Netscape's current package of servers is a collection known as SuiteSpot. These servers have many things in common, not the least of which is the JVM, which enables each server to be extended by programs written in Java or JavaScript by users and third parties.
In mid-1996, Netscape began disclosing its plans for the next generation of integrated servers, a product codenamed Orion. By early 1997 all of the Orion servers are expected to be available.
The Orion servers will all offer an integrated agent services engine accessible both to server administrators and end users. For example, a user can write an agent to watch for documents that match certain key words or concepts and report back when such documents are added or changed.
Netscape continues to build on the foundation of the JVM, which is part of every server. Programmers can write server-side applications for all servers by using Java, JavaScript, or C/C++. Netscape is also shipping Java classes with each new copy of Navigator, so a programmer can write a Java applet to work with server-side Java, providing a new user interface to one or more of the servers.
In the Orion release of the Enterprise Server,Netscape has included the following sets of new features:
In the Orion release of the Catalog Server, Netscape has included the following major new features:
An Orion version of the Mail Server will also be available, with nearly a dozen new features:
The new Orion-class News Server is being positioned as groupware and offers the following major new features:
Directory Services In the course of doing business, employees, contractors, and customers need to know things about various people. The Netscape Directory Server, based on the industry-standard LDAP, offers directory services such as electronic white pages based on an open standard. End users can look up e-mail addresses, phone numbers, and other public information. Applications can find setup preferences. Working with the Certificate Server, the Directory Server can also serve up a user's public-key encryption certificate so that users can send secure e-mail and verify electronic signatures.
Beginning with Orion, all Netscape servers will support a native LDAP engine. LDAP engines around the network will be able to replicate each other's entries so that any user connected to any server will be able to look up directory information.
The Orion-class Directory Server will include dynamic index configuration: An administrator can on-the-fly add or drop indexes to trade off performance with disk space. The directory client has an improved user interfaces, with menus that respond to a few typed characters by looking up names as they are typed.
Security Although the World Wide Web is a very public place, much of the intranet has information that should be kept confidential. Whether it's personnel records or the plans for the latest product, intranet users need secure e-mail, secure discussion groups, and secure document publishing.
Netscape has built channel-security into its products, based on the SSL, as well as encryption and authentication based on public-key cryptography.
When Netscape adds X.509 public-key certificates into its servers-a part of Orion technology-the administrator will be able to set up machines to allow access by certificate authentication rather than by password. With this technology, users with the proper certificate will be able to log on to any machine on the intranet just by having their computer sent their digital passport. Of course, if two more users share the same machine, they will still be able to restrict access by password.
Using Orion technology, servers will be able to store content in encrypted form, adding an extra measure of security. The new Orion release offers customizable forms for certificate generation based on Java and JavaScript and can also support hardware devices that "sign" digital certificates on behalf of the CA.
Replication Often the most expensive parts of an intranet are the physical wires and cables over which the data travel. Above the attractive ceiling tiles of corporate offices are so many cables that one wonders how they stay up. As networks are pushed to carry loads far beyond their original design specifications, MIS managers look for ways to stretch their network without having to replace all that cable with faster media such as fiber optics.
One solution is to keep duplicate copies of popular documents on local servers (disk space being much less expensive than bandwidth). Netscape's Proxy Server offers both the conventional replicate on demand, in which documents are retrieved when they are not found in the local cache, and replicate on command, in which documents are copied onto the local server during non-peak hours when the network is essentially unused.
With the new Orion servers, replication is on a service-specific
basis. Directories, discussion groups, content, catalogs can all
be replicated. The Orion release of the Proxy Server offers fine-grained
filtering, including support for the Platform for Internet Content
Selection (PICS) protocol of content rating (for parental or managerial
control). The server can be administered remotely by secure channel
or through SNMP. Users can be managed through the LDAP on the
Directory Server.
ON THE WEB |
http://www.w3.org/pub/WWW/PICS/ Not all material is appropriate for all audiences. PICS, described at this site, is a general purpose mechanism for associating labels with content. Netscape has announced that their products will implement filtering based on PICS labels. Thus, an intranet manager could restrict access to Internet pages based on the label associated with each page. |
Management Services As networks grow, so does the amount of work required just to keep everything working. In 1990, the rule of thumb among many network specialists was that a LAN needed one full-time administrator for every 40 users. In a worldwide company with tens of thousands of employees, this ratio represents an unacceptably high percentage of corporate resources.
To stretch the talents of the MIS and LAN administration staff, a full-service intranet needs to be nearly self-managing. The TCP/IP solution is to use the SNMP, an event-driven technology that enables administrators to set up "agents" to take care of common tasks. Netscape has ensured that all of its servers can be administered over the network so that a system administrator can reach any company server anywhere in the world.
LDAP technology is an important part of Orion's management services. The administrator can set up user, access control, and server configuration information in a directory and have that information replicated across every server in the company's intranet.
Netscape's initial success with LiveWire and LiveWire Pro have led it to conclude that visual development and visual site management are an important technology. Netscape has announced that, in early 1997, new versions of LiveWire will be available that incorporate Orion technology.
Netscape has put a full visual JavaScript development environment into the Orion version of LiveWire. All aspects of the script, from multimedia to form elements, are drag-and-drop. This section highlights a few other features Netscape has announced.
Prebuilt Components LiveWire 1.0 introduced the Site Guru, a set of templates for putting up sophisticated sites quickly. The Orion version of LiveWire will include more templates and wizards, as well as a library of scripts and objects, a visual Java applet builder, and a JavaScript library.
Multimedia Netscape is bundling multimedia content editors into the Orion version of LiveWire. Look for tighter integration with tools from industry leaders such as Adobe, Corel, and Macromedia.
Richer Programming Environment Today Java and JavaScript can communicate with each other on the client through LiveConnect. Netscape plans to extend this capability so that the two languages can integrate across the network. Netscape is also adding plug-in support to LiveWire itself: A programmer will be able to extend the various LiveWire components using LiveWire! The new release also promises to have an enhanced compiler and a visual debugger.
Java IDE Support Many vendors have announced Integrated Development Environments (IDE) for Java. Netscape is making it easier for those tool vendors to integrate with LiveWire, making LiveWire the core of an intranet/Internet development environment that includes Java and JavaScript on a variety of servers.
Project Management As the sophistication of the software development environment goes up, the complexity of project management increases. Netscape intends to integrate project management capabilities into LiveWire itself so that a manager can track the development of both static and dynamic content in all its forms.
Netscape recognizes that SQL development is not yet on the same level as, say, HTML development in Netscape Navigator Gold. With the Orion version of LiveWire Pro, Netscape is adding visual database tools, a schema designer, and a report builder to make it even easier to integrate databases with Java and JavaScript.
Web sites are moving from static HTML files punctuated by CGI scripts to dynamic applications where each page affords an opportunity for interaction between the site owner and the visitor. Netscape has led the revolution until now, and evidence indicates that Netscape will continue to lead for some time to come.
As you just read, Netscape has announced plans for future versions
of its server products, and the HTML development environment,
LiveWire. LiveWire offers an integrated solution to a series of
development and maintenance problems with Site Manager, Application
Manager, and server-side JavaScript. Furthermore, LiveWire will
be a part of the next-generation SuiteSpot package, codenamed
Orion.
ON THE WEB |
http://developer.netscape.com/library/one/sdk/webserv.html Netscape ONE includes a variety of Web Services, described online starting at this page. |