来源:百度文库 编辑:神马文学网 时间:2024/04/20 21:35:08
Architecture Frame
J.D. Meier22 Sep 2008 3:21 PM
As part of our patterns & practices App Arch Guide 2.0 project,we've put together an arch frame. The arch frame is simply acollection of hot spots. These aren't just any hot spot though. Thesehot spots represent key engineering decisions, anti-patterns, andopportunities for improved designs for more effective technicalarchitectures. This Arch Frame is part of the larger App Arch Meta Frame. Think of it as an important branch off the main tree. It serves as alens to cut through a lot of information to get to the most meaningfuland actionable guidance.
Categories
The following categories are the "hot spots" in the architecture frame:
- Authentication and Authorization
- Caching and State
- Communication
- Composition
- Concurrency and Transactions
- Configuration Management
- Coupling and Cohesion
- Data Access
- Exception Management
- Logging and Instrumentation
- User Experience
- Validation
- Workflow
Whatyou might notice about the hot spots is that they map to commoncross-cutting concerns when building applications. You also mightnotice that the hot spots map to various patterns & practicessolution assets. For example, Enterprise Library includes blocks forcaching, data access, exception management, logging, validation ...etc. The categories also map to very actionable decisions where youthere's relevant principles, patterns, and practices. These bucketsalso contain many anti-patterns. The worst anti-patterns are the "doovers." Nobody wants a "do over" architecture.
Key Engineering Decisions
This table summarizes the key engineering decisions within each hot spot:
Category | Key Engineering Decisions | Authentication and Authorization How to store user identities. How to authenticate callers. How to authorize callers. How to flow identity across layers and tiers. Caching and State How to choose effective caching strategies. How to improve performance with caching. How to improve security with caching. How to improve availability with caching. How to keep the cached data up to date. How to determine when and why to use a custom cache. How to determine what data to cache. How to determine where to cache the data. How to determine the expiration policy and scavenging mechanism. How to load the cache data. How to monitor a cache. How to synchronize caches across a farm. How to determine which caching technique provides the best performance and scalability for a specific scenario and configuration. How to determine which caching technology complies with the application's requirements for security, monitoring, and management. Communication How to communicate between layers / tiers. How to perform asynchronous communication. How to pass sensitive data. Composition How do design for composition. How to design loose coupling between modules. How to handle dependencies in a loosely coupled way. Concurrency and Transactions How to handle concurrency between threads. How to choose between optimistic and pessimistic concurrency. How to handle distributed transactions. How to handle long running transactions. How to determine appropriate transaction isolation levels. How to determine when compensating transactions are required. Configuration Management How to determine which information needs to be configurable. How to determine where and how to store configuration information. How to handle sensitive information. How to handle configuration information in a farm/cluster. Coupling and Cohesion How to separate concerns How to structure the application. How to choose an appropriate layering strategy. How to establish boundaries. Data Access How to manage database connections. How to handle exceptions. How to improve performance. How to improve manageability. How to handle blobs. How to page records. How to perform transactions. Exception Management How to handle exceptions. How to log exceptions. Logging and Instrumentation How to determine which information to log. How to make the logging configurable User Experience How to improve task efficiency and effectiveness. How to improve responsiveness. How to improve user empowerment. How to improve look and feel. Validation How to determine where and how to perform validation. How to validate for length, range, format, and type. How to constrain and reject input. How to sanitize output. Workflow How to handle concurrency issues within a workflow How to handle task failure within a workflow How to orchestrate processes within a workflow
Key Issues
This table summarizes the key issues within each hot spot:
Category | Key Issues | Authentication and Authorization Clear text credentials in configuration files Passing clear text credentials over the network Over-privileged accounts Long sessions Mixing personalization with authentication Reliance on a single gatekeeper Failing to lock down system resources against application identities Failing to limit database access to specified stored procedures Inadequate separation of privileges Caching and State Cache misses. Failure to expire items Poor cache design Lack of a cache synchronization mechanism for scaling out. Communication Increased network traffic and latency due to chatty calls between layers. Inappropriate transport protocols and wire formats. Large data volumes over limited bandwidth networks. Composition Tightly coupled modules Duplication of code Concurrency and Transactions Blocking calls Nongranular locks Misuing threads Holding onto locks longer than necessary Inappropriate isolation levels Configuration Management Insecure administration interfaces Insecure configuration stores Clear text configuration data Too many administrators Over-privileged process accounts and service accounts Coupling and Cohesion Limited scalability due to server and resource affinity. Mixed presentation and business logic, which limits your options for scaling out your application. Lifetime issues due to tight coupling. Data Access Per user authentication and authorization when not required. Chatty calls to database Intersperse of business logic Exception Management Leaving system / application in unstable state Revealing sensitive information to end users. Using exceptions for logic Not logging enough details about the exception. Logging and Instrumentation Lack of logging and instrumentation Too fine grained logging and instrumentation Not making logging and instrumentation configurable option at runtime Failure to log business critical functionality. User Experience Inefficient or ineffective task support. Poor responsiveness. Disempowered users. Validation Application-only filters for malicious input Non-validated input in the Hypertext Markup Language (HTML) output stream Non-validated input used to generate SQL queries Reliance on client-side validation Use of input file names, URLs, or user names for security decisions Workflow Tight coupling Inflexible processes Race and deadlock issues
Key Guidelines
This table summarizes the key guidelines within each hot spot:
Category | Key Guidelines | Authentication and Authorization Consider single-sign on requirements. Separate public and restricted areas. Use account lockout policies for end-user accounts. Support password expiration periods. Be able to disable accounts. Do not store passwords in user stores. Require strong passwords. Do not send passwords over the wire in plaintext. Protect authentication cookies. Use multiple gatekeepers. Restrict user access to system-level resources. Consider authorization granularity. Caching and State Avoid caching per-user data. Avoid caching volatile data which is required by the user to be accurate and updated in real time. Cache data that does not change very frequently or is completely static. Do not cache shared expensive resources. Cache transformed data, keeping in mind the data use. Evaluate stateful versus stateless design. Consider your state store options. Minimize session data. Free session resources as soon as possible. Avoid accessing session variables from business logic. Communication Choose the appropriate remote communication mechanism. Design chunky interfaces. Consider how to pass data between layers. Minimize the amount of data sent across the wire. Batch work to reduce calls over the network. Reduce transitions across boundaries. Consider asynchronous communication. Consider message queuing. Consider a "fire and forget" invocation model. Cut call chains with queues and caches as much as possible. Doing so will enhance the scalability and availability of the overall solution. Push out asynchronous boundaries close to the user, service interfaces, and service agents, to isolate your service from external dependencies. If you need to expose functionality as a synchronous operation, evaluate whether you can wrap an internally asynchronous operation as described in the following discussion Composition Avoid using dynamic layouts that are difficult to load and maintain. Be careful with dependencies between components. Use abstraction patterns when possible to avoid issues with maintainability. Consider creating templates with placeholders. For example use the Template View pattern to compose dynamic web pages to ensure reuse and consistency. Consider composing views from reusable modular parts. For example use the Composite View pattern to build a view from modular, atomic component parts. Use well-known design patterns to implement a composite interface containing separate modules or user controls where appropriate. Modules should not directly reference one another or the application that loaded them. Modules should use services to communicate with the application or with other modules. Modules should not be responsible for managing their dependencies. Modules should support being added and removed from the system in a pluggable fashion. Concurrency and Transactions Treat threads as a shared resource. Pool shared or scarce resources. Acquire late, release early. Consider efficient object creation and destruction. Consider resource throttling. Reduce contention by minimizing lock times. Balance between coarse- and fine-grained locks. Choose an appropriate transaction isolation level. Avoid long-running atomic transactions. Configuration Management Protect your administration interfaces. Protect your configuration store. Maintain separate administration privileges. Use least privileged process and service accounts. Coupling and Cohesion Partition application functionality into logical layers. Choose the proper locality for your objects based on your reliability, performance, and scalability needs. Design for loose coupling. Design for high cohesion. Use early binding where possible. Evaluate resource affinity. Data Access If your application uses a single database, use the database-specific data provider. If you need to support multiple databases, you generally need to have an abstraction layer, which helps you transparently connect to the currently configured store. Consider resource throttling. Consider the identities you flow to the database. Separate read-only and transactional requests. Avoid unnecessary data returns. Exception Management Avoid revealing sensitive data to users. Do not use exceptions to control application flow. Use validation code to avoid unnecessary exceptions. Do not catch exceptions that you cannot handle. Be aware that rethrowing is expensive. Preserve as much diagnostic information as possible in your exception handlers. Logging and Instrumentation Instrument your code up front. Make your logging configurable. User Experience Measure effectiveness against scenarios. Improve user responsiveness where possible. Model from effective user design. Validation Validate for length, range, format, and type. Constrain and reject input. Sanitize output. Don’t rely on client-side validation. Workflow Determine management requirements. If a business user needs to manage the workflow, you’ll need a solution that provides an interface that the business user can understand. Determine how exceptions will be handled. With human workflow, you need to consider the un-deterministic nature of humans. In other words, you can’t determine when a task will be completed, or if it will be completed correctly. Use service interfaces to interact with external workflow providers. If supported, use designers and metadata to define the workflow instead of code to define the workflow. How To Provide Feedback
We'restill banging through the frame. There's some rough spots. We want tomake sure we can map problems, principles, patterns, assets, andtechnologies to the right hot spots. We want a prioritized list over alaundry list so we're still deciding what's in and what's out. We'lladd it to CodePlex shortly. You can either comment here on my blog orwait until the frame is on CodePlex, and then provide comments in theWiki.
神马文学网