Scenarios.
HTTP/HTTPS – internet sites
RMI-IIOP – intranet environment; interoperability requirements (EJB-EJB, EJB-CORBA, etc.)
RMI-JRMP – intranet with an all Java environment
Firewalls provide protection by:
• packet filtering
IP blocking – source or destination IP
Port blocking – e.g. only allow well-known ports such as 80, 443, 25, etc.
• protocol filtering – e.g. no FTP
HTTP (HyperText Transfer Protocol).
Stateless, connection-less request/response mechanism, default port is 80.
Pros
• simple request/response mechanism
• allowed through firewalls (most of the time)
• widely supported / deployed
• extensible - supports tunnelling of arbitrary data; custom request types/response content
Cons
• stateless - hence non-transactional
• insecure - hence HTTPS
• inefficient - e.g. MIME encoding can make files bigger
• doesn’t support “push” model
HTTPS.
SSL (Secure Socket Layer) is an application level protocol layered over TCP. HTTP layered over SSL is HTTPS, default port is 443.
Regarded as connection-based / stateful as an SSL session is maintained over multiple requests/responses.
Each session may include multiple secure connections. In addition, each party (client/server) may hold multiple SSL sessions.
Pros
• secure – only “in-the-clear” at client / server
• allowed through firewalls (most of the time)
• widely supported / deployed
Cons
• computationally expensive – excluding dedicated hardware, HTTPS can only process 10% of the
traffic HTTP can
• admin overhead – renewing certs, etc.
IIOP (Internet Inter-ORB Protocol).
The GIOP (General Inter-ORB Protocol) specifies a set of message formats and common data representations for communication and is intended for use on any suitable connection-based transport
protocol.
IIOP is GIOP layered over TCP, no default port – the GIOP/IIOP implementation will dynamically assign ports when an object server instance binds to a name.
Pros
• Interoperability – Java clients can call C++ servers; Cobol client can call Java server, etc.
• Legacy integration
• Designed for generic remote object invocation - type safe, extensible
• Inbuilt support for security and transactions
Cons
• Firewalls – servers bound to arbitrary ports so firewall can’t be configured with an IIOP port;
can be supported with an IIOP proxy but “push” model is still problematic
• Performance – all method invocations are remote (possibly over the internet)
• Pass-by-reference – only supports remote references, can’t use pass-by-value (until CORBA 2.3)
JRMP (Java Remote Method Protocol).
JRMP is the default protocol for RMI – stateful / connection-based.
To enable interoperability, RMI has been extended to support RMI over IIOP (with some restrictions).
As of EJB1.1, all application servers must support RMI-IIOP.
The default port for the RMI registry / JNDI name server is 1099, object servers will be dynamically
assigned ports by the RMI runtime.
Pros
• Richer feature set than IIOP – pass by reference or by value; distributed GC; stub download
• Single multiplexed connection
Cons
• Interoperability - only works in a Java environment
• Lacks IIOP’s support for transaction/security context propagation
• Firewalls – servers bound to arbitrary ports; HTTP tunnelling limited
• Performance – all method invocations are remote (possibly over the internet)
255
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
