Is Silverlight 2 ready for the Enterprise solution?
Is it my imagination or they are selling Silverlight for the enterprise space? This is a question to all experts, in my line of work, I have to deliver enterprise solutions that will stand in any environment and will talk to existing enterprise architectures as well as will perform to the standards. Where does Microsoft Silverlight fits in all that? So let’s say that you are implementing a huge environment inside a network that external users need to consume. You have 2 options, add the servers outside the firewall or use Microsoft Internet Security & Acceleration Server, a very fancy enterprise ready proxy to expose web applications to the internet without users having access to the physical computer (fancy reverse proxy).
Now ISA is very flexible and can read HTML, TEXT, XML and re-write URL to expose IIS on the internet, so the URLs and resources get automatically re-written so no changes need to be made on the ASP.NET app. A typical ASP.NET application is deployed on a farm of web servers that are linked on a load balancer then ISA translates the traffic to the outside world and the links as well manages all security requests between IIS and ISA and application servers.
How ISA manages Silverlight 2?
How does ISA managed Silverlight 2? So there is a XAP file (a Zip file of all Silverlight DLLS) that will go over IIS and ISA will deliver to the browser like any other image for that matter, the browser is the one that will load and process Silverlight using he Silverlight plug in. So is not a server and does not render HTML, means in plain Spanglish that the Silverlight application that works inside the Intranet that access resources and applications servers inside the Intranet won’t be able to access resources on the Internet, is like taking a fish out of the water. Silverlight will try to access your database located at 192.168.1.1 without any success or the webservice at your 192.168.1.2 that now thanks to the ISA you can access by the name of mickey.corpnet.com
ISA cannot see inside the DLLS to replace 192.168.1.2 to mickey.corpnet.com as well requests from the browser that have not being process inside the corpnet network will be lost on the Internet? Now ISA does just much more than filtering, takes care of knowing where to send the request back so will work with load balancers, caching engines providing replicated content as well as session state servers.
Silverlight accessing secured resources
Another point in the enterprise space is the security, you login into ISA and ISA will take care of sending that information to the respective IIS servers, now what happens when Silverlight makes a request from the browser without inheriting all the security from the ASPX page? I bet you the request won’t make it very far.
This is about security, do you want the user to receive all your application zip up nicely so can see what is doing? So it means that you need to write code as you were writing for an Open Source solution, do not add anything in Silverlight that will compromise the solution as at the end of the request, you’ll provide the user all your source code.
Do I need to add all my business logic in the ASP.NET app?
The Solutions is Silverlight 3?
Is then Microsoft Silverlight 3 the enterprise ready solution that will be provided for us? We know now that will inherit the security from the server side, yet, and will provide us with object state as well as browser history, yet any change of having ISA being able to change the resources that Silverlight will have to consume? In other words, will Silverlight 3 XAP going to be able to be translated by ISA?
We know that we can open XAP files and open as well the DLL that it contains by using reflector, now is ISA going to open those dlls, translate links and recompile them on the fly? Or Microsoft will provide us with a solution that we can attached a resource file that gets zip inside the XAP file so ISA can access?
Hacking Silverlight?
We know that we need a solution to this problem if we want to use Silverlight on enterprise solutions, otherwise what Microsoft Silverlight provides in performance is taking it away from not being very flexible in the Web.
Right now we know that out of the box Silverlight and ISA won’t work like ASP.NET that does not need any code changes to be configured using ISA or any other reverse proxy, Silverlight is going to need to understand profiles in different domains. So the idea is not elegant nor simple, you’ll have to add all your resources into different XML files, each XML file is for a different profile, so thing that you are using the Silverlight application in 7 different functions and domains around the solution, and 7 more outside the network, you’ll have to package secured those resources to access the application servers that you need.
There are many way to do it, you can build the XAP depending who is requesting it and add the XML inside the XAP so when the XAP loads on the browser your XML is there for you to read and know the names of the computers you need to talk to.
You can also deploy a webservices that from any place the Silverlight application can access and get information of where I am? Where is everything?
In any case, non of these solutions are ideal, as is expecting the developer to get it ready for the enterprise instead of being able to work with existing enterprise solutions.
Please tell me your story!
Given that, I would like to hear of your experience in Silverlight on an enterprise implementation. How did you solve the issues of Silverlight security as well as other resources that had to consume? Is then Silverlight just a technology for writing nice banners? What about clustering, load balancing, session state?
Cheers
Al
Follow me in twitter | bookmark me | Subscribe to my feed | Add stats to your blog
Comments
Ian Blackburn said on 5.30.2009 at 2:14 PM
Hi Al,
Interesting article, but I struggle to see the problem you are describing.
You stated: " Silverlight will try to access your database located at 192.168.1.1 without any success or the webservice at your 192.168.1.2 that now thanks to the ISA you can access by the name of mickey.corpnet.com " but Silverlight never connects to a database directly (it does not have the libraries); all access is via services (and to a much les popular extend: sockets). The services can be any flavour you want and will be over http. So how is this different from any client (ajax for example) requesting a service or web page? The actual url for the service can just be changed from the development server to the live one during deployment. ISA does not need to do any translation.
>> do not add anything in Silverlight that will compromise the solution as at the end of the request
This is correct (as it would be for any client solution); there are obfuscators available to help protect your IPR if required, but the key point is that Silverlight is a UI (UX) for your app, not the whole app, so when you say: "Do I need to add all my business logic in the ASP.NET app?", then that is not far from the truth. You DAL, and applogic, will typically sit behind the service, and you will return entities and validation logic to Silverlight, which will deal with the UI logic.
>> In other words, will Silverlight 3 XAP going to be able to be translated by ISA?
I think this is a non-issue, as stated above, I don't believe ISA (or any other perimiter firewall, or DMZ) has anything other to do than to allow a xap to be delivered, and allow http, port 80 access (typically) to a service url.
Silverlight 3 does however introduce a Binary binding for wcf services that Silverlight can consume (and does by default) - this could be any issue with firewall configuration; something I haven't tried yet and is worthy of further investigation
Hope that makes sense ;-)
Cheers
Ian
IT Questions » Blog Archive » Is Silverlight 2 ready for the Enterprise solution? said on 5.31.2009 at 3:19 AM
Pingback from IT Questions » Blog Archive » Is Silverlight 2 ready for the Enterprise solution?
Dave said on 5.31.2009 at 7:05 AM
Ian does a good job addressing some of your concerns. He did not address the last question that you posed “What about clustering, load balancing, session state?” These should rarely come into concern. When you program a Silverlight application you have to get into the mind set of developing a Smart Windows application. There is no notion of session in the sense of an ASP.net application because there is no notion of a post back. The Silverlight application is maintains its state and data is moved back and forth through web services (or sockets).
Load balancing and clustering do not come into play like you think. The user will hit the site and have the XAP downloaded. After that the user never has to touch your servers again accept through web service calls for data/business logic processing. This requires that you develop a Service Oriented Architecture to handle data/business processing. Your SOA implementation should be able to take advantage of load balancing and clustering. By only sending your presentation and validation logic to the client you reduce the chances that proprietary information is available on the client.
Here is an example of an enterprise level Silverlight application developed by Microsoft http://www.mscui.net/PatientJourneyDemonstrator/. So it can be done, it just requires a new way of thinking.
Al said on 5.31.2009 at 11:37 AM
Ian,
Really good point, thanks for answering a few question, trying to see how other people are using Silverlight in their solutions as well as looking how does it work with existing technology, yet, I believe I failed to describe the architecture where I think there is no solution story described by Silverlight. Let me see if I can do it again or failed.
ASP.NET runs in the server and renders HTML to be serve to the client, so ISA can filter results if the intent of the HTML is to go outside the network, so consequent requests from that output will be delivered correctly back into ISA. So the ASP.NET application does not need any change, you can design it and the implementation is independent without having to worry about where is the customer going to install it.
A good example is Sharepoint, you can deploy Sharepoint on an intranet and the implementation can expose it in the DMZ or better using ISA to the Internet with minimal configuration.
Now and this is my question to you and why I wrote the blog post really, Silverlight needs to consume data, so needs to talk to web services, yes needs to consume data from a database as you said using a webservice, I really like creating REST web services from a database to get my data, so it’s a layer on top of the database server, so when you are designing the solution with ASP.NET and Silverlight you need to think about how different customers will deploy that solution I believe, as is not like ASP.NET that can be filtered and handled by any HTML filtering, Silverlight is not that configurable, that was my question and problem really, I would like to see a story from Microsoft how to expose it to those tools for a better deployment, I would like to hear from other people to see how they use Silverlight.
Still need to say that Silverlight allows me to support more users with less hardware as I can use the users CPU for a few processing that before I had to use my servers. I do believe that Silverlight 3 will provide me more tools to do customization as well as security. Because as I asked in the post, how do people secures the XAP file itself? SSL? How do they secure the requests coming from Silverlight to the server? How do they know what user is requesting those resources as well as how they handle role base security.
Again, thanks so much Ian for your post and contributing to the post. I would like to talk to you more about your ideas and expertise in Silverlight.
Cheers
Al
Al said on 5.31.2009 at 11:46 AM
Dave,
Thanks so much the link, great finding I got to say. Please look at my reply to Ian above. I what to ask you a little bit more about your answer on clustering and load balancing. Silverlight still after being downloaded from the server to the client needs to make requests to the servers to get data and send data, so I do believe there is a session state as well if you are using Role base security you need to make sure to know what user is asking for that resource. Requests and response will go through firewalls, load balancing, ISA and cache engines.
I do not have an answer and my experience in a recent implementation let me a little worried. I think I need to wrap my brain around the concept better.
Thanks Dave, let’s me know there is homework for me to do.
Cheers
Al
» Edifecs, Axway target innovative HIPAA 5010 migration solutions — 11:22:36(CDT)5-21-2009 imaginings said on 6.09.2009 at 1:58 PM
Pingback from » Edifecs, Axway target innovative HIPAA 5010 migration solutions — 11:22:36(CDT)5-21-2009 imaginings
western digital said on 9.26.2009 at 3:52 AM
Plenty of support for .Net languages; Great ease of use; Compute speeds beat competition.