Introduction
This paper discusses the general topic of application isolation as it relates to Web applications run on Windows Server 2003 servers with IIS 6.0 running in worker process isolation mode. Isolation refers to the degree of separation between two Web applications running on a server. In this paper, the notion of a Web application is meant in a very broad sense; it includes the processes, files, and even users, serviced by the application. Applications are isolated from each other to the degree that one application is prevented from accessing resources used by another application.
Benefits of Isolation
Enterprises are increasingly interested in isolation because of the opportunity to reduce costs through server consolidation. As the capabilities of hardware increase dramatically over time, fewer servers are required to deliver the same applications. While this decreases the costs of deployment and maintenance, it can create logistical difficulties when there is a vested interest in keeping clear boundaries between applications that are consolidated to run on a single server.
In some scenarios, each Line of Business (LOB) for an organization is essentially a separate customer to the IT group responsible for application infrastructure. For example, an organization that has been acquired may compete with other parts of the acquiring organization. Consequently, there's a business requirement for creating effective barriers between applications serving each LOB and protecting sensitive data.
Another example of a clear need for high isolation is an ISP that hosts Web sites for many clients. One customer should not be able to view the files or databases in use by other Web sites on the server.
In other cases, a company may offer Web applications and other technical resources to business partners who are in competition with each other. As a result, companies need to offer a high degree of isolation for the applications in use by their individual customers, partners, or business units using the same server. It is important, for example, to have the ability to configure one partner's software that accesses a database, such that the application could not access another partners database.
Another benefit of application isolation is that you can design the infrastructure of the applications, server, and network to improve the ability to distribute content and applications. For example, you may want to put content on a remote file store so it can be shared by more than one server. Alternately, you may want to host each applications content on different file servers, to further isolate each LOB application, but share the same Web server as a front end.
The following sections discuss several approaches to obtaining a high level of isolation.
For more details Visit
ليست هناك تعليقات:
إرسال تعليق