In-Depth

Systems Engineering: COM+, The Secret to High-Performance Application Servers

An understanding of COM+ will help you troubleshoot and resolve application problems.

When Windows 2000 ships, it will include a new version of the Component Object Model (COM) infrastructure important enough to receive a plus sign. If you’re a systems administrator, you may ask, “So what?” After all, why should you care about components and objects? That’s the programmer’s job. Let them figure it out. The problem is, with COM+, the line between the job of the programmer and the systems administrator begins to blur. More accurately, it blurs a little more.

The change really began when Microsoft released Microsoft Transaction Server. MTS allowed developers who built COM components to let the OS worry about some of the infrastructure issues that arise when you have a lot of users trying to access the same application services. This was a great boon to developers of distributed applications and allowed enterprise applications to be developed much more quickly than before. It also allowed better integration with Windows NT security and eased application maintenance due to network and security policy changes. MTS packages and their security roles could be manipulated in the Microsoft Transaction Server MMC snap-in. If a systems administrator added a group, he or she could simply launch the MTS snap-in and add the new group to the appropriate roles. Of course, the systems administrator would need to know which roles were affected.

COM+ integrates the features provided by MTS into Win2K and provides other services aimed at helping developers build the distributed enterprise applications that are in demand.

A summary of COM+ features and which of them were provided with MTS is available at http://
msdn.microsoft.com/
training/offers/
WINVBO_BLD/Topics/
winvb00763.htm
.

The overall effect of COM+ is that functionality that once had to be uniquely coded for each application is now implemented by the OS. It can simply be switched on or off, depending on the application’s requirements. For example, a payroll application may require more stringent security than a vacation request application. The developer or administrator can configure the payroll application to use a higher authentication level, while maintaining minimal security on the vacation request application. Most of these switches are available to systems administrators though the Component Services snap-in included with Win2K.

Don’t panic. A lot of these settings will still be configured by the programmer and set when you install the components. However, it’ll be important for you to understand what they are, where they can be modified, and the potential impact of modifying them. There are also two key features of COM+ that will primarily be the domain of the systems administrator: security and load balancing. We’ll look at each feature of COM+ a little later, but first let’s step back and look at the relationship between COM+, the OS, and the applications that run on it.

So What is COM+?

In a way, COM+ is like a motherboard for applications. It provides services for the components that make up a distributed application. It also synchronizes and manages their operation. When you install and configure a COM+ application, you hook it up to the virtual motherboard and set some attributes through the Component Services snap-in. Once an application is hooked up and configured, the OS will be able to interface with COM+ services to manage it.

Of course, since software components serve a different function than hardware components, the attributes you set will be different. There are some key concepts behind these attributes that will be a little new at first. The remainder of this article will focus on these.

Transactions

Transactions are used when multiple things need to happen in order to obtain a result that makes everyone happy. Consider what happens when you buy a car. You must make a down payment, the loan must be approved, and you must drive away in your new car. If any of those things fails to happen, none of them should happen. Otherwise, either you or the car dealer will be unhappy with the result.

More information on the DTC can be found at http://
msnd.microsoft.com/
library/psdk/cossdk/
pgdtcitro_05ki.htm
.

COM+ implements transaction handling by calling on the Distributed Transaction Coordinator (DTC) that’s part of Win2K. DTC coordinates the resource managers (like SQL Server) involved to make sure they’re all satisfied with the outcome before telling them to commit the changes to permanent storage. The DTC can coordinate a variety of resource managers in a single transaction. For example, you may have an application that needs to modify a SQL Server database and an IBM DB2 database. DTC can allow these modifications to occur within the context of a single transaction.

Components enlisted in a transaction are said to run within the context of a transaction. If that component creates an instance of another component, that context may be passed on to the new component, depending on how the component’s transaction attribute is set.

Setting the attribute for how transactions are handled requires detailed knowledge of how the components work. So this attribute will generally be set by the application developer and configured automatically during installation.

Transaction Settings in COM+
The five possible settings for how a component participates in transactions are:
  • Disabled—A component marked as Disabled won’t use COM+ to handle transactions. Instead, it will interact directly with the DTC. This option will be used when the developer wants to control transactions inside each component’s code.
  • Not Supported—A component so marked won’t pay any attention to the transactional context. If it creates objects, it won’t pass that context on. This setting can result in inconsistency and should be used rarely.
  • Supported—A component that supports transactions won’t participate in the transaction but will pass the context on to any objects it creates. An example of this might be a car maintenance check-off component. It can’t vote on whether the sale of the car succeeds, but it should pass on the context of the transaction to any objects it creates.
  • Required—A component that requires transactions enlists in the existing transaction, or if none exists, a new transaction will be created. The down payment, loan approval, and key-granting components are all examples of those that require transactions.
  • Requires New—If a component requires a new transaction, COM+ will create a new transactional context in which to run it. Any objects it creates will be enlisted in the new transaction. The vehicle licensing component might be one that requires a new transaction. It doesn’t affect whether or not the sale of the car succeeds, but it has its own transactional components, such as smog check, insurance, fee payment, and license granting components.

—Rachelle Reese

Security

Security has always been the domain of the systems administrator when it comes to file and printer access. However, since there was no easy way to integrate application security with OS security, some applications implemented their own security model that couldn’t be managed by a systems administrator. COM+ (and, in fact, MTS) puts the control of application security into the hands of the systems administrator.

Security consists of authentication and authorization. Authentication in COM+ is configured at the application level. You can set security properties on each application to determine whether security is checked for the application, what information is encrypted, and how often the user’s identity is verified. Keep in mind that the higher the level of authentication, the greater the impact on performance. Available levels are shown in Table 1.

Table 1. Authentication levels.
Authentication When the user's identity gets verified What's encrypted
None Never. Anonymous users allowed access. Nothing
Connect At connection Nothing
Call Every method call Packet sequence number
Packet Every packet Packet sequence number
Packet Integrity Every packet Checksum of data
Packet Privacy Every packet All data

Authorization is accomplished by defining security roles. A role is similar to a group in that it describes a type of user. However, a group is a company-wide association; a role is an application-specific association. For example, a payroll application might have an Employees role and a PayrollAdmins role. Some components in the application would be accessible only to the PayrollAdmins. Others would be accessible to all Employees. These roles are integrated within the security of the OS by assigning users and groups to them. In this case, you might assign the Domain Users group membership in the Employees role and the HRManagers and AccountingManagers groups membership in the PayrollAdmins role. Although application developers may define the roles and assign them to interfaces and components, it will generally be up to the systems administrator to make sure those roles contain the appropriate users and groups.

For a detailed discussion of designing a security strategy for a multitiered application, see http://
msdn.microsoft.com/
library/psdk/cossdk/
pgservices_ security_406r.htm
.

Under MTS, roles could be defined at the component and interface level. COM+ will allow an even finer level of granularity—roles can be associated with individual methods of a component. While this gives the developer a great deal of control over who can access what, it adds a layer of complexity that may make troubleshooting security problems more difficult. As an administrator, you’ll need to understand how role-based security works in order to troubleshoot problems that may arise and to maintain role membership as the users and groups in your network change.

ODBC Connection Pooling

Database connections are critical but scarce resources. When you buy licenses for a database server like SQL Server, you typically buy a certain number of concurrent connections. In addition, opening database connections is an expensive operation. As the number of users increases, you may find yourself running out of database connections or that performance decreases due to the overhead of opening network connections. COM+ (and MTS) helps alleviate this problem by providing database connection pooling. Instead of a database connection being tied up when a component isn’t using it, database connections are pooled by COM+. When a component attempts to use a database connection, COM+ provides one from its pool. This allows applications to use a lower number of connections more efficiently. Although connection pooling was available starting with ODBC 3.0, developers had to make specific calls to cause connections to be pooled. COM+ automatically makes these calls when managing connections.

Just-In-Time Activation and Object Pooling

Another way in which COM+ will help conserve resources and make applications more scalable is through Just-in-Time (JIT) Activation and Object Pooling. When a client application or component creates an object in memory, it results in a delay while the object is loaded into memory and initialized. Of course, it’s inefficient for applications to create and release objects frequently. However, in a distributed environment, there may be many applications creating objects, using them, and leaving them open just in case they’ll need the object again. This results in a lot of memory being consumed by objects that aren’t in use. Currently MTS provides JIT activation to alleviate that problem. MTS basically tricks a client application into believing that it has a persistent connection to the same object, even though that object may be deactivated and assigned to another client multiple times during its lifetime. That means a single object can service multiple clients at the same time.

More detailed information about object pooling is available at http://
msdn.microsoft.com/
vstudio/comapps
/objpool.asp
.

COM+ expands on the idea of JIT activation by allowing a component to participate in object pooling. With object pooling, the administrator can set the minimum and maximum number of objects of a particular type. When the OS starts up, the minimum number of objects will be created and assigned to clients as they’re requested. As more clients request objects, new instances will be loaded into memory as necessary.

Queued Components

COM+ will also provide support for Queued Components (QC). This technology will allow developers to easily accommodate servers that are sometimes unavailable. QCs work with the Microsoft Message Queue (MSMQ) service to ease communication that’s not time-dependent.

To use the QC services, an application developer creates an object using a special function. This function actually creates a recorder object (QC.Recorder) that serves as a proxy for the actual component. The application then calls methods on the proxy and they’re recorded. When the object is closed, the recorded methods are sent as a message to the component’s MSMQ queue component.

Messages are retrieved off the queue by the QC.ListenerHelper component. This component (and the QC.Recorder component) is installed in the COM+ Utilities application and can be activated through the Component Services snap-in. The QC.ListenerHelper component creates a player, which reads the message and creates the appropriate object. The player then calls each method in the recorded message on the actual object.

As an administrator, you may be responsible for activating the QC.ListenerHelper service and for alerting in-house developers to problems that arise when a message has problems that cause its transaction to abort. If a message fails a certain number of times during playback, it will be put in the dead queue. If the problem that caused the failure is resolved, you can replay the message by moving it from the dead queue into the original queue and activating the ListenerHelper service.

Loosely-coupled Events

Another important feature of COM+ is the ability for components to subscribe to events. This feature is known as loosely-coupled events. Loosely-coupled events are implemented through a publish-subscribe methodology. If you’re familiar with SQL Server replication, this concept will be somewhat recognizable. Under COM+ an event provider component publishes events, and other components can subscribe to those events. While it’s up to software developers to provide the event provider components, as an administrator, you may need to configure the subscribers.

More detailed information about loosely-coupled events is available at http://
msdn.microsoft.com/
vstudio/comapps/
lcescenario.asp
.

Subscribers can request that they be notified whenever an event occurs or only if it’s reporting a specific condition. For example, suppose a publisher supplies a BankBalanceChange event. The MoneyTransfer component may only be interested in receiving that event if the account balance is less than $10. To enable this type of behavior, you would set a filter on the component’s subscription.

Load Balancing

For applications that need to support a large number of users, the COM+ implementation in the Windows 2000 AppCenter edition will offer Component Load Balancing (CLB). Windows 2000 AppCenter is expected to be released sometime in the second quarter of 2000.

With CLB, it’s fairly easy to allow the OS to choose which server is least busy and launch a component there. To enable CLB, you need to configure one server as a load balancing router. This will be the system that determines where each instance of each component should run. Only machines running Windows 2000 AppCenter can be configured as a load balancing router.

One potential problem with CLB is that you can configure only a single computer as a router. This means that the CLB router is a single point of failure. You can compensate by using CLB in conjunction with Microsoft Cluster Service. To configure this, you need an external SCSI device attached to two Win2K servers. First, you configure the clustering service on each computer. Next, you install the components and configure the COM+ applications on the server that will act as the primary CLB router. Finally, you install the components and configure the COM+ applications on the server that will act as the secondary CLB router. This redundant server will take over in the event that the primary CLB router fails.

Additional Information

Essential for High-Performance Application Servers

As you can see, a solid understanding of the services COM+ provides will be essential to maintaining reliable, high-performance, scalable application servers using Win2K. Although application developers will often set application attributes and define security roles prior to deployment, some of these attributes can later be reconfigured by systems administrators as the company’s needs or environmental conditions change.

In addition, understanding the services COM+ provides can help you troubleshoot and resolve application problems that may arise. Take some time to investigate COM+ and the component configuration property pages in the Component Services snap-in. Finally, do some extra reading. In the “Additional Information” list, I’ve provided a list of resources to help you on your way to mastering COM+ configuration and administration.

Featured