Server side exam note.docx

Full Transcript

Part 1:
MVC (Model-View-Controller)
• Is a software-design pattern
• Commonly used to implement user interfaces, data, and controlling logic
• MVC promotes modularity and ease of collaboration and reuse.
• Makes applications more flexible and welcoming to iterations.
Three separate parts of MVC:
❑ Model: Manages data and business logic.
- Represents the data used by an application, and the rules to manipulate that
data. (Includes loading data from a database and validating data before storing it.)
- When a new data is created, it is stored in an instance of the model.
❑ View: Handles layout and display.
- Represents the user interface of an application ( HTML, CSS, JavaScript and other templates.)
- A view is rendered by the application in response to a request, at which point it is displays the response to the user in a web browser (or mobile apps).
❑ Controller: Routes commands to the model and view parts.
- Provides the glue between the model and the view.
- Process incoming requests from the web browser, loading data from models and passing that data on to a view for presentation.

Advantages of MVC:
❑ Reusable and extendable code.
❑ Separation of view logic from business logic.
❑ Facilitate division of work -allow simultaneous work between developers who are responsible for different components (such as UI layer and core logic).
❑ Easier to maintain.

Express
• A lightweight framework for Node.js applications
• Express uses a disciplined directory (folder) structure for organizing source code files.
How Express support the ideas of MVC:
• Allows you to define application routes using HTTP methods and URLs.
• Includes a number of middleware modules that can be used to execute additional requests and responses activities.
• Simple to interface with a variety of template engines, including Jade, Vash, and EJS.
• Allows you to specify a middleware for handling errors.
How to use Express:
To use express in server.js, we need to install the module ‘express'
server.js:
const express = require('express’);
const app = express();
2. The app responds with “Hello World!” for requests to the root URL (/) or route.
app.get (“/”, (req, res) =>
res.send(‘Hello World !’)
);
1. This app starts a server and listens on port 3000 for connections
app.listen(port, () =>
console.log(‘Example app listening on port 3000! ‘)
);
package.json:
"express" : " * "
Oauth (Connect with FB, Google …)
• Short for "Open Authorization“
• Provides a means for users to grant third-party applications access to their data without exposing their password to those applications.
• Not an authentication protocol !!!
Why need Oauth:
• Greatly improves the security of web applications
• Important in bringing attention to the potential dangers of exposing passwords to external services.
Oauth 2.0:
• Useful for conveying authorization decisions across a network of web-enabled applications and (RESTful) APIs.
• Not an authentication protocol !!!
Oauth defines the following roles:
❑ Resource Owner (User)
- The application's access to the user's account is limited to the “scope” of the authorization granted (e. g., read or write access).
❑ Client (Application)
- The client is the third-party application
- It needs to get permission from the user before accessing the account.
❑ Authentication Server (can be the same server as the API)
- The authorization server validates the user credentials and redirects the user back to the client with an authorization code.
- The client communicates with the authorization server to confirm its identity and exchanges the code for an access token.
❑ Resource Server (API)
- It handles authenticated requests from an app that has an access token.

Summary of OAuth
❑ OAuth is
• an "Open-standard Authorization” protocol/framework
• that provides a means for users to grant third-party applications access to their data
• without exposing their password to those applications.
❑ OAuth 2.0 Terminology
• Resource Owner, Client, Authorization Server, Resource Server, Scope, Consent, Access Token, Authorization Code
❑ Authorization Code Grant

SOA (Service Oriented Architecture)
• is an architectural style in application development in which
• application components are reusable, i.e., providing services to other components/applications
• via service interfaces, typically over networks
Services in a SOA:
• reusable components that represent business or operational tasks,
• e.g., check customer credit; provide weather data, consolidate drilling reports.
Each service is self-contained
• It embodies the code and data required to execute a complete, discrete business function.
• It may be composed of other services.
• It is a “black box” to consumers of the service.
The service interface is a service contract
• between the service provider and service consumer.
• The actual system implements the service via the interface.
The service interface in SOA provide loose coupling
• meaning they can be called with little or no knowledge of how the service is implemented underneath,
• reducing the dependencies between applications.
Service interfaces are frequently defined
• using Web Service Definition Language (WSDL)
• which is a standard tag structure based on extensible markup language (XML).
The services are implemented/exposed
• using standard network protocols
• such as SOAP (simple object access protocol)/HTTP or Restful HTTP (JSON/HTTP) —
• to send requests to read or change data.
Characteristics of SOA
1. By using common interface standards/interfaces,
• different services can be rapidly incorporated into new applications.
• This removes tasks from the application developer who previously
• redeveloped or duplicated existing functionality or
• had to know how to connect or provide interoperability with existing functions.
2. SOA allows platform independence
• by separating service interface and service implementation.
• Thereby, service consumers access the services via standardized service interfaces
• that hide the complexity and diversity of service implementations from consumers.
REST (Representational State Transfer) & CRUD
• an architectural style to design Web services; work best on the Web.
• Adoption of REST by mainstream Web 2.0 service providers – including Yahoo, Google and Facebook.
• defines a set of architectural principles by which you can design Web services that specifies constraints:
✓ Data and functionality are considered resources and are accessed using Uniform Resource Identifiers (URIs), typically links on the Web.
✓ The service is constrained to a client/server architecture and is designed to use a stateless communication protocol, typically HTTP.
✓ Clients and servers exchange representations of resources by using a standardized interface and protocol.
RESTful Web Services
• Every entity (Data and functionality) that can be identified, named, or handled is considered a resource that is addressable by using a universal syntax (i.e., Universal Resource Identifier—URI).
• Consumers communicate with services using basic HTTP operations:
• GET, POST, PUT, and DELETE.
RESTful Web Services - Design Principles
❑ Principle 1: Expose directory structure-like URIs
• REST Web service URIs should be intuitive, i.e., easily understood.
• URI is a kind of self-documenting interface that
• requires little (if any) explanation or reference for a developer to
• understand what it points to and to derive related resources!
• Structure of a URI should be straightforward and predictable.
i) URI is hierarchical,
ii) rooted in a single path,
iii) branching from it are subpaths that expose the service's main areas
❑ Principle 2: Use HTTP methods explicitly
• A one-to-one mapping between create, read, update and delete (CRUD) operations and HTTP methods
• Use POST to create a resource
• Use GET to retrieve a resource
• Use PUT to update (change) the state of a resource or to update it
• Use DELETE to delete a resource
❑ Principle 3: Be stateless (imperative in cloud computing)
• A RESTful service is stateless if it does not maintain the application state for any client
• Be stateless = “Don’t store state information on the server”
• A request cannot be dependent on a past request and a service treats each request independently
• HTTP is a stateless protocol by design and you need to do something extra to implement a stateful service using HTTP
• If you must save state, save it on the client side via cookies or other methods (Session)
• Be stateless is imperative in cloud computing
▪ There is no guarantee that a client (consumer) connects to the same server (service provider)
▪ All cloud infrastructures offer some form of load balancing and fail-over mechanisms
❑ Principle 4: Transfer (between clients & servers) XML, JSON, or both
• Data that consumers and service providers exchange must be placed in the request/response payload or in the HTTP body and it is a good idea to keep things simple and human-readable.
• Give client applications the ability to request a specific content type that is best suited for them. Use Built-in HTTP ACCEPT header
Cloud Computing
• Cloud Computing is the provision of services and applications over the Internet using shared and virtual resources.
• Virtualization is the key technology to achieve resource sharing in cloud computing.
• Cloud (service) providers (vendors) are providers of cloud computing services and applications.
• Cloud (service) consumers are consumers who use these services.
Characteristics of Cloud Computing
1. On-demand, self-services
➢ means the user himself can provision, manage, and monitor the resources as per his requirements.
2. Broad network access
➢ Cloud services are accessed using standard protocols and available over a network, typically the Internet.
➢ The services are provided over heterogeneous devices such as mobile phones, laptops, tablets, office computers, etc
3. Resource pooling
➢ A cloud provider pools its computing resources (like networks, servers, storage, applications, and services) to serve multiple consumers.
➢ This is done using a multi-tenant model, which allows multiple costumers to share the same application or physical infrastructure while retaining data security and privacy.
4. Rapid elasticity
➢ Rapid Elasticity means `computing resources` can be elastically provisioned and released to meet immediate requirements, and they can also be removed or scaled-down when not required.
5. Measured (metered) service
➢ Cloud services are measured. In another word, the usage of cloud resources is tracked, monitored, controlled, and reported.
Cloud Service Model
❑ Software as a service (SaaS):
• All infrastructure, platform and application layers are supplied by the cloud provider.
• The cloud consumer is the end user of the application.
Examples: Web mail (Gmail, Yahoo Mail), Cloud storage (Dropbox,OneDrive), Microsoft Office 365, Google App for Work
❑ Platform as a service (PaaS):
• Cloud providers supply the infrastructure and the platform.
• Cloud consumers supply the application, which is built using the facilities of the platform.
• The cloud consumer is not the end user but the developer or owner of the application.
Examples: AWS Web Services, Oracle PaaS, IBM Cloud, App Services, Cloud functions
❑ Infrastructure as a service (IaaS):
• Cloud providers supply only the infrastructure.
• The cloud consumer supplies both the platform and the application. In essence, IaaS supplies virtual machines (e.g., Linux), or so called instances, which act like computers for use by cloud consumers.
Examples: Virtual machines, VPN, Oracle IaaS, Amazon Elastic Compute Cloud (EC2)
Other service models
❑ Data as a Service (DaaS)
• Cloud vendors supply data access services for applications, e.g., MongoDB
❑ Mobile Backend as a Service (MBaaS)
• Or called Backed as a Service (BaaS)
• Cloud vendors supply backend storage and APIs for mobile or other applications. The APIs support features like user management, push notifications, and integration with social networks.
❑ Network as a Service (NaaS) model
• Cloud vendors supply services for network transport connectivity like Virtual private networks (VPNs)
Deployment Models
▪ Private cloud
A private cloud system is exclusively used by an organization.
• The system may be owned and managed by the organization or a third party, and
• may be on or off the premises of the organization.
▪ Community cloud
A community cloud system is exclusively used by a community.
• A group of users or consumers from organizations that have shared concerns.
• The system may be owned and managed by one or more of the organizations, and
• may be on or off the premises of the organizations.
▪ Public cloud
A public cloud system is open for public use.
• The system is owned and managed by an organization, and
• is on the premises of the organization.
▪ Hybrid
A hybrid cloud system is
• a combination of two or more private, community or public cloud systems,
• bounding the systems for data and application portability
Pricing Models of Cloud Computing
• No upfront costs
• No termination fees
• Pay as you go (i.e. pay only what you use)
Benefits of Cloud Computing
• The cost is generally low.
• The barrier to entry is low.
• Reliability and the quality-of-service (QoS) are high.
• Scalability is good.
• Many cloud systems implement, and thus have the same advantages of web applications. The advantages include simplifying maintenance and upgrade, providing universal access over the Internet, and facilitating sharing and collaboration.
Concerns of Cloud Computing
• Security and privacy.
• Reliability of SaaS applications.
• Reduced operational control and potential vendor lock-in (especially in SaaS and PaaS).
• Network connectivity and latency
Virtualization
Virtualization VS. Cloud Computing
Virtualization (abstracts)
• compute resources typically as virtual machines (VMs)
• with associated storage and networking connectivity.
Cloud Computing (determines)
• how those virtualized resources are allocated, delivered, and presented.
What is Virtualization
1) the separation of a resource or request for a service
2) from the underlying physical delivery of that service.
Virtualization for different ICT resources such as:
➢ Servers/CPUs – virtual servers
➢ Storage – virtual disks
➢ Network – VPN, VLANs
Virtualization Infrastructure provides
• a layer of abstraction between computing (CPUs), storage and networking hardware, and the application running on it.
Benefits:
➢ Deployment of virtual infrastructure is non-disruptive and the user experience is largely unchanged.
➢ Gives administrators the advantage of managed pooled resources across the enterprise ➢ Allows IT managers to be more responsive to dynamic organizational needs and to better leverage infrastructure investment
Virtualization Architectures
Hypervisor (bare-metal) architecture
A Type1 hypervisor, a software layer (handles virtualization tasks), is directly installed onto the hardware.
• Hypervisor can discover and virtualize the system's available CPU, memory and other resources.
• Hypervisor can create a virtual image of the system's resources, which it can then provision to create independent VMs.
• Hypervisor can configure the VM by installing an OS such as Windows Server 2019 and an application such as a database.
• Every VM remains completely isolated and independent of every other VM. No VM within a system shares resources with or even has awareness of any other VM on that system.
Hosted Architecture
• The system first installs the host OS on the hardware
• Then Hosted Hypervisors or Type 2 hypervisors are installed -- such as VMware Workstation, KVM or Oracle VirtualBox -- atop that OS.
• The VMs the hypervisor creates can each receive guest OSs and applications. Every VM created under a hosted hypervisor is isolated from every other VM.
• Similar to bare-metal virtualization, VMs in a hosted system run in memory and the system can save or load them as disk files to protect, restore or duplicate the VM as desired.

Limitations of Hypervisor Virtualization
➢ Increased overhead of running a fully installed guest operating system
➢ Inability to freely allocate resources to processes
➢ Significant overhead from calls to hypervisor from the guest operating system can sometimes reduce application performance.