A hybrid web server architecture for secure e-business web applications

Authors:
Vicenç Beltran;David Carrera;Jordi Guitart;Jordi Torres;Eduard Ayguadé
Affiliations:
European Center for Parallelism of Barcelona (CEPBA), Computer Architecture Department, Technical University of Catalonia (UPC), Barcelona, Spain;European Center for Parallelism of Barcelona (CEPBA), Computer Architecture Department, Technical University of Catalonia (UPC), Barcelona, Spain;European Center for Parallelism of Barcelona (CEPBA), Computer Architecture Department, Technical University of Catalonia (UPC), Barcelona, Spain;European Center for Parallelism of Barcelona (CEPBA), Computer Architecture Department, Technical University of Catalonia (UPC), Barcelona, Spain;European Center for Parallelism of Barcelona (CEPBA), Computer Architecture Department, Technical University of Catalonia (UPC), Barcelona, Spain
Venue:
HPCC'05 Proceedings of the First international conference on High Performance Computing and Communications
Year:
2005

Citing 5
Cited 0

SEDA: an architecture for well-conditioned, scalable internet services

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Evaluating the Scalability of Java Event-Driven Web Servers

ICPP '04 Proceedings of the 2004 International Conference on Parallel Processing
Characterizing Secure Dynamic Web Applications Scalability

IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
A Hybrid Web Server Architecture for e-Commerce Applications

ICPADS '05 Proceedings of the 11th International Conference on Parallel and Distributed Systems - Volume 01
Flash: an efficient and portable web server

ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nowadays the success of many e-commerce applications, such as on-line banking, depends on their reliability, robustness and security. Designing a web server architecture that keeps these properties under high loads is a challenging task because they are the opposite to performance. The industry standard way to provide security on web applications is the use the Secure Socket Layer (SSL) protocol to create a secure communication channel between the clients and the server. Traditionally, the use of data encryption has introduced a negative performance impact over web application servers because it is an extremely CPU consuming task, reducing the throughput achieved by the server as well as increasing its average response time. As far as the revenue obtained by a commercial web application is directly related to the amount of clients that complete business transactions, the performance of such secure applications becomes a mission critical objective for most companies. In this paper we evaluate a novel hybrid web server architecture (implemented over Tomcat 5.5) that combines the best aspects of the two most extended server architectures, the multithreaded and the event-driven, to provide an excellent trade-off between reliability, robustness, security and performance. The obtained results demonstrate the feasibility of the proposed hybrid architecture as well as the performance benefits that this model introduces for secure web applications, providing the same security level than the original Tomcat 5.5 and improved reliability, robustness and performance, according to both technical and business metrics.