Book Review: Enterprise Application Architecture
This book is about EnterpriseArchitecture. We are using a 4 Sphere Architectural Model; that meansthat we should be able to define the tasks required to meet ourobjective in terms of a series of sub tasks that must be handled on eachsphere. Over the next few pages, we will cover the things that must beaccomplished on each sphere in order to deploy an application. In thischapter, we will be more concerned with the operational tasks ratherthan the programming tasks. I am sure that by now, you either know howto handle the programming or know where to look up the information youneed. What we need to cover is the actual hands on activity that needsto take place on each sphere in order to deploy an application.
I would like to approach the deploymentissue the same way we worked through the development issues we talkedabout throughout this book. In other words, I would like to start at theinner most sphere of the system and work out from the database to theuser. This will allow us to work through deployment issues for eachsphere so we will arrive at the last chapter of this book at thePresentation sphere with only some ASP concepts to finish.
The Data Sphere - SQL Sever
All of the objects we have worked with inthis book rely upon a relational database data core.
In our installation, we use SQL Server7.0, but anything we have done in this book could be accomplished usingSQL Server 6.5.
Of course, it is also possible to useexactly the same techniques with other relational databases, Oracle,Informix, etc. If you use one of the other databases, you might haveto make some minor changes to some of the stored procedures.Microsoft's Transact SQL is not universal by any means, but anychanges that you do need to make are likely to be rather trivialsyntax changes rather than major conceptual overhauls.
As a suggestion, if you are currentlyusing SQL 6.5 and you have the option of migrating to SQL 7.0, by allmeans do it. I am not going to go through a feature-by-featurecomparison, you can do that for yourself. But I will tell you that SQLServer 7.0 has varchar fields that can hold 8,000 characters compared tothe 255 character varchars that SQL Server 6.5 offers. This means thatin all but the rarest cases, we can virtually eliminate the handling ofbinary large objects, BLOBs, and text fields from our list ofprogramming chores. This in and of itself may be enough to cause mostshops to switch from 6.5 to 7.0, but there are other, performance based,reasons to make the switch. During our switch from 6.5 to 7.0, I tookthe time to run some simple comparison tests between the two versions.The outcome of the test was that, out of the box, SQL 7.0 showed about a300% improvement in throughput.
Comparing SQL Server 6.5 and 7.0
The tests consisted of a simple driverapplication that ran a series of database actions against the server. Toremove any client or networking bottlenecks, I used multiple clientmachines to drive the tests against both SQL Server versions. When I ranthe tests against the 6.5 version using the default configuration, I waslimited to approximately 125,000 database actions per hour. It didn'tseem to matter how many client machines I used to drive the test, the125,000 number stood. Curiously, this limitation was not due to the CPUsor I/O capabilities of the machine. The resource monitor showed the CPUutilization steady at around 10%. The limitation seemed to be due tosome internal SQL Server factors. Anyway, I ran the same test againstthe SQL 7.0 version, again using the default configuration. The resultswere impressive. The 7.0 version allowed 400,000 database actions perhour. The 7.0 version also made better use of the available resources. Ididn't need to use any additional client machines because the CPUutilization with 7.0 was around 60%. This test was performed usingobjects that hit SQL Server directly without any of the poolingcapabilities of MTS.
After I performed this test, I devisedanother test that was designed to measure the effect MTS had on theoverall system. I added another machine to the mix. This machine onlyhad MTS installed on it. Next I moved the DLLs from the client machinesto the MTS machine. Then I created a package for the DLLs and informedthe client applications that they were to use the DLLs in MTS instead ofa local copy of the DLL. Finally, I ran exactly the same test as aboveagainst the MTS/SQL pair. The results were astounding! First, the numberof database actions that were completed per hour went from 400,000 to500,000. This alone would have been significant, but it was not whatsurprised me. The amazing thing was that the CPU utilization for themachine that hosted SQL Server 7.0 went down to 12% for 500,000 actionscompared to 60% for 400,000 actions. Of course, the processing power hadto come from somewhere. It did. The MTS machine's CPU utilization wasbetween 40 and 50%! This was a tribute to Microsoft's tight integrationbetween MTS and SQL. It also confirmed the ability of the connectionpooling resources of MTS.
The Data sphere of our system consists ofthree types of database objects tables, views, and storedprocedures. Of course our objects are designed with the capability ofconstructing all of the database objects that they need to function, soby deploying our data objects on the Data Centric sphere, provided wehave set up a database for them, we can leave the handling of the Datasphere to our objects. Once again, the time and effort we put intobuilding high quality data objects has paid off.
The Data Centric Sphere - MTS
Microsoft Transaction Server (MTS)handles the middle spheres of our system. Although Microsoft named thisapplication Transaction Server, this name really doesn't convey all ofthe things that we can do with it.
I'm only going to give a brief overviewof MTS here. If you want to learn more, and I recommend that you do, Isuggest you try Professional MTS and MSMQ with VB and ASP, alsopublished by Wrox Press.
MTS provides a stable run timeenvironment for our objects. It serves as an object broker and canmanage a number of instances of a particular object. Unfortunately, thecurrent version of MTS doesn't offer us the level of administrativecontrol that some other middle-ware managers like TOP END. does. Wecannot, for instance, tell MTS to keep X number of objects of aparticular type in a pool instantiated and available for service. As Iunderstand it, this type of functionality will be available in the nextrelease of MTS. But, as far as I am concerned, this lack ofadministrative tuning capabilities is not that much of a disadvantage.It has been my experience that MTS really does a good job of managingthe number of available objects without any interference from the likesof me. In other words, while other products like TOP END. do give theadministrator a higher level of control, MTS uses a sophisticatedoptimization algorithm to perform that task without any intervention.Although I cannot prove it, I suspect that the algorithm may be morecapable than most administrators would be under the same circumstances.
As we learned by examining the results ofthe testing above, one of the other things MTS offers is superb resourcepooling capabilities. The increase in performance we saw was completelydue to MTS's ability to manage several pools of resources includingdatabase connections, processes, and threads. Again, MTS doesn't offeras rich an administrative interface as some other middle-wareapplications do in this regard. We cannot really do much to tune orotherwise effect the pooling of available resources. MTS does thiswithout interference via some internal logic. And once again, I reallythink that this may be a good thing. The things that people tend to viewas complicated like real-time optimization of resources are tasks thatare often better handled by automation.
If you remember the fairly complicatedserver farm designs we looked at way back in Chapter 3, you may havethought that it would be incredibly difficult to manage objects spreadout over all of those machines. Well MTS makes it very easy to deploy,test, and re-deploy objects across a multiple machine platform. MTS canbe easily programmed to replicate components across a battery ofmachines. It has been my experience that this administrative facilitymay be more important to overall system performance than the ability tomanage the number of instances of an object on a particular machine. Theway we administer MTS is to macro manage the system. In otherwords, if we need more processing power, we add another machine or twoto the pool of available servers. Then as we covered above we can allowMTS to micro manage the pool of resources (and object instances)on each server.
Another advantage MTS offers is theability to provide two additional levels of security to our system. Wecan write code in the objects that allow just certain groups of users togain access to certain properties and methods. This security scheme iscalled programmatic security. This allows us to create objectsthat can actually transform their interface to bend to meet securityconcerns. In other words, we may need everyone in the company to be ableto gain access to some Cash object. But through programmaticsecurity we can ensure that only persons in group X can void a cashtransaction. There is another type of security we can employ with MTS.It is called declarative security. This type of security reallyallows (or denies) certain individuals access to a particular objectunder the control of MTS.
Last but not least, we can use MTS to,surprise surprise, manage transactions. This is one of the mostimportant functions of this server.
MTS and Transactions
You should remember that in all our DataCentric object's processes' code we used a Context object variable tomanage transactions. The calls to SetComplete and SetAbort informed theMTS environment whether our transaction was successful or not andallowed MTS to deactivate the object. At this point I'd briefly like todraw your attention to an property of our objects which you may not havenoticed.
Visual Basic 6.0 introduced a new classproperty that you could set in the Properties dialog, just like anyother property. This new property was MTSTranasctionMode:
Insert Image 5
As you can see there are five potentialsettings for this property, which determines how MTS handles an instanceof this class.
Specifies that the object will not beinvolved with MTS. This is the default option.
The class will not support transactions.An object context will still be created, but it will not participate inany transactions. This value is useful for when you are just using MTSas a central repository for a component class. With this value, therewill not be a transaction as part of the class.
This value mandates that the object mustrun within a transaction. When a new instance of the object is created,if the client has a transaction already running then the object'scontext will inherit the existing transaction. If that client does nothave a transaction associated with it, MTS will automatically create anew transaction for the object.
This choice indicates that should atransaction be available when the object is created then it will use theexisting transaction. If no transaction exists then it will also run butwithout any transactional support.
This indicates that the object willexecute within its own transaction. When a new object is created withthis setting, a new transaction is created regardless of whether theclient already has a transaction.
If you look at the source codeyou will see that for all our classes in the DCPerson.dll you'll findthat the MTSTransactionMode property has been set to2-RequiresTransaction.
In the section that follows we will workthrough a procedure you can use to create MTS Packages for the DataCentric objects.
Data Centric Package Creation on MTS
The steps that we must perform to createthe MTS packages for the Data Centric objects and the installationprocedures we must follow do not change even if you need to install boththe Data Centric and User Centric halves of the objects on the samemachine. Over the next few pages, we will work through the steps thatare required to create a Data Centric MTS package for the Personobject. You can repeat exactly the same process for any other DataCentric objects.
- Copy the DCPerson.dll to a directoryon the Data Centric MTS machine. We use a directory calledComponents on each MTS machine to hold the DLLs for the objects thatare installed on that machine. It makes it easier to find and workwith the components as the need arises. In addition, we also use asimple directory structure under the Components directory thatseparates each object:
- Start Microsoft Transaction ServerExplorer. This MTS administrative application is delivered as asnap-in for Microsoft Management Console (MMC).
- Navigate through the Console tree viewto the Packages Installed node under the My Computer node. As longas you are working on the target machine, you can always use the MyComputer node to perform any administrative functions that need tobe performed. The MTS snap-in is just like any standard Explorerinterface:
- Select the Packages Installed node onthe treeview. Then right-click your mouse. You should see a pop-upmenu. Select New and then click on the Package option. Thiswill start MTS's Package Wizard. The wizard will walk you throughthe steps that are necessary to create a new MTS package:
- In this case, we do not have apre-built package for you Data Centric Person object, so weare going to create an empty package. All you need to do is click onthe Create an empty package button on the form. That will bring upthe next step of the Package Wizard:
- Type in the name for the new emptypackage. In this case we would type in the word DCPerson. Once youhave typed in the name for the package, press the Nextbutton:
- The next screen is used to set thepackage identity. In my enterprise, I have a single MTS account thatwe use. This allows me to control the permissions using a singleaccount. You probably don't have a particular MTS account set up inyour domain, so for the time being, just accept the Interactiveuser the current logged on user option and press the Finishbutton. At this point we have successfully created an empty MTSpackage named DCPerson.
- Now that we have the package, we needto add at least one component to the object. In our installation, weuse a single package for each data object half. We have found thatthis offers us the greatest amount of flexibility and promotes thereuse of the data objects. What this means in real terms is that weonly need to add one DLL to the newly created DCPerson package. Inorder to do that, highlight the Components node under the DCPersonnode as shown in the image below. Right-click your mouse and selectthe New | Component option from the pop-up menu:
- At this point, the MTS explorerinvokes a new wizard the Components Wizard. As it is likely thatthis machine won't be the one we developed the object on, we need toselect the Install new component(s) button.
- This brings up the Install Componentsscreen of the wizard. Here we need to press the Add filesbutton and navigate to the Person directory under the Componentsdirectory on the machine. Once we have located the DCPerson.dllfile, all we need to do is to press the Open button on the open filedialog box:
- After you have selected theDCPerson.dll you will be returned to the same screen as above, butnow it will display each of the class files that make up the personcomponent as shown. Notice that MTS considers each class under themain object as a separate component:
- The first step we need to doin order to create a remote component package on the User CentricMTS machine is to introduce the User Centric machine to the DataCentric machines. We do that by adding remote computers to the UserCentric computer's Computers folder. To do this, just right-click onthe Computers node and select the New | Computer option fromthe pop-up menu:
- This will bring up the Add Computerdialog box. Navigate over to the computer that contains the DataCentric objects and press OK. The other Data Centric computer willbe added to the list of remote computers to this machine and then wecan browse the packages available on that computer and install themas remote components on this computer.
- Once the computers have beenintroduced, you can search through the available components on theremote computer and add those to the remote computer folder of themachine you are presently working on. In our case, we need to addthe DC Person object as a remote component on our UserCentric MTS machine.
- Right-click on the Remote Componentsfolder under My Computer and select New | Remote Components. In thedialog box that appears, select the remote computer and package thatcontain the components you want to invoke remotely:
- From the Available Componentslist, select the component that you want to invoke remotely, andclick the down arrow (Add). This adds the component and thecomputer on which it resides to the Components to configure on box.If you click the Details checkbox, the Remote Computer,Package, and Path for DLLs are displayed. Add all the DC Personcomponents:
- Create a directory tocontain the Contact-Information Application. It doesn't reallymatter where you place this directory. It can be on the same machineas IIS, a good idea for performance reasons, or it can be on anothermachine if you like. It is also not a requirement that the directoryexist under the virtual root directory for the IIS server. In fact,for security reasons, it may be better to create this directory in adifferent location perhaps even on another drive. I wanted tomake those things clear to avoid any misconceptions before we began,but for this example we will create the Contact-InformationApplication directory on the IIS machine under the virtual rootdirectory:
- Start the Internet Service Manager.This IIS administrative application is delivered as a snap-in forMicrosoft Management Console (MMC).
- Create a new Virtual Directory.Right-click on the Default Web Site node and select the New |Virtual Directory option from the pop-up menu. This will invoke theNew Virtual Directory Wizard. Enter the name for the virtualdirectory in the text box as shown:
- Map the virtual directory to thephysical directory we created earlier. You can either type in thepath of the directory or press the Browse button to navigateover to the actual physical directory:
- Set the Permissions for the VirtualDirectory. The wizard will display another dialog box that willallow us to specify the permissions for the directory. Select theoptions as shown here and press Finish to continue:
- Configure the IIS settings for theVirtual Directory. Navigate through the treeview shown above andhighlight the CIA node, or Virtual Directory. Once this directoryhas been selected, right-click your mouse and select Propertiesfrom the pop-up menu. From the Properties dialog box, select theoptions for the Virtual Directory as shown in the image. Then switchto the Directory Security tab:
- Setting the Directory Security. Fromthe Directory Security tab, press the Edit button in theAnonymous Access and Authentication Control frame set. This willbring up another modal dialog:
- Setting up a group of authorized usersto manage permissions for the physical directory using Windows NT.NT security gives us the ability to create groups of users that haveaccess to a particular resource or set of resources. This eases ouradministrative tasks. In this case we will create a local user'sgroup on the IIS machine that contains a list of users that havepermission to use the CIA application. Then when we need to workwith the permissions for the physical directory we can work with asingle group of users at one time rather than working with theindividual users.
Select the New Local Group option from the User Manager forDomains console:
- Setting the permissions on thephysical directory this task is handled outside of the MMC. Allwe need to use to set the permissions on the directory is WindowsExplorer. You are probably familiar with this technique, but just tobe thorough navigate to the physical CIA directory and right clickyour mouse. Select Properties from the pop-up menu.
Select the Security tab from the Properties dialog and then pressthe Permissions command button. This will bring up the nextdialog, which will let us set permissions for the directory usingstandard NT security:
Insert Image 6
This set of steps assumes that you haveaccepted the default setup parameters for NT Option Pack 4. They alsoassume that you are working directly on the target machine that hoststhe Data Centric objects.
Insert Image 7
Insert Image 8
Insert Image 9
Insert Image 10
Insert Image 11
Insert Image 12
Insert Image 13
Insert Image 14
Another thing to notice is that MTSgoes through the trouble of testing the object to determine whatinterfaces it exposes that MTS can tie into. In this case you willnotice that MTS found the MTX (Context) object that we implementedwhen we developed the Data Centric halves of our objects. Press theFinish button, and the MTS explorer should look something like theimage below:
Insert Image 15
The User Centric Sphere - MTS
If you are installing the User Centricobjects on the same machine as the Data Centric objects, then justfollow the same set of instructions that we covered earlier for theUser Centric components. Of course in this case we would create asecond package called UCPerson in addition to the DCPerson package,but everything else is exactly the same. If you are using a differentmachine for the User Centric sphere, then we need to add a couple ofextra steps. As you might imagine, we need to instruct the UserCentric MTS as to the location of the Data Centric objects. We do thisby installing them as remote components.
Insert Image 16
Insert Image 17
Insert Image 18
When this process is finished, you willfind that you have a new directory on the User Centric MTS machine.The DCPerson directory will be added to the Program Files\MTS\Install\Remote\DCPerson.This is where the User Centric machine stores all of the informationit needs to communicate with the data centric machine:
Insert Image 19
Now that we have installed the localcomponents and instructed the User Centric computer about where tofind the remote components, we can install our Veneer component.Remember that this is where all of the business rules for ourapplication are stored. To do this, simply follow the sameinstructions we used for the Data Centric component above. The onlydifference is that in this case, is that we add the Veneer DLL to aVeneer package rather than a data object. Otherwise, the procedure isexactly the same. Although it isnt necessary, I usually take theapproach of adding all of the data objects a Veneer requires before Iadd the Veneer.
At this minute, you should havesomething similar to this image. It doesnt matter that right nowyou may have SQL Server and MTS running on a single server. Even ifyou had to install the data store, DC objects, UC objects, and theVeneer on a single machine, you can always separate them later. Rightnow you should have, at least logically, a system that looks somethinglike this:
Insert Image 20
The next sphere we need to consider isthe Presentation sphere. For our purposes, we will consider thePresentation sphere the machine, or machines, that are hosting IIS. Wewill take a look at what we need to do for the client machines alittle bit later.
The Presentation Sphere - IIS
As important as SQL Server and MTSservers are to the enterprise, the star of the system may very well beInternet Information Server (IIS). It serves as a bastion host in theDemilitarized zone:
Insert Image 21
It can deliver files, web pages, andentire applications with a high level of security and speed. It isalso possible, although I wouldn't recommend it, to use IIS as theprimary dispatcher in a software-based load-balancing scheme. (Icovered all these details in Chapter 2 so you may want to quickly flipback for a refresher.)
IIS is capable of performing the dutiesof a bastion host because it can make use of the full range ofsecurity facilities available to Windows NT. Remember from Chapter 2that a bastion host stands guard over the second screening router in abelt and suspenders system. This type of security is used to keepintruders outside of the protected network area. IIS also offers theability to protect information that is being transmitted outside ofthe protected network area. It does this by rendering the informationunusable via an encryption scheme called Secured Socket Layer (SSL).The newest version of SSL (3.0), allows IIS to verify any user beforethe user is allowed to log onto the server.
Using ASP, IIS is also responsible fordynamically creating the application interface that an enterprisedelivers to its clients. IIS can also be used to provide a level oftransaction control to our applications.
In an Enterprise Caliber installationwe use a combination of MTS and SQL to handle this function.
In my enterprise, I use a directorystructure like the one shown here to house our web-based applications.This structure allows us to use IIS in combination with our userobject (Person object) to provide our first and second levelsof security:
Insert Image 22
It works as follows. Each user in thedomain(s) is given permission to access the IIS Root Directory remember that IIS is really just using standard NT security. So, if anindividual that is not an authorized user attempts to gain access tothis directory, Windows NT will not grant that person access to theobjects (files) in that directory.
This means that only persons with avalid account on the domain(s) will be allowed to begin the next stepof the security process. For the purposes of this discussion, considerthat there is only one file, active server page, in thisdirectory. This page provides the second level of security bydetermining the authorized user's Logon ID. Once it has thisinformation it retrieves a list of applications that this authorizeduser is allowed to access.
It uses this list of applications todynamically construct a menu of applications that the particular userhas permission to access. If the user is requesting information from abrowser, then the user is presented with a single "menu"page that contains links for the applications that user is allowed toaccess. If the user is accessing the enterprise through theclient-side Launch Pad application (we will learn how to build thisapplication later), the page is formatted in a manner that can be usedby Launch Pad to dynamically construct its pull down menus.
In either case, the end result of thesefirst two levels of security is a list of applications and theirassociated HTML addresses. The following section will give youstep-by-step instructions for creating an application directory underIIS, providing permissions to that directory, and installing anapplication (a group of Active Server Pages stored in a singledirectory intended to perform a particular purpose).
Setting up the Presentation Sphere
Insert Image 23
Selecting this option will bring up theMicrosoft Management Console just like the MTS option did earlier.This time, the MMC will transform itself into an administrative toolfor IIS instead of an administrative tool for MTS. Keep thisfunctionality in mind. It will come in handy when we take a look atthe Launch Pad application below.
Notice that when we open up MMC to useIIS, it contains the MTS snap-in as well. Anyway, from this point,navigate through the treeview until you find the Default Web Site nodeon the Internet Information Server branch of the tree. It should looksomething like the image below:
Insert Image 24
Insert Image 25
Insert Image 26
Insert Image 27
Once you have pressed, the Finishbutton, you will be returned to the Management Console for IIS. Noticethat there is a new node under the Default Web Site. This node iswhere we will install our application. The next major phase in ourinstallation concerns setting the IIS security for the VirtualDirectory.
Insert Image 28
Insert Image 29
Insert Image 30
We use this box to set theauthentication methods. The best way to handle authentication is toselect only the Windows NT Challenge/Response option. However,if you need to use outside Internet Service Providers (ISP) you mighthave to select Basic Authentication as well. If you do this,you will also need to use Secured Sockets Layer to encrypt the data ifyou want to ensure a high degree of system security. Under nocircumstances should you check the Allow Anonymous Access option for adirectory that contains a web-based application:
This completes the work we need to doto configure the IIS security. Notice that IIS Virtual Directorysecurity is not really a fine-grained mesh the way that Windows NTsecurity is. This is not a problem because IIS conforms to the WindowsNT security model. That means that in addition to the broad securityswath that we can control with IIS, we can provide additional securityby utilizing the NT model to control the objects (files) in thephysical directory that this Virtual Directory maps to.
Insert Image 31
This will bring up a dialog box that wecan use to create a new local user's group. All we need to do here isto type in a group name (and optionally a description). In this case,we are creating a group named CIA. The sole purpose for this groupingof users is to identify those individuals that will have permission toaccess the Contact-Information Application:
Insert Image 32
Next, we need to add the users to thisgroup. We can specify which users to add as individuals or as othergroups that contain individuals. For instance, maybe you have a groupcalled Accounting that contains all of the users in your organizationthat work in the accounting department. You can choose to add all theusers in Accounting to the CIA group as individuals or you could alsojust add the entire Accounting Group.
The next image shows the Add Users andGroups dialog that is presented when you press the Add buttonon the New Local Group dialog. Our only goal here is to identify allof the users that we want to access our CIA application and make surethose users end up in the lower listview on the Add Users And Groupsdialog. Don't worry too much about getting this exactly right thefirst time. You can always go back and modify the list of users as theneed arises:
Insert Image 33
Insert Image 34
This will be an easy job for us becausewe have taken the time to set up a user's group for our application.All we will need to do in the Directory Permissions dialog is tospecify which user group we want to give access to. From this pointon, we can control user access to the application via access to thatgroup. Press the Add button to add users or groups.
The next dialog should look familiar.It is the same one we used earlier to add the members to the CIAuser's group. In this case, we will use the Add Users and Groupsdialog to give the CIA group Full Control over the physical directory:
Insert Image 35
We could specify less control over thedirectory to be safer, but for our purposes here Full Control isappropriate. Make sure that you also give Full Control to the systemadministrator and to the developers that are responsible for thisdirectory. If not, they will not be able to place the ASP files in thedirectory etc.
That is really all there is to it. Torecap, now we have a physical directory that can only be accessed bythe members of a single users group CIA. We have given this group fullcontrol over the CIA directory.
I would recommend that you give yourusers the lowest possible access level. This example is designed sothat the developers are also in the CIA user's group. In real life Iwould have created two groups CIA Users and CIA Developers orAdministrators with different permissions.
That physical directory is mapped to anIIS Virtual Directory. We used the IIS administrative tool to set thesecurity on this directory to require Challenge Response Authorization(and possibly Basic Authentication if all else fails) and have set thebroad swathe of security around that directory to allow the users toexecute scripts in the directory. All we have to do now is to copy ourASP files that make up the application into the physical CIA directoryon the IIS machine.
At this point, we have really handled allthe 4 Spheres we have talked about throughout this book. We have thetables, views, and stored procedures on the Data sphere, the DataCentric objects on the Data Centric sphere, the User Centric objects andVeneers on the User Centric sphere, and we have created a location onthe Presentation sphere to hold the user interface files. Now I want tointroduce you to a new sphere - the Client sphere.
Page 3 of 4