Introduction

It may be a surprise to learn that a reliable, extensible and very secure Internet-based system (including one that provides wireless services) does not have to cost millions of dollars. Yet, the building blocks to create such a system — in less than a year — are now readily available. To assemble these building blocks into a complete application is primarily a matter of adopting the right software architecture. This is the purpose of Project LongJump — and the topic of this paper.

The information presented here is applicable to almost any Internet-based system, regardless of whether it services traditional desktops or the newly popular wireless mobile devices. With the right architecture, Internet services are readily affordable to even small and medium-sized organizations. For large operations, serving millions of customers has never been so economical.

This paper will be of interest to heads of technology departments, technical managers and software engineers that are building new or retrofitting existing Internet-based applications. The material focuses on the most complex, often overlooked aspects of such systems — internal state consistency and security.

Unfortunately, pressures to complete a project tend to restrict everyone's attention on the business logic of the particular application. Only when security breaches or consistency errors (e.g. a customer is charged for the service, but the service is not turned on, prompting costly support calls) begin to seriously affect the entire operation are these vital issues considered. Yet, it is far better to look after them earlier rather than later. When security and system state synchronization are designed correctly at the start of a project, their cost is minimal — while the savings just a short time later are substantial.

What makes these issues so unique is the fact that they permeate the entire system. It is easy to think of security, for example, as another feature ("next week, we begin work to add security to our application"). Unfortunately, it does not work this way. For a system to be secure, it must be designed to be secure. Attempting to add security afterwards is a monumental task, like trying to plug all of the holes in a sieve one by one.