.NET Zone is brought to you in partnership with:

Simon lives in Jersey (Channel Islands) and works as an independent consultant, specialising in software architecture, technical leadership and the balance with agility. Simon regularly speaks at international software development conferences and provides consulting/training to software teams at organisations across Europe, ranging from small startups through to global blue chip companies. He is the founder of "Coding the Architecture" (a website about pragmatic, hands-on software architecture) and the author of "Software Architecture for Developers" (an e-book that is being published incrementally through Leanpub). He still likes to write code too, primarily in .NET and Java. Simon is a DZone MVB and is not an employee of DZone and has posted 36 posts at DZone. You can read more from them at their website. View Full User Profile

More Layers = More Complexity

  • submit to reddit

We had an interesting discussion on the course a couple of weeks ago that I thought was worth summarising here. One of the key functional requirements of the case study that we run through is that the system should be able to distribute data to a subset of users on the corporate LAN. Now there are 101 different ways to solve this problem, with one of the simplest being to allow the users to access the data via an internal web application. Since only a subset of the users within the organisation should be able to see the data, any solution would need some sort of authentication and authorisation on the data.

Given the buzz around Web 2.0, AJAX and RIA in recent times, one of the groups decided that it would be nice to allow the data to be accessed via a Silverlight application. They'd already thought about building an ASP.NET application but liked the possibilities offered by Silverlight (e.g. the ability to slice and dice the data interactively). Another driving factor for their decision was that the Silverlight client could be delivered "for free" in that it would take just as long as building an ASP.NET application. "For free" is a pretty bold claim, especially considering that they were effectively adding an extra architectural layer into their software system. I drew up the following summary of their design to illustrate the added complexity.

Where is the data coming from?

While I don't disagree that Silverlight applications aren't hard to build, the vital question they hadn't addressed was where the data was going to come from. As always, there are options; from accessing the database directly through to exposing some data services in a middle-tier. The group had already chosen Windows Communication Foundation (WCF) as the mechanism for exposing the data, but this led to yet further questions.

  1. What operations do you need to expose?
  2. Which technology binding do you use?
  3. How do you ensure that people can't plug in their own client and consume the services?
  4. ...

In the context of the case study, the third question is important. The data should only be accessible by a certain group of people and we really don't want to expose a WCF service that anybody with Visual Studio could consume. This led to discussion about the use of SSL to secure the service, but SSL only secures the transport layer to stop data being looked at in transit. In this case, some thought needs to be given to authentication/authorisation of the service itself.

Coming back to "it won't take longer than building an ASP.NET application" then. In this situation, the benefits brought by the additional Silverlight layer need to be considered alongside the additional complexity that's also been introduced. More moving parts means more work designing, developing, testing and deploying. Despite what it might say on the box, nothing is ever free and you need to evaluate the pros and cons of adding additional layers into a design, particularly if they result in communication between containers.

Source: http://www.codingthearchitecture.com/2010/07/16/more_layers_more_complexity.html

Published at DZone with permission of Simon Brown, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)


Afandi Merathi replied on Fri, 2012/03/16 - 11:27am

Very good point simon, sometimes devs just get tied up with use of technology A or B and forget about the fact that there are bad ninjas out there. WCF has built in authentication/autherization module built in, so it should be fairly easy to enable.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.