Chapter 1

Introducing ISAPI


The convergence of technologies always brings exciting times. In this case, we are witnessing the convergence of technologies that were at one time available only to an elite group primarily of government agencies and educational institutions.

These technologies created what we know as the Internet. When combined with the power of the personal computer, the Internet brings worldwide connectivity to everyone with access to a PC-including corporate entities, "mom" and "pop" businesses, entrepreneurs, individuals, and even many of society's disadvantaged.

Intellectual and economic forces are now driving businesses and individuals to exploit the power of the Internet and the newly coined intranet-Internet technologies used in the corporate environment.

The Internet and the rapidly growing demand for intranets have created an immediate demand for developers who understand these technologies and can use them both at the Internet and at the intranet level.

Even more exciting for many developers, though, are the changes in the software arena. Software tools and technologies have always lagged behind the advancements in the ever-increasing power of hardware. Although this trend shows no sign of abating, we can be sure of one thing: software development technologies are finally coming of age.

Object-oriented languages that were once shunned are now commonplace in many developers' toolkits. Operating systems now provide extensive application program interfaces (APIs), allowing developers to add powerful functionality with a simple API call.

Languages such as C++, Delphi, and Java are proving to be good foundations for drag-and-drop graphical user interface (GUI) programming. This makes rapid application development (RAD) a joy. Add technologies such as COM and DCOM, which enable developers to build and use components on a local computer or on one that is halfway around the world, and developers are often limited only by their imaginations.

The Internet server application programming interface (ISAPI) is one of the new technologies available to today's developer. ISAPI is an interface to hypertext transport protocol (HTTP) servers that allows developers to extend Web servers and provide an unexpected degree of functionality. ISAPI extensions (also called server applications) and filters allow the server to be extended in ways that common gateway interface (CGI) or its competing interfaces never could.

In this chapter, we give you a high-level overview of what ISAPI is, the advantages of ISAPI over CGI, how ISAPI can extend the server in ways that CGI cannot, and the two types of interfaces to a Web server that ISAPI provides. We close the chapter by looking at the vendors and products that are currently supporting the ISAPI specification.

What Is ISAPI?

ISAPI (pronounced eye-sap-ee) was developed by Process Software in collaboration with Microsoft Corporation and other Web server vendors. ISAPI is a high-performance, scalable solution for developers who want to create dynamic Web sites. These sites have to be able to handle high request rates without degrading the HTTP server's performance.


The best source for ISAPI information on the Internet is the ISAPI Developer's Site at http://rampages.onramp.net/~steveg/isapi.html.


ISAPI is now used by many of the most popular Web server vendors, including Microsoft, Process Software, and Spyglass.

Why Use ISAPI?

There are a number of compelling reasons to use ISAPI. ISAPI is not simply a better CGI. ISAPI is different from CGI and was designed to solve the problems of CGI.

First, ISAPI scales much better than CGI. ISAPI dynamic-link libraries (DLLs) need fewer resources such as server memory than CGI. This means that your server can handle more concurrent requests under ISAPI than a Web site can using CGI.

ISAPI is also faster than CGI. ISAPI allows you to write extensions to the server that can outperform their CGI counterparts by as much as five times.

Finally, ISAPI allows you to extend a Web server in ways that Web server vendors may not have envisioned. ISAPI gives much more control over an HTTP connection than CGI can. It does this by providing events that an ISAPI filter handles in each step of processing during an HTTP connection.

We'll look at each of these items in more detail.

Scalability

ISAPI allows you to build Web sites that scale up from one connection to hundreds of concurrent connections per second without massive additional resources such as server memory. Until ISAPI came along, the answer to better CGI performance was to throw more memory at the Web server until the Web server stopped memory swaps to the disk.

CGI works by creating a new process for each CGI request. The Web server responds to a CGI request by creating a new process, filling that process' environment with HTTP request variables, and starting the CGI application.

The memory needs of concurrent processes can rise quickly. ISAPI applications, on the other hand, do not need to create a new process. The ISAPI server simply creates a thread pool when the server is initialized.

Creating a thread take much less memory than creating a new process. A free thread from this thread pool serves the incoming connection. If the threads in the thread pool are all in use, the server can create additional threads to handle the waiting connections.

Thread creation is much faster than process creation. The server must also track new CGI applications while they are running. The server may even need to do some cleanup after the application ends.

With ISAPI, the server calls the ISAPI DLL's entry point and leaves processing up to the extension or filter. Once processing is complete, the ISAPI DLL does any necessary cleanup and returns control of the thread to the server.

Figure 1.1 compares the scalability of CGI processes and ISAPI threads.


Fig. 1.1

ISAPI threads can scale up faster and more efficiently than CGI processes.

Microsoft's Web site is a testament to the scalability of ISAPI. In mid-1996 when it had one of the largest request rates on the Internet, the site was run on four Pentium computers.

This was a remarkable accomplishment. Consider the number of ISAPI DLLs that are used on the site by Microsoft to log, redirect, and provide www.microsoft.com users with the information about Microsoft, its products, and technologies.

Faster Performance

As we mentioned in the previous section, creating a new process is expensive in terms of time-particularly when the memory-hungry process causes disk swapping. Because ISAPI threads are created in the same process as the server and because the thread pool handles connections, there is no additional overhead with ISAPI.

In addition to this, CGI applications are I/O bound. CGI applications read from standard input (stdin) and write to standard output (stdout). The server in turn reads this output and transfers the results back to the Web client (usually a Web browser).

The in-process threads under ISAPI have access to functions on the server that instruct the server to transmit a buffer of data back to the client. This is more efficient than CGI's out-of-process method. Finally, with ISAPI, the number of context switches needed by the server software are reduced by the in-process model.

Extensibility

CGI is limited to adding functionality through extensions we typically think of as applications. For example, when called, an extension can query a stock quote database and return the latest NYSE figures for a list of companies the Web user is interested in.

Although ISAPI supplies the same functionality through an extension, ISAPI allows a developer to extend the server, adding functionality at a more basic level than CGI allows. In other words, ISAPI can do everything that CGI can and a lot more.

Figure 1.2 illustrates this concept.


Fig. 1.2

CGI extends server functionality indirectly. ISAPI extends server functionality directly and indirectly.

For example, every HTTP request has a logging event-an event in which data for that particular request is written to the log. ISAPI filters allow you to change the data written to the log so you can add custom logging.

At present, eight steps are exposed during the processing of an HTTP connection. Each step can be handled by one or more ISAPI filters, overriding the server functionality altogether or simply enhancing the server vendor's functionality. This kind of functionality was not possible with CGI.

Using ISAPI

We'll look at some of the things you can do with ISAPI that bring unparalleled power to the Web developer.

Managing Custom Security

One of the most important features of a Web server is the ability to manage a Web user's access to information on the server. Many Web sites need a mixed security model in which users are granted access to different areas of the Web site, based on their security level.

Anonymous users have free access to the public areas of the Web site, whereas authenticated users have access to areas of the Web site that hold private information. ISAPI filters allow developers to create custom security models that protect these private areas so that only specially authenticated users can access them.

More than that, with ISAPI, a developer can use custom encryption schemes that protect the security of the data as it is routed from the Web server to the Web client. For example, an ISAPI filter with a Web browser plug-in could make a fully secured connection using an encryption scheme such as DES or BlowFish.

The plug-in with the Web server's ISAPI filter could validate the user with a custom authentication form and supply private data that is protected through an "industrial-strength" encryption scheme understood by the plug-in.

The server's ISAPI filter would create a custom multipurpose mail Internet extensions(MIME) type that the browser plug-in would decrypt and display on the browser's screen.

Custom URL Handling

Using ISAPI, a Web site can handle requests for specific URLs, based on different criteria. In a multiserver scenario, an ISAPI filter can monitor the server load and off-load new traffic to the site with the smallest pending work load.

The ISAPI filter can also rotate requests and redirect them to other servers, based on anything from the Web client's Internet protocol (IP) address to the kind of browser the Web client is running.

Custom Logging

Logging Web traffic is critical for most Web sites. Early in the Web's history, the "hit count"-a count of how many Web clients retrieved a specific URL-was the only valuable information.

But Web clients now host a multitude of plug-ins, many Web sites handle multimedia, and the demands of business continue to grow. The result is a need to gather as much information about the users accessing a Web site as possible.

Today, all Web servers have logging built into the basic system. They collect information such as which URL was retrieved, the time and date of retrieval, the status code of the HTTP transfer, and a number of other items.

With most servers, you can't change or collect additional information. But you can use ISAPI to collect additional information such as browser type or the HTTP referrer.

Levels of ISAPI Use

An HTTP server can use two kinds of ISAPI DLLs. The first, extensions, are similar to CGI applications. The second, filters, offer a new way of extending the server to allow a fine-grained control over HTTP transactions.

Extensions

Like CGI applications, extensions are loaded when specifically requested by a Web client and typically stay loaded by the server until the server is shut down. The difference is that with an ISAPI extension, the server can unload extensions if necessary-for example, to manage memory. Extensions are loaded into the same memory address space as the server.

Filters

Filters offer functionality not possible with CGI. Filters break down an HTTP transaction to its basic stages of processing. This allows the developer to change how the server would normally complete each stage of the HTTP transaction.

ISAPI filters are loaded as soon as the server starts running and stay loaded as long as the server is running. Filters give developers a great way to extend the server's functionality.

If you are planning to buy a Web server and want to develop ISAPI filters, look closely at the Web server vendor's implementation of ISAPI. Microsoft is the only vendor so far to use the ISAPI filter specification.

ISAPI Specifications 1.0 and 2.0

The first ISAPI specification, 1.0, has been amended. The current ISAPI specification, 2.0, has only a few additions. Keep this in mind as you look at Web servers that may need the functionality added in the 2.0 specification.

Also, keep in mind that any Web server using the 2.0 specification should be able to communicate with extensions and filters that conform to the 1.0 specification.

ISAPI and Microsoft IIS

Microsoft's use of ISAPI is complete throughout their Web server lineup. Microsoft NT server 3.51 included Internet Information Server (IIS) 1.0, which used ISAPI 1.0, including extensions and filters.

Microsoft NT server 4.0 ships with IIS 3.0 and includes full support for ISAPI 2.0, including filters and extensions. Microsoft NT Workstation 4.0 ships with Peer Web Services, a scaled-down version of IIS, but includes full support for ISAPI 2.0, including extensions and filters.

Finally, Microsoft is incorporating a Personal Web Server into future versions of the Microsoft Windows operating system that includes full support for ISAPI 2.0, including extensions and filters. Microsoft will also be incorporating an extended ISAPI interface into their new streaming media server.


Microsoft has released the Personal Web Server for Windows 95 users that includes full support for the ISAPI 2.0 specification.


ISAPI and Process Purveyor

Process Software produced the ISAPI specification with Microsoft. Process Software uses ISAPI 1.0 for extensions in their Process Purveyor Web server software.

Other ISAPI Supporters

Table 1.1 lists other vendors that support ISAPI.

Table 1.1 Other Vendors That Support ISAPI

Company

Product

Extensions

Filters

Cyber Presence

Cyber Presence

Yes

No

Computer Software Manufaktur GmbH

Alibaba

Yes

No

Internet Factory

Commerce Builder

Yes

No

Luckman Interactive

Web Commander

Yes

No

O'Reilly

WebSite Pro

Yes

No

The Future of ISAPI

Few technologies are worth investing in if they won't be around tomorrow. We have seen how fast today's hardware and software become outdated. So how does the future of ISAPI look? Very bright-and for a number of reasons.

In less than a year, many of the major Web server vendors have used ISAPI at some level. This support will continue to grow since no other server API except the aging CGI is so widely used.

Microsoft's commitment to ISAPI was crucial in helping establish ISAPI as a standard interface to the Web server. This commitment continues in cutting-edge products such as the Microsoft Media Server, a media-streaming server.

ISAPI extensions are functionally related to CGI applications and ISAPI filters provide a new level of functionality to Web developers.

Summary

In this chapter, you learn what ISAPI is, why ISAPI was developed, some of the things you can do using ISAPI, the types of ISAPI interfaces, and which Web vendors support ISAPI. To find out more about how to extend your Web server with ISAPI see the chapters listed next.

From Here...


© 1996, QUE Corporation, an imprint of Macmillan Publishing USA, a Simon and Schuster Company.