Web Servers Review
Review
By Joel Snyder
07/31/95
With the World-Wide Web taking off like a rocket, there's no need for
anyone to be left on the launchpad. We looked at five enterprise-quality
Web servers that can be used to open up corporate databases and distribute
marketing and support information, and found some high-quality products
that can meet the nonstop expectations of large organizations.
Commerce Server from Netscape Communications Corp. and WebSite from
O'Reilly and Associates, Inc. stood out as the best general-purpose
servers. Purveyor, from Process Software Corp., and WebStar, from Star-Nine
Technologies (previouslyknown as MacHTTP from BIAP Systems), are more
modest implementations that may be appropriate for smaller servers.
NetPublisher, by Ameritech Library Services, fills a different niche,
serving up large quantities of information with minimal setup.
Become a publisher
After our experiences wrestling with public-domain Web servers, the
level of professionalism in these products was a welcome (and astonishing)
relief.
None of the products took more than 10 minutes to get up and running.
Some, such as O'Reilly's WebSite and Netscape's Commerce Server, have lots
of configuration variables, all of which come with safe and well-documented
defaults. Others are more "black box," installing with a minimum amount
of fuss and making room for later configuration.
Once we'd installed the software, our first task was to get some data
onto the servers. All of the servers with the exception of NetPublisher
used a traditional Web server model: HyperText Mark-up Language (HTML)
files written by users stored in a directory on disk. HTML is the common
syntax used to compose Web pages.
Those four test servers, including the WebStar Macintosh server, were
compatible with a tree of HTML files we got from an existing Web server.
NetPublisher has a very different view of how to put information on
the Web. It combines Web and Gopher servers with a publishing engine that
automates the process of building tree-structured servers. To pre-sent
information using NetPub-lisher, administrators build a hierarchical tree
of document titles, giving bibliographic information such as author, title
and document abstract. Each document title is linked to a text file.
NetPublisher automatically generates Web pages as users navigate the
publication's tree. NetPublisher also includes a Z39.50 server, the
bibliographic information retrieval protocol used by libraries.
For users such as libraries and information kiosk designers, this
structure is perfect. NetPub-lisher maintains complicated trees of
information without muss or fuss and provides Gopher and Web clients with
standard-looking documents. To add a pile of new information, it takes only
a few clicks to make the entire site's structure change instantly, both
from the Gopher and Web point of view.
Performance
One strategic difference between public domain servers and commercial
products should be performance. In theory, commercial servers should be
able to handle high loads with reasonable response time.
To validate that theory, we ran two sets of tests. We first asked for
the same Web page 100 times in a row. We left the logging setting on so
that each request would be logged by the server, a typical configuration
choice. We also did a pretest on each server to load the domain name system
(DNS) cache in order to give those servers that do a DNS query for each
entry they log an opportunity to cache this information to maximize
performance. If DNS deferral (a feature that defers DNS translation until
the server is not busy) was available, we enabled it. To make this test as
fair as possible, we ran Netscapes Commerce Server in clear-text, not
en-crypted, mode. All NT servers were run on the same set of hardware and
software.
The speediest server, by a wide margin, was Ameritech's NetPublisher,
with an average latency of only 177 msec. Commerce Server and WebSite
turned in almost identical performances at 376 and 377 msec, respectively,
with Purveyor at 501 msec and WebStar giving quite poor performance at an
average of 1,077 msec. WebStar actually performed worse than these numbers
show because it refused about 10% of the connections under this "no-load"
test, and we dropped those numbers from the statistics.
Once we established a baseline, we increased the load on the servers
substantially. Each server was asked to serve the same page 1,000 times
using 10 simultaneous connections. This load, although high, would not be
unusual for a popular corporate server during peak usage. For servers that
could be tuned for multiple connections, we selected a simultaneous
connection value of 20, twice the intended test size, as more than adequate.
The fastest on unloaded testing, NetPublisher, did downright poorly
under load, with an average of 4099 msec. Netscape's Commerce Server did
the best, responding to queries in an average of 471 msec. O'Reilly's
WebSite also turned in an acceptable performance, slipping only to 592
msec. Process' Purveyor and StarNine's WebStar both bit the dust under
load, refusing some (Purveyor) or most (WebStar) connections. Because they
were unable to complete the tests, no performance numbers were available.
The urge to code
If most Web sites look mind-numbingly similar, it's because the set of
tools available in pure HTML are both few and blunt-edged. A Web site that
provides only linked HTML documents may do a good job of spreading around
simple information, but it fails to exploit the real promise of the Web. To
build complex information systems on the Web requires programming: writing
software that allows users with a Web client to run database queries,
massage data or manipulate objects. Some Web servers make this task simple,
while others complicate it beyond all reason.
The common gateway interface (CGI) is the most common way for a Web
server to interact with Web applications. Certain HTML commands will cause
a Web server to call application programs running on the server. The
interprocess communication between the Web server and the application
typically uses the CGI, although there is nothing to keep a Web server from
using a different interface. The CGI is invisible to the browser and is
slightly different on all Web servers, but it is similar enough that most
Web applications can be moved from server to server without a complete
rewrite.
The best thought-out programming interfaces are built into Netscape's
Commerce Server and O'Reilly's WebSite server. Process' Purveyor has a
plain vanilla interface for programmers, while Ameritech's NetPublisher
does not offer any documentation on its CGI - although a few sample
programs, most of which have no source code, are provided as examples.
StarNine's WebStar, on the Macintosh, encourages higher level programming
environments such as AppleScript.
Netscape's Commerce Server includes a sophisticated application
program interface (API) designed to let a Web programmer manipulate many
aspects
of the server's behavior. Along with the standard CGI programming style,
Commerce Server has hooks for programmers to handle authentication,
security,
logging and other internal operational details. The Netscape API also
supports the company's proposed extensions to HTML for more active
participation of the server in pushing data out to the client.
Although Netscape's API is powerful, the documentation on what to do
with it is thin. This reflects much of the philosophy of the Web, where
most developers eagerly build on examples provided by someone else, even if
they don't understand exactly what they're mimicking. Commercial use,
though, requires a more thoughtful approach, such as what we found in
WebSite.
WebSite has the greatest set of options for more standard programming
interfaces. Along with a well-documented Windows CGI, WebSite allows
designers to make use of a POSIX shell, the interpreted Perl language, and
even old-style MS-DOS AUTOEXEC.BAT files and the MS-DOS 16-bit API.
Almost 100 pages of documentation, along with sample programs covering
everything from processing form data to interacting with Microsoft Access,
made it easy for us to put together a few sample CGI programs.
Purveyor's documentation on CGI was limited to a scant page, although
Process provided enough example programs to get us started. Similarly,
NetPublisher simply mentions the fact that a CGI interface is supported,
although no documentation other than on-line examples is included.
StarNine's WebStar uses a completely different approach to Web
programming. Its CGI-style interface talks to both AppleScript programs
(the Macintosh version of a Unix shell script) and stand-alone
applications. A small library of programming examples is provided.
Documentation on WebStar's programming in- terface is adequate, although no
hard copy is available; we had our choice of using the WebStar CD-ROM or an
on-line version at StarNine's Web site. We understand the urge to keep
things up-to-date, but a real set of documentation would have been nice.
Like Netscape's server, WebStar has an interface that allows control
over the operation of the server. This interface uses AppleEvents, which
allows remote program management of the server from anywhere in an
AppleTalk network.
Managing the strands
Management, configuration and logging capabilities are part of what
separates "playware" from operational-quality
Web servers. Management interfaces to these servers ranged from the amazing
sophistication of Netscape's Commerce Server to the minimalist approach of
Ameritech's NetPublisher.
NetPublisher offered a graphical user interface to its few functions
but not much in the way of management capabilities besides a simple
ever-growing log. Net-
Publisher also was only manageable from the local console on the Windows NT
system. Process's Purveyor stepped up in management capabilities, at least
giving us log files in a format compatible with several public-domain
applications for statistical analysis and trend reporting.
O'Reilly's WebSite adds support for some remote management, along with
a more sophisticated set of management and logging features. WebSite allows
the Web manager to keep a rolling set of logs, cycling from file to file
either locally or across a TCP/IP connection. It also offers an invaluable
debugging log.
Finally, WebSite can be set up as a "multihome" server, which lets
intrepid Web publishers have multiple HyperText Transfer Protocol (HTTP)
servers that provide different documents depending on the TCP/IP address
specified by a client. For example, a single server could pretend to be
both acme.com and foobar.com, returning different pages depending on which
domain name was in the URL. This aids companies that wish to target
information at different audiences without having to use more than one
server.
StarNine's WebStar doesn't offer all of the logging and management
flexibility of WebSite, but it does let administrators manage the server
remotely, either using the built-in WebStar administration program or on a
roll-your-own basis with Apple-Events. These management interfaces are a
step up from the management of WebStar's progenitor, MacHTTP, which
re-quired administrators to edit a configuration file to make changes in
the behavior of the server.
Netscape has the most innovative management interface in its Commerce
Server. Rather than build a GUI, its product simply sends HTTP out a
special TCP port to a Netscape browser. The Web manager fires up a copy of
Netscape Navigator (no other browser will work), points it at the
management port, supplies authentication information and manages the entire
server using Navigator. This helps explain some of the more esoteric
features Netscape added to Navigator: they're needed to handle the more
sophisticated server management functions. Using TCP/IP as a connection
protocol also lets administrators manage a server from anywhere on the
Internet.
Management of Commerce Server is completely undocumented on one hand
and totally open on the other: You can see all of the scripts used to
manage the server and build your own GUI-based management interface - if
you can figure out what Netscape is doing. This is a truly impressive
demonstration of the power of client/server technology. Netscape employs
Navigator as a real management and monitoring tool. The management
interface walks you through complex steps, such as generation of a public
key certificate for secure operation of the server. Other simpler
management functions, such as customizing logging, are not as well thought
out in Commerce Server as they are in WebSite.
Cyberspace security
The original Web design called for a three-tiered security mechanism
with security realms, user groups within realms and users within the
groups. Servers also add TCP/IP-based security to augment users and groups,
allowing network managers to limit user access to server functions based on
TCP/IP address or host name. Not every server we looked at provides the
same security management functions.
Ameritech's NetPublisher had the least flexible security, allowing
only TCP/IP addresses as a discriminator between users. WebStar and
Commerce Server added users and host names, but didn't include the
capability to configure groups or separate security realms. Purveyor added
support for groups, and WebSite had the best security configuration
capabilities, letting us define users, groups, realms, TCP/IP addresses and
host names.
Netscape's Commerce Server includes Netscape's vaunted Secure Sockets
Layer (SSL) protocol, a strong competitive advantage for Web designers who
need server authentication (client authentication using SSL is not
supported) and data privacy and integrity assurances. Using SSL and
Netscape Navigator's SSL-compatible browser, a client can assure itself
that the server is who it says it is and that data passed between the
client and the server is both intact and immune from alteration.
Commerce Server's security does have a drawback: Either the server is
encrypting data or it isn't. You can't serve up some information as plain
text and provide other data in encrypted form. If you want to do that, you
have to run two different servers on two different ports, which may be on
the same machine. Netscape strongly suggests (and we concur) that you do
that on two different machines, al-though the company grudgingly admits
that you can do it all on the same machine if you want.
Other features
A Web server that does little more than serve up HTML documents
doesn't help the Web designer very much. Some servers, such as O'Reilly's
WebSite and Process' Purveyor, have a wealth of features to give the
designer a rich set of tools with which to build. Others, such as
StarNine's WebStar and Netscape's Commerce Server, prefer to let the user
community provide tools to extend the server.
NetPublisher's authoring ca-
pabilities are an excellent example of the kinds of built-in tools that
these Web servers should be providing. Although many early adopters of Web
technology feel quite comfortable hacking around in the depths of their
servers, network managers buying server technology will appreciate all the
help they can get. O'Reilly's WebSite also has WebView, a less ambitious
authoring package, which lets the Web designer see all of the relationships
between different Web documents.
Commerce Server comes with a basic feature called directory browsing,
which lets the Web designer automatically publish an entire directory tree
without having to explicitly build links and indices between them. Purveyor
offers a similar feature, with WebSite taking the lead for a very
sophisticated automatic directory browser. WebStar has a different view:
Although they acknowledge the usefulness of directory browsing, the
StarNine developers thought the security risks outweighed the benefits and
declined to provide directory browsing using their server.
Searching full-text documents is a very useful and popular application
for a Web server. O'Reilly's WebSite includes indexing and searching
software, plus documentation on how to use it, as part of its base package.
WebStar has built-in links to Apple's AppleSearch engine, a powerful
full-text search system. NetPublisher doesn't offer full-text searching,
but it does support (as an extra-cost option) the Z39.50 bibliographic
information retrieval protocol as a way of searching for documents of
interest.
Of course, the lack of a bundled search engine does not mean that
users can't do full-text searches; it's just more work for the designer to
find the right search applications and integrate them into the server.
Proxy service is yet another valuable feature available in some
servers. It is technically a gateway function, not strictly related to Web
service. To access proxy servers, users point their Web browsers at the
proxy server as a gateway. The proxy server caches recently accessed
documents in local storage. If two different clients request the same
document via the proxy server, the second request is fulfilled from local
storage instead of an additional retrieval over the Internet. Most popular
browsers support the use of a proxy server as a gateway to the Web.
Although proxy servers are often thought of as a security feature,
they're most valuable as a way to conserve precious network bandwidth. Any
organization with more than a few dozen Web clients on its corporate LAN
would be well served by the addition of a proxy server. Process' Purveyor
includes a proxy server in the base product, while Netscape sells a proxy
server as a separate product from their Web server.
Conclusions
The two best all-around Web servers we looked at were O'Reilly's
WebSite and Netscape's Commerce Server. WebSite had the greatest number of
useful features and best documentation, while the Commerce Server offered
the best opportunities for in-depth customization and secure data transfer.
Both are packaged to help beginning Web managers and designers get started.
O'Reilly has a definite price advantage, costing a third as much as
Netscape's Communications Server, a lower end Web server without
encryption, and a tenth as much as the Commerce Server.
While Process's Purveyor was adequate and its proxy server a big plus,
skimpy documentation, unrealistic pricing, and some missing features push
it to a distant third behind the other NT-based Web servers. Similarly,
Ameritech's NetPublisher looks like a great idea for some markets, but the
outrageously high price tag (almost 10 times the other products we looked
at) is not justified by that strong of a feature set.
If a Macintosh platform is a must, StarNine's WebStar is an excellent
server at a very fair price, though we were concerned about its performance
under load. WebStar is not yet ready for corporate response time
requirements.