My Home
Tech Talk
Application Architecture
2 - Tier or 3 - Tier?

This is clearly not a  new subject and is clearly a subject that is well discussed.  Yet, in my experience I have seen many a systems designed the wrong way.  In the industry I have come across die hard believers in one versus the other approach.  What is rare to come across is some who evaluated the needs of the customer or the requirements for the application to actually determine which of the two architectures (or others) is best.  Also, I find that at times I too tend to forget all the factors that must be evaluated.  So I figured I might as well write these down for future reference.

Having said that, let me define 3 vs 2 tier.  A 3 tier application typically has a web server, an application server, and a database server (as in at least 3 different physical machines).  Clealry for a 3 tier system to work the code required will have to be different from the code needed to make a 2 tier system to work.  The reason being, in a 3 tier system, the web server will have to make requests to code that resides on a physically different machine, i.e., the application server.

Nearly all existing technologies (java/J2EE, .Net, etc) offer the ability to develop 2 and 3 tier applications.  I will use .Net as an example but I believe the concepts remain the same no matter what technology you use.

Before we discuss architecture, a quick note on code.  The .Net technology has made most aspects of coding very simple.  Using the new technologies to their max is always a good idea.  Irrespective of what your current needs are, designing your application and therefore code it to be flexible enough to handle multiple tiers and SOA principals is always a good idea.

It is entirely possible to write code that is loosely coupled to your middle tier.  It is also possible to design your middle tier such that a consumer of it can use tight coupling, remoting or web services to access it.  You do not need any fancy frameworks to do this.  The .Net framework makes this very easy.  But more about that later.  Perhaps another article.  For now let's just stick to identifying reasons for having a 2 vs 3 tier application architecture.

2 Tier vs. 3 Tier

Without going into too much detail let me start by laying out the advnatages of using a 2 tier architecture.  I will then followup with all its limitations, hence the need for 3 tier systems.  To conclude I will present a simple table taht will assist in making the 2 vs 3 tier decision.

Performance.  Because of tight coupling a 2 tiered application will run fatser.  Though it is not necessary to have tight coupling in 2 tiered application in most cases tight coupling is used..  Also, the absence of a network hop from the web to application server helps improve performance.

Potentially easier deployment and configuration management issues.  In a 2 tier environment there is not as much configuration required thereby making code deployment and server maintenance slightly easier.

Why 3 Tier?

So one would argue, hey! I have better speed and possibly easier maintenance, why would I ever consider doing anything but a 2 Tier system.  Ah! so lets look into this a little deeper.

Back to Performance.  Imagine you are developing a application where the user logs on, enters some data and hits submit.  Upon submitting imagine if the application server now uses the input from the user to conduct some CPU and RAM intensive calculations for the next 5 minutes.  After which it will enter some results into the database and the user can come back and view these results (clearly we do no want this to be a synchronous process where the user will wait for 5 minutes on the browser).

Now imagine additional users hitting this site during these 5 minutes.  Uh oh! we have a problem.  They are getting poor response times.  The number crunching process seems to have brought down the web site.  So now the performance advantage of the 2 Tier world is suddenly lost.

A 3 tier architecture offers you the ability to scale your system according to how it will be used.  It gives you the ability to setup servers based on functionality and scale accordingly.

Security .  Additonally, a web server is often placed in the least protected part of your network and is exposed to the outside world.  In most sytems security is key and a large part of security is to protect your database and file storage systems.  In a 2 Tiered system, the web server communicates with the database server and other resources on your network directly.  The threat here is that if someone attacks your web server there is now a direct gateway to all your network resources.

However, in a 3 tiered architecture, you limit communications from your web server to just to the application servers.  In fact you can confirgure the application server to accept instructions only from the web servers.  this way an intrusion into your network, i.e., someone walking in and connecting his laptop to your network, will still not give them access to the system in question.

Load and throughput.  In a 2 tiered system if you have a huge increase in your user base you will need to buy servers that will need to be powerful enough to run both the web and the application.  However in the 3 tiered system, you can scale your architecture based on what your system does and on where your choke point is.  For example, if you have a processor heavy system, then you can add additional application servers and leave the web servers as is.  If the system does not require much processing, then you can handle additional load by adding more web servers (very cheap machines to handle throughput rather than processing) and leave the application servers as is.

So how do I choose 2 or 3 tier?  Below is a table that can assist in making the decision.  A 2 Tiered system can be beneficial when you have a small number of users, low security or intranet application, and low level of processing requirements.  The moment any of these conditions fail you must consider a move to a 3 tier architecture.



2 Tier

3 Tier

Number of Users




















But remember, no matter how you setup your application, your architecture should be such that you can switch from a 2 tier 3 tier to SOA without change in code.  That will be the subject of another post.

|My Home| |Tech Talk|