Professional Documents
Culture Documents
www.elsevier.com/locate/jss
Received 14 January 2005; received in revised form 10 August 2005; accepted 10 August 2005
Available online 16 September 2005
Abstract
This article analyses two most commonly used distributed models in Java: Web services and RMI (Remote Method Invocation).
The paper focuses on regular (unsecured) as well as on secured variants, WS-Security and RMI–SSL. The most important functional
differences are identified and the performance on two operating systems (Windows and Linux) is compared. Sources of performance
differences related to the architecture and implementation are identified. The overheads related to the usage of security and the influ-
ences of JCE (Java Cryptography Extension) security providers on the performance of secured remote invocations are identified.
Finally, the impact of distributed models on design and implementation of distributed applications is identified and guidelines
for improving distributed application performance in design and implementation stage are provided. The paper contributes to
the understanding of functional and performance related differences between Web services and RMI and their secure variants,
WS-Security and RMI–SSL.
2005 Elsevier Inc. All rights reserved.
0164-1212/$ - see front matter 2005 Elsevier Inc. All rights reserved.
doi:10.1016/j.jss.2005.08.006
690 M.B. Juric et al. / The Journal of Systems and Software 79 (2006) 689–700
with the objective to improve performance and efficiency considerably from ours. We measure round trip and
of RMI without the need to preserve compatibility with instantiation times. In our earlier research we have com-
standard RMI. These works do not compare RMI to pared the performance of RMI and CORBA (Juric
other distributed models: Rivera et al. (1997) have pre- et al., 2000a; Juric and Rozman, 2000). We have identi-
sented improved performance of RMI with reducing fied performance bottlenecks of RMI–IIOP and applied
network delays. They have used Illinois Fast Messages optimizations (Juric et al., 2000b) through which RMI–
as the alternative transport layer and implemented Java IIOP outperformed regular RMI. We have also com-
sockets interface. Vijaykumar et al. (1998) have explored pared RMI, RMI tunneling, and the transition to Web
transport protocols and object caching to improve the services (Juric et al., 2004). Our earlier articles have been
performance of RMI. They have presented a more effi- based on a set of benchmarks for distributed object
cient prototype system with new transport protocols models, proposed in Juric et al. (1999). We use an up-
and the possibility to cache objects at client nodes. dated version of these benchmarks in this paper. At
Maassen et al. (1999) have studied the overhead of the time of writing there was no performance analysis
RMI related with passing and processing object type of Web services, WS-Security, RMI, and RMI–SSL.
information at runtime, and compared it to the over- There was also no comparison of regular and secure
head of RPC (Remote Procedure Call). They have usage of Web services and RMI.
developed a RMI implementation based on native com- The article is organized as follows: In Section 2, a
pilation and compile time generation of marshallers, functional comparison of Web services and RMI is
presented an optimized protocol for RMI communica- given. In Section 3, the performance analysis method is
tion, and proved better efficiency with performance mea- presented. In Sections 4 and five local and remote perfor-
surements. Nester et al. (1999) have presented a more mance analysis and comparison of RMI, RMI–SSL,
efficient implementation of RMI achieved through opti- Web services, and WS-Security on Windows and Linux
mizations in object serialization and RMI stack, such as is presented. In Section 6, the analysis and interpretation
slim encoding of type information, better buffering, less of the results is given with possible optimizations and the
use of reflection, and local optimizations. They have also identification of consequences a distributed model has on
presented a set of benchmarks for RMI, which com- application design and implementation.
pared to the benchmarks in this work use only a limited
set of data types (integer and float). Kono and Masuda
(2000) have described a more efficient object serializa- 2. Functional comparison of Web services and RMI
tion in RMI and presented performance measurements.
Their approach dynamically specializes serializing rou- There are several important differences between Web
tine for the receiving platform to directly convert the services and RMI. RMI is a distributed object model
in-memory representations of objects. All these works and enables the development of distributed Java appli-
demonstrate that RMI can be further optimized. We cations in which the methods of remote objects can be
show the same but in contrast to these works preserve invoked from other Java virtual machines, possibly on
the compatibility with standard RMI. We also compare remote hosts. The communication in RMI is based on
the functionality and the performance of different dis- the notion of distributed objects and follows the object
tributed models using more complex measurements, paradigm. A distributed object exposes a remote inter-
identify the bottlenecks, and provide guidelines for face through which the clients can invoke methods.
developing distributed applications. There are also some RMI supports synchronous request/response method
related open source implementations: Transparent RMI invocation. Distributed objects in RMI can be stateful
(SourceForge, 2004) is an extension to RMI that allows and maintain their identities. The RMI system consists
any interface to be used remotely and provides central- of three layers: the stub/skeleton layer, the remote refer-
ized recovery from remote exceptions. Mantaray ence layer and the transport layer (Sun Microsystems,
(SourceForge, 2005) is a performance optimized distrib- 2003). The stub/skeleton layer provides support for
uted messaging middleware that supports connectivity client-side stubs and server-side skeletons, the remote
through different standards, including RMI and SOAP. reference layer for reference and invocation behavior
No performance measurements existed at the time of and the transport layer for connection setup and man-
writing this article. Zeadally et al. (2004) have provided agement as well as remote object tracking. The RMI
an empirical performance evaluation of native sockets, transport layer usually opens direct sockets to remote
Java sockets, and RMI on Windows, Solaris, and Linux. object hosts and uses binary protocol for communica-
They have measured latency and throughput, have tion. This can be either JRMP (Java Remote Method
shown that latency and throughput of RMI is not as Protocol) which is a Java proprietary protocol; or the
good as native sockets, but have not provided optimiza- IIOP which enables interoperability with CORBA. The
tions and have not compared RMI–SSL, Web services, RMI communication is usually blocked by firewalls
or WS-Security. The measurements method differs therefore it is appropriate mainly for communication
M.B. Juric et al. / The Journal of Systems and Software 79 (2006) 689–700 691
understand how different data types influence the result; cally configured computers for each operating system,
therefore we have measured round trip times for eight one acting as the client and one as the server. The com-
data types: integer, short, long, float, double, boolean, puters had Intel Pentium 4 processors running at
byte, and string. Instantiation time is the time needed 2.4 GHz (FSB 133 MHz), with 512MB RAM, running
for a client to achieve a connection to the remote only essential services, and restarted before each test
object/service instance. The instantiation time does not to ensure the same starting conditions. They have been
include a registry lookup such as UDDI or advanced connected to a 100 Mb/s switched network, free of other
Web services retrieval (Zhuge and Liu, 2004), which is traffic. To perform the measurements we have used the
based on a multi-valued specialization relationships Java 2 Platform Standard Edition version 1.4.2_05 and
between services, measurement of similarity degree Java Web Services Developer Pack version 1.4. Web
between services, and an SQL-like query language. We server has been the Apache Tomcat v5.0. We have used
have achieved the comparability of the results between the following three JCE (Java Cryptography Extension)
RMI, RMI–SSL, Web services, and WS-Security with security providers: Bouncy Castle Crypto version 1.24,
identical implementations that have differed only in nec- Wedgetail JCSI Provider version 2.3, and OpenSource
essary details by obtaining the initial references. Further, HBCI Toolkit for Java version 0.0.6. We have per-
we have used a consistent mapping between Java and formed the measurements on Windows XP Professional
Web services (XML Schema) data types (Sun Microsys- with SP2, and Whitebox Enterprise Linux 3.0 (Respin 1,
tems, 2004). For the Web services implementation we kernel-2.4.21-20.EL).
have used SOAP RPC/encoded data representation.
To measure the performance, we have defined the
RTTTester interface (Listing 1) and developed the imple- 4. Performance analysis on single computer
mentation classes. For each test 1000 invocations have
been measured to gain the necessary resolution. Each test 4.1. Performance on Windows
has been repeated 12 times, the maximal and minimal
times have been discarded. The average time of 10 repe- First, we have measured the performance using single
titions has been calculated. Variation and the coefficient computer on which we have deployed the client and the
of variation have been calculated too. For RMI–SSL and server functionality (Fig. 1). This way we have avoided
WS-Security we have used server and client-side key the network overhead. Instantiation has been considered
store with authentication on both sides. We have used separately. The times for basic data types (int, short,
X.509 certificates, RSA for digital signature, and Tri- long, float, double, boolean, and byte) have not differed
ple-DES for securing the communication. considerably, therefore we have calculated the geometric
averages. This is because the data type payload repre-
Listing 1. Remote interface for performance tests sents only a small portion of the whole JRMP or SOAP
message payload exchanged between the client and the
public interface RTTTester server.
extends Remote { From Fig. 2, we can see that RMI and Web services
int returnRTTforInt() behave as we have expected. RMI offers results which
throws RemoteException; are an order of magnitude better than Web services.
short returnRTTforShort() Using basic data types Web services are on average
throws RemoteException; 12.3 times slower than RMI, using strings they are
long returnRTTforLong()
throws RemoteException;
float returnRTTforFloat()
throws RemoteException;
double returnRTTforDouble()
throws RemoteException;
boolean returnRTTforBool()
throws RemoteException;
byte returnRTTforByte()
throws RemoteException;
String returnRTTforString()
throws RemoteException;
}
1000
RMI-SSL/RMI
100
Time in ms
WS-Security/WS
10
WS/RMI
1
WS-Security/RMI-SSL
0 0 1 10 100 1000
Windows - BC Windows - JCSI Windows - HBCI Linux - BC Linux - JCSI Linux - HBCI Factors for Linux (local)
Fig. 3. Comparison of JCE security providers on Windows and Linux. Fig. 5. Local performance factors on Linux.
694 M.B. Juric et al. / The Journal of Systems and Software 79 (2006) 689–700
data types Web services are on average 12.1 times conclude that Linux better optimizes local network calls
slower than RMI, using strings they are 11 times than Windows.
slower. By the instantiation Web services are 8% faster
than RMI. RMI–SSL is on average only 20% slower
than unsecured RMI. Using basic data types the slow- 5. Performance analysis on networked computers
down is 20.5%, using strings 17.7%. The instantia-
tion is 10% slower. 5.1. Performance on Windows
Comparing WS-Security to unsecured Web services
shows that it is 96 times slower using simple types, In real-world scenarios distributed applications are
92 times using strings, and almost no difference by usually deployed on network-connected computers. To
instantiation. On Fig. 3 we have also shown the compar- include network overhead, we have repeated the tests
ison of the three Linux JCE security providers: Bouncy on two network-connected computers. The server-side
Castle Crypto version 1.24, Wedgetail JCSI Provider functionality was installed on one computer and the
version 2.3, and OpenSource HBCI Toolkit for Java client-side functionality on the other computer. From
version 0.0.6. Here the differences between them are Fig. 7, we can see that RMI still performs much faster
even smaller than on Windows. JCSI is 5% faster than than the other alternatives. Web services are 9.6 times
the other two using simple types, using strings JCSI is slower than RMI for simple types and strings and 14%
5% faster than BC, which is 5% faster than HBCI. slower for instantiation. RMI–SSL is 25% slower than
Comparing WS-Security to RMI–SSL shows that WS- RMI for simple types, strings, and instantiation. The
Security is slower using simple data types by factor of huge difference between WS-Security and Web services
969 than RMI–SSL and using strings by factor of still exists and is even larger than in local scenario.
860. It is however 13% faster by instantiation. WS-Security is 124 times slower using simple types,
and 116 times slower using strings. By the instantia-
4.3. Windows to Linux comparison tion WS-Security is only 3% slower. WS-Security is
compared to RMI–SSL 900 times slower. This is
A comparison of local performance results between
Windows and Linux is shown on Fig. 6. We can see that
1000
the local performance on Linux is always considerably
better than on Windows. RMI is faster by 6.6% for
instantiation, 11.8% using simple types and 12.7% 100
using strings. RMI–SSL is faster by 15.2% for instan-
Time in ms
35.00%
30.00%
Factor Windows/Linux local
RMI-SSL/RMI
25.00%
20.00% WS-Security/WS
15.00%
WS/RMI
10.00%
5.00%
WS-Security/RMI-SSL
0.00%
RMI RMI-SSL WS WS-Security 0 1 10 100 1000
Factors for Windows (remote)
Instantiation Simple types average String
Fig. 6. Local performance comparison between Windows and Linux. Fig. 8. Remote performance factors on Windows.
M.B. Juric et al. / The Journal of Systems and Software 79 (2006) 689–700 695
20.00% 1000
Local faster
15.00%
Factor remote/local
10.00%
100
5.00%
Time in ms
0.00%
-5.00% 10
-10.00%
-15.00%
1
-20.00%
Remote faster
-25.00%
RMI RMI-SSL WS WS-Security
0
Instantiation Simple types average String RMI RMI-SSL WS WS-Security
for simple types, 82% for strings, and 23% for instan- 80.00%
simple types and 370 times for strings. This is shown -20.00%
Remote faster
on Fig. 11. We have also measured the difference be- -40.00%
RMI RMI-SSL WS WS-Security
tween the three JCE providers, but have figured out that
Instantiation Simple types average String
they performed almost identical to the local scenario
and have not shown the results again. Fig. 12. Comparison of remote vs. local performance results on Linux.
696 M.B. Juric et al. / The Journal of Systems and Software 79 (2006) 689–700
for strings, while instantiation is 9% slower. In con- based protocol. Instead of binary SOAP uses textual
trast to Windows Linux performs much more efficient encoding of data with the added metadata. The meta-
local optimizations. This is why in most cases Linux re- data can be classified into:
mote performance is considerably slower than local.
This is especially true for RMI and RMI–SSL. For • Start and end tag names, used to denote elements.
Web services and WS-Security the Web server on the • Attributes containing the XML Schema types
server-side adds considerably to the CPU utilization. (xsi:type).
Therefore, the difference between Web services and • XML-related headers.
WS-Security for local and remote scenario is smaller.
While the size of the RMI binary messages is related
5.3. Windows to Linux comparison to the actual binary size of the data, the size of SOAP
messages is related to the lexical length of data, data
On Fig. 13, we have shown the comparison of results type and variable names (which are used for tag names
in remote networked scenario between Windows and Li- and for xsi:type attributes). For creating and reading
nux. In contrast to the local scenario where Linux has of SOAP messages Web services use XML serialization.
constantly outperformed Windows, in remote scenario Hericko et al. (2003) have shown that binary serializa-
Windows are faster for basic types and strings using tion is an order of magnitude more efficient than
RMI and RMI–SSL. In other scenarios Linux is faster. XML serialization. The results in this research show
RMI is faster on Linux for instantiation by 10%, the same. As we can see from Fig. 14, Web services
almost identical on simple types and slower using strings SOAP messages were on average 4.3 times larger than
by 19% than Windows. RMI–SSL is on Linux faster RMI JRMP messages. When transferred over HTTP
for instantiation by 20% and slower using simple types additional header information is added which further in-
by 27% and strings by 44%. Web services are faster creases the message size. The problems with large size of
on Linux: 4% by instantiation, 9% using simple types SOAP messages can be partially solved using open
and 12% using strings. WS-Security is also faster on source protocols such as Burlap (Caucho, 2004) or
Linux by 34% using simple types and 35% using Hessian (Caucho, 2005), but at the cost of interoperabi-
strings. It is 5.5% slower for instantiation. The reasons lity, which is rarely an option. Burlap uses a restricted
for differences are related to the implementation of net- subset of XML to reduce the size and improve the pro-
work and threading in both operating systems. cessing performance of messages. Hessian is a self-
describing and portable binary protocol for connecting
Web services. Burlap and Hessian are incompatible with
6. Analysis and interpretation of results standard Web services.
There are also several differences related to achieving
The major difference between RMI and Web services authentication and secure communication. In our tests
from the performance perspective is related to the mes- RMI–SSL and WS-Security used digital certificates to
sage protocol used for communication between distrib- authenticate the client and the server side. To encrypt
uted objects/services. RMI uses a binary protocol with the communication we have used Triple-DES in both
binary encoding and makes use of the Java object serial- scenarios. Generally Triple-DES does not increase the
ization for call marshalling and returning the data. Web message size, however when used with SOAP it can
services on the other hand use SOAP which is a XML- influence the message size, because it uses textual encod-
ing. In RMI–SSL after the initial authentication binary
40,00%
Linux faster 30
30,00%
Factor Windows/Linux remote
20,00% 25
Relative message size
10,00%
0,00% 20
-10,00%
15
-20,00%
-30,00%
10
-40,00%
Windows faster
-50,00% 5
RMI RMI-SSL WS WS-Security
JRMP messages are encrypted on the sender side and de- and WS-Security is related to XML serialization and
crypted on the receiver side. The size of the messages is deserialization. For RMI and RMI–SSL, which use bin-
comparable (Fig. 14) to the unsecured RMI; the small dif- ary serialization, the amount of time related to binary
ference (RMI–SSL messages are 8% larger than RMI) is serialization and deserialization is lower. This confirms
related to the initial overhead of the authentication, and our previous results (Juric et al., 2004) and confirms that
the block size used with Triple-DES encryption. binary serialization, which produces smaller stream
In addition to the client and server authentication sizes, requires fewer resources for parsing and demar-
WS-Security offers message-level security which requires shalling of streams as XML serialization. XML seri-
that binary security token, token reference, signature ci- alization has to perform more string parsing, string
pher data, and encrypted chipper data are included with copying, comparison and data type casts than binary
each message (Oasis, 2004). In addition WS-Security serialization. RMI has thus the advantage of smaller
time-stamps each message. To digitally sign data WS- message sizes and faster processing, marshalling and dis-
Security uses XML Digital Signature; for encryption it patching. The performance overhead of Web services is
uses XML Encryption. The encrypted data is base64-en- 9 times larger than RMI, which is twice as much as is
coded to retain the textual format of SOAP messages, the difference in message sizes (4.3 times). The tests in
which increases the size of messages. As we can see from this research have been limited to basic data types and
Fig. 14, SOAP messages when using WS-Security are on strings. We believe that with larger payload exchanged
average 6.9 times larger than unsecured SOAP mes- between the client and the server the advantage of
sages and do not differ considerably between different RMI would be even more evident.
data types. Additional overhead of WS-Security is In addition to Web services and WS-Security deficits
related to the message-level security, which requires veri- related to SOAP protocol, parsing, marshalling and
fication of the digital signature of each message. While string manipulation, implementation related deficits
SOAP message-level security provides additional flexi- influence the performance (including Java platform
bility such as the possibility to encrypt parts of the mes- related and operating system related). Additional code
sage with different keys (this is currently not supported analysis and profiling of JWSDP have shown that there
in JWSDP) it also places a large performance overhead are several bottlenecks present, particularly: repeated
compared to RMI–SSL. Comparing WS-Security mes- authentication and acquisition of keys from key-storage,
sage size to RMI–SSL shows that WS-Security messages no results buffering, unnecessary data copying, unoptim-
are 27.5 times larger. ized range checking, repeated local method invocations,
large methods with several branches which negatively
6.1. Bottleneck identification influence the performance, and repeated computation
of invariant values. The tested version of JWSDP has
To investigate the relation of message sizes, perfor- been the first version that supported WS-Security there-
mance, and the possible bottlenecks, we have profiled fore we can expect performance improvements in the fu-
the test scenarios and identified the methods and pack- ture versions. The operating system related performance
ages in which the majority of execution time has been factors include the network subsystem and the integra-
spent. Then we have calculated the percentage of time tion with the Java virtual machine. We have seen that
and compared the methods between the scenarios. We for local scenarios Linux provides much better local
have used Borland OptimizeIt Enterprise Suite 6 profiler optimizations, which considerably improve performance
and Enerjy Performance Profiler. over Windows.
From the results in Table 2, we can see that a consid-
erable amount of total round trip time in Web services 6.2. Impact on application design and implementation
implementation and the selection of platform and the persistence tier. We should deploy the input valida-
hardware. tion code to the client-side in advance.
The primary design rule is to minimize the number of Number of remote method invocations can be further
remote invocations. This is achieved using coarse- reduced using the façade pattern (Gamma et al., 1995)
grained interfaces, which reduce the number of remote and the collocation (deployment on the same physical
invocations. They however increase the size of parame- computer) of distributed objects/services. A distributed
ter and return data, which should be packed in value façade containing the control logic can invoke the
objects and structures. In RMI and RMI–SSL value ob- related objects/services locally and thus reduce the re-
jects use binary serialization when transferred over the mote invocation overhead. Here generally two choices
network. To improve the performance we should design exist: we can make use of the local optimizations pro-
value objects with only the necessary state (set of attri- vided by distributed models and operating systems; or
butes and relations). Special attention has to be placed we can design objects/services with local interfaces.
on relations which heavily influence the serialization The first approach is more flexible as it allows easier
performance (Adatia et al., 2001). When serializing a modifications of physical architecture, but depends on
value object the whole graph of related objects gets seri- the local optimizations. Our measurements have shown
alized. Java provides ways to control serialization. We that only the performance of RMI and RMI–SSL is bet-
can mark attributes as transient and they will not be ter in local scenarios, and that important differences
included in serialization. This is particularly useful for exist between operating systems (Windows and Linux).
derived attributes. We can also write custom methods Relying on local optimizations is thus in most cases
for reading and writing the state of the objects. For com- not a good choice. Therefore, to take advantage of dis-
plex objects such custom methods can be more efficient tributed façades we should carefully plan the architec-
than default serialization. Serialization in Java is related ture in advance and make the decisions which
to the dynamic class downloading, which is used to components should have local and which remote inter-
transfer the object behavior (code) to the remote com- faces already in the design phase.
puters. Pre-installing the necessary classes on all in- Particular attention should be placed on the selection
volved computers thus improves the performance. of operations. Here we should decide whether it is more
If using Web services or WS-Security we should use appropriate to use synchronous or asynchronous and
coarse-grained interfaces too and reduce the number one-way or two-way operations. Most applications that
of remote invocations. Instead of value objects we use require reliable communication will most likely use
complex XML types to transfer parameters and return two-way operations. RMI provides support for two-
values. Our measurements have shown that XML pro- way synchronous operations only while with Web ser-
cessing is an important overhead factor therefore to im- vices we can use one-way and two-way, synchronous
prove the performance we can simplify the schemas. We and asynchronous operations. Using one-way operations
should use short tag names and unaligned XML. Atten- can improve the performance but this is a tradeoff with
tion should be paid to the XML parsing techniques reliability and is hardly a choice. The selection between
where SAX often shows performance benefits compared synchronous and asynchronous operations will depend
to DOM. In Java we should also be careful selecting the on the type of processing done in the operations and
appropriate JAXP engine. If we have several requests/ the requirement for the immediate response. Long-last-
responses sent to the same service we should use persis- ing operations and operations where clients do not
tent connections. require immediate responses are best modeled as asyn-
Distributed objects and services are often used as chronous. Asynchronous operations are often used with
middle-tier components and contain business logic. A callbacks to notify the client about the end of an opera-
large performance penalty of distributed designs is re- tion and submit results. Callbacks in Web services are re-
lated to input validation. If input validation is done on lated with the additional effort where clients have to be
the middle-tier this requires several remote method invo- able to expose ports (endpoint references). Depending
cations, which reduce the responsiveness of the user on the implementation technology, this requires a Web
interface. Moving the input validation on the client thus server or a HTTP stack on the client. With JWSDP it
improves performance. In RMI value objects with meth- is necessary to install a Web server on the client.
ods for input validation can be used for this purpose. Web services are stateless services. This requires
Value objects can also contain pre-fetched and cached clients to include id for each operation invocation. To
data form the persistence tier to further speed-up the improve performance the ids should be compact. We
validation. In the later approach, we however have to should avoid using composed ids if possible. When using
introduce the necessary synchronization mechanisms. Web services over Internet protocols such as HTTP, we
With Web services we can use complex types instead should also be aware that requests can arrive out of
of value objects for pre-fetched and cached data form order, can be lost, or can arrive more than once. There-
M.B. Juric et al. / The Journal of Systems and Software 79 (2006) 689–700 699
fore, we should design the operations of Web services as work, processing overhead of the messages, and imple-
idempotent. mentation related overheads. The differences between
When we require secure communication, we should binary JRMP and XML-based SOAP messages are con-
use RMI–SSL if possible. If we require WS-Security siderable. Unsecured SOAP messages are on average
we should limit the number of remote invocations as 4.3 times larger than unsecured JRMP messages, se-
much as possible. We should also identify the data cured SOAP messages are more than 27 times larger
and operations where security is necessary and do not than secured JRMP. While RMI–SSL adds only a minor
use it all over. To improve the performance we can overhead (8%) to the network traffic compared to
use plain XML Encryption instead. This will limit inter- RMI, WS-SecurityÕs overhead compared to Web ser-
operability however. vices is considerable (690%). The major portion of
the overhead is related to the concept of the message-
level security and to the textual encoding of the message
7. Conclusion content (payload). To identify the sources of overhead
we have profiled the code.
In this article, we have done a functional and perfor- The differences between Web services and RMI in
mance analysis and comparison of Web services and functionality and performance influence the design and
RMI. We have analyzed regular (unsecured) as well as implementation of distributed applications. We have
secured variants, WS-Security and RMI–SSL. We have identified the most important design and implementa-
identified and described the major functional differences tion principles, which lead to performance improve-
and figured out that RMI is suitable for distributed ments and/or prevent bottlenecks. These principles can
applications, which require synchronous remote method be used to adapt the application design and accommo-
invocations only, make use of stateful objects, object date the advantages and disadvantages of selected dis-
references, dynamic class downloading, distributed tributed model.
garbage collection, and remote object activation. Web
services on the other hand are suitable for synchronous
as well as asynchronous operation invocations, provide References
interoperability with other platforms and environments,
Adatia, R., Juric, M.B., Sarang, P.G., Gabhart, K., et al., 2001.
and are better suitable for dynamic service binding and Professional EJB. Wrox Press, Birmingham.
communication through firewalls. Differences also exist Caucho, 2004. Burlap Web Service Protocol, Version 2.1.12. Available
between secured versions. RMI–SSL offers point-to- from: <http://www.caucho.com/burlap/index.xtp>.
point security while WS-Security offers message-level Caucho, 2005. Hessian Binary Web Service Protocol, Version 3.0.13.
Available from: <http://www.caucho.com/hessian/>.
security. Developing distributed applications using
Gamma, E., Helm, R., Johnson, R., Vlissides, R., 1995. Design
JAX-RPC further masks the differences between RMI Patterns, Elements of Reusable Object-Oriented Software. Addi-
and Web services. son-Wesley.
To identify the differences in performance we have Hericko, M., Juric, M.B., Rozman, I., Beloglavec, S., Zivkovic, A.,
done an in-depth performance analysis on Windows 2003. Object serialization analysis and comparison in Java and
NET. ACM SIGPLAN Notices 38 (8), 44–54.
and Linux and have included local and remote scenarios.
Juric, M.B., Rozman, I., 2000. Java 2 RMI and IDL comparison. Java
The measurements have shown that RMI has been an Report 5 (2), 36–48.
order of magnitude faster than Web services in all scenar- Juric, M.B., Hericko, M., Rozman, I., 2000a. Performance comparison
ios. Web services have been on average 9 times slower of CORBA and RMI. Information and Software Technology
than RMI. RMI–SSL has been on average 40% slower Journal 42 (13), 915–933.
Juric, M.B., Rozman, I., Nash, S., 2000b. Java 2 distributed object
than RMI. WS-Security on the other hand has been con-
middleware performance analysis and optimization. ACM SIG-
siderably slower than Web services, on average more PLAN Notices 35 (8), 31–40.
than 100 times. Selection of different JCE security pro- Juric, M.B., Kezmah, B., Hericko, M., Rozman, I., Vezocnik, I., 2004.
viders has influenced the performance only marginally, Java RMI, RMI tunneling and Web services comparison and
within 6%. The comparison of performance on performance analysis. ACM SIGPLAN Notices 39 (5), 58–65.
Juric, M.B., Zivkovic, A., Hericko, M., Brumen, B., Welzer, T.,
Windows and Linux has shown that Linux has provided
Rozman, I., 1999. Performance assessment framework for distrib-
better results in local scenarios by 10% to 30%. In uted object architectures. ADBISÕ99, LNCS 1691. Springer, pp.
remote scenarios Windows has provided faster perfor- 349–366.
mance for RMI (by 5%) and RMI–SSL (by 15%), Kono, K., Masuda, T., 2000. Efficient RMI: Dynamic specialization of
while Linux has provided better performance for Web object serialization. In: International Conference on Distributed
Computing Systems. IEEE Computer Society Press, pp. 308–316.
services (by 8%) and WS-Security (by almost 30%).
Maassen, J., Nieuwpoort, R., Veldema, R., Bal, H., Plaat, A., 1999.
The reasons for slower performance of Web services An efficient implementation of JavaÕs remote method invocation.
and WS-Security compared to RMI and RMI–SSL In: ACM SIGPLAN symposium on Principles and practice of
can be found in message sizes transferred over the net- parallel programming. ACM Press, pp. 173–182.
700 M.B. Juric et al. / The Journal of Systems and Software 79 (2006) 689–700
Nester, C., Philippsen, M., Haumacher, B., 1999. A more efficient Zhuge, H., Liu, J., 2004. Flexible Retrieval of Web Services. Journal of
RMI for Java. In: ACM Conference on Java Grande. ACM Press, Systems and Software 70 (1–2), 107–116.
pp. 152–159.
Oasis, 2004. Web Services Security: SOAP Message Security 1.0 (WS-
Security). Available from: <http://docs.oasis-open.org/wss/2004/ Matjaz B. Juric, Ph.D., is an associate professor at the University of
01/oasis-200401-wss-soap-message-security-1.0.pdf>. Maribor. He has authored or co-authored the following books: Busi-
Rivera, L., Zhang, L., Sampemane, G., Krishnamurthy, S., 1997. HP- ness Process Execution Language, Professional J2EE EAI, Profes-
RMI: High performance Java RMI over FM. Available from: sional EJB, J2EE Design Patterns Applied, and NET Serialization
<www-csag.ucsd.edu/individual/achien/cs491-f97/projects/hprmi_ Handbook. He has also published chapters in books and several
paper.ps>. articles in journals.
SourceForge, 2004. Transparent RMI, Version 0.1.4. Available from:
<http://sourceforge.net/projects/trmi/>. Ivan Rozman, Ph.D., is the rector of University of Maribor and head of
SourceForge, 2005. Mantaray, Version 1.8. Available from: <http:// the Institute of Informatics. His research interests include engineering
sourceforge.net/projects/mantaray/>. management, software development methodologies, software process,
Sun Microsystems, 1998. Introduction to SSL. Available from: and software quality. He is the leader of COT—Object Technology
<http://docs.sun.com/source/816-6156-10/contents.htm>. Centre.
Sun Microsystems, 2003. Java Remote Method Invocation Specifica-
tion 1.4. Available from: <ftp://ftp.java.sun.com/docs/j2se1.4/rmi-
spec-1.4.pdf>. Bostjan Brumen, Ph.D., is a researcher at the University of Maribor.
Sun Microsystems, 2004. Java API for XML-Based RPC (JAX-RPC) His research interests are focused on data mining, data classification,
Specification 1.1. Available from: <http://java.sun.com/xml/down- and data security. He has published on several conferences and
loads/jaxrpc.html>. journals.
Vijaykumar, K., Walther, D., Bhola, S., Bommaiah, E., Riley, G.,
Topol, B., Ahamad, M., 1998. Efficient implementation of Java Matjaz Colnaric, Ph.D., is a professor at the University of Maribor.
remote method invocation (RMI). In: 4th USENIX Conference on His research interests include embedded hard real-time systems,
Object-Oriented Technologies and Systems, Usenix, New Mexico. microprocessors and data structures. He is a reviewer for journals such
pp. 144–148. as IEEE Parallel and Distributed Technology, International Journal
W3C, World Wide Web Consortium, 2001. Web Services Description on Real-Time Systems, Euromicro Journal, Computer Journal, etc.
Language, WSDL, W3C Note. Available from: <http://www.w3.
org/TR/wsdl>.
W3C, World Wide Web Consortium, 2003. SOAP Version 1.2, W3C Marjan Hericko, Ph.D., is an associate professor at the University of
Recommendation. Available from: <http://www.w3.org/TR/ Maribor. His research interests include object technology with
soap/>. emphasis on development methods and tools, quality assurance and
Zeadally, S., Zahang, L., Zhu, Z., Lu, J., 2004. Network APIs object oriented metrics. He has published on several international
performance on commodity operating systems. Information and conferences and journals. He is program committee head of the OTS
Software Technology Journal 46 (6), 397–402. conference and the technical coordinator of COT.