Online computer services are large regional or national networks accessible to consumers by subscription. Providers offer their subscribers a wide range of services, including on-demand access to electronically represented newspapers, software and documents that can be "downloaded" at the user's request; discussion groups in which subscribers can take part by computer; electronic mail among subscribers and non-subscribers; and various forms of entertainment. Generally, consumers connect to a service via telephone, and the service charges its subscribers a recurring fee for its basic service package and/or a variable fee for the time they are actually connected.
Online services have experienced an enormous increase in their customer bases in the last few years, owing both to the proliferation and growing sophistication of personal computers as well as to the expansion of available services. The need to provide a large, widely dispersed user group with on-demand access to the central online service requires substantial computational capability. The service must not only control and monitor user access, but must also maintain a large, constantly growing reservoir of information to which many users must have simultaneous access.
One widely accepted computer architecture, developed specifically to accommodate the "distributed computing" environments that characterize online services, is the client-server model. In its purest form, a client-server system consists of a central server (sometimes called the host), which is a very powerful computer (or cluster of computers that behaves as a single computer) that services the requests of a large number of smaller computers, or clients, that connect to it. The client computers never communicate with one another, instead exchanging data only with the server, which thereby acts a clearinghouse for client requests and inter-client communications. A server, therefore, may be a large mainframe or minicomputer cluster, while the clients may be simple personal computers.
Although they need not be powerful, it is nonetheless important that clients possess a basic level of on-board processing capability; unlike older timeshare systems, which utilized "dumb" terminals that were essentially driven by the central machine, the client-server model requires that each client be capable of independent computational operation. In this way, the central server need only accept and deliver messages to the clients, which process them for output to the user. This approach limits the processing burden on the server and facilitates faster, readily customized responses by the clients.
An exemplary client-server configuration is illustrated in FIG. 1. A central server 10 communicates with a series of client computers 12.sub.1, 12.sub.2, 12.sub.3, 12.sub.4 . . . 12.sub.n over a coextensive series of physical connections 14.sub.1, 14.sub.2, 14.sub.3, 14.sub.4 . . . 14.sub.n. The terms "server" and "host" are herein used interchangeably to denote a central facility consisting of a single computer or group of computers that behave as a single unit with respect to the clients. In order to ensure proper routing of messages between the server and the intended client, the messages are first broken up into data packets, each of which receives a destination address according to a consistent protocol, and which are reassembled upon receipt by the target computer. A commonly accepted set of protocols for this purpose are the Internet Protocol, or IP, which dictates routing information; the Transmission control protocol, or TCP, according to which messages are actually broken up into IP packets for transmission for subsequent collection and reassembly; and User Datagram Protocol, or UDP, for "broadcast-style" packet transmissions. TCP/IP connections are quite commonly employed to move data across telephone lines, and have been adopted not only by online services but throughout the worldwide, integrated network communication web known as the Internet.
The Internet contains vast stores of technical and academic information, but much of this is formatted as undifferentiated text, and requires mastery of a difficult command vocabulary to access effectively. The information provided by online services, in contrast, is readily accessible without special training, tailored in content to the interests of subscribers, and presented in a visually appealing fashion. Online services typically offer their subscribers access to the Internet as well, once again in a format designed to promote easier identification and retrieval of information.
Ordinarily, users access online services by logging onto the online server and requesting them (e.g., by simply "clicking" on a title or icon with a position-sensing mouse, or otherwise designating a particular service). Each service is typically implemented by an application resident and executable, at least in part, on the server. In this sense, the term "application" denotes a body of functionality for obtaining, processing and/or presenting data to a user. For example, electronic mail (e-mail) facilities allow the user to send and receive memo-type communications; document browsers display hierarchically organized collections of document titles, any of which can be obtained by a user. Applications can be "active," operating only when affirmatively engaged by a user, or maintain a "background" task mode, which operates even when the application is not active.
Because access to these applications is valuable, the server must be provided with security features that prevent unauthorized connections. Furthermore, service providers may offer various different levels of service; in such arrangements, subscribers to more expensive, high-level packages are accorded access to applications that subscribers with lower privilege levels cannot access (at least without payment of an additional fee). Accordingly, security measures must operate not only at the entry level, but at the application level as well.
In a similar vein, service providers may charge a user on a per-application basis based on the time the user is actually connected to the various applications; the unit charge can vary depending on the user's privilege level. Thus, the issues of security and proper billing are intimately related.
Once a user successfully logs onto the server, he expects that his connection--both to the server itself and to all selected applications--will be maintained for the duration of his session. Because of the large number of remote users and the even more numerous applications running simultaneously, maintaining overall system integrity, as experienced by individual users, represents a complex endeavor. Even on well-designed multitasking computer systems, operational malfunctions originating with a single application can result in general faults that cause other applications to fail. The potential for mishap may be magnified on multinode computer systems, where the greater number of simultaneously operating computers presents a greater statistical likelihood of failure by one of them. Since the mechanical and electrical reliability of a computer can be ensured only within technological limits, the software that implements the online service network must be designed in a manner tolerant to fault if users are to be kept satisfied.
One source of application "crashes" is overutilization. Although most server applications can accommodate multiple simultaneous users, most also have a maximum number that can be concurrently serviced in a reliable manner, and many have an optimal limit falling somewhere short of the maximum. If the server architecture establishes too many circuits to a single application "instance"--that is, a single, independently running version of the application--instead of creating new instances to diffuse the computational load, the risk of application failure increases and performance (e.g., response time) decreases. On the other hand, because each application instance consumes computational resources (or "overhead"), excessive instances, without pruning to reflect decreased usage, will needlessly diminish overall system performance. A robust server architecture, therefore, should react to user demand by starting new application instances when necessary, but also close instances when they are no longer needed. The same is true of connections, both physical and logical. If the user departs from his client machine for an excessive period, maintenance of the physical connection wastes computational overhead and telecommunication resources; if the user quits an application, maintenance of the logical connection until the user signs off completely represents an analogous waste.