I’m going to take a short break from discussing the various programming languages to write a bit about the great 2-tier vs. 3-tier architecture debate and which architecture is ‘better’.

From my perspective, much of the debate centers around the background and experience of the individual who writes about the differences. In particular, what architecture are they familiar with, what is their application, how many users does their application support and what programming languages do they use. In addition, there are sometimes differing views as to the exact definition of 2- and 3-tier architectures.

So, before I get too far along, I will start by explaining the definition of 2- and 3-tier architectures that I will use along with clarifying that I will be looking at the architectures from a startup’s perspective (along with defining my use of startup in the post).

Let’s start with developing an understanding of the various architectures, used in a web environment. A two-tier application web application has one tier for the display and application logic (web server), connected to a second tier, which is the database server. A 3-tier application can then be defined as having a web server, an application server, and a database server (as in at least 3 different virtual or physical machines).

So, what are the architectural and organizational factors that should be considered when developing and deploying an application? For me, the most important considerations are:

  • Performance
  • Scalability (including load and throughput)
  • Deployment, configuration management and cost
  • Security

Performance.  Because of the tight coupling, a 2 tiered application will run faster.  In addition, the absence of a network hop from the web to application server helps improve performance.

Scalability.  In certain applications, a 3-tier architecture can provide increased scalability. Imagine that you have developed an application where a user enters some data and hits submit. Next the application takes this input and performs some CPU and/or RAM intensive calculations at which time the app enters the results into a database and returns the output to the user. Next imagine that additional users access the site during these calculations.  At some point, the site will no longer be able to handle the load and performance will suffer.  The performance advantage of the 2 Tier world is suddenly lost.

A 3-tier architecture then offers you the ability to scale your system according to how it will be used.  It gives you the ability to setup servers based on functionality and scale accordingly. In the example above, you could set up specifically tuned application servers to handle the load without the need to also scale the web servers.

Deployment configuration and cost.  In a 2-tier environment there is not as much configuration required thereby making code deployment and server maintenance slightly easier. However, in a 3-tier environment, not only do you have the additional cost of more complex application development, but also the cost of additional hardware and again, a more complex hardware configuration and maintenance environment.

Security .  Finally, a web server is often placed in the least protected part of your network and is exposed to the outside world.  In most systems security is essential and a large part of security is to protect your database and file storage systems.  In a 2-tiered system, the web server communicates with the database server and other resources on your network directly.  The threat here is that if someone attacks your web server there is now a direct gateway to all your network resources.

However, in a 3-tiered architecture, you limit communications from your web server to just to the application servers.  In fact you can configure the application server to accept instructions only from the web servers.  This way an intrusion into your network will still not give them access to the complete system.

So how do you choose 2- or 3- tier?  Below is a very high-level and quick assessment that can be done to help make the architectural decision. In essence, a 2 Tiered system can be beneficial when you have a small number of users, low security or intranet application, and low level of processing requirements.  The moment any of these conditions fail you must consider a move to a 3-tier architecture.

2 Tier

3 Tier

Number of Users

Large

X

Small

X

Domain/Security Concerns

Intranet/Low

X

Internet/High

X

Application Processing

High

X

Low

X

So, once again, the choice of an architecture must be made based upon the application. Before you begin application development, it is essential to have a very thorough and well thought out understanding of your application and expected user base so that you can choose the architecture that is best for the expected environment.