13 <META NAME="GENERATOR" CONTENT="Internet Assistant for Microsoft Word 2.0z">
17 <!--Copyright (c) 1996 Open Market, Inc. -->
18 <!--See the file "LICENSE.TERMS" for information on usage and redistribution-->
19 <!--of this file, and for a DISCLAIMER OF ALL WARRANTIES. -->
20 <!-- $Id: fastcgi.htm,v 1.2 2001/05/14 13:00:32 robs Exp $ -->
32 <CENTER><FONT SIZE=4 COLOR=#FFFFFF FACE="Impact">Technical White
40 A High-Performance Web Server Interface</H1>
46 April 1996<!--Please send comments to:-->
50 <!-- payne@openmarket.com-->
52 <H2>1. Introduction</H2>
58 The surge in the use of the Web by business has created
60 a tremendous need for server extension applications that create
62 dynamic content. These are the applications that will allow businesses
64 to deliver products, services, and messages whose shape and content
66 are in part determined by the interaction with, and knowledge
68 of, the customers to which they are delivered.
72 This important movement away from static Web content
74 is pushing the limits and exposing the weaknesses of the environment
76 in which these applications are currently bound: CGI (Common Gateway
78 Interface). Most importantly it does not offer the performance
80 these applications require. A new communication infrastructure
82 is needed to connect Web servers with these new applications.
84 This is what led Open Market to develop FastCGI.
88 FastCGI is a fast, open, and secure Web server interface
90 that solves the performance problems inherent in CGI, without
92 introducing the overhead and complexity of proprietary APIs (Application
94 Programming Interfaces).
98 This paper assumes that the reader has basic familiarity
100 with Web technology and developing Web applications.
102 <H3>Common Gateway Interface</H3>
108 The de facto standard interface for Web server applications
110 is CGI, which was first implemented in the NCSA server. CGI has
116 <LI><B>Simplicity. </B><FONT>It is
118 easy to understand.</FONT>
120 <LI><B>Language independence.</B>
122 CGI applications can be written in nearly any language.
124 <LI><B>Process isolation.</B>
126 Since applications run in separate processes, buggy applications
128 cannot crash the Web server or access the server's private internal
132 <LI><B>Open standard.</B> Some
134 form of CGI has been implemented on every Web server.
136 <LI><B>Architecture independence.</B>
138 CGI is not tied to any particular server architecture (single
140 threaded, multi-threaded, etc.).
148 CGI also has some significant drawbacks. The leading
150 problem is performance: Since a new process is created for each
152 request and thrown away when the request is done, efficiency is
158 CGI also has limited functionality: It only supports
160 a simple "responder" role, where the application generates
162 the response that is returned to the client. CGI programs can't
164 link into other stages of Web server request processing, such
166 as authorization and logging.
174 In response to the performance problems for CGI,
176 several vendors have developed APIs for their servers. The two
178 most notable are NSAPI from Netscape and ISAPI from Microsoft.
180 The freely available Apache server also has an API.
184 Applications linked into the server API may be significantly
186 faster than CGI programs. The CGI startup/initialization problem
188 is improved, because the application runs in the server process
190 and is persistent across requests. Web server APIs also offer
192 more functionality than CGI: you can write extensions that perform
194 access control, get access to the server's log file, and link
196 in to other stages in the server's request processing.
200 However, APIs sacrifice all of CGI's benefits. Vendor
202 APIs have the following problems:
206 <LI><B>Complexity.</B> Vendor
208 APIs introduce a steep learning curve, with increased implementation
210 and maintenance costs.
212 <LI><B>Language dependence.</B>
214 Applications have to be written in a language supported by the
216 vendor API (usually C/C++). Perl, the most popular language for
218 CGI programs, can't be used with any existing vendor API.
220 <LI><B>No process isolation. </B><FONT>Since
222 the applications run in the server's address space, buggy applications
224 can corrupt the core server (or each other). A malicious or buggy
226 application can compromise server security, and bugs in the core
228 server can corrupt applications.</FONT>
230 <LI><B>Proprietary.</B> Coding
232 your application to a particular API locks you into a particular
236 <LI><B>Tie-in to server architecture.</B>
238 API applications have to share the same architecture as the server:
240 If the Web server is multi-threaded, the application has to be
242 thread-safe. If the Web server has single-threaded processes,
244 multi-threaded applications don't gain any performance advantage.
246 Also, when the vendor changes the server's architecture, the
248 API will usually have to change, and applications will have to
250 be adapted or rewritten.
262 The FastCGI interface combines the best aspects of
264 CGI and vendor APIs. Like CGI, FastCGI applications run in separate,
266 isolated processes. FastCGI's advantages include:
270 <LI><B>Performance.</B> FastCGI
272 processes are persistent-they are reused to handle multiple requests.
274 This solves the CGI performance problem of creating new processes
278 <LI><B>Simplicity, with easy migration from CGI.</B>
280 The FastCGI application library (described on page 9) simplifies
282 the migration of existing CGI applications. Applications built
284 with the application library can also run as CGI programs, for
286 backward compatibility with old Web servers.
288 <LI><B>Language independence.</B>
290 Like CGI, FastCGI applications can be written in any language,
292 not just languages supported by the vendor API.
294 <LI><B>Process isolation.</B>
296 A buggy FastCGI application cannot crash or corrupt the core server
298 or other applications. A malicious FastCGI application cannot
300 steal any secrets (such as session keys for encryption) from the
304 <LI><B>Non-proprietary.</B>
306 FastCGI is supported in all of Open Market's server products,
308 and support is under development for other Web servers, including
310 the freely available Apache and NCSA servers, as well as commercial
312 servers from Microsoft and Netscape.
314 <LI><B>Architecture independence.</B>
316 The FastCGI interface is not tied to a particular server architecture.
318 Any Web server can implement the FastCGI interface. Also, FastCGI
320 does not impose any architecture on the application: applications
322 can be single or multi-threaded, regardless of the threading architecture
326 <LI><B>Support for distributed computing.</B>
328 FastCGI provides the ability to run applications remotely, which
330 is useful for distributing load and managing external Web sites.
338 The following sections describe the FastCGI interface,
340 protocol, application library, and support in Open Market's WebServer
344 <H2>2. FastCGI Interface</H2>
350 The functionality provided by the FastCGI interface
352 is very similar to that provided by CGI. To best understand the
354 FastCGI protocol, we review the CGI interface here. Basic CGI
356 request processing proceeds as follows:
360 <LI>For each request, the server creates a new process
362 and the process initializes itself.
364 <LI>The Web server passes the request information
366 (such as remote host, username, HTTP headers, etc.) to the CGI
368 program in environment variables.
370 <LI>The Web server sends any client input (such as
372 user-entered field values from an HTML form) to the CGI program's
376 <LI>The CGI program writes any output to be returned
378 to the client on standard output. Error information written to
380 standard error is logged by the Web server.
382 <LI>When the CGI process exits, the request is complete.
390 FastCGI is conceptually very similar to CGI, with
392 two major differences:
396 <LI>FastCGI processes are persistent: after finishing
398 a request, they wait for a new request instead of exiting.
400 <LI>Instead of using operating system environment
402 variables and pipes, the FastCGI protocol multiplexes the environment
404 information, standard input, output and error over a single full-duplex
406 connection. This allows FastCGI programs to run on remote machines,
408 using TCP connections between the Web server and the FastCGI application.
416 Request processing in a single-threaded FastCGI application
422 <LI>The Web server creates FastCGI application processes
424 to handle requests. The processes may be created at startup,
426 or created on demand.
428 <LI>The FastCGI program initializes itself, and waits
430 for a new connection from the Web server.
432 <LI>When a client request comes in, the Web server
434 opens a connection to the FastCGI process. The server sends the
436 CGI environment variable information and standard input over the
440 <LI>The FastCGI process sends the standard output
442 and error information back to the server over the same connection.
444 <LI>When the FastCGI process closes the connection,
446 the request is complete. The FastCGI process then waits for another
448 connection from the Web server.
456 FastCGI applications can run locally (on the same
458 machine as the Web server) or remotely. For local applications,
460 the server uses a full-duplex pipe to connect to the FastCGI application
462 process. For remote applications, the server uses a TCP connection.
466 FastCGI applications can be single-threaded or multi-threaded.
468 For single threaded applications, the Web server maintains a
470 pool of processes (if the application is running locally) to
472 handle client requests. The size of the pool is user configurable.
474 Multi-threaded FastCGI applications may accept multiple connections
476 from the Web server and handle them simultaneously in a single
478 process. (For example, Java's built-in multi-threading, garbage
480 collection, synchronization primitives, and platform independence
482 make it a natural implementation language for multi-threaded FastCGI
486 <H3>Remote FastCGI</H3>
492 FastCGI's ability to run applications remotely (over
494 a TCP connection) provides some major benefits. These benefits
496 are described in this section, along with some of the security
498 issues that affect remote FastCGI applications.
500 <H4>FastCGI with Firewalls</H4>
506 Applications that run on organizational (external) Web servers
508 and depend on internal databases can be a challenge to administer.
510 Figure 1 shows a typical organization, with an external Web server,
512 a firewall restricting access to the internal network, and internal
514 databases and applications.
518 <CENTER><IMG SRC="img00001.gif"><A NAME="_Ref352505891">Figure
524 With CGI and vendor APIs, the application has to run on the Web
526 server machine. This means the server administrator has to replicate
528 the necessary database information onto the system hosting the
530 Web server (which may be difficult to do in an automated way without
532 compromising firewall security). Or, the administrator may build
534 a "bridge" that allows access through the Web server
536 to internal databases and applications (which is effectively re-inventing
542 With remote FastCGI, the applications can run on the internal
544 network, simplifying the administrator's job. When used with
546 appropriate firewall configuration and auditing, this approach
548 provides a secure, high-performance, scalable way to bring internal
550 applications and data to the external network.
552 <H4>Load Distribution</H4>
558 For resource-intensive CGI and API applications, the Web server
560 machine quickly becomes the bottleneck for overall throughput.
562 The usual way to solve this performance problem is to buy a bigger,
564 faster Web server machine, or to partition the Web site across
570 With remote FastCGI, the resource-intensive applications can be
572 moved off the Web server machine, giving the server administrator
574 additional flexibility in configuring the Web server. The administrator
576 can configure FastCGI applications "behind the scenes"
578 without having to change any content links or the external view
580 of the Web site. The administrator can use several smaller, inexpensive
582 server machines for applications, and can tailor each machine
584 to the application it is hosting.
586 <H4>Security Issues with Remote FastCGI</H4>
592 The two security issues with remote FastCGI connections are authentication
594 and privacy. FastCGI applications should only accept connections
596 from Web servers that they trust (the application library includes
598 support for IP address validation). Future versions of the protocol
600 will include support for applications authenticating Web servers,
602 as well as support for running remote connections over secure
604 transport protocols such as SSL or PCT.<!--This pargraph needs to be made stronger, going into the issues in a little more detail.-->
608 <H3>The FastCGI Protocol</H3>
614 This section offers a brief introduction to the protocol
616 used on the connection between the Web server and FastCGI application.
618 Most application developers will use the FastCGI application
620 library and won't have to worry about the protocol details. However,
622 specialized applications are free to implement the FastCGI protocol
628 FastCGI uses a simple packet record format on the
630 connection between the application and the Web server. The same
632 record format is used in both directions and is outlined in Figure 2.
636 <CENTER><IMG SRC="img00002.gif"><A NAME="_Ref352404075">Figure
642 The protocol version field specifies the version
644 of the FastCGI protocol that is in use. The type field specifies
646 the type of the record (described in the following section).
648 The request ID identifies this record to a particular request,
650 allowing multiple requests to be multiplexed over a single connection.
652 The data length field specifies the number of data bytes that
658 The different FastCGI packet types are:
664 <TR><TD WIDTH=186><TT><FONT FACE="Courier">FCGI_PARAMS</FONT></TT>
666 </TD><TD WIDTH=228>Used for sending name/value pairs (CGI environment variables) from the Web server to the application.
672 <TR><TD WIDTH=186><TT><FONT FACE="Courier">FCGI_STDIN</FONT></TT>
674 </TD><TD WIDTH=228>Used for sending the standard input from the Web server to the application.
680 <TR><TD WIDTH=186><TT><FONT FACE="Courier">FCGI_DATA</FONT></TT>
682 </TD><TD WIDTH=228>Used for sending filter data to the application (for more information, see the filter role described on page 7.)
688 <TR><TD WIDTH=186><TT><FONT FACE="Courier">FCGI_STDOUT</FONT></TT>
690 </TD><TD WIDTH=228>Used to send standard output from the application to the Web server.
696 <TR><TD WIDTH=186><TT><FONT FACE="Courier">FCGI_STDERR</FONT></TT>
698 </TD><TD WIDTH=228>Used to send standard error information from the application to the Web server.
704 <TR><TD WIDTH=186><TT><FONT FACE="Courier">FCGI_END_REQUEST</FONT></TT>
706 </TD><TD WIDTH=228>Ends the request (can be sent by either the server or the application).
722 For complete protocol details, see the <I>FastCGI Protocol Specification</I>,
724 available from the Web site listed at the end of this paper.
726 <H2>3. Application Roles</H2>
732 A major problem with CGI is its limited functionality:
734 CGI programs can only provide simple responses to requests.
736 FastCGI provides expanded functionality with support for three
738 different application "roles":
742 <LI><B>Responder.</B> This is
744 the basic FastCGI role, and corresponds to the simple functionality
746 offered by CGI today.
748 <LI><B>Filter.</B> The FastCGI
750 application filters the requested Web server file before sending
754 <LI><B>Authorizer.</B> The FastCGI
756 program performs an access control decision for the request (such
758 as performing a username/password database lookup).
766 Other roles will be defined in the future. For instance,
768 a "logger" role would be useful, where the FastCGI program
770 would receive the server's log entries for real-time processing
776 The roles are described in more detail in the following
780 <H3>Responder Role</H3>
786 FastCGI's Responder role is identical to the functionality
788 provided by CGI today. When a request comes into the server,
790 the FastCGI program generates the response that's returned to
792 the client (typically an HTML page).
794 <H3><A NAME="_Ref352404524">Filter Role</A></H3>
800 The Filter role allows a FastCGI application to process
802 a requested file before it is returned to the client.
806 Let's assume that the Web server is configured so
808 that all files with the .<TT><FONT FACE="Courier">sgml
810 </FONT></TT>extension are processed by a SGML-to-HTML
812 FastCGI filter application, and the user accesses the following
818 <TT><FONT FACE="Courier">/document.sgml</FONT></TT>
822 After the Web server makes an access control decision
824 and maps this URL to a content file, it invokes the FastCGI filter
826 application with this file available as input. The FastCGI program's
828 HTML output is sent back to the client, just as in the responder
830 role. The process is outlined in Figure 3.
834 <CENTER><IMG SRC="img00003.gif"><A NAME="_Ref352560526">Figure
840 Filter applications can significantly improve performance
842 by caching filter results (the server provides the modification
844 time in the request information so that applications can flush
846 the cache when the server file has been modified).
850 The Filter role is useful for:
854 <LI>On-the-fly format conversions
856 <LI>Dynamic documents (such as documents with embedded
858 SQL queries, or dynamic advertisement insertion)
860 <LI>Applying a standard template: headers, footers,
868 <H3>Authorizer Role</H3>
874 The Authorizer role allows a FastCGI application
876 to make an access control decision for a request. The FastCGI
878 application is invoked with all of the request information, just
880 as in the Responder role. If the authorizer application generates
882 a "200 OK" HTTP result, the Web server assumes that
884 access is allowed and proceeds with the request. (The Web server
886 may process other access checks, including other FastCGI authorizers,
888 before access is ultimately allowed.) If the application generates
890 any other response, that response is returned to the client and
892 the request is ended. The response can be any valid HTTP response,
894 including "Access Denied" or "Redirect".
898 The Authorizer role is useful for:
902 <LI>Access control based on username and password,
904 where the user information is looked up in an external database.
906 <LI>Complex access policies, such as time-of-day
910 <LI>Smart-card challenge/response authentication.
912 <LI>Dynamic redirects, where the user is sent to
914 different pages based on the request profile.
920 <H2><A NAME="_Ref352251764">4. FastCGI Application Library</A></H2>
926 Open Market has developed a FastCGI application library
928 that implements the FastCGI protocol (hiding the protocol details
930 from the developer). This library makes implementing FastCGI programs
932 as easy as writing CGI applications.
936 The application library provides a replacement for
938 the C language standard I/O (stdio) routines, such as <TT><FONT FACE="Courier">printf()</FONT></TT>
940 and <TT><FONT FACE="Courier">gets()</FONT></TT>.
942 The library converts references to standard input, standard output,
944 and standard error to the FastCGI protocol. References to other
946 files "fall through" to the underlying operating system
948 standard I/O routines.
952 This approach has several benefits:
956 <LI>Developers don't have to learn a new API to develop
958 FastCGI applications.
960 <LI>Existing CGI programs can be migrated with minimal
962 source changes (CGI migration is described in more detail in the
966 <LI>FastCGI interpreters for Perl, Tcl, and other
968 interpreted languages can be built without modifying the interpreter
978 Here's a simple FastCGI application:<P>
980 #include <fcgi_stdio.h>
985 while(FCGI_Accept() >= 0) {
986 printf("Content-type: text/html\r\n");
988 printf("Hello world!<br>\r\n");
989 printf("Request number %d.", count++);
994 This application returns a "Hello world"
996 HTML response to the client. It also keeps a counter of the number
998 of times it has been accessed, displaying the value of the counter
1004 The <TT>fcgi_stdio.h</TT>
1006 header file provides the FastCGI replacement routines for the
1008 C standard I/O library. The <TT>FCGI_Accept()</TT>
1010 routine accepts a new request from the Web server.
1012 <H3>Migrating Existing CGI Programs</H3>
1018 The application library was designed to make migration
1020 of existing CGI programs as simple as possible. Many applications
1022 can be converted by adding a loop around the main request processing
1024 code and recompiling with the FastCGI application library. FastCGI
1026 applications have the following structure, with an initialization
1028 section and a request processing loop:<p>
1031 <I>Initialize application;<BR>
1033 </I><TT>while(FCGI_Accept() >= 0) {</TT><BR>
1035 <I>Process request</I>;<BR>
1041 To ease migration to FastCGI, executables built with
1043 the application library can run as either CGI or FastCGI programs,
1045 depending on how they are invoked. The library detects the execution
1047 environment and automatically selects FastCGI or regular I/O routines,
1053 After migration, developers can clean up their FastCGI
1055 applications for best performance:
1059 <LI>Fix any resource leaks. Many CGI programs do
1061 not attempt to manage memory or close files, because they assume
1063 the world is going to be cleaned up when they exit. (If you don't
1065 want to clean up your program, you can just have your process
1067 assume that it is leaking memory and exit after processing some
1069 fixed number of requests.) Purify from Pure Software is one of
1071 a number of excellent tools for finding leaks and other memory
1075 <LI>Fix any problems with retained application state.
1077 The application must ensure that any state that it creates in
1079 processing one request has no unintended effects on later requests.
1083 <LI>Collapse functionality. A common practice with
1085 CGI applications is to implement many small programs, with one
1087 function per program. CGI encourages this, because smaller programs
1089 load faster. With FastCGI, it's better to have related functionality
1091 in a single executable, so there are fewer processes to manage
1093 and applications can take advantage of sharing cached information
1103 Applications written in Perl, Tcl, and other scripting
1105 languages can be migrated by using a language interpreter built
1107 with the application library. FastCGI-integrated Tcl and Perl
1109 interpreters for popular Unix platforms are available from Open
1111 Market. The interpreters are backward-compatible: They can run
1113 standard Tcl and Perl applications.
1115 <H2>5. FastCGI in the Open Market WebServer</H2>
1121 This section describes the FastCGI support in the
1123 following Open Market server products:
1127 <LI>Open Market WebServer V2.0
1129 <LI>Open Market Secure WebServer V2.0
1131 <LI>Open Market Secure WebServer (Global) V2.0
1139 For more information about FastCGI support, see
1141 the <I>Open Market WebServer Installation and Configuration Guide</I>.
1143 <H3>Server Configuration</H3>
1149 FastCGI applications are configured with the server's
1151 configuration file. Configuration has two parts.
1155 First, the server administrator defines an <I>application
1157 class</I>. For local applications, the application class specifies
1159 the details of running the FastCGI application, such as:
1163 <LI>The pathname of the application executable.
1165 <LI>Any arguments and environment variables to pass
1167 to the process at startup.
1169 <LI>The number of processes to run.
1177 For remote applications, the class configuration
1179 information includes the host and TCP port to connect to. The
1181 Web server assumes that the FastCGI application has been started
1183 on the remote host. If a request comes in and the server can't
1185 connect to the FastCGI TCP port, the server logs an error and
1187 returns an error page to the client.
1191 The second configuration step is mapping the application
1197 <LI>For responder roles, the administrator configures
1199 some part of the URL space to be handled by the FastCGI application.
1201 For example, all URLs beginning with <FONT FACE="Courier">/rollcall/</FONT>
1203 might be handled by the employee database application.
1205 <LI>For filter roles, the administrator configures
1207 a file extension to be handled by a filter application. For example,
1209 all files with the <FONT FACE="Courier">.sql</FONT>
1211 extension could be handled by a SQL query lookup filter.
1213 <LI>For authorizer roles, the administrator configures
1215 an authorizer application in the same manner as other access methods
1217 (hostname, username/password, etc.) A request must pass <I>all
1219 </I>access control checks (possibly including multiple FastCGI
1221 authorizers) before access is allowed.
1227 <H3>Basic FastCGI</H3>
1233 To simplify migration for existing CGI programs,
1235 the WebServer provides a simple way to install new FastCGI programs
1237 without having to reconfigure the server. However, this approach
1239 doesn't offer all of the performance benefits of FastCGI application
1245 The WebServer treats any file with the extension
1247 <FONT FACE="Courier">.fcg</FONT> as
1249 a FastCGI application. When a request corresponds to such a file,
1251 the WebServer creates a new FastCGI process to handle the request,
1253 and shuts down the process when the request is complete (just
1255 as in CGI). In this mode of operation performance is comparable
1257 to CGI. Future versions of the WebServer will improve performance
1259 by automatically caching processes and re-using them for subsequent
1263 <H3>Session Affinity</H3>
1269 FastCGI programs can improve performance by caching
1271 information in the application process. For applications that
1273 require frequent but expensive operations such as validating a
1275 username/password in an external database for each request, this
1277 technique can significantly improve performance.
1281 To improve the effectiveness of this technique, the
1283 WebServer implements <I>session affinity</I>. When session affinity
1285 is enabled, the WebServer arranges for all requests in a user
1287 session to be handled by the same FastCGI application process.
1289 What constitutes a "session" is configurable. The
1291 default configuration uses the WebServer's built-in session tracking
1293 facility to identify user sessions. However, the server administrator
1295 can use any part of the request information for the session affinity
1297 mapping: the URL path, the client's hostname, the username, etc.<!--Talk about applications that need to hold onto resources for the user (such as open connections to the database).-->
1301 <H2>6. FastCGI Performance Analysis</H2>
1307 How fast is FastCGI? The answer depends on the application.
1309 This section contains some real FastCGI performance measurements,
1311 as well as guidelines for estimating the FastCGI speedup.
1313 <H3>FastCGI vs CGI</H3>
1319 We measured the relative performance of CGI, FastCGI,
1321 and static files on the Open Market WebServer, using a simple
1323 application that generates a fixed number of output bytes. The
1325 following table shows the measured request processing time for
1327 different request types on a typical platform. The times are
1329 measured from the client perspective and include client, server,
1331 and application processing time.
1333 <TABLE BORDERCOLOR=#000000 BORDER=2>
1337 <TR><TD WIDTH=72><CENTER><FONT SIZE=2 FACE="Arial Narrow">Static file</FONT></CENTER>
1339 </TD><TD WIDTH=180><CENTER><FONT SIZE=2 FACE="Arial Narrow">21ms + 0.19ms per Kbyte</FONT></CENTER>
1345 <TR><TD WIDTH=72><CENTER><FONT SIZE=2 FACE="Arial Narrow">FastCGI</FONT></CENTER>
1347 </TD><TD WIDTH=180><CENTER><FONT SIZE=2 FACE="Arial Narrow">22ms + 0.28ms per Kbyte</FONT></CENTER>
1353 <TR><TD WIDTH=72><CENTER><FONT SIZE=2 FACE="Arial Narrow">CGI</FONT></CENTER>
1355 </TD><TD WIDTH=180><CENTER><FONT SIZE=2 FACE="Arial Narrow">59ms + 0.37ms per Kbyte</FONT></CENTER>
1367 FastCGI performance is comparable to serving static files, and
1369 significantly better than CGI (clearly showing the high overhead
1371 for process creation). Real applications have an additional time
1373 component: process initialization, which should be added to overall
1375 request processing time.
1379 Let's use this data to estimate the speedup from migrating a typical
1381 database CGI application to FastCGI. Assume the application takes
1383 50ms to initialize the database connection and generates 5K of
1385 output data. Request performance can be computed as follows:
1391 <TR><TD WIDTH=108>CGI </TD><TD WIDTH=331>59ms + 50ms + (0.37ms)(5) = 111ms
1397 <TR><TD WIDTH=108>FastCGI</TD><TD WIDTH=331>22ms + (0.28ms)(5) = 23ms
1409 In this example, FastCGI has a 5x performance advantage over CGI,
1411 mostly due to savings from not having to create and initialize
1413 new processes for each request.<!--Need to talk about FastCGI vs proprietary APIs.-->
1417 <H2>7. Conclusions</H2>
1423 Today's Web business applications need a platform
1425 that's fast, open, maintainable, straightforward, stable, and
1427 secure. FastCGI's design meets these requirements, and provides
1429 for a logical extension from proven and widely deployed CGI technology.
1431 This allows developers to take advantage of FastCGI's benefits
1433 without losing their existing investment in CGI applications.<!--Need to talk about NT.-->
1435 <!--Need to give "more punch" to this conclusion: include info about uses for FastCGI (accessing legacy data in databases, access control, distributed applications, apps that have to run in multiple OS environments. -->
1437 <H2>8. For More Information</H2>
1443 For more information about Open Market and our products,
1445 visit our Web site at:<FONT FACE="Courier">http://www.openmarket.com/</FONT>
1449 For more information about the FastCGI protocol and
1451 the developer's kit, and the latest information about FastCGI
1453 standardization and support in other Web servers, visit the FastCGI
1455 project page at:<FONT FACE="Courier">http://www.openmarket.com/fastcgi/</FONT>