InfoCenter Home >
7: Multimachine management >
7.1: Using WebSphere Application Server in a multimachine environment >
7.1.3: Multimachine topologies >
7.1.3.6: HTTP server separation sample topologies >
7.1.3.6.4: Thick servlet redirector sample topology
7.1.3.6.4: Thick servlet redirector sample topology
In a thick servlet redirector configuration, the machine where the servlet
redirector runs is configured as a full WebSphere Application Server node with an
administrative server and its associated processes. The following figure shows a thick
servlet redirector topology used with two firewalls.
The thick servlet redirector is
installed on Machine A with the Web server. Requests are forwarded from the Web
server to the servlet redirector by using the Open Servlet Engine (OSE)
transport. The servlet redirector then forwards the requests to the
application server on Machine B by using Remote Method Invocation (RMI) and Internet
Inter-ORB Protocol (IIOP). Encrypted requests can be forwarded by using the Secure
Sockets Layer (SSL) protocol.
The thick servlet redirector topology has the following advantages:
- It supports encrypted communication with SSL between the servlet redirector and the
application server.
- Because the thick servlet redirector includes a full administrative server, it can be
configured and managed from WebSphere administrative clients. It also automatically
updates the Web server plug-in files when administrative changes are made.
- A servlet redirector communicates with application servers through EJB client
invocations and can participate in workload management. This allows it to forward
HTTP requests to cloned application servers and provides load balancing and failover
support.
It also has the following disadvantages:
- The administrative server requires access to the repository database, which is
inapproprate for some secure environments. This requires an open port in the firewall for
database communication.
- A database client must also be installed on Machine A. In addition to running
another process on the machine, running a database client in an insecure environment is
often inappropriate. A database ID and password must be stored on the machine, which
can pose a security risk.
- It requires multiple ports in a firewall.
- It requires the firewall to support IIOP.
- It does not support Network Address Translation (NAT) firewalls.
- The thick servlet redirector performs relatively slowly compared to other servlet
redirector mechanisms such as Remote OSE. The administrative server and database
client processes use system resources that are needed by the Web server, which can
negatively affect its performance.
The thick servlet redirector is often used in situations where an organization wants to
maintain a Web server in one department and secure applications in another. The
application server provides dynamic content (such as servlets and JSP files) to clients
with minimal maintenance requirements for the Web server machines. The thick servlet
redirector can be configured from the WebSphere administrative console, allowing users to
maintain it from any machine within a WebSphere Application Server installation.
Article 7.1.4, Firewall and demilitarized zone (DMZ)
configurations, compares the thick servlet redirector topology to other topologies
that support a DMZ configuration.
The following instructions describe how to set up the configuration shown in the
previous figure, with the possibility of additional Web server machines (Machines D, E,
... N) communicating with the application server on Machine B.
- Install the product components:
|
Web server |
Web server plug-in |
administrative server |
administrative console |
application server |
Machine A |
 |
 |
 |
|
|
Machine B |
|
|
 |
 |
 |
Machines D, E, ... N (optional) |
 |
 |
 |
|
|
Machine C contains the administrative database for all of the above administrative
servers, as well as the database for application data. The arrangement shown in the
previous figure is just one option for database placement. For example, Machine C can be
omitted if the database on one of the machines already in the configuration (A or B).
- Start the administrative servers on each machine.
- Configure the virtual hosts:
- Start the Java administrative client (WebSphere
Administrative Console).
- Display the Topology view.
- Expand the WebSphere Administrative Domain, verifying that all machines sharing the
administrative database (in this case, Machines A, B, D, E ... N) are displayed as
administrative nodes.
- In the tree, locate and click the default virtual host to display its properties on the
right side of the console.
- In the Advanced properties, add host names (and ports, if the port number is other than
port 80) for the Web servers running on Machines A, D, E, ... N. Save the changes.
- Locate the application server under Machine B in the Topology tree and start it. If Machine A does not contain an application server, configure a new one and start it.
- Configure and test the thick servlet redirector on Machine A:
- Use the Java administrative client (WebSphere
Administrative Console) to display the Topology view.
- Expand the WebSphere Administrative Domain, verifying that all machines sharing the
administrative database (in this case, Machines A, B, D, E ... N) are displayed as
administrative nodes.
- Locate and right-click the node representing the machine on which the thick redirector
runs. A menu is displayed.
- On the menu, click Create -> Servlet Redirector to display servlet
redirector properties.
- Specify the properties, then save them.
- Locate and right-click the newly created thick servlet redirector in the Topology tree
to display a menu.
- On the menu, click Enabled.
- From the same menu, click Start to start the thick servlet redirector
process on this machine. Wait for it to start.
- Start the Web server on the same machine.
- Verify that the thick servlet redirector is running.
- Verify that the thick servlet redirector is set up correctly.
Start a Web browser.
Enter a URL that is valid for Machine B, but send it to the Web server machine (Machine
A).
For example, if the Machine B configuration defines a path of /servlet/snoop for accessing the Snoop diagnostic servlet on Machine B, use this path as part of the
URL to access the Snoop servlet on the Web server machine. Type:
http://hostname/servlet/snoop
where hostname is a valid host name for Machine A.
- Repeat the previous step for each thick servlet redirector node (Machines D, E, ...N).
|
|