InfoCenter Home >
7: Multimachine management >
7.1: Using WebSphere Application Server in a multimachine environment >
7.1.3: Multimachine topologies >
7.1.3.6: HTTP server separation sample topologies >
7.1.3.6.6: Thin servlet redirector sample topology
7.1.3.6.6: Thin servlet redirector sample topology
In a thin servlet redirector configuration, a stand-alone version of the
servlet redirector runs on the Web server machine. The following figure shows an
example of a thin servlet redirector being used with firewalls.
The thin servlet redirector is
installed on Machine A with the Web server. Requests are forwarded from the Web
server to the servlet redirector by using the Open Servlet Engine (OSE) transport.
The servlet redirector then forwards the requests to the application server on Machine B
by using Remote Method Invocation (RMI) and Internet Inter-ORB Protocol (IIOP).
Encrypted requests can be forwarded by using the Secure Sockets Layer (SSL)
protocol.
No administrative server is installed on the Web server machine. Instead, scripts are used to configure the Web server plug-in, start the servlet redirector, and stop the
servlet redirector. The Web server plug-in files must be manually generated.
If WebSphere security is being used to secure the HTML files on your Web server, the
Web server plug-in also connects to an administrative server
The advantages of the thin servlet redirector configuration are as follows:
- It does not require database access through a firewall, making it appropriate for use in
many secure demilitarized zone (DMZ) configurations.
- Communication between the servlet redirector and the remote application server can be
encrypted by using SSL.
- It does not require a database client on the Web server machine.
- A servlet redirector communicates with application servers through EJB client
invocations and can participate in workload management. This allows it to forward
HTTP requests to cloned application servers and provides load balancing and failover
support.
- It supports WebSphere Application Server product security.
- Because it has fewer associated processes (no database client, administrative server or
administrative server agent), this topology generally has better Web server performance
than the other thick servlet redirector configurations in non-DMZ configurations.
The disadvantages of this configuration are as follows:
- It does not support Network Address Translation (NAT) firewalls.
- It requires the firewall to support IIOP.
- It performs relatively slowly in a DMZ configuration compared to other servlet
redirection mechanisms such as Remote OSE.
Article 7.1.4, Firewall and demilitarized zone (DMZ)
configurations, compares the thin servlet redirector topology to other topologies that
support a DMZ configuration.
The instructions describe how to set up the configuration shown in the previous figure.
- Install the appropriate product components:
|
Web server |
Web server plug-in |
administrative server |
administrative console |
application server |
Machine A |
 |
 |
 |
(optional) |
|
Machine B |
|
|
 |
 |
 |
Machines D, E, ...N |
|
|
 |
 |
 |
Machine B must contain the default resources in order to
obtain the Admin Web application referred to in the instructions for this sample topology.
Machines D through N are additional, optional application server machines onto which
the application server on Machine B can be cloned. Install the default resources only on
Machine B, cloning them to Machines D, E, ... N if applicable.
Machine C contains the administrative database for all of the above administrative
servers, as well as the database for application data. The arrangement shown in the
previous figure is just one option for database placement. For example, Machine C can be
omitted if the database resides on Machine B, D, E or another machine.
Although it is not required, having a Web server installed on the administrative server
machine is useful for verification testing.
- Test the installation on the application server machine:
- Start the administrative server.
- Start the administrative console.
- Start the application server. If necessary, create a new
application server.
- From the administrative console, add the host name of the Web server machine (Machine A)
to the alias list of the virtual host containing the Admin Web application on Machine B:
- Locate and click the default host in the Topology tree view to display its properties in
the right side of the console.
- In the advanced properties list, add the host name and IP address of the Web server
machine to the alias list of the virtual host.
- Add the machine name and IP address as separate entries in the Host Aliases table. If
the Web server port is not 80, append the port to these entries.
- Save your changes.
- Stop and restart the application servers running under the virtual host on Machine B.
For each application server:
- In the Topology tree view, locate the application server.
- Right-click it, displaying its menu. Click Stop.
- Watch for the administrative console message that the application server was stopped
successfully.
- Right-click the server to display its menu again.
- Click Start.
- Ensure the application server on Machine B is running. Use a browser to view the
following:
http://machine_B_host_name/servlet/snoop
where machine_B_host_name is a valid host name for Machine B.
- Test the installation on Machine A:
- Start the thin servlet redirector.
- Use a text editor to open the following file:
product_installation_root/properties/iiopredirector.xml
Change all occurrences of localhost to the
host name of Machine B.
- Open a command window and change directory to:
product_installation_root/bin
- Run the thin servlet redirector configuration script:
- On Windows-based systems, type:
thinRedirectorConfig -adminNodeName Machine_B_hostname
- On UNIX-based systems, type:
thinRedirectorConfig.sh -adminNodeName Machine_B_hostname
You must be logged in as root
to run the thin servlet redirector configuration script on the AIX platform.
The program generates three properties files in the directory:
product_installation_root/temp
There are optional arguments for the scripts, such as:
To view a complete list of arguments for the configuration script, change the directory to
the product_installation_root/bin directory and
type the following at the command prompt:
- On Windows-based systems, type:
thinRedirectorConfig
- On UNIX-based systems, type:
./thinRedirector.sh
- Run the thin redirector start script:
- On Windows-based systems, type:
thinRedirectorStart
- On UNIX-based systems, type:
thinRedirectorStart.sh
- Make sure that all of the following conditions are true:
- The thinRedirectorConfig script ran and stopped successfully.
- The thinRedirectorStart script is still running.
- The application server on Machine B is running.
- Confirm that the Web server is running, and was started after running the scripts and
starting the application server. Use a Web browser to open the following:
http://Machine_B_hostname/servlet/snoop
- Whenever the configuration on Machine B changes, you need to:
- Run the thinRedirectorConfig and thinRedirectorStart scripts
again to regenerate the Web server plug-in configuration files.
- Stop the Web server and start it again.
Installing additional Web servers with different ports
These instructions describe how to add another Web server on Machine A or another
machine and configure it to send requests to Machine B (the application server machine).
The details of each step were described previously under Thin servlet redirector
configuration procedure.
- If you are adding a new machine, install the components that you installed on Machine A.
- Install the Web server and plug-in.
- In the virtual host settings on Machine B (application server machine), define the Web
server host name and IP address and associated ports as virtual host aliases, as you did
for Machine A.
- Stop the administrative server and console on Machine B and start them again.
- Run the thinRedirectorConfig and thinRedirectorStart scripts.
- Start the new Web server on the new machine.
- At a Web browser, verify the configuration by accessing the following:
http://new_machine_hostname/servlet/snoop
Accessing clones
To use the servlet redirector to access Machines D, E, ... N, which contain clones of
the application server on Machine B, when you set up the thin redirector machine (Machine
A):
- Specify the machine's host name in the file iiopredirector.xml.
- Specify the machine's host name as an argument to the thinRedirectorConfig
command.
Using with firewalls (DMZ configuration)
You need to open the following ports in the firewall:
- The RMI/IIOP port
- The Location Service Daemon (LSD) port
- The bootstrap port
|
|