InfoCenter Home >
7: Multimachine management >
7.1: Using WebSphere Application Server in a multimachine environment >
7.1.3: Multimachine topologies >
7.1.3.6: HTTP server separation sample topologies >
7.1.3.6.4: Thick servlet redirector sample topology

7.1.3.6.4: Thick servlet redirector sample topology

Overview

In a thick servlet redirector configuration, the machine where the servlet redirector runs is configured as a full WebSphere Application Server node with an administrative server and its associated processes. The following figure shows a thick servlet redirector topology used with two firewalls.

The thick servlet redirector is installed on Machine A with the Web server. Requests are forwarded from the Web server to the servlet redirector by using the Open Servlet Engine (OSE) transport.   The servlet redirector then forwards the requests to the application server on Machine B by using Remote Method Invocation (RMI) and Internet Inter-ORB Protocol (IIOP).  Encrypted requests can be forwarded by using the Secure Sockets Layer (SSL) protocol.   

Typical use

The thick servlet redirector topology has the following advantages:

  • It supports encrypted communication with SSL between the servlet redirector and the application server.
  • Because the thick servlet redirector includes a full administrative server, it can be configured and managed from WebSphere administrative clients.  It also automatically updates the Web server plug-in files when administrative changes are made.
  • A servlet redirector communicates with application servers through EJB client invocations and can participate in workload management.  This allows it to forward HTTP requests to cloned application servers and provides load balancing and failover support.  

It also has the following disadvantages:

  • The administrative server requires access to the repository database, which is inapproprate for some secure environments. This requires an open port in the firewall for database communication. 
  • A database client must also be installed on Machine A.  In addition to running another process on the machine, running a database client in an insecure environment is often inappropriate.  A database ID and password must be stored on the machine, which can pose a security risk.
  • It requires multiple ports in a firewall. 
  • It requires the firewall to support IIOP.
  • It does not support Network Address Translation (NAT) firewalls.
  • The thick servlet redirector performs relatively slowly compared to other servlet redirector mechanisms such as Remote OSE.  The administrative server and database client processes use system resources that are needed by the Web server, which can negatively affect its performance.

The thick servlet redirector is often used in situations where an organization wants to maintain a Web server in one department and secure applications in another. The application server provides dynamic content (such as servlets and JSP files) to clients with minimal maintenance requirements for the Web server machines. The thick servlet redirector can be configured from the WebSphere administrative console, allowing users to maintain it from any machine within a WebSphere Application Server installation.

Article 7.1.4, Firewall and demilitarized zone (DMZ) configurations, compares the thick servlet redirector topology to other topologies that support a DMZ configuration.

Instructions

The following instructions describe how to set up the configuration shown in the previous figure, with the possibility of additional Web server machines (Machines D, E, ... N) communicating with the application server on Machine B.

  1. Install the product components:
      Web server Web server plug-in administrative server administrative console application server
    Machine A    
    Machine B    
    Machines D, E, ... N (optional)    

    Machine C contains the administrative database for all of the above administrative servers, as well as the database for application data.  The arrangement shown in the previous figure is just one option for database placement. For example, Machine C can be omitted if the database on one of the machines already in the configuration (A or B).

  2. Start the administrative servers on each machine.
  3. Configure the virtual hosts:
    1. Start the Java administrative client (WebSphere Administrative Console).
    2. Display the Topology view.
    3. Expand the WebSphere Administrative Domain, verifying that all machines sharing the administrative database (in this case, Machines A, B, D, E ... N) are displayed as administrative nodes.
    4. In the tree, locate and click the default virtual host to display its properties on the right side of the console.
    5. In the Advanced properties, add host names (and ports, if the port number is other than port 80) for the Web servers running on Machines A, D, E, ... N. Save the changes.
    6. Locate the application server under Machine B in the Topology tree and start it. If Machine A does not contain an application server, configure a new one and start it.
  4. Configure and test the thick servlet redirector on Machine A:
    1. Use the Java administrative client (WebSphere Administrative Console) to display the Topology view.
    2. Expand the WebSphere Administrative Domain, verifying that all machines sharing the administrative database (in this case, Machines A, B, D, E ... N) are displayed as administrative nodes.
    3. Locate and right-click the node representing the machine on which the thick redirector runs. A menu is displayed.
    4. On the menu, click Create -> Servlet Redirector to display servlet redirector properties.
    5. Specify the properties, then save them.
    6. Locate and right-click the newly created thick servlet redirector in the Topology tree to display a menu.
    7. On the menu, click Enabled.
    8. From the same menu, click Start to start the thick servlet redirector process on this machine. Wait for it to start.
    9. Start the Web server on the same machine.
    10. Verify that the thick servlet redirector is running.
    11. Verify that the thick servlet redirector is set up correctly.

      Start a Web browser. Enter a URL that is valid for Machine B, but send it to the Web server machine (Machine A).

      For example, if the Machine B configuration defines a path of /servlet/snoop for accessing the Snoop diagnostic servlet on Machine B, use this path as part of the URL to access the Snoop servlet on the Web server machine. Type:

      http://hostname/servlet/snoop

      where hostname is a valid host name for Machine A.

  5. Repeat the previous step for each thick servlet redirector node (Machines D, E, ...N).
Go to previous article: Reverse proxy (IP forwarding) sample topology Go to next article: Thick servlet redirector with administrative agent sample topology

 

 
Go to previous article: Reverse proxy (IP forwarding) sample topology Go to next article: Thick servlet redirector with administrative agent sample topology