Web Services Addressing, firewalls and intermediary nodes

Using the Web Services Addressing (WS-Addressing) support in WebSphere Application Server, you can create endpoint references that can be distributed across firewalls and intermediary nodes.

To create endpoint references using WS-Addressing support, you use the com.ibm.websphere.wsaddressing.EndpointReferenceManager class of the WS-Addressing API to automatically generate endpoint references that represent endpoints on the node on which the references are generated. These endpoint references contain the appropriate address information, based on the URL configured for the endpoint and any valid proxy configuration for the server on which the endpoint resides. Messages targeted at the endpoint reference from the client are routed to the endpoint through the appropriate intermediary node or nodes, as described in the following topology scenarios.

The topology of your system can also affect the type of endpoint reference that the WebSphere Application Server WS-Addressing programming model generates. For example, if you use the EndpointReferenceManager.createEndpointReference(QName serviceName, String endpointName) method to create an endpoint reference in a cluster environment, the endpoint reference, by default, represents an endpoint that is workload-managed in the cluster in which the endpoint was created, in accordance with the appropriate topologies in the following sections. This behavior therefore provides a performance enhancement for the application.
Note: If the requesting application component runs under a transaction or in an HTTP session, affinity constraints might apply to the workload-management of endpoints.

[AIX HP-UX Linux Solaris Windows] [iSeries] You can also use the WS-Addressing programming model to create an endpoint reference that represents a service that should not be workload-managed, for example because it maintains in-memory state. A service that uses a stateful session bean is one example of a service that relies on routing affinity to a specific server instance. To create an endpoint reference to such a service, use the EndpointReferenceManager.createEndpointReference(QName serviceName, String endpointName, java.rmi.Remote statefulSessionBean) method.

[AIX HP-UX Linux Solaris Windows] [iSeries] If you enable high availability for stateful session beans, and create the endpoint reference using this method, the endpoint reference remains valid even if the stateful session bean is failed over, provided that the request originates from a WebSphere Application Server client at version 6.1 or later, or is routed by a Proxy Server for IBM WebSphere Application Server in the same administrative cell, as described in the following topology scenarios.

For endpoint references that refer to services that do not access stateful information that is localized to a specific server, all the following topology scenarios are suitable.

Direct connection

Use this topology for non-clustered configurations.

In this topology, there is no intermediary node. The client communicates directly with the WebSphere Application Server server on which the target endpoint resides. In this topology, the WS-Addressing API automatically generates the appropriate endpoint reference address, based on the URL configured for the Web service module. This scenario is illustrated in the following diagram.
The Web service client sends messages directly to the WebSphere Application Server on which the target endpoint resides.
Also, you can use this topology when endpoint references refer to services that are deployed in a workload-managed cluster, but messages targeted at the endpoint reference are workload-managed only if the client targeting the endpoint reference is a WebSphere Application Server client, at Version 6.1 or later, that exists in the same administrative cell as the endpoint, as illustrated in the following diagram.
The WebSphere Application Server client uses its workload management and high availability routing logic to route messages to the target endpoint, which resides in a WebSphere Application Server cluster. The client and the server exist in the same administrative cell.

Proxy Server for IBM WebSphere Application Server

Use this topology when endpoint references refer to services that are deployed in a workload-managed cluster, optionally access stateful information that is localized to a specific server, and optionally, can be failed over in a highly-available configuration.

In this topology, the WS-Addressing API automatically generates the appropriate endpoint reference address, based on the URL prefix of the Proxy Server for IBM WebSphere Application Server that is configured for the target Web service module. You must provide HTTP endpoint URL information, that is, configure the HTTP URL prefix for each deployment of each application. The client can exist outside the administrative cell that contains the proxy server and target server. The client communicates with the proxy server, which dynamically routes the client requests to the appropriate server in the WebSphere Application Server cluster.
The Web service client sends messages, through a firewall, to the Proxy Server for IBM WebSphere Application Server. The proxy server then uses its workload management and high availability routing logic to route messages to the endpoint on a server in the WebSphere Application Server cluster. The proxy server and the target server exist in the same administrative cell.

[AIX HP-UX Linux Solaris Windows] [iSeries] If the proxy that is addressed by the endpoint reference is a Proxy Server for IBM WebSphere Application Server, at Version 6.1 or later, that exists in the same administrative cell as the endpoint, messages targeted at a workload-managed endpoint reference are workload-managed, based on the cluster. Similarly, requests targeted at an endpoint reference that represents a stateful session bean retain affinity to the server and the instance of that stateful session bean, and an endpoint reference that represents a highly available stateful session bean remains valid if the stateful session bean is failed over to another server.

[z/OS] If the proxy that is addressed by the endpoint reference is a Proxy Server for IBM WebSphere Application Server, at Version 6.1 or later, that exists in the same administrative cell as the endpoint, messages targeted at a workload-managed endpoint reference are workload-managed, based on the cluster.

HTTP server, such as IBM HTTP Server

Use this topology when endpoint references refer to services that are deployed in a workload-managed cluster, and that do not access any stateful information that is localized to a specific server.

In this topology, the WS-Addressing API automatically generates the appropriate endpoint reference address based on the URL prefix of the HTTP server that is configured for the target Web service module. You must provide HTTP endpoint URL information, that is, configure the HTTP URL prefix for each deployment of each application. The client communicates with the HTTP server, which then routes the client requests to a specific server based on the HTTP server configuration.
The Web service client communicates, through a firewall, with the HTTP server in the demilitarized zone. The configuration of the HTTP server determines where the message is sent in WebSphere Application Server.

[AIX HP-UX Linux Solaris Windows] [iSeries] Do not deploy an endpoint reference that represents a stateful session bean in this topology, because the HTTP server will not retain affinity to that stateful session bean, and will spread its requests across the available servers.

[AIX HP-UX Linux Solaris Windows] [iSeries] To maintain stateful session bean affinity and high availability, use a Proxy Server for IBM WebSphere Application Server in addition to your HTTP server, as described in the following topology.

HTTP server with a Proxy Server for IBM WebSphere Application Server

Use this topology when endpoint references refer to services that are deployed in a workload-managed cluster, optionally access stateful information that is localized to a specific server, and optionally, can be failed over in a highly-available configuration. The topology is similar to the Proxy Server for IBM WebSphere Application Server topology, but supports the use of any HTTP server as the external reverse proxy.

In this topology, the WS-Addressing API automatically generates the appropriate endpoint reference address based on the URL prefix of the HTTP server that is configured for the target Web service module. You must provide HTTP endpoint URL information, that is, configure the HTTP URL prefix for each deployment of each application.

The client communicates with the HTTP server, which you configure, by routing requests from a plug-in to a proxy server, to forward the client requests to a Proxy Server for IBM WebSphere Application Server. The proxy then dynamically routes the requests to the appropriate server.
The Web service client communicates, through a firewall, with the HTTP server in the demilitarized zone. The HTTP server forwards all requests to the Proxy Server for IBM WebSphere Application Server, which dynamically routes requests to the correct server in the WebSphere Application Server cluster. The proxy server and the target server exist in the same administrative cell.

[AIX HP-UX Linux Solaris Windows] [iSeries] If the proxy that is addressed by the endpoint reference is Proxy Server for IBM WebSphere Application Server, at Version 6.1 or later, and exists in the same administrative cell as the endpoint, messages targeted at a workload-managed endpoint reference are workload-managed, based on the cluster. Similarly, requests targeted at an endpoint reference that represents a stateful session bean retain affinity to the server and the instance of that stateful session bean, and an endpoint reference that represents a highly available stateful session bean remains valid if the stateful session bean is failed over to another server.

[z/OS] If the proxy that is addressed by the endpoint reference is Proxy Server for IBM WebSphere Application Server, at Version 6.1 or later, and exists in the same administrative cell as the endpoint, messages targeted at a workload-managed endpoint reference are workload-managed, based on the cluster.




Related concepts
Stateful session bean failover for the EJB container
Web Services transactions, firewalls and intermediary nodes
Virtual hosts
Related tasks
Configuring virtual hosts
Creating endpoint references using the Web Services Addressing support
Setting up the proxy server
Routing requests from a plug-in to a proxy server
Related reference
Web Services Addressing APIs
Provide HTTP endpoint URL information
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=cwbs_wsa_eprs
File name: cwbs_wsa_eprs.html