Select a front end for your WAS topology

Network Deployment (Distributed operating systems), v8.0 > Set up intermediary services > Implement a web server plug-in > Web server plug-ins

Select a front end for your WAS topology

We can use either a web server plug-in, a WAS proxy server, or a DMZ Secure Proxy Server for IBM WAS to provide session affinity, failover support, and workload balancing for your WAS topology.
After you install the product, you can set up either a web server plug-in, a WAS proxy server, or a DMZ Secure Proxy Server for IBM WAS to establish communication between an application and a remote client.

A WAS web server plug-in provides an interface between a web server and an application server. The web server plug-in determines the server to which a client request for dynamic content, such as servlets, needs to be routed.
A WAS proxy server is a specific type of application server that routes HTTP requests to content servers that perform the work. The WAS proxy server can be the initial point of entry for requests to servers in your enterprise environment. However, because a WAS proxy server is not safe for DMZ deployment, a WAS proxy server is typically fronted by a web server, or used in internal only environments where stringent host security requirements are not required.
A DMZ Secure Proxy Server for IBM WAS is a WAS proxy server that is designed specifically to be safely installed on a stand-alone node in a demilitarized zone (DMZ). If you require the function of the WAS proxy server, and want to deploy it to the DMZ, you should use a DMZ Secure Proxy Server for IBM WAS to provide session affinity, failover support, and workload balancing for your WAS topology.
The DMZ is a safe zone between firewalls that is typically located between a client and a backend server. A DMZ Secure Proxy Server for IBM WAS accepts requests from clients on the Internet, and forwards the requests to servers in your enterprise environment.

We can also use the on demand router (ODR), provided with the WebSphere eXtended Deployment product, as a reverse proxy between an HTTP client and a clustered application, or a partitioned application. See the WebSphere eXtended Deployment Information Center at http://publib.boulder.ibm.com/infocenter/wxsinfo/v7r0/index.jsp for more information about using ODR.
The traditional topology, using your web server of choice and the corresponding web server plug-in, is recommended unless:

You want to use specific features of the ODR or a WAS proxy server.
You want to use another function, such as SIP or WS-Addressing affinity/failover, which requires a WAS proxy server.

The following tables compare the core application server frontend functionality, and the non-core functionality of a web server plug-in running in a modern web server, such as the IBM HTTP Server, based on Apache HTTP Server, a WAS proxy server, and a DMZ Secure Proxy Server for IBM WAS.

Core functionality. This table compares the functionality that a web server plug-in, a WAS proxy server, and a DMZ Secure Proxy Server for IBM WAS provide.

Functionality Web server plug-in used with either the IBM HTTP Server or the Apache Web Server WAS proxy server DMZ Secure Proxy Server for IBM WAS
Session affinity Yes Yes1, 2 Yes1, 2
DMZ ready Yes No Yes
Custom advisors are supported No Yes Yes
Service Level Agreement (SLA) No No No
QoS/Throttling No No No
SIP proxy No Yes Yes
ESI dynamic Caching Yes Yes3 Yes3
Managed from the administrative console Yes Yes Yes4
Stream caching (large response caching) Yes Yes Yes
Dynamically receive management events5 No Yes Yes6
Multi cells routing No Yes7 Yes8
Performance monitoring Yes9 Yes10 Yes10
Load Balancing (weighted round-robin) Yes11 Yes11 Yes11
Route rules are configurable No12 Yes Yes
Interoperability with WLM Yes13 Yes14 Yes
Web service affinity and failover No Yes15 No
Rule expression and custom routing No Yes16 Yes15
Generic server cluster (GSC) affinity and failover No Yes17 Yes16

Table notes:

Session affinity is supported for WAS managed resources. However, some session management custom properties, such as HttpSessionCloneId, are not supported.
For generic server routing, where the resources are not WAS managed resources, active session affinity and passive session affinity need to be configured under generic server routing action.
WAS proxy servers and DMZ Secure Proxy Servers for IBM WAS do not support fragment caching. Only whole page caching, and the ESI invalidation servlet are supported.
Secure proxy profile on a DMZ installation can only be managed using scripting or an admin agent. Configuration-only secure proxy profile can be managed through scripting or the admin agent console. If you use an admin agent console, register a proxy profile with the admin agent.
As performed by ODR in a WebSphere Extended Deployment environment.
Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WAS, and the core group bridge interface for the WAS ND cells.
Requires core group bridge setup between the proxy cell and other cells.
Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WAS, and the core group bridge interface for the WAS ND cells.
The web server plug-in statistics are obtained from request metrics.
WAS proxy server statistics and DMZ Secure Proxy Server for IBM WAS statistics can be retrieved from Tivoli performance viewer, ARM, and performance mBeans.
Random Load balancing is supported in addition to weighted round robin.
Web server plug-in can only do static routing.
A web server plug-in indirectly has interoperability with WLM through the exchange of dynamic workload manager (DWLM) Partition Tables between the web server plug-in and WAS. The plug-in uses these tables for dynamic routing and failover scenarios within a cluster.
The proxy server uses the WAS WLM even if the proxy server is running on a z/OS operating system.

The DataPower appliance manager provides faster web service affinity and failover service than Java proxy provides.
Rule expression and custom routing allows administrators to override default WAS routing behavior. For example, you might not want requests forwarded to server1 in a cluster between 11:00 PM and 12:00 PM because you regularly apply maintenance to that server during that time interval.
Proxy server supports load balancing and failover for generic server clusters with passive and/or active affinity.

Functionality provided outside of the web server plug-in. This table provides a comparison of the functionality that a typical web server, that is hosting a web server plug-in, a WAS proxy server, and a DMZ Secure Proxy Server for IBM WAS provide outside of the core application server frontend functionality. See your web server documentation for a complete description of the functionality that your particular web server provides.

Functionality Web server plug-in used with either the IBM HTTP Server or the Apache Web Server WAS proxy server DMZ Secure Proxy Server for IBM WAS
Common Gateway Interface (CGI) Yes No No
Request URI rewriting Yes No No
Efficient static file serving Yes Basic1 Basic1
Compression Yes Yes Yes
Response filtering Yes Yes2 Yes2
SSL termination Yes Yes Yes
Cryptographic Accelerator3 Yes Yes4 Yes4
FIPS Yes Yes Yes
Third-party/customer-written plug-ins Yes No No
Log Yes Yes5 Yes5
Custom Logging Yes No No
Disk caching Yes Yes Yes
Asynchronous request handling none or partial6 Yes7

Table notes:

WAS proxy servers support basic static file serving.
WAS proxy servers support HTML link rewriting.
This functionality only applies to Cryptographic Accelerators that WAS supports. See the Supported hardware and software web page .
The support is provided by IBM JDK/JCE.
Only NCSA common format is supported.
The connection between a web server plug-in and an application server is synchronous and consumes a thread while reading/writing or waiting for data. See your web server documentation for information about how your particular web server handles client connections.
Proxy server is optimized to handle AJAX long polling requests under large scale deployments.

Set up the proxy server
Configure a DMZ Secure Proxy Server for IBM WAS
Implement a web server plug-in

+
Search Tips | Advanced Search

Functionality	Web server plug-in used with either the IBM HTTP Server or the Apache Web Server	WAS proxy server	DMZ Secure Proxy Server for IBM WAS
Session affinity	Yes	Yes1, 2	Yes1, 2
DMZ ready	Yes	No	Yes
Custom advisors are supported	No	Yes	Yes
Service Level Agreement (SLA)	No	No	No
QoS/Throttling	No	No	No
SIP proxy	No	Yes	Yes
ESI dynamic Caching	Yes	Yes3	Yes3
Managed from the administrative console	Yes	Yes	Yes4
Stream caching (large response caching)	Yes	Yes	Yes
Dynamically receive management events5	No	Yes	Yes6
Multi cells routing	No	Yes7	Yes8
Performance monitoring	Yes9	Yes10	Yes10
Load Balancing (weighted round-robin)	Yes11	Yes11	Yes11
Route rules are configurable	No12	Yes	Yes
Interoperability with WLM	Yes13	Yes14	Yes
Web service affinity and failover	No	Yes15	No
Rule expression and custom routing	No	Yes16	Yes15
Generic server cluster (GSC) affinity and failover	No	Yes17	Yes16
Table notes: Session affinity is supported for WAS managed resources. However, some session management custom properties, such as HttpSessionCloneId, are not supported. For generic server routing, where the resources are not WAS managed resources, active session affinity and passive session affinity need to be configured under generic server routing action. WAS proxy servers and DMZ Secure Proxy Servers for IBM WAS do not support fragment caching. Only whole page caching, and the ESI invalidation servlet are supported. Secure proxy profile on a DMZ installation can only be managed using scripting or an admin agent. Configuration-only secure proxy profile can be managed through scripting or the admin agent console. If you use an admin agent console, register a proxy profile with the admin agent. As performed by ODR in a WebSphere Extended Deployment environment. Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WAS, and the core group bridge interface for the WAS ND cells. Requires core group bridge setup between the proxy cell and other cells. Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WAS, and the core group bridge interface for the WAS ND cells. The web server plug-in statistics are obtained from request metrics. WAS proxy server statistics and DMZ Secure Proxy Server for IBM WAS statistics can be retrieved from Tivoli performance viewer, ARM, and performance mBeans. Random Load balancing is supported in addition to weighted round robin. Web server plug-in can only do static routing. A web server plug-in indirectly has interoperability with WLM through the exchange of dynamic workload manager (DWLM) Partition Tables between the web server plug-in and WAS. The plug-in uses these tables for dynamic routing and failover scenarios within a cluster. The proxy server uses the WAS WLM even if the proxy server is running on a z/OS operating system. The DataPower appliance manager provides faster web service affinity and failover service than Java proxy provides. Rule expression and custom routing allows administrators to override default WAS routing behavior. For example, you might not want requests forwarded to server1 in a cluster between 11:00 PM and 12:00 PM because you regularly apply maintenance to that server during that time interval. Proxy server supports load balancing and failover for generic server clusters with passive and/or active affinity.

Functionality	Web server plug-in used with either the IBM HTTP Server or the Apache Web Server	WAS proxy server	DMZ Secure Proxy Server for IBM WAS
Common Gateway Interface (CGI)	Yes	No	No
Request URI rewriting	Yes	No	No
Efficient static file serving	Yes	Basic1	Basic1
Compression	Yes	Yes	Yes
Response filtering	Yes	Yes2	Yes2
SSL termination	Yes	Yes	Yes
Cryptographic Accelerator3	Yes	Yes4	Yes4
FIPS	Yes	Yes	Yes
Third-party/customer-written plug-ins	Yes	No	No
Log	Yes	Yes5	Yes5
Custom Logging	Yes	No	No
Disk caching	Yes	Yes	Yes
Asynchronous request handling	none or partial6	Yes7
Table notes: WAS proxy servers support basic static file serving. WAS proxy servers support HTML link rewriting. This functionality only applies to Cryptographic Accelerators that WAS supports. See the Supported hardware and software web page . The support is provided by IBM JDK/JCE. Only NCSA common format is supported. The connection between a web server plug-in and an application server is synchronous and consumes a thread while reading/writing or waiting for data. See your web server documentation for information about how your particular web server handles client connections. Proxy server is optimized to handle AJAX long polling requests under large scale deployments.