Select a front end for our WebSphere Application Server topology
Intermediaries provide...
- session affinity
- failover support
- workload balancing
- The WAS web server plug-in provides an interface between a web server and an application server. The web server plug-in determines the server to which a client request, such as servlets, needs to be routed.
- The WebSphere DataPower appliance is an advanced proxy server that offers enhanced functionality, such as WS-Addressing, custom advisors, QOS, and SLA.
We can also use the following stabilized components as a reverse proxy between an HTTP client and a clustered application, or a partitioned application:
- The WAS proxy server is a specific type of application server that routes HTTP requests to content servers that perform the work. The WAS proxy server can be the initial point of entry for requests to servers in the enterprise environment. However, because a WAS proxy server is not safe for DMZ deployment, a WAS proxy server is typically fronted by a web server, or used in internal only environments where stringent host security requirements are not required.
- The on demand router is an intelligent router. The ODR is aware of the dynamic state of the cell, so that if one server in the cell fails, the requests are routed to another server. The configuration of the ODR in the DMZ is not supported.
-
Deprecated feature: The DMZ Secure Proxy Server is deprecated for WAS traditional v9.0.depfeat
The DMZ Proxy Server for IBM WAS is a WAS proxy server that is designed specifically to be safely installed on a stand-alone node in a demilitarized zone (DMZ). If we require the function of the WAS proxy server, and want to deploy it to the DMZ, we should use a DMZ Secure Proxy Server for IBM WAS to provide session affinity, failover support, and workload balancing for our WAS topology.
The DMZ is a safe zone between firewalls that is typically located between a client and a backend server. A DMZ Secure Proxy Server accepts requests from clients on the Internet, and forwards the requests to servers in the enterprise environment.
Use your web server of choice and the corresponding web server plug-ins. Alternatively, for enhanced capabilities, use a DataPower appliance, which handles WS-Addressing, custom advisors, QOS, and SLA.
The following tables compare the core application server frontend functionality, and the non-core functionality of a web server plug-in running in a modern web server, such as the IBM HTTP Server, based on Apache HTTP Server (with and without Intelligent Management), the on demand router, a WAS proxy server, a DMZ Secure Proxy Server for IBM WAS, and a WebSphere DataPower Service Gateway.
| Functionality | Web server plug-in IHS or Apache | Web server plug-in IHS or Apache with Intelligent Management | WebSphere DataPower Service Gateway | On Demand Router (ODR) | DMZ Secure Proxy Server for IBM WAS or WAS proxy server |
|---|---|---|---|---|---|
| Session affinity | Yes | Yes | Yes18, | Yes1, 2 | Yes ( DMZ proxy only) 1, 2 |
| DMZ ready | Yes | Yes | Yes | No | Yes ( DMZ proxy only) |
| Custom advisors | No | No | Yes | No | No |
| Service Level Agreement (SLA) | No | No | Yes | Yes | No |
| SIP proxy | No | No | No | Yes | Yes |
| ESI dynamic Caching | Yes | Yes | No | Yes 3 | Yes 3 |
| Managed from the administrative console | Yes | Yes | Partial19 | Yes | Yes4 |
| Stream caching (large response caching) | Yes | Yes | No | Yes | Yes |
| Dynamically receive management events5 | No | No | Yes18 | Yes6 | Yes6 |
| Multi cells routing | No | No | Yes20 | Yes8 | Yes8 |
| Performance monitoring | Yes9 | Yes9 | Yes | Yes10 | Yes10 |
| Load Balancing (weighted round-robin) | Yes11 | Yes11 | Yes | Yes11 | Yes11 |
| Routing rules are configurable | No12 | No12 | Yes | Yes | Yes |
| Interoperability with WLM | Yes13 | Yes13 | Yes18 | Yes | Yes |
| Web service affinity and failover (WS Addressing) | No | No | Yes18 | Yes | Yes |
| Rule expression and custom routing | No | Yes | Yes21 | Yes15 | Yes15 |
| Generic server cluster (GSC) affinity and failover | No | No | Yes | Yes16 | Yes16 |
| Per Request Trace | No | Yes | Yes | Yes | No |
| Weighted Least Outstanding Request (WLOR) | No | Yes | Yes | Yes | No |
| Health Policy Support | No | Yes | Yes | Yes | No |
| WebSockets Proxy | Yes | Yes | Yes | No | No |
Table notes:
- Session affinity is supported for WAS managed resources. However, some session management custom properties, such as HttpSessionCloneId, are not supported.
- For generic server routing, where the resources are not WAS managed resources, active session affinity and passive session affinity need to be configured under generic server routing action.
- WAS proxy servers and DMZ Secure Proxy Servers for IBM WAS do not support fragment caching. Only whole page caching, and the ESI invalidation servlet are supported.
- Secure proxy profile on a DMZ installation can only be managed using scripting or an administrative agent. Configuration-only secure proxy profile can be managed through scripting or the administrative agent console. If we use an administrative agent console, we must register a proxy profile with the administrative agent.
- As performed by ODR in a WebSphere Extended Deployment environment.
- Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WAS, and the core group bridge interface for the WAS ND cells.
- Requires core group bridge setup between the proxy cell and other cells.
- Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WAS, and the core group bridge interface for the WAS ND cells.
- The web server plug-in statistics are obtained from request metrics.
- WAS proxy server statistics and DMZ Secure Proxy Server for IBM WAS statistics can be retrieved from Tivoli performance viewer, ARM, and performance mBeans.
- Random Load balancing is supported in addition to weighted round robin.
- Web server plug-in can only do static routing.
- A web server plug-in indirectly has interoperability with WLM through the exchange of dynamic workload manager (DWLM) Partition Tables between the web server plug-in and WAS. The plug-in uses these tables for dynamic routing and failover scenarios within a cluster.
- The proxy server uses the WAS WLM even if the proxy server is running on a z/OS operating system.
- The DataPower appliance manager provides faster web service affinity and failover service than Java proxy provides.
- Rule expression and custom routing allows administrators to override default WAS routing behavior. For example, we might not want requests forwarded to server1 in a cluster between 11:00 PM and 12:00 PM because you regularly apply maintenance to that server during that time interval.
- Proxy server supports load balancing and failover for generic server clusters with passive and/or active affinity.
- Requires WebSphere DataPower AO module.
- Configuration with regards to cluster members, weights, session affinity, and application edition support is performed via the WAS ISC Console, but it is retrieved and acted upon by WebSphere DataPower.
- Multi cell routing is based on policy and rule configuration within DataPower. This is independent of the WAS configuration.
- Content-based routing is provided via WebSphere DataPower configuration policy and stylesheets.
| Functionality | Web server plug-in used with either IHS or Web with or without Intelligent Management | WebSphere DataPower Service Gateway | On Demand Router (ODR) | DMZ Secure Proxy Server for IBM WAS -OR- WAS proxy server |
|---|---|---|---|---|
| Common Gateway Interface (CGI) | Yes | No | No | No |
| Request URI rewriting | Yes | Yes | No | No |
| Efficient static file serving | Yes | No | Basic1 | Basic1 |
| Compression | Yes | Yes | Yes | Yes |
| Response filtering | Yes | Yes | Yes2 | Yes2 |
| SSL termination | Yes | Yes | Yes | Yes |
| Cryptographic Accelerator3 | Yes | Yes | Yes4 | Yes4 |
| FIPS | Yes | Yes | Yes | Yes |
| Third-party/customer-written plug-ins | Yes | Yes8 | No | No |
| Logging | Yes | Yes | Yes5 | Yes5 |
| Custom logging | Yes | Yes | Yes | No |
| Disk caching | Yes | No | Yes | Yes |
| Asynchronous request handling | none or partial6 | Yes | Yes7 | Yes7 |
Table notes:
- WAS proxy servers support basic static file serving.
- WAS proxy servers support HTML link rewriting.
- This functionality only applies to Cryptographic Accelerators that WAS supports.
- The support is provided by IBM JDK/JCE.
- Only NCSA common format is supported.
- The connection between a web server plug-in and an application server is synchronous and consumes a thread while reading/writing or waiting for data.
- Proxy server is optimized to handle AJAX long polling requests under large scale deployments.
- Sophisticated rules and custom processing can be achieved using Extensible Stylesheet Language Transformations (XSLT).