web server/app server connectivity
DESCRIPTION
TRANSCRIPT
Web Server/App Server Connectivity
SEMINAR TO BEGIN MOMENTARILY…Thank You For Your Patience.
To Join the Audio Portion of Today’s Seminar:U.S./Canadian Participants - Dial 800-531-3250
Conference ID: 1055076
Web Server/App Server Connectivity
Questions can be submitted by clicking on the Submit Question button above.
Speaker: Jim Jagielski
CTO: Covalent Technologies
Director/Member/Developer: Apache Software Foundation
Speaker: Filip Hanik
Sr. Engineer: Covalent Technologies
Member/Developer: Apache Software Foundation
3
The Source for Apache, Tomcat, Geronimo & Axis
Covalent is the Leading Provider of Support for Apache Software Foundation Open Source Projects, Namely Tomcat, Geronimo, Axis, & Apache, the World's Leading Web Server*
Covalent is One of the Few Sources of Full Commercial Support for Apache, Axis, Geronimo & Tomcat on a Global Basis
Covalent Currently Supports More Than 50% of Fortune 500 and 20% of Global 2000 Companies
*62% global Web server marketshare ~Netcraft April 2006 Web Server Survey
4
Why Common Practice is also Best Practice
Overview of AJP (Apache JServ Protocol)
Connectivity MethodsAdvantages / Disadvantages
Web Server/App Server ConnectivityAgenda
5
Follows 3-tier architecture
Tiers isolated by firewalls
Tomcat fronted by Apache Web Server
Typical Web/App Server Implementation
Apache HTTPD
Apache Tomcat
Firewall
6
SecurityBusiness logic protectedWeb server provides choke pointWeb server designed to be in DMZAuthentication done at Web server layer, access to wider range of auth optionsFast, centralized SSL/security
Common Practice == Best Practice
Apache HTTPD
Apache Tomcat
Firewall
7
FlexibilityGeneral purpose Web servers are designed to be flexibleCan re-implement backend with no outward changesLoad balancing well insulatedApache’s MPM implementation
Common Practice == Best Practice
Apache HTTPD
Apache Tomcat
Firewall
8
PerformanceWeb servers are optimized for HTTP“Easy” to tune Web server and OS for peak performanceScalability is inherent in designSeparation of tasks and overhead: your app server only handles dynamic content
Common Practice == Best Practice
Apache HTTPD
Apache Tomcat
Firewall
9
But what about Tomcat’s APR and NIO Connectors?
Yes, Tomcat is now a capable HTTP serverBut that doesn’t make it an ideal HTTP serverBut we can, and should, still use that capabilityMore in a few slides
Common Practice == Best Practice
Apache HTTPD
Apache Tomcat
Firewall
10
In a typical implementation, the communication protocol between Apache and Tomcat is AJP
Apache used mod_jk to talk AJP to Tomcat
AJP was originally designed to simplify the communication between Apache and Jserv, an older servlet implementation
AJP - Apache JServ Protocol
Apache HTTPD
Apache Tomcat
Firewall
11
AJP is a binary, packet-based protocol
Main Design Considerations:Text is slow; binary is fastOpening/closing sockets is very slow; persistent sockets are fast
Plus, creating your own protocol means you can simply things (don’t need to worry about HTTP compliance)
AJP Design and History
12
mod_jserv was the 1st Apache module to implement AJP (c1997)
mod_jk designed to better integrate Apache and Tomcat
Warp and mod_webapp were attempts to fix most of the problem with AJP and mod_jk. It was shortly deprecated
mod_jk2 was an attempt to “upgrade” mod_jk for Apache 2, and take advantage of JMX-like setup. It was deprecated in Nov. 2004
AJP Design and History
13
Note that all protocol translations (HTTP>AJP and reverse) are done at the Apache module layer
With mod_jk2 gone, the Apache proxy code was updated to include native AJP capability (to compliment the existing HTTP, HTTPS and FTP capability)
In parallel, Apache 2.2’s Proxy upgraded to provide load balancing, etc…
AJP Design and History
14
Persistent connections – Tomcat blocking IOMust match maxThreads with the maximum possible connection countEach thread takes up system resources
Not Firewall friendlySilently drop connections – no FIN packetsmod_jk unable to properly handle such connectionmod_jk reconnect can cause a thread increase/spike on Tomcat
AJP The Dark Side
15
Very difficult to debugBinary protocolPacket size limitationsMinor build releases become incompatible with existing configurationAnd is marshalling into binary really faster than sending HTTP straight through?
To most of these issuesThere is a cureOr there is a workaround
AJP The Dark Side
16
AJP on the Tomcat Side
Three AJP ConnectorsJava connector
Blocking IOOne thread per connection
APR connectorSupports pollingAllows more connections than threads
Java NIO ConnectorNot seen much useMay not be battle tested
17
Alternatives?
OK, so AJP can be bothersome…
What alternatives do I have?
To answer, let’s look at some of the latest Tomcat and Apache developments
18
Tomcat’s HTTP Connectors
NIO and APR connectors
Extremely capable and finely tuned connectors
More options, more control
Asynchronous servlets
Send file support
Can replace AJP specific featuresCustom httpd headers – httpdCustom valves - tomcat
19
Tomcat’s HTTP Connectors
Blocking Java Connector (BIO)Works well with previous mod_proxy since connections are not persistentThe fastest connector when not using persistent connections – no polling overhead
HTTP Connectors are easy to debugHTTP is text based, just sniff it
20
Apache 2.2: Balancer Usage
Apache 2.2/mod_proxy_balancer
Apache/mod_php cluster
MySQL 5
Apache:Self-contained, robust load balancer
21
mod_proxy now implements native load balancing with connection pooling
Support for HTTP, HTTPS and AJP13 protocols (no more mod_jk)
Can weight traffic by request counting or traffic counting (lbmethod)
Can adjust load factor preferences (loadfactor)
Support for hot-standby and cluster sets (v2.2.4)
Embedded manager application
Apache 2.2: Proxy Balancer
22
Apache:2.2 Proxy LoadBalancer Reverse Proxy
Apache 2.2: Proxy Balancer
<Proxy balancer://foo> BalancerMember http://php1:8080/ loadfactor=1 BalancerMember http://php2:8080/ loadfactor=4 BalancerMember http://phpbkup:8080/ loadfactor=4 status=+h ProxySet lbmethod=bytraffic</Proxy><Proxy balancer://japps> BalancerMember ajp://tc1:8089/ loadfactor=1 BalancerMember ajp://tc2:8089/ loadfactor=4ProxySet lbmethod=byrequests</Proxy>
ProxyPass /apps/ balancer://foo/ProxyPass /serv/ balancer://japps/
ProxyPass /images/ http://images:8080/
23
Apache:2.2 Proxy LoadBalancer Reverse Proxy
Apache 2.2: Proxy Balancer
<Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 192.168.2.22</Location>
24
Apache 2.2: Proxy Balancer
25
Recommendation Time!
Now that we know about AJP and HTTP, it’s time to make some recommendations
When tradeoffs exist, it’s always best to be functional, even if a little bit slower (or potentially slower)
It’s noteworthy that most of the problems seen involves the AJP layer, and not Apache or Tomcat themselves
26
mod_jk - AJP
Advantages:Incorporates many fixes/hacks to address problems with AJP
Disadvantages:Directives, config and behavior frequently change between patch-level point releases (1.2.x -> 1.2.(x+1))Most common native code does not use APRUses AJP
27
mod_jk - AJP
Use Cases:AJP is mandatedSetup is very complex (firewalls, etc…) but “local”
Score:B
28
mod_proxy_ajp - AJP
Advantages:Consistent with normal Apache configUnder the Apache HTTP PMCUses APR
Disadvantages:Lacks parity with mod_jk for some of the workaround/hacksUses AJP
29
mod_proxy_ajp - AJP
Use Cases:AJP is mandatedSetup is straight forward (no firewalls or firewall-related problems, etc…) and “local”
Score:B- (but increasing)
30
mod_proxy_http - HTTP
Advantages:No longer uses AJP, but HTTPNative, protocol-level support for authentication and SSL !Much more battle tested (mod_proxy used all over the place)
Disadvantages:Method relatively unknown or unconsidered
31
mod_proxy_http - HTTP
Use Cases:“Everyplace”Setup is simple to complexRequired encryption between Apache and Tomcat
Score:A
32
Summary
HTTP is now extremely viable alternative
mod_proxy in Apache 2.2 offers both AJP and HTTP, as well as expected, required features (load-balancing, sticky sessions…)
Advances in Tomcat HTTP connectors allow total HTTP infrastructure design
33
How you can help
Battle test Apache 2.2 mod_proxy (both HTTP and AJP)
Battle test Tomcat APR and NIO HTTP connectors
Provide feedback, patches, etc… to Apache and Tomcat PMCs or even Filip/Jim directly
34
Thank You
Thank you!
Let the flames and blogs begin! *grin*
35
Regarding Apache HTTPD 2.2:
http://httpd.apache.org/docs/2.2/
Regarding Apache Tomcat
http://tomcat.apache.org/
Regarding Covalent:
http://www.covalent.net/
Regarding The Apache Software Foundation:
http://www.apache.org/
More Information…
37
Any further questions can be submitted by clicking on the Submit Question button above.
To request a copy of the slides, get the URL for the archived Webcast, or to send feedback,
e-mail [email protected]
What is the next Webinar you’d like to see? Let us know:e-mail [email protected]
Thank You.
Q & A
38
The Most Trusted Source
for Complete Enterprise Open Source Solutions