Your SlideShare is downloading. ×
Web Server/App Server Connectivity
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Web Server/App Server Connectivity


Published on

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Web Server/App Server Connectivity SEMINAR TO BEGIN MOMENTARILY…Thank You For Your Patience. To Join the Audio Portion of Today’s Seminar: U.S./Canadian Participants - Dial 800-531-3250 Conference ID: 1055076
  • 2. Web Server/App Server Connectivity Speaker: Jim Jagielski Speaker: Filip Hanik CTO: Covalent Technologies Sr. Engineer: Covalent Technologies Director/Member/Developer: Apache Member/Developer: Apache Software Software Foundation Foundation Questions can be submitted by clicking on the Submit Question button above.
  • 3. The Source for Apache, Tomcat, Geronimo & Axis Covalent is the Leading Provider of Support for Apache Software Foundation Open Source Projects, Namely Tomcat, Geronimo, Axis, & Apache, the World's Leading Web Server* Covalent is One of the Few Sources of Full Commercial Support for Apache, Axis, Geronimo & Tomcat on a Global Basis Covalent Currently Supports More Than 50% of Fortune 500 and 20% of Global 2000 Companies *62% global Web server marketshare ~Netcraft April 2006 Web Server Survey 3
  • 4. Web Server/App Server Connectivity Agenda Why Common Practice is also Best Practice Overview of AJP (Apache JServ Protocol) Connectivity Methods Advantages / Disadvantages 4
  • 5. Typical Web/App Server Implementation Apache Tomcat Apache HTTPD Firewall Follows 3-tier architecture Tiers isolated by firewalls Tomcat fronted by Apache Web Server 5
  • 6. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall Security Business logic protected Web server provides choke point Web server designed to be in DMZ Authentication done at Web server layer, access to wider range of auth options Fast, centralized SSL/security 6
  • 7. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall Flexibility General purpose Web servers are designed to be flexible Can re-implement backend with no outward changes Load balancing well insulated Apache’s MPM implementation 7
  • 8. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall Performance Web servers are optimized for HTTP “Easy” to tune Web server and OS for peak performance Scalability is inherent in design Separation of tasks and overhead: your app server only handles dynamic content 8
  • 9. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall But what about Tomcat’s APR and NIO Connectors? Yes, Tomcat is now a capable HTTP server But that doesn’t make it an ideal HTTP server But we can, and should, still use that capability More in a few slides 9
  • 10. AJP - Apache JServ Protocol Apache Tomcat Apache HTTPD Firewall In a typical implementation, the communication protocol between Apache and Tomcat is AJP Apache used mod_jk to talk AJP to Tomcat AJP was originally designed to simplify the communication between Apache and Jserv, an older servlet implementation 10
  • 11. AJP Design and History AJP is a binary, packet-based protocol Main Design Considerations: Text is slow; binary is fast Opening/closing sockets is very slow; persistent sockets are fast Plus, creating your own protocol means you can simply things (don’t need to worry about HTTP compliance) 11
  • 12. AJP Design and History mod_jserv was the 1st Apache module to implement AJP (c1997) mod_jk designed to better integrate Apache and Tomcat Warp and mod_webapp were attempts to fix most of the problem with AJP and mod_jk. It was shortly deprecated mod_jk2 was an attempt to “upgrade” mod_jk for Apache 2, and take advantage of JMX-like setup. It was deprecated in Nov. 2004 12
  • 13. AJP Design and History Note that all protocol translations (HTTP>AJP and reverse) are done at the Apache module layer With mod_jk2 gone, the Apache proxy code was updated to include native AJP capability (to compliment the existing HTTP, HTTPS and FTP capability) In parallel, Apache 2.2’s Proxy upgraded to provide load balancing, etc… 13
  • 14. AJP The Dark Side Persistent connections – Tomcat blocking IO Must match maxThreads with the maximum possible connection count Each thread takes up system resources Not Firewall friendly Silently drop connections – no FIN packets mod_jk unable to properly handle such connection mod_jk reconnect can cause a thread increase/spike on Tomcat 14
  • 15. AJP The Dark Side Very difficult to debug Binary protocol Packet size limitations Minor build releases become incompatible with existing configuration And is marshalling into binary really faster than sending HTTP straight through? To most of these issues There is a cure Or there is a workaround 15
  • 16. AJP on the Tomcat Side Three AJP Connectors Java connector Blocking IO One thread per connection APR connector Supports polling Allows more connections than threads Java NIO Connector Not seen much use May not be battle tested 16
  • 17. Alternatives? OK, so AJP can be bothersome… What alternatives do I have? To answer, let’s look at some of the latest Tomcat and Apache developments 17
  • 18. Tomcat’s HTTP Connectors NIO and APR connectors Extremely capable and finely tuned connectors More options, more control Asynchronous servlets Send file support Can replace AJP specific features Custom httpd headers – httpd Custom valves - tomcat 18
  • 19. Tomcat’s HTTP Connectors Blocking Java Connector (BIO) Works well with previous mod_proxy since connections are not persistent The fastest connector when not using persistent connections – no polling overhead HTTP Connectors are easy to debug HTTP is text based, just sniff it 19
  • 20. Apache 2.2: Balancer Usage Apache: Self-contained, robust load balancer MySQL 5 Apache 2.2/mod_proxy_balancer Apache/mod_php cluster 20
  • 21. Apache 2.2: Proxy Balancer mod_proxy now implements native load balancing with connection pooling Support for HTTP, HTTPS and AJP13 protocols (no more mod_jk) Can weight traffic by request counting or traffic counting (lbmethod) Can adjust load factor preferences (loadfactor) Support for hot-standby and cluster sets (v2.2.4) Embedded manager application 21
  • 22. Apache 2.2: Proxy Balancer Apache: 2.2 Proxy LoadBalancer Reverse Proxy <Proxy balancer://foo> BalancerMember http://php1:8080/ loadfactor=1 BalancerMember http://php2:8080/ loadfactor=4 BalancerMember http://phpbkup:8080/ loadfactor=4 status=+h ProxySet lbmethod=bytraffic </Proxy> <Proxy balancer://japps> BalancerMember ajp://tc1:8089/ loadfactor=1 BalancerMember ajp://tc2:8089/ loadfactor=4 ProxySet lbmethod=byrequests </Proxy> ProxyPass /apps/ balancer://foo/ ProxyPass /serv/ balancer://japps/ ProxyPass /images/ http://images:8080/ 22
  • 23. Apache 2.2: Proxy Balancer Apache: 2.2 Proxy LoadBalancer Reverse Proxy <Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from </Location> 23
  • 24. Apache 2.2: Proxy Balancer 24
  • 25. Recommendation Time! Now that we know about AJP and HTTP, it’s time to make some recommendations When tradeoffs exist, it’s always best to be functional, even if a little bit slower (or potentially slower) It’s noteworthy that most of the problems seen involves the AJP layer, and not Apache or Tomcat themselves 25
  • 26. mod_jk - AJP Advantages: Incorporates many fixes/hacks to address problems with AJP Disadvantages: Directives, config and behavior frequently change between patch-level point releases (1.2.x -> 1.2.(x+1)) Most common native code does not use APR Uses AJP 26
  • 27. mod_jk - AJP Use Cases: AJP is mandated Setup is very complex (firewalls, etc…) but “local” Score: B 27
  • 28. mod_proxy_ajp - AJP Advantages: Consistent with normal Apache config Under the Apache HTTP PMC Uses APR Disadvantages: Lacks parity with mod_jk for some of the workaround/hacks Uses AJP 28
  • 29. mod_proxy_ajp - AJP Use Cases: AJP is mandated Setup is straight forward (no firewalls or firewall-related problems, etc…) and “local” Score: B- (but increasing) 29
  • 30. mod_proxy_http - HTTP Advantages: No longer uses AJP, but HTTP Native, protocol-level support for authentication and SSL ! Much more battle tested (mod_proxy used all over the place) Disadvantages: Method relatively unknown or unconsidered 30
  • 31. mod_proxy_http - HTTP Use Cases: “Everyplace” Setup is simple to complex Required encryption between Apache and Tomcat Score: A 31
  • 32. Summary HTTP is now extremely viable alternative mod_proxy in Apache 2.2 offers both AJP and HTTP, as well as expected, required features (load-balancing, sticky sessions…) Advances in Tomcat HTTP connectors allow total HTTP infrastructure design 32
  • 33. How you can help Battle test Apache 2.2 mod_proxy (both HTTP and AJP) Battle test Tomcat APR and NIO HTTP connectors Provide feedback, patches, etc… to Apache and Tomcat PMCs or even Filip/Jim directly 33
  • 34. Thank You Thank you! Let the flames and blogs begin! *grin* 34
  • 35. More Information… Regarding Apache HTTPD 2.2: Regarding Apache Tomcat Regarding Covalent: Regarding The Apache Software Foundation: 35
  • 36. Contact Us: Filip Hanik Jim Jagielski 36
  • 37. Q&A Any further questions can be submitted by clicking on the Submit Question button above. To request a copy of the slides, get the URL for the archived Webcast, or to send feedback, e-mail What is the next Webinar you’d like to see? Let us know: e-mail Thank You. 37
  • 38. The Most Trusted Source for Complete Enterprise Open Source Solutions 38