Web Server/App Server Connectivity
SEMINAR TO BEGIN MOMENTARILY…Thank You For Your Patience.

   To Join the Audio Portion...
Web Server/App Server Connectivity

      Speaker: Jim Jagielski                       Speaker: Filip Hanik
   CTO: Covale...
The Source for Apache, Tomcat,
           Geronimo & Axis

  Covalent is the Leading Provider of Support
  for Apache Soft...
Web Server/App Server Connectivity
      Agenda


Why Common Practice is also Best Practice
Overview of AJP (Apache JServ ...
Typical Web/App Server Implementation
                                           Apache Tomcat



                 Apache ...
Common Practice == Best Practice
                                                               Apache Tomcat



         ...
Common Practice == Best Practice
                                                                Apache Tomcat



        ...
Common Practice == Best Practice
                                                              Apache Tomcat



          ...
Common Practice == Best Practice
                                                              Apache Tomcat



          ...
AJP - Apache JServ Protocol
                                                                Apache Tomcat



             ...
AJP Design and History



AJP is a binary, packet-based protocol
Main Design Considerations:
  Text is slow; binary is fas...
AJP Design and History

mod_jserv was the 1st Apache module to
implement AJP (c1997)
mod_jk designed to better integrate A...
AJP Design and History


Note that all protocol translations (HTTP>AJP
and reverse) are done at the Apache module
layer
Wi...
AJP The Dark Side


Persistent connections – Tomcat blocking IO
  Must match maxThreads with the
  maximum possible connec...
AJP The Dark Side


Very difficult to debug
  Binary protocol
  Packet size limitations
  Minor build releases become inco...
AJP on the Tomcat Side

Three AJP Connectors
   Java connector
     Blocking IO
     One thread per connection
   APR conn...
Alternatives?



OK, so AJP can be bothersome…
What alternatives do I have?
To answer, let’s look at some of the latest
To...
Tomcat’s HTTP Connectors

NIO and APR connectors
Extremely capable and finely tuned
connectors
More options, more control
...
Tomcat’s HTTP Connectors



Blocking Java Connector (BIO)
   Works well with previous mod_proxy since
   connections are n...
Apache 2.2: Balancer Usage


  Apache:
    Self-contained, robust load balancer




                                      ...
Apache 2.2: Proxy Balancer


mod_proxy now implements native load
balancing with connection pooling
Support for HTTP, HTTP...
Apache 2.2: Proxy Balancer

   Apache:
     2.2 Proxy LoadBalancer Reverse Proxy
<Proxy balancer://foo>
 BalancerMember ht...
Apache 2.2: Proxy Balancer




   Apache:
     2.2 Proxy LoadBalancer Reverse Proxy

<Location /balancer-manager>
 SetHand...
Apache 2.2: Proxy Balancer




                             24
Recommendation Time!


Now that we know about AJP and HTTP, it’s
time to make some recommendations
When tradeoffs exist, i...
mod_jk - AJP


Advantages:
  Incorporates many fixes/hacks to address
  problems with AJP
Disadvantages:
   Directives, co...
mod_jk - AJP


Use Cases:
  AJP is mandated
  Setup is very complex (firewalls, etc…) but
  “local”
Score:
  B



        ...
mod_proxy_ajp - AJP



Advantages:
  Consistent with normal Apache config
  Under the Apache HTTP PMC
  Uses APR
Disadvant...
mod_proxy_ajp - AJP



Use Cases:
  AJP is mandated
  Setup is straight forward (no firewalls or
  firewall-related proble...
mod_proxy_http - HTTP


Advantages:
  No longer uses AJP, but HTTP
  Native, protocol-level support for
  authentication a...
mod_proxy_http - HTTP


Use Cases:
  “Everyplace”
  Setup is simple to complex
  Required encryption between Apache and
  ...
Summary



HTTP is now extremely viable alternative
mod_proxy in Apache 2.2 offers both AJP
and HTTP, as well as expected,...
How you can help


Battle test Apache 2.2 mod_proxy (both
HTTP and AJP)
Battle test Tomcat APR and NIO HTTP
connectors
Pro...
Thank You




Thank you!
Let the flames and blogs begin! *grin*




                                         34
More Information…


Regarding Apache HTTPD 2.2:
   http://httpd.apache.org/docs/2.2/
Regarding Apache Tomcat
   http://tom...
Contact Us:



Filip Hanik
   fhanik@covalent.net
Jim Jagielski
   jimj@covalent.net




                         36
Q&A


          Any further questions can be submitted by clicking
             on the Submit Question button above.


To ...
The Most Trusted Source
for Complete Enterprise Open Source Solutions




                                                ...
Upcoming SlideShare
Loading in …5
×

Web Server/App Server Connectivity

3,459 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,459
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
57
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Web Server/App Server Connectivity

  1. 1. Web Server/App Server Connectivity SEMINAR TO BEGIN MOMENTARILY…Thank You For Your Patience. To Join the Audio Portion of Today’s Seminar: U.S./Canadian Participants - Dial 800-531-3250 Conference ID: 1055076
  2. 2. Web Server/App Server Connectivity Speaker: Jim Jagielski Speaker: Filip Hanik CTO: Covalent Technologies Sr. Engineer: Covalent Technologies Director/Member/Developer: Apache Member/Developer: Apache Software Software Foundation Foundation Questions can be submitted by clicking on the Submit Question button above.
  3. 3. The Source for Apache, Tomcat, Geronimo & Axis Covalent is the Leading Provider of Support for Apache Software Foundation Open Source Projects, Namely Tomcat, Geronimo, Axis, & Apache, the World's Leading Web Server* Covalent is One of the Few Sources of Full Commercial Support for Apache, Axis, Geronimo & Tomcat on a Global Basis Covalent Currently Supports More Than 50% of Fortune 500 and 20% of Global 2000 Companies *62% global Web server marketshare ~Netcraft April 2006 Web Server Survey 3
  4. 4. Web Server/App Server Connectivity Agenda Why Common Practice is also Best Practice Overview of AJP (Apache JServ Protocol) Connectivity Methods Advantages / Disadvantages 4
  5. 5. Typical Web/App Server Implementation Apache Tomcat Apache HTTPD Firewall Follows 3-tier architecture Tiers isolated by firewalls Tomcat fronted by Apache Web Server 5
  6. 6. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall Security Business logic protected Web server provides choke point Web server designed to be in DMZ Authentication done at Web server layer, access to wider range of auth options Fast, centralized SSL/security 6
  7. 7. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall Flexibility General purpose Web servers are designed to be flexible Can re-implement backend with no outward changes Load balancing well insulated Apache’s MPM implementation 7
  8. 8. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall Performance Web servers are optimized for HTTP “Easy” to tune Web server and OS for peak performance Scalability is inherent in design Separation of tasks and overhead: your app server only handles dynamic content 8
  9. 9. Common Practice == Best Practice Apache Tomcat Apache HTTPD Firewall But what about Tomcat’s APR and NIO Connectors? Yes, Tomcat is now a capable HTTP server But that doesn’t make it an ideal HTTP server But we can, and should, still use that capability More in a few slides 9
  10. 10. AJP - Apache JServ Protocol Apache Tomcat Apache HTTPD Firewall In a typical implementation, the communication protocol between Apache and Tomcat is AJP Apache used mod_jk to talk AJP to Tomcat AJP was originally designed to simplify the communication between Apache and Jserv, an older servlet implementation 10
  11. 11. AJP Design and History AJP is a binary, packet-based protocol Main Design Considerations: Text is slow; binary is fast Opening/closing sockets is very slow; persistent sockets are fast Plus, creating your own protocol means you can simply things (don’t need to worry about HTTP compliance) 11
  12. 12. AJP Design and History mod_jserv was the 1st Apache module to implement AJP (c1997) mod_jk designed to better integrate Apache and Tomcat Warp and mod_webapp were attempts to fix most of the problem with AJP and mod_jk. It was shortly deprecated mod_jk2 was an attempt to “upgrade” mod_jk for Apache 2, and take advantage of JMX-like setup. It was deprecated in Nov. 2004 12
  13. 13. AJP Design and History Note that all protocol translations (HTTP>AJP and reverse) are done at the Apache module layer With mod_jk2 gone, the Apache proxy code was updated to include native AJP capability (to compliment the existing HTTP, HTTPS and FTP capability) In parallel, Apache 2.2’s Proxy upgraded to provide load balancing, etc… 13
  14. 14. AJP The Dark Side Persistent connections – Tomcat blocking IO Must match maxThreads with the maximum possible connection count Each thread takes up system resources Not Firewall friendly Silently drop connections – no FIN packets mod_jk unable to properly handle such connection mod_jk reconnect can cause a thread increase/spike on Tomcat 14
  15. 15. AJP The Dark Side Very difficult to debug Binary protocol Packet size limitations Minor build releases become incompatible with existing configuration And is marshalling into binary really faster than sending HTTP straight through? To most of these issues There is a cure Or there is a workaround 15
  16. 16. AJP on the Tomcat Side Three AJP Connectors Java connector Blocking IO One thread per connection APR connector Supports polling Allows more connections than threads Java NIO Connector Not seen much use May not be battle tested 16
  17. 17. Alternatives? OK, so AJP can be bothersome… What alternatives do I have? To answer, let’s look at some of the latest Tomcat and Apache developments 17
  18. 18. Tomcat’s HTTP Connectors NIO and APR connectors Extremely capable and finely tuned connectors More options, more control Asynchronous servlets Send file support Can replace AJP specific features Custom httpd headers – httpd Custom valves - tomcat 18
  19. 19. Tomcat’s HTTP Connectors Blocking Java Connector (BIO) Works well with previous mod_proxy since connections are not persistent The fastest connector when not using persistent connections – no polling overhead HTTP Connectors are easy to debug HTTP is text based, just sniff it 19
  20. 20. Apache 2.2: Balancer Usage Apache: Self-contained, robust load balancer MySQL 5 Apache 2.2/mod_proxy_balancer Apache/mod_php cluster 20
  21. 21. Apache 2.2: Proxy Balancer mod_proxy now implements native load balancing with connection pooling Support for HTTP, HTTPS and AJP13 protocols (no more mod_jk) Can weight traffic by request counting or traffic counting (lbmethod) Can adjust load factor preferences (loadfactor) Support for hot-standby and cluster sets (v2.2.4) Embedded manager application 21
  22. 22. Apache 2.2: Proxy Balancer Apache: 2.2 Proxy LoadBalancer Reverse Proxy <Proxy balancer://foo> BalancerMember http://php1:8080/ loadfactor=1 BalancerMember http://php2:8080/ loadfactor=4 BalancerMember http://phpbkup:8080/ loadfactor=4 status=+h ProxySet lbmethod=bytraffic </Proxy> <Proxy balancer://japps> BalancerMember ajp://tc1:8089/ loadfactor=1 BalancerMember ajp://tc2:8089/ loadfactor=4 ProxySet lbmethod=byrequests </Proxy> ProxyPass /apps/ balancer://foo/ ProxyPass /serv/ balancer://japps/ ProxyPass /images/ http://images:8080/ 22
  23. 23. Apache 2.2: Proxy Balancer Apache: 2.2 Proxy LoadBalancer Reverse Proxy <Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 192.168.2.22 </Location> 23
  24. 24. Apache 2.2: Proxy Balancer 24
  25. 25. Recommendation Time! Now that we know about AJP and HTTP, it’s time to make some recommendations When tradeoffs exist, it’s always best to be functional, even if a little bit slower (or potentially slower) It’s noteworthy that most of the problems seen involves the AJP layer, and not Apache or Tomcat themselves 25
  26. 26. mod_jk - AJP Advantages: Incorporates many fixes/hacks to address problems with AJP Disadvantages: Directives, config and behavior frequently change between patch-level point releases (1.2.x -> 1.2.(x+1)) Most common native code does not use APR Uses AJP 26
  27. 27. mod_jk - AJP Use Cases: AJP is mandated Setup is very complex (firewalls, etc…) but “local” Score: B 27
  28. 28. mod_proxy_ajp - AJP Advantages: Consistent with normal Apache config Under the Apache HTTP PMC Uses APR Disadvantages: Lacks parity with mod_jk for some of the workaround/hacks Uses AJP 28
  29. 29. mod_proxy_ajp - AJP Use Cases: AJP is mandated Setup is straight forward (no firewalls or firewall-related problems, etc…) and “local” Score: B- (but increasing) 29
  30. 30. mod_proxy_http - HTTP Advantages: No longer uses AJP, but HTTP Native, protocol-level support for authentication and SSL ! Much more battle tested (mod_proxy used all over the place) Disadvantages: Method relatively unknown or unconsidered 30
  31. 31. mod_proxy_http - HTTP Use Cases: “Everyplace” Setup is simple to complex Required encryption between Apache and Tomcat Score: A 31
  32. 32. Summary HTTP is now extremely viable alternative mod_proxy in Apache 2.2 offers both AJP and HTTP, as well as expected, required features (load-balancing, sticky sessions…) Advances in Tomcat HTTP connectors allow total HTTP infrastructure design 32
  33. 33. How you can help Battle test Apache 2.2 mod_proxy (both HTTP and AJP) Battle test Tomcat APR and NIO HTTP connectors Provide feedback, patches, etc… to Apache and Tomcat PMCs or even Filip/Jim directly 33
  34. 34. Thank You Thank you! Let the flames and blogs begin! *grin* 34
  35. 35. More Information… Regarding Apache HTTPD 2.2: http://httpd.apache.org/docs/2.2/ Regarding Apache Tomcat http://tomcat.apache.org/ Regarding Covalent: http://www.covalent.net/ Regarding The Apache Software Foundation: http://www.apache.org/ 35
  36. 36. Contact Us: Filip Hanik fhanik@covalent.net Jim Jagielski jimj@covalent.net 36
  37. 37. Q&A Any further questions can be submitted by clicking on the Submit Question button above. To request a copy of the slides, get the URL for the archived Webcast, or to send feedback, e-mail seminars@covalent.net What is the next Webinar you’d like to see? Let us know: e-mail seminars@covalent.net Thank You. 37
  38. 38. The Most Trusted Source for Complete Enterprise Open Source Solutions 38

×