Arquitectura en Cluster ES

8/2/2019 Arquitectura en Cluster ES

1/19

Cluster ArchitecturesThis following sections describe alternative architectures for a WebLogic Servercluster: Architectural and Cluster Terminology

Recommended Basic Architecture

Recommended Multi-Tier Architecture

Recommended Proxy Architectures

Security Options for Cluster Architectures

Architectural and Cluster TerminologyThis section defines terms used in this document.

Arquitectura

En este contexto la arquitectura se refiere a cmo las capas de una aplicacin sondeployadas a uno o ms clsters.

Capas de Aplicacin Web

Una aplicacin web est dividida en variascapas que corresponden a losservicios lgicos que proporciona la aplicacin. Debido a que no todas lasaplicaciones web son iguales, tu aplicacin puede no utilizar todas las capas

descritas a continuacin. Tambin mantn en mente que las capas representan lasdivisiones lgicas de los servicios de una aplicacin, y no necesariamente lasdivisiones fsicas entre componentes de hardware y software. En algunos casos,una sola mquina ejecutando una sola instancias de WebLogic Server puedeproporcionar todas las capas descritas a continuacin.

Web Tier

La capa web proporciona contenido esttico (por ejemplo, pginas HTMLsimples) a los clientes de una aplicacin Web. La capa web es generalmenteel primer punto de contacto entre clientes externos y la aplicacin Web. Unasimple aplicacin web puede tener una capa web que consiste de una o msmquinas corriendo WebLogic Express, Apache, Netscape Enterprise Server,

or Microsoft Internet Information Server.

Capa de Presentacin

La capa de presentacin proporciona contenido dinmico (por ejemplo,servlets o Java Server Pages) a los clientes de una aplicacin web. Un clusterde instancias del Servidor WebLogic que hostea servlets y/o JSPs comprendela capa de presentacin de una aplicacin web. Si el cluster tambin sirve
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1028504http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1028504http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094289http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094289http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094289http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1028504


2/19

pginas HTML estticas para tu aplicacin, abarca la capa de presentacin yla capa web.

Capa de Objeto

La capa de objeto proporciona objetos Java (por ejemplo, Enterprise

JavaBeans o cases RMI) y su lgica de negocios asociada a una aplicacinWeb. Un cluster de Servidor WebLogic que hostea EJBs provee una capa deobjeto.

Arquitectura de Capa Combinada

Una arquitectura de cluster en la cual todas las capas de la aplicacin web sondeployadas a un solo cluster del Servidor WebLogic es llamada una arquitecturade capa combinada.

Zona Desmilitarizada (DMZ)

La Zona DesMilitarizada (DMZ) es una coleccin lgica de hardware y servicios queest hecha disponible a fuentes no confiables exteriores. En la mayora de lasaplicaciones web, un banco de servidores web reside en la DMZ para permitir a losclientes basados en navegador accesar a contenido HTML esttico.

La DMZ puede proporcionar seguridad contra ataques exteriores al hardware ysoftware. Sin embargo, debido a que la DMZ est disponible a fuentes noconfiables, es menos segura que un sistema interno. Por ejemplo, los sistemasinternos pueden ser protegidos por un firewall que deniega todo el acceso externo.La zona desmilitarizada puede ser protegida por un firewall que esconde el accesoa mquinas individuales, aplicaciones, o nmeros de puerto, pero an permite elacceso a estos servicios desde clientes no confiables.

Balanceador de CargaEn este documento, el trmino balanceador de carga describe cualquier tecnologaque distribuye las solicitudes de conexin de clientes a una o ms direcciones IPdistintas. Por ejemplo, una sola aplicacin web puede usar el algoritmo round-robin DNS como un balanceador de carga. Las aplicaciones ms grandesgeneralmente usan soluciones de balanceo de carga basados en hardware, comoaquellas de Alteon WebSystems, las cuales pueden proporcionar tambincapacidades de seguridad semejantes a firewall.

Los balanceadores de carga proporcionan la capacidad de asociar una conexincliente con un servidor particular en el cluster, lo cual es requerido cuando se usareplicacin en memoria para informacin de la sesin cliente. Con ciertos

productos de balanceo de carga, debes configurar el mecanismo de persistenciade cookie y evitar sobrescribir la cookie del Servidor WebLogic, la cual rastrea losservidores primario y secundarios usados para replicacin en memoria. Para msinformacin, vaseFor a discussion of external load balancers, session cookiepersistence, and the WebLogic Server session cookie, see Load Balancing HTTP

Sessions with an External Load Balancer on page 5-2.

Proxy Plug-In
http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444


3/19

Unproxy plug-in ws una extensin del Servidor WebLogic a un servidor HTTPcomo Apache, Netscape Enterprise Server, or Microsoft Internet InformationServerque accesa servlets clusterizados provistos por un cluster del ServidorWebLogic. EL plug-in proxy contiene la lgica de balanceo de carga para accesarservlets y JSPs en un cluster del Servidor WebLogic. Los plug-ins proxy tambincontienen la lgica para accesar la rplica del estado de la sesin de un cliente si

el Servidor WebLogic primario que hostea el estado de la sesin falla.

Arquitectura Bsica RecomendadaLa arquitectura bsica recomendada es una arquitectura de capas combinadas todas las capas de la aplicacin web son deployadas al mismo cluster del ServidorWebLogic Server. Esta arquitectura se ilustra en la siguiente figura.

Figura 9-1 Arquitectura Bsica Recomendada

Los beneficios de la Arquitectura Bsica Recomendada son:

Facilidad de administracin

Debido a que un solo cluster hostea pginas HTTP estticas, servlets, y EJBs,puedes configurar la aplicacin web completa y deployar/desdeployar objetosusando la Consola del Servidor WebLogic. No necesitas mantener separadoun banco de servidores web (y configurar los plug-ins proxy del ServidorWebLogic) para beneficiarse de los servlets clusterizados.

Balanceo de carga flexible


4/19

Usando hardware de balanceo de carga directamente en frente del cluster delServidor WebLogic te permite usar polticas avanzadas de balanceo de cargapara accesar contenido HTML y servlet. Por ejemplo, puedes configurar tubalanceador de carga para detectar las cargas del servidor actual y dirigir lassolicitudes de los clientes de forma adecuada.

Seguridad robusta

Colocar un firewall en frente de tu hardware de balanceo de carga te permiteinstalar/configurar una Zona Desmilitarizada (DMZ) para tu aplicacin webusando polticas de firewall mnimas.

Performance ptimo

La arquitectura de capas combinadas ofrece el mejor performance paraaplicaciones en las cuales la mayora o todos los servlets o JSPs en la capa depresentacin tpicamente accesan objetos en la capa de objetos, comoobjetos EJBs o JDBC

Nota: Cuando se utiliza un balanceador de carga de terceras partes conreplicacin de sesin en memoria, debes asegurarte que el balanceadorde carga mantiene la conexin de un cliente a la instancia del ServidorWebLogic que hostea su estado de sesin primario (el servidor puntode contacto). Para ms informacin sobre balanceadores de carga,vaseFor a discussion of external load balancers, session cookiepersistence, and the WebLogic Server session cookie, see Load

Balancing HTTP Sessions with an External Load Balancer on page 5-2.

Cuando No Utilizar una Arquitectura de Capas Combinadas

While a combined tier architecture, such as the Recommended Basic Architecture,meets the needs of many Web applications, it limits your ability to fully employthe load balancing and failover capabilities of a cluster. Load balancing andfailover can be introduced only at the interfaces between Web application tiers, so,when tiers are deployed to a single cluster, you can only load balance betweenclients and the cluster.

Because most load balancing and failover occurs between clients and the clusteritself, a combined tier architecture meets the needs of most Web applications.

However, combined-tier clusters provide no opportunity for load balancing methodcalls to clustered EJBs. Because clustered objects are deployed on all WebLogicServer instances in the cluster, each object instance is available locally to eachserver. WebLogic Server optimizes method calls to clustered EJBs by alwaysselecting the local object instance, rather than distributing requests to remoteobjects and incurring additional network overhead.

This collocation strategy is, in most cases, more efficient than load balancing eachmethod request to a different server. However, if the processing load to individualservers becomes unbalanced, it may eventually become more efficient to submitmethod calls to remote objects rather than process methods locally.
http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp761444


5/19

To utilize load balancing for method calls to clustered EJBs, you must split thepresentation and object tiers of the Web application onto separate physicalclusters, as described in the following section.

Consider the frequency of invocations of the object tier by the presentation tierwhen deciding between a combined tier and multi-tier architecture. If presentationobjects usually invoke the object tier, a combined tier architecture may offerbetter performance than a multi-tier architecture.

Recommended Multi-Tier ArchitectureThis section describes the Recommended Multi-Tier Architecture, in which differenttiers of your application are deployed to different clusters.

The recommended multi-tier architecture uses two separate WebLogic Serverclusters: one to serve static HTTP content and clustered servlets, and one to serveclustered EJBs. The multi-tier cluster is recommended for Web applications that: Require load balancing for method calls to clustered EJBs.

Require more flexibility for balancing the load between servers that provide HTTP content andservers that provide clustered objects.

Require higher availability (fewer single points of failure).

Note: Consider the frequency of invocations from the presentation tier to theobject tier when considering a multi-tier architecture. If presentationobjects usually invoke the object tier, a combined tier architecture mayoffer better performance than a multi-tier architecture.

The following figure depicts the recommended multi-tier architecture.Figure 9-2 Recommended Multi-Tier Architecture


6/19

Physical Hardware and Software Layers

In the Recommended Multi-Tier Architecture the application tiers are hosted ontwo separate physical layers of hardware and software.

Web/Presentation Layer

The web/presentation layer consists of a cluster of WebLogic Server instancesdedicated to hosting static HTTP pages, servlets, and JSPs. This servletcluster does nothost clustered objects. Instead, servlets in the presentation tiercluster act as clients for clustered objects, which reside on an separate WebLogicServer cluster in the object layer.

Object Layer

The object layer consists of a cluster of WebLogic Server instances that hosts onlyclustered objectsEJBs and RMI objects as necessary for the web application. Byhosting the object tier on a dedicated cluster, you lose the default collocation

optimization for accessing clustered objects described inOptimization for

Collocated Objects. However, you gain the ability to load balance on eachmethod call to certain clustered objects, as described in the following section.

Benefits of Multi-Tier Architecture

The multi-tier architecture provides these advantages: Load Balancing EJB Methods
http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599


7/19

By hosting servlets and EJBs on separate clusters, servlet method calls toEJBs can be load balanced across multiple servers. This process is describedin detail inLoad Balancing Clustered Objects in a in Multi-Tier Architecture.

Improved Server Load Balancing

Separating the presentation and object tiers onto separate clusters providesmore options for distributing the load of the web application. For example, ifthe application accesses HTTP and servlet content more often than EJBcontent, you can use a large number of WebLogic Server instances in thepresentation tier cluster to concentrate access to a smaller number of servershosting EJBs.

Higher Availability

By utilizing additional WebLogic Server instances, the multi-tier architecturehas fewer points of failure than the basic cluster architecture. For example, ifa WebLogic Server that hosts EJBs fails, the HTTP- and servlet-hostingcapacity of the Web application is not affected.

Improved Security Options

By separating the presentation and object tiers onto separate clusters, youcan use a firewall policy that places only the servlet/JSP cluster in the DMZ.Servers hosting clustered objects can be further protected by denying directaccess from untrusted clients. For more information, seeSecurity Options forCluster Architectures.

Load Balancing Clustered Objects in a in Multi-Tier Architecture

WebLogic Servers collocation optimization for clustered objects, described

inOptimization for Collocated Objects

, relies on having a clustered object(the EJB or RMI class) hosted on the same server instance as the replica-awarestub that calls the object.

The net effect of isolating the object tier is that no client (HTTP client, Java client,or servlet) ever acquires a replica-aware stub on the same server that hosts theclustered object. Because of this, WebLogic Server cannot use its collocation

optimization (described inOptimization for Collocated Objects), and servletcalls to clustered objects are automatically load balanced according to the logiccontained in the replica-aware stub. The following figure depicts a client accessinga clustered EJB instance in the multi-tier architecture.

Figure 9-3 Load Balancing Objects in a Multi-Tier Architecture
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1098395http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1098395http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1098395http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/load_balancing.html#wp1026599http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1088950http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1098395


8/19

Tracing the path of the client connection, you can see the implication of isolatingthe object tier onto separate hardware and software:

1. An HTTP client connects to one of several WebLogic Server instances in the web/servletcluster, going through a load balancer to reach the initial server.

2. The client accesses a servlet hosted on the WebLogic Server cluster.

3. The servlet acts as a client to clustered objects required by the web application. In theexample above, the servlet accesses a stateless session EJB.

The servlet looks up the EJB on the WebLogic Server cluster that hostsclustered objects. The servlet obtains a replica-aware stub for the bean,which lists the addresses of all servers that host the bean, as well as the loadbalancing logic for accessing bean replicas.

Note: EJB replica-aware stubs and EJB home load algorithms arespecified using elements of the EJB deployment descriptor.

Seeweblogic-ejb-jar.xml Deployment DescriptorReferencein Programming WebLogic EnterpriseJavaBeans for more information.

4. When the servlet next accesses the EJB (for example, in response to another client), ituses the load-balancing logic present in the beans stub to locate a replica. In the example above,

multiple method calls are directed using the round-robin algorithm for load balancing.

In this example, if the same WebLogic Server cluster hosted both servlets andEJBs (as in theRecommended Basic Architecture), WebLogic Server would notload balance requests for the EJB. Instead, the servlet would always invokemethods on the EJB replica hosted on the local server. Using the local EJB instanceis more efficient than making remote method calls to an EJB on another server.However, the multi-tier architecture enables remote EJB access for applicationsthat require load balancing for EJB method calls.
http://docs.oracle.com/cd/E11035_01/wls100/ejb/DDreference-ejb-jar.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/ejb/DDreference-ejb-jar.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/ejb/DDreference-ejb-jar.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/ejb/DDreference-ejb-jar.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/ejb/DDreference-ejb-jar.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/ejb/DDreference-ejb-jar.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/ejb/DDreference-ejb-jar.html


9/19

Configuration Considerations for Multi-Tier Architecture

IP Socket Usage

Because the multi-tier architecture provides load balancing for clustered object

calls, the system generally utilizes more IP sockets than a combined-tierarchitecture. In particular, during peak socket usage, each WebLogic Server in thecluster that hosts servlets and JSPs may potentially use a maximum of: One socket for replicating HTTP session states between primary and secondary servers, plus

One socket for each WebLogic Server in the EJB cluster, for accessing remote objects

For example, inFigure 9-2, each server in the servlet/JSP cluster couldpotentially open a maximum of five sockets. This maximum represents a worst-case scenario where primary and secondary session states are equally dispersedthroughout the servlet cluster, and each server in the servlet clustersimultaneously accesses a remote object on each server in the object cluster. Inmost cases, the number of sockets actual sockets in use would be less than this

maximum.

If you use a pure-Java sockets implementation with the multi-tier architecture,ensure that you configure enough socket reader threads to accommodate themaximum potential socket usage. For details, seeConfiguring Reader Threads forJava Socket Implementation.

Hardware Load Balancers

Because the multi-tier architecture uses a hardware load balancer, you mustconfigure the load balancer to maintain a sticky connection to the clients point-of-contact server if you use in-memory session state replication. For details,seeConfigure Load Balancing Method for EJBs and RMIs .

Limitations of Multi-Tier Architectures

This section summarizes the limitations of multi-tier cluster architectures.

No Collocation Optimization

Because the Recommended Multi-Tier Architecture cannot optimize object callsusing the collocation strategy, the Web application incurs network overhead for allmethod calls to clustered objects. This overhead may be acceptable, however, ifyour Web application requires any of the benefits described inBenefits of Multi-Tier Architecture.

For example, if your Web clients make heavy use of servlets and JSPs but access arelatively small set of clustered objects, the multi-tier architecture enables you toconcentrate the load of servlets and object appropriately. You may configure aservlet cluster of ten WebLogic Server instances and an object cluster of threeWebLogic Server instances, while still fully utilizing each servers processing

power.

Firewall Restrictions
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1113125http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1113125http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1113125http://docs.oracle.com/cd/E11035_01/wls100/cluster/features.html#wp1007178http://docs.oracle.com/cd/E11035_01/wls100/cluster/features.html#wp1007178http://docs.oracle.com/cd/E11035_01/wls100/cluster/features.html#wp1007178http://docs.oracle.com/cd/E11035_01/wls100/cluster/features.html#wp1007178http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp684313http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp684313http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094275http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094275http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094275http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094275http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094275http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1094275http://docs.oracle.com/cd/E11035_01/wls100/cluster/setup.html#wp684313http://docs.oracle.com/cd/E11035_01/wls100/cluster/features.html#wp1007178http://docs.oracle.com/cd/E11035_01/wls100/cluster/features.html#wp1007178http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1113125


10/19

If you place a firewall between the servlet cluster and object cluster in a multi-tierarchitecture, you must bind all servers in the object cluster to public DNS names,rather than IP addresses. Binding those servers with IP addresses can causeaddress translation problems and prevent the servlet cluster from accessingindividual server instances.

If the internal and external DNS names of a WebLogic Server instance are notidentical, use the ExternalDNSName attribute for the server instance to define the

server's external DNS name. Outside the firewall the ExternalDNSName should

translate to external IP address of the server.

Use ofExternalDNSName is required for configurations in which a firewall is

performing Network Address Translation, unless clients are accessing WebLogicServer using t3 and the default channel. For instance, ExternalDNSName is

required for configurations in which a firewall is performing Network AddressTranslation, and clients are accessing WebLogic Server using HTTP via a proxyplug-in.

Recommended Proxy ArchitecturesYou can configure WebLogic Server clusters to operate alongside existing Webservers. In such an architecture, a bank of Web servers provides static HTTPcontent for the Web application, using a WebLogic proxy plug-inor HttpClusterServlet to direct servlet and JSP requests to a cluster.

The following sections describe two alternative proxy architectures.

Two-Tier Proxy Architecture

The two-tier proxy architecture illustrated in the following figure is similar totheRecommended Basic Architecture, except that static HTTP servers arehosted on a bank of Web servers.

Figure 9-4 Two-Tier Proxy Architecture
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621


11/19

Physical Hardware and Software Layers

The two-tier proxy architecture contains two physical layers of hardware andsoftware.

Web Layer

The proxy architecture utilizes a layer of hardware and software dedicated to thetask of providing the applications web tier. This physical web layer can consist ofone or more identically-configured machines that host one of the followingapplication combinations: WebLogic Server with the HttpClusterServlet

Apache with theWebLogic Server Apache proxy plug-in

Netscape Enterprise Server with the WebLogic Server NSAPI proxy plug-in

Microsoft Internet Information Server with theWebLogic Server Microsoft-IIS proxy plug-in

Regardless of which Web server software you select, keep in mind that the

physical tier of Web servers should provide only static Web pages. Dynamiccontentservlets and JSPsare proxied via the proxy plug-inor HttpClusterServlet to a WebLogic Server cluster that hosts servlets and JSPsfor the presentation tier.

Servlet/Object Layer
http://docs.oracle.com/cd/E11035_01/wls100/plugins/apache.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/plugins/apache.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/plugins/apache.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/plugins/isapi.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/plugins/isapi.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/plugins/isapi.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/plugins/isapi.htmlhttp://docs.oracle.com/cd/E11035_01/wls100/plugins/apache.html


12/19

The recommended two-tier proxy architecture hosts the presentation and objecttiers on a cluster of WebLogic Server instances. This cluster can be deployedeither on a single machine or on multiple separate machines.

The Servlet/Object layer differs from the combined-tier cluster describedinRecommended Basic Architecturein that it does not provide static HTTP contentto application clients.

Multi-Tier Proxy Architecture

You can also use a bank of Web servers as the front-end to a pair of WebLogicServer clusters that host the presentation and object tiers. This architecture isshown in the following figure.

Figure 9-5 Multi-Tier Proxy Architecture

This architecture provides the same benefits (and the same limitations) astheRecommended Multi-Tier Architecture. It differs only insofar as the web tier isplaced on a separate bank of Web servers that utilize WebLogic proxy plug-ins.

Proxy Architecture Benefits

Using standalone Web servers and proxy plug-ins provides the followingadvantages: Utilize Existing Hardware
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1090621


13/19

If you already have a Web application architecture that provides static HTTPcontent to clients, you can easily integrate existing Web servers with one ormore WebLogic Server clusters to provide dynamic HTTP and clusteredobjects.

Familiar Firewall Policies

Using a Web server proxy at the front-end of your Web application enablesyou to use familiar firewall policies to define your DMZ. In general, you cancontinue placing the Web servers in your DMZ while disallowing directconnections to the remaining WebLogic Server clusters in the architecture.The figures above depict this DMZ policy.

Proxy Architecture Limitations

Using standalone Web servers and proxy plug-ins limits your Web application in thefollowing ways:

Additional administration

The Web servers in the proxy architecture must be configured using third-party utilities, and do not appear within the WebLogic Server administrativedomain. You must also install and configure WebLogic proxy plug-ins to theWeb servers in order to benefit from clustered servlet access and failover.

Limited Load Balancing Options

When you use proxy plug-ins or the HttpClusterServlet to access clustered

servlets, the load balancing algorithm is limited to a simple round-robinstrategy.

Proxy Plug-In Versus Load Balancer

Using a load balancer directly with a WebLogic Server cluster provides severalbenefits over proxying servlet requests. First, using WebLogic Server with a loadbalancer requires no additional administration for client setupyou do not need toset up and maintain a separate layer of HTTP servers, and you do not need toinstall and configure one or more proxy plug-ins. Removing the Web proxy layeralso reduces the number of network connections required to access the cluster.

Using load balancing hardware provides more flexibility for defining load balancingalgorithms that suit the capabilities of your system. You can use any loadbalancing strategy (for example, load-based policies) that your load balancinghardware supports. With proxy plug-ins or the HttpClusterServlet, you are

limited to a simple round-robin algorithm for clustered servlet requests.

Note, however, that using a third-party load balancer may require additionalconfiguration if you use in-memory session state replication. In this case, youmust ensure that the load balancer maintains a sticky connection between theclient and its point-of-contact server, so that the client accesses the primarysession state information. When using proxy plug-ins, no special configuration isnecessary because the proxy automatically maintains a sticky connection.


14/19

Security Options for Cluster ArchitecturesThe boundaries between physical hardware/software layers in the recommendedconfigurations provide potential points for defining your Web applications De-Militarized Zone (DMZ). However, not all boundaries can support a physicalfirewall, and certain boundaries can support only a subset of typical firewall

policies.

The sections that follow describe several common ways of defining your DMZ tocreate varying levels of application security.

Basic Firewall for Proxy Architectures

The basic firewall configuration uses a single firewall between untrusted clients

and the Web server layer, and it can be used with either theRecommendedBasic ArchitectureorRecommended Multi-Tier Architectureclusterarchitectures.

Figure 9-6 Basic Proxy with Firewall Architecture

In the above configuration, the single firewall can use any combination of policies(application-level restrictions, NAT, IP masquerading) to filter access to threeHTTP servers. The most important role for the firewall is to deny direct access toany other servers in the system. In other words, the servlet layer, the objectlayer, and the database itself must not be accessible from untrusted clients.

Note that you can place the physical firewall either in front of or behind the Webservers in the DMZ. Placing the firewall in front of the Web servers simplifies your
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recbasichttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recbasichttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recbasichttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recbasichttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recmultihttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recmultihttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recmultihttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recmultihttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recbasichttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#recbasic


15/19

firewall policies, because you need only permit access to the web servers anddeny access to all other systems.

Firewall Between Proxy Layer and Cluster

If you place a firewall between the proxy layer and the cluster, follow these

configuration guidelines: Bind to clustered server instances using publicly-listed DNS names, rather than IP addresses, to

ensure that the proxy plug-ins can connect to each server in the cluster without address translationerror that might otherwise occur, as described inFirewall Considerations.

If the internal and external DNS names of a clustered server instance are not identical, usethe ExternalDNSName attribute for the server instance to define the its external DNS name.

Outside the firewall the ExternalDNSName should translate to external IP address of the server

instance.

Note: If the clustered servers segregate https and http traffic on a pair of

custom channels, seeChannels, Clusters, and

Firewallsin Designing and Configuring WebLogic ServerEnvironments.

DMZ with Basic Firewall Configurations

By denying access to all but the Web server layer, the basic firewall configurationcreates a small-footprint DMZ that includes only three Web servers. However, amore conservative DMZ definition might take into account the possibility that amalicious client may gain access to servers hosting the presentation and objecttiers.

For example, assume that a hacker gains access to one of the machines hosting aWeb server. Depending on the level of access, the hacker may then be able to

gain information about the proxied servers that the Web server accesses fordynamic content.

If you choose to define your DMZ more conservatively, you can place additionalfirewalls using the information inAdditional Security for Shared Databases.

Combining Firewall with Load Balancer

If you use load balancing hardware with a recommended cluster architecture, youmust decide how to deploy the hardware in relationship to the basic firewall.Although many hardware solutions provide security features in addition to loadbalancing services, most sites rely on a firewall as the first line of defense for their

Web applications. In general, firewalls provide the most well-tested and familiarsecurity solution for restricting web traffic, and should be used in front of loadbalancing hardware, as shown below.

Figure 9-7 Basic Proxy with Firewall and Load Balancer Architecture
http://docs.oracle.com/cd/E11035_01/wls100/cluster/best.html#wp1039718http://docs.oracle.com/cd/E11035_01/wls100/cluster/best.html#wp1039718http://docs.oracle.com/cd/E11035_01/wls100/cluster/best.html#wp1039718http://docs.oracle.com/cd/E11035_01/wls100/config_wls/network.html#ChannelsClustersandFirewallshttp://docs.oracle.com/cd/E11035_01/wls100/config_wls/network.html#ChannelsClustersandFirewallshttp://docs.oracle.com/cd/E11035_01/wls100/config_wls/network.html#ChannelsClustersandFirewallshttp://docs.oracle.com/cd/E11035_01/wls100/config_wls/network.html#ChannelsClustersandFirewallshttp://docs.oracle.com/cd/E11035_01/wls100/config_wls/network.html#ChannelsClustersandFirewallshttp://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1033276http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1033276http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1033276http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1033276http://docs.oracle.com/cd/E11035_01/wls100/config_wls/network.html#ChannelsClustersandFirewallshttp://docs.oracle.com/cd/E11035_01/wls100/config_wls/network.html#ChannelsClustersandFirewallshttp://docs.oracle.com/cd/E11035_01/wls100/cluster/best.html#wp1039718


16/19

The above setup places the load balancer within the DMZ along with the web tier.Using a firewall in this configuration can simplify security policy administration,because the firewall need only limit access to the load balancer. This setup canalso simplify administration for sites that support internal clients to the Webapplication, as described below.

Expanding the Firewall for Internal Clients

If you support internal clients that require direct access to your Web application(for example, remote machines that run proprietary Java applications), you canexpand the basic firewall configuration to allow restricted access to thepresentation tier. The way in which you expand access to the application dependson whether you treat the remote clients as trusted or untrusted connections.

If you use a Virtual Private Network (VPN) to support remote clients, the clientsmay be treated as trusted connections and can connect directly to thepresentation tier going through a firewall. This configuration is shown below.

Figure 9-8 VPN Users have Restricted Access Through Firewall


17/19

If you do not use a VPN, all connections to the Web application (even those fromremote sites using proprietary client applications) should be treated as untrustedconnections. In this case, you can modify the firewall policy to permit application-level connections to WebLogic Server instances hosting the presentation tier, asshown in the following figure.

Figure 9-9 Application Components Have Restricted Access Through Firewall


18/19

Additional Security for Shared Databases

If you use a single database that supports both internal data and data forexternally-available Web applications, you should consider placing a hardboundary between the object layer that accesses your database. Doing so simplyreinforces the DMZ boundaries described inBasic Firewall for ProxyArchitecturesby adding an additional firewall.

DMZ with Two Firewall Configuration

The following configuration places an additional firewall in front of a databaseserver that is shared by the Web application and internal (trusted) clients. Thisconfiguration provides additional security in the unlikely event that the firstfirewall is breached, and a hacker ultimately gains access to servers hosting theobject tier. Note that this circumstance should be extremely unlikely in aproduction environmentyour site should have the capability to detect and stop amalicious break-in long before a hacker gains access to machines in the objectlayer.

Figure 9-10 DMZ with Two Firewalls Architecture
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1066020http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1066020http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1066020http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1066020http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1066020http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1066020


19/19

In the above configuration, the boundary between the object tier and thedatabase is hardened using an additional firewall. The firewall maintains a strictapplication-level policy that denies access to all connections except JDBCconnections from WebLogic Servers hosting the object tier.

Referencia :

http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757
http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757http://docs.oracle.com/cd/E11035_01/wls100/cluster/planning.html#wp1115757

Documents

Arquitectura en Cluster ES