Web server separation
Web server separation is a topology that physically separates the Web (HTTP) server from the Application Servers, placing the Web server on a different machine in the configuration. Compared to a configuration where the Web server and the Application Servers are located on the same physical server, separating the Web server can improve application performance, provide better fault isolation, and enhance security. These topologies are often used with firewalls to create a secure demilitarized zone (DMZ) surrounding the Web server.
WebSphere Application Server provides these alternatives for physically separating the Web server from the Application Server:
The following table summarizes advantages and disadvantages of each configuration. Criteria are explained after the table.
| Topology | Secure Sockets Layer | Database password required? | Workload management | Network Address Translation | Performance | Administration |
|---|---|---|---|---|---|---|
| HTTP server separation | Yes | No | Yes | Yes | High | Manual |
| Reverse proxy | Yes | No | No | Yes | High | Manual |
- Secure Sockets Layer Supports Secure Sockets Layer (SSL) security.
- Database password required? Requires a stored database user ID
and password on the machine used by the database processes.
- Workload management Uses the workload management service to balance
client workloads.
- Network Address Translation Supports Network Address Translation
(NAT) firewalls. NAT firewalls receive packets for one IP address, translate
the headers of the packets, and send the packets to a second IP address.
- Performance Compares the relative performance of each of these
configurations.
- Administration Specifies whether to administer the configuration manually or through the administrative console.
These criteria give you a basis to compare the relative difficulty of administering each configuration.
HTTP Request routing
Reverse proxy (IP forwarding)
Setting up a multinode environment