geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Aufdencamp <>
Subject RE: Guidelines for deploying Geronimo in a production system
Date Fri, 04 Apr 2008 20:07:52 GMT
Hi ilango_g,

I don't see much traffic in this area, so I'll share my experience and
architecture thoughts.

The documentation that Hernan refered to was very helpful in setting up
my production Geronimo Server's.  A good architecture diagram(s) and
requirements document would be in order.

I utilize a pair of old Compaq 3000 Linux Edge Server's (RedHat 9 and
tar ball builds) on the public network. They each provide NTP, DNS,
HTTP, and SSH services.  SMTP will be added in the near future. 
Connectivity to Geronimo is provided through the Apache mod_jk module.

These server's really function as hybrid application router's.  The
primary purpose is as a security vehicle and audit trail point.  They
have a strict exterior firewall ruleset for the provided services.  I'm
currently working on running more of these services in chroot jails. 
Both of the servers currently live on a single circuit.  I will
eventually add a second circuit and move one of them over to it.  No
load balancing is currently implemented, but the capability exists.

On the interior network are a pair of Windows 2003 Server's that are old
Compaq 8500's.  They have MySQL and PostgreSQL installed along with
Geronimo 1.1.1.  Yes, I'm working on moving to 2.1:).  I'm utilizing the
stock AJP Connector to communicate with the apache instance on the edge
server's.  This configuration requires host definitions in apache, with
appropriate DNS records, and configuration of the mod_jk forwarder.

I'm not currently doing any clustering of the database's or the
application server's.  Traffic currently goes to a single server with a
hot stand by ready to go in case of emergency or for maintenance.  The
Application Servers have had the MySQL and PostgreSQL JDBC Drivers
installed into the server repository. (The download driver feature
rocks!)  I've also defined database pools for both, and security realms
that utilize the database pools.  The Java Windows Service Wrapper will
probably be the hardest part of building the actual production
Application Server. 

My application utilizes a single database for multiple customers. 
Segmentation is accomplished via the server hostname.  All traffic comes
into a single instance of the application, but with a specific hostname
for the customer.  I strip the hostname out and pass it as a parameter
to all of my business layer Stateless Session Beans.  This provides good
performance, an easy segmentation strategy, and the future ability to
provision clients dynamically via simple database backed name service
provider. (BIND zone from a database table)

Dealing with/Training a System Administrator to deploy this kind of
environment has the potential to be frustrating.  A good architecture
diagram that identifies the platforms hardware, operating system, and
services with version requirements will be a necessity.  Include your
public network exposure expectations and audit the build with security
tools.  Don't forget to identify the production maintenance
requirements, like backup, OS and service upgrades, monitoring, etc... 
This is definitely a plan on doing it twice type of deployment .  Build
it in the lab, before attempting to deploy it in production.

Hope that's some good food for thought!

Mark Aufdencamp

> -------- Original Message --------
> Subject: Guidelines for deploying Geronimo in a production system
> From: ilango_g <>
> Date: Fri, April 04, 2008 10:18 am
> To:
> Hi
> This might be set of naive questions about Geronimo. 
> If I want to deploy Geronimo Server in a Production Environment, what are
> broad guidelines to follow.
> Can anyone share their experiences with me as to how one might deploy a
> production scale Geronimo based application.
> I would like to be able to start preparing documentation for production
> deployment.
> Any suggestions, pointers in this direction will help and are highly
> appreciated.
> ilango
> -- 
> View this message in context:
> Sent from the Apache Geronimo - Users mailing list archive at

View raw message