tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Forsythe <>
Subject Re: Tomcat stability issues
Date Wed, 30 Aug 2000 19:26:22 GMT
Doug Ahmann wrote:
> I can see how serving up static files might be faster with Apache, since its
> written in C and very mature. But in theory, it seems to me that going
> directly to Tomcat instead of shuttling all the data through Apache first
> would eliminate a bit of unnecessary overhead when your app is mostly
> dynamic.

I think that the advantages of having APACHE->TOMCAT are primarily for a
"huge" site (i.e. like  With these sites, every page may
start dynamic, but a majority of the actual data transferred is static
(i.e. GIFs, JPEGs, PNGs, and streaming media).

Imagine a site that starts with a level 4 sprayer like a Cisco
LocalDirector.  This device load balances incoming traffic across an
array of servers.  This array of servers could be a bunch of relatively
cheap machines running Apache on Linux (or, better yet, NetBSD).  

The front-end server array then fowards the 10% of requests that
actually invoke Servlets to a back-end system, such as a Sun E3500 or a
nicely appointed IBM AS/400.  This back-end system runs Tomcat and maybe
your enterprise database as well.

The advantage of this architecure is both scalability and security.  If
the number of connections gets heavy, you can increase the front-end
capacity at relatively low incremental cost.  Back office processing
also needs to scale, but that kind of processing typically scales better
in monolithic "big-iron" servers.  For example, by having a single
Servlet container running on a heavy-duty machine, session state does
not have to be distributed (talk about OVERHEAD!).

The security comes because the application server is not in the DMZ. 
Crackers can hack into your front line web servers, but this doesn't
give them access to anything they couldn't have gotten through a web
browser.  The APJ12 protocol going from the front-end server to the
back-end server is merely a translation of the HTTP requests.  By the
time crackers could get through to the next tier, you should be able to
detect the intrusion and stop them from getting your credit card

-- Charles

View raw message