Hi James and John Thanks for your advice. One subsidiary question (and I know that the answer depends on lots of variables ). Does anyone have any rough and ready advice on how many concurrent users a single Mid-Tier server can handle without performance degrading significantly? Assume MT servers with 4MB RAM running Tomcat/Apache. By Users I mean full-time support users working in the application for most of the day. Probably about 600 users, with 250 concurrent.
Possible architecture would be as shown below which would give about 80 users per MT. Is that a reasonable number?: ARS ---| | MidTier | ARS ---|-- LoadBalancer-- FW --| MidTier |-- LoadBalancer--VPN -- Users ARS ---| | MidTier | Then an extra MT perhaps to maintain performance levels if one goes down and is skipped by the load balancer. TIA David Sanders Remedy Solution Architect Enterprise Service Suite @ Work ========================== ARS List Award Winner 2005 Best 3rd party Remedy Application tel +44 1494 468980 mobile +44 7710 377761 email [EMAIL PROTECTED] web http://www.westoverconsulting.co.uk ________________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of McKenzie, James J C-E LCMC HQISEC/L3 Sent: Wednesday, August 02, 2006 2:56 PM To: [email protected] Subject: Re: Mid-Tier architecture question David: You seen the other reply to your message? I recommend, as well as the other poster, that you go with the DMZ based MT servers and long 'loop' the users: ARS---FW(internal/DMZ)---MT(In DMZ) ------(PIPE)-----------FW(if needed)------User You might want to Load Balance/Hot Backup the Mid Tier servers. And I highly recommend the usage of SSL between your MT servers and the user unless the pipe is a Virtual Private Network or is otherwise encrypted. James Mckenzie ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of David Sanders Sent: Tuesday, August 01, 2006 2:27 PM To: [email protected] Subject: Re: Mid-Tier architecture question ** Hi James No encryption, possibly SSL, 'heavy' app with lots of forms. Regards David Sanders Remedy Solution Architect Enterprise Service Suite @ Work ========================== ARS List Award Winner 2005 Best 3rd party Remedy Application tel +44 1494 468980 mobile +44 7710 377761 email [EMAIL PROTECTED] web http://www.westoverconsulting.co.uk <http://www.westoverconsulting.co.uk/> ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of McKenzie, James J C-E LCMC HQISEC/L3 Sent: Tuesday, August 01, 2006 9:24 PM To: [email protected] Subject: Re: Mid-Tier architecture question David: Here is one more question. How many users and forms would be accessed. It is very intense to send form data back and forth, but not user data. Also, is the data between the MT server and ARS server to be highly encrypted (128 bit or higher)? Is the MT server to run in SSL mode? Here is what I see right now: If there are many forms to be accessed with frequent form changes, then you would be best off setting the MT servers in a DMZ (if your users are not on a company provided VPN type connection) local to the ARS servers with high encryption between the ARS server and MT server with SSL enabled to the outside connection. If you have many users (100+) I would look at a load-balancing solution. Also, I would use this if the out office users are not frequently connecting. If you are running over a VPN to a central office in the areas that you mentioned and the number of forms is low or there are not frequent changes, and the users are connecting over a company provided VPN type connection, then you might be better off locating the MT servers "over the horizon" and closer to the overseas offices. Given that you are looking at 2MB of throughput to each outside location, the problem may be delay between the MT server and the ARS server and not the amount of data sent. Given the amount of information provided, I would go with the DMZ solution and high encryption between user using SSL 128bit or higher and high encryption between the ARS server and the MT server through a dedicated port on the inside the company firewall. James McKenzie ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of David Sanders Sent: Tuesday, August 01, 2006 1:12 PM To: [email protected] Subject: Re: Mid-Tier architecture question ** Hi James Scenario 1 - MT Servers local to ARS, they would be on same LAN as the ARS server and firewall(s) would be between the end-users browsers and this. ARS---FW---MT --------------pipe--------------- FW------Users Scenario 2 - MT Servers local to Users. ARS----FW ---------------pipe---------------- MT---FW---Users The pipe would probably be about 2Mb and is clearly the bottleneck. So is it quicker to send the MT to ARS traffic over the pipe (scenario 2), or the browser to MT traffic (scenario 1) Regards David Sanders Remedy Solution Architect Enterprise Service Suite @ Work ========================== ARS List Award Winner 2005 Best 3rd party Remedy Application tel +44 1494 468980 mobile +44 7710 377761 email [EMAIL PROTECTED] web http://www.westoverconsulting.co.uk <http://www.westoverconsulting.co.uk/> ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of McKenzie, James J C-E LCMC HQISEC/L3 Sent: Tuesday, August 01, 2006 8:51 PM To: [email protected] Subject: Re: Mid-Tier architecture question Dsvid: Where would the MT servers be located? What is the size of the pipe between the ARS servers and the remoted MT servers? Also, is there a firewall/network appliance that would be placed between your ARS server and the MT servers? James McKenzie -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of David Sanders Sent: Tuesday, August 01, 2006 12:46 PM To: [email protected] Subject: Mid-Tier architecture question Hi List I'm looking for advice on the best architecture to adopt for the Mid-Tier. Imagine a central Remedy application and database server(s) based in the US, with users based in the US, Europe, Asia etc. Most user access is to be through the Mid-Tier. Say we decide to have 3 Mid-Tier servers, the questions is, are we better to locate the MT servers locally to the ARS platform, and transmit the Mid-Tier to client browser traffic over the WAN, or is it better to locate the MT servers locally to the users, and transmit the Mid-Tier to ARS traffic over the WAN. My **guess** is that having the Mid-Tier servers local to the ARS server would give better performance as I expect the most intensive traffic to be between the MT servers and ARS, but I have no evidence for this from a real-life situation. Has anyone compared these types of architecture and discovered performance differences? Thanks for any information. David Sanders Remedy Solution Architect _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
