David:
Figure that 100 very busy users can be supported by one MT server and go from there....
I've seen as many as 400 on one system but that is pushing it.
James McKenzie
-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of David Sanders
Sent: Wednesday, August 02, 2006 2:35 PM
To: [email protected]
Subject: Re: Mid-Tier architecture question
Hi James and John
Thanks for your advice. One subsidiary question (and I know that the answer depends on lots of variables...). Does anyone have any rough and ready advice on how many concurrent users a single Mid-Tier server can handle without performance degrading significantly? Assume MT servers with 4MB RAM running Tomcat/Apache. By Users I mean full-time support users working in the application for most of the day. Probably about 600 users, with 250 concurrent.
Possible architecture would be as shown below which would give about 80 users per MT. Is that a reasonable number?:
ARS ---| | MidTier |
ARS ---|-- LoadBalancer-- FW --| MidTier |-- LoadBalancer--VPN -- Users
ARS ---| | MidTier |
Then an extra MT perhaps to maintain performance levels if one goes down and is skipped by the load balancer.
TIA
David Sanders
Remedy Solution Architect
Enterprise Service Suite @ Work
==========================
ARS List Award Winner 2005
Best 3rd party Remedy Application
tel +44 1494 468980
mobile +44 7710 377761
email [EMAIL PROTECTED]
web http://www.westoverconsulting.co.uk
________________________________________
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of McKenzie, James J C-E LCMC
HQISEC/L3
Sent: Wednesday, August 02, 2006 2:56 PM
To: [email protected]
Subject: Re: Mid-Tier architecture question
David:
You seen the other reply to your message? I recommend, as well as the other poster, that you go with the DMZ based MT servers and long 'loop' the users:
ARS---FW(internal/DMZ)---MT(In DMZ) ------(PIPE)-----------FW(if needed)------User
You might want to Load Balance/Hot Backup the Mid Tier servers.
And I highly recommend the usage of SSL between your MT servers and the user unless the pipe is a Virtual Private Network or is otherwise encrypted.
James Mckenzie
________________________________
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of David Sanders
Sent: Tuesday, August 01, 2006 2:27 PM
To: [email protected]
Subject: Re: Mid-Tier architecture question
**
Hi James
No encryption, possibly SSL, 'heavy' app with lots of forms.
Regards
David Sanders
Remedy Solution Architect
Enterprise Service Suite @ Work
==========================
ARS List Award Winner 2005
Best 3rd party Remedy Application
tel +44 1494 468980
mobile +44 7710 377761
email [EMAIL PROTECTED]
web http://www.westoverconsulting.co.uk
<http://www.westoverconsulting.co.uk/>
________________________________
From: Action Request System discussion list(ARSList)
[mailto:[email protected]] On Behalf Of McKenzie, James J C-E LCMC
HQISEC/L3
Sent: Tuesday, August 01, 2006 9:24 PM
To: [email protected]
Subject: Re: Mid-Tier architecture question
David:
Here is one more question. How many users and forms would be accessed. It
is very intense to send form data back and forth, but not user data. Also,
is the data between the MT server and ARS server to be highly encrypted (128
bit or higher)? Is the MT server to run in SSL mode?
Here is what I see right now:
If there are many forms to be accessed with frequent form changes, then you
would be best off setting the MT servers in a DMZ (if your users are not on
a company provided VPN type connection) local to the ARS servers with high
encryption between the ARS server and MT server with SSL enabled to the
outside connection. If you have many users (100+) I would look at a
load-balancing solution. Also, I would use this if the out office users are
not frequently connecting.
If you are running over a VPN to a central office in the areas that you
mentioned and the number of forms is low or there are not frequent changes,
and the users are connecting over a company provided VPN type connection,
then you might be better off locating the MT servers "over the horizon" and
closer to the overseas offices.
Given that you are looking at 2MB of throughput to each outside location,
the problem may be delay between the MT server and the ARS server and not
the amount of data sent.
Given the amount of information provided, I would go with the DMZ solution
and high encryption between user using SSL 128bit or higher and high
encryption between the ARS server and the MT server through a dedicated port
on the inside the company firewall.
James McKenzie
________________________________
From: Action Request System discussion list(ARSList)
[mailto:[email protected]] On Behalf Of David Sanders
Sent: Tuesday, August 01, 2006 1:12 PM
To: [email protected]
Subject: Re: Mid-Tier architecture question
**
Hi James
Scenario 1 - MT Servers local to ARS, they would be on same LAN as the ARS
server and firewall(s) would be between the end-users browsers and this.
ARS---FW---MT --------------pipe--------------- FW------Users
Scenario 2 - MT Servers local to Users.
ARS----FW ---------------pipe---------------- MT---FW---Users
The pipe would probably be about 2Mb and is clearly the bottleneck. So is
it quicker to send the MT to ARS traffic over the pipe (scenario 2), or the
browser to MT traffic (scenario 1)
Regards
David Sanders
Remedy Solution Architect
Enterprise Service Suite @ Work
==========================
ARS List Award Winner 2005
Best 3rd party Remedy Application
tel +44 1494 468980
mobile +44 7710 377761
email [EMAIL PROTECTED]
web http://www.westoverconsulting.co.uk
<http://www.westoverconsulting.co.uk/>
________________________________
From: Action Request System discussion list(ARSList)
[mailto:[email protected]] On Behalf Of McKenzie, James J C-E LCMC
HQISEC/L3
Sent: Tuesday, August 01, 2006 8:51 PM
To: [email protected]
Subject: Re: Mid-Tier architecture question
Dsvid:
Where would the MT servers be located? What is the size of the pipe between
the ARS servers and the remoted MT servers? Also, is there a
firewall/network appliance that would be placed between your ARS server and
the MT servers?
James McKenzie
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:[email protected]] On Behalf Of David Sanders
Sent: Tuesday, August 01, 2006 12:46 PM
To: [email protected]
Subject: Mid-Tier architecture question
Hi List
I'm looking for advice on the best architecture to adopt for the Mid-Tier.
Imagine a central Remedy application and database server(s) based in the US,
with users based in the US, Europe, Asia etc. Most user access is to be
through the Mid-Tier.
Say we decide to have 3 Mid-Tier servers, the questions is, are we better to
locate the MT servers locally to the ARS platform, and transmit the Mid-Tier
to client browser traffic over the WAN, or is it better to locate the MT
servers locally to the users, and transmit the Mid-Tier to ARS traffic over
the WAN.
My **guess** is that having the Mid-Tier servers local to the ARS server
would give better performance as I expect the most intensive traffic to be
between the MT servers and ARS, but I have no evidence for this from a
real-life situation. Has anyone compared these types of architecture and
discovered performance differences?
Thanks for any information.
David Sanders
Remedy Solution Architect
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
