On Mon, Sep 5, 2011 at 9:18 AM, Marvin Addison <[email protected]>wrote:
> Seems like a good day for a holy war. A good holy war always starts > out with a controversial if not inflammatory statement or claim: > > Tomcat alone is sufficient as an enterprise servlet container and > nothing further is needed for an adequate HA solution in most cases. > > +1 I agree with your premise since it seems a Tomcat-only setup can have good HA characteristics and you are limiting this to providing an adequate HA solution for Spring-based applications like CAS. The simplicity argument is well taken especially in settings where multiple request processing layers have not already been rationalized. > Perhaps more controversial is an unstated implication: Apache httpd > has _no_ place in most enterprise HA setups for serving Spring-based > Web applications like CAS. > > To dissent, I'd argue it may be hard to defend that tomcat-only HA wins "in most cases" or the implication that Apache httpd has no place in front of Spring-based applications (like CAS) for an adequate HA solution. The reason, as mentioned in other posts, is opportunities for scalability may be lost when eliminating the web server in front of the application server. Having the application server be responsible for overall connectivity, application handling, and caching can attain adequate status, but its adequacy in terms of HA will be suspect since more optimal setups will exist. Apache httpd is considered faster than JVM-based servers at handling requests that need not be handled in the application server (interestingly, at least one popular benchmark - http://www.devshed.com/c/a/BrainDump/Tomcat-Benchmark-Procedure/1/ - shows that the tomcat standalone JIO web server is actually faster than Apache httpd). Though CAS itself may not have much in the way of static content, the application design trajectory when all requests are handled by the application server is sometimes that of creating larger war files that include the content, or centralizing static content in a well-known (to applications) directory on the application server. Unless grabbing style sheets, xsd file or other such application-supporting content never happens, the JVM will get taxed with managing more tomcat threads and performance is typically expected to degrade under load. Security, establishment of a DMZ, is often the reason Apache httpd is put in front of tomcat. There are alternate means of protecting an application server, but the fact that requests are mediated by a front-end server has side benefits in many environments. Having a request pass-through for all web requests centralizes operating functions such as the accumulation of metrics and audit logging. These are not terribly difficult to handle elsewhere, but where a front-end httpd is already used, these alternate routes can complicate the process of tracking services and troubleshooting their interruptions. This point of view is relevant for CAS users since I'm planning to > discuss system architecture generally and servlet container > configuration specifically as part of a chapter on HA considerations > for the new CAS User Manual. I plan to make the above statement a > thesis of the discussion. > > The dissent above is really about implications of not having a web server in front of tomcat, not arguments against some baseline adequacy of a tomcat-only architecture for Spring-based applications. Providing even a single adequate configuration for HA will be of great benefit to those who would otherwise have to set out bootstrapping their own custom HA strategy from scratch. To service readers having or requiring a more elaborate layering of technologies or otherwise not sold on a tomcat-only approach, it may be enough at the outset to outline the CAS state that must be preserved across nodes and have them go from there (and hopefully contribute their specific solutions). I'm hopeful the above statement is provocative enough to stimulate > some discussion on the matter; I'm particularly eager for dissenting > opinions. I would be especially grateful if you could back up you > opinions with analysis and/or data. > > Kindly, > Marvin > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
