Overview
Before diving into specific Hybrid Runtime patterns related to Lotus Domino and WebSphere Application Server, it is appropriate to describe the connectivity options that are available when integrating these products.
The WebSphere HTTP Server plug-in architecture was introduced in WebSphere Application Server V4.0, allowing for the physical separation of the Web server from the application server. While Lotus Domino R5 included a similar capability, it was limited to the use of only Microsoft Internet Information Server (IIS) on the same physical machine as the Lotus Domino server.
The release of Lotus Domino 6 replaces the older Lotus Domino plug-in technology with the new WebSphere HTTP plug-in technology, allowing, for the first time, Domino databases to be placed behind the domain firewall, along with other sensitive data, separated from the Web server.
Note that, while there is a benefit to this separation, it should be noted that the full security features of Lotus Domino 6 are still intact, and that, in fact, it is still considered safe practice to place a Lotus Domino server within the DMZ in many cases, provided normal Lotus Domino security best practices are followed.
The primary benefits of this architecture, from a Lotus Domino perspective, are:
- The elimination of denial-of-service (DOS) attacks on the Domino server itself, since it is placed behind a domain firewall.
- Better alignment with normal industry practices in n-tier application deployment, in which most persistent, sensitive data repositories are located behind a domain firewall, and not in the DMZ.
The WebSphere HTTP plug-in architecture has the following characteristics:
- The Web server plug-in is implemented as a filter, which examines all incoming HTTP requests and routes them to other Web servers based on the composition of the URL. Each Web server has it's own application programming interface (API) that allows filters to be implemented. For example, Microsoft IIS uses the Internet Server API Specification (ISAPI), and Lotus Domino's HTTP stack uses the Domino Server API Specification (DSAPI).
- Standards-based protocols (HTTP/S) that are supported by firewall products are used, unlike previously, when proprietary transport mechanisms (such as Remote OSE) were used.
- There are no special configuration requirements on behalf of the application servers receiving redirected requests from the plug-in; they are simply HTTP/S service providers.
- SSL can be used within the DMZ to encrypt network traffic between the Web server and the application server.
- The configuration file used by the plug-in is XML-based, and easy to administer. Multiple redirection rules may be defined to one or more application servers as dictated by the topology chosen.
- The plug-in supports load balancing and failover capabilities, which offer further scalability with very little additional administrative effort.
Some of the Hybrid Runtime patterns presented later in the next step of the Patterns for e-business process utilize a separate logical node with a Web server that connects to an application server using the new Web server plug-in architecture. The simple diagram below illustrates the use of the WebSphere HTTP plug-in architecture.
Simple WebSphere HTTP Plug-In Architecture Diagram
Select the connection method that best meets the needs of your e-business solution:
The following observations can be made about this figure:
- The Web server may be any Web server and platform combination that is officially supported by an appropriate WebSphere HTTP plug-in. At the time of writing, the HTTP plug-ins shipped with Lotus Domino are available for Microsoft IIS (Win32) and IBM HTTP Server (AIX). Support for additional Web servers on a variety of platforms has been announced.
- HTTP (or HTTPS, not represented in this diagram) may be redirected to the application server.
- The application server may be either WebSphere Application Server V4, V5 or Lotus Domino R5 or Lotus Domino 6; it must simply respond to HTTP/S requests forwarded from the plug-in.
- While port 80 traffic is accepted into the Web server, the plug-in redirects appropriate traffic to the application server through port 9080. Note that the ports that are used when redirecting Web traffic are also completely configurable.
- The rules that define the traffic to be redirected to an application server, versus handled locally by the Web server, are configured in the plug-in's XML-based configuration file on the Web server.
- Multiple rules may be defined, routing requests to several back-end application servers based simply on the URL request.
More information about the WebSphere HTTP plug-in architecture can be found on the WebSphere InfoCenter site.
The past three significant releases of WebSphere Application Server have included slightly different technologies that could be used to interface an HTTP Server, such as Lotus Domino's HTTP Server, with WebSphere Application Server. The table below identifies the last three significant point releases of WebSphere Application Server, along with the mechanisms provided to interface WebSphere with an HTTP Server. For each milestone release, the matched version of Lotus Domino's HTTP server that was supported is included. Note that this table pertains to the Windows NT/2000 platform only; support on other platforms might be slightly different.
| Releases | Supported Domino HTTP Versions | Remote OSE | Servlet redirection | HTTP plug-in |
|---|---|---|---|---|
| WebSphere Application Server 3.5 AE | Domino 5 |  |
|
 |
| WebSphere Application Server 4.x AE | Domino 5 and 6 | |
|
|
| WebSphere Application Server 5.x | Domino 6 | |
|
|
The focus of the Hybrid runtime patterns that follow is on WebSphere Application Server V5 and Lotus Domino 6 connectivity features. The team that produced the redbook from which these designs were taken, Patterns: Custom Designs for Domino & WebSphere Integration, used Domino version 6.0.1 and WebSphere Application Server 5.0 in the lab. Although some of the interface methods do already work, the configuration, Domino 6/WebSphere Application Server 5, is not yet supported. Look for the next maintenance releases of Domino 6 to see if the support for WebSphere Application Server 5.0 has been added.
As stated in the WebSphere Application Server InfoCenter, a simple HTTP server is included in the WebSphere Application Server installation that responds, by default, to port 9080. However, this HTTP server should never be used in a production environment! An external HTTP server, such as IBM HTTP Server or Lotus Domino's HTTP server, should always be used, and is represented as a separate logical node in each of the Hybrid Runtime patterns described in the next step of the Patterns for e-business process.
What's Next
Next, review the Hybrid runtime patterns.