Selecting a front end for your WebSphere Application Server topology

You can select an intermediary to provide session affinity, failover support, and workload balancing for your WebSphere® Application Server topology.

  • The WebSphere Application Server web server plug-in provides an interface between a web server and an application server. The web server plug-in determines the server to which a client request, such as servlets, needs to be routed.
You can also use the following stabilized components as a reverse proxy between an HTTP client and a clustered application, or a partitioned application.:
  • The WebSphere Application Server proxy server is a specific type of application server that routes HTTP requests to content servers that perform the work. The WebSphere Application Server proxy server can be the initial point of entry for requests to servers in your enterprise environment. However, because a WebSphere Application Server proxy server is not safe for DMZ deployment, a WebSphere Application Server proxy server is typically fronted by a web server, or used in internal only environments where stringent host security requirements are not required.
  • The on demand router (ODR) is an intelligent router. The ODR is fully aware of the dynamic state of the cell, so that if one server in the cell fails, the requests are routed to another server. The configuration of the ODR in the DMZ is not supported.
  • The DMZ Proxy Server for IBM WebSphere Application Server is a WebSphere Application Server proxy server that is designed specifically to be safely installed on a stand-alone node in a demilitarized zone (DMZ).
    Deprecated feature: DMZ Secure Proxy Server is deprecated. As an alternative, consider using IBM® HTTP Server, the Web Server Plug-ins. For more information, see Deprecated features.

    If you require the function of the WebSphere Application Server proxy server, and want to deploy it to the DMZ, you should use a DMZ Secure Proxy Server for IBM WebSphere Application Server to provide session affinity, failover support, and workload balancing for your WebSphere Application Server topology.

    The DMZ is a safe zone between firewalls that is typically located between a client and a backend server. A DMZ Secure Proxy Server for IBM WebSphere Application Server accepts requests from clients on the Internet, and forwards the requests to servers in your enterprise environment.

Use your web server of choice and the corresponding web server plug-ins.

The following tables compare the core application server frontend functionality, and the non-core functionality of a web server plug-in running in a modern web server, such as the IBM HTTP Server, based on Apache HTTP Server (with and without Intelligent Management), the on demand router, a WebSphere Application Server proxy server, and DMZ Secure Proxy Server for IBM WebSphere Application Server.

Table 1. Core functionality
Functionality Web server plug-in used with either the IBM HTTP Server or the Apache Web Server Web server plug-in used with either the IBM HTTP Server or the Apache Web Server with Intelligent Management On Demand Router (ODR) DMZ Secure Proxy Server for IBM WebSphere Application Server -OR- WebSphere Application Server proxy server
Session affinity Yes Yes Yes1, 2 Yes (for DMZ proxy only) 1, 2
DMZ ready Yes Yes No Yes (for DMZ proxy only)
Custom advisors are supported No No No No
Service Level Agreement (SLA) No No Yes No
SIP proxy No No Yes Yes
ESI dynamic Caching Yes Yes Yes 3 Yes 3
Managed from the administrative console Yes Yes Yes Yes4
Stream caching (large response caching) Yes Yes Yes Yes
Dynamically receive management events5 No No Yes6 Yes6
Multi cells routing No No Yes8 Yes8
Performance monitoring Yes9 Yes9 Yes10 Yes10
Load Balancing (weighted round-robin) Yes11 Yes11 Yes11 Yes11
Routing rules are configurable No12 No12 Yes Yes
Interoperability with WLM Yes13 Yes13 Yes Yes
Web service affinity and failover (WS Addressing) No No Yes Yes
Rule expression and custom routing No Yes Yes15 Yes15
Generic server cluster (GSC) affinity and failover No No Yes16 Yes16
Per Request Trace No Yes Yes No
Weighted Least Outstanding Request (WLOR) No Yes Yes No
Health Policy Support No Yes Yes No
WebSockets Proxy Yes Yes No No
Table notes:
  1. Session affinity is supported for WebSphere Application Server managed resources. However, some session management custom properties, such as HttpSessionCloneId, are not supported.
  2. For generic server routing, where the resources are not WebSphere Application Server managed resources, active session affinity and passive session affinity need to be configured under generic server routing action.
  3. WebSphere Application Server proxy servers and DMZ Secure Proxy Servers for IBM WebSphere Application Server do not support fragment caching. Only whole page caching, and the ESI invalidation servlet are supported.
  4. Secure proxy profile on a DMZ installation can only be managed using scripting or an administrative agent. Configuration-only secure proxy profile can be managed through scripting or the administrative agent console. If you use an administrative agent console, you must register a proxy profile with the administrative agent.
  5. As performed by ODR in a WebSphere Extended Deployment environment.
  6. Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WebSphere Application Server, and the core group bridge interface for the WebSphere Application Server Network Deployment cells.
  7. Requires core group bridge setup between the proxy cell and other cells.
  8. Static routing needs to be turned off and core group bridge tunneling needs to be enabled for both the DMZ Secure Proxy Server for IBM WebSphere Application Server, and the core group bridge interface for the WebSphere Application Server Network Deployment cells.
  9. The web server plug-in statistics are obtained from request metrics.
  10. WebSphere Application Server proxy server statistics and DMZ Secure Proxy Server for IBM WebSphere Application Server statistics can be retrieved from Tivoli performance viewer, ARM, and performance mBeans.
  11. Random Load balancing is supported in addition to weighted round-robin.
  12. Web server plug-in can only do static routing.
  13. A web server plug-in indirectly has interoperability with WLM through the exchange of dynamic workload manager (DWLM) Partition Tables between the web server plug-in and WebSphere Application Server. The plug-in uses these tables for dynamic routing and failover scenarios within a cluster.
  14. The proxy server uses the WebSphere Application Server WLM even if the proxy server is running on a z/OS operating system.
  15. Rule expression and custom routing allows administrators to override default WebSphere Application Server routing behavior. For example, you might not want requests forwarded to server1 in a cluster between 11:00 PM and 12:00 PM because you regularly apply maintenance to that server during that time interval.
  16. Proxy server supports load balancing and failover for generic server clusters with passive and/or active affinity.
Table 2. Functionality provided outside of the web server plug-in
Functionality Web server plug-in used with either the IBM HTTP Server or the Apache Web Server with or without Intelligent Management On Demand Router (ODR) DMZ Secure Proxy Server for IBM WebSphere Application Server -OR- WebSphere Application Server proxy server
Common Gateway Interface (CGI) Yes No No
Request URI rewriting Yes No No
Efficient static file serving Yes Basic1 Basic1
Compression Yes Yes Yes
Response filtering Yes Yes2 Yes2
SSL termination Yes Yes Yes
Cryptographic Accelerator3 Yes Yes4 Yes4
FIPS Yes Yes Yes
Third-party/customer-written plug-ins Yes No No
Custom logging Yes Yes No
Disk caching Yes Yes Yes
Asynchronous request handling none or partial6 Yes7 Yes7
Table notes:
  1. WebSphere Application Server proxy servers support basic static file serving.
  2. WebSphere Application Server proxy servers support HTML link rewriting.
  3. This functionality only applies to Cryptographic Accelerators that WebSphere Application Server supports. See the Supported hardware and software web page.
  4. The support is provided by IBM JDK/JCE.
  5. Only NCSA common format is supported.
  6. The connection between a web server plug-in and an application server is synchronous and consumes a thread while reading/writing or waiting for data. See your web server documentation for information about how your particular web server handles client connections.
  7. Proxy server is optimized to handle AJAX long polling requests under large scale deployments.
  8. Sophisticated rules and custom processing can be achieved using Extensible Stylesheet Language Transformations (XSLT).