WebSphere HTTP Server plug-in architecture

Before diving into specific Hybrid Runtime patterns related to Lotus Domino and WebSphere Application Server, it is appropriate to describe the connectivity options that are available when integrating these products.

The WebSphere HTTP Server plug-in architecture was introduced in WebSphere Application Server V4.0, allowing for the physical separation of the Web server from the application server. While Lotus Domino R5 included a similar capability, it was limited to the use of only Microsoft Internet Information Server (IIS) on the same physical machine as the Lotus Domino server.

The release of Lotus Domino 6 replaces the older Lotus Domino plug-in technology with the new WebSphere HTTP plug-in technology, allowing, for the first time, Domino databases to be placed behind the domain firewall, along with other sensitive data, separated from the Web server.

Ac

c

e

s

s

I

n

tegrat

ion

Collaboration

Information Aggregation

Extended Enterprise

Self-Service

Applic

at

ion I

n

te

grat

ion

Note: While there is a benefit to this separation, it should be noted that the full security

features of Lotus Domino 6 are still intact, and that, in fact, it is still considered safe practice to place a Lotus Domino server within the DMZ in many cases, provided normal Lotus Domino security best practices are followed.

The primary benefits of this architecture, from a Lotus Domino perspective, are:

The elimination of denial-of-service (DOS) attacks on the Domino server itself, since it is placed behind a domain firewall.

Better alignment with normal industry practices in n-tier application deployment, in which most persistent, sensitive data repositories are located behind a domain firewall, and not in the DMZ.

The WebSphere HTTP plug-in architecture has the following characteristics:

The Web server plug-in is implemented as a

filter

, which examines all incoming HTTP requests and routes them to other Web servers based on the composition of the URL. Each Web server has it’s own application programming interface (API) that allows filters to be implemented. For example, Microsoft IIS uses the Internet Server API Specification (ISAPI), and Lotus Domino’s HTTP stack uses the Domino Server API Specification (DSAPI).

Standards-based protocols (HTTP/S) that are supported by firewall products are used, unlike previously, when proprietary transport mechanisms (such as Remote OSE) were used.

There are no special configuration requirements on behalf of the application servers receiving redirected requests from the plug-in; they are simply HTTP/S service providers.

SSL can be used within the DMZ to encrypt network traffic between the Web server and the application server.

The configuration file used by the plug-in is XML-based, and easy to administer. Multiple redirection rules may be defined to one or more application servers as dictated by the topology chosen.

The plug-in supports load balancing and failover capabilities, which offer further scalability with very little additional administrative effort.

Some of the Hybrid Runtime patterns presented later in this chapter utilize a separate logical node with a Web server that connects to an application server using the new Web server plug-in architecture. The simple diagram in Figure 3-2 illustrates the use of the WebSphere HTTP plug-in architecture.

The following observations can be made about this figure:

The Web server may be any Web server and platform combination that is officially supported by an appropriate WebSphere HTTP plug-in. At the time of writing, the HTTP plug-ins shipped with Lotus Domino are available for Microsoft IIS (Win32) and IBM HTTP Server (AIX). Support for additional Web servers on a variety of platforms has been announced.

HTTP (or HTTPS, not represented in this diagram) may be redirected to the application server.

The application server may be either WebSphere Application Server V4, V5 or Lotus Domino R5 or Lotus Domino 6; it must simply respond to HTTP/S requests forwarded from the plug-in.

While port 80 traffic is accepted into the Web server, the plug-in redirects appropriate traffic to the application server through port 9080. Note that the ports that are used when redirecting Web traffic are also completely configurable.

The rules that define the traffic to be redirected to an application server, versus handled locally by the Web server, are configured in the plug-in’s XML-based configuration file on the Web server.

Multiple rules may be defined, routing requests to several back-end application servers based simply on the URL request.

The past three significant releases of WebSphere Application Server have included slightly different technologies that could be used to interface an HTTP Server, such as Lotus

Domino’s HTTP Server, with WebSphere Application Server. Table 3-1 identifies the last three significant point releases of WebSphere Application Server, along with the mechanisms provided to interface WebSphere with an HTTP Server. For each milestone release, the matched version of Lotus Domino’s HTTP server that was supported is included. Note that this table pertains to the Windows NT/2000 platform only; support on other platforms might be slightly different.

Table 3-1 Evolution of WebSphere-Domino connectivity options

The focus of this redbook is on WebSphere Application Server V5 and Lotus Domino 6 connectivity features.

Tip: More information about the WebSphere HTTP plug-in architecture can be found on

the WebSphere InfoCenter site at:

http://publib7b.boulder.ibm.com/wasinfo1/en/info/aes/ae/crun_plugins.html Supported Domino HTTP Versions Remote OSE Servlet redirection HTTP plug-in

WebSphere Application Server 3.5 AE Domino 5 Yes Yes No

WebSphere Application Server 4.x AE Domino 5 and 6 No No Yes

WebSphere Application Server 5.x Domino 6 No No Yes

Restriction: The redbook team used Domino version 6.0.1 and WebSphere Application

Server 5.0 in the lab. Although some of the interface methods do already work, the configuration, Domino 6/WebSphere Application Server 5, is not yet supported. Look for the next maintenance releases of Domino 6 to see if the support for WebSphere

In document Patterns: Custom Designs for Domino and WebSphere Integration (Page 46-49)