Академический Документы
Профессиональный Документы
Культура Документы
Jochen Rundholz
NW RIG APA
RIG Know How Conf Calls
Please:
All participants will be muted
Questions in the Q&A section at the end
Important issues via WebEx chat
Mute your phone
Use the Mute button where available or
Key in *6* to mute and *6* to unmute in case you want to ask a question
Give feedback for further improvements
Installation
Administration
Introduction Web Applications and Web Servers
Introduction Load Balancer
Requirements of Business Web Applications
Transcational
Session persistance necessary
Security
Protection of application servers (DMZ, revers proxys, fire walls, ...)
Authentication
Encryption
Stability
High availibility is necessary
RFC
SAP Client/
GUI Server
DIAG
RFC
Dispatcher
Gate-
way
Work
Processes
RDBMS
RFC
Browser SAP Client/
GUI Server
HTTP
DIAG
RFC
Dispatcher
Gate-
way
Work
Processes
ICM RDBMS
J2EE
Server
Processes
J2EE
Dispatcher
Web Browser/
SAP GUI
Web Server
Internet
Central Services
ICM Message-
Enqueue-
Enqueue- Message-
MS Server
Server Server
Server
MPI HTTP
ABAP-Dispatcher Java-Dispatcher
SDM
Server . . . Server
WP ... WP JCo
ABAP JAVA
Cost of device
Performance
Usability
Single point of access only one URL for user, only one official IP
address
Load balancing and configuration via message server
Transactional
Session persistence via cookie (HTTP) or IP address (HTTPS)
Security
Protection of application servers (DMZ, reverse proxy, fire walls, ...)
Authentication
SSL Termination, end to end SSL, re-encryption
Simple request filtering
Pro
Additional features
Re-use existing infrastructure
Unified Web infrastructure for all Web systems (SAP and non-SAP)
Contra
Cost
Less integrated with SAP Web AS
Configuration, operation, maintenance requires special expertise
Redirections
Simple
Bad user experience and maintenance
With SSL
Server certificate must match URL
Every application server needs separate server certificate
High administrative overhead
Expensive
Load
Balancer
Application
Server
Application
Server
Message
Server
Central
Instance RDBMS
SAP
Web
Dispatcher
http://web.acme.com
Dialog
Instance
Dialog
Instance
https://web
IP
https://web:444
https://web1
https://web2
Recommended
Web Server
Internet
Static Web
other
Pages
443
Firewall
Firewall
Reverse Proxy SAP Web
/sap*
Module AS
Optional Web
Forward requests for Dispatcher
/sap* to SAP Web AS for Scaling
Secure Server
Secure Serv. Internal
Internal Server High Security
Network (DMZ) Network
Server
Network Network
(DMZ) Network
Protected
Web Servers
Web Servers Applications
Applications Applications
Internet
Internet
Firewall l
Firewall l
Firewall
Firewal
Firewal
Firewall
DB
Database DB
Access DB
Intern.
Firewall
Router Application
Application SAP
SAPWeb
Web Firew. R/3, FI, HR
& Application
Application
Firewall Proxy
Proxy etc.
Server
Server
Installation
Administration
Sizing
Installation
High Availability
CPU Sizing
Media for the web dispatcher is provided with the J2EE kernel:
C:\usr\sap\<SID>\<Central-Instance>\exe\sapwebdisp.exe
icmadmin.SAR
These are only the minimum files sometimes additional files might be used/helpful
© SAP AG 2004, SAP Web Dispatcher /Jochen Rundholz / 28
Unpack icmadmin.SAR & Folder Structure
Necessary Input
Important Information
Developer Trace
SAP Web
Dispatcher
Redundant
Network
Infrastructure Fail-
Corporate
Over
Network
SAP Web
AS
SAP Web
Dispatcher
High availability
cluster
Installation
dev_wdisp
sapwebdisp.pfl plus default values
sapwebdisp -v
Configuration
Manual
Retrieve from SAP Message Server (hosts, port numbers, ...)
Load balancing
Round-robin (weighted)
Load-based
Use information from SAP Message Server
High availability
Check individual Web AS instances
Use information from SAP Message Server
wdisp/load_balancing_strategy
weighted_round_robin (default): requests are distributed in turn to
the servers, depending on their relative capacity
Preferable for end to end SSL
J2EE23799700
J2EE host2 50200 LB=1
P4 host2 50204 LB=1
The format is:
J2EE<Server node>
J2EE <hostname> <Port> LB=<capacity>
P4 <hostname> <Port> LB=<capacity>
Session
State
Application
est Server
re qu
1st
Load
Balancer
2n d
req
u es
t Application
Server
IP address of client
Works also with encrypted traffic
Problems with proxies not good for Internet
No way to detect stateless requests
Problems with alternative host names
Internet
Firewall
Firewall
SAP Web Corporate
Dispatcher Network
SAP Web
AS
Possibly
filter
requests
Pro
Client authentication with X.509 certificates
End-to-end data security
Load balancer is "untrusted" component
Contra
Persistence based on client IP address only
Load balancing problems
Proxies
End-of-session
But: IP address based persistence usually OK in intranet
No logon groups
No distinction between J2EE and ABAP applications
Pro
Persistence based on application session ID
Logon groups
Detection of application type (ABAP / J2EE), select correct server
Request parsing and URL Filtering
SSL re-encryption is possible
Contra
Harder to configure
Web Dispatcher becomes "trusted component“ (secure channel to
WebAS needed)
Make sure Web Dispatcher does not become performance bottleneck
jochen.rundholz@sap.com
Thank You !
Q&A