■
What is the nature of the applications with respect to security? Do they encrypt all or only a
part of the application inputs and output? What percentage of the information needs to be
securely transmitted?
■
Are the applications going to be deployed on an application server that is directly connected
to the Internet? Will a web server exist in a demilitarized zone (DMZ) separate from the
application server tier and backend enterprise systems?
A DMZ-style deployment is recommended for high security. It is also useful when the
application has a signicant amount of static text and image content and some business
logic that executes on the Application Server, behind the most secure rewall. Application
Server provides secure reverse proxy plugins to enable integration with popular web servers.
The Application Server can also be deployed and used as a web server in DMZ.
■
Is encryption required between the web servers in the DMZ and application servers in the
next tier? The reverse proxy plugins supplied with Application Server support SSL
encryption between the web server and application server tier. If SSL is enabled, hardware
capacity planning must be take into account the encryption policy and mechanisms.
■
If software encryption is to be employed:
■
What is the expected performance overhead for every tier in the system, given the
security requirements?
■
What are the performance and throughput characteristics of various choices?
For information on how to encrypt the communication between web servers and Application
Server, please refer to
Chapter 9, “Conguring Security,” in Sun GlassFish Enterprise Server 2.1
Administration Guide
.
Hardware Resources
The type and quantity of hardware resources available greatly inuence performance tuning
and site planning.
The Application Server provides excellent vertical scalability. It can scale to eciently utilize
multiple high-performance CPUs, using just one application server process. A smaller number
of application server instances makes maintenance easier and administration less expensive.
Also, deploying several related applications on fewer application servers can improve
performance, due to better data locality, and reuse of cached data between co-located
applications. Such servers must also contain large amounts of memory, disk space, and network
capacity to cope with increased load.
The Application Server can also be deployed on large “farms” of relatively modest hardware
units. Business applications can be partitioned across various server instances. Using one or
more external load balancers can eciently spread user access across all the application server
instances. A horizontal scaling approach may improve availability, lower hardware costs and is
suitable for some types of applications. However, this approach requires administration of
more application server instances and hardware nodes.
UnderstandingOperationalRequirements
SunGlassFishEnterpriseServer2.1PerformanceTuningGuide • January200922