Java Reference
In-Depth Information
Fast fail-safe
database
configuration
Fast fail-safe
legacy app
configuration
Data
Web app
server
Web app
server
Web app
server
Firewall
Web
server
Web
server
Web
server
Standby
Sprayer
Firewall
Internet
Figure 10.1 A good topology for performance has layers that do one thing and do it well. This one
has a sprayer, with a hot standby, that takes incoming requests and routes them to one of three
identical web servers. The web server can then request services to build dynamic content from any
of the available web application servers behind the corporate firewall, which in turn can use
database or transactional servers.
Edge servers can provide these functions:
Firewall.
A firewall is a hardware or software layer that sits between two
zones. In our architecture, we have firewalls between our
DMZ
and the
public Internet, and between our
DMZ
and the private intranet. Two
major kinds of firewalls are
filtering
and
proxy
. A filtering firewall, usu-
ally implemented in a router, filters packets, or atomic
TCP/IP
mes-
sages, for security and performance. A proxy firewall allows or denies
outbound traffic based on an existing security policy. For example, a
systems administrator could block
MP3
access with this type of firewall.
In our architecture, we have two firewalls, which are configured with
two different security policies. With such a configuration, only the most
sophisticated attack penetrates both firewalls.
Spraying/load balancing.
A
sprayer
is a network node responsible for
taking requests to a single destination and fanning them out to multiple
physical machines. Usually, a sprayer is identified with a
DNS
name so
that the user community doesn't need to be partitioned. A
load
