5.2 The Pros and Cons of Integration
If you're trying to decide whether to run Tomcat
connected to the Apache httpd server, the
following are some important pros and cons to consider about each
approach.
5.2.1 Running Tomcat Standalone
Here are the advantages to
running Tomcat's web server instead of another
product:
It's easier to set up.
There is no web server connector to worry about.
Tomcat standalone has the potential for better security.
Migrating to another computer OS or architecture is easier.
Upgrading to a new version of only Tomcat is easier.
There are some downsides to this approach as well:
Tomcat has less supporting software than Apache
httpd.
Fewer people know Tomcat's web server compared to
the number of people who know Apache httpd.
Tomcat's web server has fewer web server features
than Apache httpd.
Tomcat's fast, but not as fast as Apache
httpd.
Now let's examine some details of each of those
points. First, the benefits:
It's easier to set
up. Download Tomcat, set a couple of configuration settings, and
you're done. You do not need to spend time
integrating a web server connector into a third-party web server.
No connector to worry
about. You never need to troubleshoot any performance or connection problems
between the third-party web server and Tomcat.
Potential for better
security. Tomcat isn't as susceptible to remote buffer
overflow exploits as other web servers written in C, C++, or other
natively compiled languages. Because Tomcat's Java
virtual machine stands between the network and the OS, it prevents
nearly all types of buffer-overflow attacks. With
Tomcat's security realms, access to individual
resources can be specified, just as they can be with Apache
httpd. However, thanks to
Tomcat's security policies, those who run Tomcat can
precisely define what a web application can and cannot do in a
fine-grained manner�a feature that the C programming language
and therefore Apache's httpd
both lack.
Ease of
migration. You can migrate Tomcat servers (in addition to applications) to
different servers, operating systems, and even architectures. After
setting Tomcat up, running it, and getting used to it, you may not
want to go through that process again each time you move your site to
a different computer. Since Tomcat is written in Java, you could copy
its entire directory structure contents to another computer and run
it there without any changes, even if the new computer is of a
different architecture than the original computer it ran on.
Ease of
upgrades. Grab a new version of Tomcat and install it, and your site should run
the same as before. Also, you do not need to worry about upgrading
any third-party web servers.
Now let's examine some details of the downsides:
Tomcat has less supporting
software. As of this writing, there is less software support for
Tomcat's built-in web server than there is for the
Apache httpd web server. That's
not likely to change very soon. If you do some web searches today for
software packages that work with the Apache web server,
you'll find lots of them, whereas
you'll find very few that were written specifically
for use with Tomcat's web server. We expect this to
become less of a problem as time passes and Tomcat becomes more
popular.
Fewer people know Tomcat's web
server. Fewer people know Tomcat's built-in web server than
know the Apache httpd server. If you need
someone to help you with either one, you could send an email to the
appropriate mailing list, and you're likely to get
plenty of responses. But within most of our spheres of local techies,
we'll find fewer people who know the answers to
tough Tomcat web server questions (although this book can help change
that!).
Fewer web server
features. Tomcat has fewer web server-specific features. The Apache
httpd server is much more fully featured than
the Tomcat web server; much of the reason for that is due to its
longevity and the number of software packages people have written for
it (see http://modules.apache.org
for a long list of featureful modules that Tomcat
doesn't yet have). Again, we expect that Tomcat will
become more featureful over time in all areas, but
httpd has a head start of many years.
Tomcat's fast, but not as fast
as Apache httpd. Tomcat's web server is somewhat slower than Apache
httpd. It's still improving,
and it is still very fast, but
it's not quite as fast as Apache at serving static
content. If you're serving mostly dynamic content,
this may not be a big problem for you�the Tomcat web server is
fast enough to run most of today's corporate web
sites. Companies with unusually heavy web traffic, however, need to
squeeze every last bit of performance out of their web server
machines. In these cases, Tomcat's performance can
be a deciding factor.
Everyone has their own requirements, experience, and competency, and
those should also factor into the decision about which web server to
use. There are good reasons to go either way, but the remainder of
this chapter is for those who choose to use Apache
httpd as their frontend web server and want to
connect it to Tomcat.
5.2.2 Running Tomcat with Apache httpd
Here
are several reasons to consider running Tomcat with Apache
httpd as a frontend web server:
Apache httpd is faster than
Tomcat's built-in web server.
You can take advantage of all of the support software written for
Apache httpd.
Apache httpd has faster startup and shutdown
times.
Of course, this approach�Apache httpd
running a connector module that connects to Tomcat�has its own
set of negative effects:
It is more difficult to set up.
It has the potential for dynamic content slowdown.
It has the potential for additional security holes.
Upgrades are more complicated.
First, we'll examine the benefits of using Apache
httpd connected to Tomcat:
Apache httpd is faster than
Tomcat's built-in web server. Apache httpd is a little faster, depending on
the type of content you are serving (see that last item in the
negative list for running Tomcat standalone).
More support software. Apache httpd has a large library of supporting
software that integrates with it. This can be advantageous if there
is an Apache module that you need or want to run in addition to your
servlet web application. All of these modules can work together
seamlessly as part of the same web site. Various Apache web server
modules may open up more templating and programming languages to you.
Faster startup and shutdown times. Apache httpd's startup and
shutdown times are generally shorter than Tomcat's.
If it's critical for you to be able to shut down
your web server and restart it in less than a few seconds, Apache
httpd is the way to go. Tomcat is slower to
start largely because of Java virtual machine startup and shutdown
times, but it also does quite a bit of initialization of its own
before it's ready to serve pages.
Now, some details of the negative effects:
More difficult to set up. The Apache web server is much more complex to install and get running
with Tomcat than running Tomcat standalone. There are numerous
linking, compiling, and versioning issues that can complicate
installation and operation of Apache when it is connected to Tomcat.
Troubleshooting broken installations is also difficult.
Potential for dynamic content slowdown. If you're serving a large amount of dynamic content
from your servlet web application, there can be a performance penalty
to pay due to tunneling requests and responses between Apache
httpd and Tomcat. Apache
httpd will serve any static content it has quite
efficiently, but requests and responses that pass through to Tomcat
may be handled by Apache httpd and its connector
module unnecessarily, which can cause a measurable delay. Usually
this delay is small, but you will need to monitor and watch for this
problem.
Potential for additional security holes. Apache httpd is more susceptible to buffer
overflow exploit attacks. The Apache authors have done a great job at
finding and quickly fixing these holes wherever they can, but the
nature of C code means that it's easy for the
authors to accidentally introduce exploitable code. Even if there
aren't any known buffer overflow exploits in the
version of Apache httpd you run, it may have
other kinds of security holes.
More complicated upgrades. Upgrades are often complicated by inter-package dependencies. For
example, if you're using a connector module such as
mod_jk2, you might not be able to upgrade to a
new version of Apache without upgrading the connector module, and
possibly Tomcat as well.
Ponder these tradeoffs, and then choose a configuration that you
believe best suits your needs.
|
No comments:
Post a Comment