Monday, November 2, 2009

5.2 The Pros and Cons of Integration








 

 












5.2 The Pros and Cons of Integration





If you're trying to decide whether to run Tomcat

connected to the Apache httpd server, the

following are some important pros and cons to consider about each

approach.







5.2.1 Running Tomcat Standalone





Here are the advantages to

running Tomcat's web server instead of another

product:







  • It's easier to set up.



  • There is no web server connector to worry about.



  • Tomcat standalone has the potential for better security.



  • Migrating to another computer OS or architecture is easier.



  • Upgrading to a new version of only Tomcat is easier.





There are some downsides to this approach as well:







  • Tomcat has less supporting software than Apache

    httpd.



  • Fewer people know Tomcat's web server compared to

    the number of people who know Apache httpd.



  • Tomcat's web server has fewer web server features

    than Apache httpd.



  • Tomcat's fast, but not as fast as Apache

    httpd.





Now let's examine some details of each of those

points. First, the benefits:







  • It's easier to set

    up.     Download Tomcat, set a couple of configuration settings, and

    you're done. You do not need to spend time

    integrating a web server connector into a third-party web server.



  • No connector to worry

    about.     You never need to troubleshoot any performance or connection problems

    between the third-party web server and Tomcat.



  • Potential for better

    security.     Tomcat isn't as susceptible to remote buffer

    overflow exploits as other web servers written in C, C++, or other

    natively compiled languages. Because Tomcat's Java

    virtual machine stands between the network and the OS, it prevents

    nearly all types of buffer-overflow attacks. With

    Tomcat's security realms, access to individual

    resources can be specified, just as they can be with Apache

    httpd. However, thanks to

    Tomcat's security policies, those who run Tomcat can

    precisely define what a web application can and cannot do in a

    fine-grained manner�a feature that the C programming language

    and therefore Apache's httpd

    both lack.



  • Ease of

    migration.     You can migrate Tomcat servers (in addition to applications) to

    different servers, operating systems, and even architectures. After

    setting Tomcat up, running it, and getting used to it, you may not

    want to go through that process again each time you move your site to

    a different computer. Since Tomcat is written in Java, you could copy

    its entire directory structure contents to another computer and run

    it there without any changes, even if the new computer is of a

    different architecture than the original computer it ran on.



  • Ease of

    upgrades.     Grab a new version of Tomcat and install it, and your site should run

    the same as before. Also, you do not need to worry about upgrading

    any third-party web servers.





Now let's examine some details of the downsides:







  • Tomcat has less supporting

    software.     As of this writing, there is less software support for

    Tomcat's built-in web server than there is for the

    Apache httpd web server. That's

    not likely to change very soon. If you do some web searches today for

    software packages that work with the Apache web server,

    you'll find lots of them, whereas

    you'll find very few that were written specifically

    for use with Tomcat's web server. We expect this to

    become less of a problem as time passes and Tomcat becomes more

    popular.



  • Fewer people know Tomcat's web

    server.     Fewer people know Tomcat's built-in web server than

    know the Apache httpd server. If you need

    someone to help you with either one, you could send an email to the

    appropriate mailing list, and you're likely to get

    plenty of responses. But within most of our spheres of local techies,

    we'll find fewer people who know the answers to

    tough Tomcat web server questions (although this book can help change

    that!).



  • Fewer web server

    features.     Tomcat has fewer web server-specific features. The Apache

    httpd server is much more fully featured than

    the Tomcat web server; much of the reason for that is due to its

    longevity and the number of software packages people have written for

    it (see http://modules.apache.org

    for a long list of featureful modules that Tomcat

    doesn't yet have). Again, we expect that Tomcat will

    become more featureful over time in all areas, but

    httpd has a head start of many years.



  • Tomcat's fast, but not as fast

    as Apache httpd.     Tomcat's web server is somewhat slower than Apache

    httpd. It's still improving,

    and it is still very fast, but

    it's not quite as fast as Apache at serving static

    content. If you're serving mostly dynamic content,

    this may not be a big problem for you�the Tomcat web server is

    fast enough to run most of today's corporate web

    sites. Companies with unusually heavy web traffic, however, need to

    squeeze every last bit of performance out of their web server

    machines. In these cases, Tomcat's performance can

    be a deciding factor.





Everyone has their own requirements, experience, and competency, and

those should also factor into the decision about which web server to

use. There are good reasons to go either way, but the remainder of

this chapter is for those who choose to use Apache

httpd as their frontend web server and want to

connect it to Tomcat.









5.2.2 Running Tomcat with Apache httpd





Here

are several reasons to consider running Tomcat with Apache

httpd as a frontend web server:







  • Apache httpd is faster than

    Tomcat's built-in web server.



  • You can take advantage of all of the support software written for

    Apache httpd.



  • Apache httpd has faster startup and shutdown

    times.





Of course, this approach�Apache httpd

running a connector module that connects to Tomcat�has its own

set of negative effects:







  • It is more difficult to set up.



  • It has the potential for dynamic content slowdown.



  • It has the potential for additional security holes.



  • Upgrades are more complicated.





First, we'll examine the benefits of using Apache

httpd connected to Tomcat:







  • Apache httpd is faster than

    Tomcat's built-in web server.     Apache httpd is a little faster, depending on

    the type of content you are serving (see that last item in the

    negative list for running Tomcat standalone).



  • More support software. Apache httpd has a large library of supporting

    software that integrates with it. This can be advantageous if there

    is an Apache module that you need or want to run in addition to your

    servlet web application. All of these modules can work together

    seamlessly as part of the same web site. Various Apache web server

    modules may open up more templating and programming languages to you.



  • Faster startup and shutdown times. Apache httpd's startup and

    shutdown times are generally shorter than Tomcat's.

    If it's critical for you to be able to shut down

    your web server and restart it in less than a few seconds, Apache

    httpd is the way to go. Tomcat is slower to

    start largely because of Java virtual machine startup and shutdown

    times, but it also does quite a bit of initialization of its own

    before it's ready to serve pages.





Now, some details of the negative effects:







  • More difficult to set up. The Apache web server is much more complex to install and get running

    with Tomcat than running Tomcat standalone. There are numerous

    linking, compiling, and versioning issues that can complicate

    installation and operation of Apache when it is connected to Tomcat.

    Troubleshooting broken installations is also difficult.



  • Potential for dynamic content slowdown. If you're serving a large amount of dynamic content

    from your servlet web application, there can be a performance penalty

    to pay due to tunneling requests and responses between Apache

    httpd and Tomcat. Apache

    httpd will serve any static content it has quite

    efficiently, but requests and responses that pass through to Tomcat

    may be handled by Apache httpd and its connector

    module unnecessarily, which can cause a measurable delay. Usually

    this delay is small, but you will need to monitor and watch for this

    problem.



  • Potential for additional security holes. Apache httpd is more susceptible to buffer

    overflow exploit attacks. The Apache authors have done a great job at

    finding and quickly fixing these holes wherever they can, but the

    nature of C code means that it's easy for the

    authors to accidentally introduce exploitable code. Even if there

    aren't any known buffer overflow exploits in the

    version of Apache httpd you run, it may have

    other kinds of security holes.



  • More complicated upgrades. Upgrades are often complicated by inter-package dependencies. For

    example, if you're using a connector module such as

    mod_jk2, you might not be able to upgrade to a

    new version of Apache without upgrading the connector module, and

    possibly Tomcat as well.





Ponder these tradeoffs, and then choose a configuration that you

believe best suits your needs.


















    		 

     


    Posted by at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)