SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation



Similar documents
Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

SAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT

S y s t e m A r c h i t e c t u r e

Load Balancing for Microsoft Office Communication Server 2007 Release 2

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

DMZ Network Visibility with Wireshark June 15, 2010

Proxies. Chapter 4. Network & Security Gildas Avoine

White Paper. Securing and Integrating File Transfers Over the Internet

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS

Ranch Networks for Hosted Data Centers

Owner of the content within this article is Written by Marc Grote

Security Technology: Firewalls and VPNs

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

SAP NetWeaver Application Server architecture

12. Firewalls Content

Application Note. Onsight Connect Network Requirements v6.3

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

How-to-Guide: SAP Web Dispatcher for Fiori Applications

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

So far in the first three chapters of this book we have studied an overview of SAP

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

Availability Monitoring using Http Ping

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Introduction to the EIS Guide

Angel Dichev RIG, SAP Labs

Microsoft Lync Server 2010

F-Secure Messaging Security Gateway. Deployment Guide

Implementation Guide SAP NetWeaver Identity Management Identity Provider

SSL-Based Reverse Proxy Access: Network Security at the Application Layer

NEFSIS DEDICATED SERVER

Barracuda Load Balancer Online Demo Guide

Why a Reverse Proxy with My Instant Communicator for mobiles??

Version Highlights. CertainT 100 SSL Accelerator. Version International. New hardware and software version. North America

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Security threats and network. Software firewall. Hardware firewall. Firewalls

Networking and High Availability

Building a Systems Infrastructure to Support e- Business

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Purpose-Built Load Balancing The Advantages of Coyote Point Equalizer over Software-based Solutions

ExamPDF. Higher Quality,Better service!

Networking and High Availability

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Secure Web Appliance. SSL Intercept

SCUR204 Strong Infrastructure and Network Security for Heterogeneous Applications

Lync SHIELD Product Suite

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

Creating a User Profile for Outlook 2013

Requirement Priority Name Requirement Text Response Comment

Upgrade made easy: SAP Tools, Accelerators and Best Practices for migrating from SAP NetWeaver PI to SAP NetWeaver Process Orchestration

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Oracle Collaboration Suite

Cisco AnyConnect Secure Mobility Solution Guide

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Session Topic:Accelerate Enterprise Application Performance with speed, consistency and scalability

Guideline on Firewall

Proxy Server, Network Address Translator, Firewall. Proxy Server

APV9650. Application Delivery Controller

Recommended IP Telephony Architecture

SAP HANA Cloud Applications Partner Program Certification

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

WhatsUp Gold v16.3 Installation and Configuration Guide

AppDirector Load balancing IBM Websphere and AppXcel

Data Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director

SECURE, SCALABLE E-COMMERCE WEB SITES

Fig : Packet Filtering

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Introduction to Computer Security Benoit Donnet Academic Year

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

Configuring HTTPs Connection in SAP PI 7.10

Lecture 8a: WWW Proxy Servers and Cookies

Chapter 8 Router and Network Management

The Secure Web Access Solution Includes:

Solution of Exercise Sheet 5

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Installation Guide for Pulse on Windows Server 2008R2

Server Scalability and High Availability

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>

IONA Security Platform

Deploying the BIG-IP System with Oracle E-Business Suite 11i

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

CMPT 471 Networking II

Job Reference Guide. SLAMD Distributed Load Generation Engine. Version 1.8.2

Introduction to Mobile Access Gateway Installation

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

LOAD BALANCING TECHNIQUES FOR RELEASE 11i AND RELEASE 12 E-BUSINESS ENVIRONMENTS

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

DPtech ADX Application Delivery Platform Series

Secure Web Appliance. Reverse Proxy

Sophos Mobile Control Technical guide

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Enabling SSL and Client Certificates on the SAP J2EE Engine

Transcription:

A BasisOnDemand.com White Paper SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation by Prakash Palani

Table of Contents 1. Purpose... 3 2. What is Web Dispatcher?... 3 3. Can I balance the load between multiple Java / ABAP Application servers of a single SID?... 4 4. Is it technically possible to have a single Web Dispatcher instance to support multiple backend systems?... 5 5. Are there any general guidelines on Hardware Requirement?... 7 6. Should I go for End-to-End SSL / SSL-Termination? What are the pros and cons of these options?... 9 7. Key Points to Take Home... 10 8. Further Information... 10

1. Purpose This paper is intended to introduce Web Dispatcher and give detailed information on the associated advantages, implementation scenarios, SSL options and hardware sizing information. In general, below are the few questions those arise from the customer when they are looking towards protection / load balancing of an SAP system. What is Web Dispatcher? Can I balance the load between multiple Java / ABAP Application server of a single SID? Is it technically possible to have a single Web Dispatcher instance to support multiple backend systems? Are there any general guidelines on Hardware Requirement? Should I go for End-to-End SSL / SSL-Termination? What are the pros and cons of these options? We will be discussing all the above points in the following sections. 2. What is Web Dispatcher? The SAP Web Dispatcher is an application-level gateway (proxy) for HTTP requests to an SAP Web Application Server. The SAP Web Dispatcher is used as a software Web switch between the Internet and an SAP System. The SAP Web Dispatcher consists of one or more Web Application Servers. As a result, you have only one point of access for HTTP(S) requests in your system. In addition, the SAP Web Dispatcher balances the load so that the request is always sent to the server with the highest capacity. It acts as the single entry point for all web requests destined for applications running on the SAP Web AS. It distributes and load balances these requests among the different application server instances. As such, the SAP Web Dispatcher represents a "first line of defense" against all kinds of attacks at the network and protocol level - mainly denial of service attacks by network flooding, and protocol attacks via malformed URLs and HTTP requests, such as buffer overflow attacks. At the same time, the SAP Web Dispatcher provides load balancing for both stateless and stateful SAP applications, whether they are Business Server Pages (BSP) or Java-based (J2EE) applications. The Web Dispatcher functions keep track of the current load of the application server instances and take care that web requests belonging to one session are always sent to the same application server instance holding that session.

3. Can I balance the load between multiple Java / ABAP Application servers of a single SID? One of the basic functionality of web dispatcher is that, it can help to balance the load between the application servers. Web Dispatcher does not establish connectivity directly with the application servers, rather it will establish the connectivity to Message Server to ensure the load is balanced across application servers. Below are few features of Web Dispatcher related to Load Balancing Client IP address-based Static round robin Weighted round robin Dynamic load balancing Load Balancing and Security Requirement with End-To-End SSL (with one web dispatcher supporting multiple application servers of a single SAP system) In the below scenario, Web Dispatcher is placed in DMZ, it is acting as a reverse-proxy and as a load balancer. The user initiates an HTTPS request and the same protocol (HTTPS) is used to establish connectivity from Web Dispatcher to ASCS, this method is called End-To-End SSL. Architecture

4. Is it technically possible to have a single Web Dispatcher instance to support multiple backend systems? Yes, as of Netweaver 7.2, it is technically possible to a single Web Dispatcher to support multiple back end system. The common pros and cons of the approach is outlined in below table. Area Standalone Single Host Multiple Systems Comments Performance + - In a stand-alone installation there is no competition for hardware resources. However, hardware cost needs to be factored in. Administration - + When systems are separate administration overhead increases. A single action may have to be repeated multiple times on separate systems. Each system has to be started and stopped individually, for example. Configuration actions such as profile parameters. In a single system, actions only have to be performed once. Monitoring + - It is very easy to see that there are fewer systems to monitor in a single host systems. However, there is a higher degree of complexity in diagnostics. When an error does occur there are more possible causes in a single system scenario. In separate systems it is always known what application is causing the problem. Availability + - Separate systems may be stopped and started individually Separate Systems increase availability and hardware costs High Availability with "Single Server with Multiple Systems" is Complex Backup/Recovery + - All systems affected by a Crash / Restore in Single Server with Multiple Systems Infrastructure Security + - Firewall only possible in separate systems (with increased administration). BU specific security requirement may not be achievable. Licensing - + Depending on how third party tools are licensed there is an opportunity for reduced licensing fees with a single system. If tools such as operating system and database tools, monitoring tools, scheduling tools, back-up tools, high availability solutions, print solutions, and so on are purchased and licensed by server then implementing on fewer servers will result in lower costs for the tools. SAP Maintenance Software - + Combined systems are upgraded and patched together

Load Balancing and Security Requirement with SSL Termination (with one web dispatcher against multiple SAP systems) As of Netweaver 7.2, it is possible to use single Web Dispatcher instance connect to multiple backend systems, in addition to that 7.2 is backward compatible and can be connected to systems upto Web AS 6.10. In this scenario, SSL termination is also depicted below, the user initiates an HTTPS request to Web Dispatcher, while communicating with SAP systems, Web Dispatcher uses the HTTP protocol. The main disadvantage of this approach is that the hardware requirement and implementation effort will be little higher. Detailed comparison between E2E SSL and SSL Termination will be discussed in the following sections.

5. Are there any general guidelines on Hardware Requirement? The hardware consumption of the Web Dispatcher is highly influenced by the below variants. Scenario : No SSL Termination of SSL Termination and re-encryption of SSL System Load : Messages per second Message Length (Average length of SAP application is 16 Kbytes We have two different options listed below to size Web Dispatcher, we can choose one of the method based on the information that we have on the requirement. User Based Sizing for CPU: Number of Active Concurrent Users during the peak period : N Average think time between 2 successive user interaction steps : ThT Average Number of Messages per user interaction step : m Messages per second = N * m / ThT CPU Sizing Example SID 1 SID 2 SID 3 SID 4 Number of Active/Concurrent User : 10000 Average Think Time Between 2 Successive Interaction Steps in Seconds 20 Average Number of Messages Per Interaction Step 2 Messages Per Second 1000 #DIV/0! #DIV/0! #DIV/0! #DIV/0! Category Example SID 1 SID 2 SID 3 SID 4 SAPS in case of HTTP 1600 #DIV/0! #DIV/0! #DIV/0! #DIV/0! SAPS in case of HTTPS Termination 2900 #DIV/0! #DIV/0! #DIV/0! #DIV/0! SAPS in case of HTTPS Re-Encryption 3480 #DIV/0! #DIV/0! #DIV/0! #DIV/0! Total SAPs for All the Systems Total SAPS required #DIV/0! * Realistic values for Average Number of Messages per Interaction Step can be obtained by carefully monitoring the network statistics

Throughput Based Sizing for CPU : Peak Load Duration : T Number of Transactions which are processed within the peak load duration : K Average number of messages per transaction : n Messages Per Second = K * n / T It is recommended to monitor network traffic for the application scenario to get the more realistic values for m and n mentioned above. CPU Sizing Example SID 1 SID 2 SID 3 SID 4 Peak Load Duration 1800 Number of transactions which are processed within the peak load 60000 Average Number of Messages per Transaction 10 Messages Per Second 333 #DIV/0! #DIV/0! #DIV/0! #DIV/0! Category Example SID 1 SID 2 SID 3 SID 4 SAPS in case of HTTP 533 #DIV/0! #DIV/0! #DIV/0! #DIV/0! SAPS in case of HTTPS Termination 967 #DIV/0! #DIV/0! #DIV/0! #DIV/0! SAPS in case of HTTPS Re- Encryption 1160 #DIV/0! #DIV/0! #DIV/0! #DIV/0! Total SAPs for All the Systems Total SAPS required 2660 #DIV/0! * Realistic values for Average Number of Messages per Transaction can be obtained by carefully monitoring the network statistics

6. Should I go for End-to-End SSL / SSL-Termination? What are the pros and cons of these options? SSL is required in case of any need to protect the business data such as user credentials (e.g. passwords) and data security. It basically encrypts entire communication between browser and server. Web Dispatcher in End-To-End SSL mode Pro : Client authentication with X.509 certificates End-to-End data security Load balancer is "untrusted" component Contra : Persistence based on client IP address only Load balancing problems : o Proxies o End of Session o IP Address based persistence usually OK in internet No logon groups No distinction between J2EE and ABAP applications Web Dispatcher in SSL Termination mode : Pro : Persistence based on application session ID Logon groups Detection of application type (ABAP/J2EE), select correct server Request parsing and URL filtering SSL re-encryption is possible Contra : Harder to configure Web Dispatcher becomes "trusted component" (secure channel to WebAS needed) Make sure Web Dispatcher does not become performance bottleneck as it needs higher CPU capacity

7. Key Points to Take Home We have various scenarios that can be used while implementing Web Dispatcher, the scenario to be chosen comes down to one's requirement of security, performance, cost, effort, etc., Some of the interesting facts about web dispatcher are listed below. Web Dispatcher is a software load balancer and application layer gateway for SAP Web AS Web Dispatcher is not a reverse proxy, not meant to be. As of Netweaver 7.2, it is possible to have single web dispatcher to cater to multiple backend systems, NW 7.2 based Web Dispatcher is backward compatible and supports up to 6.10 Both End-to-End SSL and SSL Termination are available, SSL options to be chosen based on the requirement and by carefully analyzing the hardware and cost involved in setting up the chosen SSL option It is recommended to perform the sizing exercise with the realistic inputs No additional cost involved for license, Web Dispatcher is delivered at free of cost (part of Web AS) 8. Further Information http://help.sap.com/saphelp_nw73/helpdata/en/b0/ebfa88e9164d26bdf1d21a7ef6fc25/frameset.htm http://service.sap.com/sizing -> Solution and Platforms http://help.sap.com/saphelp_nw73/helpdata/en/b0/ebfa88e9164d26bdf1d21a7ef6fc25/frameset.htm

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information