Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSL Connection Pool between HTTP server and Application server

 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a HTTP Server (OHS) and an Application Server (OAS) on two separate boxes.
The connection between them is AJP/SSL using mod_oc4j.
Should I create a SSL connection pool, just like we normally do for
the connections between application and database servers? And How?
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is that anything like SSL connection for database ? Mean secure database connectivity for DB.
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is for the secure connection, which does following things as SSL:

Mutual authentication between OHS and OAS with digital certificates;
Communication session encryption between OHS and OAS;
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Glen Cai:
Should I create a SSL connection pool, just like we normally do for
the connections between application and database servers?


Thanks for the explanation Glen , but I was asking about SSL for database connections as you have mentioned in your post.Is there anything like that ?
 
Jan Cumps
Bartender
Posts: 2588
11
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can set up SSH Port Forwarding.

Here's a how-to for Oracle.
Regards, Jan
[ June 05, 2007: Message edited by: Jan Cumps ]
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jan.

I think I have to use SSL because we have to leave the payload unencrypted.
SSL allows me to do the mutual server to server authentication with certs while leaving the payload unencrypted.

With SSH, the communication between the two servers is always encrypted.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The point of a connection pool is to leave connections open, e.g. to a DB server. Since HTTP is a connection-less protocol (meaning connection are closed as soon the transmission is done), the concept of pools doesn't apply here. (Yes, there's such a thing as HTTP keep-alive, but it still closes connections after a short time).

Using HTTPS instead of HTTP doesn't change this.
[ June 09, 2007: Message edited by: Ulf Dittmer ]
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
The point of a connection pool is to leave connections open, e.g. to a DB server. Since HTTP is a connection-less protocol (meaning connection are closed as soon the transmission is done), the concept of pools doesn't apply here. (Yes, there's such a thing as HTTP keep-alive, but it still closes connections after a short time).

Using HTTPS instead of HTTP doesn't change this.



A new HTTP connection is fine as long as I can use the same SSL channels
over and over for many different HTTP connections.

HTTP connection is cheap, and SSL connection is expensive. It is why we want to pool SSL connection between HTTP server and App server.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In that case, look into HTTP keep-alive, and make sure the parameters are so that the connections don't time out.

Alternatively, use plain HTTP and encrypt the data.

I'm curious: This is an intranet setting where the subnet between the web server and the app server is not trusted? Or is the web server public?
 
Glen Cai
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is an intranet setting.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic