I understand that Citrix NetScaler usually sits in front of citrix servers. Does it also sit in front of non-citrix servers?
>Does it also sit in front of non-citrix servers?
Yes. It is a full-blown load balancer. Or using the newer, fancier, term an "Application Delivery Controller".
It will do all the typical work
distributing to backend
monitoring backend (using several included service monitors)
arrange persistence to backend
offload authentication to frontend and authenticate to backend
offload SSL/TLS from backend
And also:
SSL-VPN gateway
Web cache
Web front end optimization (compression, JavaScript-minification, Sharding, etc.)
Web application firewall
There are several editions and only the most expensive one will give you all the features. Also SSL-VPN is licensed by concurrent users.
It can be used for all other servers for various purposes.
depends on how its configurated, you can use for Loadbalancing level 4( At Layer 4, a load balancer has visibility on network information such as application ports and protocol (TCP/UDP), Reverse Proxy, Storage, etc.
Related
My customer has 2 Windows Server 2019.
On both of them, an instance of a SOAP Web Service is running.
URLs:
https://host1.domainname.com/SOAPService
and
https://host2.domainname.com/SOAPService
Now, the requirement of the customer is to provide a single, unique URL that the clients can use to consume the SOAP WebService(s).
I read through several websites and if I got it right, I need a tool that is called "reserve proxy"... Using this tool, clients can access the webservice by using an URL such as https://host.domainname.com/SOAPService and the tool will automatically route the request to the available webservice.
Correct?
I also have an architectural question:
On which machine do I have to run such a Reserve Proxy?
Is it on host1 or host2 or do I need a dedicated machine (like a supervisor)?
If it is a dediciated machine, how can I apply high availability of this Reverse Proxy? E.g. is it possible to run 2 Reserve Proxies in parallel on different machines? Which tool could afford this?
Thanks
If we have two service for example
Front-end (which is consul-connect enabled)
Back-end (which is not consul-connect enabled).
Is it possible to restrict communication between then through intention. Provided we use Consul-Sync from to moved k8s service into consul catalog. Then back-end which is not consul-connect enabled will show in intention. I tried setting deny between Front-end -> Back-end. If not working Front-end is hitting Back-end. I am missing something Or its like Authorization can only happen between two consul-connect enabled service
This question was recently answered in https://stackoverflow.com/a/68432317/12384224.
Consul intentions are authorization polices that allow you to control access between applications within a service mesh. You must use a sidecar proxy, or natively integrate your application with the mesh, in order to use intentions. They are not applicable if you are only using Consul for service discovery, or your application is not part of the service mesh.
I am developing a website using which is based on a microservices architecture which is containerized with docker. Now I want to communicate with microservices using rest API. I read some articles which show some diagrams that API gateway make some connections to microservices. I am confused about the main purpose of the API gateway.
Gateways are used for cross cutting concerns like authentication, logging and redirect to respective backend services. They are usual the single point of entry for applications and are exposed publicly. the rest of the services can sit behind the firewall that your gateway has access to making backend services secure. you also write your resiliency logic in the gateway by implementing retry or circuit breaker patterns etc.
Since gateway has advantages but it can be single point of failure. so make sure it's highly available by deploying redundant copies
I have setup 2 noted type cluster on FrontEnd and another BackEnd. The FrontEnd has stateless services and the Backend has Statefull and actor services. Now I have seen examples where they use reverse proxy and http:// calls to communicate with stateful services, and other places where they use Remote calls calling fabric:// When should each be used if there is data intensive transfers happening between Frontend and BackEnd node types which would be better protocol?
Actually fabric:// isn't a protocol itself, it's just a syntax for Service Fabric Naming Service to resolve actual location of your service. Remoting is a better choice if you don't have to expose your service to external clients, since it will choose protocol depending on locations on client and service (may use interprocess communication in case both are located on the same node) while using http:// sticks you to only this protocol.
The fabric:// is just an Uri Scheme. It is used to identify named services, like: fabric://MyApp/MyService
There is no right answer to this question, there are many variables to take into account to select the right approach.
You can use both and it will be absolutely fine.
It far more than that, but a a simple overview I can give is:
Using HTTP communication, the services depends only on each other endpoints, and both can be treated isolated from each other during development and deployment, they will communicate even when you change services versions and tech-stack. You can use different technologies like: Java, GO, NodeJS and still have a smooth communication between your services.
Using Remoting, you might get faster communication, but higher coupling between the services, because both need to understand same interfaces and entities used for communication, to keep them in sync(compatible) will most of the time require to deploy new version of both services together.
.
If performance is not an issue at start, I would suggest go simple with HTTP, and migrate if does not attend your demands.
I would like to know the difference between IBM HTTP Server and Wepsphere Application Server. Also i am planning to use WAS. Do i still need the IBM HTTP Server?
From here:-
IBM HTTP Server
IBM® HTTP Server is a full-featured web server that is included with
other products such as IBM WebSphere® Application Server at no charge.
You can use this web server for projects that do not warrant the
expense of a priced and supported HTTP server. The IBM HTTP Server is
based on the Apache HTTP Server and provides a rich set of Apache
features in addition to IBM enhancements.
From here:-
Wepsphere Application Server
IBM® WebSphere® Application Server offers options for a faster, more
flexible Java application server runtime environment with enhanced
reliability and resiliency. It supports single server environments and
medium-sized configurations, as well as dynamic web applications
requiring web tier clustering over multiple application server
instances.
Do i still need the IBM HTTP Server?
Wiki has the answer for it:-
It works with a number of Web servers including Apache HTTP Server,
Netscape Enterprise Server, Microsoft Internet Information Services
(IIS), IBM HTTP Server for i5/OS, IBM HTTP Server for z/OS, and IBM
HTTP Server for AIX/Linux/Microsoft Windows/Solaris. It uses port 9060
for connection as the default administration port and port 9080 as the
default website publication port. In case you install more WebSphere
instances these values will be changed.
A http server is used for routing web requests to a WAS in a typical enterprise scenario. If you are building small apps, and do not need ejbs, just use the http server. If you need ejbs, just use WAS. However, if you need functionality like routing requests to WAS because you do not want the user to hit the WAS directly for security reasons, then use HTTP in front of WAS.
WebSphere is an implementation of J2EE (originally Java 2 but versions handle up to J6EE). This varies from a normal web server in that the latter typically had the task of running scripts or programs using operations that were quite expensive for CPU load. Modern web servers do not have as much penalty but Java based solutions still have their advantages.
For test/dev environments, one does not need to have a web server in front. One can go directly to a WebSphere port (often port 9080) that provides a Java web implementation and not have the administrative burden of the care and feeding of a web server. On the other hand, IBM recommends using a web server for production (especialy for larger production loads). If one does use a web server, there are several that are supported. IBM HTTPS Server is a blue-washed version of Apache (there are some modules that are not supported but there are also lots of extra features to bind easily with WAS).
All the answers are good so let me give my cents ,
Websphere as other java applications, was made to work with dinamic contents .
apache or IHS that is apache IBM plugins can handle with all kinds of http/https requests , static , dinamic , proxy ,cache at the client tags, balance and so on ...
just using apache over java aplications is not the best ,
the best is allow apache handle all static downloads without call it from application server ,
like images and fixed htmls and left application server handle the just dinamic contents .
at this way we can optimize the environment , so development should create a pattern to dispose static and dinamic at different virtual direct like /jsp for dinamic and the rest as static , if not apache cache can be used instead for not overload the application server .
to make the story short , apache is so powerful ans can help a lot the application server sparing the work , a simple and effective usage is done to forward the port using default port 80/443 for http/https instead usual high ports on java application servers , make the apache deliver https is a best option too , instead left java application server care of it , so there is a lot of reasons to use Apache or IHS in front of application servers.