Usually in these sort of scenarios, I've seen something like this: INTERNET ---------------------------------- FIREWALL ---------------------------------- DMZ Web Server, Local Dir, etc. ---------------------------------- FIREWALL ---------------------------------- APP SERVER, DATABASES, etc. ----------------------------------
I would assume the swing stuff makes it a pain but you could serialize swing requests into XML/SOAP and tunnel them through a proxy. >From: Tom Jansto <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: system configuration question using ejb's >Date: Sun, 21 Apr 2002 08:09:43 -0500 > > > hey folk, > > this may be a bit off topic, so i'll apologize up front if so. we have >an > > application that uses a combination of browser and swing based code to > > access our ejb application. we have the ejb server (jboss) setting in a > > dmz. the dmz is a straight forward deployment (cisco switch setting > > behind a router, feeding three firewalls that are load balanced, these > > feed another load balancer that distributes the load over 4 jboss linux > > boxes. oh yeah, there are some hardware ssl accelerators hanging off >the > > inner most load balancer for both the browser and client app traffic.) > > anyways, what we've had to do is crank the firewall session way up to 24 > > hours, (nokia recommends 30 seconds), but that was the only way to make >I > > knew of (that made sense) to keep from having to periodically >re-establish > > the db connection pools into our database. we still have to make sure >we > > push a 'ping' from the connection pool down to the db itself. the >problem > > we are seeing is that the db connections are showing as being closed >from > > the db's view, but the firewall logs don't show any drops or losses. >the > > question boils down to this, is there something missing in the way this >is > > configured? we need both browser and client app access into the ejb > > server, so we need the server in the dmz (otherwise we hit the rmi >behind > > a nat issue). but the firewalls and load balancers all seem to prefer > > stateless connectivity flowing through them. has anyone gotten reliable > > results, and if so, can y'all point me to appropriate sources, to get >this > > to be more reliable? thanks, I realize there are a hundred additional > > details that can be delved into, i'm just trying to determine where to >go > > next in the system architecture. > > > > tom jansto > > [EMAIL PROTECTED] > > > > > > > >=========================================================================== >To unsubscribe, send email to [EMAIL PROTECTED] and include in the body >of the message "signoff EJB-INTEREST". For general help, send email to >[EMAIL PROTECTED] and include in the body of the message "help". > _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
