cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web Dispatcher placement / implementation issue

bernd_speckmann
Contributor

on ‎04-26-2011 12:57 PM

0 Kudos

Hi there,

just thinking about the following scenario:

Task: Users shoud be able to access WD ABAP apps developed in the ERP system (ICF services) through the Web Dispatcher from our internal LAN and over the internet.

The question is as follows:

Where shoud in place the Web Dispatcher? Or should I install more than one? What is the best practice?

1. One Web Dispatcher located in the DMZ. All internal and external users are connecting through this one.

2. One Web Dispatcher located in the DMS for external (internet) users and one located in our LAN for internal users. Is this

practicable because of different URLs and different SSLcertificates?

3. One Web Dispatcher located in our LAN. Internet users can connect trough firewall NAT policy...

4. Any other option?

What if I want to access more than one system? I know the new Web Dispatcher 7.3 is able to handle more than one system. But this is not recommended? Can I install more than one instance on one Host in this case?

Thanks ahead for your answers...

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎04-26-2011 1:30 PM
0 Kudos

Hey Bernd ,

I would Sugest a Combination of Reverse Proxy (in DMZ) and Web Dispatcher ( in LAN) .

YOur Web Dispatcher can be Installed on a Seperate Instance or You can Install it in the Message Server which is Ideal .

One Web Disatcher is Good Enough If you want to Connect to ONE System with Multiple Apps .

For , Conneting to Multiple Backend Systems , Web Dispatcher 7.3 is a Good Take . I don't Understand the reservation behind not going for the 7.3 Version .

Neverthless , you can Install Multiple Web Dispatchers .

Users in Internet Will Login via Reverse Proxy and then routed to your Web Dispatcher .

the same can be done for your LAN Users too .

Do take care , while URL Generation in ABAP Backend while Calling WDs .

You could use Table HTTURLLOC for controlling the URL Generation .

Regards,

Ashish .A. Poojary

Show replies
Show replies
bernd_speckmann
Contributor
‎04-26-2011 2:04 PM
0 Kudos

Thanks for your answer.

But is there any good option wihout an additional reverse proxy?

Regrads

Former Member
‎04-26-2011 4:00 PM
0 Kudos

Hi,

I don't think there's a better way than having 2 Web dispatchers, one in the DMZ and on in the internal network.

What I would do in that case would be to use only the internal web dispatcher for internal users and to chain both web dispatchers for internat users.

The goal would be to have a globalk http log on the internal web dispatcher.

Regards,

Olivier

Former Member
‎04-26-2011 9:50 PM
0 Kudos

Hello Bernd,

Again question is where are your systems located.

Webdispatcher will just act as reverse proxy to set of application servers wherever they may be located.

Only thing is how you are going to present URL of it to the users.

If you have server within LAN and you can just ask the users to access it with LAN IP where as for external users just NAT it and present it.

Regards

Vivek

bernd_speckmann
Contributor
‎04-27-2011 2:21 PM
0 Kudos

Again the situation:

SAP System |FIREWALL| Internal Lan with internal users |Firewall| DMZ |Firewall| Internet

And the question is where to place one or more Web Dispatcher so that user from the internal LAN and from the internet can access for example a Web Dynpro Application?

What is the best practice in this situation?

Regards and thanks

Former Member
‎04-27-2011 6:44 PM
0 Kudos

Bernd,

I would suggest you place it between SAP systems and first firewall.

Again why I suggest this is HTTP traffic disconnection between application servers and webdispacther due to network components failure reduces. Even you are adding more hops to HTTP traffic anyway due to too many network components already in palce.

Allow the Internal users through the Internal IP with direct webdisptacher URL and work with your network team to NAT the IP at last firewall before the cloud.

Regards

Vivek

bernd_speckmann
Contributor
‎04-28-2011 10:11 AM
0 Kudos

I think I will place two Web Dispatchers here. One or Many (depending on the number of SAP Systems) in the internal LAN and one in the DMZ (Cascade as described in note 740234).

Hope this is an acceptable secure solution as Olivier said.

But shoud I place the internal Web Dispatcher together with the SAP systems in the "SAP network" or seperated by the firewall together with the users in the internal LAN?

Can anybody provide some useful information how to configure the "DMZ Web Dispatcher" especially

with regard to URL rewriting?

Thanks in advance...

Ask a Question