on 08-09-2011 1:54 PM
Any statistic on which product is better / qualifies better to be used as a reverse proxy.. (& wherein generic (forward) proxy services can be disabled)
Web Dispatcher
Apache
Microsoft IIS
Any other product ?
Thanks,
Hi,
I'm not aware of any official comparison between these products, but the Web Dispatcher "knows" SAP out of the box:
- Load balancing
- Logon groups
- Java and ABAP
Personally, I won't use Web Dispatcher as a RP for Sharepoint, as MS has a better product in their portfolio, as I also won't use IIS or WD as a RP for a public internet presence when the web server runs Apache or Tomcat. IMO. What you choose depends on your scenario:
- Intranet
- Internet
- Reverse proxy for what servers? Only SAP?
br,
Tobias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
> I'm not aware of any official comparison between these products, but the Web Dispatcher "knows" SAP out of the box:
> - Load balancing
> - Logon groups
> - Java and ABAP
> Personally, I won't use Web Dispatcher as a RP for Sharepoint, as MS has a better product in their portfolio, as I also won't use IIS or WD as a RP for a public internet presence when the web server runs Apache or Tomcat. IMO. What you choose depends on your scenario:
> - Intranet
> - Internet
> - Reverse proxy for what servers? Only SAP?
Thanks for responding on this... not many have been able to objectively analyze.
Yes, I missed to mention the scenario. Its for users connecting from Insecure Internet --> reverse proxy server --> web dispatcher --> and then to the SAP EP systems.
Presently, its only for SAP systems. However, the organization might want me to filter one / two urls to other server.
Any further recommendation ? Also, any clue on how can we secure communication ? Should ssl termination at dispatcher be a good choice as dispatcher <-> sap systems is secured (intranet). On the hardware front, I have 2 Xeon Processors, ~25 GB Ram, Win 2K8 Server R2
Hi,
looking at your scenario, you'll have at least 1 reverse proxy in your DMZ and the Web Dispatcher will be an additional reverse proxy (for internal and/or external access).
The Web Dispatcher will be connected to the message server of the portal, so when a server/node goes down, the web dispatcher will be notified. That's a vantage over another reverse proxy.
URL filtering: the Web Dispatcher 7.2 supports more than one SAP backend, but you should take a look into the confguration page at SAP Help to find out if it matches your future scenario.
SSL termination: depends on your security requirement. If you prefer to have 1 external certificate, you can terminate the SSL at the DMZ, if you have to use End-to-End SSL because of some (legal) requirement, you can can pass it through or terminate it at the DMZ and from there create a new SSL connection to the WD and/or Portal.
Sizing: depends on the simultaneous connections and what else runs on your server. Today, SSL isn't as much an impact as it was 10 years ago.
br,
Tobias
Vivek,
compatibility issues with SAP products are ruled out
You'll still ahve the compatibility issues between SAP products. Web Dispatcher 7.0 isn't supported for the Portal 7.0 EHP2 or for the new Portal 7.3.
The Apache reverse proxy works with both, the downside is that Apache does not understand the message server and therefor the AS Java / Portal landscape.
br,
Tobias
Thanks !!!
> URL filtering: the Web Dispatcher 7.2 supports more than one SAP backend, but you should take a look into the confguration page at SAP Help to find out if it matches your future scenario.
I am looking for WD based on 7.3 for both the roles (Reverse proxy and load balancing). But I'll check if there is anything for me to be concerned about...
> looking at your scenario, you'll have at least 1 reverse proxy in your DMZ and the Web Dispatcher will be an additional reverse proxy (for internal and/or external access).
>
> The Web Dispatcher will be connected to the message server of the portal, so when a server/node goes down, the web dispatcher will be notified. That's a vantage over another reverse proxy.
Yes, we have one server reserved for reverse proxy software and another for load balancing (WD).. These two roles need to be on separate servers as per logistics requirement... So, is this what you are talking about..
User <> WD as reverse proxy on server1 <> WD for load balancing server2 <--> EP Message Server.
User | Count |
---|---|
95 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.