users@glassfish.java.net

Glassfish in the DMZ

From: <glassfish_at_javadesktop.org>
Date: Tue, 24 Feb 2009 11:26:24 PST

Hello,

We are getting ready to deploy our first Java based service into our DMZ. We have a requirement to create services that can be consumed by many different client types. This led us to designing web services. As a team, we have not come across any good documentation on best practices for deploying public facing web services into the wild. I would like to ask the user community some rather basic "how do you..." or "we are thinking of doing X. Is this how you do it?" questions:
* How have companies previously deployed their public facing web services into the DMZ? Are they hosted in GlassFish or something else (like Tomcat)?
* Do people typically deploy their forward facing web services on physically separate application servers from where they deploy their business tier logic? This would imply that they then have to relay the web service request to the business tier in some fashion (either through an additional set of web services, through jrmi, or something else), Which method is used in practice?
* If the web service is hosted in GlassFish and can be accessed from anyone anywhere in the world, how have people secured the GlassFish server? Is there a GlassFish hardening document out there? Is there a best practices blueprint that we missed?
* Our initial design was to separate the web services tier and business tier both physically and logically (into separate application servers). So basically we have a web service deployed into tomcat that then transforms the request into a jrmi request to our ejbs deployed on a separate application server in the dmz. Does this sound logical?

I would very much appreciate any feedback that the community has.

Thank you,
Todd English
[Message sent by forum member 'tenglish' (tenglish)]

http://forums.java.net/jive/thread.jspa?messageID=333625