Web-Server Networks and DMZs 
Definition
Web-server networks and their associated demilitarized zones (DMZs) differ from server networks and access networks in that horizontal scalability is generally possible. This means that the servers can be made more available by simply adding extra components of similar design. Therefore, design of web-server networks is aimed at ensuring sufficient capacity rather than at securing single servers.
For more information on the high availability aspects of web servers, see the SAP Service Marketplace at the following Internet address:
service.sap.com/ti ® mySAP Technology
Structure
Network Load Balancing
With load balancing, requests to a single server are distributed across similar servers, using the following mechanisms:
· Web switches
· Windows load-balancing server
· Round-robin Domain Name Service (DNS)
· Redirection
These basic mechanisms are described below.
A problem here is session persistence. This means that, for “stateful” applications, the session is stored on the application server. Therefore, all subsequent requests relating to a specific session must be routed to the same server. There are the following solutions to this problem:
· Session cookie
This ensures that all requests for a specific session are correctly assigned to the same session. However, this method does not work with end-to-end Secure Sockets Layer (SSL) encryption.
· Client IP addresses
A specific client IP address is associated with a specific session. This method also functions with SSL and can be used for the Internet Transaction Server (ITS). However, with a large number of users connected using the same proxy server, this method is not sufficiently scalable. With proxy load balancing, this method only functions when specific portions of the IP address are evaluated.
· Direct connection to a special server
Since the same server is always addressed, the contexts are always available. A direct server connection is effectively achieved using round-robin DNS and redirection.
Using SSL session ID to solve the problem of persistence is not a viable solution, because the SSL session is generally shorter than the user session. Therefore, it cannot be used for this purpose.
Web Switches
Intelligent load balancing ensures that requests are distributed to the available servers according to their availability and other defined criteria. In effect a virtual server is created:
In the event of failure, the load balancer notes which server is unavailable and sends it no more requests. This mechanism also enables planned downtime for individual servers without impacting the availability of the virtual server as a whole.
You can increase availability still further by using redundant load balancers with switchover.
In general, load balancers also offer the possibility of network address translation (NAT), so that the transparently connected servers can use a completely different address area of the virtual server.
SAP Web Dispatcher
With Release 6.20 of SAP Web Application Server (SAP Web AS), we provide a further component for web load balancing, the SAP Web dispatcher. This enables load balancing of requests to several SAP Web Application Servers, in a similar way to web switches (as described above). The configuration and the load balancing are based on information regularly received by the SAP Web dispatcher from the message server.
SAP Web Dispatcher
To avoid a single point of failure in the SAP Web dispatcher, you can implement a failover cluster.
For SAP Web AS Release 6.20, failure of the SAP Web dispatcher means that all SSL sessions fail, because the assignment of a session to an application server is based on IP addresses, which are held in the main memory of the SAP Web dispatcher.
In the future we intend to terminate SSL sessions directly in the SAP Web dispatcher, so that session cookies can be used to assign a session to an application server. Therefore, the SAP Web dispatcher will become “state-independent,” enabling failover without data loss.
For
more information, see 
SAP Web
Dispatcher.
Windows Load Balancing Server
Windows Load Balancing Server (WLBS) is a Microsoft technology implemented directly on the web servers (for Windows NT and Windows 2000). There is no single point of failure, because there is no dispatcher process. WLBS is exclusively available in the Advanced Servers.
The software installs a new device driver that enables several machines to run with the same IP address (this differs from the standard IP address of the host). This cluster address is used by clients. Microsoft uses a special driver between the network interface and the TCP/IP stack. The driver generates a virtual Media Acces Control (MAC) address for each host in the cluster, in order to distribute the data stream to all hosts (there are up to 32 hosts).
An algorithm determines which host is to service a request. The hosts are synchronized using a “heartbeat” function. All hosts receive a request and evaluate it before a decision is made as to which host actually services the request.
The configuration can be altered to provide session persistence, if necessary. Client IP addresses are used for this. However, session failover is not possible.
This technology is suitable for the scalability and high availability of web-server farms and terminal servers. However, cluster solutions are preferable for file or print servers and databases.
Round-Robin Domain Name Service
Round-robin Domain Name Service (DNS) is a simple way of achieving a limited form of load balancing. DNS is used to assign logical names to IP addresses. It is possible to assign several IP addresses to one host name. If the host name is addressed, it returns an IP address back to DNS. The IP addresses are returned in sequence, which is why it is called “round robin.” If the host with the returned address is not available, the network connection is not made.
In the event of a server error, there is no automatic forwarding to an available server. Extra effort is required to dynamically adapt DNS. Furthermore, it is not possible to consider load-dependent aspects when distributing requests.
Redirection
This method uses a separate web server to distribute requests between web servers. In fact, a Universal Resource Locator (URL) is called not from the actual web server but from the redirector. The redirector runs a Common Gateway Interface (CGI) program that returns the URL of the required web server and initiates an automatic redirect, as shown in the following graphic:
Session persistence is guaranteed from the start. This is because, after redirection (which occurs at the start), the client is connected to a single server for the entire session. If a web server fails, there is no automatic redirection to an available web server. The address, which points to a redirector, must be called again.
The disadvantage of redirection is that, when used in the internet, each server requires an official IP address and server certificates. Since each server is addressed using its own URL, bookmarks only point to a single server.
Firewalls
Firewalls, used to secure demilitarized zones (DMZs), should also be set up in a redundant way, so that there is no single point of failure. With support of the Virtual Router Redundancy Protocol (VRRP), the firewalls appear transparent. It is possible to switch quickly and balance the load.
Firewall with Redundancy
