This content has been marked as final. Show 4 replies
just a quick remark before I get to your question: If you start the APEX Listener that way, you don't use OC4J but run the standalone mode.
And I recommend you update the JDK to be at least JDK 6 Update 20 as listed in the requirements for the APEX Listener.
You can have SSL/HTTPS using a J2EE Container that is configured accordingly. OC4J would be a candidate. SSL is not supported directly in standalone mode. You could put a SSL-capable proxy like Apache HTTP Server in front of your standalone Listener (or any other J2EE Container, of course) to provide HTTPS access easily.
so let me get it clear:
Http Server ( not required) -----> OC4J server ( WLS or Glassfish and configure this as SSL)-----> Apex Listener-----> database
HTTP server ( configure for HTTPS)----> Standalone java container---> Apex Listener
look about right?
which is recommended?
that's right. To have it complete, the APEX Listener connects to the database in the second case as well. ;)
I don't think there is a general recommendation.
Depending on your scenario, it might be useful to use a proxy, because you could use it in a DMZ and would not need to put the J2EE container there. The proxy can usually be hardened much better. It would also offer you the chance to let internal traffic run without SSL and/or using an internal hostname. Furthermore, the proxy could shoulder your static files (images, ...) so these won't have to be part of the deployment plan for J2EE and hence don't cause any additional load there. And you could use it for load balancing/failover configuration.
On the other hand, a proxy is an additional service that needs to be configured, monitored, documented, ... And if you don't use it for external communication, it will add a little "fee" on your round trip times you wouldn't really need.
So decide yourself what fits best to your environment.
In my opinion, the easiest option to get up is a direct WLS SSL implementation. That is what I currently run. This sort of makes sense for fail over as well because you are not dependent on a single point of fail over at the proxy. If all your weblogic instances has shared storage and you store your listener configuration file on that shared storage and said shared stored is mounted to the same location on all of your weblogic servers, you could in theory put apex nodes on any of your Weblogic servers with ease at will just by telling Weblogic to deploy them. I don't know if this is a correct assumption but this is what I have observed.