Does the SSL need to be configured at the Tomcat level or at the Listener Layer.SSL is part of your Tomcat configuration. If you already have an Apache HTTP server with SSL in your farm, you could also configure it to act as reverse proxy and let the Tomcat work without SSL. The connection would then be like
Client (HTTPS) ==> (HTTPS) Proxy (HTTP/AJP) ==> (HTTP/AJP) Tomcat
Also, I see a lot of Glassfish. I'm assuming this is large enterprise server for additional Java EE support, and "supported", because I don't see how a small business could afford the 5K a processor.I get your point for the 5K, but GlassFish is actually the smallest supported JEE container and considered a kind of "light weight" also targeted at small businesses. WebLogic is much more expensive...
But for a small business, is Tomcat considered a suitable alternative for small businesses?If you don't need official support for your business, you'll be fine with Tomcat.