|Oracle9iAS Web Cache Administration and Deployment Guide
Release 2 (9.0.2)
Part Number A95404-02
This chapter describes the performance barriers faced by Web sites and introduces the technology that can provide a complete caching solution.
This chapter contains these topics:
The electronic business model creates new performance requirements for Web sites. To carry out e-business successfully, Web sites must protect against poor response time and system outages caused by peak loads. Slow performance translates into lost revenue.
Many high-volume Web sites try to counter this problem by adding more application Web servers to their existing architecture. As more users access these Web sites, more and more application Web servers will have to be added. In short, the manageability costs associated with adding application Web servers often outweigh the benefits.
Static caches and content distribution services can provide some relief. However, these solutions are unable to serve content that is dynamically generated.
Faced with these performance challenges, e-businesses need to invest in more cost-effective technologies and services to improve the performance of their sites. Oracle offers Oracle9iAS Web Cache to help e-businesses manage Web site performance issues. Oracle9iAS Web Cache is a content-aware server accelerator, or reverse proxy server, that improves the performance, scalability, and availability of Web sites that run on Oracle9i Application Server (Oracle9iAS) and Oracle9i.
By storing frequently accessed URLs in memory, Oracle9iAS Web Cache eliminates the need to repeatedly process requests for those URLs on the application Web server. Unlike legacy proxies that handle only static documents, Oracle9iAS Web Cache caches both static and dynamically generated content from one or more application Web servers. Because Oracle9iAS Web Cache is able to cache more content than legacy proxies, it provides optimal performance by greatly reducing the load on application Web servers.
Figure 1-1 shows the basic architecture. Oracle9iAS Web Cache sits in front of application Web servers, caching their content, and providing that content to Web browsers that request it. When Web browsers access the Web site, they send HTTP protocol or HTTPS protocol requests to Oracle9iAS Web Cache. Oracle9iAS Web Cache, in turn, acts as a virtual server to the application Web servers. If the requested content has changed, Oracle9iAS Web Cache retrieves the new content from the application Web servers. The application Web servers may retrieve their content from an Oracle database.
To Web browsers, Oracle9iAS Web Cache acts as the virtual server for application Web servers. You configure a Load Balancer with the same IP address that is registered for a site's domain name and the application Web servers' host names. This Load Balancer receives requests for Oracle9iAS Web Cache. This configuration enables Web browsers to communicate with Oracle9iAS Web Cache rather than application Web servers when accessing a Web site.
Figure 1-2 shows how Web caching works. Oracle9iAS Web Cache has an IP address of
220.127.116.11 and the application Web server has an IP address of
18.104.22.168. The steps for browser interaction with Oracle9iAS Web Cache follow:
This request in turn generates a request to Domain Name System (DNS) for the IP address of the Web site.
22.214.171.124. This is called a cache miss.
Web caching provides the following benefits for Web sites:
Running on inexpensive hardware, Oracle9iAS Web Cache can increase the throughput of a Web site by several orders of magnitude. In addition, Oracle9iAS Web Cache significantly reduces response time to browser requests by storing documents in memory and by serving compressed versions of documents to browsers that support the GZIP encoding method.
In addition to unparalleled throughput, Oracle9iAS Web Cache can sustain thousands of concurrent browser connections, meaning that visitors to a site see fewer application Web server errors, even during periods of peak load.
Oracle9iAS Web Cache supports content-aware load balancing and failover detection. These features ensure that cache misses are directed to the most available, highest-performing Web server in the cluster. Moreover, a patent-pending capacity heuristic guarantees performance and provides surge protection when the application Web server load increases.
Better performance, scalability and availability translates into cost savings for Web site operators. Because fewer application Web servers are required to meet the challenges posed by traffic spikes and denial of service attacks, Oracle9iAS Web Cache offers a simple and inexpensive means of reducing a Web site's cost for each request.
Most requests are resolved by Oracle9iAS Web Cache, reducing traffic to the application Web servers. The cache also reduces traffic to backend databases located on computers other than the application Web server.
The main features of Oracle9iAS Web Cache make it a perfect caching service for e-business Web sites that host online catalogs, news services, and portals. These features include:
Caching rules determine which documents Oracle9iAS Web Cache caches. Rules fall into three categories:
Administrators can invalidate cache content in one of two ways:
When documents are invalidated and a browser requests them, Oracle9iAS Web Cache refreshes them with new content from the application Web server.
When a document expires, Oracle9iAS Web Cache treats it like an invalid document. If the document is requested by a browser, Oracle9iAS Web Cache refreshes it with updated content from the application Web server.
"Cache Freshness and Performance Assurance" for further information about invalidation
When a large number of documents have been invalidated, the retrieval of a new documents can result in overburdened application Web servers.
To handle performance issues while maintaining cache consistency, Oracle9iAS Web Cache uses built-in performance assurance heuristics that enable it to assign a queue order to documents. These heuristics determine which documents can be served stale and which documents must be refreshed immediately. Documents with a higher priority are refreshed first. Documents with a lower priority are refreshed at a later time.
The queue order of documents is based on the popularity of documents and the validity of documents assigned during invalidation. If the current load and capacity of the application Web server is not exceeded, then the most popular and least valid documents are refreshed first.
"Cache Freshness and Performance Assurance" for further information about performance assurance
Oracle9iAS Web Cache caches and assembles dynamic content for one or more Web sites. From the perspective of Oracle9iAS Web Cache, a site can be either a virtual host site or an ESI provider site. Depending on the site category, you can configure Oracle9iAS Web Cache to perform different functions.
This section covers the following topics:
Virtual host sites are sites hosted by Oracle9iAS Web Cache. In other words, browsers can request cached content from these sites through Oracle9iAS Web Cache. Figure 1-3 shows Oracle9iAS Web Cache caching content for two sites,
www.2nd.company.com. An additional mapping of
www.*.company.com uses *, enabling additional virtual sites that map to
host5 to be added. In addition to caching content, Oracle9iAS Web Cache can also assemble ESI fragments from these sites.
ESI provider sites are those sites that Oracle9iAS Web Cache contacts for ESI assembly only. Browsers are not allowed to request content from these sites.
Figure 1-4 shows an ESI provider site configuration. In this configuration, Oracle9iAS Web Cache receives a request for a page with ESI markup tags. Oracle9iAS Web Cache sends the request to the application Web server. The application Web server uses a portal application to create a template page and sends it back to Oracle9iAS Web Cache for assembly. Oracle9iAS Web Cache includes the ESI fragments for the template page directly from the
www.providersite1.com site and another Oracle9iAS Web Cache server, which is caching content for the
"Content Assembly and Partial Page Caching" for further information about ESI
In order for Oracle9iAS Web Cache to recognize a virtual host site or an ESI provider site, administrators need to perform the following:
Many sites are represented by one or more aliases. Oracle9iAS Web Cache is able to recognize and cache requests for a site and its aliases. For example, site
www.company.com may have an alias of
company.com. By specifying this alias, Oracle9iAS Web Cache caches the same content from either
Oracle9iAS Web Cache uses application Web servers for internal sites and proxy servers for external sites protected by a firewall.
The site-specific caching rules are given a higher priority than the global rules.
It may not be possible to specify a site definition for all external ESI provider sites. If an ESI request is made to a provider that does not match any application Web server mapping, then Oracle9iAS Web Cache uses Domain Name System (DNS) to resolve the site name. Note that this will not work if there is a firewall between the cache and the ESI provider. In that case, you must provide a proxy server mapping that directs the request to the appropriate proxy.
Undefined ESI provider sites disable the following Oracle9iAS Web Cache features:
To further understand the mappings, reconsider Figure 1-3. Web sites
www.2nd.company.com:80 can have site aliases of
2nd.company.com:80, respectively. The site to application Web server mappings are as follows:
www.1st.company.commaps to application Web servers
www.2nd.company.commaps to application Web servers
When Oracle9iAS Web Cache receives a browser request for a document, it determines the destination site using one of the following elements:
Hostrequest-header field from the request
srcattribute of the ESI
Oracle9iAS Web Cache then looks up the configured site settings and mappings to determine if the site is supported, and the application Web servers or proxy servers and caching rules for the site. If there are no site settings and mappings for external ESI provider sites, Oracle9iAS Web Cache uses Domain Name System (DNS) to resolve the site name.
If the request does not include host information, then Oracle9iAS Web Cache sends the request to the default site. A default site is established for the Oracle HTTP Server when Oracle9i Application Web Server is installed. You can specify another site to be the default site.
For high availability and performance, many Internet businesses mirror their Web sites in strategic geographical locations. You can deploy Oracle9iAS Web Caches in a cache hierarchy so that an Oracle9iAS Web Cache server caches content from another Oracle9iAS Web Cache to a local market. Caches serving local markets shortens response time to these markets and reduces bandwidth and rack space costs for the content provider.
Oracle9iAS Web Cache provides supports two kinds of cache hierarchies:
A distributed cache hierarchy centralizes the management of application logic and data to the central cache and provides remote assembly and delivery of content. Compared with full-scale mirroring and database replication, a distributed cache hierarchy provides a more cost-effective model of distributed computing.
The remote cache is configured with the central cache as its application Web server. When the remote cache requests content from the central cache to serve a request, the remote cache identifies itself as an Oracle9iAS Web Cache to the central cache during a transparent registration process. Once registration is complete, the central cache establishes a hierarchical relationship with the remote cache. Registration also enables invalidation messages to be propagated from the central cache to the remote cache.
Figure 1-5 depicts a distributed cache hierarchy. A central cache resides in the United States office and a remote cache resides in the Japan. While the central cache in United States caches content from an application Web server, the remote cache in Japan caches content from the central cache.
In an ESI cache hierarchy, the subscriber cache is configured with the provider caches as its application Web servers. When the subscriber cache requests content from the provider caches for ESI assembly, the subscriber cache identifies itself as an Oracle9iAS Web Cache to the provider caches during a transparent registration process. Once registration is complete, the provider caches establish a hierarchical relationship with the subscriber cache. Registration also enables invalidation messages to be propagated from the provider caches to the subscriber cache.
Figure 1-6 depicts an ESI cache hierarchy. A subscriber cache performs ESI assembly. Provider caches locally cache ESI fragments for ESI provider sites
www.providersite2.com. During ESI page assembly, the subscriber cache contacts the provider caches for the ESI fragments. By caching the ESI fragments locally on the provider caches, fragments are cached both by the provider and subscriber caches. This provides for quick page assembly.
To increase the availability and scalability of your Web site, you can configure multiple instances of Oracle9iAS Web Cache to run as members of a cache cluster. A cache cluster is a loosely coupled collection of cooperating Oracle9iAS Web Cache cache instances working together to provide a single logical cache.
Cache clusters provide failure detection and failover of caches, increasing the availability of your Web site. If a cache fails, other members of the cache cluster detect the failure and take over ownership of the cached content of the failed cluster member.
By distributing the Web site's content across multiple Web caches, more content can be cached and more client connections can be supported, expanding the capacity of your Web site.
Oracle9iAS Web Cache provides the following features for the application Web server and proxy server it supports:
Oracle9iAS Web Cache passes requests for non-cacheable or stale documents to the origin servers. To prevent an overload of requests on the origin servers, Oracle9iAS Web Cache has a surge protection feature that enables you to set a limit on the number of concurrent requests that the origin servers can handle. When the limit is reached, subsequent requests are queued to wait up to a maximum amount of time. If the maximum wait time is exceeded, Oracle9iAS Web Cache rejects the request and serves a site busy apology page to the Web browser that initiated the request.
Most Web sites are served by multiple origin servers running on multiple computers that share the load of HTTP and HTTPS requests. All requests that Oracle9iAS Web Cache cannot serve are passed to the origin servers. Oracle9iAS Web Cache balances the load among origin servers by determining the percentage of the available capacity, the weighted availability capacity of each origin server. Oracle9iAS Web Cache sends a request to the origin server with the highest weighted available capacity. The weighted available capacity is determined by the following formula:
Capacityis the maximum number of concurrent connections that the origin server can accept
Loadis the number of connections currently in use
If the weighted available capacity is equal for multiple origin servers, then Oracle9iAS Web Cache sends requests to the origin servers in round-robin fashion. With round-robin, the first origin server in the list of configured servers receives the request, then the second origin server receives the second request.
If the weighted available capacity is not equal, Oracle9iAS Web Cache sends the request to the origin server with the highest weighted available capacity.
To configure load balancing, set the capacity of each origin server.
Figure 1-7 shows two sites,
www.company.com:80 is supported by application Web servers
company2-host with capacities of 50 each.
www.server.com:80 is supported by application Web servers
server3-host with capacities of 150, 50, and 50, respectively.
Assuming all application Web servers have an initial load of 0, the requests to
www.server.com:80 will be distributed in the following manner:
company2-hostwill be distributed between the two origin servers so that they maintain an equal load. The first request is sent to
company1-host. The second request is sent to
company1-hostis still processing the first request. The third and subsequent requests are sent to the origin server that has the highest weighted available capacity.
www.server.com:80is sent to
server3-host. The second request is sent to
server1-hostnow has a weighted available capacity of 99.3 percent and
server2-hosthas a weighted available capacity of 100 percent. The third request is sent to
server2-hostnow has a weighted available capacity of 98 percent and
server3-hosthas a weighted available capacity of 100 percent. The fourth request is sent to
server3-hostnow have weighted available capacities of 98 percent. The fifth request is sent to
server1-hostbecause its weighted available capacity is 98.6 percent, still greater than that of
After a specified number of continuous request failures, Oracle9iAS Web Cache considers an origin server as failed. When an origin server fails, Oracle9iAS Web Cache automatically distributes the load over the remaining origin servers based on the available load. Oracle9iAS Web Cache polls the failed origin server for its current up/down status until it is back online. When the failed server returns to operation, Oracle9iAS Web Cache will include its weighted available capacity to load balance requests.
The failover feature is shown in Figure 1-8. An outage of
server3-host, which had a capacity of 50, results in 75 percent of requests being distributed to
server1-host and 25 percent request being distributed to
Oracle9iAS Web Cache supports Web sites that use a session ID or session cookie to bind user sessions to a given origin server in order to maintain state for a period of time. To utilize the session binding feature, the origin server itself must maintain state, that is, it must be stateful. Web sites bind user sessions by including session data in the HTTP header or body it sends to Web browsers in such a way that the browser is forced to include it with its next request. This data is transferred either with parameters embedded in the URL or cookies, which are text strings stored on the client.
Figure 1-9 shows how Oracle9iAS Web Cache supports documents that use session binding:
www.server2.comhandles the subsequent requests.
To configure session binding, specify a session definition that specifies the name of session cookie or embedded URL parameter.
"Binding a Session to an Origin Server" for configuration details
Oracle9iAS Web Cache provides the following security-related features:
Oracle9iAS Web Cache restricts administration with the following features:
The Secure Sockets Layer (SSL) protocol, developed by Netscape Corporation, is an industry-accepted standard for network transport layer security. SSL provides authentication, encryption, and data integrity, in a public key infrastructure (PKI). By supporting SSL, Oracle9iAS Web Cache is able to cache pages for HTTPS requests. As shown in Figure 1-10, you can configure Oracle9iAS Web Cache to receive HTTPS browser requests and send HTTPS requests to the origin servers.
When sending requests to origin servers, note that HTTPS traffic can be processor intensive. If Oracle9iAS Web Cache needs to have traffic travel over the open Internet, then configure Oracle9iAS Web Cache to send HTTPS requests to the origin servers. If traffic only travels through a LAN in a data center, then the traffic can be sent with HTTP so as to reduce the load on the origin servers.
SSL interacts with the following entities:
A certificate authority (CA) is a trusted third party that certifies the identity of third parties and other entities, such as users, databases, administrators, clients, and servers. The certificate authority verifies the party identity and grants a certificate, signing it with its private key. The Oracle9iAS Web Cache certificate must be signed by a CA.
Different CAs may have different identification requirements when issuing certificates. One may require the presentation of a user's driver's license, while another may require notarization of the certificate request form, or fingerprints of the requesting party.
The CA publishes its own certificate, which includes its public key. Each network entity has a list of certificates of the CAs it trusts. Before communicating with another entity, a given entity uses this list to verify that the signature on the other entity's certificate is from a known, trusted CA.
Network entities can obtain their certificates from the same or different CAs. By default, Oracle Advanced Security automatically installs trusted certificates from VeriSign, RSA, Entrust, and GTE CyberTrust when you install a new wallet
A certificate is created when a party's public key is signed by a trusted CA. A certificate ensures that a party's identification information is correct, and that the public key actually belongs to that party.
A certificate contains the party's name, public key, and an expiration date--as well as a serial number and certificate chain information. It can also contain information about the privileges associated with the certificate.
When a network entity receives a certificate, it verifies that it is a trusted certificate--one issued and signed by a trusted certificate authority. A certificate remains valid until it expires or is terminated.
A wallet is a transparent database used to manage authentication data such as keys, certificates, and trusted certificates needed by SSL. A wallet has an X.509 version 3 certificate, private key, and list of trusted certificates.
Security administrators use the Oracle Wallet Manager to manage security credentials on the Oracle9iAS Web Cache server. Wallet owners use it to manage security credentials on clients. Specifically, Oracle Wallet Manager is used to do the following:
To support HTTPS for Oracle9iAS Web Cache, create a wallet on the Oracle9iAS Web Cache server for each supported site. When creating listening ports for Oracle9iAS Web Cache, specify the location of the wallet. One wallet can be shared among all the listening ports, or a separate wallet can be created for each port.
To describe how SSL works in an HTTPS connection, the word client is used to describe either a browser or Oracle9iAS Web Cache, and the word server is used to describe either Oracle9iAS Web Cache or an origin server.
The authentication process between the client and server consists of the steps that follow:
At the commencement of an HTTPS network connection between the client and server, an SSL handshake is performed. An SSL handshake includes the following actions:
You can select to have Oracle9iAS Web Cache compress both cacheable and non-cacheable documents upon insertion into the cache for browsers. Because compressed documents are smaller in size, they are delivered faster to browsers with fewer round-trips, reducing overall latency. On average, Oracle9iAS Web Cache is able to compress text files by a factor of 4. For example, 300 KB files are compressed down to 75 KB.
Table 1-1 describes Oracle9iAS Web Cache compatibility with other Oracle9iAS components.
Oracle9iAS Clickstream Intelligence
Starting with Oracle9i Application Server release 2, Oracle9iAS Discoverer has been closely integrated with Oracle9iAS Web Cache to improve Discoverer Viewer's overall scalability, performance, and availability. Oracle9iAS Web Cache ships with a number of predefined caching rules for this purpose, and Oracle9iAS Discoverer uses ESI
See Also: Oracle9iAS Discoverer Configuration Guide
Oracle9iAS Forms Services
Oracle9iAS Web Cache does not currently work applications that use Oracle9iAS Forms Services.
Oracle9iAS Web Cache has been closely integrated with Oracle9iAS Portal to improve Portal's overall scalability, performance and availability. Oracle9iAS Portal ships with a number of pre-defined caching and invalidation policies that ensure optimal use of Oracle9iAS Web Cache. Oracle9iAS Web Cache controls have been built into the Oracle9iAS Portal administrative user interface and can also be specified by content providers through the Portlet Developer Kit (PDK).
See Also: Oracle9iAS Portal online help and Oracle9iAS Portal Configuration Guide
Oracle9iAS Reports Services
Oracle9iAS Web Cache cannot be used to accelerate Oracle9iAS Reports Services in this release.
Oracle9iAS Single Sign-On
Applications that use Oracle9iAS Single Sign-On can take advantage of Oracle9iAS Wireless. Both Oracle9iAS Web Cache and
Oracle9iAS Wireless is integrated with Oracle9iAS Web Cache to improve page rendering performance and scalability. It should be noted that Oracle9iAS Web Cache does not understand WAP and is not used by Oracle9iAS Wireless in the traditional sense in that the cache does not "front-end" the wireless server. Instead, the cache is used as a repository for post-transformed content; the wireless runtime determines what content needs to be inserted into the cache and when to expire content in the cache. Oracle9iAS Wireless, in this case, acts as a device adaptation cache rather than a reverse-proxy cache. Since markup content is cached using Oracle9iAS Wireless, the performance and scalability benefits are due to two factors--reduced device adaptation costs and significantly reduced adapter invocation costs. The savings in terms of device adaptation costs stem form the fact that content that can be shared across users and sessions is essentially transformed only once (for each logical device) from its Mobile XML format. Secondly, since the content is not generated every time by an adapter, the total adapter invocation cost is significantly educed for a site that has a large subset of cacheable pages.