The Enterprise Data Center topology for Java Applications distributes Oracle Application Server components over multiple computers and tiers. Access to the computers in each tier is guarded by firewalls.
Web Server Tier DMZ: This tier is located just inside the outermost firewall. The load balancer gets requests from external users and forwards them to the two sets of computers in this tier. For each set of computers, you should have at least two computers, to serve as a backup and also to improve performance. You can add more computers to each set as necessary. Internal users also access the Web servers running in this tier.
The computers in this tier run the following components:
One set of computers runs OracleAS Web Cache and Oracle HTTP Server. This tier runs all the Web servers. Oracle HTTP Server and OracleAS Web Cache handle requests for static objects and J2EE applications. They send the requests to computers in the J2EE Business Logic DMZ tier. To increase performance and availability, the mod_oc4j module in Oracle HTTP Server performs load balancing and failover.
Another set of computers runs OracleAS Single Sign-On and Oracle Delegated Administration Services. OracleAS Single Sign-On authenticates internal and external users, and Oracle Delegated Administration Services enable users to edit their profiles in the Oracle Internet Directory.
Infrastructure DMZ: In this tier, you run all components of the OracleAS Infrastructure, except for OracleAS Single Sign-On and Oracle Delegated Administration Services, which run in the Web Server Tier DMZ.
You install the OracleAS Infrastructure behind another firewall so that Web servers do not have direct access to other computers in the enterprise. The OracleAS Metadata Repository and Oracle Internet Directory contain critical data used by OracleAS instances.
OracleAS Metadata Repository contains security metadata, management metadata, and product metadata. J2EE and Web Cache instances and the infrastructure components such as OracleAS Single Sign-On use this repository.
The Oracle Internet Directory contains data for external and internal users. OracleAS Single Sign-On authenticates users based on the data in Oracle Internet Directory.
You can install the OracleAS Metadata Repository and the Oracle Internet Directory in a Real Application Clusters or cold failover cluster environment.
J2EE Business Logic DMZ: In this tier, you deploy and run your applications on J2EE and Web Cache instances. The applications can access the business data in the customer database.
The number of J2EE and Web Cache instances and computers depend on the number of applications that you are running and the number of users. You should have at least two instances so that you can cluster them using OracleAS Clusters. Clustered instances provide greater availability and scalability, and improve performance.
The J2EE firewall prevents Web servers (in the Web Server Tier DMZ) from directly accessing the computers in this tier.
Intranet: This tier contains the computers that run enterprise processes, including databases that contain the business data. The databases can be in a high availability environment such as Real Application Clusters or cold failover cluster. Applications running in the J2EE Business Logic tier can access the databases. If Web servers in the Web Server Tier DMZ become compromised, the intranet firewall prevents the Web servers from accessing the entire corporate intranet.