Application Servers
Load balancing
Firewall
HTTPS
Databases
User Authentication
SNMP
Application
Server integration
The Droplets UI Server currently integrates with ATG Dynamo application servers via a bridge that replaces the Dynamo servlet layer with the Droplets Platform. When using Droplets in conjunction with Dynamo, the presentation layer will reside on the Droplets UI Server, while the rest of the business logic will be hosted by the Dynamo server. See the Droplets-Dynamo Bridge document for full deployment details.
Load Balancing
Droplets Servers are usually clustered in most commercial deployments, with a load balancer distributing connections among them and maintaining Client sessions while communicating with HTTP; the Droplets Optimized Communication Layer (port 8194) maintains an open connection between Client and Server, and so automatically maintains session state. When clustering Droplets Servers, it is recommended that you dedicate one machine for each Droplets Server; the same machine should ideally hold a Web server dedicated to that Droplets Server, as well as an HTTP Tunnel and Redirector.
The Droplets Platform integrates with load balancers (like F5's Big IP) that support Cookie Persistence, the emerging industry standard for commercial Internet environments. These load balancers maintain Client sessions by placing a cookie on outgoing data packets, which are automatically returned by the Droplets Client, uniquely identifying it.
When clustering multiple Droplets Servers in a single deployment, the number of simultaneous connections that should be allowed per Droplets Server depends on the load of the application(s) being served and the power of the machine on which the Server is being hosted.
Firewalls
The Droplets Platform works in conjunction with all major firewalls. The one configuration issue is that the firewall must be set to accept incoming and outgoing connections through port 8194.
The Droplets Server can host secure Droplets that are rendered via SSL and HTTPS in conjunction with an IIS Web server. For details, see the SecureDropletSupport section of the Droplets Server deployment tutorial.
Database Integration
The
Droplets Platform does not impose its own database libraries, but
instead allows developers to use industry-standard libraries like
JDBC and ODBC. Thus Droplet applications can work in conjunction with
any major database vendor. The one exception to this rule is Droplets
Platform authentication, which is explained below.
Authentication Databases
Application developers can indicate in their logic that a Droplet requires authentication at start-up or at any other point during the course of a session. This causes a sub-window to pop up on the Client-side, requesting a user name and password. To this end, the Droplets Server supports plug-in user authentication managers, Java classes or .dll files that implement a set of interfaces for interacting with a database for authentication.
"Out of the box", the Droplets Platform includes a .dll file, DropletUserManagerDb.dll, which works natively with Oracle databases. This is the default user manager for the Droplets Server, and will be used for all Droplet user authentication unless you indicate otherwise in the registry settings. If your authentication data is not stored on an Oracle database, this file will have to be replaced with a Java class/DLL for your own database; see Writing the Droplets User Manager for details.
The Droplets User Manager DLL expects a specific stored procedure to exist within your authentication database. User names should be stored as clear text, and the passwords should be MD5 hashed with a salt (i.e., a random bit of data to be hashed with the password that neutralizes a potential "dictionary" attack). The hashing is done by encryptionw32.dll, a file that is included as a part of your Droplet SDK installation. The salt will always be the same for a given user name. For this reason, you must have a stored procedure that returns the hashed password (plus salt) given an existing user name.
The following steps should be followed in order to set up your authentication system in conjunction with the Droplets Platform:
Java User Manager
-
Install the Droplets Platform;
- Set the
CLASSPATH in the Droplets Server. This is done in the registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Droplet\DropletServer\Java.
The new Classpathn
entry should correspond to the location of the User Manager file. The
n in Classpathn
can be any string (for example, Classpath-DropletAppName),
and allows the classpath to be uniquely identified -- in the event that
a user to whom you give the Droplet already has Classpath
set.
- In the
registry, under HKEY_LOCAL_MACHINE\SOFTWARE\Droplet\DropletServer\apps\<default>:
- Set the "UserManager" string value to "Apps\JavaAppHost.dll"
- Create a subkey called "UserManagerJava"
- Under this new "UserManagerJava" subkey, create a string value named "Class". Set it to the fully qualified class name of your User Manager. Use the forward slash ("/") as the package delimiter, not the period ("."). For example, if your User Manager class is com.yourcompany.MyUserManager, set its value to "com/yourcompany/MyUserManager".
C++ User Manager
Important
note: As of now, when using C++ you must use the pre-existing
UserManager .dll file that comes with the Droplets SDK installation.
Instructions for building your own C++ User Manager will be forthcoming
in the next Droplets SDK release.
- Install
the Droplets Platform;
- Configure
your registry with a connection string to your database. This is done
through the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Droplet\DropletServer\Apps\UserManagerDb,
parameter "ConnectionString".
For example, a typical Oracle value for this parameter would be "system\manager@oracle_sid";
- Create
a stored procedure in your database to retrieve a password by UserName.
By default, this stored procedure is named asp.lookup_password_proc;
if you want to change this, you'll have to do so in the Registry Key
"HKEY_LOCAL_MACHINE\SOFTWARE\Droplet\DropletServer\Apps\UserManagerDb"
under the "PWlookup_StoredProcName"
parameter. See the Registry Key Appendix
for further details;
- Two arguments
must be passed to this procedure (one each for input and output). With
an Oracle database, for example, these would be:
- i_login VARCHAR(25) and - o_password VARCHAR(25);
- Create a table in your database, mapping user names to Droplets-hashed passwords (we provide encryptionw32.dll, which does the hashing).
It is also
possible to create application-specific authentication mechanisms
that over-ride the default user manager DLL, thus creating exclusive authentication
repositories for each of your Droplet applications. This can be accomplished
by creating a registry key for your application
(HKEY_LOCAL_MACHINE\SOFTWARE\Droplet\DropletServer\Apps\
Important
Note: Sites with existing user bases will have to generate the
password table with the Droplets encryption
DLL. If your passwords are available in the database, then they can
be hashed in bulk. If they are known only at login time, a system will
have to be created to generate a password as each person logs in.
The Droplets Server includes an SNMP agent which reports monitoring data that any standard SNMP monitoring tool can hook into and read. If your production environment includes an SNMP monitoring tool, point it at the machine where the Droplets Server is running using port 7777. The Droplets Platform's MIB file, DROPLET-PLATFORM-SERVER-MIB.mib is delivered with the Droplets Server Droplet\Server\SnmpSupport.
The Droplets Platform's MIB file allows you to monitor the following platform information:
|
NAME
|
TYPE
|
DESCRIPTION |
|
clientPort
|
int
|
The port through which the client is connecting to the Server |
|
dropletServerEventQueueGroup
|
int
|
The number of threads servicing the event queue |
|
eventsAdded
|
int
|
The number of events added to the queue |
|
eventsProcessed
|
int
|
The number of events processed and removed from the event queue |
|
queueLength
|
int
|
The number of events currently on the event queue |
|
errorCount
|
int
|
The number of errors encountered processing events |
|
lastError
|
Octet
String
|
A description of the last error |
|
eventLatency
|
int
|
The number of milliseconds that an event spends in the queue |
|
dropletServerUsageMeterGroup
|
Octet
String
|
The last time the counters were reset |
|
activeSessions
|
int
|
The number of sessions active on the Droplets Server |
|
createdSessions
|
int
|
The number of sessions created on the Droplets Server |
|
maxSessions
|
int
|
The highest number of sessions active on the Server |
|
averageSessions
|
int
|
The average number of sessions active on the Server |