Separating Administration Traffic and User Traffic

$Revision: 1.4 $
$Header: /zpool01/javanet/scm/svn/tmp/cvs2svn/part2/glassfish/www/v3/admin/planning/prelude/admin-user-port-separation.html,v 1.4 2008-08-20 22:28:11 km Exp $
$Source: /zpool01/javanet/scm/svn/tmp/cvs2svn/part2/glassfish/www/v3/admin/planning/prelude/admin-user-port-separation.html,v $

Status: Complete (For bugs, send and e-mail to Kedar Mhaswade )

Scope: GlassFish v3 Prelude (October 2008)

Separating Admin and User Traffic

Describes the task of separating administration traffic and user application traffic at the http-listener layer. The task is described in the admin infrastructure one-pager.

Motivation to do this is that admin traffic is significantly different and should be separable from the user traffic. Since every bundle of GlassFish v3 has its own requirements (some are developer oriented, others are deployment oriented), we have got to choose the defaults well. We have decided to keep the separation intact in all the distributions, by default. In other words, all distributions of GlassFish v3 Prelude will have at least two http-listeners, one of which is named admin-listener (identifying the listener for admin applications/adapters) and the other one (can be named arbitrarily as there are no references to it) on which user applications are available.

Thus, here are the relevant details, by default.

  1. All of admin interfaces are available only on port 4848.
  2. Admin port is 4848 by default.
  3. User port is 8080 by default.
  4. All remote asadmin commands will default the value of --port option to 4848.
  5. The Grizzly Adapter that handles asadmin requests and the bare bones admin-web-requests has a fixed context-root of "__asadmin" on the port 4848. This adapter (known as AdminAdapter) is associated with a virtual-server named __asadmin.
  6. The Grizzly Adapter that handles the admin console (GUI) requests (known as AdminConsoleAdapter) has a fixed context-root of "/". This adapter too, is associated with the virtual server named __asadmin.
  7. By default, all configurations of GlassFish v3 have at least 2 http-listeners, name admin-listener and http-listener-1. Each http-listener is associated to two virtual-servers named "__asadmin" and "server" respectively. A virtual-server "vs1" is associated with a given http-listener when the "default-virtual-server" attribute on that http-listener has a value "vs1".
  8. The application-ref for admin-gui application will have an attribute "virtual-servers" with value "__asadmin" (same as the name of the above virtual server).

If the users want to switch to a configuration where the administration traffic is available on the same port as the user application port (i.e. 8080, by default) following things will need to be done by the users:

  1. Remove the http-listener named "admin-listener" from configuration (domain.xml).
  2. Remove the virtual-server named "__asadmin" from configuration. This is not required, but if the "admin-listener" is removed, this virtual-server is of no use.
  3. The AdminAdapter will have a fixed context-root named "__asadmin". Thus, the asadmin requests and bare bones admin-web-requests are handled at: http://host:8080/__asadmin/. Note that 8080 is just the default. Users can have any value of their choice there. e.g. they can specify it as 80 in which case, the above URL would be: http://host/__asadmin.
  4. The AdminConsoleAdapter will have a configurable context root. The default context-root in this case for admin console is "/admin". This is specified in the <admin-service> element of domain.xml as: <property value="/admin" name="adminConsoleContextRoot" />. Users can change it what they want. Thus, by default, in this case, admin console will be available at: http://host:8080/admin.
  5. All the asadmin commands will expect an option specified as: --port 8080 in this case, since asadmin (being remotable), does not know the admin port on the server and assumes it to be 4848 in all distributions.
  6. The application-ref for admin console application should have virtual-servers attribute pointing to "server" (or the name of the default virtual server, which is "server" (for some reason:)).