httpd SSL -> Tomcat VS. Tomcat SSL standalone?

[Larry Prikockis]

I know the latest edition of the O'Reilly Tomcat book by Brittain and 
Darwin strongly advocates the use of standalone Tomcat as opposed to the 
traditional httpd->Tomcat approach, but this seems to be somewhat of a 
paradigm shift for most people.   I'm interested in hearing what the 
wider community thinks...

Specifically, we have a webapp on a Windows 2003 server that utilizes 
Apache 2.2 SSL as a frontend and mod_proxy_ajp to send requests to 
Tomcat 5.5.17 (on the same server).  By eliminating the Apache frontend 
and just using a Tomcat SSL connector directly, we saw performance 
increases that absolutely dwarfed (400+%) everything else we were 
achieving by tuning various connection parameters of Apache httpd and 
Tomcat.

While I would expect hitting Tomcat directly would be a little faster 
than going through the Apache proxy setup, we didn't expect such 
dramatic differences.  In fact, when comparing Apache w/o SSL -> Tomcat, 
the performance was only a little worse than hitting Tomcat HTTP  directly.

My questions:
1) Any thoughts on why the Apache SSL -> Tomcat combination should be so 
much slower?
2) Are there any security downsides to using Tomcat SSL directly as 
opposed to fronting it with Apache httpd?
3) anyone else have any similar (or contradictory?) experiences?


thanks-
Larry Prikockis
--
Larry Prikockis
System Administrator
[EMAIL PROTECTED]
Phone: (240)737-2900

Vecna Technologies, Inc.
5004 Lehigh Rd
College Park, MD 20740-3821
Phone: (301) 864-7253
Fax: (301) 699-3180
240-737-1699 (office)
www.vecna.com

Better Technology, Better World (TM)

The contents of this message may be privileged and confidential. 
Therefore, if this message has been received in error, please delete it 
without reading it. Your receipt of this message is not intended to 
waive any applicable privilege. Please do not disseminate this message 
without the permission of the author.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]