Apache Web Server -- Ready for the Enterprise

Copyright 2001 D.H. Brown Associates, Inc. 1

Apache Web Server –Ready for the Enterprise

May 23, 2001

D.H. Brown Associates, Inc.222 Grace Church StreetPort Chester, NY 10573(914) 937-4302Fax: (914) 937-2485

Apache Web Server – Ready for the EnterpriseMay 2001


TABLE OF CONTENTS

EXECUTIVE SUMMARY...................................................................................................................................... 3

APACHE – OPEN SOURCE TECHNOLOGY APPLIED TO TODAY’S BUSINESS PROBLEMS .................... 4

APACHE – READY FOR THE ENTERPRISE ..................................................................................................... 6

APACHE – LEADERSHIP APPLICATION AREAS ............................................................................................ 8

APPLICATION SERVERS........................................................................................................................................ 8CORPORATE WEB INFRASTRUCTURE.................................................................................................................... 8

APACHE – EXPERIENCED IN THE ENTERPRISE.......................................................................................... 10

APACHE AT A LARGE FINANCIAL INSTITUTION ...................................................................................................... 10APACHE AT A LARGE HEALTH INSTITUTION.......................................................................................................... 11

CONCLUSION.................................................................................................................................................... 12



Apache Web Server –Ready for the Enterprise

EXECUTIVE SUMMARYAlthough to many “open source” is synonymous with “Linux,” the Apache project is acknowledged to be the most successful open-source project to date. Apache can trace its roots to the NCSA University of Illinois project written by Rob McCool. When McCool left to work for Netscape, a group of eight volunteers picked up from where he left off. From this modest beginning, the Apache project has evolved far beyond the confines of a standard web server, with a collection of offerings that today exemplify a leading web-deployment platform including Java Server Pages (JSP) and servlets support. In 1995, Apache was generally regarded as falling short of the demands of the enterprise customer. The technology was freely available, but incomplete. The Open Source Software (OSS) model was suspect. Performance was perceived to be slow. Support was something one did for oneself, or with luck, the problem might be deemed interesting enough by a collection of engineers for them to provide support. Certainly, this was not software on which one would bet the success of a business. But Apache continued to evolve. In 1996, Apache displaced the NCSA web server and became the most widely used web server in the world. In 1998, Apache acquired a formidable backer, IBM, who chose Apache as the core technology of its WebSphere product line, and entered into an agreement with the Apache Software Foundation (ASF) to lend ongoing development support to the project. Other companies, such as Sun, HP, Compaq, and Apple today ship Apache along with their operating systems. Enterprise customers are taking notice that the world has changed. The OSS model has proven itself successful. Demand for a fully functional, open-source web server has accelerated the acceptance of Apache technology at a rate unmet by competing proprietary offerings. For the last three years, Apache’s share of servers outside of the firewall as shown by Netcraft1 has increased at an approximate compounded annual growth rate (CAGR) of 11.5%, contrasted with no change to Microsoft IIS, and an average Netscape/iPlanet decline of 12.5% per year. This demand has spawned the birth of companies supplying the support, accountability, and solution infrastructure, which enables the complete solutions required by the enterprise customer. Additionally, this same Netcraft survey shows that today Apache operates on 62% of the websites surveyed, with its nearest competitor being Microsoft IIS at 20%. This means there is a readily available supply of Apache skills in the industry. Apache solutions and vendors exist who can meet the needs of enterprise customers at significantly lower cost. Apache solutions offer flexibility, simplicity, and manageability not available from competing proprietary solutions.

1 See http://www.netcraft.com/survey/, Market Share for Top Servers Across All Domains, August 1995 - April 2001. Netcraft polls approximately 28.7 million internet-connected servers; this excludes servers behind (primarily corporate) firewalls.



APACHE – OPEN SOURCE TECHNOLOGYAPPLIED TO TODAY’S BUSINESS PROBLEMS

Apache is a premier example of technology available under the OSS model. As such, its development has been rapid. There is a large and growing community, developing Apache in areas of consumer interest, on any platform with a following. Influential members of the Apache community claim that the high degree of customization required to implement most web applications makes Apache a better choice than other competing “monolithic” products, since its modularity makes it more flexible and easier to extend. The Apache project consists of dozens of modules that implement and expand the web-server’s capabilities, notably including Jakarta (Java-Apache), XML and the industry-standard Tomcat JSP and servlet engine. These components have been readily packaged into integrated application-server suites by Covalent, a leading Apache company. The Apache technology is proven, building on the successes of those on the front line. Leading-edge sites running Apache include Amazon, Apple, Cisco, CNET, Iomega, Macromedia, MapQuest, Yahoo!,and many more. Unlike proprietary software, new releases of Apache are tested by thousands of people, which leads to more stable releases. In contrast to proprietary software where revenue and marketing constraints drive releases, new versions of Apache are released when the software is ready. The ASF is serious about the correctness of its software, as exemplified by this quotation:

Apache exists to provide a robust and commercial-grade reference implementation of the HTTP protocol. It must remain a platform upon which individuals and institutions can build reliable systems, both for experimental purposes and for mission-critical purposes.2

As a direct result, Apache is a stable, dependable, standards-based technology that does not fail. According to Ryan Bloom, one of the lead developers of Apache 2.0, implementations of Apache on common platforms experience only a handful of confirmed significant bugs each year, which tend to be fixed within 2-4 weeks. On new platforms, bugs tend to relate to porting issues. The version of Apache currently under development (2.0) continues this theme of stability and maintainability. Version 2.0 has been re-architected with a focus on both portability and maintainability. The mission of the Apache Portable Runtime project is to isolate the operating-system interface to a library of C data structures and routines. There is also a test suite exercising the functionality required for Apache, which will serve to speed development and debugging for new platforms. Apache is designed with simplicity and flexibility in mind. Thanks to Robert Thau’s contributions of a modular structure and Application Programming Interface (API) for better extensibility, thousands of developers have created modules for Apache that cover almost any kind of functionality that would be needed by any company. With this modular design, users can plug in the functionality they need, resulting in highly optimized solutions ranging from a lightning-fast static server to a fully functional e-commerce server. For previous versions of Apache, raw performance numbers have been cited, typically comparing an out-of-the-box version of Apache to a vendor’s highly tuned benchmarking special. Not surprisingly, these numbers showed Apache at a disadvantage. And indeed, “Apache is a general web server, which is designed to be correct first, and fast second.3”

2 See http://httpd.apache.org/ABOUT_APACHE.html. 3 See http://httpd.apache.org/docs/misc/perf-tuning.html.



Even so, in real-world applications, Apache’s performance was usually on par with competing implementations. Most sites have less than 10 Mbits/second (the speed of a standard Ethernet connection) of outgoing bandwidth. Apache can fill this running on a single low-end Pentium-based machine. Sites with more bandwidth tend to require more machines due to other considerations such as CGI or database transaction overhead. Since Apache performance was rarely the bottleneck, the development focus had been mostly on correctness and configurability, items of crucial interest to enterprise customers. In the development of the current version, Apache 1.3, performance was enhanced to the point where there is minimal difference with other high-end web servers.



APACHE – READY FOR THE ENTERPRISEIt’s common for CIOs, CTOs, and IT managers at enterprise shops to have significant reservations about Open Source Software, especially when making decisions about mission-critical infrastructure applications. IT decision-makers tend to be risk-adverse, and typically focus on the following concerns:

• Can I obtain support for this software?

• Who is obligated to fix problems with the software?

• Is this software high quality? Is it well documented? How stable is the project? Good answers to these concerns level the playing field. The answers to these OSS-specific concerns are widely debated, and differ among the various OSS projects. Enterprise customers operate at a different level where only one answer is acceptable. OSS or any software must offer the support, accountability, documentation, and stability to serve the entire organization. For Apache, the news is good. World-class service and support are available. The ASF website currently lists 16 companies or consultants who offer commercial support for Apache.4 Primary among these are,

• Covalent. With seven ASF members on staff (and three of the nine ASF board members), Covalent has made a significant investment and commitment to supporting the stability and quality of the Apache project. Covalent offers a wealth of products: server software, including Covalent Secure Server, Commerce Server, Managed Server and Fast Start Server; and Apache plug-ins, including Covalent SSL, AntiVirus, Intrusion Detection, and SNMP. Its service offerings include consulting, training, support, and system-integration services.

• IBM. IBM has four ASF members on staff to make significant contributions, such as improved performance on Windows NT, and to provide technical support. Additionally, these team members and others at IBM ensure that Apache is a leading solution for the enterprise. IBM’s WebSphere product line features Apache as its web server.

For Enterprise customers, the evaluation then moves on to the following business concerns:

• Is this software reliable? According to the Netcraft “Sites with longest running systems by average uptime in the last 90 days” uptime survey, which covers the 50 most-requested sites,5 as of May 12, 2001, all ten of the top ten sites and 45 of the top 50 run Apache.

• How scalable is this software? Apache can run on any hardware, from an old Intel 486 to a Sun UE-10000 or a Compaq GS-320. Unlike web servers based on “shared nothing” operating systems, Apache lends itself well to load sharing in multi-server environments. Scalability is a common topic for papers presented at ApacheCon.6

• How manageable is this software? Apache web servers can drop right into any corporate network-management infrastructure that supports a standard SNMP MIB, such as those based on HP OpenView, CA Unicenter and Tivoli. Junior staff members are especially likely to be familiar with Apache, since nearly every college and university uses it. Books on Apache can be found at nearly every bookstore. IT specialists who want to learn on their own time appreciate access to the code.

4 See http://www.apache.org/info/support.cgi. 5 See http://uptime.netcraft.com/up/today/top.avg.html. 6 See http://www.awe.com/mark/apcon2000/apachecon2000.pdf. Apache e-Commerce Solutions, Cox & Thorpe, ApacheCon

2000, Florida. This paper is just one example of how to build and deploy reliable large-scale systems using Apache.



• Is this software secure? The modular nature of Apache allows problems to be isolated easily and fixed quickly. Source-code availability leverages thousands of users looking at a problem and proposing fixes, rather than having to wait on a few overworked support engineers. Indeed, vulnerability to security holes in unneeded/unwanted features is eliminated, since Apache can be customized to include only required functionality, unlike software available from other vendors.

Although cost tends to be the most visible advantage of OSS, cost only comes into play for enterprise customers after the concerns discussed above are addressed. But this benefit can be significant, especially considering that application-server licenses for large or replicated deployments can run into the hundreds of thousands of dollars or more. Apache leverages this cost benefit. A customer’s funds are better spent on tailoring the product to a specific need, rather than on functionality, which is becoming a commodity. Another benefit is vendor independence. Infrastructure choices are critical, since a change in infrastructure has significant repercussions on the applications running on it. Consider the enormous costs to users (and ensuing bad will) generated by vendors who go out of business, or who drop support of a product. Many vendors offer support for Apache including Covalent, IBM, Red Hat, HP, Compaq, VA Linux Systems, and many others. In the past, only the largest customers have been able to negotiate source-code escrow agreements with vendors to assure that the source code will always be available. Now, everyone who uses Apache has the source code continuously available. In the unlikely event that the worst happens, and part or all of the Apache OSS projects are abandoned or do not enhance areas of interest to a particular customer, they can always make arrangements to support and enhance projects themselves, or work with one of the third parties mentioned above. The last major benefit is that Apache, by definition, is more extensible than proprietary web servers, as anyone (including customers, supporting vendors, or even independent engineers who want to make a name for themselves in the community) can add functionality. IT managers, CIOs and architects should consider putting Apache on their short list of viable solutions. Indeed, Apache exists in many enterprises already, usually brought in at the department level first where there are technical skills to deploy web servers. But its potential as a viable open-source solution is far greater.



APACHE – LEADERSHIP APPLICATION AREAS

APPLICATION SERVERSE-commerce servers based on Apache are widely used in the industry, taking their place as back-end servers to a variety of web storefronts. Nearly all modern e-commerce software and techniques are available on Apache, including web-application servers based on J2EE. IBM has chosen Apache to be the foundation of WebSphere. Other products that support Apache include BEA WebLogic, iPlanet, Oracle, Silverstream, HP Bluestone, and OSS Enhydra.

ENHYDRAThe Enhydra project is the most visible open-source application server available today. The software is an outgrowth of work done by Lutris during the early days of e-business application development. Lutris now offers two versions of this application server: the OSS version, and an inexpensive commercial version for which it provides additional features, testing, and support. Enhydra supports Java servlets, Java Server Pages, and Enterprise Java Beans (EJB).

TOMCATEnterprise customers use Apache with Tomcat to offload their expensive commercial-application servers, especially with stand-alone servlet applications and JSP applications, which do not make use of custom-tag libraries. These inexpensive front-end systems connect easily to and interact with larger Java 2 Enterprise Edition application servers and databases on the back-end of an enterprise solution.

CORPORATE WEB INFRASTRUCTUREFor enterprise customers, their web infrastructure presents significant potential problems, starting with their large size. A complex of systems, legacy applications, and new applications running on a mix of new and old hardware and software from many different vendors challenges the IT department to keep it all running. In addition new capabilities, which are added as they come along, increase the complexity. The following Apache strengths provide viable solutions for these concerns.

APACHE IS AN OPEN STANDARDS-BASED SOLUTIONApache runs on the majority of platforms available today. It is supported on over 160 variants of UNIX, and such proprietary operating systems as OS/400, OpenVMS, all versions of Windows since V3.0, Netware, MAC/OS, and OS/2. Additional platforms are opening as well. IT departments can standardize on Apache (and thereby lessen their complexity and support costs), regardless of other platforms in use.

APACHE SOLUTIONS ARE MANAGEABLEApache web servers can participate in any corporate network-management infrastructure that supports a standard SNMP MIB, such as those based on HP OpenView, CA Unicenter, and Tivoli. Third-party vendors such as Covalent offer GUI-based management tools and installation tools to improve manageability.



APACHE IS EASY TO ACQUIRE, AND THE PRICE IS RIGHTIn the corporate web infrastructure, one size does not fit all. A web server might serve the casual needs of an individual or department, or might support a business-critical application, or any range of needs in between. Apache web servers come in all sizes, from the free, unsupported download for an individual, to the fully supported 24x7 application server. There is no need to worry about the cost and management of licensing; the software is freely available. Additional expenditures for capability and support can be considered and justified on a case-by-case basis; with Apache, there is no requirement to buy unneeded capability or support.



APACHE – EXPERIENCED IN THE ENTERPRISEPart of any evaluation of the suitability of Apache for enterprise customers is the experiences of those who are currently using it.

APACHE AT A LARGE FINANCIAL INSTITUTIONWe interviewed the Assistant Vice President for Web Services of an infrastructure group for a large, multi-national financial institution. This executive’s choice of an Apache supplier is Covalent. 70% of the web servers in the enterprise are Apache. This executive chooses Apache because:

• Apache i s s ta b l e . It is the best UNIX solution available for this primarily Sun/Solaris shop.

• Apache provides the best reliability and uptime. Downtime is to be avoided. Hence, rebooting on a weekly basis (or more often) is not an option. Apache web servers do not hang and their performance does not deteriorate over time.

• Apache i s s tandard . The institution’s standard browsers are certified builds of both Internet Explorer and Netscape. Web pages need to be compatible with both. The availability of non-standard, proprietary HTML extensions threaten to introduce incompatibilities.

• Apache’s f l ex ib i l i t y i s appealing. Although this vice president is a personal believer in OSS, corporate policy mandates that all software be purchased from a vendor who will be accountable for that software, and who will provide maintenance. Covalent provides this assurance.

Although 70% of the web servers in the enterprise are Apache, this executive has experience running many different web servers, including IIS, iPlanet, WebSphere, and WebLogic. Experience has shown that not only are acquisition costs lower for Apache, but on-going maintenance costs are lower as well, since the infrastructure group is not forced to buy unneeded functionality and support. But cost is perceived to be a secondary benefit. Apache’s reliability, scalability, and leverage of experience are the primary benefits. This executive’s experience has shown Apache’s performance in handling its share of the four to five million hits per day load is on par with the other platforms being used. When performance problems are experienced, the bottleneck has been in the network. It is clear that without a company like Covalent, Apache would never be used in this institution, if for no other reason than the corporate requirements of accountability and maintenance. But this vice president perceives additional value from the relationship with Covalent:

• Covalent has a high level of acknowledged Apache expertise, led by its seven ASF members.

• Unlike other higher-profile software companies, Covalent will listen to good ideas. It is appealing to be able to influence Apache development.

• Due to their leading position in Apache development, Covalent knows and shares where the industry and product are most likely headed, lessening the risk of making poor technology-investment decisions.

• Covalent fosters a s en s e o f c ommuni t y . Experiences and possible solutions to common problems are shared.



APACHE AT A LARGE HEALTH INSTITUTIONWe also interviewed the Director of e-Business Infrastructure of a large, multi-national institution specializing in health and health-related products and services. Apache has been a corporate standard at this institution for approximately three years. Their initial motivation to change was due to performance problems with their previous web-server platform. The change to Apache solved their performance problems. Performance has been fine ever since. Today, the Director perceives Apache to be the best product available. The most valued Apache features are its source availability, modularity, customizability, and the ease of integrating back-end database applications. And although this institution has a standard hardware platform for web servers, the fact that Apache is available on a wide range of platforms is perceived as highly valuable. The Director is not a believer in OSS per se, but rather a believer in excellent software. In the director’s view, as in the rest of the industry, some OSS software is better than others. But the OSS value proposition of source code availability has proven crucial to solving problems in the past. Covalent’s products and services are currently being piloted at the institution. The institution requires support and easily-installed, prepackaged, and tested distributions. Covalent products and services meet these needs.



CONCLUSIONThis is a good time to consider Apache. Apache solutions and vendors exist which can meet the needs of enterprise customers and at significantly lower cost. Secure Apache solutions offer flexibility, simplicity, and manageability not available from competing proprietary solutions.

Documents

Apache Web Server -- Ready for the Enterprise