You have a single point of failure. I'd at the very least cluster the JVMs on the app server, and implement some form of vertical scaling.
How do you handle a single point of failure? Have the web servers prepared to send the client a pretty web page when a 500 error is encountered.
I hope that's a WebSphere Application Server. Those are the only
J2EE servers that never, ever, go down.
Cheers!
-Cameron McKenzie