Tomcat's socket handling abilities are not quite as robust as Apache httpd's are, especially when it comes to system error handling because Tomcat performs all its socket handling through the Java VM. Since Java is designed to be cross-platform, it lacks some system-specific optimizations; socket optimization is one such deficiency. In situations where the BA Server is hit with a large number of dropped connections, invalid packets, or invalid requests from invalid IP addresses, httpd would do a much better job of dropping these error conditions than Tomcat would. Therefore, you can improve BA Server security by fronting Tomcat with httpd.
A side-effect of this configuration is increased performance when delivering static content from the BA Server. For this reason, the same procedure below is covered in the section called Optimize BA Server Performance. If you have already followed the Apache httpd procedure in that guide, there is no need to perform it again with the instructions below.