Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Course Summary:
The WAS 5 Administration course will start with an introduction to
WebSphere Application Server (WAS), and the installation and configuration
of WAS 5.0. It includes coverage of WAS administration, application
deployment, workload and security management, topics in troubleshooting,
and performance monitoring and tuning
Lab Environment
Softwares on student machines
OS : Windows XP professional
Log-in: user=student, password=student
Software Location : C:\softwares
WAS 5 BASE ( ibmwas5_base_nt.zip)
WAS 5 ND ( ibmwas5_nd_nt.zip)
WAS 5 FixPack2 BASE (was50_fp2_win.zip)
WAS 5 FixPack2 ND ( was50_nd_fp2_win.zip)
WAS 5 Cumulative Fix 13 BASE( was502_cf13_win.zip)
WAS 5 Cumulative Fix 13 ND(was502_nd_cf13_win.zip)
Oracle : Installed on server ( name :fhorcl1)
Oracle driver file ( classes12.zip) located on C:\oracle\lib
JACL scripts located in C:\softwares\scripts
Sample application EAR files located in C:\software\apps
Lab NetWork Deployment setup
Base Base +
Node ND Mgr
Application Server vs. Web Server
Web server: serves pages for viewing in the browser via
HTTP protocol.
IBM WebSphere
BEA Weblogic
SUN One
Oracle Application Server
Macromedia JRUN etc….
Optimized performance
Programming extensions
Extended messaging
Start Beans
Schedule Service
Object pools
Work areas
Application flexibility
Components in WebSphere 5 Base and Network Deployment
IBM HTTP Server 1.3.26
IHS is an Apache based web server.
Webserver plug-ins
Web server plug-ins are used by web servers to identify requests for the WebSphere
Application Server and to forward them.
plug-ins are provided for IBM HTTP Server, Apache Web Server, Microsoft Internet
Information Services, iPlanet and Sun ONE Web Servers, and Lotus® Domino Web
Server.
Application clients
An application client is the interface which is used by client-application to
communicate with services provided by applications running on WebSphere
Application clients are ActiveX, Applet, J2EE client.
Debugger
Profiler
Log analyzer
Components in WebSphere 5 Base and Network Deployment
Data Direct JDBC providers
JDBC drivers provided by a supported database vendors.
DataDirect type 3 (SequeLink)
DataDirect type 4 (ConnectJDBC)
Deployment Manager
Deployment manager is the process that communicates with independent node agents in a Network
Deployment environment. Node agents are installed with the base WebSphere Application Server
but not required until the node is added to a cell in a Network Deployment environment. Each node
agent runs in the node as lightweight (partial J2EE environment) JVM process. Node agents
coordinate such events as configuration synchronization. The Deployment Manager manages all the
nodes in a distributed topology.
DB2 UDB7.2
Not to store the configuration like the earlier versions
To support Database session persistence
IBM Directory Version 4.1
LDAP compatible Directory Service
Components in WebSphere 5 Base and Network Deployment
Switch consultants
The Load Balancer provides switch consultants for Cisco and Nortel switches and a Site
Selector that provides a scaling load balancer.
Edge of network caching technology
Caching is used to reduce network congestion by storing frequently accessed content so
information only has to be retrieved once
What’s New in WAS 5.0
J2EE 1.3 Support
J2EE 1.3 provides enhancements in APIs - Servlets, JSP, EJB
Administration model using JMX
JMX allows to exposes java methods in distributed environment
Workload management enhancements
Enhancements in scalability, Load balancing, availability
Web services support
Improved SOAP support
Private UDDI registry
Performance Enhancements
JMX for admin components
PMI (Performance Monitor Interface)
Tivoli Performance Viewer
Security Enhancements
CSIv2 (common security interoperability)
JAAS
Messaging
Support for Message driven beans
WebSphere 4 Vs WebSphere 5
WAS 4.0 WAS 5.0
Security Association Service CSIv2
(sas)
Security.xml
Sas.server.properties
Resource Analyzer Tivoli Performance
Viewer
Java Admin Console
Wscp Web based console
Tcl Wsadmin
DB repository for config jacl
Domain Xml files for config
Administration Server Cell
Deployment Manager
(similar to Admin
server in 4.0)
WAS 5.0 Architecture - Multitier Application Environments
AAT or WSAD can be used to assemble the necessary files into an .ear
file. WebSphere provides admin tools to install the application into
WebSphere Application Server.
WAS 5.0 Architecture - Base Install Runtime Architecture
WAS 5.0 Architecture: Base Install Components
A base WebSphere Application Server V5 configuration includes only the
application server process. There is no node agent or Deployment
Manager involved in this configuration. No coordination between
application server processes is supported in the base configuration, with
each application server instance having to be separately administered
Node
A node is a logical grouping of WebSphere managed server
processes that share common configuration and operational
control. In the base configuration, each application server is
responsible for its own configuration in the configuration repository
Unlike earlier versions of WebSphere, all the configuration information
will be stored in xml files on file system not in relational db
Application Server
Primary component of WebSphere, runs in JVM and provides run time for
applications
Provides containers (Web container, EJB container etc..)
Provides Services for applications (Object Request Broker (ORB), Name
service (JNDI), Security,service (JAAS and Java 2 security), Admin service
(JMX), Trace service, Performance Monitoring Interface (PMI), Transaction
management, Messaging interfaces (JMS), E-mail interfaces (JavaMail)
Database connection (JDBC) and connection pooling)
WAS 5.0 Architecture: Base Install Components
Web server and Web server plug-in
The WebSphere Application Server works with a Web server to handle
requests for dynamic content from Web applications. The Web server and
application server communicate using the Web server plug-in.
The Web server plug-in uses an easy-to-read XML configuration file to
determine whether a request should be handled by the Web server or the
application server. It uses the standard HTTP protocol to communicate with
the application server, but can also be configured to use secure HTTPS
Embedded HTTP Server
WebSphere provides inbuilt http server for testing, not to be used for
production environment, and default port is 9080.
Virtual hosts
A virtual host is a configuration, enabling a single host machine to resemble
multiple host machines. It allows a single physical machine to support several
independently configured and administered applications. Each virtual host
has a logical name and a list of one or more DNS aliases by which it is
known.
WebSphere provides two default virtual hosts
Admin_host (listens on 9090 , 9043)
Load Balance to reduce congestion , bottle necks and balance the load
over multiple servers
Cluster
Cluster is logical collection of application server processes, to provide
workload balancing
Application servers that belong to a cluster are "members" of that
cluster and must all have identical application components deployed on
them
WAS 5.0 Architecture Network Deployment Components
Managed Process
All operating system processes that are components of the
WebSphere product are called managed servers or managed
processes. All managed process are enabled with JMX .
WebSphere Managed Processes/servers
Deployment Manager (Network Deployment only)
Silent installation
Non interactive
Application Server X X
Application Server Samples X
AAT X
Messaging Features X X
Web server (IBM HTTP) X
Plug-ins X
Log analyzer X X
Tivoli X
Note: For production environment web server and web server plug-ins
will get installed on separate web server machine. JDK will get installed,
no need of external JDK.
WAS 5.0 Installation: PORTS and Pre-Installation Tasks
PORT USE
9080 http transport
9443 https transport
9090 Admin console
9043 Admin console secure port
2809 Boot strap
8880 Soap connector
9101 ORB listener
groupadd mqbrkrs
1. Please go to C:\
C:\sofwares\
sofwares\ folder and extract the
websphere base file “ibmwas5_bast_nt.zip”
To extract , select the file and right click on the
file and choose “Extract All” option
This will create a folder “ibmwas5_base_nt”
folder.
2. To install the software, double click on the
“install.exe”
install.exe” file or “launchpad.bat”
3. This will start the Installation wizard
4. In the language selection window, select English
and click OK.
OK.
5. In the WebSphere Application Server LaunchPad
window, click Install the product,
product, as shown .
WAS 5.0 Installation: Installation
Note: If you are running X-windows with either the Gnome or KDE window managers,
the CD-ROM may automatically be mounted for you. To verify this, simply run mount |
grep /mnt/cdrom. If you get any output, then the CD-ROM has already been mounted.
6. In the wizard language selection window, select English and click OK.
7. In the Welcome to WebSphere Application Server window, click Next to continue, as
shown
WAS 5.0 Base Installation: Finishing Installation
12. In the node name and host name window, enter the
node name and host name for your installation. In our
case we set the node name and host name to machine
name
WAS 5.0 Base Installation: Finishing Installation
13. On windows platform, the install adds services for Websphere and HIS, please give the
username and password that have privileges to stat/stop the services
services and click
Next to start the installation
Workspace
The workspace, allows you to work with your administrative configuration
after selecting an item from the console navigation tree. When you click a
folder in the tree view, the workspace lists information on instances of that
folder type. For example, selecting Servers -> Application Servers shows
all the application servers configured in this cell. Selecting an item, an
application server in this example, will display the Properties page for that
item. The Properties page can then be used to view and edit property values.
Status and Messages areas
The Status area displays along the bottom of the console and remains visible
as you navigate through the administrative console. The area displays two
frames: WebSphere Configuration Problems WebSphere Runtime Messages
Click Previous or Next to toggle between the frames. Click the number to
view details. The interval between automatic refreshes can be adjusted by
expanding Preferences below the messages. In addition, the information
displayed can be refreshed at any time by clicking the icon in the upper-right
of the area. The Messages area displays messages relevant to your
configuration.
WebSphere 5.0: Using the Admin Console
Select Task:The navigation tree on the left side of the console contains links to console pages that
you use to create and manage components in a WebSphere administrative
administrative cell. For example, to
create a JDBC provider you would expand Resources and then select the JDBC Providers
action.
WebSphere 5.0: Using the Admin Console
Start and Stop: Most items can be started and stopped using the administrative console. To start or
stop an item using the console: 1. Select the item type in the navigation
navigation tree. 2. Select the item in
the collection table by checking the box next to it. 3. Click Start or Stop. For example, to start an
existing application server, select Servers ->Application Servers. Place a check mark in the
check box beside the application server you want started and click
click Start
WebSphere 5.0: Using the Admin Console
Saving Configuration:
As you work with the configuration, your changes are saved to temporary
workspace storage. For the configuration changes to take effect, they must
be saved to the master configuration and then synchronized (sent) to the
nodes.Consider the following:
1. If you work on a page, and click Apply or OK, the changes will be saved
in the workspace under your user ID. This will allow you to recover changes
under the same user ID if you exit the session without saving.
2. You need to click Save to save changes to the master repository. This can
be done from the taskbar, from the Messages area, or when you log in if you
logged out without saving the changes.
3. If you don’t save changes to the master repository, the changes won’t be
pushed to your node’s configuration repository. Effectively the new settings
are lost. They are just available as configuration settings in your temporary
workspace.
4. The Save window presents you with the following options:
Save
APIs
EJB 2.0
JDBC 2.0
Servlet 2.3
JSP 1.2
JMS 1.0.2
JNDI 1.2
JTA 1.0
Java Mail 1.2
J2C 1.0
JAAS 1.0
J2EE: Components
Other Clients
C++ programs
VB Programs
J2EE: J2EE Containers
The J2EE server provides underlying services in the form of a container
for every component type. Because you do not have to develop these
services yourself, you are free to concentrate on solving the business
problem at hand.
Container Services
Containers are the interface between a component and the low-
level platform-specific functionality that supports the component
Security
Transaction Management
JNDI
Remote Connectivity
Deployment Descriptor
Deployment descriptors are used to communicate the needs of
application components to the deployer. The deployment descriptor
is a contract between the application component provider or
assembler and the deployer.
DD is XML based file
The EJB component model defines the infrastructure for creating an environment
that separates system services from application business logic. The EJB server and
EJB container deal with all the system service infrastructure included in the
following list: Transactions, Persistence, Resources, Security
Client finds EJB using JNDI
Client uses EJB stubs to invoke
methods on the remote EJB object
Communication via RMI/IIOP
J2EE: Services: JDBC
Provides database connectivity for java programs
A JDBC Driver helps to
Establish connection to database from java
Invoke SQL queries on DB
Handles the results from DB and process them
J2EE: Services: JNDI
JNDI allows components to store and retrieve named java objects
Binding will occur during the startup of application server
Each of the following components will be identified by JNDI name
JDBC DataSource
EJB home
JMS component
Mail Source
J2EE: Services: Transactions
JTA is API from SUN , that allows application to access transactions
JTA specifies java interfaces between transaction manager and
distributed transaction system
JTS is implementation of transaction manager
Enables demarcation (Commit Entire transaction or rollback)
J2EE: Services: J2C
The J2EE Connector architecture is used by J2EE tools vendors and
system integrators to create resource adapters that support access to
enterprise information systems that can be plugged into any J2EE
product
Java run time
J2EE: Services: JMS
The JMS is a messaging standard that allows J2EE application
components to create, send, receive, and read messages. It enables
distributed communication that is loosely coupled, reliable, and
asynchronous.
J2EE: Services: Security
The Java Authentication and Authorization Service ("JAAS") provides a
way for a J2EE application to authenticate and authorize a specific user
or group of users to run it
Role based
Defines Security constraints mostly for web resources
Accessed rules for J2EE components
Constraints and mappings will be defined by development teams in
deployment descriptors of J2EE modules
J2EE: Development Roles
J2EE Product Provider
Implements J2EE API’s IBM WebSphere, BEA Weblogic etc..
Tool Provider
Custom tools to help J2EE application environment
Application assembler
Who assembles pieces together
Application Deployer
Who deploys application into application server
Application Administrator
Who administer and manage the application
Application Assembly: J2EE Application Assembly
DDs
EJB
jar
.war
Servlet
Any application
JSP
assembly process EAR App Server
Tools: AAT, WSAD
Resource files
HTML, GIF, pdf
Client
files
.EAR DD
DD DD DD
Application Assembly: Application Contents
In addition to the J2EE standard DD, vendor specific configuration files (extensions)
These extensions help the generic J2EE apps to fit into the custom environment
IBM implemented these extensions with two files
IBM bindings
Helps to bind application names to platform specific resources
IBM extensions
Configuration for additional services those are not part of J2EE spec.
Toolbar
EJB
Module Workspace
Web
Module
Security
Roles
DD
AAT: Deployment Descriptor
application.xml defines all modules in
EAR file
EJB Module
Web
Module
ejb-jar.xml Web.xml
AAT: Exploring Interface-EJB module
General Tab
Classpath and client jar
IBM Extensions
EJB generalizations,
inheritance
Bindings
Default Datasoruce JNDI for
CMP
General Tab
Specify EJB classes
IBM Extensions
Cache, timeout and transactions
Bindings
JNDI name for EJB
AAT: Exploring Interface-Web Modules
General Tab
Class for the web application
Advanced
Session time out, authorization
Extensions
Reloading, directory browsing
Binding
To locate external resources
AAT: Exploring Interface-RAR, Client Modules
Verify
AAT: Exploring Interface- Global EJB JNDI
Transaction
Attributes
Transactions isolation
levels can set to EJB
methods
Isolation specifies the
transaction behavior in
side the EJB method
Employee Application: Introduction to Employee
Application
Add employee
Delete Employee
To list employees
To delete employee
To edit employee
EmpDemoEjb.jar
Wsadmin
JACL command
file
Installing Enterprise Applications: Tasks & Locations
Following tasks can be achieved via admin console
Create Application Server
Install, uninstall , update, start and stop applications
Configure application environment (variables virtual hosts, classpaths,
security and console users)
Configure Resources , those will be used by applications
JDBC provider, Data source
JMS provider
Mail, URL and Resource Adaptor
Locations
The location of the EAR file before the installation could be
/WebSphere/AppServer/installbleApps
/WebSphere/AppServer/installbleApps
The location of the EAR file after the installation will be
/WebSphere/AppServer/installedApps
/WebSphere/AppServer/installedApps
During the installation the EAR file will extracted to installedApps folder
Applications
Common application file is .EAR file ( Enterprise Archive)
Ear composed of one or multiple modules of
Jar, Ejb jar, .rar
.rar
War (JSP’s , Servlets etc)
Application Server is necessary before installing the application
Application should always link to application Server and Server
Server should be running before attempting to install the application
Installing Enterprise Applications: Creating Application
Server
By default WebSphere
providers an application server
“server1”
Multiple Application Servers will
provide isolation between
applications
Each application server runs in
its own JVM
To Create Application Server
select
Servers>Application
Servers>New
In WebSphere Base admin
console is attached default
server server1
WebSphere base is single
server compatible, multiple
servers can be added but can
not administer via admin
console
Installing Enterprise Applications: Creating Application
Server
1. Select Node
1. In Network Deployment
environment , we can
choose which node we
want to create the 1
server on 2
2. Enter Name 3
3. Choose to Generate
Unique HTTP transport
ports 4
1. WebSphere will manage
to create unique ports
5
for transports
4. Select Template
1. Template to get high
level properties from
existing servers
5. Click Next
Installing Enterprise Applications: Creating Application
Server
Data Source is
connection manager
implementation , that
helps for connection
pooling
Click on Data Sources
to get the existing list
of Data Sources for the
JDBC provider Sources
Click on “New” to add
new Data Source
Installing Enterprise Applications: Creating Data Source
Provide Name, JNDI
name etc. and click on
Apply( for
example:jdbc/EMPDEM
O_DS)
JNDI name is name
used by developers in
the code
J2C authentication need
to be defined before
using the data source
Configure the Custom
Properties before using 1
data source with data
base name and server 3
address
Connection pools sizes 2
can be defined in the
Connection Pool
configuration
Installing Enterprise Applications: J2C authentication for
Data Source
Click on “J2C Authentication Application Data Entries” as shown in the
previous screen
Specify the alias name
Specify the user id and password
User id and password must be valid authentication entries in the
authentication mechanism used
Installing Enterprise Applications: Data Source Custom
Properties
We can set Connection timeout, max, min , reap, other time outs..
The values will be defined as per application’s transaction requirements
Un appropriate values may impact the application performance
Installing Enterprise Applications: Install new Application
(EmpDemo)
To Install new
application select
Applications->Install
New Application
Click on browse
button to locate the
EAR file.
Click Next
To get the list
installed applications
select Applications-
>Enterprise
Applications
Installing Enterprise Applications:Install new Application
(EmpDemo)
Configure JNDI
bindings for EJB’s
WebSphere will assign
default JNDI for any
EJBs, those are left by
developer
Option to allow
WebSphere to override
the developer specified
JNDI names.
Virtual Host for Web
modules
Click Next
Note: In most cases
default values on this
page will work without
any changes.
Installing Enterprise Applications: Install new Application
(EmpDemo)
Map modules to
application servers (keep
default values)
One application can be
distributed on to multiple
servers
Check the module
checkbox , then choose
the server from the list
and then click Apply
Click Next
Note: If you have only
Base install, even though
you see two server, you
should always select
”server1”
Installing Enterprise Applications: Install New Application
(EmpDemo)
Specify EJB
method
protection( keep
the default
values)
Click Next
Installing Enterprise Applications: Install New Application
(EmpDemo)
<WAS Home>\/WebSphere\AppServer\bin\wsadmin.bat
Locate the application EAR and issue the command at wsadmin prompt
Wsadmin> AdminApp install <file path>EmpDemo.ear
WebSphere Class Loaders
Class loaders are part of the Java virtual machine (JVM) code and are
responsible for finding and loading class files
Class loaders affects packaging of applications and run time behavior of
applications
The run-time environment of WebSphere Application Server uses the
following class loaders to find and load new classes for an application in
the following order
Bootstrap classpath ( typically loads from jre/lib)
WebSphere specific extensions class loader
Application module class loader ( Web modules, EJB modules)
Jvm/bootstrap class
loader
WebSphere extensions
Class loader
Application module
Class loader
WebSphere Module Class Loaders
Two class-loader policies control the isolation of
applications and modules
Application class-loader policy
Application class loaders consist of EJB
modules, dependency JAR files, resource
adapters, and shared libraries
When set to SINGLE, applications are not
isolated. When set to MULTIPLE, applications
are isolated from each other
WAR class-loader policy
By default, Web module class loaders load the
contents of the WEB-INF/classes and WEB-
INF/lib directories.
If this policy is set to APPLICATION, then the
Web module contents also are loaded by the
application class loader (in addition to the EJB
files, RAR files, dependency JAR files, and
shared libraries). If the policy is set to
MODULE, then each web module receives its
own class loader whose parent is the
application class loader
WebSphere: Class Loaders Modes
Class-loader modes
There are two possible values for a class-loader mode:
PARENT_FIRST
The PARENT_FIRST class-loader mode causes the class loader to
first delegate the loading of classes to its parent class loader before
attempting to load the class from its local classpath. This is the
default for class-loader policy and for standard JVM class loaders.
PARENT_LAST
The PARENT_LAST class-loader mode causes the class loader to
first attempt to load classes from its local classpath before
delegating the class loading to its parent. This policy allows an
application class loader to override and provide its own version of a
class that exists in the parent class loader
Example : log4j.jar or xml parser might be provided by application
server provider, but if development team decided not to use these
libraries they can use specific versions delivered with their app.
WebSphere 5.0 Network Deployment Install
cell Node
Deployment manager
Node Node
Node agent
Node agent
Where:
<cell_host> is the host name of the deployment manager. Use the
host name you noted during the installation.
<cell_port> is by default port 8879.
The -includeapps option will include the installed applications on this server node.
For example:
cd /opt/WebSphere/AppServer/bin
./addNode.sh student6 8879 –includeapps
./addNode.sh student6 8879 –includeapps
cd <WAS Home>\opt\WebSphere\AppServer\bin
addNode.bat student6 8879 –includeapps
addNode.bat student6 8879 -includeapps
1. Copy your enterprise application archive (EAR) file to the Deployment Manager
installableApps folder, for example:
cp Hello.ear /opt/WebSphere/DeploymentManager/installableApps
Follow any windows copy procedure to copy the file
2. To open the Network Deployment Administrative Console, start your Web browser
and enter the following URL:
http://localhost:9090/admin
3. The Administrative Console Login window should appear. Enter a user ID and click
OK.
4. Select Applications -> Install New Application in the navigation pane on the
left.
5. In the Preparing for the application installation window, browse to the installableApps
folder, select the EAR file
/opt/WebSphere/DeploymentManager/installableApps/Hello.ear.
C:\><WAS Home>\WebSphere\DeploymentManager\installableApps\Hello.ear.
and click Next,
6. Click Next in the following window to use the existing bindings and mappings defined
in the EAR file.
WebSphere 5.0 Deploying a Sample Clustered Application
10.In Step 4: Summary, review your selections and click Finish to deploy the
enterprise application.
11.Don’t forget to click Save after successfully installing the application.
12.By default, the newly installed applications are not started. To start the
application, select Applications -> Enterprise Applications, check Hello in
the application list, and click Start.
13.Select Environment -> Update Web Server Plugin in the navigation
tree,then click OK to update the Web server plug-in configuration file.
14.Copy the plug-in configuration file from the Deployment Manager node to
the Web server machine. For example:
scp /opt/WebSphere/DeploymentManager/config/cells/plugin-cfg.xml
\websrv1l:/opt/WebSphere/AppServer/config/cells/plugin-cfg.xml
Copy the file via shared folder or flash drive
16.Using a Web browser, enter the URL for the application, for
example:
http://websrv1l/Hello/hello.JSP Requests should be workload
managed across the available cluster servers.
As shown in the screens on next slide , our user requests are
workload managed across the ITSO WLM Server1 and ITSOWLM
Server2.
Note : WebSphere Network Deployment is not installed on our Web
server machine, so we also must edit the plugin-cfg.xml file and
replace all path references of /opt/WebSphere/DeploymentManager
with /opt/WebSphere/ApplicationServer. Also replace the node name
with IP if you don’t have DNS.
Replace all the occurrences of C:\><WAS
Home>\WebSphere\DeploymentManag
er with C:\><WAS Home>\WebSphere\ApplicationServer
WebSphere 5.0 Horizontal Cluster Configuration, Start the
Cluster
Managing WebSphere Application Server Using wsadmin
JMX is a technology that provides a simple and standard way to manage Java
objects.
MBeans are Java objects that represent Java Management Extensions (JMX)
resources.
All processes run the JMX agent.
All runtime administration is performed through JMX operations.
Connectors are used to connect a JMX agent to a remote JMX-enabled
management application. The following connectors are currently supported:
– SOAP JMX Connector
– RMI/IIOP JMX Connector
Configuring wsadmin
The properties that determine the scripting environment for wsadmin can
be set either by command line or in a properties file. The properties file
can be set in three places.
The first place is using the system default properties file called
wsadmin.properties. The file is located in
WebSphere/AppServer/properties directory.
If you decide not to use the system default properties file, this file can be
customized and placed in the user home directory or in $user_home.
Third, you can specify properties when you launch wsadmin from the
command line.
Sample properties
com.ibm.ws.scripting.connectionType: SOAP, RMI or JMX
com.ibm.ws.scripting.traceString: =com.ibm.*=all=enabled
Launching wsadmin
The wsadmin.sh (Unix) or .bat (windows) resides in the bin directory of the
WebSphere Application Server or Network Deployment installation and can be
started from a command prompt with the command:
/opt/WebSphere/AppServer/bin/wsadmin.sh
To get syntax-related help, type wsadmin.sh -?
Running a Single Command
The -c option is used to execute a single command using wsadmin
/opt/WebSphere/AppServer/bin/wsadmin.sh –c ‘$AdminControl getNode’
C:\> \<WAS Home>\AppServer\bin\wsadmin –c ‘$AdminControl getNode’
The script has a .jacl extension( .jacl), letting wsadmin know it is an Jacl script.
If there is no extension, the com.ibm.ws.scripting.defaultLang property is used to
determine the language. If this setting is not correct, use the
-lang option to identify the scripting language.
wsadmin Scripting Options
Using –profile file
The -profile command line option can be used to specify a profile script.
The profile can be used to perform whatever standard initialization is
required.
Specifying a properties file (-p)
The -p option is used to specify a properties file other than
wsadmin.properties located in the WebSphere/AppServer/properties
directory.
/opt/WebSphere/AppServer/bin/wsadmin.sh –f /opt/jacl/myfirstscript.jacl
–p /opt/jacl/myproperties.properties
C:\>\<WAS Home>\AppServer\bin\wsadmin.sh –f C:\jacl\myfirstscript.jacl
–p C:\jacl\myproperties.properties
Help object
Help object provides information about the available methods for these
objects.
Example : ./wsadmin.sh –c ‘$Help AdminControl’
C:\> wsadmin –c ‘$Help AdminControl’
Getting help for specific command
Following syntax helps to find help on any commands
wsadmin> <wsadmin_object> help <method_name>
Example: wsadmin> $AdminApp help install
Wsadmin: Information on Running MBeans
MBeans represents running objects in WebSphere, each server will have one
mbean server.
QueryNames command can be used to find the running objects
Example : $AdminControl queryNames * ( lists all mbeans running mbean
server)
If the client is attached to a stand-alone WebSphere Application Server, the list will
contain only MBeans running on that server.
If the client is attached to a node agent, the list will contain MBeans running in the
node agent as well as MBeans running on all application servers on that node.
If the client is attached to a Deployment Manager, the list will contain MBeans
running in the Deployment Manager, in all node agents communicating with that
Deployment Manager, and all application servers on all the nodes served by those
node agents
Information about all configuration objects
wsadmin>$AdminConfig types
Finding operations information for a running MBean
set serv [$AdminControl completeObjectName type=Server,node=<your
node>,*]
wsadmin>$Help operations $serv
Approach for Operational Tasks Using wsadmin
wsadmin.bat -c ‘$AdminApp
‘$AdminApp install \myapps\
myapps\App1.ear {-
{-appname appl1}’
wsadmin.bat -c ‘$AdminApp
‘$AdminApp install \myapps\
myapps\ App2.ear {-
{-appname appl2}’
wsadmin.bat -c ‘$AdminApp
‘$AdminApp install \myapps\
myapps\App3.ear {-
{-appname appl3}’
Method 2:
$AdminApp install /myapps/App1.ear {-
{-appname appl1}
$AdminApp install /myApps/App2.ear {-
{-appname appl2}
$AdminApp install /myApps/App3.ear {-
{-appname appl3}
Use the AdminControl queryNames and completeObjectName commands
carefully with a large installation, get the list of objects only you interested on
particular node, getting list from all nodes in large installations may be expensive
operation.
The WebSphere Application Server is a distributed system, and scripts perform
better if you minimize remote requests. If some action or interrogation is required
on several items, for example, servers, it is more efficient to obtain the list of
items once and iterate locally.
Running Sample wsadmin Commands
Starting the Deployment Manager
wsadmin>$AdminControl stopServer <deployment manager name>
Getting MBean information and stopping the Deployment Manager
wsadmin>$AdminControl queryNamestype=Server,node=M055245Manager,*
WebSphere:cell=linux,name=dmgr,mbeanIdentifier=server.xml#Server_1,typ
e=Server,node=M055245Manager,process=dmgr,processType=DeploymentM
anager
wsadmin>$AdminControl invoke [$AdminControl queryNames
type=Server,node=linux,*] stop
Start an application server
wsadmin>$AdminControl startServer server1
Start an application server by invoking launchProcess on node agent
MBean
wsadmin>$AdminControl queryNames type=NodeAgent,node=mka0kkwd,*
WebSphere:cell=NetworkDeploymentCell,name=NodeAgent,mbeanIdentifier=
NodeAgent,type=NodeAgent,node=mka0kkwd,process=mka0kkwd
wsadmin>$AdminControl invoke [$AdminControl queryNames
type=NodeAgent,node=mka0kkwd,*] launchProcess mka0kkwd_server1
Running Sample wsadmin Commands
Stop an application server
wsadmin>$AdminControl stopServer server1
Stop all application servers on a node (jacl file)
set servername [$AdminControl queryNames type=Server,node=linux,*]
foreach item $servername {
puts “Stopping server : $item”
$AdminControl invoke $item stop
puts “invoked stop $item”
}
View installed applications
The $AdminApp list command can be used to list applications
installed under an application server (wsadmin> $AdminApp list)
Display the status of Applications (jacl file)
set application [$AdminApp list]
foreach app $application {
set objName [$AdminControl queryNames type=Application,name=$app,*]
if {[ llength $objName] ==0} {
puts "The Application $app is not running"
} else {
puts "The Application $app is running"
}}
Running Sample wsadmin Commands
Stop a running application
wsadmin> set appservername [$AdminControl queryNames
type=ApplicationManager,node=linux,*]
wsadmin>$AdminControl invoke $appservername stopApplication
DefaultApplication
Start a stopped application
wsadmin> set appservername [$AdminControl queryNames
type=ApplicationManager,node=linux,*]
wsadmin>$AdminControl invoke $appservername starApplication
DefaultApplication
Start a cluster
wsadmin>$AdminControl queryNames type=Cluster,*
WebSphere:cell=mka0kkwdNetwork,name=testCluster,mbeanIdentif
ier=testCluster,type=Cluster,node=mka0kkwdManager,process=dm
gr
wsadmin>set clid [$AdminControl completeObjectName
type=Cluster,name=testCluster,*]
WebSphere:cell=mka0kkwdNetwork,name=testCluster,mbeanIdentif
ier=testCluster,type=Cluster,node=mka0kkwdManager,process=dm
gr
wsadmin>$AdminControl invoke $clid start
Running Sample wsadmin Commands
Stop a cluster
wsadmin>$AdminControl queryNames type=Cluster,*
WebSphere:cell=mka0kkwdNetwork,name=testCluster,mbeanIdentifier=testCl
uster,type=Cluster,node=mka0kkwdManager,process=dmgr
wsadmin>set clid [$AdminControl completeObjectName
type=Cluster,name=testCluster,*]
WebSphere:cell=mka0kkwdNetwork,name=testCluster,mbeanIdentifier=testCl
uster,type=Cluster,node=mka0kkwdManager,process=dmgr
wsadmin>$AdminControl invoke $clid stop
Generating the Web server plug-in configuration
wsadmin>set generator [$AdminControl queryNames
type=PluginCfgGenerator,node=linux,*]
wsadmin>$AdminControl invoke $generator generate
“/opt/WebSphere/AppServer /opt/WebSphere/AppServer/config linux linux null
plugin-cfg.xml””
Running Sample wsadmin Configuration Commands
Typical configuration tasks
Enterprise application(Install/uninstall an enterprise application, Change
attributes of an enterprise application)
Configure and modify WebSphere configuration(Configure virtual hosts,
Configure JDBC providers, Edit an application server, Create a cluster, Add
member to a cluster)
Create an Application server
wsadmin>set node [$AdminConfig getid /Node:linux/]
wsadmin>$AdminConfig create Server $node {{name testserver}}
Remove an application server
wsadmin>set server [$AdminConfig getid /Node:linux/Server:testserver/]
wsadmin>$AdminConfig remove $server
Installing Enterprise Application
wsadmin>$AdminApp install /opt/myapps/Hello.ear {-server server1 -
appname TestApp}
wsadmin>$AdminConfig save
Un-install Enterprise Application
wsadmin>$AdminApp uninstall TestApp.
wsadmin>$AdminConfig save
Running Sample wsadmin Configuration Commands
Creating JDBC Provider
For creating new JDBC providers , WebSphere provides template xml
files at /WebSphere/AppServer/config/templates folder, we can use
these templates to created new JDBC provider
wsadmin>set node [$AdminConfig getid /Node:linux/]
wsadmin>$AdminConfig listTemplates JDBCProvider “Oracle JDBC Thin
Driver"
……….wsadmin provides you the list
(templates/system:jdbc-resource-provider-
templates.xml#JDBCProvider_1)"
wsadmin>set temp1 [lindex [$AdminConfig listTemplates JDBCProvider
“Oracle JDBC Thin Driver"] 1]
wsadmin>$AdminConfig createUsingTemplate JDBCProvider $node
{{name testorcldriver}} $temp1
wsadmin>$AdminConfig save
Security
Two main services of security
Authentication ( who are you ? Log-in)
In the application.xml file, all security roles used in the application must be
named, with an optional description
Example
<security-role id="SecurityRole_1">
<description>ITSOBank manager</description>
<role-name>manager</role-name>
</security-role>
<security-role id="SecurityRole_2">
<description>ITSOBank consultant</description>
<role-name>consultant</role-name>
</security-role>
J2EE Application Deployment Descriptor for Security
In In the ibm-application-bnd.xmi file, security roles are mapped to users or groups in
the User Registry.
Security role Mapped to
Manager Managergrp
Consultant Consultgrp
allauthenticated All authenticated Users (special)
everyone Everyone (special)
<authorizationTable xmi:id="AuthorizationTable_1">
<authorizations xmi:id="RoleAssignment_1">
xmi:id="RoleAssignment_1">
<role href="META
href="META--INF/application.xml#SecurityRole_1"/>
<groups xmi:id="Group_1"
xmi:id="Group_1" name="managergrp
name="managergrp"/>"/>
</authorizations>
<authorizations xmi:id="RoleAssignment_5">
xmi:id="RoleAssignment_5">
<specialSubjects xmi:type="
xmi:type="applicationbnd:AllAuthenticatedUsers
applicationbnd:AllAuthenticatedUsers""
xmi:id="AllAuthenticatedUsers_1"
xmi:id="AllAuthenticatedUsers_1" name="AllAuthenticatedUsers
name="AllAuthenticatedUsers"/>
"/>
<role href="META
href="META--INF/application.xml#SecurityRole_5"/>
</authorizations>
<authorizations xmi:id="RoleAssignment_6">
xmi:id="RoleAssignment_6">
<specialSubjects xmi:type="
xmi:type="applicationbnd:Everyone
applicationbnd:Everyone"" xmi:id="Everyone_1"
xmi:id="Everyone_1"
name="Everyone"/>
<role href="META
href="META--INF/application.xml#SecurityRole_6"/>
</authorizations>
</authorizationTable>
J2EE Security : Securing Hello Application
We already deployed the sample Hello Application (Hello.ear) in our
previous sessions
As part of security exercise, now we will configure security to the Hello
application so that the resources in the Hello application will be
protected by unauthorized users
Resources we protect in Hello application
We will protected all .jsp files
We will NOT protect HTML pages
We will protect .GIF images
J2EE Application (Hello)Security Configuration Using AAT :
There are two aspects of
application security
administration which apply to
all secured J2EE application
components: defining security
roles (performed at
application assembly time),
and security role mapping
(performed at deployment
time)
1. Open the Hello.ear file in the
Application Assembly Tool.
2. Right-click the Security Roles
item in WebModules-
>HelloWeb.
3. Select New from the pop-up
menu.
4. A new window appears with
the role details; fill the name
and description.(role
name:student)
5. Click OK to complete the
form.
6. Create all the J2EE roles for
your application by repeating
the steps above.
7. Save the .ear file.
J2EE Application(Hello) Security Configuration Using AAT (role mappings)
Create a Linux user group studentgrp
and add few users.
Security role mappings are performed
within the Bindings tab in the
Application Security Roles view.
1. Open the application-level Security
Roles view and click the Bindings
tab.
2. The Bindings tab contains fields for
adding groups, users, and/or special
3. subjects to a security role. Click the
Add... button below the Groups
heading to bring up the Add Groups
dialog.
4. Enter the name of the real group,
studentgrp, and click OK.
5. The group mapping will now appear in
the list of groups mapped to the
student security role
6. Scroll down to the Special subjects
section and click on add
7. Select All authenticated users and
click apply
8. Save the ear file
Note: Generally roll-mappings will be
done by administrator during
deployment time or sometimes
development teams specify using
WebSphere studio.
Securing (Hello)Web Components : Security Constraints
Web components such as static
HTML pages, JSPs and Servlets
can be secured either by the
HTTP server or by WebSphere.
WebSphere Application Server
can only secure components
that it owns. Any static pages
that are served from the Web
server cannot be protected by
WebSphere tools. 2
Security constraints are mapping
of one or more web resources to 1 3
a set of roles
Configuration Steps:
1. Open the Web module
folder and right-click
Security Constraints. Click
New.
A new panel displays.
2. Type the security constraints
name as “mysc” and description.
3. Add required roles by clicking
Add under Roles. Browse and
click the student role. On the
browse window asterisk (*)
indicates all roles.
Securing (Hello)Web Components : Security Constraints
4. In the user data constraints section,
keep None for Transport Guarantee
menu.
A transport guarantee of NONE
indicates that the communication
between the Web client or browser
and the server or Web server is
transported over HTTP. A transport
guarantee of CONFIDENTIAL or
INTEGRAL guarantees that the
communication between the Web 8
client and the Web server is
secured and is transported over
HTTP and HTTPS.
5. Click OK when done. 7 9
6. A new Security Constraints folder is
created for the Web module.
7. Open the security constraints created
from previous steps and right-
right-click Web 10
Resources Collection. Click New.
A new panel displays.
8. Type a Web resource collection name
and description. 11
9. Click Add under Methods and select HTTP
methods. Click OK.
If no methods are selected, all methods
are selected by default.
10. Click Add under URLs and type the URL
pattern (for example: - /Hello/*.jsp
/Hello/*.jsp,,
*.jsp
*.jsp,, *.gif).
11. Click OK when done
Securing (Hello)Web Components : Security Constraints
12. Save the ear file by clicking on save button from the top menu
Installing FixPacks
Mess
age listener MDB
Messaging Types
Application can use two styles of messaging
Point-to-point : Applications use queues to pass messages between
each other, One application puts the message into the Q and other
application takes the message from the Q
Publish/subscribe : Applications publish messages to topics. To receive
messages, applications subscribe to topics; when a message is
published to a topic, it is automatically sent to all the applications that
are subscribers of that topic.
WebSphere 5 : JMS Server Support
Full function JMS Server is included with WebSphere Application Server
Installed as part of the server installation
Fully integrated with the servers’ administration and runtime
Fully compliant with J2EE 1.3 JMS compliance tests
Built-in JMS Provider – Implementation
Based on WebSphere MQ
Built-in JMS provider has reduced function, smaller footprint compared to
WebSphere MQ, Limitations including
Not possible to exchange messages with queue managers outside of
WAS
Limited MQ communications capabilities
External MQ support
Although WAS 5.0 provides built-in JMS provider, due to its limitations we
might need to use external MQ providers like WebSphere MQ 5.3
Usage
Customers who not require full function WebSphere MQ can use the internal
JMS provider
Customer currently using full function WebSphere MQ products are expected
to remain using the full function and can ignore the internal JMS provider
Customers can also start using Internal JMS provider as a start and later can
migrate to external .
JMS Server Administration
Three types of JMS Managed Resources
WebSphere JMS provider (built-in provider)
WebSphere MQ JMS providers ( external WebSphere MQ)
Third party JMS servers
In Base configuration JMS server runts within application server process
In ND , each node will have one separate JMS server process (JVM)
JMS resources defined in a JMS server are accessible from anywhere in
the cell
JMS Applications use JNDI to look up
Connection factories ( drivers)
Destinations
Administering JMS Resources
Select Provider
Create Connection Factory
Queue or Topic Connection
factory
Specify JNDI name
User and password
Create a JMS Destination
Queue Topic
JNDI name
Create listener port
Select JMS server
Create listener port
To create listener ports choose
Application Servers > server1
>Message Listener Service >
At application install time, specify
listener port for MDBs
Web Services
What is a web service?
Web services are self-contained, self-describing, modular
applications that can be published, located, and invoked across the
Web.
A sample Web service might provide stock quotes or process
credit card transactions.
Once a Web service is deployed, other applications (and other Web
services) can discover and invoke the service.
Web services are independent of specific programming languages or
operating systems. Instead, Web services rely on pre-existing transport
technologies (such as HTTP) and standard data encoding techniques
(such as XML) for their implementation.
The Web services approach to programming is based on the idea of
building applications by discovering and invoking network-available
applications to accomplish some task.
Web Services Characteristics
The presented service-oriented architecture employs a loose coupling
between the participants. Such a loose coupling provides greater flexibility:
In this architecture, a client is not coupled to a server, but to a service.
Thus, the integration of the server to use takes place outside of the scope
of the client application programs.
Old and new functional blocks are encapsulated into components that work
as services.
Functional components and their interfaces are separated. Therefore, new
interfaces can be plugged in more easily.
Within complex applications, the control of business processes can be
isolated. A business rule engine can be incorporated to control the
workflow of a defined business process. Depending on the state of the
workflow, the engine calls the respective services.
Services can be incorporated dynamically during runtime.
Bindings are specified using configuration files and can thus easily be
adapted to new needs.
Core Technologies Used in Web Services
XML (eXtensible Markup Language) is the markup language that
underlies most of the specifications used for Web services. XML
is a generic language that can be used to describe any kind of
content in a structured way, separated from its presentation to a
specific device.
SOAP (formerly referred to as Simple Object Access Protocol, or
Service-Oriented Architecture Protocol—in fact, similarly to JDBC,
it is no longer an acronym) is a network, transport, and
programming language- neutral protocol that allows a client to
call a remote service. The message format is XML.
WSDL (Web services description language) is an XML-based
interface and implementation description language. The service
provider uses a WSDL document in order to specify the
operations a Web service provides, as well as the parameters
and data types of these operations. A WSDL document also
contains the service access information.
UDDI (universal description, discovery, and integration) is both
a client- side API and a SOAP-based server implementation that
can be used to store and retrieve information on service
providers and Web services.
Web Services Roles and Functions
The service provider creates a Web service and possibly publishes its
interface and access information to the service registry. Each provider
must decide which services to expose.
The service broker (also known as service registry) is responsible for
making the Web service interface and implementation access
information available to any potential service requestor.
The service requestor locates entries in the broker registry using
various find operations and then binds to the service provider in order
to invoke one of its Web services.
Legacy
system
Service
requester Service
internet
provider
Service
broker
WebSphere 5.0 Support for Web Services
Web services in WAS 5 have been enhanced with the addition of UDDI
registry and web services gateway
Support for SOAP based web services hosting and invocation
Web services support for SOAP/HTTP as service provider
Application server can act as both web service requester and service
provider
Runtime messages
Configuration messages
Collector tool
The Collector tool gathers information about a WebSphere Application
Server installation and packages it in an output JAR file. The file can be
sent to IBM Customer Support to assist in problem determination and
analysis. The information in the file includes logs, property files,
configuration files, operating system and Java data, and prerequisite
software presence and levels.
To run collector toll, log on to the system as root and do the following:
# mkdir work
# cd work
work# /opt/WebSphre/AppServer/bin/collector.sh
You can not run this tool from WebSphere home directory, and files will
be created in work directory after the process finished
Troubleshooting – Others
First Failure Data Capture logs
The First Failure Data Capture (FFDC) function preserves the information
generated from a processing failure and returns control to the affected
engines.There are three property files which control the behavior of the
FFDC filter:
properties/ffdcStart.properties - used while the server is starting
properties/ffdcRun.properties - used after the server is ready
properties/ffdcStop.properties - used while the server is stopping
The captured data is saved automatically in the <WAS_HOME>/logs/ffdc
directory for use in analyzing the problem, and could be collected by the
Collector tool. The First Failure Data Capture tool is intended primarily for
use by IBM Service.
Troubleshooting – Others
HTTP session monitoring
In the event of session-related problems, it is helpful to collect all
session-related information. WebSphere Application Server V5 introduces
an HTTP session tracker Servlet called IBMTrackerDebug.
To access the Servlet from a browser, use the following URL:
http://localhost:9080/Hello/servlet/com.ibm.ws.webcontainer.httpse
ssion.IBMTrackerDebug
System core dump analysis
If possible, UNIX processes (including JVM process) will produce a
system core dump as well as Java stack trace information in a process's
working directory if it crashes. The system core dump can provide useful
information as to why the process crashed, giving you a system view of
a failing JVM process. However, the system core dump will not provide
Java class information. Everything in the dump is C library oriented. The
information provided for JVM process refers to Java's C libraries and not
the reference Java class files.
Application Debugging and Tracing
AIX: Memory allocation error AIX file descriptors (ulimit) Scroll down to this parameter from
Operating Systems.
ORB: Response time and throughput indicate EJB AIX file descriptors (ulimit) Logical Pool Distribution (LPD)
requests with shorter execution times are being denied mechanism, set using ORB custom properties.
adequate access to threads in ORB thread pool.
Solaris operating environment: Too many Solaris file descriptors (ulimit) Scroll down to this parameter from
files open Operating Systems.
Solaris operating environment: The server Solaris tcp_time_wait_interval and Solaris p_fin_wait_2_flush_interval
stalls during peak periods, responses take minutes, Scroll down to this parameter from Operating Systems.
processor utilization remains high with all activity in the
system processes, and netstat shows many sockets are
open to port 80 in CLOSE_WAIT or FIN_WAIT_2 state.
Windows NT or Windows 2000: Netstat shows too Windows NT or Windows 2000 TcpTimedWaitDelay For IBM HTTP
many sockets are in TIME_WAIT. Under load, client Server on Windows NT, see ListenBackLog
requests do not arrive at the Web server because they
time out or are rejected.
Windows NT or Windows 2000: WebSphere Microsoft Internet Information Server (IIS) properties
Application Server performance decreased after an
application server from another vendor was installed.
The Percent Maxed metric from the Tivoli Performance Thread pool Maximum size
Viewer indicates that the Web container thread pool is
too large or too small.
WebSphere Tuning
Problem Tuning Parameter
Netstat shows too many TIME_WAIT state sockets for port HTTP transports MaxKeepAliveConnections and HTTP
9080. transports MaxKeepAliveRequests
Too much disk input and output occurs due to paging. Maximum heap size
The Percent Used metric for a data source connection pool Maximum connection pool and Minimum connection pool
from the Tivoli Performance Viewer indicates the pool size is
too large.
The Prepared Statement Discards metric from the Tivoli Statement cache size
Performance Viewer indicates that the data source statement
cache size is too small.
Too much disk input and output occurs due to DB2 writing log DB2 MinCommit
records.
The Percent Maxed metric from the Tivoli Performance Viewer EJB method Invocation Queuing
indicates that the Object Request Broker thread pool is too
small.
The Java Virtual Machine Profiler Interface (JVMPI) from the Detecting over-utilization of objects
Tivoli Performance Viewer indicates over-utilization of objects
when too much time is spent in garbage collection.
The Used Memory metric from the Tivoli Performance Viewer Detecting memory leaks
shows memory leaks and the Java code displays an Out of
Memory Exception
The Used Memory metric from the Tivoli Performance Viewer Detecting memory leaks
shows memory leaks and the Java code displays an Out of
Memory exception.
Startup performance is poor. Using Java virtual machine settings, set a minimum heap
size of at least 50MB (-Xms50m).
Thank You!
http://www.jvrsystems.net
JVR Systems, Inc.
Phone: (248) 471-2579
Fax: (248) 471-2509