Sun Web Server Brief
Upcoming SlideShare
Loading in...5

Sun Web Server Brief



An Overview of Sun Web Server 7, its technology, features and performance.

An Overview of Sun Web Server 7, its technology, features and performance.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Sun Web Server Brief Sun Web Server Brief Presentation Transcript

  • Sun Web Server 7: A Jewel in Sun GlassFish Portfolio Murthy Chintalapati (CVR) Senior Engineering Manager Sun Microsystems Inc. April 10th, 2009.
  • Contents
    • Sun Web Server 7 Introduction
      • Architecture and Technology Overview
      • Performance & Scalability
      • Cluster Management
      • Open Source
      • Roadmap
    • Sun GlassFish Portfolio
      • A robust portfolio of web servers
  • First, some Sun Web Server trivia.
    • 232,000 +
    • 5,170
    • One GB per minute
    • One Billion minutes of streaming media & 90M views/day
    • New York Times (
  • First, some Sun Web Server trivia.
    • 232,000 +
      • Simultaneous HTTP connections (on Sun Fire T5220)
    • 5,170
      • Secure E-commerce (JSP) requests per sec (w/ think time)!
    • One GB per minute
      • Web Server's access log per minute!
    • One Billion minutes of streaming media & 90M views/day
      •'s over 2,430 full length games to over one billion visitors w/ record breaking 90million views a day
    • New York Times (
      • Reportedly served (at least in part) by Sun Web Server.
  • Web Server Overview
    • Scalable
      • Multi-threaded application
      • In-process Java container
      • 64-bit capable; SPECweb2005 record setting architecture.
      • Caching, HTTP compression
    • Secure
      • Access Control built in
      • LDAP, local user database, etc
      • SSL capable out of box
      • Elliptic Curve Cryptography
      • DoS Attack awareness
      • Cross-site script detection
      • Web Services Security
      • WebDAV ACL
    • Data center friendly
      • Built-in (and scriptable) cluster management
      • Configurations are standard text files; can be stored in CVS, BitKeeper, etc
      • Several stats reports available for health checks; SNMP support for integration into standard monitoring tools
      • Request mapping for self-protection from DoS attacks
      • Integrated Reverse Proxy; URL rewriting with regex matching.
    • Extensible
      • Variety of APIs available to extend server capabilities; NSAPI, Java EE 5 Servlet/JSP, FastCGI, etc.
  • Sun Java System Web Server 7.0 (formerly Sun ONE Web Server, originally Netscape Enterprise Server)
    • Supporting:
      • HTTP/1.0, HTTP/1.1
      • JSP/Servlet
      • CGI
      • FastCGI
      • SHTML
      • HTML
      • LDAP, Access Control
      • SSL/ECC
    • Improve Web security and performance
    • Reduce Cost & Complexity
    • Reduce administration complexity
      • Built-in cluster management
      • Scriptable command line administration tools
    • Platform Support:
      • Solaris 8, 9, 10 (UltraSPARC 32-bit, 64-bit)
      • Solaris 9, 10 (x86); Solaris 10 (x64/AMD64)
      • OpenSolaris 2008.11 (x86/AMD64)
      • Windows 2000, XP SP2, 2003 Server, EE
      • RedHat EL 3.0 (32-bit only), 4.0 U4 or later, 5.0, SUSE EL 9, 10 SP2 (32-bit, 64-bit)
      • HP-UX 11iv1
      • AIX 5.2, 5.3
    FREE under Solaris Enterprise Licensing
  • Web Server 7.0 – Technical Overview
    • Web Server 7.0 is a major release
      • Redesigned admin GUI
      • Full-featured, scriptable, secure admin CLI
      • Improved support for clustering
      • Regular expressions, sed filtering, URL rewriting, etc.
      • Updated Java specs
      • Session replication
      • WebDAV Access Control Protocol
      • SSL enhancements, DoS avoidance, and other security enhancements
      • Integrated reverse proxy and FastCGI plugin
      • Improved diagnosability
      • ...
  • Request Processing
  • Default Web Server Components
  • Web Server Architecture Server Application Functions (SAFs) } Servlet Container Based on
  • Typical Apache/Tomcat Architecture Out-of-process Tomcat Servlet Container } Source: JavaWorld 10/2008
  • Servlet/JSP Container
    • Support for Java EE 5 web technologies: viz. Servlet 2.5, JSP 2.1, JSTL 1.1, JSF 1.2.
    • JNDI, JDBC Connection Pooling with support for MySQL, Oracle, other databases. Session failover.
    • XML and Web Services
      • JWSDP 2.x technology built in.
    • Embedded JVM + NSAPI Connector
      • Shared Container Codebase with GlassFish v2.x
    • New, improved plugin for NetBeans 5.x
    • Supports dynamic reconfiguration
  • Unbeatable Web Server Performance Simulated E-Commerce workload Fantastic Speed with Superior Security Web Stack simplifies support for small and large deployments Page load times (seconds)
    • Performs at least 2x v.s. Apache + Tomcat on a modest configuration
    • Scalable connection handling, multi-threaded server architecture with integrated servlet container.
    • Fantastic speed with superior scalability and manageability
  • Sun Fire T5220 (Niagara 2)
    • 8core, 64-thread system on chip CPU
    • On-chip crypto processor (NCP) with 8x FPUs
    • 10GbE networking
    The Most Eco-friendly web server SPECweb2005 benchmark - Simultaneous User Sessions System Metric Bank Support E-comm Way/Ghz #core HP DL585 G2 22254 38400 20704 30720 4/3 Opteron 8 SunFire T5220 41847 70000 40000 58000 1/1.4 Sun T2 8 HP DL580 G5 43854 76032 39456 62304 4/2.31 Xeon 16 + Sun Web Server 7.0u3
    • Staggering performance: 400,000+ simultaneous HTTP connections, 131,000 banking ops/sec (i.e. 1GB access log/minute) and 1.4 terabytes of data over secure HTTP interface!
  • Configuration Files
    • Configuration files define the behavior of the Web Server.
    • Web Server configuration files are located in the config directory: instance_dir /config .
    • The number of files and file names vary based on components enabled in the server.
    • You can edit configuration file settings by:
      • Using the administration interface
      • Using command-line utilities
      • Opening and editing the files directly
  • Web Server 6.1 https-vault.sfbay/config/ magnus.conf obj.conf server.xml mime.types nsfc.conf snmp.conf password.conf https-admserv/config/ scheduler.conf schedulerd.conf httpacl/ generated.https-vault.acl genwork.https-vault.acl userdb/ dbswitch.conf alias/ https-vault-vault-key3.db https-vault-vault-cert8.db https-vault-vault-secmod.db Configuration Files and Directories Web Server 7.0 https-vault.sfbay/config/ server.xml magnus.conf obj.conf mime.types default.acl key3.db cert8.db secmod.db
    • Directory
    • Text file
    • NSS database
  • Changes to server.xml Validation
    • The server.xml file is now validated against an XML schema rather than a data type definition (DTD).
    • Provides a common repository:
      • Validation rules
      • Default values
    • Benefits of validating against an XML schema include the following:
      • Relaxes element order rules (where appropriate)
      • Validates references to other elements
      • Enforces type checks
  • Dynamic Reconfiguration
    • Make changes on-the-fly to the server
      • CLI and GUI support to trigger reconfigurations
    • Server knows which changes require a server restart
    • NSAPI support for plugins to implement dynamic reconfiguration
    • Server falls back to last “good” configuration if a change results in a configuration error
    • Server “configurations” are in-memory representations of the information in the configuration files
      • “ Configurations” are reference counted
  • Regular Expressions & Variables
    • Regular expressions and variable substitution can be used anywhere in request processing
    • URL rewriting
      • Pretty external URLs to hide ugly internal URIs
      • /jobs -> /app/ViewServlet?q=jobs
      • Like Apache's mod_rewrite
    • User-tracking cookies
      • Uniquely identify visitors in access log
      • Like Apache's mod_usertrack
  • Pattern Matching & URL Rewriting
    • Wildcard pattern matching has been extended to support the server.xml file:
      • Pattern matching applies to the <host> element
      • Host comparisons are not case sensitive
    • Support has been added for parameter interpolation and regular expressions in the obj.conf file:
      • Variables defined in server.xml are available in obj.conf .
      • Various enhancements have been made to support a superset of the Apache mod_rewrite module.
  • Pattern Matching in server.xml <!-- Hosts without wildcard patterns --> <virtual-server> <name></name> <host>foo. bar</name> <host> foo . bar </name> <host> foo</name> <host> foo .eng</name> </virtual-server> <!-- Hosts with wildcard patterns --> <virtual-server> <name></name> <host> foo.* </host> </virtual-server>
  • URL Rewriting Example
    • Map http://www/~user/ to /home/user/public_html/
    • rewrite() enables flexible mappings between URIs and file system paths
    <If $path =~ &quot;^/~([^/]+)(|/.*)$&quot;> NameTrans fn=&quot; rewrite &quot; root=&quot;/home/$1/public_html&quot; path=&quot;$2&quot; </If>
  • Conditional Processing Example (1)
    • Display an after-office hours page:
    <If &quot;$time_hour:$time_min&quot; < &quot;8:30&quot; || &quot;$time_hour:$time_min&quot; > &quot;17:00&quot;> AuthTrans fn=&quot;set-variable&quot; $docroot=&quot;/var/www/docs/closed&quot; </If> ... NameTrans fn=&quot;document-root&quot; root=&quot;$docroot&quot;
  • Web Server vs. mod_rewrite
    • Apache HTTP Server module
    • Conditional URI redirection/rewriting
    • Specialized solution
      • Only for URL redirection and path rewriting
      • Runs during Apache “URL-to-filename” and “Fixup” hooks (analogous to NSAPI NameTrans and ObjectType)
    • Syntax different from other Apache directives
    What Is Apache mod_rewrite?
  • Web Server vs. mod_rewrite
    • Built into obj.conf processing
    • Offers superset of mod_rewrite functionality
    • General solution
      • Can manipulate URI, path, header fields, response bodies, etc.
      • Works at any stage of request processing
      • Works with any SAF, including 3 rd party plugins
    • Syntax mirrors existing obj.conf conventions
    How Does the Web Server 7.0 Approach Differ?
  • Web Server vs. mod_rewrite
    • Search for pages in multiple directories
    • Apache mod_rewrite
    RewriteEngine on RewriteCond /dir1 / %{REQUEST_FILENAME} -f RewriteRule ^(.+) /dir1 $1 [L] RewriteCond /dir2 / %{REQUEST_FILENAME} -f RewriteRule ^(.+) /dir2 $1 [L] RewriteRule ^(.+) - [PT]
    • Web Server 7.0
    <If -f &quot; /dir1 $path &quot;> NameTrans fn=&quot;rewrite&quot; root=&quot; /dir1 &quot; </If> <ElseIf -f &quot; /dir2 $path &quot;> NameTrans fn=&quot;rewrite&quot; root=&quot; /dir2 &quot; </ElseIf> Syntax Comparison
  • URL Redirection
    • Allows you to redirect document requests from one URL to another
    • Is useful when content has moved or is located:
      • On a different server
      • In a different directory
    • Is implemented with the redirect SAF
    • Can be combined with the <If/ElseIf/Else> container for dynamic redirection
  • URL Redirection Example
    • Redirect URIs listed in map.conf
    • lookup() looks up a value from a text file
    # map.conf /webserver /products/home_web_srvr.xml /proxy /products/home_web_proxy_srvr.xml /java # obj.conf <If lookup ('map.conf', $uri)> NameTrans fn=&quot;redirect&quot; url=&quot;$( lookup ('map.conf' $uri))&quot; </If>
  • Security
    • Support for Solaris 10 crypto framework
    • Solaris 10 zones compatible
    • Elliptic Curve Cryptography (ECC)
      • Next generation PKI for U.S. Department of Defense
    • WS-Security (IETF XML Digital Signature, W3C XML Encryption)
    • Integrated P3P support
    • Increase server SSL encryption key size to 4k
    • Denial Of Service (DoS) attack awareness
      • Request map (throttle by requests/sec on a URI)
      • Timeout (connections with trickling request data)
    • Cross-site scripting detection via native sed filter
    • FIPS-140-x certified
  • SSL Enhancements
    • Support for ECC
      • Asymmetric (public key) cipher
      • SunLabs-developed technology
      • Compared to RSA, 10x better security with lower computational cost
    • Support for AES
      • Symmetric (private key) cipher
      • NSA-approved successor to DES
    • Ability to update Certification Revocation Lists (CRLs) without restarting the server
  • Other Security Enhancements
    • Native authentication on Solaris with PAM
    • Customizable LDAP search filters and attributes (Microsoft Active Directory interoperability)
    • LDAP directory server failover
    • Request limiting
      • Tracks concurrent requests and requests/second
      • Rejects requests when thresholds are exceeded
      • Can operate on an IP-by-IP basis
    • Optional timeouts for HTTP request headers and bodies
  • sed Filters
    • Filter incoming request bodies
    • Filter outgoing response bodies
    • Uses familiar Unix sed(1) syntax
    • Potential uses
      • Scrub form data for possible Cross-site Scripting (XSS) attacks
      • Rewrite URLs (e.g. fix hostnames) in HTML responses filter=” sed-response ” sed=”s/”
  • 64-bit Support
    • Solaris AMD64, SPARCv9 and Niagara 2/CMT architectures.
    • Linux 64-bit in Web Server 7.0 Update 2
    • AMD64 bignum optimization for SSL (25% gain)
    • Useful for applications that demand large Java Heap space.
    • Record setting SPECweb2005 (SunFire T5220) results
      • Workload comprises a mixture of secure Banking, style e-commerce storefront and large media file downloads.
      • Requires millions of sessions and large file cache
      • Staggering performance: Over 400,000 simultaneous HTTP connections, 131,000 banking ops/sec (i.e. 1GB access log/minute) and 1.4 terabytes of data over the HTTP interface.
  • Administration
    • Cluster Management
      • Support for centralized management of configuration data and replication to nodes
    • Redesigned GUI
      • Improved navigation.
      • Easy access to SSL setup, virtual servers, JVM settings, web app deployment and other commonly performed administrator tasks.
    • New CLI – comprehensive, secure and scriptable
      • Feature parity with GUI.
      • Scriptable with embedded TCL engine.
  • Cluster Management Concepts
  • Administration Server Architecture
  • Graphical User Interface
  • Command-Line Interface
    • Is an embedded Java Command Language (JACL) shell
    • Can be run in single, shell, or file modes
    • Provides auto completion of commands
    • Provides all functionality present in the GUI:
      • Configuring server settings and subsystems
      • Managing certificates
      • Starting and stopping servers
      • Monitoring the server, and so on
    • Command-line scripts can be run against remote servers
  • Command-Line Syntax
  • Diagnosability
    • Server tracks active URIs and client IPs in real time
      • Exposed through HTTP at /.perf
      • Available with admin CLI's get-perfdump command
      • get-perfdump can list active URLs even if server appears “hung”!
    • Additional fine-grained log messages
      • Provide insight into server's operation
      • Only logged when log level is set to fine , finer , or finest
  • Other Features Enhancements
    • Robust XML Schema validation for server.xml
    • Dynamic reconfiguration without service interruptions
    • server.xml consolidates several configuration files
      • magnus.conf, nsfc.conf, scheduler.conf, dbswitch.conf and password.conf
    • Integrated HTTP reverse proxy/load balancer
    • WebDAV Access Control RFC 3744 support
    • FastCGI support for integrating third-party scripting environments – viz. PHP Add On, Ruby On Rails
    • NetBeans 6.5 support
    • Migration from 6.x
  • Localization
    • Web Server 7.0 supports localization of the administrative interfaces:
      • Administration Console
      • Command-line Interface
    • The localization element configures localization.
    • Example of localization:
    <localization> <default-language> es-419 </default-language> </localization>
  • Open Web Server
    • Sun Web Server is now open sourced
      • Includes HTTP server core components
      • Source coded hosted on OpenSolaris web stack project and can be built on most Unix platforms.
      • Released under BSD License
      • For more details, visit: and the announcement:
    • One of the Internet’s largest dynamic JSP content providers with hundreds of thousands of JSP files active on any given day. 15 live games daily; One billion minutes of streaming media over 2,430 full length games to over one billion visitors w/ record breaking 90million views a day!. A Sun Web Server Reference Deployment
  • Sun Blogs ( – A Sun Web Server site profile
    • Premier blogging infrastructure for Sun employees
    • Hosted on SunFire T2000 servers, Web Server 7.0 and MySQL
  • Q1 Q2 Q3 Q2-Q4 CY2009 Web Stack/Web Server Roadmap* Q4 CY2010 Q1 Web Stack 3/5/09 v1.4 LAMP, Ruby, Tomcat Lighttp, Python v1.5 Enterprise Manager, Update center support, relocatable, Apache 2.2.11, MySQL 5.1, PHP 5.2. DTrace support. Sun GlassFish Portfolio R1 R2 R3 R4 v2.0 Apache 2.4, Advanced deployment Sun Web Server 7.1 Kerberos, intrusion detection, Web Stack PHP, integrated disk cache, NSS 3.12 (bridgeCA) 7.0u5 CMT perf Customer escalations 7.0u6 Customer escalations OpenSolaris Enterprise v1.6 Upgrades *All future dates/releases are subject to change without notice.
  • Summary
    • Sun Web Server 7
      • High performance web server that scales well on modern multi-core x64/CMT servers.
      • Features data center friendly cluster management, reverse proxy, URL rewriting and DoS attack protection.
      • Supports heterogeneous dynamic server extensions including NSAPI, Java EE Servlets/JSPs, PHP, FastCGI
      • Web Server core open sourced under BSD license.
      • Chosen by and many other enterprises world-wide for its reliability, security and manageability.
    • GlassFish Portfolio offers complete web infrastructure.
  • Thank You! どうもありがとう。 감사합니다 謝謝 谢谢 Merci Gracias [email_address]
  • GlassFish Portfolio Production GlassFish Portfolio
  • Introducing Sun GlassFish Portfolio The Open Platform for Building Dynamic Web Applications Enterprise Server Web Space Server Web Stack Portal for web site development and collaborative work spaces Application Server with Enterprise-scale management and monitoring, including support for SNMP A full SOA web platform -A complete LAMP Stack along with lighttpd and Squid.proxy -Sun Web Server – world's fastest and the most scalable Web Stack and Web Server GlassFish ESB
  • GlassFish Portfolio: Easy to Acquire
    • GlassFish Portfolio
    • (per server per year in USD)
    • Basic
    • Silver
    • Gold
    • Platinum
    • $ 999
    • $2,999
    • $5,999
    • $8,999
    • MySQL Enterprise
    • (per server per year in USD)
    • Basic
    • Silver
    • Gold
    • Platinum
    • $599
    • $1,999
    • $2,999
    • $4,999
    + +
  • GlassFish Web Stack Complete Web Tier
    • Sun Web Server
    • Apache HTTPd
    • GlassFish
    • Lighttpd
    • Memcached
    • Mod_jk,perl, ruby
    • PHP, Ruby, Python
    • Squid, Tomcat
    MediaWiki, Drupal, Wordpress, Joomla — deploy in minutes!
  • GlassFish Enterprise Server Mission Critical Application Tier
    • Enterprise Grade
      • Five 9's of availability
      • Advanced management
    • Superior Price/Performance
    • Easy to Use
    • Feature Richness
      • Support for Dynamic Languages
      • Interop with .NET 3.0
    • The Java EE Standard
    14,000,000+ Downloads Worldwide Dozens of external Committers Over 7,000 Members
  • GlassFish vs Tomcat While GlassFish is a collection of Java EE containers, one of which is a Web container, Tomcat is just a Web container. This crucial difference leads to some major advantages for GlassFish. Workload: simple servlet,with 16,000 users. Source:
    • Apache HTTPd
      • Most popular and versatile open source web server.
      • Foundation of LAMP architecture
    • Sun Web Server 7
      • Most scalable web server, optimized for modern multi-core CMT (Chip-based Multi-threaded) systems.
      • Cluster management and support for heterogeneous dynamic web technologies (Java/JSP, PHP and native APIs).
    • lighttpd
      • light-weight open source web server known for its configuration ease and support for Async I/O and Comet.
    • GlassFish Enterprise Server and Tomcat
      • Open source Java application servers.
    A portfolio of web application servers
  • Backup Slides
  • More Information
    • Sun Web Server download:
    • -> Get It !
    • Sun Web Server 7 wiki and documentation
    • Product forum:
    • Open Web Server For more details, visit:
    • More Information: