4. Agenda
• About e-vita
• Oracle Internet Application Server (iAS)
– Why migrate?
– Components
• Oracle Weblogic
– Features
• Projects
– Oslo University Hospital (2)
• Best Practices / Experiences
• Q&A
5www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
5. About e-vita
• Established 1999 – 52 employees
• CMS and Portal Framework iKnowBase (iKB)
• Oracle Gold Partner - SOA, Database & AppsGrid Specialized
• Established SOA Center of Excellence in 2012
• Norwegian Middleware Partner of the year 2010, 2012
• Oracle SOA Partner Community Award - Outstanding SOA 11g Contribution 2012
• Member of Oracle Advisory Boards
• WLS experience from SOA prosjects
• iKB customers running WLS 11g: 2
• iKB customers running WLS 12c: 3
• Customers implementing WLS 12c: 2
6www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
8. Background
• We have implemented internet and intranet portals the
last 10 years using Oracle Portal – probably more than 50
• Many of our customer have Oracle iAS Portal 10.1.4
– Only one we know have migrated to Portal 11g – Portal upgrades
are traditionally painful
– Most new pages are being developed in iKnowBase Portal Engine
• Premier support Dec 2011 iAS 10.1.2
– If support is possible, it will be expensive
• OC4J prevents us from upgrading to newer iKnowBase
versions
• Simplification of infrastructure
• Availability of new features
– Standards
– Security
– Scalability & manageability 9www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
9. Convergence of Oracle iAS to Weblogic
10www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
11. Oracle WLS Editions
• WebLogic Basic Edition (licenced with iAS)
• WebLogic Standard Edition
– JRockit JVM
– Toplink
– ADF
– Oracle Web Tier
• WebLogic Enterprise Edition (includes WLS Standard Edition)
– High performance clustering and failover capabilities
– JRockit Mission Control with JRockit Flight Recorder
– Enterprise Messaging -high performance JMS messaging
– Oracle Virtual Assembly Builder
• WebLogic Suite (includes WLS Enterprise Edition)
– Coherence Enterprise Edition
– Predictable performance: Java SE with JRockit Real Time
– Active GridLink for RAC – High Availability with Oracle Database
12www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
12. WLS Basic Edition
• WebLogic Server Basic is a license-constrained version of WebLogic Server that is
available in licenses for the following Oracle products:
– Oracle Internet Application Server Standard Edition
– Oracle Internet Application Server Standard Edition One
– Oracle Internet Application Server Enterprise Edition
– Oracle Forms and Reports
– Oracle Business Intelligence Standard Edition
• Lacks
– High availability features as clustering
– Deployment services and features, for example production redeployment
– JMS Messaging
– Services as WLDF, SNMP, Tuxedo Connector
– Pack, unpack, recording of WLST scripts
– Overload management
– Use of Work Managers
• In detail
– http://docs.oracle.com/cd/E14571_01/doc.1111/e14860/wls_basic.htm
• Important to be licence compliant!
13www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
13. Components iAS EE
• iAS EE has many components
• All components necessary to run a
portal application was in it:
– Webserver, Cache
– Identity, SSO, WNA
– Database (restricted)
– Integration
– Workflow
• For future solutions, the architecture
needs to be revised
• This means also licencing needs to be
revised
14www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
14. Alternatives
Component Oracle 10g Oracle 11g Other
Caching Oracle Webcache Oracle Webcache
Oracle Traffic Dir.
LBR, Varnish
HTTP Oracle OHS Oracle OHS,iPlanet Apache
Portal Oracle Portal Oracle Portal
Oracle Webcenter
iKnowBase
Identity
Management
Oracle Internet
Directory
Oracle Internet
Directory
Active Directory,
Open DJ
SSO / WNA Oracle
Infrastructure
Oracle WLS OPSS
Oracle SSO 10.1.4
Oracle Access Mgr.
Open AM
Integration InterConnect
Oracle ESB
Oracle SOA Suite Apache
Servicemix, Fuse
Workflow Oracle Workflow Oracle SOA Suite Activiti
JavaEE Oracle OC4J Weblogic Glassfish, Jboss
Servlet Containers Jetty, Tomcat
15www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
16. Oracle WLS 12c – Key New Capabilities
• Java EE 6 and Developer Productivity
• Simplified Deployment and Management with Virtualization
• Integrated Traffic Management
• Enhanced High Availability and
Disaster Recovery
• Much Higher Performance
• Seamless
Upgrade
17www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
17. Oracle WLS 11g vs 12c
• Many features backported into 11g, but Java EE 6 will not (10.3.6 final)
18www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
19. Connecting WebLogic Server to RAC
• Two different connection approaches
– Multi Data Sources, WebLogic GridLink Data Source
• Multi Data Sources
– Native implementation inside of WebLogic Server
– Designed around WebLogic Server transactions, datasources, connection pooling, death detection
– Serves as an abstraction over a set of individual datasources
• WebLogic GridLink Data Source
– Simplified data source configuration for RAC and Services connectivity – Single Data Source
– Leveraging RAC notifications to provide fast-connection-failover
– Improved load balancing and graceful RAC instance shutdown
– Improved RAC instance affinities
20www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
20. Active GridLink for RAC
• Simpler Configuration: single data source
• Event-Based Model (ONS and FAN) for Adaptive Pool Management
• SCAN Support
• Fast Connection Failover
• Runtime Connection Load Balancing
• Affinities for Connection Routing (XA, Session, Data)
• WebLogic Connection Labeling
• Data Guard Support
• RAC One Node Support
• Certified for FMW 11.1.1.6 on 10.3.6
21www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
22. Oracle Platform Security Services (OPSS)
• Oracle Platform Security Services (OPSS) is a security platform
• OPSS is the underlying security platform that provides security to Oracle Fusion
Middleware including WebLogic Server, SOA applications, ADF applications etc.
• OPSS provides an abstraction layer in the form of standards-based application
programming interfaces (APIs)
• OPSS complies with the following standards: role-based-access-control (RBAC); Java
Enterprise Edition (JavaEE); and Java Authorization and Authentication Services (JAAS)
• Built upon these standards, OPSS provides an integrated security platform that
supports:
– Authentication
– Identity assertion
– Authorization, based on fine-grained JAAS permissions
– The specification and management of application-specific policies
– Secure storage and access of system credentials through the Credential Store Framework
– Auditing
– Role administration and role mappings
– The User and Role API
– Security configuration and management
– SAML and XACML
– Oracle Security Developer Tools, including cryptography tools.
23www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
24. OPSS Benefits
• Allowing developers to focus on application and domain problems
• Support for enterprise deployments
• Verified interop testing across different LDAP servers and SSO systems
• Certified on WebLogic Server
• Pre-integration with Oracle products and technologies
• A consistent security experience for developers and administrators
• A uniform set of APIs for all types of applications
• Optimization of development time with abstraction layers (declarative APIs)
• A simplified application maintenance
• Changing security rules without affecting application code
• Ease of administration tasks
• Integration with identity management systems
• Integration with legacy and third-party security providers
25www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
27. Background
• Intranet Portal for 20.000 users
– Incident handling (Achilles)
• Solution based on Oracle Portal and iKnowBase
– Clustered HA iAS installation
– Oracle RAC Database
• 4 Active Directory Domains
– Did not have, but wanted automatic login via Active Directory – WNA
• All AD users are migrated to a new domain (OUS-HF.NO)
• New solution based on
– WL 12c
– iKnowBase PageEngine, all Portal-pages need to be rewritten
– Active Directory Synchronization, WNA
– Apache as HTTP Server
– LBR for caching and https
28www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
28. Architecture
• Highly Available
• LBR for https and
caching (redundant)
• Apache for rewrites
and static files
• WL 12c as appserver
– ActiveGridLink
• RAC on database
29www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
29. Architecture
• Limited LBR
• Complex OPSS
use
• 4 AD Domains
• Apache not in
cluster – identical
config
30www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
30. OPSS Flow of authentication- and authorization
• Authentication (first successful goes to authorization)
– SSO Windows Native Authentication
– Active Directory (LDAP)
– iKnowBase
– Weblogic
• Authorization
– Active Directory (LDAP)
– iKnowBase
– Weblogic
• Created own Role Mapper by extending OPSS
• One of the WLS advantages id the possibility to make auth-
chains
31www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
31. Flow of authentication- and authorization
32www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
32. Authentication to several domains
33www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
33. Results
• Application / database tuned
– Better response times
• Simplified architecture
• Latest Apache release with many features
• SSL for selected pages in the solution
• WNA using 4 AD domains
– But this required 4 managed servers...
• Flexible authentication / authorization with OPSS
– Configurable
• Can now utilize RAC better with ActiveGridLink
• Stable production since september 2012
• IT had WLS experience – important!
34www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
35. Background
• Hosted at www.minjournal.no
• MinJournal is a collaboration between several major
hospitals with Oslo University as owner.
• All hospitals that wish to offer their services to patients
MinJournal to Norwegian patients have a common point of
contact with the health care system.
• Originally based on Oracle Portal and iKnowBase
– Single node iAS installation
– Oracle Database
– Custom SSO / OID modifications
• New solution based on
– WLS 12c
– iKnowBase PageEngine
– Oracle Internet Directory 11g
36www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
36. Architecture
• Novell Access Manager to internet
• No LBR was available for caching, so Varnish was
used for caching
• Needed to be able to add new users
that log on to the system, so OID 11g
was needed
– Some 5.000 users activated,
20.000 additional latent in OID
37www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
37. Experiences / Results
• Needed to migrate applications from OC4J to Weblogic
– Experience on several levels – application, migration
– Did take more time than anticipated
• OID does not run on WL 12c
– Needed to install Weblogic 11g also
– Complicates install, patching and maintenance
• Needed to migrate existing users to OID 11g
– Custom schema changes in old OID
– 10g OID experience big advantage
• Extended OPSS with necessary trust of HTTP headers
– Coming from Novell Access Manager (User=> Novell Access
Manager => Varnish => WLS)
• Stable production since october 2012
38www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
38. Other projects
• In production running WLS 12c with iKnowBase
– SKPREK – Tromsø University Hospital (DB authentication)
• Very soon in production running WLS 12c with iKnowBase
• Höegh Autoliners (Webtier 11g, AD Integration)
• Under development (custom apps)
– Toyota
39www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
40. WebLogic Scripting Tool (WLST)
• How can you make your configuration changes
– Quick (adds speed, minimal downtime)
– Repeatable (reduces risk, minimize chance of human errors)
• People at keyboards are not quick enough, and they make errors
• This requires scripting capabilities
• OC4J had no such functionality
• Simon Haslam
«WLST: WebLogic's Swiss Army Knife» 15:45 Friday
• Blog: http://wlstbyexamples.blogspot.no/
41www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
41. WebLogic Scripting Tool (WLST)
• Can record WLST-script from Console (EE)
• Provides front-end to JMX
– You navigate in hiarchies
• WLST maven goal
• Start and stop servers
• Create domains
• Create config for JMS and JDBC
• Start and stop datasources
• Script as much as possible, takes a little longer the first
time, pays back the 3rd time you have do to something
42www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
43. NodeManager + WLST
• Always use NodeManager to start and stop your servers
– Restarts server in case of failure
– Needed for server migration
– Needed to start and stop managed servers from Admin Console
• Use WLST script to call NodeManager to start and stop servers on
boot/shutdown of physical/virtual server
• There are no startscript provided out of the box, e-vita provides
startscript for our customers
• There are different practices where to put start-up parameters
– To standarize is important!
44www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
44. Clustered servers
• Normally install servers as a cluster (if you have the right
lisence)
– Important for SOA installations (which is not supported on WLS 12c yet)
• Many different objects can be clustered
• Advantages
– Scalability (add servers if needed)
– Load balancing (distribute requests)
– High availability, different options
45www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
46. Administration
• Do not use the weblogic user, create personal users for all
admins
• Enable auditing for all changes
• Do make backup of config.xml and other config files
• Enable log rotate (best practise one log file per day)
– How many days back in time will you ever need logfiles from ?
• Learn the different tools monitoring
– WebLogic Diagnostics Framework (WLDF)
– VisualVM for HotSpot
– Mission Control / Flight Control for JRockit (PS-licence)
– Enterprise Manager 12 Cloud Control with WebLogic management
pack
47www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
48. Which Java version to use for WLS 12 c
• JDK 6 is no longer supported (unless you pay for it)
– RedHat has announced they will continue to support JDK 6
• JRockit will not be in a 7 release
• JDK 7 is the recommended Java version, and WebLogic 12 c is certified
to run on JDK 7
– But as always, test that the applications you are going to deploy works on JDK 7
49www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
50. Connection Pools
• Connection Pools have an initial and maximum
#connections
• If initial > 0 and a connection is not available, the server
will not start (ends up in ADMIN state)
• Setting initial to 0 prevents this error
• From 10.3.6 and onward, there is also a minimum
• Initial = 0 => db need not to be up, faster boot, less load on
db when WLS start
• Initial = max => All connections created at boot, more load
on db
• Initial <> max => Create/delete connections on demand,
less load on db
51www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
Ref: https://blogs.oracle.com/WebLogicServer/entry/data_source_connection_pool_sizing
51. Connection Pool- Tuning
• iKnowBase produces SQL dynamically
• That means that the database server may never had seen
this query before
• The user can supplement the WHERE-part by adding
criterias from search form
– In case of bad statistics in database, bad execution plans may be
created
– In case of missing indexes, there may be full table scans
• We chosed Limiting Statement Processing to stop long-
running-queries
• http://docs.oracle.com/cd/E24329_01/web.1211/e24367/ds_tuning.htm
52www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
52. XA Datasources
• XA often is created by admins
• You need to know when you need XA and not
• Do not use XA when you do not need it
• You may see strange problems due to XA (ADF, SOA)
– In ADF: XA Closes all cursors on commit (Andrejus Baranovskis)
– Databaselinks when used in SOA Composites
– ..
53www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
54. Patching
• MyOracle Support
• Patch Set Update (PSU)
• Experiences
– Remove patches installed with the distribution before applying the
latest PSU
– Easy command line patch util
– Also possible to patch with GUI
55www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
56. Serving static resource files
• Common in internet applications to serve static .js, .gif,
.png, .css etc.
• Normally you would serve them from HTTP Server
– But sometimes it is advantageous to reach also from WLS
• Custom app with weblogic.xml and deployet on contextroot "/",
• You can do it in WLS, but be aware that you may get only 99% of the
content when it is changed (in production mode)
• The reason is because content-length does not change..
• Solution:
– Change in weblogic.xml
57www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
57. Summary
• Many of the new features in 12c are also in 10.3.6
– We have not used new Java-features in our solutions
• OPSS has given us flexibility in authentication / authorizing
• Architecture has been simplified
– Direct use of Active Directory, no synchronization via OID
• What was obvious choices of products in iAS now requires
some more thinking
• Verify which WLS edition suits your needs
• Invest in proper scripting of start/stop of environment with
nodemanager
• Satisfied with stability of 12c
– But be on the latest patchset
58www.iknowbase.com | 21.04.2013 | www.evita.no | twitter.com/jphjulstad
59. THANKS FOR YOUR ATTENTION
Jon.petter.hjulstad@evita.no
http://twitter.com/jphjulstad
Cato.Aune@evita.no
http://twitter.com/catoaune
http://www.evita.no
http://www.evita.no/ikbViewer/soa-bloggen/forside
Have a nice conference!
Jon Petter QR
Cato QR