Migrating SAS® Institute, Inc. Java EE Applications from WLS/WAS/JBoss to Pivotal tc Server™


Published on

Speaker: Zhiyong Li
SAS® Institute has a large portfolio of Java EE applications. SAS had previously provided support to deploy and run all of these applications in WebLogic, WebSphere and JBoss. Beginning with SAS 9.4, which was released in July 2013, SAS updated its infrastructure and middle tier platform to deliver and run on Pivotal tc Server. In this talk, we will discuss the motivation, technology selection, architecture, system administration, automated installation and configuration, etc., that SAS used to improve value for its customers.
Specifically, we will discuss the following areas in detail:
Technology selection: To make tc Server viable, we include the messaging, caching and the transaction management system.
Architecture: To leverage tc Server scalability and reliability in SAS products, we support clustering by using the vFabric Web Server and the mod_proxy.
Application migration: We provide guidance to our Java developers and configuration developers on how to migrate their applications to the tc Server environment.
Security: We support SSL, single sign-on and other enterprise security protocols such as Integrated Windows Authentication, CA Site Minder, IBM Web Seal, SAML, etc.
System administration: We provide a single entry point to manage all SAS application stacks including all web applications by leveraging the VMware Hyperic product.
Automated installation / configuration: We provide the automated process to install and configure all vFabric products (tc Server, vFWS, Hyperic and GemFire) and SAS web applications.
Delivery and support: SAS delivers embedded tc Server as the SAS Web Application Server for use with all our offerings with a midtier on all our supported host platforms. This enables SAS to provide complete supported application architecture with more complete visibility and control of the critical software.
Cloud deployment: This approach also provides advantages for our customers leveraging virtualization and cloud deployment strategies.

Published in: Software

Migrating SAS® Institute, Inc. Java EE Applications from WLS/WAS/JBoss to Pivotal tc Server™

  1. 1. Migrating SAS® Institute Java EE Applications from WLS/WAS/JBoss to Pivotal tc Server™ By Zhiyong Li © 2013 SpringOne 2GX. All rights reserved. Do not distribute without permission.
  2. 2. Contents  Motivation  Technology selection  Implementation – – – – Architecture Application migration Security System administration  Delivery and support – Automated installation and configuration – Cloud deployment  Demo
  3. 3. Our Pain Points  Supporting three different App Servers is a lot of work! – – – – Install and configure Coding and testing Performance tuning Support  Complex configuration still largely manual – Yet best practice dictates  Way too much “just depends” – Too many free variables in how customer sets up container
  4. 4. Our Solutions  Reduce the number of supported application servers  Encourage simplification of the applications – Focus on business logic – Build light-weight mid-tier • Light-weight container and framework  Complete, self-contained packages – HTTP server, servlet container, light-weight framework and system management – Virtual environment and appliances – Cloud deployment
  5. 5. Benefits  Lower costs for SAS – – – – Development Test Release Support  Lower costs for customers – – – – Procurement Installation and configuration Management Consolidated support
  6. 6. Technologies - Infrastructure  Infrastructure – vFabric tc Server: Tomcat • Active MQ • Atomikos: Required for Solutions that need two-phase commit • GemFire – vFabric Web Server: Apache HTTP server  Monitoring and Management – vFabric Hyperic
  7. 7. Technologies - Applications  Java EE – – – – – – – –      No EJBs JSP and servlet JMS for messaging JDBC / JPA for persistence JTA for transaction management Java Mail for SMTP mail REST for web services JMX for monitoring and management JavaScript, HTML5, Java Swing and Flash/Flex Struts and Spring MVC as Web framework Spring framework, security, etc. iBatis/Hibernate for persistence JCR/WebDAV for content management
  8. 8. Architecture – Single Machine vFWS: Mod_Proxy Reverse Proxy / Load Balancer Worker 2 Worker 1 tc Server1 tc Server2 SAS web app1 SAS web app2 SAS web app3 SAS web app4 Hyperic Agent Hyperic Server DBMS
  9. 9. Architecture – Multiple Machines Machine 2 Machine 1 tc Server1 vFWS: Mod_Proxy Reverse Proxy / Load Balancer SAS web app1 SAS web app2 Worker 1 Worker 2 tc Server2 Hyperic Agent SAS web app3 SAS web app4 Hyperic Agent Hyperic Server Hyperic Agent Machine 3 DBMS
  10. 10. Architecture – Multiple Machines and Cluster (V & H) Machine 2 tc Server1 Machine 1 SAS web app1 SAS web app2 vFWS: Mod_proxy Worker 1-3 Proxy / Load Balancer Worker 4-6 tc Server2 Worker 7-9 SAS web app3 SAS web app4 Worker 10-12 Hyperic Agent Machine 3 Hyperic Agent tc Server1_1 SAS web app1 SAS web app2 tc Server2__2 Hyperic Server Hyperic Agent Machine 4 DBMS SAS web app3 SAS web app4 Hyperic Agent
  11. 11. SAS Platform     SAS foundation SAS middle tier SAS BI applications SAS Solutions – – Web based Desktop based
  12. 12. SAS Middle Tier Platform       Common, shared Web applications Common infrastructure services Shared features as services Web services access to SAS stored processes Web services access to common services Workflow and content management
  13. 13. SAS Middle Tier Architecture
  14. 14. Middle Tier Services • • • • • • Alert Notification Attachments Audit Authentication Comments Configuration • • • • • • Mail Registry Status / Monitoring Templates Theme Workflow
  15. 15. Middle Tier Applications Web apps: BI Web Services SAS Content Server Workflow Engine Desktop apps: Configuration Manager SAS Management Console Plug-in Workflow Studio Browser apps: Logon Manager Comment Manager Stored Process Preferences Manager Web Admin
  16. 16. SAS Solutions  Over 80 SAS web applications  Pre-assigned to 13 application server instances               Analytics Business Analytics Business Intelligence Customer Intelligence Financial Intelligence Fraud & Security Intelligence Governance, Risk & Compliance High-Performance Analytics Information Management IT & CIO Enablement Performance Management Risk Management Supply Chain Intelligence Sustainability Management
  17. 17. Application Migration       Java code Deployment Configuration vFWS and clustering support Security Performance
  18. 18. Java Code       Remove EJB Update the use of Java Messaging Service Update JNDI lookup Review J2EE application client library usage Update transaction architecture and configuration Use ConnectionFactory instead of QueueConnectionFactory or TopicConnectionFactory
  19. 19. Deployment      Convert .ear to .war Define context and resources Create restricted policy files Update XML parser Limit Jar Scanning
  20. 20. vFWS and Clustering Support       Logging control files Forcing a product to be configured as a singleton Default browser caching configuration Default proxy server caching configuration Proxy forwarding Firewall considerations
  21. 21. Security (Authentication)  SAS Web Application single sign-on – Logon Manager and Central Authentication Services (CAS)  Enterprise security and Integration – Container managed security – Integration with enterprise SSO solutions • IWA, SiteMinder, WebSeal, SAML, …
  22. 22. SAS Web App Security Architecture Client tc server SASServer1_1 http/ https http/ https Authenticator Valve vFWS Mod_SSL (FIPS optional) SASLogon Realm Mod_proxy Worke1 Mod_sm (optional) Load Balancer Worker2 tc server SASServerX_Y Mod_shib (optional) http/ https SSO/LDAP Server Customer App1
  23. 23. SAS Web Application Single Sign-On  SAS Logon Manager – Single sign-on for all SAS web applications – Central authentication entry point – All SAS web applications required to rely on Logon Manager for authentication – Host authentication as default – Implemented by CAS
  24. 24. Central Authentication Services (CAS) 1. 2. 3. 4. 5. 6. Browser makes request to a webapp Spring security filter redirects to /SASLogon/login and provides a callback URL to the security filter in the query string User authenticates with CAS, is assigned a ticket granting ticket (TGT) and is redirected to the callback URL with a service ticket (ST) in the query string Browser calls the callback URL with the service ticket The webapp makes an internal call to CAS to validate the ticket and get user info A new session is established and the browser is redirected back to the original URL GET GET GET GET http://host/SASWebReportStudio/ 302 http://host/SASLogon/login?service=http%3A%2%2Fhost%2FSASAdmin%2Fj_spring_cas_security_check 302 http://host/SASWebReportStudio/j_spring_cas_security_check?ticket=ST-6-XlO6P6L5YbM9Zh1CkdyS-cas 302 http://host/SASWebReportStudio/ 200
  25. 25. SAS Logon and CAS  Custom authentication handler –  SAS Metadata (via bridge to JAAS OMILoginModule) Standard authentication handlers – Principal bearing credentials (Trusted Web Authentication) • Container managed – – • Web server agent + Application server agent (e.g. Tomcat Valve) – – – • BASIC, FORM, SPNEGO (IWA), DIGEST, CLIENT-CERT Authenticate against LDAP, JAAS, JDBC, etc. CA SiteMinder IBM WebSEAL SAML Hybrid – – Client certificate authentication Fallback authentication
  26. 26. Container Managed Security   Configure CAS for Trusted Web Authentication Secure SASLogon web application – Security constraint on /login – Login method • Negotiates with the user agent to collect credentials • Built-in support for: BASIC, FORM, DIGEST, SPNEGO, CLIENT-CERT – Security Roles • Can use * in conjunction with allRolesMode="authOnly“ on Realm  Realms – Authenticates credentials against some resource – Checks security roles
  27. 27. Enterprise SSO Integration     Integrated Windows Authentication CA SiteMinder SAML …
  28. 28. Integrated Windows Authentication (IWA)  Microsoft products to support single sign-on  Use Windows credential to automatically logon to your web applications
  29. 29. IWA Scenarios  Browser to middle tier – Terminate at middle tier – Delegate the client credential from middle tier to server tier • Database, SAS Workspace server  Desktop client to middle tier – Terminate at middle tier – Delegate the client credential from middle tier to server tier • Database, SAS Workspace server
  30. 30. Browser Based IWA to Midtier  Internet Explorer setup – Tools -> Internet Options -> Advanced -> Enable Integrated Windows Authentication – Security -> Local intranet -> Sites -> Advanced. Add the host of your domain if it doesn't already exist there.  Middle tier configuration – – – – – Register Service Provider Name (SPN) in Domain Controller and install Keytab Configure Kerberos Domain and KDC Setup com.sun.security.auth.module.Krb5LoginModule in JAAS configuration Configure container managed security with SPNEGO authentication Configure JNDIRealm in server.xml for the Active Directory LDAP
  31. 31. CA SiteMinder for SAS • • • • SiteMinder Realm protects /SASLogon/login Web Agent installed in vFWS – Performs authentication – Sets SM_SESSION security token Valve intercepts requests to tc Server – Decodes token and performs login – Uses pure Java API in SiteMinder SDK – Requires separate host registration tc Server Configured for container-based security tc Server token Valve 1. Decode token 2. login Dependencies: • CA SiteMinder Web Agent and SDK v12.x • Oracle Unlimited Strength Java Cryptography Extension (JCE)
  32. 32. System Administration – SAS Environment Manager  Replacement of SMC – SMC is a desktop client to manage SAS environment  OEM-ed Hyperic – Integration, customization, rebranding  Extensible Infrastructure – Module Framework and Modules • Content (metadata) management functionality – Hyperic plugins • Operational functionality  Batch and Command Line Interfaces
  33. 33. Collects a Broad Set Of Operational Metrics Solutions Web Application Servers WIP Services and DB ActiveMQ Messaging Apache TC server SAS Servers • Metadata • Object Spawner • Stored Process Server … Operating Systems • Memory • Processor • IO Storage & IO systems • LASR • SPDS • SAS Dataset Virtualization Availability Performance Configuration changes Events Log entries Service Database
  34. 34. Resources  Platforms – Physical or virtual machines or proxies  Servers running on those platforms – Database servers, web application servers, SAS servers, messaging servers, guest operating systems  Services running in those servers – Web applications in SAS Web Application Server, database tables and indexes  Logical groupings of platforms, servers, and/or services.
  35. 35. Components       A web-based admin GUI An agent on each managed host Solution aware plug-ins Central server to manage and deploy the plug-ins Centralized operational data store Collection of reports and graphs helping characterize resource usage across the whole operational deployment.  Single sign-on with other SAS and customers’ enterprise web applications
  36. 36. SAS Environment Manager Architecture Platform 1 ( machine 1) Management Server Tc Mid-Tier Servers Agent Object Spawner GUI Administration, Provisioning, Groups, Metrics, Alerts, Events, Logs, Agents Platform12 ( machine 2 ) Server tc tc S Server tc Server Metadata 1 Instance tc Server Instance 1 server Instance 1 Spring Object Spring Spawner Spring CLI Open API REST Web GUI Dashboard Control Center Upgradeable via XML and JAVA agent plugins Agent Agent CMDB Service Database Inventory, Events, Alerts
  37. 37. SAS Environment Manager Plug-Ins   Plug-ins are the interface between SAS Environment Manager and the platforms, servers, and services in your deployment. Auto-Discovery – Automatically finds technologies on your systems, adds to inventory, and configures monitoring  Monitoring – Collects performance data, monitors for configuration and security changes  Event Management – Trigger both email notifications and automated control actions to resolve common problems.  Control – Executes actions to automatically fix problems in response to alerts
  38. 38. Using Other Interfaces  With the API you can: – create, update, and extract data about platforms, servers, services and groups – create, update, and extract metric collection settings for resource types and individual resources – define alerts for resource types and individual resources – create and update users and roles.
  39. 39. Automated Installation and Configuration  SAS Planning Application – Select the products to install and configure – Select the deployment topology  SAS Deployment Wizard (SDW) – GUI driven pluggable framework to install/configure all SAS applications • Automatic installation of middle tier products • Automatic configuration of middle tier products
  40. 40. Auto Installation  Create installation images  Images are packaged into SAS Software Depot  SDW – Get user inputs – Unpack products from SAS Software Depot – Invokes the product specific installation scripts
  41. 41. Auto Configuration  Configure specific instances –  Tc Server, vFWS, Hyperic, etc. GUI Driven to collect configuration parameters – Configuration options for horizontal clustering • • •  Configuration API for all web applications –  Number of vertical servers Choice of source instance for horizontal clustering Number of vertical servers in the horizontal cluster members Create tc Server instance, configure data source, JMS queue, topics, etc. Multiple servers vs. clustering – – There are two different concepts Multiple servers + clustering
  42. 42. Enable Cloud Deployment: SAS Virtual Applications  SAS will provide pre-packaged virtual machines – Contain a full application stack from operating system through database and middleware to SAS solution software.  Virtual application – Consist of one or more virtual machines that work together and are able to selfconfigure.  Instances of the virtual applications – Can be up and running in minutes without the need for a software installation.  tcServer is an integral part of this offering – It is the only Application Server included in the Applications
  43. 43. SAS Virtual Applications (vAPP) SAS Software Application Server File System Operating System 3rd party party Storage (DBMS, SAN, etc.) Authentication (ex.LDAP, AD) 3rd Management Configuration choices HTTP Server 3rd party Monitoring/ Management
  44. 44. TOPOLOGIES ALIGN WITH USAGE MODELS Workgroup Enterprise 1 vApp = 1-2 VMs 1 vApp = n VMs HTTP Server Front Door SAS Software Middle tier clustered …… Operating System SAS Software Cluster File System Operating System Compute tiers (load …. balanced) SAS Metadata Server SAS Metadata Server Operating System Operating System Metadata Clustered LDAP Application Server Management Cluster File System DNS (networking) SAS Software Data Store Application Server Management SAS Software LDAP DNS (networking) Data Store HTTP Server
  45. 45. Tc Server and Logic Layout of a vApp tc Server “content” Monitoring User Admin Authentication Application tc Server Update Service tc Server SAS Solution Software Authentication Store Ledger Reverse Proxy/Router tc Server
  46. 46. Summary  A complete packaged middle tier platform – – – – Light-weight infrastructure and applications Built-in support for proxy server Built-in support for clustering for performance and fail over Built-in support for system management and monitoring • • –  Built-in support for security integration Easy button –  Customized SAS Environment Manager plugin to monitor SAS system Rebranding to give the seamless SAS look-and-feel Automatically install and configure the platform and SAS applications Virtual and cloud environment enablement
  47. 47. Demo  SAS Single Sign-On  SAS Stored Process Web Application  SAS Environment Manager – SAS Web Application Server Plugins  SAS Cloud – https://cloud.sas.com
  48. 48. References  SAS 9.4 – – –    SAS Cloud The SAS® Middle Tier: Providing Integration Services for the SAS® Intelligence Platform VMware vFabric Suite Documentation – – – –  vFabric tc Server Spring Edition vFabric Web Server vFabric Hyperic vFabric GemFire Application Cache Node Spring – –    SAS 9.4 Resource Center SAS® 9.4 Intelligence Platform: Middle-Tier Administration Guide Monitoring 101: New Features in SAS 9.4 for Monitoring Your SAS Intelligence Platform Spring Framework Spring Security Migrating JEE Applications from WLS/WAS to SpringSource tc Server™ Valve, JAAS and Filter in Tomcat IWA for a Spring Desktop and Web Application
  49. 49. Learn More. Stay Connected. • • • • Try SAS Cloud: https://cloud.sas.com Learn SAS Visual Analytics: http://www.sas.com/software/visual-analytics/demos/all-demos.html Learn SAS 9.4: SAS 9.4 Resource Center Learn IWA: http://java.sys-con.com/node/1326751 • • Talk to us on Twitter: @springcentral Find Session replays on YouTube: spring.io/video