Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Weblogic 12c experiences - migrations from iAS-platform


Published on

Presebtation from OUGN 2013 by Jon Petter Hjulstad and Cato Aune.

  • Be the first to comment

Weblogic 12c experiences - migrations from iAS-platform

  1. 1. Weblogic 12c - Experiences- from some of our projectsjon.petter.hjulstad@evita.no 2013 - 18.04.2013
  2. 2. Jon PetterHjulstadSOA: Consultant, Presales and responsible for SOA-competence
  3. 3. Cato AuneSOA: consultant with focus on WL/SOA/BPM/IDM
  4. 4. Agenda• About e-vita• Oracle Internet Application Server (iAS)– Why migrate?– Components• Oracle Weblogic– Features• Projects– Oslo University Hospital (2)• Best Practices / Experiences• Q& | 21.04.2013 | |
  5. 5. About e-vita• Established 1999 – 52 employees• CMS and Portal Framework iKnowBase (iKB)• Oracle Gold Partner - SOA, Database & AppsGrid Specialized• Established SOA Center of Excellence in 2012• Norwegian Middleware Partner of the year 2010, 2012• Oracle SOA Partner Community Award - Outstanding SOA 11g Contribution 2012• Member of Oracle Advisory Boards• WLS experience from SOA prosjects• iKB customers running WLS 11g: 2• iKB customers running WLS 12c: 3• Customers implementing WLS 12c: | 21.04.2013 | |
  6. 6. Certifications SOA | 21.04.2013 | |• 2 Implementations SpecialistsArchitect•1 SpecialistSOA•8 Implementation SpesialistsApp Grid•3 Implementation Spesialists•1 Oracle Certified Professional (OCP)DB•2 Implementation Spesialists•8 Oracle Certified Professional (OCP)•2 Oracle Certified Associate (OCA)Exadata•2 Implementation Specialist•RAC: 1 Implementation Specialist•Enterprise Manager: 1 Implementation Specialist•Linux: 1 Implementation Specialist
  7. 7. <old-times>Oracle Application Server iAS</old-times> | 21.04.2013 | |
  8. 8. Background• We have implemented internet and intranet portals thelast 10 years using Oracle Portal – probably more than 50• Many of our customer have Oracle iAS Portal 10.1.4– Only one we know have migrated to Portal 11g – Portal upgradesare traditionally painful– Most new pages are being developed in iKnowBase Portal Engine• Premier support Dec 2011 iAS 10.1.2– If support is possible, it will be expensive• OC4J prevents us from upgrading to newer iKnowBaseversions• Simplification of infrastructure• Availability of new features– Standards– Security– Scalability & manageability | 21.04.2013 | |
  9. 9. Convergence of Oracle iAS to | 21.04.2013 | |
  10. 10. Licence optionsFrom C2B2:
  11. 11. Oracle WLS Editions• WebLogic Basic Edition (licenced with iAS)• WebLogic Standard Edition– JRockit JVM– Toplink– ADF– Oracle Web Tier• WebLogic Enterprise Edition (includes WLS Standard Edition)– High performance clustering and failover capabilities– JRockit Mission Control with JRockit Flight Recorder– Enterprise Messaging -high performance JMS messaging– Oracle Virtual Assembly Builder• WebLogic Suite (includes WLS Enterprise Edition)– Coherence Enterprise Edition– Predictable performance: Java SE with JRockit Real Time– Active GridLink for RAC – High Availability with Oracle | 21.04.2013 | |
  12. 12. WLS Basic Edition• WebLogic Server Basic is a license-constrained version of WebLogic Server that isavailable in licenses for the following Oracle products:– Oracle Internet Application Server Standard Edition– Oracle Internet Application Server Standard Edition One– Oracle Internet Application Server Enterprise Edition– Oracle Forms and Reports– Oracle Business Intelligence Standard Edition• Lacks– High availability features as clustering– Deployment services and features, for example production redeployment– JMS Messaging– Services as WLDF, SNMP, Tuxedo Connector– Pack, unpack, recording of WLST scripts– Overload management– Use of Work Managers• In detail–• Important to be licence compliant! | 21.04.2013 | |
  13. 13. Components iAS EE• iAS EE has many components• All components necessary to run aportal application was in it:– Webserver, Cache– Identity, SSO, WNA– Database (restricted)– Integration– Workflow• For future solutions, the architectureneeds to be revised• This means also licencing needs to | 21.04.2013 | |
  14. 14. AlternativesComponent Oracle 10g Oracle 11g OtherCaching Oracle Webcache Oracle WebcacheOracle Traffic Dir.LBR, VarnishHTTP Oracle OHS Oracle OHS,iPlanet ApachePortal Oracle Portal Oracle PortalOracle WebcenteriKnowBaseIdentityManagementOracle InternetDirectoryOracle InternetDirectoryActive Directory,Open DJSSO / WNA OracleInfrastructureOracle WLS OPSSOracle SSO 10.1.4Oracle Access Mgr.Open AMIntegration InterConnectOracle ESBOracle SOA Suite ApacheServicemix, FuseWorkflow Oracle Workflow Oracle SOA Suite ActivitiJavaEE Oracle OC4J Weblogic Glassfish, JbossServlet Containers Jetty, | 21.04.2013 | |
  15. 15. <new-times>Oracle Weblogic</new-times> | 21.04.2013 | |
  16. 16. Oracle WLS 12c – Key New Capabilities• Java EE 6 and Developer Productivity• Simplified Deployment and Management with Virtualization• Integrated Traffic Management• Enhanced High Availability andDisaster Recovery• Much Higher Performance• | 21.04.2013 | |
  17. 17. Oracle WLS 11g vs 12c• Many features backported into 11g, but Java EE 6 will not (10.3.6 final) | 21.04.2013 | |
  18. 18. <wls-feature>Active GridLink</wls-feature> | 21.04.2013 | |
  19. 19. Connecting WebLogic Server to RAC• Two different connection approaches– Multi Data Sources, WebLogic GridLink Data Source• Multi Data Sources– Native implementation inside of WebLogic Server– Designed around WebLogic Server transactions, datasources, connection pooling, death detection– Serves as an abstraction over a set of individual datasources• WebLogic GridLink Data Source– Simplified data source configuration for RAC and Services connectivity – Single Data Source– Leveraging RAC notifications to provide fast-connection-failover– Improved load balancing and graceful RAC instance shutdown– Improved RAC instance | 21.04.2013 | |
  20. 20. Active GridLink for RAC• Simpler Configuration: single data source• Event-Based Model (ONS and FAN) for Adaptive Pool Management• SCAN Support• Fast Connection Failover• Runtime Connection Load Balancing• Affinities for Connection Routing (XA, Session, Data)• WebLogic Connection Labeling• Data Guard Support• RAC One Node Support• Certified for FMW on | 21.04.2013 | |
  21. 21. <wls-feature>OPSS</wls-feature> | 21.04.2013 | |
  22. 22. Oracle Platform Security Services (OPSS)• Oracle Platform Security Services (OPSS) is a security platform• OPSS is the underlying security platform that provides security to Oracle FusionMiddleware including WebLogic Server, SOA applications, ADF applications etc.• OPSS provides an abstraction layer in the form of standards-based applicationprogramming interfaces (APIs)• OPSS complies with the following standards: role-based-access-control (RBAC); JavaEnterprise Edition (JavaEE); and Java Authorization and Authentication Services (JAAS)• Built upon these standards, OPSS provides an integrated security platform thatsupports:– Authentication– Identity assertion– Authorization, based on fine-grained JAAS permissions– The specification and management of application-specific policies– Secure storage and access of system credentials through the Credential Store Framework– Auditing– Role administration and role mappings– The User and Role API– Security configuration and management– SAML and XACML– Oracle Security Developer Tools, including cryptography | 21.04.2013 | |
  23. 23. Oracle Platform Security Services (OPSS) | 21.04.2013 | |
  24. 24. OPSS Benefits• Allowing developers to focus on application and domain problems• Support for enterprise deployments• Verified interop testing across different LDAP servers and SSO systems• Certified on WebLogic Server• Pre-integration with Oracle products and technologies• A consistent security experience for developers and administrators• A uniform set of APIs for all types of applications• Optimization of development time with abstraction layers (declarative APIs)• A simplified application maintenance• Changing security rules without affecting application code• Ease of administration tasks• Integration with identity management systems• Integration with legacy and third-party security | 21.04.2013 | |
  25. 25. <using-wls>Projects</using-wls> | 21.04.2013 | |
  26. 26. <project>Oslo University Hospital - Intranet</project> | 21.04.2013 | |
  27. 27. Background• Intranet Portal for 20.000 users– Incident handling (Achilles)• Solution based on Oracle Portal and iKnowBase– Clustered HA iAS installation– Oracle RAC Database• 4 Active Directory Domains– Did not have, but wanted automatic login via Active Directory – WNA• All AD users are migrated to a new domain (OUS-HF.NO)• New solution based on– WL 12c– iKnowBase PageEngine, all Portal-pages need to be rewritten– Active Directory Synchronization, WNA– Apache as HTTP Server– LBR for caching and | 21.04.2013 | |
  28. 28. Architecture• Highly Available• LBR for https andcaching (redundant)• Apache for rewritesand static files• WL 12c as appserver– ActiveGridLink• RAC on | 21.04.2013 | |
  29. 29. Architecture• Limited LBR• Complex OPSSuse• 4 AD Domains• Apache not incluster – | 21.04.2013 | |
  30. 30. OPSS Flow of authentication- and authorization• Authentication (first successful goes to authorization)– SSO Windows Native Authentication– Active Directory (LDAP)– iKnowBase– Weblogic• Authorization– Active Directory (LDAP)– iKnowBase– Weblogic• Created own Role Mapper by extending OPSS• One of the WLS advantages id the possibility to make | 21.04.2013 | |
  31. 31. Flow of authentication- and | 21.04.2013 | |
  32. 32. Authentication to several | 21.04.2013 | |
  33. 33. Results• Application / database tuned– Better response times• Simplified architecture• Latest Apache release with many features• SSL for selected pages in the solution• WNA using 4 AD domains– But this required 4 managed servers...• Flexible authentication / authorization with OPSS– Configurable• Can now utilize RAC better with ActiveGridLink• Stable production since september 2012• IT had WLS experience – important! | 21.04.2013 | |
  34. 34. <project>Oslo University Hospital - MyJournal</project> | 21.04.2013 | |
  35. 35. Background• Hosted at• MinJournal is a collaboration between several majorhospitals with Oslo University as owner.• All hospitals that wish to offer their services to patientsMinJournal to Norwegian patients have a common point ofcontact with the health care system.• Originally based on Oracle Portal and iKnowBase– Single node iAS installation– Oracle Database– Custom SSO / OID modifications• New solution based on– WLS 12c– iKnowBase PageEngine– Oracle Internet Directory | 21.04.2013 | |
  36. 36. Architecture• Novell Access Manager to internet• No LBR was available for caching, so Varnish wasused for caching• Needed to be able to add new usersthat log on to the system, so OID 11gwas needed– Some 5.000 users activated,20.000 additional latent in | 21.04.2013 | |
  37. 37. Experiences / Results• Needed to migrate applications from OC4J to Weblogic– Experience on several levels – application, migration– Did take more time than anticipated• OID does not run on WL 12c– Needed to install Weblogic 11g also– Complicates install, patching and maintenance• Needed to migrate existing users to OID 11g– Custom schema changes in old OID– 10g OID experience big advantage• Extended OPSS with necessary trust of HTTP headers– Coming from Novell Access Manager (User=> Novell AccessManager => Varnish => WLS)• Stable production since october | 21.04.2013 | |
  38. 38. Other projects• In production running WLS 12c with iKnowBase– SKPREK – Tromsø University Hospital (DB authentication)• Very soon in production running WLS 12c with iKnowBase• Höegh Autoliners (Webtier 11g, AD Integration)• Under development (custom apps)– | 21.04.2013 | |
  39. 39. <wls-feature>WLST</wls-feature> | 21.04.2013 | |
  40. 40. WebLogic Scripting Tool (WLST)• How can you make your configuration changes– Quick (adds speed, minimal downtime)– Repeatable (reduces risk, minimize chance of human errors)• People at keyboards are not quick enough, and they make errors• This requires scripting capabilities• OC4J had no such functionality• Simon Haslam«WLST: WebLogics Swiss Army Knife» 15:45 Friday• Blog: | 21.04.2013 | |
  41. 41. WebLogic Scripting Tool (WLST)• Can record WLST-script from Console (EE)• Provides front-end to JMX– You navigate in hiarchies• WLST maven goal• Start and stop servers• Create domains• Create config for JMS and JDBC• Start and stop datasources• Script as much as possible, takes a little longer the firsttime, pays back the 3rd time you have do to | 21.04.2013 | |
  42. 42. <experiences>Starting and stopping servers</experiences> | 21.04.2013 | |
  43. 43. NodeManager + WLST• Always use NodeManager to start and stop your servers– Restarts server in case of failure– Needed for server migration– Needed to start and stop managed servers from Admin Console• Use WLST script to call NodeManager to start and stop servers onboot/shutdown of physical/virtual server• There are no startscript provided out of the box, e-vita providesstartscript for our customers• There are different practices where to put start-up parameters– To standarize is important! | 21.04.2013 | |
  44. 44. Clustered servers• Normally install servers as a cluster (if you have the rightlisence)– Important for SOA installations (which is not supported on WLS 12c yet)• Many different objects can be clustered• Advantages– Scalability (add servers if needed)– Load balancing (distribute requests)– High availability, different | 21.04.2013 | |
  45. 45. <experiences>Administration</experiences> | 21.04.2013 | |
  46. 46. Administration• Do not use the weblogic user, create personal users for alladmins• Enable auditing for all changes• Do make backup of config.xml and other config files• Enable log rotate (best practise one log file per day)– How many days back in time will you ever need logfiles from ?• Learn the different tools monitoring– WebLogic Diagnostics Framework (WLDF)– VisualVM for HotSpot– Mission Control / Flight Control for JRockit (PS-licence)– Enterprise Manager 12 Cloud Control with WebLogic | 21.04.2013 | |
  47. 47. <experiences>Java version</experiences> | 21.04.2013 | |
  48. 48. Which Java version to use for WLS 12 c• JDK 6 is no longer supported (unless you pay for it)– RedHat has announced they will continue to support JDK 6• JRockit will not be in a 7 release• JDK 7 is the recommended Java version, and WebLogic 12 c is certifiedto run on JDK 7– But as always, test that the applications you are going to deploy works on JDK | 21.04.2013 | |
  49. 49. <experiences>Connection pools / Data sources</experiences> | 21.04.2013 | |
  50. 50. Connection Pools• Connection Pools have an initial and maximum#connections• If initial > 0 and a connection is not available, the serverwill not start (ends up in ADMIN state)• Setting initial to 0 prevents this error• From 10.3.6 and onward, there is also a minimum• Initial = 0 => db need not to be up, faster boot, less load ondb when WLS start• Initial = max => All connections created at boot, more loadon db• Initial <> max => Create/delete connections on demand,less load on | 21.04.2013 | |
  51. 51. Connection Pool- Tuning• iKnowBase produces SQL dynamically• That means that the database server may never had seenthis query before• The user can supplement the WHERE-part by addingcriterias from search form– In case of bad statistics in database, bad execution plans may becreated– In case of missing indexes, there may be full table scans• We chosed Limiting Statement Processing to stop long-running-queries• | 21.04.2013 | |
  52. 52. XA Datasources• XA often is created by admins• You need to know when you need XA and not• Do not use XA when you do not need it• You may see strange problems due to XA (ADF, SOA)– In ADF: XA Closes all cursors on commit (Andrejus Baranovskis)– Databaselinks when used in SOA Composites– | 21.04.2013 | |
  53. 53. <experiences>Patching</experiences> | 21.04.2013 | |
  54. 54. Patching• MyOracle Support• Patch Set Update (PSU)• Experiences– Remove patches installed with the distribution before applying thelatest PSU– Easy command line patch util– Also possible to patch with | 21.04.2013 | |
  55. 55. <experiences>Serving static files from WLS</experiences> | 21.04.2013 | |
  56. 56. Serving static resource files• Common in internet applications to serve static .js, .gif,.png, .css etc.• Normally you would serve them from HTTP Server– But sometimes it is advantageous to reach also from WLS• Custom app with weblogic.xml and deployet on contextroot "/",• You can do it in WLS, but be aware that you may get only 99% of thecontent when it is changed (in production mode)• The reason is because content-length does not change..• Solution:– Change in | 21.04.2013 | |
  57. 57. Summary• Many of the new features in 12c are also in 10.3.6– We have not used new Java-features in our solutions• OPSS has given us flexibility in authentication / authorizing• Architecture has been simplified– Direct use of Active Directory, no synchronization via OID• What was obvious choices of products in iAS now requiressome more thinking• Verify which WLS edition suits your needs• Invest in proper scripting of start/stop of environment withnodemanager• Satisfied with stability of 12c– But be on the latest | 21.04.2013 | |
  59. 59. THANKS FOR YOUR ATTENTIONJon.petter.hjulstad@evita.no a nice conference!Jon Petter QRCato QR