The Liberty Deep Dive presentation from IBM InterConnect 2017. This presentation covers some of the key technical details of Liberty, some production deployment options, and what has changed between March 2016 and March 2017.

1. InterConnect
2017
HAJ-1842 Liberty Deep Dive
Alasdair Nottingham - STSM
WAS Liberty Architect
@nottycode
Erik Hochstedt
Liberty Dev Lead
1 3/23/2017

2. • Lightweight
• Fit for your purpose
• Simple
• Zero Migration
• 5 years old this year
2 3/23/2017
What is Liberty

3. 3 3/23/2017
Fast & Small Startup
0
1
2
3
4
5
6
7
8
9
Liberty 16.0.0.4 Tomcat 9 M11 WildFly 10.1 TomEE Plus 1.7.4
Startup Time
0
50
100
150
200
250
300
Liberty 16.0.0.4 Tomcat 9 M11 WildFly 10.1 TomEE Plus
1.7.4
Footprint

4. 4 3/23/2017
Excellent Throughput
2500
2700
2900
3100
3300
3500
3700
3900
4100
4300
4500
WAS trad 9.0.0.2 Liberty 16.0.0.4 WildFly 10.1 Jboss EAP 7 Glassfish 4.1.1
Req/sec
Req/sec

5. 5
Fit-for-purpose server
• You control which features are loaded into each server instance
Kernel
<feature>servlet-3.1</feature>
servlet-3.1
http-1.1 appmgr
<feature>jsf-2.2</feature>
jsp-2.3 jsf-2.2
Java EE

6. zOS
ND
Core
Base
New in
1Q17
New in
4Q16
New in
2Q16
New in
3Q16
Java EE 6
subset
couchdb-1.0
mongodb-2.0
wsSecurity-1.1
javaee-7.0
batchManagement-1.0
rtcomm-1.0
rtcommGateway-1.0
sipServlet-1.0 wsSecuritySaml-1.1
mediaServerControl-1.0
wsAtomicTransaction-1.2cloudant-1.0
scalingController-1.0
scalingMember-1.0
dynamicRouting-1.0collectiveController-1.0
clusterMember-1.0
healthManager-1.0
healthAnalyzer-1.0
zosConnect-1.2
zosLocalAdapters-1.0 zosSecurity-1.0zosTransaction-1.0 zosWlm-1.0
zosRequestLogging-1.0
batchSMFLogging-1.0
Programming Model SecurityProduction
webProfile-6.0
distributedMap-1.0
openid-2.0
openidConnectServer-1.0
openidConnectClient-1.0osgiAppIntegration-1.0
spnego-1.0
collectiveMember-1.0
restConnector-2.0
sessionDatabase-1.0
ldapRegistry-3.0
webCache-1.0javaMail-1.5
osgiConsole-1.0
json-1.0
timedOperations-1.0
monitor-1.0
oauth-2.0
serverStatus-1.0
wab-1.0
blueprint-1.0
webProfile-7.0
eventLogging-1.0
requestTiming-1.0
adminCenter-1.0
concurrent-1.0 bells-1.0
samlWeb-2.0
httpWhiteboard-1.0
federatedRepository-1.0
constrainedDelegation-1.0
osgiBundle-1.0
passwordUtilities-1.0
bluemixUtility-1.0
apiDiscovery-1.0
logstashCollector-1.0
scim-1.0
microProfile-1.0 jwt-1.0
productInsights-1.0 transportSecurity-1.0
Liberty Features

7. 7
Simple Config
<server>
<featureManager>
<feature>jsp-2.3</feature>
</featureManager>
<webApplication location=“myweb.war” contextRoot=“/” />
<applicationManager autoExpand="true"/>
</server>
server.xml
-Xmx1g
-Dsystem.prop=value
jvm.options
WLP_OUTPUT_DIR=/usr/wlp-out/
server.env

8. 8
Composing Config
<server>
<httpEndpoint id=“defaultHttpEndpoint” host=“${host}”
httpPort=“${http}”
httpsPort=“${https}”/>
</server>
configDropins/defaults/common-http.xml
<server>
<include location="https://myHost/ports.xml”/>
<variable name=“host” value=“${my.host}”/>
<variable name=“http” value=“${my.host.http}”/>
<variable name=“https” value=“${my.host.https}”/>
</server>
configDropins/overrides/ports.xml

9. 9
Security
• Security by default
• No remotely accessible ports
• Enable admin, enable security
• Enable ssl using ssl-1.0
<feature>restConnector-1.0</feature>
<quickStartSecurity userName=“admin”
userPassword=“{hash}adSDwijgnb==“/>
<feature>transportSecurity-1.0</feature>
<keyStore password=“{aes}adSDwijgnb==“/>
<httpEndpoint id=“defaultHttpEndpoint” host=“*”/>

10. 10
App Security
• Feature to enable
• Configure security role bindings in server.xml
• Configure registry
<feature>appSecurity-2.0</feature>
<webApplication location=“myweb.war”>
<application-bnd>
<security-role name=“user”>
<group name=“myGroup”/>
</security-role>
</application-bnd>
</webApplication>
<feature>ldapRegistry-3.0</feature>

11. 11
Class Visibility - Parent First
JVM
rt.jar jce.jar jsse.jar
Application Server
runtime.jar libx-1.jar was-util.jar
Web Application
myapp.jar libx-2.jar myutil.jar
1
2
3
✗
✓
• App Server & Application use open
source library
• They use different versions
• When application loads class in open
source library, the app server copy is
found first
✘ Application fails as class is not
compatible

12. 12
Class Visibility – Parent Last
JVM
rt.jar jce.jar jsse.jar
Application Server
runtime.jar libx-1.jar was-util.jar
Web Application
myapp.jar libx-2.jar myutil.jar
3
2
1✓ • App Server & Application use open
source library
• They use different versions
• When application loads class in open
source library, the application copy is
found first
✘ If application contains Servlet classes
then the container can’t use the Servlet
classes so application fails

13. 13
Class Visibility - Liberty
JVM
rt.jar jce.jar jsse.jar
Application Server
runtime.jar libx-1.jar was-util.jar
Web Application
myapp.jar libx-2.jar myutil.jar
1
2✓ • App Server & Application use open
source library
• They use different versions
• When application loads class in open
source library, only API class loads are
delegated to the application server
classloader
✔ Application gets the open source class
it wants, server and application agree
on servlet

14. 14
Zero Migration
• Zero config migration
- Write once, run forever
• Zero migration for apps
- No behavior changes in existing features
- New behaviors in new features
• Choose your Java
- Java 8, 7, or 6*
- IBM, Oracle, Open JDK
16.0.0.4
17.0.0.1
WLP_CONFIG_DIR
app1Svr
app2Svr

15. 15 3/23/2017
Continuous Deploy
TestBuild Package
zip
DeployCode

16. Script Client
Standalone Server Farms
WAS WAS WAS
IHS, DP, or
generic
HTTP
Load balancing and session affinity/failover
Operations target individual
servers
Web server plugin is a
merge of the individual
servers’ plugins. Session
failover uses DB or session
cache.
HTTP/S
WAS WAS WAS
WAS

17. Liberty Collectives
liberty liberty liberty
liberty
controllers
liberty liberty liberty
IHS/
DP
collective
Script Client
Operations target individual
servers or clusters
HTTP/S
Load balancing and session affinity/failover
libertylibertyliberty

18. Liberty Dynamic Routing
liberty liberty liberty
liberty
controllers
liberty liberty liberty
IHS/
DP
collective
Script Client
Operations target individual
servers or clusters
HTTP/S
Load balancing and session affinity/failover
libertylibertyliberty
get dynamic
topology

19. AutoScaling & Dynamic Routing
<scalingPolicy name=”policy1” min=”3”>
<metric name=”heap” max=”80”/>
<bind clusters=”cluster1”/>
</scalingPolicy>
Administratively defined policy
liberty liberty liberty
liberty
controllers
liberty liberty liberty
IHS/
DP
dynamic
start/stop
get dynamic
topology
collective
Script Client
Operations target individual
servers or clusters
HTTP/S
cluster
members
Load balancing and session affinity/failover
libertylibertyliberty
• Policy bound to app clusters
• Automatic start/stop of JVMs to scale up/down capacity.
• Dynamic routing
• Health management

20. Liberty and Docker
app and config
liberty and java
docker
+
+
os config
+
=
portable container
Private IaaS
WAS Patterns
Pure App System
Local Docker
host
Third-party
PaaSOpenShift
Cloud
Foundry
Apprenda
Public IaaS
IBM Softlayer
MS Azure
Amazon AWS

21. Last Year
21
16.0.0.2
2Q16
17.0.0.1
1Q17
16.0.0.3
3Q16
16.0.0.4
4Q16
oauth token propagation
default map role to group
enhanced password utils
jaxrs SAML tokens
apiDiscovery enhanced
zosRequestLogging
jaxws policy attachments
dashDB service plugin
collective docker & node
wdt docker dev enhanced
wdt swagger enhanced
migration tools enhanced
install consolidation
server pckge file perms
json web token issue & accept
vmm custom adapter spi
jsse helper api
collective user cert doc
plugin config auto generation
restConnector-2.0 feature
z/os local adapter for ims
async tcpip for zos
unwrapped jdbc vendor apis
sqlj for db2
java batch logs from native cli
batchSMFLogging-1.0 feature
java batch events to jms
java batch multi-files prop/parm
wdt custom p/w encrypt
wdt jax-rs gen from swagger
cloudant-1.0 feature
microProfile-1.0 feature
node.js in docker + autoscale
Plugin config util for clusters
merge jvm.options files
logstashCollector w/binary log
z/OS angel management +
arbitrary SQL at connection init
DB conn validation/pretest
MS SQL 2016 certification
batch events at timer intervals
Admin Center Batch tool
jwt-1.0 & enhancements
Windows service
WAMT skeleton server.xml gen
WAMT pre-deploy app analysis
WDT docker workspace apps
WDT fine-grained auto feature
WDT apiTypeVisibilty
Override deployment
descriptors in configuration
IBM Cloud Product Insights
integration
Dynamic Routing support for
routing rules
Route to same app in multiple
collectives
Api discovery works without
authentication.
Customize swagger UI css
AdminCenter batch job
stop/restart
Outbound SSL config
independent from inbound
Log dates in ISO format
Pause HTTP traffic

22. 22
Customer Requirements
• Please, create and vote on Requests For Enhancement
https://www.ibm.com/developerworks/rfe/execute?use_case=submitRfe
• Also: lab advocates, workshops, WASdev forum and others
• Are we delivering?
16.0.0.3
SQLJ 19
Plugin merge tool 18
Batch CLI restart 6
Batch CLI param files 5
16.0.0.4
Windows service 51
DB test on connect 47
CMD-line plugin generation 12
17.0.0.1
Outbound SSL (partial) 55
API explorer fixes 21
Batch SMF records 16
Custom DN in routing cert. 14
Pause/Resume HTTP 12
OIDC Cluster support 9
ISO data format 5
Raw kerberos token 5
Routing rules 4
Binding overrides 4
Liberty Top 10
Outbound SSL 55
OAuth PKCE 31
Custom roles 28
HTTP 2.0* 27
Admin/App traffic 27
Config merge view 26
HTTP method restrictions 24
IIOP Txn propagation 24
Collective bulk update 15
Collective cert. SAF 14

23. 23
WASdev.net

24. 24 3/23/2017
Notices and disclaimers
Copyright © 2017 by International Business Machines Corporation (IBM).
No part of this document may be reproduced or transmitted in any form
without written permission from IBM.
U.S. Government Users Restricted Rights — use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to
products that have not yet been announced by IBM) has been reviewed
for accuracy as of the date of initial publication and could include
unintentional technical or typographical errors. IBM shall have no
responsibility to update this information. This document is distributed
“as is” without any warranty, either express or implied. In no event
shall IBM be liable for any damage arising from the use of this
information, including but not limited to, loss of data, business
interruption, loss of profit or loss of opportunity. IBM products and
services are warranted according to the terms and conditions of the
agreements under which they are provided.
IBM products are manufactured from new parts or new and used parts.
In some cases, a product may not be new and may have been previously
installed. Regardless, our warranty terms apply.”
Any statements regarding IBM's future direction, intent or product
plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a
controlled, isolated environments. Customer examples are presented
as illustrations of how those customers have used IBM products and
the results they may have achieved. Actual performance, cost, savings or
other results in other operating environments may vary.
References in this document to IBM products, programs, or services
does not imply that IBM intends to make such products, programs or
services available in all countries in which IBM operates or does
business.
Workshops, sessions and associated materials may have been prepared
by independent session speakers, and do not necessarily reflect the
views of IBM. All materials and discussions are provided for informational
purposes only, and are neither intended to, nor shall constitute legal or
other guidance or advice to any individual participant or their specific
situation.
It is the customer’s responsibility to insure its own compliance with legal
requirements and to obtain advice of competent legal counsel as to
the identification and interpretation of any relevant laws and regulatory
requirements that may affect the customer’s business and any actions
the customer may need to take to comply with such laws. IBM does not
provide legal advice or represent or warrant that its services or products
will ensure that the customer is in compliance with any law.

25. 25 3/23/2017
Notices and disclaimers
continued
Information concerning non-IBM products was obtained from the
suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products in
connection with this publication and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be
addressed to the suppliers of those products. IBM does not warrant the
quality of any third-party products, or the ability of any such third-party
products to interoperate with IBM’s products. IBM expressly disclaims
all warranties, expressed or implied, including but not limited to, the
implied warranties of merchantability and fitness for a particular,
purpose.
The provision of the information contained herein is not intended to, and
does not, grant any right or license under any IBM patents, copyrights,
trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS,
Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document
Management System™, FASP®, FileNet®, Global Business Services®,
Global Technology Services®, IBM ExperienceOne™, IBM SmartCloud®,
IBM Social Business®, Information on Demand, ILOG, Maximo®,
MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower,
PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®,
PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®,
PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®,
SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli® Trusteer®,
Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and
System z® Z/OS, are trademarks of International Business Machines
Corporation, registered in many jurisdictions worldwide. Other product
and service names might be trademarks of IBM or other companies. A
current list of IBM trademarks is available on the Web at "Copyright and
trademark information" at: www.ibm.com/legal/copytrade.shtml.

26. InterConnect
2017
26 3/23/2017