1. Sun Web Server 7:A Jewel in Sun GlassFish Portfolio Murthy Chintalapati (CVR)Senior Engineering Manager Sun Microsystems Inc. April 10th, 2009.

2. Contents

Sun Web Server 7 Introduction

Architecture and Technology Overview

3. Performance & Scalability 4. Cluster Management 5. Open Source 6. Roadmap Sun GlassFish Portfolio

A robust portfolio of web servers

7. First, some Sun Web Server trivia.

232,000 +

8. 5,170 9. One GB per minute 10. One Billion minutes of streaming media & 90M views/day 11. New York Times (NYTimes.com) 12. First, some Sun Web Server trivia.

232,000 +

Simultaneous HTTP connections (on Sun Fire T5220)

5,170

Secure E-commerce (JSP) requests per sec (w/ think time)!

One GB per minute

Web Server's access log per minute!

One Billion minutes of streaming media & 90M views/day

MLB.com's over 2,430 full length games to over one billion visitors w/ record breaking 90million views a day

New York Times (NYTimes.com)

Reportedly served (at least in part) by Sun Web Server.

13. Web Server Overview

Scalable

Multi-threaded application

14. In-process Java container 15. 64-bit capable; SPECweb2005 record setting architecture. 16. Caching, HTTP compression Secure

Access Control built in

17. LDAP, local user database, etc 18. SSL capable out of box 19. Elliptic Curve Cryptography 20. DoS Attack awareness 21. Cross-site script detection 22. Web Services Security 23. WebDAV ACL

Data center friendly

Built-in (and scriptable) cluster management

24. Configurations are standard text files; can be stored in CVS, BitKeeper, etc 25. Several stats reports available for health checks; SNMP support for integration into standard monitoring tools 26. Request mapping for self-protection from DoS attacks 27. Integrated Reverse Proxy; URL rewriting with regex matching. Extensible

Variety of APIs available to extend server capabilities; NSAPI, Java EE 5 Servlet/JSP, FastCGI, etc.

28. Sun Java System Web Server 7.0(formerly Sun ONE Web Server, originally Netscape Enterprise Server)

Supporting:

HTTP/1.0, HTTP/1.1

29. JSP/Servlet 30. CGI 31. FastCGI 32. SHTML 33. HTML 34. LDAP, Access Control 35. SSL/ECC

Improve Web security and performance

36. Reduce Cost & Complexity 37. Reduce administration complexity

Built-in cluster management

38. Scriptable command line administration tools

Platform Support:

Solaris 8, 9, 10 (UltraSPARC 32-bit, 64-bit)

39. Solaris 9, 10 (x86); Solaris 10 (x64/AMD64) 40. OpenSolaris 2008.11 (x86/AMD64) 41. Windows 2000, XP SP2, 2003 Server, EE 42. RedHat EL 3.0 (32-bit only), 4.0 U4 or later, 5.0, SUSE EL 9, 10 SP2 (32-bit, 64-bit) 43. HP-UX 11iv1 44. AIX 5.2, 5.3 FREEunder Solaris Enterprise Licensing 45. Web Server 7.0 Technical Overview

Web Server 7.0 is a major release

• Redesigned admin GUI

46. Full-featured, scriptable, secure admin CLI

47. Improved support for clustering 48. Regular expressions, sed filtering, URL rewriting, etc. 49. Updated Java specs 50. Session replication 51. WebDAV Access Control Protocol 52. SSL enhancements, DoS avoidance, and other security enhancements 53. Integrated reverse proxy and FastCGI plugin 54. Improved diagnosability 55. ... 56. Request Processing 57. Default Web Server Components 58. Web Server Architecture Server Application Functions (SAFs) } Servlet Container Based on 59. Typical Apache/Tomcat Architecture Out-of-process Tomcat Servlet Container } Source: JavaWorld 10/2008 60. Servlet/JSP Container

Support for Java EE 5 web technologies: viz. Servlet 2.5, JSP 2.1, JSTL 1.1, JSF 1.2.

61. JNDI, JDBC Connection Pooling with support for MySQL, Oracle, other databases. Session failover. 62. XML and Web Services

• JWSDP 2.x technology built in.

Embedded JVM + NSAPI Connector

Shared Container Codebase with GlassFish v2.x

New, improved plugin for NetBeans 5.x

63. Supports dynamic reconfiguration 64. Unbeatable Web Server Performance Simulated E-Commerce workload Fantastic Speedwith Superior Security Web Stack simplifies support forsmall and large deployments Page load times (seconds)

Performs at least2x v.s. Apache + Tomcat on a modest configuration

65. Scalable connection handling, multi-threaded server architecture with integrated servlet container. 66. Fantastic speed with superior scalability and manageability 67. Sun Fire T5220 (Niagara 2)

8core, 64-threadsystem on chipCPU

68. On-chip crypto processor (NCP) with 8x FPUs 69. 10GbE networking The Most Eco-friendly web server SPECweb2005 benchmark - Simultaneous User Sessions System Metric Bank Support E-comm Way/Ghz #coreHP DL585 G2 22254 38400 20704 30720 4/3 Opteron 8 SunFire T5220 41847 70000 40000 58000 1/1.4 Sun T2 8 HP DL580 G5 43854 76032 39456 62304 4/2.31 Xeon 16 + Sun Web Server 7.0u3

Staggering performance: 400,000+ simultaneous HTTP connections, 131,000 banking ops/sec (i.e. 1GB access log/minute) and 1.4 terabytes of data over secure HTTP interface!

http://www.spec.org/web2005/results/res2008q2/web2005-20080408-00105.html 70. Configuration Files

Configuration files define the behavior of the Web Server.

Web Server configuration files are located in the config directory:instance_dir /config .

71. The number of files and file names vary based on components enabled in the server. 72. You can edit configuration file settings by:

Using the administration interface

73. Using command-line utilities 74. Opening and editing the files directly 75. Web Server 6.1 https-vault.sfbay/config/ magnus.conf obj.conf server.xml mime.types nsfc.conf snmp.conf password.conf https-admserv/config/ scheduler.conf schedulerd.conf httpacl/ generated.https-vault.acl genwork.https-vault.acl userdb/ dbswitch.conf alias/ https-vault-vault-key3.db https-vault-vault-cert8.db https-vault-vault-secmod.db Configuration Files and Directories Web Server 7.0 https-vault.sfbay/config/ server.xml magnus.conf obj.conf mime.types default.acl key3.db cert8.db secmod.db

Directory

Text file

NSS database

76. Changes toserver.xmlValidation

Theserver.xmlfile is now validated against an XML schema rather than a data type definition (DTD).

77. Provides a common repository:

Validation rules

78. Default values Benefits of validating against an XML schema include the following:

Relaxes element order rules (where appropriate)

79. Validates references to other elements 80. Enforces type checks 81. Dynamic Reconfiguration

Make changes on-the-fly to the server

CLI and GUI support to trigger reconfigurations

Server knows which changes require a server restart 82. NSAPI support for plugins to implement dynamic reconfiguration 83. Server falls back to last good configuration if a change results in a configuration error 84. Server configurations are in-memory representations of the information in the configuration files

Configurations are reference counted

85. Regular Expressions & Variables

Regular expressions and variable substitution can be used anywhere in request processing

86. URL rewriting

Pretty external URLs to hide ugly internal URIs

87. /jobs->/app/ViewServlet?q=jobs 88. Like Apache's mod_rewrite User-tracking cookies

Uniquely identify visitors in access log

89. Like Apache's mod_usertrack 90. Pattern Matching & URL Rewriting

Wildcard pattern matching has been extended to support theserver.xmlfile:

Pattern matching applies to theelement

91. Host comparisons are not case sensitive Support has been added for parameter interpolation and regular expressions in theobj.conffile:

Variables defined inserver.xmlare available inobj.conf .

92. Various enhancements have been made to support a superset of the Apachemod_rewritemodule. 93. Pattern Matching inserver.xml https-foo.bar.example.comfoo. bar .example.com foo . bar foo .eng.sun.com foo .eng https-foo.bar.example.com foo.* 94. URL Rewriting Example

Map http://www/~user/ to /home/user/public_html/

95. rewrite() enables flexible mappings between URIs and file system paths NameTrans fn=" rewrite " root="/home/$1/public_html" path="$2" 96. Conditional Processing Example (1)

Display an after-office hours page:

"17:00"> AuthTrans fn="set-variable" $docroot="/var/www/docs/closed" ... NameTrans fn="document-root" root="$docroot" 97. Web Server vs. mod_rewrite

Apache HTTP Server module

98. Conditional URI redirection/rewriting 99. Specialized solution

Only for URL redirection and path rewriting

100. Runs during Apache URL-to-filename and Fixup hooks (analogous to NSAPI NameTrans and ObjectType) Syntax different from other Apache directives What Is Apache mod_rewrite? 101. Web Server vs. mod_rewrite

Built into obj.conf processing

102. Offers superset of mod_rewrite functionality 103. General solution

Can manipulate URI, path, header fields,response bodies, etc.

104. Works at any stage of request processing 105. Works with any SAF, including 3 rdparty plugins Syntax mirrors existing obj.conf conventions How Does the Web Server 7.0 Approach Differ? 106. Web Server vs. mod_rewrite

Search for pages in multiple directories

107. Apache mod_rewrite RewriteEngine on RewriteCond/dir1 / %{REQUEST_FILENAME}-f RewriteRule ^(.+)/dir1 $1 [L] RewriteCond/dir2 / %{REQUEST_FILENAME}-f RewriteRule ^(.+)/dir2 $1 [L] RewriteRule ^(.+) - [PT]

Web Server 7.0

NameTrans fn="rewrite" root=" /dir1 " NameTrans fn="rewrite" root=" /dir2 " Syntax Comparison 108. URL Redirection

Allows you to redirect document requests from one URL to another

109. Is useful when content has moved or is located:

On a different server

110. In a different directory Is implemented with theredirectSAF 111. Can be combined with thecontainer for dynamic redirection 112. URL Redirection Example

Redirect URIs listed in map.conf

113. lookup() looks up a value from a text file # map.conf /webserver /products/home_web_srvr.xml /proxy /products/home_web_proxy_srvr.xml /java http://java.sun.com # obj.conf NameTrans fn="redirect" url="$( lookup ('map.conf' $uri))" 114. Security

Support for Solaris 10 crypto framework

115. Solaris 10 zones compatible 116. Elliptic Curve Cryptography (ECC)

Next generation PKI for U.S. Department of Defense

WS-Security (IETF XML Digital Signature, W3C XML Encryption) 117. Integrated P3P support 118. Increase server SSL encryption key size to 4k 119. Denial Of Service (DoS) attack awareness

Request map (throttle by requests/sec on a URI)

120. Timeout (connections with trickling request data)Cross-site scripting detection via native sed filter 121. FIPS-140-x certified 122. SSL Enhancements

Support for ECC

• Asymmetric (public key) cipher

123. SunLabs-developed technology

124. Compared to RSA, 10x better security with lower computational cost

Support for AES

• Symmetric (private key) cipher

125. NSA-approved successor to DES

Ability to update Certification Revocation Lists (CRLs) without restarting the server

126. Other Security Enhancements

Native authentication on Solaris with PAM

127. Customizable LDAP search filters and attributes (Microsoft Active Directory interoperability) 128. LDAP directory server failover 129. Request limiting

• Tracks concurrent requests and requests/second

130. Rejects requests when thresholds are exceeded

131. Can operate on an IP-by-IP basis

Optional timeouts for HTTP request headers and bodies

132. sed Filters

Filter incoming request bodies

133. Filter outgoing response bodies 134. Uses familiar Unixsed(1)syntax 135. Potential uses

Scrub form data for possible Cross-site Scripting (XSS) attacks

136. Rewrite URLs (e.g. fix hostnames) in HTML responses filter= sed-response sed=s/127.0.0.1/www.sun.com/g 137. 64-bitSupport

Solaris AMD64, SPARCv9 and Niagara 2/CMT architectures.

138. Linux 64-bit in Web Server 7.0 Update 2 139. AMD64 bignum optimization for SSL (25% gain) 140. Useful for applications that demand large Java Heap space. 141. Record setting SPECweb2005 (SunFire T5220) results

Workload comprises a mixture of secure Banking, Dell.com style e-commerce storefront and large media file downloads.

142. Requires millions of sessions and large file cache 143. Staggering performance: Over 400,000 simultaneous HTTP connections, 131,000 banking ops/sec (i.e. 1GB access log/minute) and 1.4 terabytes of data over the HTTP interface. 144. Administration

Cluster Management

• Support for centralized management of configuration data and replication to nodes

Redesigned GUI

• Improved navigation.

145. Easy access to SSL setup, virtual servers, JVMsettings, web app deployment and other commonly performed administrator tasks.

New CLI comprehensive, secure and scriptable

• Feature parity with GUI.

146. Scriptable with embedded TCL engine.

147. Cluster Management Concepts 148. Administration Server Architecture 149. Graphical User Interface 150. Command-Line Interface

Is an embedded Java Command Language (JACL) shell

151. Can be run in single, shell, or file modes 152. Provides auto completion of commands 153. Provides all functionality present in the GUI:

• Configuring server settings and subsystems

154. Managing certificates

155. Starting and stopping servers 156. Monitoring the server, and so onCommand-line scripts can be run against remote servers 157. Command-Line Syntax 158. Diagnosability

Server tracks active URIs and client IPs in real time

• Exposed through HTTP at/.perf

159. Available with admin CLI'sget-perfdumpcommand

160. get-perfdumpcan list active URLs even if server appears hung!

Additional fine-grained log messages

• Provide insight into server's operation

161. Only logged when log level is set tofine ,finer , orfinest

162. Other Features Enhancements

Robust XML Schema validation for server.xml

163. Dynamic reconfiguration without service interruptions 164. server.xml consolidates several configuration files

magnus.conf, nsfc.conf, scheduler.conf, dbswitch.conf and password.conf

Integrated HTTP reverse proxy/load balancer 165. WebDAV Access Control RFC 3744 support 166. FastCGI support for integrating third-party scripting environments viz. PHP Add On, Ruby On Rails 167. NetBeans 6.5 support 168. Migration from 6.x 169. Localization

Web Server 7.0 supports localization of the administrative interfaces:

Administration Console

170. Command-line Interface

Thelocalizationelement configures localization.

171. Example of localization: es-419 172. Open Web Server

Sun Web Server is now open sourced

Includes HTTP server core components

173. Source coded hosted on OpenSolaris web stack project and can be built on most Unix platforms. 174. Released under BSD License 175. For more details, visit: http://wikis.sun.com/display/wsFOSS/Open+Web+Server and the announcement:http://blogs.sun.com/jyrivirkki/entry/announcing_open_source_web_server 176.

One of the Internets largest dynamic JSP content providers with hundreds of thousands of JSP files active on any given day. 15 live games daily; One billion minutes of streaming media over 2,430 full length games to over one billion visitors w/ record breaking 90million views a day!.

MLB.com: A Sun Web Server Reference Deployment 177. Sun Blogs (blogs.sun.com A Sun Web Server site profile

Premier blogging infrastructure for Sun employees

178. Hosted on SunFire T2000 servers, Web Server 7.0 and MySQL 179. http://www.sun.com/bigadmin/features/articles/sunblogs.jsp?feed=RSS 180. Q1 Q2 Q3 Q2-Q4 CY2009 Web Stack/Web Server Roadmap* Q4 CY2010 Q1 Web Stack 3/5/09 v1.4 LAMP, Ruby, Tomcat Lighttp, Python v1.5Enterprise Manager,Update center support, relocatable, Apache 2.2.11, MySQL 5.1, PHP 5.2. DTrace support. Sun GlassFish Portfolio R1 R2 R3 R4 v2.0 Apache 2.4, Advanced deploymentSun Web Server 7.1 Kerberos, intrusion detection, Web Stack PHP, integrated disk cache, NSS 3.12 (bridgeCA) 7.0u5 CMT perf Customer escalations 7.0u6 Customer escalations OpenSolaris Enterprise v1.6 Upgrades *All future dates/releases are subject to change without notice. 181. Summary

Sun Web Server 7

High performance web server that scales well on modern multi-core x64/CMT servers.

182. Features data center friendly cluster management, reverse proxy, URL rewriting and DoS attack protection. 183. Supports heterogeneous dynamic server extensions including NSAPI, Java EE Servlets/JSPs, PHP, FastCGI 184. Web Server core open sourced under BSD license. 185. Chosen by MLB.com and many other enterprises world-widefor its reliability, security and manageability. GlassFish Portfolio offers complete web infrastructure. 186. Thank You! Merci Gracias [email_address] 187. INTRODUCING: GLASSFISH PORTFOLIO 188. GlassFish Portfolio Production GlassFishPortfolio 189. Introducing Sun GlassFish Portfolio The Open Platform for Building Dynamic Web Applications Enterprise Server Web Space Server Web Stack Portal for web site development and collaborative work spaces Application Server with Enterprise-scale managementand monitoring, includingsupport for SNMP A full SOAweb platform -A complete LAMP Stack along with lighttpd and Squid.proxy -Sun Web Server world's fastest and the most scalableWeb Stack and Web Server GlassFish ESB 190. GlassFish Portfolio: Easy to Acquire

GlassFish Portfolio

191. (per server per year in USD)

Basic

192. Silver 193. Gold 194. Platinum

$ 999

195. $2,999 196. $5,999 197. $8,999

MySQL Enterprise

198. (per server per year in USD)

Basic

199. Silver 200. Gold 201. Platinum

$599

202. $1,999 203. $2,999 204. $4,999 + + 205. GlassFish Web Stack Complete Web Tier

Sun Web Server

206. Apache HTTPd 207. GlassFish 208. Lighttpd 209. Memcached 210. Mod_jk,perl, ruby 211. PHP, Ruby, Python 212. Squid, Tomcat MediaWiki, Drupal, Wordpress, Joomla deploy in minutes! 213. GlassFish Enterprise Server Mission Critical Application Tier

Enterprise Grade

Five 9's of availability

214. Advanced management Superior Price/Performance 215. Easy to Use 216. Feature Richness

Support for Dynamic Languages

217. Interop with .NET 3.0 The Java EE Standard 14,000,000+ Downloads Worldwide Dozens of external Committers Over 7,000 Members 218. GlassFish vs Tomcat While GlassFish is a collection of Java EE containers, one of which is a Web container, Tomcat is just a Web container. This crucial difference leads to some major advantagesfor GlassFish.Workload: simple servlet,with 16,000 users. Source: http://www.sun.com/emrkt/innercircle/newsletter/0209/feature-itm.html 219.

Apache HTTPd

Most popular and versatile open source web server.

220. Foundation of LAMP architecture Sun Web Server 7

Most scalable web server, optimized for modern multi-core CMT (Chip-based Multi-threaded) systems.

221. Cluster management and support for heterogeneous dynamic web technologies (Java/JSP, PHP and native APIs). lighttpd

light-weight open source web server known for its configuration ease and support for Async I/O and Comet.

GlassFish Enterprise Server and Tomcat

Open source Java application servers.

A portfolio of web application servers 222. Backup Slides 223. More Information

Sun Web Server download:

224. http://sun.com/webserver->Get It ! 225. Sun Web Server 7 wiki and documentation http://wikis.sun.com/display/WebServer/Sun+Java+System+Web+Server http://docs.sun.com/app/docs/prod/sjs.websrv70 226. Product forum: http://forums.sun.com/forum.jspa?forumID=759 227. Open Web Server For more details, visit: http://wikis.sun.com/display/wsFOSS/Open+Web+Server 228. More Information: http://developers.sun.com/webtier/