1

The Top 10 Things UCM Users Need To Know About WebLogic

Brian “Bex” HuffChief Software Architect

2

Agenda

Why WebLogic knowledge is important

Top 10 things you need to know• Some high-level, some specific

Advanced topics

Useful Resources

2

3

Why Do I Need To Know WebLogic?

IRM 11g and IPM 11g already require WebLogic

UCM 11gR1 will be deployed on WebLogic (when released)• potential support for WebSphere or JBOSS post-11gR1• URM 11g will also be deployed on WebLogic

WebLogic will be used for the infrastructure• web server, database connections, logging, start/stop

Since it's the new foundation, you need to understand it

3

4

Don’t Panic!

You don't need to know everything about the platform• Just like you don’t need to know everything about Linux or Windows

It's DIFFERENT, but not significantly more complex

Any added complexity has been well documented for years• 7 books on Amazon on WebLogic 11• 21 book on Amazon on WebLogic 10

Plenty of trained WebLogic resources available

Plenty of forums and training available

4

5

Top 10 Things You Need To Know

1. WebLogic Terminology

2. WebLogic Web Interface

3. New File System Layout

4. User Management

5. Starting / Stopping UCM

6. Secure Web Services

7. Clustering

8. Performance

9. Troubleshooting

10. Custom Components

5

6

1) WebLogic Terminology

Servers• a JVM running an instance of a WebLogic server, and its own configuration• sometimes referred to as an “instance”

Machine• a physical machine that is running one or more Servers

Admin Server• admin interface to stop/start instances, and configure WebLogic resources• use it to set configuration for multiple machines, multiple servers• configure services, like database pooling, and message queues

6

7

1) WebLogic Terminology, cont.

Managed Server• a WLS instance that can be controlled by the admin server

• stop / start / configure• can run your managed server on the same instance as admin server• or, can run on a separate machine

Node Manager• tiny Java application, installed on every physical machine• admin server needs it to stop/start managed servers on remote machines• runs as a Windows Service, or a Unix daemon

7

8

1) WebLogic Terminology, Cont.

Cluster• a group of multiple managed servers that are considered one logical unit• share the same data sources (database, configuration, files)

Domain• collection of WebLogic machines, instances, and servers• has one and only one WebLogic Admin Server• pulls it all together!

Deployment• A JEE Application that is installed on this domain, and made available• Can “deploy” it to multiple “Servers”• UCM 11g is now 5 “deployments”:

• UCM Core, UCM Help, Web Services, Native Web Services, UCM Admin Server 8

9

Diagram of A WebLogic Domain with Cluster

9

Node Mgr

Managed Server

Admin Server

Node Mgr

Managed Server

UCM Deployment

Domain

Managed Server

UCM Deployment

Not shown:shared DB and file system

10

Diagram of UCM Cluster

10

UCM Admin Server Mgr

UCM Content Server Mgr

UCM Admin Server Mgr

UCM Content Server Mgr

Not shown:shared DB and file system

11

2) Web Interface: WLS Admin Server

WLS Admin Server: http://localhost:7001/console

Use to deploy UCM and other JEE applications• Configure the Database, perform diagnostics

WebLogic Scripting Tool (WLST)• Command-line tool for administering WebLogic• Can do everything Admin Console does• Can even “record” a set of commands for “playback”

11

12

Screenshot

12

13

2) Web Interface: Fusion Middleware Controller

URL: http://localhost:7001/em

Lightweight dashboard similar to "Enterprise Manager"• Full Enterprise Manager costs extra

View log files and performance metrics• Get / set some (not all) UCM configuration variables• Potential for more with custom MBeans

Can start/stop UCM, but NOT install components!• Still need the UCM Admin server for that

13

14

Screenshot

14

15

3) New File System Layout

New Fusion Middleware root for all apps• /u10/fmw• c:\oracle\fmw

Domain home (Example)• <fmw>/user_projects/domains/ucm_domain

TWO new UCM Homes (Example)• <domain-home>/ucm/cs/

• contains configuration, custom components, vault, weblayout• <fmw>/Oracle_ECM/ucm/idc/

• contains static resources, system components, patches, samples

Each “Server” has it own log file directory• example: <domain>/servers/UCM_server/logs/ 1

5

16

3) New File System Layout, cont.

Start Weblogic admin server• <fmw>/user_projects/domains/ucm_domain/startWebLogic.sh

Start Weblogic Node Manager:• <fmw>/wlserver_10.3/server/bin/startNodeManager.sh

Start MANAGED UCM from command line:• <fmw>/user_projects/domains/ucm_domain/bin/startManagedWebLogic.sh

UCM_server http://localhost:7001

Stand-alone applications• <domain-home>/ucm/cs/bin/• Need to create a “Local” user through applets before using these

16

17

4) User Management

Entirely handled by Weblogic container security• no more UCM-specific security• can still have a web-server proxy in the front end

no more "sysadmin"• still created as local user, but password is secret and tough to change

The "weblogic" user is the new “sysadmin”

JPS / JAAS based security infrastructure• standard communication for external user directories• default JPS provider: user management in WebLogic

• "Local" users no longer exist!• if you want to run the stand-alone applets, manually create a Local user

• could be a problem migrating "External" or "Local" users 17

18

4) User Management, Cont.

JPS role-mapping mechanism• JPS provider from UCM to Weblogic for authorization• LDAP providers still supported

• will some day be 100% replaced by JPS providers• by default, a JPS Group maps directly to a UCM Role• any group that starts with an "@" symbol is an account

• Use the standard naming conventions: "@account_rwda"

Single Sign On now integrates with WebLogic, not UCM• does not support Windows Integrated Authentication out-of-the-box• must create a custom JAAS/GSSAPI security filter

18

19

5) Starting / Stopping Managed UCM

From command line

From WebLogic Admin Server

From WLST• Send a message to the Admin Server to send to node manager:

• start('managedServerName', 'Server')• shutdown('managedServerName', 'Server')

• Send a message directly to node manager:

• nmStart('serverName')• nmKill(‘serverName’)

From UCM Admin Server?• Will no longer be possible in 11g• Use Admin Server only for managing components, and some config 1

9

20

6) Secure Web Services

WS-Security support: which adds three things• Security token propagation

• pass auth credentials from an identity provider to a service provider• Supports SAML, Kerberos, or basic name/password tokens

• Message integrity

• digitally "sign" messages, so you can prove who sent it• useful when SOAP messages are proxied through systems like Web

Service managers, or ESBs• Message confidentiality

• encrypt requests and responses so they are protected, like HTTPS

Certified for use with Oracle Enterprise Service Bus• testing is ongoing, but should be final pre-release

20

21

6) Secure Web Services Cont.

Two ways of running SOAP

Standard Web Services deployment• /idcws/ context root

• GenericSoapService to execute any content server service

• similar to IsSoap=1

• WS-Security can be attached, but bad for large file transfers

Native Web Services deployment• /idcnativews/ context root

• Allows two-part web service requests• IdcWebLoginService

• WS-Security can be applied, get back a JSESSION id

• IdcWebRequestService

• supports MTOM, but not WS-Security

• use the JSESSIONID from the last request 21

22

7) Clustering

Uses some WebLogic infrastructure• still requires shared file system in 11g• however, new cluster node install is easier

Best practice for clustering:• clusters have same version of WLS, and identical hardware

shared disk subsystem: shared database, shared filesystem• why? multiple JVMs that all need to access the same data• at runtime, everything needs to get at the same bits

WebLogic operations control• monitor the cluster's performance, see if you need to add more

22

23

8) Performance

Overall in 11g performance is 2x to 4x improved• official numbers not yet released• Appears to be I/O limited

Where will the new performance problems be?• Database “batching”, Indexing, File I/O, Network I/O, Latency

The trouble with "jsessionid"• Makes using a reverse proxy significantly more difficult• Will need different techniques for high-performance web sites

• Content Deliver Networks, Sprites, smarter caches

23

24

9) Troubleshooting

Where are my logs?!?• <domain>/servers/UCM_server/logs/• Text files are always superior to a web interface for low-level debugging

Enable a tracing flag to get more log info

Web logs are still present for the “big” errors

ECID tracking number• track request over multiple applications• GuiView that tracks ECID in FMC

24

25

10) Custom Components

Do they still work?• Yes! Component architecture still works

Where are they?• Custom components• “System” components

Will my old components still work?• GUI ones always need updates: 11g is no exception• Java ones will likely need to be recompiled• Security ones might no longer be needed,

• or will need to be redone as a WebLogic security filter• Migration effort should be similar to past migration efforts

25

26

Advanced Topics

WebLogic Security Providers WebLogic Security FIlters

• JAAS based Java filters, configured in the web.xml file• use GSSAPI to extract Integrated Windows Authentication tokens

MBeans JMS queues Oracle WebLogic Server Diagnostics Framework (WLDF) Performance Tools for WebLogic

• JConsole, jps, jstat, jinfo, jmap, and jstack• JRockit Management Console, JRA, Memory Leak Detector

26

2727

Useful Resources

Most recent WebLogic book (JEE developer centric):• http://www.amazon.com/Professional-Oracle-WebLogic-Server-Programme

r/dp/0470484306

General Oracle Application Server Forums:• http://forums.oracle.com/forums/category.jspa?categoryID=193

Online Training and How-Tos:• http://www.oracle.com/technology/products/weblogic/index.html

Oracle University Classes

2828

My Company: http://bezzotech.com• Visit us at booth #1743!• To the left of the Oracle demo pods, behind HP

My Blog: http://bexhuff.com

My Self: bex@bezzotech.com

Questions?