Weblogic Interview Questions

How do I provide user credentials for starting a server? When you create a domain, the Configuration Wizard prompts you to provide the username and password for an initial administrative user. If you create the domain in development mode, the wizard saves the username and encrypted password in a boot identity file. A WebLogic Server instance can refer to a boot identity file during its startup process. If a server instance does not find such a file, it prompts you to enter credentials. If you create a domain in production mode, or if you want to change user credentials in an existing boot identity file, you can create a new boot identity file.

Can I start a Managed Server if the Administration Server is unavailable? By default, if a Managed Server is unable to connect to the specified Administration Server during startup, it can retrieve its configuration by reading a configuration file and other files directly. You cannot change the server's configuration until the Administration Server is available. A Managed Server that starts in this way is running in Managed Server Independence mode.

What is the function of T3 in WebLogic Server? T3 provides a framework for WebLogic Server messages that support for enhancements. These enhancements include abbreviations and features, such as object replacement, that work in the context of WebLogic Server clusters and HTTP and other product tunneling. T3 predates Java Object Serialization and RMI, while closely tracking and leveraging these specifications. T3 is a superset of Java Object. Serialization or RMI; anything you can do in Java Object Serialization and RMI can be done over T3. T3 is mandated between WebLogic Servers and between programmatic clients and a WebLogic Server cluster. HTTP and IIOP are optional protocols that can be used to communicate between other processes and WebLogic Server. It depends on what you want to do. For example, when you want to communicate between a browser and WebLogic Server-use HTTP, or an ORB and WebLogic Server-IIOP. How do you set the classpath? WebLogic Server installs the following script that you can use to set the classpath that a server requires: WL_HOME\server\bin\setWLSEnv.cmd (on Windows) WL_HOME/server/bin/setWLSEnv.sh (on UNIX) Where WL_HOME is the directory in which you installed WebLogic Server. How do stubs work in a WebLogic Server cluster? Clients that connect to a WebLogic Server cluster and look up a clustered object obtain a replica-aware stub for the object. This stub contains the list of available server instances that host implementations of the object. The stub also contains the load balancing logic for distributing the load among its host servers. What happens when a failure occurs and the stub cannot connect to a WebLogic Server instance? When the failure occurs, the stub removes the failed server instance from its list. If there are no servers left in its list, the stubb uses DNS again to find a running server and obtain a current list of running instances. Also, the stub periodically refreshes its list of available server instances in the cluster; this allows the stub to take advantage of new servers as they

are added to the cluster. How does a server know when another server is unavailable? WebLogic Server uses two mechanisms to determine if a given server instance is unavailable. Each WebLogic Server instance in a cluster uses multicast to broadcast regular "heartbeat" messages that advertise its availability. By monitoring heartbeat messages, server instances in a cluster determine when a server instance has failed. The other server instances will drop a server instance from the cluster, if they do not receive three consecutive heartbeats from that server instance WebLogic Server also monitors socket errors to determine the availability of a server instance. For example, if server instance A has an open socket to server instance B, and the socket unexpectedly closes, server A assumes that server B is offline. How are notifications made when a server is added to a cluster? The WebLogic Server cluster broadcasts the availability of a new server instance each time a new instance joins the cluster. Cluster-aware stubs also periodically update their list of available server instances. How do clients handle DNS requests to failed servers? If a server fails and DNS continues to send requests to the unavailable machine, this can waste bandwidth. For a Java client application, this problem occurs only during startup. WebLogic Server caches the DNS entries and removes the unavailable ones, to prevent the client from accessing a failed server twice. Failed servers can be more of a problem for browser-based clients, because they always use DNS. To avoid unnecessary DNS requests with browser-based clients, use a third-party loadbalancer such as Resonate, BigIP, Alteon, and LocalDirector. These products mask multiple DNS addresses as a single address. They also provide more sophisticated load-balancing options than round-robin, and they keep track of failed servers to avoid routing unnecessary requests. How many WebLogic Servers can I have on a multi-cpu machine? There are many possible configurations and each has its own advantages and disadvantages. BEA WebLogic Server has no built-in limit for the number of server instances that can reside in a cluster. Large, multi-processor servers such as Sun Microsystems, Inc. Sun Enterprise 10000, therefore, can host very large clusters or multiple clusters. In most cases, WebLogic Server clusters scale best when deployed with one WebLogic Server instance for every two CPUs. However, as with all capacity planning, you should test the actual deployment with your target web applications to determine the optimal number and distribution of server instances. How can I set deployment order for applications? WebLogic Server allows you to select the load order for applications. WebLogic Server deploys server-level resources (first JDBC and then JMS) before deploying applications. Applications are deployed in this order: connectors, then EJBs, then Web Applications. If the application is an EAR, the individual components are loaded in the order in which they are declared in the application.xml deployment descriptor. Can I refresh static components of a deployed application without having to redeploy the entire application? Yes. You can use weblogic.Deployer to specify a component and target a server, using the

following syntax:

java weblogic.Deployer -adminurl server1,server2 -deploy jsps/*.jsp

http://admin:7001

-name

appname

-targets

When should I use the -nostage option? Set the staging mode to -nostage (using weblogic.Deployer or the Administration Console) if you don't want to copy deployment files but want to deploy an application from its present location. All target servers must be able to access the same set of deployment files. When should I use the external_stage option? Set -external_stage using weblogic.Deployer if you want to stage the application yourself, and prefer to copy it to its target by your own means. Can I set the deployment order for application modules? For standalone modules? The Load Order attribute controls the deployment order of standalone modules and applications relative to other modules and applications of the same type. For example, standalone EJBs with smaller Load Order values are deployed before those with higher values. Modules that are deployed as part of an Enterprise Application (EAR file or directory) are deployed in the order in which they are specified in the application.xml deployment descriptor. What is the difference between the WL_HOME/config/examples/applications folder and the WL_HOME/config/examples/stage folder? The applications folder is intended for applications that are not yet ready for a production environment. WebLogic Server dynamically deploys the contents of the applications folder. The stage folder (or a folder that you create for the same purpose) is for storing copies of deployment files that are ready for deployment in a production environment (deployments that use the stage or external_stage deployment modes). How do I turn the auto-deployment feature off? The auto-deployment feature checks the applications folder every three seconds to determine whether there are any new applications or any changes to existing applications and then dynamically deploys these changes. The auto-deployment feature is enabled for servers that run in development mode. To disable auto-deployment feature, use one of the following methods to place servers in production mode:   In the Administration Console, click the name of the domain in the left pane, then select the Production Mode checkbox in the right pane. At the command line, include the following argument when starting the domain's Administration Server: -Dweblogic.ProductionModeEnabled=true Production mode is set for all WebLogic Server instances in a given domain. Must EJBs be homogeneously deployed across a cluster? Why? Yes. In WebLogic Server 6.0 and later, EJBs must be homogeneously deployed across a

if a Managed Server is unable to connect to the specified Administration Server during startup. it prompts you to enter credentials.cmd (on Windows) WL_HOME/server/bin/setWLSEnv. see Starting a Managed Server When the Administration Server Is Not Accessible in Configuring and Managing WebLogic Server. the wizard saves the username and encrypted password in a boot identity file.y To ensure that all classes are loaded in an undeployable way. it can retrieve its configuration by reading a configuration file and other files directly. A WebLogic Server instance can refer to a boot identity file during its startup process. If EJBs are not deployed on all servers. If only a subset of the servers deploys the bean. How do I edit the config. Q. For more information. the Configuration Wizard prompts you to provide the username and password for an initial administrative user. see Boot Identity Files in Administration Console Online Help. cross-server calls are more likely. Q. If you create the domain in development mode.sh (on UNIX) where WL_HOME is the directory in which you installed WebLogic Server. If a server instance does not find such a file. By default. Can I start a Managed Server if the Administration Server is unavailable? A. For information on creating and using boot identity files. If you create a domain in production mode. WebLogic Server does not support copying a boot identity file from one server root directory to another. When you create a domain. you can create a new boot identity file.cluster for the following reasons:     To keep clustering EJBs simple To improve performance by avoiding cross-server calls. Q. To ensure that every EJB is available locall. What is the easiest way to set the classpath? WebLogic Server installs the following script that you can use to set the classpath that a server requires: WL_HOME\server\bin\setWLSEnv.xml file? . see "Setting the Classpath" in the WebLogic Server Command Reference. Q. For more information. the other servers will have to load the bean's classes in their respective system classpaths which makes it impossible to undeploy the beans. or if you want to change user credentials in an existing boot identity file. How do I provide user credentials for starting a server? A. Every server must have access to each EJB's classes so that it can be bound into the local JNDI tree. You cannot change the server's configuration until the Administration Server is available. A Managed Server that starts in this way is running in Managed Server Independence mode.

All of the above Question 4 – Objective 2 .Design Patterns Which of these is not a valid design pattern type? A. See the Programming WebLogic Management Services with JMX guide.Design Patterns Design patterns describe: A. See "weblogic.J2EE Standard & General J2EE Concepts Which of these standards are part of the J2EE specification? .J2EE Standard & General J2EE Concepts How can software or hardware standards help distributed systems? A. How do I enable it? A. If you want to create scripts that automate domain management.   If you want to create Java-based management applications. see the BEA WebLogic Server Configuration Reference. See "Using the Administration Console" in the Administration Console Online Help. Is there a quick way to create and start a remote Managed Server? A. If you want to edit the config.bea. The Tree View pane of the WebLogic Console is not visible in my browser. Allow a larger portion of the project cost to go toward solving business software needs D. You can modify this file in the following ways:   Use the Administration Console.xml). Fundamental B. The persistent configuration for a domain of WebLogic Servers and clusters is stored in an XML configuration file (config. The consequences from using the pattern D. use the weblogic.Admin utility. Presentation C. Q. Behavioral D.html.xml file directly (not recommended).A. Allow modularization of complex hardware and software C. Enable the Sun Java Plug-In from the control panel. as described in "Setting Up and Starting Managed Servers on a Remote Machine" in Creating WebLogic Configurations Using the Configuration Wizard at http://edocs. follow the instructions at "Starting Managed Servers From a WebLogic Server Script" in the Administration Console Online Help. Provide separation of difficult problems to separate platforms B. The recommended approach is to use the Domain Configuration Wizard. WebLogic Server 9 Mock Exam Question 1 – Objective 1 . use the Java Management Extensions (JMX) Application Programming Interface (API). How the pattern solves the problem C.com/platform/docs81/confgwiz/multi.Admin Command-Line Reference" in the . Q. Accidental Question 2 – Objective 1 . The problem facing the Web Designer B. For a streamlined approach. None of the above Question 3 – Objective 2 .

OLAP C. EJB D.Basic WebLogic Server Administration Which of these is true about BEA WebLogic Server? A.JSP / Servlets What is the default value for pageCheckSeconds with in a JSPServlet? A. It has a dedicated amount of RAM D. It is an Application Server C. Are stored in javax. It is multithreaded B.J2EE Application Development/Deployment Weblogic server supports which two of the following deployment methods? A. Have the same lifespan as the client request. MANIFEST Question 9 – Objective 4 . It is an instance of the weblogic. All of the above Question 7 – Objective 3 . Command-line deployment. except JSPs accessed through the include and forward actions.Server class executing within a JVM C. 60 Question 11 – Objective 5 . It is a Web Server B. Are available to all JSPs involved in processing the request. JTA Question 5 – Objective 2 . Auto-deployment. Upload deployment Question 10 – Objective 5 . B.JSP / Servlets Which of the following is true about Objects stored in the request? A. D.Servlet.A. It has a Transaction Manager D.jsp. Browser deployment. JMS B.J2EE Application Development/Deployment The deployment descriptors within a WAR file resides in which directory? A.JSP / Servlets JavaBeans follow these conventions: A. JMX C. META-INF D. C.Basic WebLogic Server Administration Which of the following statements are true about WebLogic Server? A.J2EE Standard & General J2EE Concepts Which of these J2EE standards defines a standard infrastructure to manage a device from Java programs? A. JTA Question 6 – Objective 3 . C.request B. D. 0 B. None Question 12 – Objective 5 . -1 D. JMS B. Should be Serializable B. ODBC D. WEB-INF B. None of the above Question 8 – Objective 4 . Public set & get methods for each attribute . 1 C. APP-INF C.

jdbc. How many instances should the server instantiate in order to cater to all clients at the same moment of time? A. Java Native Directory Interface B. All of the above Question 18 – Objective 7 .jdbcUniversalDriver").jdbc. JDBC stands for Java Database Connection Pool B. The exception javax. ii C. Objects bound to a remote naming service must be serializable ii. At a given moment. attributeAdded() B. All of the above Question 14 – Objective 6 . Between 1 and 20 C.JNDI Which of these statements about JNDI is true? i.forName("com. Class. D. It is a standard Java interface for accessing heterogeneous databases C.Developing Business Logic (EJB) Consider the following scenario where pooling is not configured: A stateless session EJB "InsuranceSession" has been deployed to production.pointbase. i.Database Connectivity (JDBC) Which of these statements is true about JDBC? A.JSP / Servlets Which of these methods in a ServletContextAttributeListener interface respond to attribute change events? A. None of the above Question 17 – Objective 7 .jdbcUniversalDriver"). C. Objects are "copied" into and out of the naming service. ii D. Class.C. which statement is false? A. B. C. i B.InitialContext ctx = new javax. A and B D. 20 clients are accessing this EJB.naming.JNDI Consider this line of client code: javax. None of the above Question 15 – Objective 6 . ctx will be a valid InitialContext always.forName("com:pointbase:jdbc:jdbcUniversalDriver"). Question 16 – Objective 6 . B. attributeReplaced() D.naming. The jndi.pointbase. D.JNDI What does JNDI stand for? A.InitialContext(). Question 19 – Objective 8 . A.loadDriver("com:pointbase:jdbc:jdbcUniversalDriver").Database Connectivity (JDBC) Which of these statements loads a JDBC driver successfully? A. 20 B. Class.properties file is accessed during execution.NamingException can be thrown. Assuming that this code is used in a remote client. None Question 13 – Objective 5 . Class.loadDriver("com. attributeRemoved() C. Java Naming and Directory Interface C. Java Native Database Interface D. It is a specification that defines three different driver types D. This code could generate an exception due to a network communication problem. 1 .naming.

to use a durable subscription. Required B.Developing Business Logic (EJB) A message-driven bean (MDB) is configured. using the same EJB Home Interface 'ObjHome'.Developing Business Logic (EJB) An active Stateful Session Bean 'ShoppingCart' has opened a database connection. The MDB could serve as a consumer in the point-to-point or publish-subscribe domain C. Which statement about the Bean is true? A. Given the conditions.isIdentical(ObjB)) { //Some Java Code } A. 'ShoppingCart' can never be passivated and activated safely Question 22 – Objective 8 . each ATTEMPT to transfer a large amount of money is recorded. B. RequiresNew Question 21 – Objective 8 .Messaging In WebLogic. MDB can be associated with both queues and topics at the same time Question 23 – Objective 8 . Only the administration server. This is accomplished by two JDBC calls from a stateless session EJB. The run-as-identity-principal must always be set D. The MDB does not set the client ID dynamically. by inserting the audit information into two separate databases. EJB container started to passivate eligible EJB instances. When 'ShoppingCart' methods are being invoked. These objects are immediately compared using an "if" construct: if (ObjA. 'ShoppingCart' can be passivated only when the configured <idle-timeout-seconds> in META-INF\weblogic-ejb-jar. Two EJBs cannot be compared using 'isIdentical' method Question 24 – Objective 9 . the EJB developer needs to handle opening and closing database connections in ejbActivate() and ejbPassivate() methods respectively D. the amount. Always true for Stateless Session EJBs and sometimes true for Stateful Session EJBs D. The stateless session bean uses container-managed transactions to scope both database operations in one transaction. Even if the money transfer fails and is rolled back. in its deployment descriptor. Which transaction attribute does the stateless session EJB require? A. . Depends on EJB pool size setting Question 20 – Objective 8 . Which of these statements is true about EJB passivation and activation? A. the EJB container can passivate the EJB safely and later activate safely B. Mandatory D. This returns true for Stateful Session EJBs C.Developing Business Logic (EJB) Two EJB objects 'ObjA' and 'ObjB' have been created exactly the same way. the JMS connection factory sets it at run-time B. Only the managed servers. a JMS server can be targeted to A.D. the records of the attempted transfer must be stored in the two databases. This returns true for Stateless Session EJBs B. specifying the customer.Developing Business Logic (EJB) In a financial application. For safe EJB passivation and activation. Supports C.xml has exceeded C. and so on.

i.Securing Enterprise Applications Consider the following XML code <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>login. login. Peer-to-Peer iii. which of the <transattribute> tags must be specified within the EJB’s deployment descriptor? A. UDMI B.Messaging Which of these is a valid JMS domain? i. applies only to Web applications D. Question 25 – Objective 9 . Point-to-Point ii. WSDL C. error. is a means to describe an application's access control in a form that is external to the application B. iii Question 26 – Objective 10 . Supports D. Never B. i.Securing Enterprise Applications J2EE declarative security. Publish/Subscribe A. Required Question 27 – Objective 10 .xml C. ii B.jsp D.jsp</form-login-page> <form-error-page>error. D.Develop and Deploy Web Services .Transaction From the following.jsp</form-error-page> </form-login-config> </login-config> Which page will be served to the user if the user makes an invalid login attempt? A.jsp B. which two are valid values for the <trans-attribute> tag for an EJB? A. iii C. implemented in XML-based deployment descriptors Question 29 – Objective 11 . A. Only one server in a domain. web. error. NeverRequires Question 28 – Objective 11 . NeverRequired B.C. ii.Develop and Deploy Web Services Which one of these is not a web service standard? A. SOAP D.html Question 30 – Objective 12 . Mandatory C. WS-Security Question 31 – Objective 12 . involves defining security roles and constraints on web application resources C.Transaction If an EJB must never be invoked within the context of a transaction. i D. Any number of servers. NotSupported D. Never C.

@Method C.Exception C. Kerberos and SSL? A.Exception Handling Which of these JSP directives is used to call another JSP when an exception occurs? A. Foreign Keys C. None of the above Question 35 – Objective 13 .endpointInterface C.A web service may reference a service endpoint interface by using which of the following annotations? A. Compound Keys B. @endpointInterface D. Suppressing Console Output ii.endpoint B.jsp" %> C. <%@ page page="myErrorPage. ii C. WS-Security C.io. EJB-Security B. A SOAP Fault D. i. None of the above. @WebMethod B.lang. @WebService.jsp" %> D.Performance Tuning The use of which of these components can degrade the performance of a Container Managed Entity EJB? A.Object will be exposed as web service operations. <%@ page error="myErrorPage.Develop and Deploy Web Services If a JWS file does not implement a service endpoint interface.Exception Handling .jsp" %> Question 38 – Objective 14 . ii D. XML Question 33 – Objective 12 . <%@ page exceptionPage="myErrorPage. JSP-Security D.Develop and Deploy Web Services Which one of these standards is designed to be used as the basis for the construction of a wide variety of security models including PKI. @WebInterface Question 34 – Objective 12 . You can override this behavior by using which of the following annotations? A. all public methods other than those inherited from java. Primary Keys D.Performance Tuning Which of these can impact performance in a production environment? i.Develop and Deploy Web Services What does a web service generate if an error occurs during the processing of a request? A. java. @WebMethodInterface D.jsp" %> B. <%@ page errorPage="myErrorPage. A Java Exception B. @WebService. Question 32 – Objective 12 . Suppressing Username/Password A. None of the above Question 36 – Objective 13 . Restrictive Keys Question 37 – Objective 14 . i B.

Eclipse Which of these are valid subprojects of Eclipse? A. C Question 8: Correct Answer: A Question 9: Correct Answer: B. Dynamic Web Project B. allowing for local interface invocation.Eclipse Which of these projects should be used while developing EJBs using Eclipse? A.EJBException B. C Question 10: Correct Answer: B Question 11: Correct Answer: B Question 12: Correct Answer: C Question 13: Correct Answer: D Question 14: Correct Answer: B Question 15: Correct Answer: C Question 16: Correct Answer: C Question 17: Correct Answer: B Question 18: Correct Answer: A Question 19: Correct Answer: A Question 20: Correct Answer: D Question 21: Correct Answer: C Question 22: Correct Answer: A Question 23: Correct Answer: A Question 24: Correct Answer: C Question 25: Correct Answer: B Question 26: Correct Answer: B.LocalException C. D.RemoteException D. During these invocations. Question 40 – Objective 15 .rmi. EJB Project C. B.A stateless session Bean is implemented as a façade to multiple entity Beans.ejb. javax. D Question 29: Correct Answer: C Question 30: Correct Answer: A Question 31: Correct Answer: B Question 32: Correct Answer: B Question 33: Correct Answer: A Question 34: Correct Answer: C Question 35: Correct Answer: A Question 36: Correct Answer: A Question 37: Correct Answer: C . B.LocalException Question 39 – Objective 15 . which exception can be caught by the stateless session Bean? A. Web Tools Platform.rmi. Bean Project Answers Question 1: Correct Answer: D Question 2: Correct Answer: B. Deployment Tools. B. D Question 5: Correct Answer: B Question 6: Correct Answer: D Question 7: Correct Answer: A. javax. C Question 3: Correct Answer: D Question 4: Correct Answer: A. java. C. Data Tools Platform. java.ejb. D Question 27: Correct Answer: B Question 28: Correct Answer: A. Java Development Tools. Java Project D.

Deployer [Connection Arguments] [User Credentials Arguments] COMMAND-NAME command-options [Common Arguments] Command names and options are not case-sensitive. command-line based deployment operations. The following sections describe the weblogic.Deployer is a Java-based deployment tool that provides a command-line interface to the WebLogic Server deployment API. Add the WebLogic Server classes to the CLASSPATH environment variable.Deployer commands.Deployer Syntax for Invoking weblogic.cmd script.Deployer java [SSL Arguments] weblogic. weblogic. .Deployer is intended for administrators and developers who want to perform interactive. you must also configure SSL on the machine on which you run weblogic. to set the environment.Admin in Managing WebLogic Security for instructions about configuring SSL.Deployer utility:     Required Environment for weblogic.Deployer Command Required Environment for weblogic. B. 3. located in the server/bin subdirectory of the WebLogic Server installation directory. as described in the WebLogic Server Installation Guide.Deployer To set up your environment to use the weblogic. C Question 40: Correct Answer: B weblogic.Deployer • SSL Arguments • Connection Arguments • User Credentials Arguments • Common Arguments Command Reference Example config.Deployer Command-Line Reference weblogic. If you are connecting to an Administration Server via a configured Administration channel.sh or setWLSEnv.Deployer. See Command Reference for detailed syntax and examples of using weblogic. Syntax for Invoking weblogic.Deployer utility: 1. See the WLST Command and Variable Reference for information about performing deployment operations using the WebLogic Scripting Tool (WLST). 2. See See Using the SSL Protocol to Connect to WebLogic Server from weblogic.xml File and Corresponding weblogic. You can use the setWLSEnv. and ensure that the correct JDK binaries are available in your PATH.Question 38: Correct Answer: A Question 39: Correct Answer: A. Install and configure the WebLogic Server software.

the Java Standard Trust keystore is not protected by a password.security. JavaStandardTrustKeysto rePassPhrase=password Specifies the password that was used to secure the Java Standard Trust keystore.SSL.security.security.SSL Arguments java [ -Dweblogic. you must include SSL arguments when you invoke weblogic. CustomTrustKeyStoreFileNa me=filename -Dweblogic.security.JavaStandardTrustKeystorePassPhrase=password ] [ -Dweblogic. -Dweblogic.security.security. and if you want to trust its CA certificates. If the Java Standard Trust keystore is protected by a password.ignoreHostnameVerification=true ] weblogic.Deployer [ User Credentials Arguments ] COMMAND-NAME command-arguments If you have enabled the domain-wide administration port.Custo mTrustKeystorePassPhrase= password Causes weblogic.Deployer trusts only the CA certificates in the Java Standard Trust keystore (SDK_HOME\jre\lib\security\cacerts). Specifies the password that was used to secure the custom . you must use this argument. Table 7-1 describes all SSL arguments for the weblogic. By default.Deployer.security.security. weblogic. or if you want to secure your administrative request by using some other listen port that is secured by SSL.security.SSL.CustomTrustKeyStoreFileName=filename -Dweblogic.Trust KeystoreType=CustomTrust -Dweblogic.security. Table 7-1 SSL Arguments Argument -Dweblogic.security.Deployer to trust the CA certificates in the demonstration trust keystore (WL_HOME\server\lib\DemoTrust.hostnameVerifier=classname ] [ -Dweblogic.CustomTrustKeystorePassPhrase=password ] ] [ -Dweblogic. This argument is required if the server instance to which you want to connect is using the demonstration identity and certificates. TrustKeyStore= DemoTrust Definition Causes weblogic.jks).TrustKeyStore=DemoTrust ] [ -Dweblogic.security.Deployer to trust the CA certificates in a custom keystore that is located at filename.TrustKeystoreType=CustomTrust [-Dweblogic.Deployer utility. By default. You must use both arguments to trust custom keystores. -Dweblogic.

iiop. To use a port that is not secured by SSL.Deployer [-adminurl protocol://listen_address:port_number] [User Credentials Arguments] COMMAND-NAME command-options [Common Arguments] Most weblogic.keystore. the format is -adminurl secure-protocol://Admin-Serverlisten-address:port where t3s and https are valid secure protocols. For instructions on enabling HTTP tunneling in the Administration Console. Table 7-2 Connection Arguments Argument -adminurl [protocol://]AdminServer-listenaddress:listen-port Definition The -adminurl value must specify the listen address and listen port of the Administration Server. and iiops are valid protocols.HostnameVerifier interface. the format is -adminurl [protocol]Admin-Server-listenaddress:port where t3.security.security. Disables host name verification.Deployer commands require you to specify the -adminurl arguments described in Table 7-2 to connect to an Administration Server instance. -Dweblogic. Connection Arguments java [SSL Arguments] weblogic.SSL. see Configure HTTP protocol in Administration Console Online Help. http. To connect to the Administration Server via a configured Administration channel. ignoreHostnameVerificat ion=true Specifies the name of a custom Host Name Verifier class.SSL. To use a port that is secured by SSL. you must enable the HTTP tunneling option in the Administration Console. The class must implement the weblogic. In order to use an adminurl with the HTTP protocol.SSL. For more information.security. you must specify a valid administration port number: -adminurl secureprotocol://Admin-Server-listen-address:domain- . hostnameVerifier= classname -Dweblogic. You must use this argument only if the custom keystore is protected by a password. see Setting Up WebLogic Server for HTTP Tunneling in Designing and Configuring WebLogic Server Environments.

use the -userconfigfile and -userkeyfile options to weblogic. The password of the Administrator user. you must first generate the file using the weblogic. See STOREUSERCONFIG in the weblogic. Before specifying the -userconfigfile option. weblogic. rather than the default files.wide-admin-port There is no default value for this argument.Deployer.Admin. -password password -userconfigfile config-file Specifies the location of a user configuration file to use for the administrative username and password. Table 7-3 User Credentials Arguments Argument -username username Definition The Administrator username. first store the username and encrypted password in a configuration file using the STOREUSERCONFIG command with weblogic. in automated scripts or in situations where you do not want to have the password shown onscreen or in process-level utilities such as ps. User Credentials Arguments java [ SSL Arguments ] weblogic. If you supply the -username option but you do not supply a corresponding -password option. Before specifying the -userkeyfile option. you must first generate the key file using -userkeyfile admin-key .Deployer to use the values stored in the default configuration file.Deployer commands require you to specify the arguments in Table 7-3 to provide the user credentials of a WebLogic Server administrator. Specifies the location of a user key file to use for encrypting and decrypting the username and password information stored in a user configuration file (the -userconfigfile option).Admin Command-Line Reference. To avoid having the plain text password appear in scripts or in process utilities such as ps. If you want to use a specific configuration file and key file.Deployer prompts you for the password. instead of the -user and -password options. Use this option.Admin STOREUSERCONFIG command as described in STOREUSERCONFIG in the weblogic. Omit both the -username and -password options to weblogic.Deployer [Connection Arguments] [ { -username username [-password password] } | [ -userconfigfile config-file [-userkeyfile admin-key] ] ] COMMAND-NAME command-options [Common Arguments] Most weblogic.Admin Command-Line Reference for more information on storing and encrypting passwords.

exit(1) if an exception is raised while processing a command. By default.Deployer should flush out deployment tasks that are retired.Deployer should ignore all version related code paths on the Administration Server. you cannot use versioned applications.Admin STOREUSERCONFIG command as described in STOREUSERCONFIG in the weblogic. Indicates that weblogic. This option is used to initiate multiple tasks and then monitor them later with the -list action. If you do not use the -remote option.the weblogic.Deployer calls System. The -noexit option overrides this behavior for batch processing. weblogic.Deployer assumes that all source paths are valid paths on the local machine.Deployer is not running on the same machine as the Administration Server. and that source paths specified in the command are valid for the Administration Server machine itself. Display example command lines for common tasks.) Specify either raw or formatted to control the appearance of weblogic. Display debug messages in the standard output. This behavior is useful when deployment source files are located on Managed Servers (not the Administration Server) and you want to use the external_stage staging mode. Prints command-line help text for the most commonly-used weblogic.Deployer -output <raw | formatted> (Deprecated.Deployer displays raw output. Both output types contain the same information. The exit value displayed indicates the number of failures that occurred during the deployment operation. Indicates that weblogic. If you use this option. By default weblogic. Table 7-4 Common options for weblogic.Deployer Option Name -advanced Description Prints full command-line help text for all weblogic. -debug -examples -help -noexit -noversion Indicates that weblogic. Common Arguments The common options described in Table 7-4 can be used with any of the commands described in Command Reference. weblogic. -purgetasks -remote . but raw output does not contain embedded tabs.Admin Command-Line Reference.Deployer actions and options. -nowait prints the task ID and exits without waiting for the action to complete.Deployer output messages. weblogic.Deployer actions and options.

and start commands. to wait for the deployment task to complete. distribute. weblogic. Syntax java [SSL Arguments] weblogic. Prints version information for weblogic. stop. Listtask Redeploy Start Stop Undeploy Update Note: weblogic. undeploy. redeploy. myDeployment: .-timeout seconds Specifies the maximum time. -verbose -version Command Reference The following sections describe the weblogic.Deployer Connection Arguments [User Credentials Arguments] -cancel task_id [Common Arguments] Argument or Definition Option task_id The identifier of the deployment task to cancel.Deployer commands are displayed in bold type to distinguish them from command options. After the time expires. Displays additional progress messages. in seconds.Deployer. including details about the prepare and activate phases of the deployment. Examples The following command starts a deployment operation and specifies the task identifier. Cancel Attempt to cancel a running deployment task.Deployer prints out the current status of the deployment and exits. update.Deployer commands and command options used to perform deployment tasks with WebLogic Server:           Cancel Deploy Distribute Listapps List. The identifier can be specified by using the id option with the deploy.

java weblogic. the default deployment name is the name of the top-level directory. the following command attempts to cancel the deployment operation: java weblogic. Both the -name option and deployment_name argument are optional. the default deployment name is the name of the archive file without the file extension (myear for the file myear. For an exploded archive directory.Deployer Connection Arguments [User Credentials Arguments] -deploy [[-name] deployment_name] [-source] file [-plan file] [-targets target_list] [-submoduletargets target_list] [-upload] [-stage | -nostage | -external_stage] [-retiretimeout seconds] [-library [-libspecver version] [-libimplver version]] [-altappdd file] [-altwlsappdd file] [-securityModel] [-enableSecurityValidation] [-id task_id] [Common Arguments] Argument or Option -name deployment_name Definition Specifies the deployment name to assign to a newlydeployed application or stand-alone module. is deprecated. If you specify an application installation root directory.Deployer -adminurl http://localhost:7001 -username weblogic -password weblogic -cancel -id myDeployment Deploy Deploys or redeploys an application or module. an alias for -deploy./myapp. Syntax java [SSL Arguments] weblogic. as described in the Syntax. If a deployment name is not explicitly identified with the -deploy command. the name is derived from the specified deployment file or directory:  For an archive file.ear -id myDeployment If the deployment task has not yet completed.ear). Note: The -ACTIVATE command.Deployer -adminurl http://localhost:7001 -username weblogic -password weblogic -deploy . the default deployment name is derived from the archive filename or exploded archive   .

Use this option when you are on a remote machine and you cannot copy the deployment files to the Administration Server by other means. If you do not specify a target list with the -deploy command.  -submoduletargets target_list Specifies JMS Server targets for resources defined within a JMS application module. even if you are deploying from an application root directory that contains a plan. weblogic. or virtual hosts. clusters. Specifies a staging mode to use when deploying or distributing an application:  -stage—Copies -upload -stage | -nostage | -external_stage deployment files to target servers' staging directories. The application files are uploaded to the WebLogic Server Administration Server's upload directory prior to distribution and deployment. the target defaults to:  -plan file -targets target_list the Administration Server instance for new deployments. including deployment plans and alternate deployment descriptors. Specifies a deployment plan to use when deploying the application or module. By default. See Using Sub-Module Targeting with JMS Application Modules and Using WLST to Manage JMS Servers and JMS System Resources in Configuring and Managing WebLogic JMS. the application's current targets for deployed applications.Deployer does not use an available deployment plan.directory name in the /app subdirectory. stage is the default mode used when deploying or distributing to . Specifies the targets on which to distribute and deploy the application or module. You can omit the -source option and supply only the file or directory to deploy. This enables you to deploy different modules of an Enterprise Application to different servers or clusters. The target_list argument is a comma-separated list of the target servers. Transfers the specified deployment files. -source file Specifies the archive file or exploded archive directory to deploy. to the Administration Server. Each target may be qualified with a J2EE module name (<module1>@<server1>).

 -nostage—Does not copy the deployment files to target servers. -retiretimeout seconds Specifies the number of seconds before WebLogic Server undeploys the currently-running version of this application or module. You must include the -library option when deploying or distributing any J2EE library or optional package. This option can be used only if the library or package does not include a specification version in its manifest file. -libversion can be used only in combination with -library. -libspecver version Provides the specification version of a J2EE library or optional package. instead. See Registering . This option can be used only if the library or package does not include a implementation version in its manifest file. -libimplversion can be used only in combination with -library. nostage is the default used when deploying or distributing to the Administration Server (for example. See Deploying Shared J2EE Libraries and Dependent Applications. specified by the -source option. -library Identifies the deployment as a shared J2EE library or optional package. but leaves them in a fixed location. You can manually copy the files or use a third-party tool or script.Managed Server targets. in a single-server domain). -external_stage—Does  not copy the deployment files to target servers. See Controlling Deployment File Copying with Staging Modes. -libimplver version Specifies the implementation version of a J2EE library or optional package. See Redeploying a New Version of an Application. copy of the deployment files. you must ensure that deployment files have been copied to the correct subdirectory in the target servers' staging directories. Target servers access the same. See Registering Libraries with WebLogic Server.

Make sure that the identifier is unique to all other running deployment tasks. already acquired by the same user. You can specify an identifier with the -deploy. -redeploy. Specifies the task identifier of a running deployment task. (Deprecated.) Specifies the name of an alternate J2EE deployment descriptor (application. (Deprecated. -id task_id Examples See the following sections for examples of using the -deploy command:               Deploying to a Single-Server Domain Deploying an Application with a Deployment Plan Uploading Deployment Files from a Remote Client Deploying to One or More Targets Deploying to a Cluster Target Using Module-Level Targeting for Deploying an Enterprise Application Targeting Application-Scoped JMS. -usenonexclusivelock Indicates that the deployment operation will use an existing lock. and use it later as an argument to the -cancel or -list commands. Specifies the security model to use for this deployment.xml) to use for deployment. on the domain. The system automatically generates a unique identifier if you do not specify one.) Specifies the name of an alternate WebLogic Server deployment descriptor (weblogicapplication.Libraries with WebLogic Server. or -undeploy commands. JDBC.xml) to use for deployment. and WLDF Modules Using Sub-Module Targeting with JMS Application Modules Using Nostage Mode Deployment Using Stage Mode Deployment Using External_stage Mode Deployment Distributing Applications to a Production Environment Registering Libraries with WebLogic Server Deploying Applications That Reference Libraries . This is useful the use is using multiple deployment tools simultaneously and one of the tools has already acquired a lock on the domain configuration. -altappdd file -altwlsappdd file -securityModel [ DDOnly | CustomRoles | CustomRolesAndPolicy | Advanced ] -enableSecurityValidation Specifies whether or not to enable validation of security data.

While in Administration mode. the application can be accessed only by internal clients via a configured Administration port. You can omit the -source option and supply only the file or directory. If a deployment name is not explicitly identified. Specifies a deployment plan to distribute with the application or module. a name is derived from the specified deployment file or directory:  For an archive file. as described in the Syntax. External clients cannot access the application. Both the -name option and deployment_name argument are optional. A distributed application can be quickly started by using the Start command. If you specify an application installation root directory. the default deployment name is the name of the top-level directory.Deployer Connection Arguments [User Credentials Arguments] -distribute [[-name] deployment_name] [-source] file [-plan file] [-targets target_list] [-submoduletargets target_list] [-upload] [-stage | -nostage | -external_stage] [-library [-libspecver version] [-libimplver version]] [-altappdd file] [-altwlsappdd file] [-securityModel] [-enableSecurityValidation] [-id task_id] [Common Arguments] Argument or Option -name deployment_name Definition Specifies the deployment name to assign to the distributed application or module. Syntax java [SSL Arguments] weblogic. or make it available to Administration and client requests.Distribute Prepares deployment files for deployment by copying deployment files to target servers and validating them. the default deployment name is the name of the archive file without the file extension (myear for the file myear.   -source file Specifies the archive file or exploded archive directory to distribute. You can start the application in Administration mode. For an exploded archive directory. used to configure the application. -plan file . the default deployment name is derived from the archive filename or exploded archive directory name in the /app subdirectory.ear).

in a single-server domain). nostage is the default used when deploying or distributing to the Administration Server (for example. to the Administration Server before distribution. The application files are uploaded to the WebLogic Server Administration Server's upload directory prior to distribution. Transfers the specified deployment files. Each target may be qualified with a J2EE module name (<module1>@<server1>). instead.  -submoduletargets target_list Specifies JMS Server targets for resources defined within a JMS application module. specified by the -source option. or virtual hosts.-targets target_list Specifies the targets on which to distribute the application or module. Target servers access the same. the application's current targets for deployed applications. including any specified deployment plans. but leaves them in a fixed location. the target defaults to:  the Administration Server instance for new deployments. Use this option when you are on a remote machine and you cannot copy the deployment files to the Administration Server by other means. stage is the default mode used when deploying or distributing to Managed Server targets. -external_stage—Does  not copy the deployment files to target servers. If you do not specify a target list with the -deploy command. This enables you to distribute different modules of an Enterprise Application to different servers or clusters. you . See Using Sub-Module Targeting with JMS Application Modules and Using WLST to Manage JMS Servers and JMS System Resources in Configuring and Managing WebLogic JMS. Specifies a staging mode to use when deploying or distributing an application:  -stage—Copies -upload -stage | -nostage | -external_stage deployment files to target servers' staging directories. -nostage—Does  not copy the deployment files to target servers. clusters. copy of the deployment files. The target_list argument is a comma-separated list of the target servers.

This option can be used only if the library or package does not include a specification version in its manifest file. -libspecver version Provides the specification version of a J2EE library or optional package. See Registering Libraries with WebLogic Server. (Deprecated. -libversion can be used only in combination with -library. This option can be used only if the library or package does not include a implementation version in its manifest file. -id task_id . -libimplversion can be used only in combination with -library. Specifies the task identifier of a running deployment task. -altwlsappdd file -securityModel [ DDOnly | CustomRoles | CustomRolesAndPolicy | Advanced ] -enableSecurityValidation Specifies whether or not to enable validation of security data. You must include the -library option when deploying or distributing any J2EE library or optional package.) Specifies the name of an alternate WebLogic Server deployment descriptor (weblogicapplication. Specifies the security model to be used for this application. See Controlling Deployment File Copying with Staging Modes.must ensure that deployment files have been copied to the correct subdirectory in the target servers' staging directories.xml) to use for deployment or distribution. See Registering Libraries with WebLogic Server. See Deploying Shared J2EE Libraries and Dependent Applications.) Specifies the name of an alternate J2EE deployment descriptor (application. -altappdd file (Deprecated. -libimplver version Specifies the implementation version of a J2EE library or optional package.xml) to use for deployment or distribution. You can manually copy the files or use a third-party tool or script. -library Identifies the deployment as a shared J2EE library or optional package.

-redeploy. Syntax java [SSL Arguments] weblogic. See the examples links for the Deploy command for more information. but WebLogic Server does not start the application or module on target servers. Syntax java [SSL Arguments] weblogic.Deployer Connection Arguments [User Credentials Arguments] <-list | -listtask> [task_id] [Common Arguments] Argument or Definition Option task_id The identifier of a deployment task to display. UNDEPLOY.Deployer Connection Arguments [User Credentials Arguments] -listapps [Common Arguments] Examples See Displaying Version Information for Deployed Applications. and use it later as an argument to the -cancel or -list commands. Redeploy . Listapps Lists the deployment names for applications and stand-alone modules deployed. List. UPDATE. Examples See Managing Long-Running Deployment Tasks. STOP. or -undeploy commands. The identifier can be specified by using the -id argument to the DEPLOY. and START commands.You can specify an identifier with the -deploy. Listtask Displays the status of deployment tasks currently running in the domain. REDEPLOY. Examples The -distribute command operates similar to -deploy. distributed. Make sure that the identifier is unique to all other running deployment tasks. DISTRIBUTE. or installed to the domain. The system automatically generates a unique identifier if you do not specify one.

when updating an application to a new version. omit the -source option and supply only a filelist. or redeploying. Syntax java [SSL Arguments] weblogic. described in Using Partial Redeployment for J2EE Module Updates.Redeploys a running application or part of a running application. the -source option specifies the location of new deployment files to redeploy. When used with the redeploy command. If . -targets module@target. -targets module@target. The -name option can be omitted. or redeploy. Note: Use a file or filelist specification only for redeploying static files within a J2EE module. use the module-targeting syntax. the redeployment is treated as a partial redeployment of the specified files. If the filelist specifies multiple files. described in Using Partial Redeployment for J2EE Module Updates. use production redeployment or redeploy the module using the -targets module@target syntax. The use of -redeploy module-uri is deprecated.Deployer Connection Arguments [User Credentials Arguments] -redeploy [[-name] deployment_name] {-source file | filelist} [-plan file] [-targets target_list] [-submoduletargets target_list] [-upload] [-delete_files] [-retiretimeout seconds] [-id task_id] [Common Arguments] Argument or Option Definition -name deployment_name Specifies the deployment name of a deployed application or module. To redeploy an entire J2EE module within an Enterprise Application. the -plan option allows you to specify an updated configuration to use during the redeployment. Specifies the archive file or exploded archive directory to distribute. -source file filelist Specifies one or more files to redeploy. When redeploying an application. in which case the name is taken from the -source file argument. To specify multiple files for a partial redeployment. use the module-targeting syntax. Instead. for example. deploying. To redeploy an entire J2EE module within an Enterprise Application. -plan file Specifies a deployment plan to use when distributing. Note: Use a file or filelist specification only for redeploying static files within a J2EE module. deploy.

or redeploy the application or module. Transfers the specified deployment files. Use the -upload option with the REDEPLOY command when you are upgrading an application to a new version. including deployment plans and alternate deployment descriptors. clusters. or virtual hosts. -targets target_list Specifies the targets on which to distribute. as shown in the following example: java weblogic. to the Administration Server.the revised deployment plan contains changes to resource bindings. Each target may be qualified with a J2EE module name (<module1>@<server1>). the application is redeployed on all of its current target servers. delete_files is valid only for unarchived deployments. The application files are uploaded to the WebLogic Server Administration Server's upload directory prior to distribution and deployment. WebLogic Server attempts to redeploy a new version of the application alongside an older version. If you do not specify a target list with the -redeploy command. If you do not specify a target list with the -deploy command. This enables you to redeploy different modules of an Enterprise Application to different servers or clusters. the target defaults to:   the Administration Server instance for new deployments. deploy. You must specify target servers when using this option. Use this option when you are on a remote machine and you cannot copy the deployment files to the Administration Server by other means. the application's current targets for deployed applications. -upload -delete_files Removes static files from a server's staging directory.Deployer -adminurl http://myserver:7001 -username weblogic -password weblogic -name myapp -targets myapp@myserver -redeploy . The target_list argument is a comma-separated list of the target servers. and only for applications deployed using -stage mode. -submoduletargets target_list Specifies JMS Server targets for resources defined within a JMS application module. See Using Sub-Module Targeting with JMS Application Modules and Using WLST to Manage JMS Servers and JMS System Resources in Configuring and Managing WebLogic JMS. See Updating the Deployment Configuration for an Application.

The system automatically generates a unique identifier if you do not specify one. BEA recommends that you use caution when using the delete_files option and that you do not use the delete_files option in production environments. You can specify an identifier with the -deploy. if you specify a directory but do not specify files within the directory. with the -adminmode option. -id task_id Specifies the task identifier of a running deployment task. If you use the delete_files option with an application that was deployed using either -nostage or -external_stage mode. Make sure that the identifier is unique to all other running deployment tasks. Optionally. the files must already be available via an earlier -deploy or -distribute command. Examples See the following sections for examples of using the -redeploy command:       Redeploying a New Version of an Application Rolling Back the Production Redeployment Process Steps for Distributing a New Version of an Application Redeploying Applications and Modules In-Place Using Partial Redeployment for J2EE Module Updates Updating Static Files in a Deployed Application Start Makes a stopped (inactive) application available to clients on target servers. is deprecated. In order to issue a -start command. -start does not redistribute deployment files to target servers. Note: The -activate command. the command does not delete the files. delete_files delete_files can only be used in combination with the -redeploy command. . -retiretimeout seconds Specifies the number of seconds before WebLogic Server undeploys the currently-running version of this application or module. -redeploy. which makes it available only via a configured Administration channel. an alias for -start. See Redeploying a New Version of an Application.html only removes files that WebLogic Server copied to the staging area during deployment. Note: Because the -delete_files option deletes all specified files or. or -undeploy commands. all files in the specified directory. starts the application in Administration mode.-delete_files myapp/tempindex. and use it later as an argument to the -cancel or -list commands.

If you do not specify a target list with the -redeploy or -start commands. in which case the name is taken directly from the deployment_name.Syntax java [SSL Arguments] weblogic. Specifies the number of seconds before WebLogic Server undeploys the currently-running version of this application or module. Specifies the deployment name of a deployed application or module. If you do not specify a target list with the -deploy command. The target_list argument is a comma-separated list of the target servers.Deployer Connection Arguments [User Credentials Arguments] -start [-adminmode] [-name] deployment_name [-appversion version] [-planversion version] [-targets target_list] [-submoduletargets target_list] [-retiretimeout seconds] [-id task_id] [Common Arguments] Argument or Option Definition -adminmode -name deployment_name Indicates that the application should start in Administration mode. Each target may be qualified with a J2EE module name (<module1>@<server1>). the command is performed on all of the application's current targets. or START the application or module. See Using Sub-Module Targeting with JMS Application Modules and Using WLST to Manage JMS Servers and JMS System Resources in Configuring and Managing WebLogic JMS. Specifies the targets on which to DISTRIBUTE. the target defaults to:   -appversion version -planversion version -targets target_list the Administration Server instance for new deployments. (If the deployment_name specifies a file or directory name. -submoduletargets target_list Specifies JMS Server targets for resources defined within a JMS application module. not Production mode (which is the default). or virtual hosts. REDEPLOY. -retiretimeout seconds . clusters.) The version of the application to start. The -name option can be omitted. This enables you to deploy different modules of an Enterprise Application to different servers or clusters. the deployment name is derived from the file specification. the application's current targets for deployed applications. DEPLOY. See Redeploying a New Version of an Application. The version of the deployment plan to use when starting the application.

Make sure that the identifier is unique to all other running deployment tasks. the application be accessed only via a configured Administration channel.Deployer Connection Arguments [User Credentials Arguments] -stop [-adminmode] [-name] deployment_name [-appversion version] [-planversion version] [-targets target_list] [-submoduletargets target_list] [-ignoresessions] [-graceful] [-id task_id] [Common Arguments] Argument or Option Definition -adminmode Indicates that a running application should switch to Administration mode and accept only Administration requests via a configured Administration channel. and use it later as an argument to the -cancel or -list commands. While in Administration mode. Specifies the deployment name of a deployed application or module. is deprecated. Examples See the following sections for examples of using the -start command:    Starting a Distributed Application Making an Application Available to Clients Stopping an Application to Restrict Client Access Stop Makes an application inactive and unavailable administration and client requests. in which case the name is taken directly from the deployment_name. The -name option can be omitted.-id task_id Specifies the task identifier of a running deployment task. All of the application's staged files remain available on target servers for subsequent -start. -start. You can optionally choose to stop the application only to client requests by placing it in Administration mode with the -adminmode option. -deploy. You can specify an identifier with the -distribute. Note: The -deactivate command. the running application is stopped and cannot accept Administration or client requests until is it restarted. -deploy. The system automatically generates a unique identifier if you do not specify one. (If the deployment_name specifies a file or directory name. Syntax java [SSL Arguments] weblogic. -redeploy. or -undeploy actions. the -name deployment_name . -redeploy. If this option is not specified. an alias for -stop. or -undeploy commands.

the target defaults to:   the Administration Server instance for new deployments. See Taking a Production Application Offline.) -appversion version -planversion version -targets target_list The version identifier of the deployed application. -deploy. -start. -graceful -ignoresessions This option immediately places the application into Administration mode without waiting for current HTTP sessions to complete. -deploy. -start. WebLogic Server immediately stops the application or module. Make sure that the identifier is unique to all other running deployment tasks. the application's current targets for deployed applications. The version identifier of the deployment plan. or -stop the application or module. Stops the application after existing HTTP clients have completed their work. . clusters. -redeploy. This enables you to deploy different modules of an Enterprise Application to different servers or clusters. and use it later as an argument to the -cancel or -list commands. or -undeploy commands. -id task_id Specifies the task identifier of a running deployment task. See Using Sub-Module Targeting with JMS Application Modules and Using WLST to Manage JMS Servers and JMS System Resources in Configuring and Managing WebLogic JMS. The target_list argument is a comma-separated list of the target servers. The system automatically generates a unique identifier if you do not specify one. the command is performed on all of the application's current targets.deployment name is derived from the file specification. -submoduletargets target_list Specifies JMS Server targets for resources defined within a JMS application module. -start. Specifies the targets on which to -distribute. If you do not specify a target list with the -deploy command. or virtual hosts. -stop. Each target may be qualified with a J2EE module name (<module1>@<server1>). -redeploy. If you do not specify the -graceful option. or -stop commands. You can specify an identifier with the -distribute. If you do not specify a target list with the -redeploy.

Warning: You should only undeploy applications that you are certain you want to completely remove. Note: The -REMOVE command.Deployer Command-Line Reference. Note: Any target not included in the target list is not removed.) The version identifier of the deployed application.Examples See the following sections for examples of using the -stop command. described in weblogic. the deployment name is derived from the file specification. in which case the name is taken directly from the deployment_name. The version identifier of the deployment plan. the resources are deleted along with the application. use the -stop command. Warning: When you undeploy an application that contains application-scoped resources. The target_list argument is a comma-separated list of the target servers. to temporarily stop client access to applications. Undeploy Stops the deployment unit and removes staged files from target servers. an alias for -undeploy. Specifies the targets from which the application or module are undeployed. is deprecated. Each target may be qualified with a J2EE module name (<module1>@<server1>). Syntax java [SSL Arguments] weblogic. which can potentially cause abandoned transactions or lost messages as a result of deleted JMS destinations. see Stopping an Application to Restrict Client Access. For more information.Deployer Connection Arguments [User Credentials Arguments] -undeploy [-name] deployment_name [-appversion version] [-planversion version] [-targets target_list] [-submoduletargets target_list] [-graceful] [-ignoresessions] [-id task_id] [Common Arguments] Argument or Option Definition -name deployment_name Specifies the deployment name of a deployed application or module. instead. clusters. The -name option can be omitted. or virtual hosts. see Unregister Resource Grace Period in Programmikng WebLogic JTA. (If the deployment_name specifies a file or directory name. This enables you to undeploy different modules of an Enterprise Application from -appversion version -planversion version -targets target_list .

If you do not specify the -graceful option. You can specify an identifier with the -distribute. See Taking a Production Application Offline. you must use the Redeploy command. or -undeploy commands. Specifies the task identifier of a running deployment task.Deployer Connection Arguments [User Credentials Arguments] -update -plan deployment_plan [-name] deployment_name [-appversion version] [-planversion version] [-targets target_list] [-submoduletargets target_list] . The module is undeployed after it is stopped. -id task_id Examples See the following sections for examples of using the -undeploy command:   Undeploying an Application or Module Sub-module Targeting for Stand-alone JMS Modules Update Updates an application's deployment plan by redistributing the plan files and reconfiguring the application based on the new plan contents. -submoduletargets target_list Specifies the JMS resources to be undeployed. To update the resource bindings for an application.different servers or clusters. Note: -update cannot be used to update an application's resource bindings. -stop. -redeploy. Make sure that the identifier is unique to all other running deployment tasks. Syntax java [SSL Arguments] weblogic. WebLogic Server immediately stops the application or module. -start. Note: Any sub-module target not included in the target list is not removed. -deploy. See Using Sub-Module Targeting with JMS Application Modules and Using WLST to Manage JMS Servers and JMS System Resources in Configuring and Managing WebLogic JMS -graceful Stops the application after existing HTTP clients have completed their work. and use it later as an argument to the -cancel or -list commands. -ignoresessions Immediately stops and undeploys the application without waiting for current HTTP sessions to complete. The system automatically generates a unique identifier if you do not specify one.

The -name option can be omitted. the plan cannot contain null variables for required resources unless those resources were previously defined in the associated desrciptor. the target defaults to:   -appversion version -planversion version -targets target_list the Administration Server instance for new deployments. If you do not specify a target list with the -deploy command. -undeploy. (If the deployment_name specifies a file or directory name. Uploads a new deployment plan to the Administration Server before updating the application. or -stop the application or module. -undeploy. -upload . not null value in the deployment plan. See Using Sub-Module Targeting with JMS Application Modules and Using WLST to Manage JMS Servers and JMS System Resources in Configuring and Managing WebLogic JMS. the command is performed on all of the application's current targets. This enables you to deploy different modules of an Enterprise Application to different servers or clusters. or -stop commands.) The version identifier of the deployed application. Specifies the targets on which to -distribute. The specified deployment plan must be valid for the application's target servers. Update operations update only those descriptors for which there is a changed. The version identifier of the deployment plan. If you do not specify a target list with the -redeploy. -name deployment_name Specifies the deployment name of a deployed application or module. -start. the current values in the corresponding descriptors are not updated. The target_list argument is a comma-separated list of the target servers. the application's current targets for deployed applications. the deployment name is derived from the file specification. Each target may be qualified with a J2EE module name (<module1>@<server1>). -submoduletargets target_list Specifies JMS Server targets for resources defined within a JMS application module. For example. -start. If a plan that is used by an update operation contains null variables. in which case the name is taken directly from the deployment_name. or virtual hosts. -redeploy. -deploy. clusters.[-upload] [-id task_id] [Common Arguments] Argument or Option Definition -plan deployment_plan Identifies the deployment plan to use for updating the application's configuration.

RemoteJMSServer2"/> <SubDeployment Name="RemoteQueue1" Targets="RemoteJMSServer1"/> </AppDeployment> The weblogic.xml File and Corresponding weblogic. You can specify an identifier with the -distribute. -start.Deployer command to deploy the application.xml file would contain: <AppDeployment Name="dd-remote-cluster" SourcePath=". Make sure that the identifier is unique to all other running deployment tasks. Assuming:    mycluster is a cluster name D1C2S1 and D1C2S2 are server names RemoteJMSServer1 and RemoteJMSServer2 are JMS server names The application's config.-id task_id Specifies the task identifier of a running deployment task. RemoteQueue1@RemoteJMSServer1 Creating a New WebLogic Domain . The system automatically generates a unique identifier if you do not specify one.xml" Targets="mycluster"> <SubDeployment Name="RemoteCluster" Targets="mycluster"/> <SubDeployment Name="D1C2S2" Targets="D1C2S2"/> <SubDeployment Name="RemoteClusterServers" Targets="D1C2S1. -update.Deployer Command This section demonstrates an application's config.Deployer -deploy command to deploy the application would be: java weblogic. -deploy./udd-debug-deployment-on-remote-cluster-jms. RemoteClusterServers@D1C2S2.xml" -targets mycluster -submoduletargets RemoteCluster@mycluster. RemoteClusterJMSServers@RemoteJMSServer2. or -undeploy commands. D1C2S2@D1C2S2. and use it later as an argument to the -cancel or -list commands.D1C2S2"/> <SubDeployment Name="RemoteClusterJMSServers" Targets="RemoteJMSServer1. Example See Updating an Application to Use a Different Deployment Plan Example config. RemoteClusterJMSServers@RemoteJMSServer1. -stop. RemoteClusterServers@D1C2S1. -redeploy.Deployer -adminurl t3://MySystem:10000 -username system -password system -name dd-remote-cluster -deploy "config\jms\udd-debug-deployment-on-remote-cluster-jms.xml file and the corresponding weblogic.

see Extending Domains. . Begin by selecting the product components you want to include in your domain. . . if defined. Then specify the product components you want to add. or a domain template to be used as the basis for your domain. or identify the extension template you want to use for adding applications and services. You then have the option of customizing the JDBC connections to your database and the JMS file store. by selecting the product components you want to include in your domain. Begin by selecting the directory of the domain that you want to update. or by using domain templates. To learn more.Before you can develop and run WebLogic-based applications. Then modify settings as required. Add product component functionality or support for additional applications and services to an existing domain. Choose this option . The Configuration Wizard guides you through the process of creating a new domain quickly and easily. The following topics describe the steps required to create a new domain using the Configuration Wizard:        Create or Extend a Domain Select a Domain Source Configure an Administrator Username and Password Specify the Server Start Mode and JDK Customize Environment and Services Settings Create the WebLogic Domain Creating Domain Related Topics Overview of Creating a New Domain Using the Configuration Wizard Introduction to Domains Creating a New Domain Create or Extend a Domain The Welcome window prompts you to choose whether you want to create a new domain or extend an existing one. Related Topics Overview of Creating a New Domain Using the Configuration Wizard Introduction to Domains . Create a new domain that is configured to meet your requirements. you must first create a domain. Create a new WebLogic domain Extend an existing WebLogic domain When you want to . .

you may need to perform additional steps (after the domain is created or extended) to make sure that the application and its application-scoped resources are targeted and deployed properly in a clustered environment. You can select the product components to include in your domain. manually enter the full pathname to the template in the Template location field and click Next. tabs. ?. Note: While using the Configuration Wizard or WLST Offline to create or extend a clustered domain with a template that has applications containing applicationscoped JDBC and/or JMS resources. or any characters in the following comma-separated list: < >. #. &.  Base this domain on an existing template To use this option. For more information on the targeting and deployment of application-scoped modules. 2. or click Browse to navigate to the directory containing the desired template. Select the domain template that contains the settings you want to use as the basis for your domain. .com/wls/docs90/deployment/deploy. select the check boxes associated with the components you want to include. User names are case sensitive. The password value is encrypted. { }. ( ). Enter a valid value in the User password field: a string of at least 8 case-sensitive characters.bea. Do not use commas. see "Deploying Applications and Modules" in Deploying Applications to WebLogic Server at the following URL: http://e-docs. To configure an administrator username and password: 1. or select a custom template on which to base your domain. |.html Configure an Administrator Username and Password The Configure Administrator Username and Password window prompts you to specify a username and password to be used for starting the Administration Server. Enter a valid value in the Username field. and click Next. This name is used to boot the Administration Server and connect to it.Creating a New Domain Select a Domain Source The Select a Domain Source window prompts you to select the source from which to create the domain. Choose one of the following options for selecting the source for your domain:  Generate a domain configured automatically to support the following BEA products: To use this option.

Your application is running in its final form. . you can design your application to work within environments secured by SSL. In this mode. Differences Between Domain Startup Modes The following table describes the differences between development and production modes in terms of key functions. . Differences Between Development and Production Modes Function SSL You can use the demonstration digital certificates and the demonstration keystores provided by the WebLogic Server security services. 3. 4. You should not use the demonstration digital certificates and the demonstration keystores. .Note: Do not use the name/password combination weblogic/weblogic in a production environment. With these certificates. In this mode. Reenter the password in the Confirm user password field. security is fully configured. . a warning message is displayed. . You are creating your applications. If you do so. allowing you to auto-deploy applications. . 5. Click Next to proceed to the next configuration window. . enter a login description for this username. Table 3-1 In development mode . Choose this mode . Specify the Server Start Mode and JDK The Configure Server Start Mode and JDK window prompts you to specify the:   Startup mode for your domain JDK to be used for the domain Choose the Startup Mode Specify the startup mode for your domain as shown in the following table. the configuration of security is relatively relaxed. In production mode . Development Production When . Optionally. . .

log.com/wls/ docs90/deployment/deploy.Deployer tool. the weblogic. The Configuration Wizard presents a list of the JDKs supplied by BEA and installed with the product.bea. http://e-docs.html Deploying WebLogic Server instances can Applications automatically deploy and update applications that reside in the domain_name/autodeploy directory (where domain_name is the name of a domain). see "Configuring SSL" in Securing WebLogic Server at the following URL: http://e-docs. the remainder of the server session.html#autodeplo y Log File Rotation When you start a server.html Select the JDK for the Domain The JDK Selection pane prompts you to select the J2SE Development Kit (JDK) for the startup mode you selected in the WebLogic Domain Startup Mode pane.bea.For more information about managing security. For more It is recommended that this method be used information.bea.  BEA JRockit JDK From BEA Systems. or the WebLogic Scripting Tool (WLST). Inc.n. For reaches 500 kilobytes. see Deploying Applications to WebLogic only in a single-server development Server at the following URL: environment. . the server rotates its local log file whenever the size of the file reaches 500 kilobytes. see "AutoDeploying Applications in Development Domains" in Deploying Applications to WebLogic Server at the following URL: http://e-docs. the server A server rotates its local log automatically renames (rotates) its local file after the size of the file server log file as server-name. The auto-deployment feature is disabled. including:  Sun JDK From Sun Microsystems. For more information.com/wls/docs90/ secmanage/ssl. so you must use the WebLogic Server Administration Console.com/wls/ docs90/deployment/index.

Related Topics For information on changing the run-time mode after you have created a domain.You can choose one of the JDKs supplied by BEA or another JDK that you have installed on your system. see Supported Configurations. 2.com/wls/docs90/ConsoleHelp/taskhelp/domainconfig/ChangeRuntimeModes. BEA recommends that you develop and test your applications using BEA JRockit early in your project cycle. click Browse. Note: If you plan to use the JRockit JDK in production mode.html To select the JDK: 1. and navigate to the appropriate directory. Perform one of the following steps: • • To use a JDK supplied by BEA. To use a JDK that is not installed with the product.bea.bea. see the BEA JRockit JDK documentation at the following URL: http://e-docs.ht ml. select Other JDK. select BEA Supplied JDKs and then select a JDK from the list. For a list of the JDKs that are supported for a specific platform. The following topics summarize the settings you can change. the Configuration Wizard will create server startup scripts that invoke the JDK you select. If you select a JDK supplied by BEA. based on the platform on which you are installing the domain. If you choose not to customize any environment or services settings by accepting the default (No). Customize the Environment . Customize Environment and Services Settings The Customize Environment and Services Settings window gives you the option to change the distribution of your domain across servers. The default selection reflects the JDK that best meets the requirements of your environment. Click Next to proceed to the next configuration window. you proceed directly to creating the domain. clusters. and to modify existing JDBC and JMS file store settings. and machines. Note: The Configuration Wizard does not configure the start scripts to use this type of JDK.com/wljrockit/docs50/index. Select only those JDKs that are supported on the platform you are using. see "Change to production mode" in the WebLogic Server Administration Console Online Help at http://edocs. For information about BEA JRockit. You must change the start scripts manually.

To group the Managed Servers into clusters. or change the configuration of existing clusters • Assign the Managed Servers to a cluster in the domain • Create an HTTP proxy for each cluster within the domain Assign WebLogic Server instances to host machines. or change the configuration of existing Managed Servers defined in the selected template Group the Managed Servers into clusters. For more information. To map WebLogic Server instances to host machines. machine definitions identify a particular. you have the option of performing the following steps: • Add or delete clusters. In a domain.You can customize the environment of your domain as follows:     Change the configuration of the Administration Server. including database type and drivers Test the connections to the database Load the database If a JMS file store has been defined in the domain source. or change the configuration of existing machines • Assign each instance of WebLogic Server to the machine on which it runs. click within the field and modify the string displayed there. including listen address and listen ports Add or delete Managed Servers. . see Customizing Existing JDBC and JMS Settings. If you need to change the value in this field. Make sure that the Domain Name field contains the name of the required domain. you have the option to do the following:    Modify JDBC Data Source settings. Customize Existing JDBC and JMS Settings If the domain source on which you are basing your domain contains a database configuration. see Customizing the Environment. Create the WebLogic Domain The Create WebLogic Domain window prompts you to specify the name and pathname for the domain. which allows multiple Managed Servers to operate as a single unit to host applications and resources. physical piece of hardware and are used to associate a computer with the Managed Servers it hosts. you can also change the file store definition. you have the option of performing the following steps: • Add or delete machines. For more information. and initiate its creation. To create the WebLogic domain: 1.

and domain is the name of the domain directory defined by the selected domain template. Make sure that the Domain Location field contains the name of the required domain directory. UNIX and Linux Click Done. The following sections describe how to configure SSL for WebLogic Server:   SSL: An Introduction One-Way and Two-Way SSL . . navigate to the appropriate directory or manually enter its pathname in the Location field. The domain directory can be located anywhere on your system. it resides in BEA_HOME\user_projects\domains\domain. or specify a different name or location for this domain. By default. On this platform .xml file and all other generated components in the domain directory that you specify. If you do not want to start the server at this time. BEA recommends using SSL in a production environment. Note: You cannot overwrite an existing domain. Click OK. If a domain with the name you specify already exists in the selected location. . you must either delete the existing domain.  Configuring SSL Configuring SSL is an optional step. . Do one of the following:  If you want to start the server immediately. select the Start Admin Server check box and click Done. Click Create. 2.2. Creating Domain The Creating Domain window displays status messages during the domain creation process. In the dialog box. click Done. the new domain is ready for use. however. Windows Perform the following task . When the process is complete. Click Browse to invoke the Select a WebLogic Domain Directory dialog box. . where BEA_HOME is the directory that contains the product installation. If you need to change the value in this field: 1. The Configuration Wizard stores the config. 3. The Creating Domain window is opened to display status messages during the domain creation process.

for example. always use SSL in a production environment. Often.0 specifications. the server presents a certificate to the client and the client presents a certificate to the server. To establish an SSL connection. One-Way and Two-Way SSL SSL can be configured one-way or two-way:   With one-way SSL.0 and Transport Layer Security (TLS) 1. https://myserver:7002. the server is required to present a certificate to the client but the client is not required to present a certificate to the server. a Web browser connects to WebLogic Server by supplying the SSL listen port and the HTTPs protocol in the connection URL. WebLogic Server supports SSL on a dedicated listen port which defaults to 7002. All machines must be kept up to date with the current set of recommended patches from the operating system vendors. One-way SSL is common on the Internet where customers want to create secure connections before they share personal data. WebLogic Server can be configured to require clients to submit valid and trusted certificates before completing the SSL connection. However. Using SSL is computationally intensive and adds overhead to a connection. clients will also use SSL to log on in order for the server can authenticate them. Encryption makes data transmitted over the network intelligible only to the intended recipient. SSL in WebLogic Server is an implementation of the SSL 3.       Setting Up SSL: Main Steps Using Host Name Verification Enabling SSL Debugging SSL Session Behavior SSL Certificate Validation Using the nCipher JCE Provider with WebLogic Server Specifying the Version of the SSL Protocol Notes: This chapter applies to WebLogic Server deployments using the security features in this release of WebLogic Server as well as deployments using Compatibility Security. To successfully negotiate an SSL connection. . Authentication allows a server and optionally a client to verify the identity of the application on the other end of a network connection. the client must authenticate the server. Avoid using SSL in development environments when it is not necessary. but the server will accept a connection from any client. With two-way SSL. SSL: An Introduction Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications.

If these names do not match. Use the digital certificates. set configuration options that require the presentation of client certificates (for two-way SSL). see Obtaining Private Keys.nojce=true to use a FIPS-compliant (FIPS 1402) crypto module. Configure the identity and trust keystores for WebLogic Server in the WebLogic Server Administration Console. Optionally. Set SSL configuration options for the private key alias and password in the WebLogic Server Administration Console. 3. The SSL client is the actual party that drops the SSL connection if the names do not match. 2. or in the WebLogic Keystore provider for the purpose of backward compatibility only. WebLogic Server has host name verification enabled. you can specify the command line argument -Dweblogic. Store the identity and trust. See "Configure Keystores" in the Administration Console Online Help.ssl. Sun Microsystem's keytool utility. and Trusted Certificate Authorities. By default. Note: When starting a WebLogic Server instance. Digital Certificates. See "Configure SSL" and "Configure two-way SSL" in the Administration Console Online Help. the SSL connection is dropped. Using Host Name Verification A host name verifier ensures the host name in the URL to which the client connects matches the host name in the digital certificate that the server sends back as part of the SSL connection. Note: This release of WebLogic Server supports private keys and trusted CA certificates stored in files. Digital Certificates. and trusted CA certificates provided by the WebLogic Server kit. Private keys and trusted CA certificates which specify identity and trust are stored in a keystore.security. WebLogic Server compares the common name in the SubjectDN in the SSL server's digital certificate with the host name of the SSL server used to initiate the SSL connection. Obtain an identity (private key and digital certificates) and trust (certificates of trusted certificate authorities) for WebLogic Server. 4. or a reputable vendor such as Entrust or Verisign to perform this step. . It helps to prevent man-in-the-middle attacks. As a function of the SSL handshake. private keys. A host name verifier is useful when an SSL client (or a WebLogic Server acting as an SSL client) connects to an application server on a remote host. For information on configuring identity and trust for WebLogic Server. and Trusted Certificate Authorities and Storing Private Keys.Setting Up SSL: Main Steps To set up SSL: 1. the CertGen utility.

The log file contains detailed information about where the failure occurred.0.If anything other than the default behavior is desired. 127.debug=true -Dweblogic. the host name verification feature is updated so that if the host name in the certificate matches the local machine's host name. The types and severity of the ALERTS are defined by the TLS specification. An ALERT received after the trace message indicates the failure occurred on the peer. see the following topics in the Administration Console Online Help:     "Verify Host Name Verification is enabled" "Disable Host Name Verification" "Configure a Custom Host Name Verifier" "Configuring SSL" Enabling SSL Debugging SSL debugging provides more detailed information about the SSL events that occurred during an SSL handshake. For a Managed Server started by the Node Manager. specify this command-line argument on the Remote Start page for the Managed Server. Therefore.StdoutDebugEnabled=true The SSL debugging properties can be included in the start script of the SSL server. The stack trace dumps information into the log file where the ALERT originated. when tracking an SSL problem. trust and validity checks and the default host name verifier) I/O related information Use the following command-line properties to enable SSL debugging: -Dssl. In this release of WebLogic Server. BEA recommends leaving host name verification on in production environments. and the Node Manager. either turn off host name verification or configure a custom host name verifier. To determine where the ALERT occurred. host name verification passes if the URL specifies localhost. To . For more information. the SSL client. SSL debugging dumps a stack trace whenever an ALERT is created in the SSL process.01. or the default IP address of the local machine. confirm whether there is a trace message after the ALERT. you may need to enable debugging on both sides of the SSL connection (on both the SSL client or the SSL server). Turning off host name verification leaves WebLogic Server vulnerable to man-in-the-middle attacks. The SSL debug trace displays information about:         Trusted certificate authorities SSL server configuration information Server identity (private key and digital certificate) The encryption strength that is allowed by the license in use Enabled ciphers SSL records that were passed during the SSL handshake SSL failures detected by WebLogic Server (for example.

net. Session caching is maintained by the SSL context. A single thread has access to the entire session cache. The host name check was successful The certificate validation was successful Note: Sev 1 type 0 is a normal close ALERT. The SSL session cache is specific to each SSL context. SSL socket 1 caches the session. Clients that use SSL sockets directly can control the SSL session cache behavior. not just one SSL session. When tracking an SSL problem. By default. creating a new SSL socket and connecting to the same host and port can resume a previous session as long as the SSL socket is created using an SSL socket factory from the SSL context that has the SSL session in its cache. Multiple SSL sockets that use the same host and port share SSL sessions by default assuming the SSL sockets are using the same underlying SSL context. Clients that do not want to use SSL sessions must call setEnableSessionCreation(false) on the SSL socket to ensure that no SSL sessions are cached. not a problem. All SSL sockets created by SSL socket factory instances returned by a particular SSL context can share the SSL sessions. This setting only controls whether an SSL session is added to the cache.HttpsClient class or the weblogic.) SSL sessions exist for the lifetime of the SSL context. The SSL session can be retrieved using the weblogic. Those sessions live for the life of the server. which can be shared by threads. so multiple SSL sessions can be used and shared in a single (or multiple) thread. you need to enable SSL debugging on the peer in the SSL connection. The following command-line arguments are ignored: . Clients default to resuming sessions at the same IP address and port. they are not controlled by the lifetime of the SSL socket.net. Therefore. SSL socket 2 sets setEnableSessionCreation to false but it can still reuse the SSL session from SSL socket 1 since that session was put in the cache.xml file was loaded The license (domestic or export) is correct The trusted certificate authority was valid and correct for this server.HttpsURLConnection class. review the information in the log file to ensure:      The correct config. it does not stop an SSL socket from finding an SSL session that was already cached (for example.http.http. clients that use HTTPS URLs get a new SSL session for each URL because each URL uses a different SSL context and therefore SSL sessions can not be shared or reused. SSL Session Behavior WebLogic Server allows SSL sessions to be cached. Clients can also resume URLs by sharing a SSLSocket Factory between them.determine the problem.

see Programming WebLogic RMI. 4. By default. All X509 V3 CA certificates used with WebLogic Server must have the Basic Constraint extension defined as CA. you may be using certificates that do not meet this requirement or you may want to increase the level of security to conform to the IETF RFC 2459 standard. do the following: 1. The host2ior utility prints two versions of the interoperable object reference (IOR). Configure WebLogic Server to use SSL. Configure the client Object Request Broker (ORB) to use SSL.SSL. Use the SSL IOR when obtaining the initial reference to the CosNaming service that accesses the WebLogic Server JNDI tree. Refer to the product documentation for your client ORB for information about configuring SSL.security. Controlling the Level of Certificate Validation By default WebLogic Server rejects any certificates in a certificate chain that do not have the Basic Constraint extension defined as CA. Use the following command-line argument to control the level of certificate validation performed by WebLogic Server: -Dweblogic. 3. Note: If WebLogic Server is booted with a certificate chain that will not pass the certificate validation.SSL.SSL.ttl Configuring RMI over IIOP with SSL Use SSL to protect Internet Interop-Orb-Protocol (IIOP) connections to Remote Method Invocation (RMI) remote objects.size weblogic. However.security. thus ensuring that all certificates in a certificate chain were issued by a certificate authority.sessionCache. an information message is logged noting that clients could reject it. any certificates for certificate authorities not meeting this criteria are rejected. Use the host2ior utility to print the WebLogic Server IOR to the console. The header of the IOR specifies whether or not the IOR can be used for SSL connections.sessionCache. SSL Certificate Validation WebLogic Server ensures that each certificate in a certificate chain was issued by a certificate authority.enforceConstraints=option Table 11-1 describes the options for the command-line argument.security. This section describes the command-line argument that controls the level of certificate validation. one for SSL connections and one for non-SSL connections. For more information about using RMI over IIOP. 2. To use SSL to protect RMI over IIOP connections. SSL secures connections through authentication and encrypts the data exchanged between objects. .  weblogic.

SSL.SSL.security.security.security.security.enforceConstraints =strong or Dweblogic.SSL.enforceConstraints =strict This option is not the default because a number of commercially available CA certificates do not conform to the IETF RFC 2459 standard. For example: Dweblogic.security.Table 11-1 Options for Description -Dweblogic. For example: Dweblogic. For example: Dweblogic. strict Use this option to check the Basic Constraints extension on the CA certificate is defined as CA and set to critical. off Use this option to turn off checking for the Basic Constraints extension. CA certificates from most commercial certificate authorities should work with the default strong option.enforceCon straints Option strong or true Use this option to check that the Basic Constraints extension on the CA certificate is defined as CA.SSL. The rest of the certificate is still validated. WebLogic Server performs this level of certificate validation.SSL.enforceConstraints =true By default.enforceConstraints =off BEA does not recommend using this option in a . This option enforces the IETF RFC 2459 standard.

the problem is mostly likely because the certificate chain used by WebLogic Server is failing the validation.ValidateCertChain -pem zippychain. Checking Certificate Chains WebLogic Server provides a ValidateCertChain command-line utility to check whether or not an existing certificate chain will be rejected by WebLogic Server.OU=FOR TESTING ONLY.ST=MyState. use one of the following methods: . The utility uses certificate chains from PEM files. O=MyOrganization.ValidateCertChain utils.O=MyOrganization.L=MyTown. PKCS-12 files. Determine where the certificate chain is being rejected.O=MyOrganization. A complete certificate chain must be used with the utility.ST=MyState. To troubleshoot problems with certificates.L=MyTown.enforceConstraints command-line argument.pem Cert[0]: CN=zippy.L=MyTown. O=MyOrganization. purchase new CA certificates that comply with the IETF RFC 2459 standard.C=US Cert[1]: CN=CertGenCAB.ValidateCertChain -file pemcertificatefilename -pem pemcertificatefilename -pkcs12store pkcs12storefilename -pkcs12file pkcs12filename password -jks alias storefilename [storePass] Example of valid certificate chain: java utils. and JKS keystores.ValidateCertChain utils.OU=FOR TESTING ONLY.C=US CA cert not marked with critical BasicConstraint indicating it is a CA Cert[1]: CN=CACERT.production environment.ValidateCertChain utils. The following is the syntax for the ValidateCertChain command-line utility: java java java java java utils. Instead.security.SSL.OU=FOR TESTING ONLY.ST=MyState.C=US Certificate chain appears valid Example of invalid certificate chain: java utils.OU=FOR TESTING ONLY.L=MyTown. PKCS-12 keystores.ValidateCertChain -jks mykey mykeystore Cert[0]: CN=corba1.ST=MyState. and decide whether to update the certificate chain with one that will be accepted or change the setting of the -Dweblogic.C=US Certificate chain is invalid Troubleshooting Problems with Certificate Validation If SSL communications were working properly in a previous release of WebLogic Server and start failing unexpectedly.ValidateCertChain utils.

specify this command-line argument on the Remote Start page for the Managed Server. Therefore. The stack trace dumps information into the log file where the ALERT originated.StdoutDebugEnabled=true The following message indicates the SSL failure is due to problems in the certificate chain: <CA certificate rejected.  If you know where the certificate chains for the processes using SSL communication are located. To determine where the ALERT occurred. SSL debugging dumps a stack trace whenever an ALERT is created in the SSL process. trust and validity checks and the default host name verifier) I/O related information Use the following command-line properties to enable SSL debugging: -Dssl. The SSL debug trace displays information about:         Trusted certificate authorities SSL server configuration information Server identity (private key and digital certificate) The encryption strength that is allowed by the license in use Enabled ciphers SSL records that were passed during the SSL handshake SSL failures detected by WebLogic Server (for example. you need to enable SSL debugging on the peer in the SSL connection. look for this error in the client log. you may need to enable debugging on both sides of the SSL connection (on both the SSL client or the SSL server).StdoutDebugEnabled=true The SSL debugging properties can be included in the start script of the SSL server. and the Node Manager. .debug=true -Dweblogic. For a Managed Server started by the Node Manager. The syntax for SSL debug tracing is: -Dssl. The basic constraints for a CA certificate were not marked for being a CA. look for this error in the client and server logs. use the ValidateCertChain command-line utility to check whether the certificate chains will be accepted. To determine the problem. confirm whether there is a trace message after the ALERT. or were not marked as critical> When using one-way SSL. An ALERT received after the trace message indicates the failure occurred on the peer.debug=true -Dweblogic. the SSL client. When using twoway SSL. Turn on SSL debug tracing on the processes using SSL communication. The types and severity of the ALERTS are defined by the TLS specification. when tracking an SSL problem. The log file contains detailed information about where the failure occurred. Enabling SSL Debugging SSL debugging provides more detailed information about the SSL events that occurred during an SSL handshake.

review the information in the log file to ensure:      The correct config. An example of twoway inbound SSL is a browser connecting to a Web application over HTTPS where the browser sends the client's certificate chain to the Web application. Alternatively. WebLogic Server has added two CLV providers:   WebLogic CertPath Provider—Completes certificate paths and validates certificates using the trusted CA configured for a particular server instance. Outbound SSL and two-way inbound SSL in a WebLogic Server instance receive certificate chains during the SSL handshake that must be validated. you can write a custom CertPathValidator to provide additional validation on the certificate chain. The host name check was successful The certificate validation was successful Note: Sev 1 type 0 is a normal close ALERT. The administrator revokes a certificate by removing it from the certificate registry providing an inexpensive mechanism for performing revocation checking.xml file was loaded The license (domestic or export) is correct The trusted certificate authority was valid and correct for this server. You can use certificate lookup and validation (CLV) providers to perform additional validation on the certificate chain. Verifies the signatures in the chain. Ensures that the chain has not expired. This is not configured by default. Completes the certificate chain with trusted CAs. Certificate Registry—The system administrator makes a list of trusted CA certificates that are allowed access to the server. which given a set of trusted CAs:     Verifies that the last certificate in the chain is either a trusted CA or is issued by a trusted CA. not a problem. a certificate is valid if the end certificate is in the registry. This is configured by default. acting as an SSL client) include:   Connecting to the Node Manager Connecting to another WebLogic Server over the administration port . The inbound certificate validation setting is used for all two-way client certificate validation in the server. In this release. For more information. see the Configuring WebLogic Security Providers chapter. Examples of WebLogic Server using outbound SSL (that is. providing the same functionality as the built-in SSL certificate validation.When tracking an SSL problem. Using Certificate Lookup and Validation Providers WebLogic Server SSL has built-in certificate validation.

see:   SSLMBean in the WebLogic Server MBean Reference "Set Up SSL" in the Administration Console Online Help Using the nCipher JCE Provider with WebLogic Server Note: Java Cryptography Extension (JCE) providers are written using the application programming interfaces (APIs) in the JCE available in JDK 5. By default. They also provide strong encryption and cryptographic processes to preserve the integrity and secrecy of keys. the domestic strength jurisdiction policy files are downloadable from Sun Microsystems at http://java. there will always be a BEA license that will enable either export or domestic strength cryptography. SSL is a key component in the protection of resources available in Web servers. That is. the JCE provider in the JDK 5. . offload SSL processing from Web servers freeing the servers to process more transactions. Connecting to an external LDAP server.com/products/jce/javase. After filling out the appropriate forms.0. JCE providers like nCipher which use a hardware card for encryption.html#UnlimitedDownload. Legal values for both attributes are:  BUILTIN_SSL_VALIDATION:  Use the built-in SSL certificate validation code to complete and validate the certificate chain. WebLogic Server does not provide a JCE provider by default. For more information about the features in the JDK JCE provider.sun.sun. For more information. Client code without the appropriate domestic strength cryptography license will only be able to use the J2SE export strength default cryptography. configure SSL to work as has in previous releases plus do extra validation. WebLogic Server supports the use of the following JCE providers:  The JDK JCE provider (SunJCE) in the JDK 5. This type of provider is different from the providers written using the WebLogic Security Service Provider Interfaces (SSPIs). However. This is the default behavior. BUILTIN_SSL_VALIDATION_AND_CERT_PATH_VALIDATORS: Use the built-in trusted CA-based validation and the configured CertPathValidator providers to perform additional validation. heavy SSL traffic can cause bottlenecks that impact the performance of Web servers. configure SSL to work as has in previous releases. The BEA license will continue to control the strength of the cryptography used by the WebLogic Server Application Programming Interfaces (APIs). see http://java. such as the LDAPAuthenticator Using the Administration Console or WLST. you can independently configure inbound and outbound SSL certificate validation using these SSLMBean attributes: InboundCertificateValidation and OutboundCertificateValidation.0 has export strength jurisdiction policy files. That is.0. On the server.com/products/jce/.

followed by 2. For example: security. • Certificate that signed the JAR file Note: This step may have been performed as part of installing the hardware for nCipher JCE provider. Copy the files to one of the following locations: JAVA_HOME/jre/lib/ext For example: BEA_HOME/jdk150_03/jre/lib/ext • In the CLASSPATH of the server. In that case. 1 is the most preferred.provider. and so on.security. verify that the files are correctly installed. Edit the Java security properties file (java.ncipher.security Specify the nCipher JCE provider as: security. • The JCE provider JAR files The files are installed in one of the following ways: • As an installed extension.html. Install and configure the hardware for the nCipher JCE provider per the product's documentation.com/solutions/sslsecurity.Sun . The nCipher JCE provider.provider. The order is 1-based.security) to add the nCipher JCE provider to the list of approved JCE providers for WebLogic Server. Install the files for the nCipher JCE provider.1=sun. see http://www. To install the nCipher JCE provider: 1.mCipherKM where specifies the preference order that determines the order in which providers are searched for requested algorithms when no specific provider is requested.provider.ncipher. n The nCipher JCE provider must follow the RSA JCA provider in the security properties file. For more information about the nCipher JCE provider.n=com.km. The following files are required: • Jurisdiction policy files—The JDK installs these files by default but they are of limited export strength. 3.provider. 2. The Java security properties file is located in: JAVA_HOME/jre/lib/security/java.

it will agree to use whichever of these protocols the client specifies as preferred in its client hello message.0 as well.3=com. it will specify TLS1.ncipher.2=com. Boot WebLogic Server. Only use the TLS V1.provider. and environments with maximum security requirements) where the TLS V1. When WebLogic Server is acting as an SSL client. The weblogic.security.0 protocol if you are certain all desired SSL clients are capable of using the protocol. When WebLogic Server is acting as an SSL server.0 and TLS V1. The peer must respond with an SSL V3.0 client hello message. 5.0 TLS V1. -Dweblogic.security.0 protocols.0 and TLS V1. -Dweblogic. enable debugging according to the nCipher product documentation.0 messages are sent and accepted.rsajca.0 protocols can not be interchanged.protocolVersion command-line argument lets you specify which protocol is used for SSL connections. Note: The SSL V3.SSL.0 as the preferred protocol in its SSL V2. if that is the highest version that the SSL server on the other end supports.security.security. While in most cases the SSL V3. but will agree to SSL V3. SSL performance. The following command-line argument can be specified so that WebLogic Server supports only SSL V3.mCipherKM 4.sun.0 protocol is desired.provider.security.SSL.0 or TLS V1. search[edit] How to use Keytool .km.0 or TLS V1. Keytool From ConchShell Jump to: navigation.0 message or the SSL connection is dropped.SSL.protocolVersion=TLS1—Only messages are sent and accepted.0 protocol is acceptable there are circumstances (compatibility.protocolVersion=SSL3—Only SSL V3.provider.SSL. Specifying the Version of the SSL Protocol WebLogic Server supports both the SSL V3. To ensure the nCipher JCE provider is working properly.protocolVersion=ALL—This is the default behavior.Provider security.notes from my own experiences Mark Foster 5/15/2003 .0 connections:    -Dweblogic.

Say you want to obtain a server certificate from Verisign. You will need to create a keystore with a private key, then create a certificate signing request to give them. They will give you a CA-signed certificate in return. Create your key (this also creates the keystore if it doesn't exist). Make sure to use the full state spelling and cn of your web site.
keytool -v -genkey -keyalg RSA -keystore keystore -dname "cn=www.example.com, ou=None, L=Seattle, ST=Washington, o=ExampleOrg, c=US"

Generate the CSR. Be sure and specify sigalg here or it won't work
keytool -certreq -sigalg MD5withRSA -file www.example.com.csr -keystore keystore -storepass password

Now go to http://digitalid.verisign.com/ Click on SSL Certificates Click on Buy SSL Choose from Secure Site (40-bit) or Secure Site Pro (128-bit). I highly recommend two-years as it will save you the hassle-factor! When it asks for your vendor, just choose BEA WebLogic, as Javasoft has recently been removed. This choice is probably less important than you might think -- when I asked Verisign customer service I was told this is more of a survey than anything else. Verisign will email you the signed certificate as an attachment. Save the attachment as www.example.com.crt, then import it into the keystore
keytool -import -keystore keystore -keyalg RSA -import -trustcacerts -file www.example.com.crt

That should do it! If you chose to get a Global Server ID (128-bit) you will need to import the intermediate CA certificate. You'll know this is the case if you receive this error when you try to install the certificate that Verisign emailed to you.
keytool error: java.lang.Exception: Failed to establish chain from reply

The intermediate CA certificate can be found here: https://www.verisign.com/support/install/intermediate.html Save it as verisign_inter.cer, then do
keytool -keystore keystore -keyalg RSA -import -trustcacerts -alias cacert -file verisign_inter.cer

Certificate was added to keystore

Now go back and try importing your signed certificate again. [edit]

References
Sun's J2EETM Tutorial Setting up a Server Certificate

http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security10.html

Keytool Documentation from Sun

http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html

Using Java's Keytool

http://www.churchillobjects.com/c/11201e.html

Secure Sockets with JSSE & OpenSSL

http://www.churchillobjects.com/c/11201g.html

[edit]

See Also
HowTo compare two cacerts (UNIX)

http://www.techie-blogs.com/wordpress/web/support/security/howto-comparetwo-cacerts-unix/

OpenSSL to Keytool Conversion Tips

http://mark.foster.cc/kb/openssl-keytool.html

Keytool cacert extraction to PEM format using OpenSSL and keytool

http://mark.foster.cc/kb/cacert-keystore-extraction.html

How to obtain an SSL certificate for your server (but using openssl)

http://www.credentia.cc/certs/howto/obtain.html

Production-time Redeployment of Applications in WebLogic Server 9.0
Abstract
Upgrading a running application in a J2EE production environment isn't easy. You either have to undeploy the old version of the application and deploy the new one—causing a temporary outage—or you may have to set up a redundant server/cluster to route the new requests. BEA WebLogic Server 9.0 supports a production redeployment feature that provides a way to seamlessly upgrade an application in a production environment without affecting application availability. After redeploying a new version of the application, all new client connection requests go to the new application. The existing client connections continue to use the old application that will be undeployed/retired after all the existing connections are closed. The two application versions are completely isolated from each other and do not share any resources. Alternatively, the old version of the application can be retired by specifying a retire timeout for the application. This article uses a sample application to demonstrate this functionality.

Requirements
Currently, WebLogic Server 9.0 supports this production redeployment feature only for Web application (WAR) modules and enterprise applications (EARs). All other types of archives (EJB JAR, JCA RAR, WebServices archives, JMS, or JDBC standalone modules) are not supported. EARs can contain all supported module types, except WebServices archives. Production redeployment only supports HTTP clients; Java clients are not supported. Attempting to perform production redeployment with an unsupported archive type will result in an error. To redeploy such modules, remove their version identifiers and explicitly redeploy the modules. In addition, only versioned applications can be redeployed using this feature. A versioned application is an application that has an application archive version specified in the manifest of the application archive. A deployed application must specify a version number before you can perform subsequent production redeployment operations on the application. In other words, you cannot deploy a non-versioned application and later perform production redeployment with a new version of the application. WebLogic Server 9.0 can host a maximum of two different versions of an application at any one time. Also, when you redeploy a new version of an application, you cannot change the application's deployment targets, security model, or persistent store settings. To change any of the above features, you must first undeploy the active version of the application.

Application Version Information
The application version information can be specified in the MANIFEST.MF file's WebLogic-Application-Version property. The manifest is a special file that can

the application archive version string cannot be ". The value specified in MANIFEST. but the versionedjsp.jsp contains a session. If a new application archive version is specified. WebLogic Server will perform production redeployment with version isolation.". the Deployer tool allows you to manually specify a unique version string using the -appversion option when deploying .contain information about the files packaged in a JAR file." "a"-"z.1_05-b01 (Sun Microsystems Inc. period (". The version number is important when considering the redeployment of versionable applications.MF file will take precedence over the -appversion value.").jsp file contains a simple print statement.jsp file contains code to set the timeout value for the session.invalidate() command to invalidate all the sessions." "0"-"9"). The other application. We'll use these applications to demonstrate the versioning process.0 Created-By: 1. and hyphen ("-"). underscore ("_"). you enable the JAR file to serve a variety of purposes. Additionally.4.) WebLogic-Application-Version: v1 The application archive version is a string that can only contain the following characters: alphanumeric ("A"-"Z. The Sample Versioned Application The attached sample application (VersionedApp1) contains a Web application. an application archive whose application archive version is "v1" could have the following manifest content: Manifest-Version: 1." or ". If you want to use production redeployment with an application that does not include a version string in the manifest file. You can either specify a version for an application using the manifest file.. or assign one when using the Deployer tool's -appversion option. The timeoutsession. which has three JSP files: • • • The versionedjsp. By tailoring this "meta" information that the manifest contains. contains the same set of files. Deploying the Application The sample applications provided along with this article do not have version information in their manifest files. If the same application archive version is specified. For example. The length of the application archive version should be less than 215 characters. The invalidatesession.jsp file will print a different message. VersionedApp2. WebLogic Server will perform in-place redeployment.

Deployer -adminurl http://localhost:8802 -user weblogic -password weblogic -listapps Redeploying a New Version of the Application Now that we've deployed the application. for example. Note that the version string specified with -appversion is applied only when the deployment source files do not specify a version string in MANIFEST.Deployer -adminurl http://localhost:8802 -username weblogic -password weblogic -name VersionedApp -targets adminServer -redeploy -source C:/tmp/VersionedApp2 -appversion version2 If you want to specify a fixed time period after which the older version of the application is undeployed (regardless of whether clients finish their work). So for example. This may be necessary if. command line-based deployment operations.Deployer -adminurl http://localhost:8802 -username weblogic -password weblogic -name VersionedApp -targets adminServer -deploy -source C:/tmp/VersionedApp1 -appversion version1 Deployer is a Java-based deployment tool that provides a command-line interface to the WebLogic Server deployment API.or redeploying an application. an application remains in the retiring state with only one or two long-running client sessions that you do not want to preserve. use the -undeploy command and specify the application version: java weblogic. you can immediately undeploy the application version without waiting for retirement to complete.MF. To force the undeployment of a retiring version of an application. we perform redeploy with the -appversion option as mentioned above: java weblogic. use the -retiretimeout option with the -redeploy command.Deployer -adminurl http://localhost:8802 . let's look at redeploying it. (-retiretimeout specifies the number of seconds after which the older version of the application is retired): java weblogic. you need not provide the -appversion option. Run this command to deploy the application with a version of version1: java weblogic. For applications with version information in the manifest files.Deployer -adminurl http://localhost:8802 -username weblogic -password weblogic -name VersionedApp -targets adminServer -redeploy -source C:/tmp/VersionedApp2 -appversion version2 -retiretimeout 300 If WebLogic Server has not yet retired an application version. Deployer is intended for administrators and developers who want to perform interactive. You can also display version information for deployed applications from the command line using the Deployer -listapps command. Since our deployment files do not contain version information in the manifest files. after deploying the above application you can run this command to list the application: java weblogic.

Now invoke the invalidatesession. Rolling Back the Production Redeployment Process Reversing the production redeployment process switches the state of the active and retiring applications and redirects new client connection requests accordingly.jsp from the first browser window: http://localhost:8802/VersionedApp/invalidatesession. After deploying the VersionedApp2 application. Now we should see the "Output from VersionedApp2 JSP" message from the VersionedApp2 application. The retirement process should have started now. In the browser window we should see the "Output from VersionedApp1 JSP" message. open a browser and invoke the versionedjsp. both the versions of application should be alive. issue a second -redeploy command and specify the deployment source files for the older version: java weblogic. and you want to stop clients from accessing it.jsp That should establish an HTTP session to the VersionedApp1 application.jsp This will invalidate all the established sessions to the VersionedApp1 application. Wait a few moments for the retirement process to complete and invoke versionedjsp.jsp This time you should see the "Output from VersionedApp2 JSP" message from the VersionedApp2 application.jsp. Reverting the production redeployment process may be necessary if you detect a problem with a newly deployed version of an application.jsp from the first browser window: http://localhost:8802/VersionedApp/versionedjsp. Verifying the Deployment After deploying the first version of the application. At this time.jsp: http://localhost:8802/VersionedApp/versionedjsp. Take a look at the server console window.Deployer -adminurl http://localhost:8802 -user weblogic -password weblogic -redeploy -name VersionedApp C:/tmp/VersionedApp1 -retiretimeout 300 . WebLogic Server undeploys the active version and all retired versions of the application.-username weblogic -password weblogic -name VersionedApp -targets adminServer -undeploy -name VersionedApp -appversion version1 If you do not explicitly specify an application version with the -appversion option. open another browser window and invoke the versionedjsp. To roll back the production redeployment process.

His expertise includes WebLogic application clustering and deployment. Seetharam Param works as a Senior Software Engineer at BEA Systems. His expertise includes application deployment in WebLogic Server.zip . but also provide minimal disruption to the end user.version 1 sample application VersionedApp2. which will not only make their tasks easier. customers get the ability to roll out application upgrades in a production environment transparently.zip .0 (product documentation) Working with manifest files (Sun Microsystems documentation) dev2dev BEA WebLogic Server Product Center Abhijit Patil works as a Senior Software Engineer at BEA Systems.conf Configuration Files Using SSL with the Apache Plug-In Issues with SSL-Apache Configuration Connection Errors and Clustering Failover . With this functionality.conf File Sample httpd. Administrators should definitely consider using this functionality in production environments. without disruption to clients.Conclusion Production redeployment is a very powerful functionality. Downloads • • VersionedApp1.version 2 sample application References: Developing Applications for Production Redeployment (product documentation) • • • • weblogic.Deployer Command-Line Reference (product documentation) What's New in WebLogic Server 9. Installing and Configuring the Apache HTTP Server Plug-In The following sections describe how to install and configure the Apache HTTP Server Plug-In:          Overview of the Apache HTTP Server Plug-In Certifications Installing the Apache HTTP Server Plug-In Configuring the Apache HTTP Server Plug-In Template for the Apache HTTP Server httpd. Production redeployment not only requires fewer hardware resources but also provides more flexibility and control of application availability.

except that an Apache module is written in code native to the platform. The plug-in enhances an Apache installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server. Apache modules are similar to HTTP servlets. The following types of problems may occur:  In a clustered environment.x Version 1. because some plug-in processes do not have the new JVMID of those restarted servers. possibly on a different host. The plug-in is intended for use in an environment where an Apache Server serves static pages.3. and the state of the plug-in cannot be synchronized across multiple child processes. HTTP-tunneling.Overview of the Apache HTTP Server Plug-In The Apache HTTP Server Plug-In allows requests to be proxied from an Apache HTTP Server to WebLogic Server. and another part of the document tree (dynamic pages best generated by HTTP Servlets or JavaServer Pages) is delegated to WebLogic Server. To the end user—the browser—the HTTP requests delegated to WebLogic Server still appear to be coming from the same source. The Apache HTTP Server Plug-In operates as an Apache module within an Apache HTTP Server. connection pooling and keep-alive connections between WebLogic Server and the Apache HTTP Server Plug-In cannot be supported. providing non-browser clients access to WebLogic Server services.  In non-clustered environment. Because Apache HTTP Server is multiprocessed. a plug-in may lose the stickiness of a session created after restarting WebLogic Server instances. . and treat them as unknown JVMIDs. An Apache module is loaded by Apache Server at startup. Limitations in Apache Version 1. and then certain HTTP requests are delegated to it. a technique which allows HTTP requests and responses access through a company's firewall.x of the Apache HTTP Server Plug-In creates a socket for each request and closes the socket after reading the response. a plug-in may dispatch requests to an unavailable WebLogic Server instance because the DynamicServerList is not current in all plug-in processes.3x of the Apache HTTP Server has several limitations with the WebLogic Server plug-in that do not exist in later versions. which may be operating in a different process. Keep-Alive Connections Not Supported Version 1. Inconsistent States The Apache HTTP Server has a multi-process architecture. can also operate through the plug-in.3.

You can proxy requests based on the URL of the request (or a portion of the URL). (or a user-defined amount of time) the connection is closed and returned to the pool. see Configuring the Apache HTTP Server Plug-In. (Installation as a statically linked module is only available for Apache version 1.x. Installing the Apache HTTP Server Plug-In You install the Apache HTTP Server Plug-In as an Apache module in your Apache HTTP Server installation. To avoid these issues. There are separate instructions in this section for DSO and statically linked module installation. upgrade to Apache 2.conf. For more information. You can also specify additional parameters for each type of request that define additional behavior of the plug-in. the request is proxied by path. AIX. and HPUX11 platforms.0 Version 2. see Platform Support for WebLogic Server Plug-ins and Web Servers in Supported Configurations for WebLogic Server 7.For information on platform support for specific versions of Apache. For information about editing httpd. The module is installed either as a Dynamic Shared Object (DSO) or as a statically linked module. You can disable this feature if desired. Proxying Requests The plug-in proxies requests to WebLogic Server based on a configuration that you specify.0.1 keep-alive connections between the plug-in and WebLogic Server by reusing the same connection in the pool for subsequent requests from the same client. Installing the Apache HTTP Server Plug-In as a Dynamic Shared Object To install the Apache HTTP Server Plug-In as a dynamic shared object: . see Configuring the Apache HTTP Server Plug-In.conf.0 of the Apache HTTP Server Plug-In improves performance by using a reusable pool of connections from the plug-in to WebLogic Server. restart or send a HUP signal (kill -HUP) to the Apache server to refresh all plug-in processes. Certifications The Apache HTTP Server Plug-In is supported on Linux. This is called proxying by path. see "KeepAliveEnabled".3.x). If a request matches both criteria. For more information. Solaris.To temporarily correct inconsistencies of this type. Keep-Alive Connections in Apache Version 2. Windows. Or you can use a combination of both methods.0. You can also proxy requests based on the MIME type of the requested file. Plug-ins are not supported on all operating systems for all releases. The plug-in implements HTTP 1. If the connection is inactive for more than 30 seconds. and configure Apache to use the multithreaded and single-process model by setting MaxSpareServers=1 in httpd.

Because of a problem with the order in which linked libraries are loaded on HP-UX. Set the following environment variables: export EXTRA_LDFLAGS="-lstd -lstream -lCsup -lm -lcl -ldld -lpthread" Proceed with the configure. The Apache plug-in is distributed as a shared object (.0.x server on HP-UX11.so (applicable to Apache versions 2.0. set the environment variables specified below before you build the Apache server. Locate the shared object file for your platform./configure --prefix=$INSTALLATION_DIRECTORY --enable-so --withmpm=worker make make install See the Apache HTTP Server documentation for more information about building and configuring your Apache server. whether or not SSL is to be used between the client and Apache.x ) WL_HOME\server\bin HPUX11 AIX WL_HOME/server/lib/hpux11 WL_HOME/server/lib/aix Warning: If you are running Apache 2.so) for use on Solaris. depending on the platform. Each shared object file is distributed as a separate version. a core dump can result if the load order is not preset as an environment variable before building. Linux. Choose the appropriate shared object from the following table: . AIX and HPUX11 platforms.1. make. and the encryption strength for SSL (regular or 128 bit— 128 bit versions are only installed if you install the 128 bit version of WebLogic Server). Windows. The shared object files are located in the following directories of your WebLogic Server installation (where WL_HOME is the top-level installation directory for the WebLogic platform and the Server directory contains WebLogic Server installation files): Shared Object Location Table 2-1 Locations of Plug-In Shared Object Files Operating System Solaris Linux WL_HOME/server/lib/solaris WL_HOME/server/lib/linux/i686 WL_HOME/server/lib/linux/s390 Windows WL_HOME\server\bin\mod_wl_20. and make install steps: .

so mod_wl_ssl_raven.so mod_wl28_20.0.c should already be enabled. build your Apache HTTP Server from the source code.so mod_wl_20. The Apache HTTP Server Plug-In will be installed in your Apache HTTP Server installation as an Apache Dynamic Shared Object (DSO).so 2. making sure that the following options are configured: . APACHE_HOME\bin\httpd -l For Apache 2.. DSO support in Apache is based on a module named mod_so. execute one of the following commands: For Apache 1.so mod_wl128_ssl. modssl etc.x (Stronghold.x Apache w/ SSL/EAPI Version 1...c is enabled. If mod_so. If you installed Apache using the supplied script.x.c that must be enabled before mod_wl.x. mod_so.0.Apache Version Standard Apache Version 1.c is not listed..so 128-bit Encryption mod_wl128. --enable-module=so --enable-rule=SHARED_CORE .) This command lists all of the enabled modules.so mod_wl128_ssl_raven.) Apache + Raven Version 1.x Required because Raven applies frontpage patches that makes the plug-in incompatible with the standard shared object Standard Apache Version 2.x Regular Strength Encryption mod_wl. To verify that mod_so.so mod_wl_ssl. Enable the shared object.so is loaded. APACHE_HOME\bin\Apache -l (Where APACHE_HOME is the directory containing your Apache HTTP Server installation. .

c For Apache 2.0.so This command copies the mod_wl.conf file and activates the module.conf file in your Apache 1.0.x.x. see Manual Page: apxs at http://httpd.so • For Apache 2. in your WebLogic Server installation.c libexec/mod_wl. see the Apache HTTP Server Version 2. For more information. The httpd.so 5.so file to the APACHE_HOME\modules directory rather than running apxs. Install the Apache HTTP Server Plug-In in the Apache 1. 6.conf file manually: LoadModule weblogic_module modules/mod_wl_20. 4. copy the mod_wl_20. Make sure that the following lines were added to your APACHE_HOME/conf/httpd. add the following line to your APACHE_HOME/conf/httpd.conf file allows you to customize the behavior of the Apache HTTP Server Plug-In. Issue the following command : $ apxs mod_so.conf file: AddModule mod_so.x.x server with a support program called apxs (APache eXtenSion.conf configuration file as described in the section Configuring the Apache HTTP Server Plug-In. It also adds two lines of instructions for weblogic_module to the httpd. APACHE_HOME\bin\apachect1 configtest For Apache 2.conf file with one of the following commands: For Apache 1. Configure any additional parameters in the Apache httpd.so file to the APACHE_HOME\libexec directory. Verify the syntax of the APACHE_HOME\conf\httpd.html).0. Activate the weblogic_module. use a command shell to navigate to the directory that contains the shared object for your platform and activate the weblogic_module by issuing this command (note that you must have Perl installed to run this Perl script): perl APACHE_HOME\bin\apxs -i -a -n weblogic mod_wl.c to build Dynamic Shared Object-based modules outside of the Apache source tree and add the following line to the httpd.x.x. APACHE_HOME\bin\Apache -t . the WebLogic Server extension to the Apache server: • For Apache 1.0 documentation.x server installation: LoadModule weblogic_module AddModule mod_weblogic.3.org/docs/programs/apxs.apache.

9. Note: Apache -t is a valid command for Apache 2.x on HP-UX.com/weblogic/ Installing the Apache HTTP Server Plug-In as a Statically Linked Module To install the Apache HTTP Server Plug-In as a statically linked module: 1. for Apache 2. Each library file is distributed as a separate version.The output of this command indicates any errors in your httpd. as defined for the default Web Application on WebLogic Server.0.a If you are using the Gnu C Compiler (gcc). Test the Apache plug-in by opening a browser and setting the URL to the Apache Server + "/weblogic/". The library files are located in the following directories of your WebLogic Server installation: Solaris WL_HOME/Server/lib/solaris Linux WL_HOME/Server/lib/linux HPUX11 WL_HOME/Server/lib/hpux11 Choose the appropriate shared object from the following table.x is the required version.0. Apache -t is not a valid command. For example: http://myApacheserver.x on HP-UX has apachectl and not the Apache command file. depending on the platform and the encryption strength for SSL (regular or 128-bit—128-bit versions are only installed if you install the 128-bit version of WebLogic Server). which should bring up the default WebLogic Server HTML page. 8. gcc 2. or default servlet. Start (or restart if you have changed the configuration) Apache HTTP Server.95. 2. 7. because Apache 2. Apache Version Standard Apache Version 1.a 128-bit Encryption libweblogic128.x on Windows. However. Locate the linked library file for your platform. Unpack the Apache Plug-In distribution using the following command: .conf file. Restart Weblogic Server.x Regular Strength Encryption libweblogic. welcome file.0.3.

) to src\modules\weblogic. execute the following command (on a single line) from the Apache 1.conf file in your Apache HTTP server installation to configure the Apache HTTP Server Plug-In: 1.conf File Edit the httpd. The file is located at APACHE_HOME\conf\httpd. edit the httpd. 5. Makefile. If you are using 128 bit encryption.tar 3. Copy libweblogic. execute the following command from the Apache 1.x. Within the unpacked distribution switch to the src/modules directory.conf file to configure the Apache plug-in. Create a directory called weblogic. Editing the httpd. inInstalling the Apache HTTP Server PlugIn as a Dynamic Shared Object Configuring the Apache HTTP Server Plug-In After you install the plug-in in the Apache HTTP server. 6.a (use libweblogic128.) from the same directory containing the linked library file (see step 1. Follow steps 4 through 8.a 8.conf file informs the Apache Web server that it should load the native library for the plug-in as an Apache module and also describes which requests should be handled by the module.3 home directory: configure--activate-module= src\modules\weblogic\libweblogic128.tmpl from the lib directory of your WebLogic Server installation to src\modules\weblogic. make 10. . Execute the following command: Execute the following command: make install 11.conf file.tar -xvf apache_1. If you are using regular strength encryption.conf (where APACHE_HOME is the root directory of your Apache HTTP server installation). if you are using 128 bit security. Open the httpd. Editing the httpd. 4.3.a 9.a instead. Copy Makefile.3 home directory: configure --activate-module=src\modules\weblogic\libweblogic. 7.libdir.

server.x. the following IfModule block for a non-clustered WebLogic Server specifies that all files with MIME type . libexec\mod_wl. see step 6.com WebLogicPort 7001 </IfModule> 5.conf file: modules\mod_wl_20.com WebLogicPort 7001 MatchExpression *.com WebLogicPort 7001 MatchExpression *.xyz </IfModule> If you are proxying requests by MIME type to a cluster of WebLogic Servers. For example: <IfModule mod_weblogic. Proxying by path takes precedence over proxying by MIME type. also add a MatchExpression line to the IfModule block. To configure proxying requests by path.x.so For Apache 2. ) For example.2. verify that the following two lines were added to the httpd.server. For example: .0.server.so LoadModule weblogic_module 4. If you want to proxy requests by MIME type. For a cluster of WebLogic Servers: The WebLogicCluster parameter.jsp </IfModule> You can also use multiple MatchExpressions.jsp MatchExpression *.c> WebLogicHost myweblogic. add the following line to the httpd.conf file when you ran the apxs utility: LoadModule weblogic_module AddModule mod_weblogic. for example: <IfModule mod_weblogic.c> WebLogicHost myweblogic.c> WebLogicHost myweblogic. (You can proxy requests by path in addition to or instead of proxying by MIME type.jsp are proxied: <IfModule mod_weblogic. Add an IfModule block that defines one of the following: For a non-clustered WebLogic Server: The WebLogicHost and WebLogicPort parameters. For Apache 1.c 3. use the WebLogicCluster parameter instead of the WebLogicHost and WebLogicPort parameters.

c> # Config file for WebLogic Server that defines the parameters Include conf/weblogic. define these parameters either: • In a Location block. . SetHandler specifies the handler for the Apache HTTP Server Plug-In module.com:7001 MatchExpression *. Do not put an `=' between the parameter and its value.<IfModule mod_weblogic.jsp MatchExpression *.conf File  As an alternative to the procedure in Editing the httpd.conf file that is included in the IfModule block.conf </IfModule> Note: Defining parameters in an included file is not supported when using SSL between Apache HTTP Server Plug-In and WebLogic Server. Using this included file may help modularize your configuration.conf File you can define parameters in a separate file called weblogic.  Enter each parameter on a new line. or • In an IfModule block. for parameters that apply to proxying by MIME type. use the Location block and the SetHandler statement. the behavior specified by the Location block takes precedence.xyz </IfModule> 6. for parameters that apply to proxying by path.w1s2.c> WebLogicCluster w1s1.  If you define the CookieName parameter. For example: PARAM_1 value1 PARAM_2 value2 PARAM_3 value3  If a request matches both a MIME type specified in a MatchExpression in an IfModule block and a path specified in a Location block. In. For example the following Location block proxies all requests containing /weblogic in the URL: <Location /weblogic> SetHandler weblogic-handler </Location> 7.com:7001.com:7001. For example: <IfModule mod_weblogic. you must define it in an IfModule block. Alternative Procedure for Editing the httpd. If you want to proxy requests by path. Define any additional parameters for the Apache HTTP Server Plug- The Apache HTTP Server Plug-In recognizes the parameters listed in General Parameters for Web Server Plug-Ins. To modify the behavior of your Apache HTTP Server Plug-In.w1s3.

. All the requests which match /web/* will have Debug Level set to OFF and no log messages will be logged. you must place all the configuration parameters (MatchExpression. If you use the <files> block in addition to the <location> block to match requests and you are using Stronghold SSL (a commercial Apachebased Web server) with virtual hosting. Note that Apache HTTP Server is not case sensitive. Instead of specifying the same Debug. for example) for each virtual host within its <VirtualHost> block.  If you use the <VirtualHost> block. WLLogFile and WLTempDir properties in each virtual host you can specify them just once in the <IfModule> tag  Sample httpd.conf File This section contains a sample httpd.conf file.log </Location> <Location /foo> SetHandler weblogic-handler PathTrim /foo Debug ERR WLLogFile c:/tmp/foo_proxy. rules in the <location> block overrule those in a <files> block.  If you want to have only one log file for all the virtual hosts configured in your environment. and that the LoadModule and AddModule lines are automatically added by the apxs utility.log WLTempDir "c:/myTemp" DebugConfigInfo On KeepAliveEnabled ON KeepAliveSecs 15 </IfModule> <Location /jurl> SetHandler weblogic-handler WebLogicCluster agarwalp01:7001 </Location> <Location /web> SetHandler weblogic-handler PathTrim /web Debug OFF WLLogFile c:/tmp/web_log.c> WebLogicCluster agarwalp02:8005. Lines beginning with # are comments. you can achieve it using global properties. You can use this sample as a template that you can modify to suit your environment and server. All the requests which match /foo/* will have Debug Level set to ERR and log messages will be logged to c:/tmp/foo_proxy.log file  BEA recommends that you use the MatchExpression statement instead of the <files> block.agarwalp02:8006 Debug ON WLLogFile c:/tmp/global_proxy.log </Location> All the requests which match /jurl/* will have Debug Level set to ALL and log messages will be logged to c:/tmp/global_proxy.log file. If you are not using Stronghold.conf file: <IfModule mod_weblogic. MatchExpression is ignored and the rules defined in the <files> and <location> blocks are applied to the request. Template for the Apache HTTP Server httpd.

myHost2:7283| ErrorPage= http://www.mydomain.mydomain.jsp WebLogicCluster w1s1. (Except WebLogicHost.c> WebLogicCluster w1s1.conf file.com:7001. you can use a weblogic.mydomain.) <IfModule mod_weblogic. # WebLogicPort.) <IfModule mod_weblogic. you can set them again in . and CookieName.w1s2. If you want to override # these parameters for each URL. WebLogicCluster.jsp WebLogicHost=myHost|WebLogicPort=7001|Debug=ON MatchExpression *.w1s3.mydomain.c> MatchExpression *. Example Using WebLogic Clusters # These parameters are common for all URLs which are # directed to the current module.html WebLogicCluster=myHost1:7282.w1s3.conf file #################################################### LoadModule weblogic_module libexec/mod_wl.com MatchExpression *. If you want to override # these parameters for each URL.com </IfModule> Sample httpd.w1s2.c <Location /weblogic> SetHandler weblogic-handler PathTrim /weblogic ErrorPage http://myerrorpage1. Lines beginning with # are comments.com:7001.conf file that is loaded by the IfModule in the httpd. you can set them again in # the <Location> or <Files> blocks.html </IfModule> Example Without WebLogic Clusters # These parameters are common for all URLs which are # directed to the current module.com:7001 ErrorPage http://myerrorpage.com </Location> <Location /servletimages> SetHandler weblogic-handler PathTrim /something ErrorPage http://myerrorpage1. you can set them again in # the <Location> or <Files> blocks (Except WebLogicHost. If you want to override # these parameters for each URL.xyz.com/error.com </Location> <IfModule mod_weblogic. The following examples may be used as templates that you can modify to suit your environment and server.jsp </IfModule> #################################################### Example Using Multiple WebLogic Clusters # These parameters are common for all URLs which are # directed to the current module.com:7001. if you prefer. # WebLogicPort.com:7001 ErrorPage http://myerrorpage.conf file.conf Configuration Files Instead of defining parameters in the location block of your httpd.#################################################### APACHE-HOME/conf/httpd.so AddModule mod_weblogic.com:7001. WebLogicCluster.c> MatchExpression *. and CookieName.

17..) <IfModule mod_weblogic.mydomain.server.# the <Location> or <Files> blocks (Except WebLogicHost.55.55.55.com <Location / > SetHandler weblogic-handler WebLogicHost russell WebLogicPort 7001 Debug ON DebugConfigInfo ON </Location> </VirtualHost> Example Configuring Multiple Name-Based Virtual Hosts # VirtualHost1 = localhost:80 <VirtualHost 127..jsp </IfModule> Example Configuring IP-Based Virtual Hosting NameVirtualHost 172.55.2:80 <IfModule mod_weblogic. WLS parameter .0.0.208> ServerName myserver.99.162.com> WebLogicCluster tehama1:4736. # WebLogicPort.72:7001 Idempotent ON Debug ON DebugConfigInfo ON </Location> </VirtualHost> <VirtualHost 162.c> WebLogicHost myweblogic..99.208> ServerName myserver.com> WeblogicCluster green1:4736.domain1.jsp <some additional parameter> MatchExpression *.jsp PathPrepend=/test2 </IfModule> </VirtualHost> # VirtualHost2 = 127. and CookieName.c> #.c> .com WebLogicPort 7001 MatchExpression *.0.mydomain.99.domain2.localhost:7201 # Example: MatchExpression *. WebLogicCluster. WebLogicCluster localhost:7101.1:80> DocumentRoot "C:/test/VirtualHost1" ServerName localhost:80 <IfModule mod_weblogic.99.tehama:4736 PathTrim /x1 ConnectTimeoutSecs 30 </VirtualHost> <VirtualHost goldengate.0..0.71:7001.1 <VirtualHost goldengate.8.0.com <Location / > SetHandler weblogic-handler WebLogicCluster 162.2:80 <VirtualHost 127.green2:4736.0.2:80> DocumentRoot "C:/test/VirtualHost1" ServerName 127.tehama2:4736.0.green3:4736 PathTrim /y1 ConnectTimeoutSecs 20 </VirtualHost> Example Configuring Name-Based Virtual Hosting With a Single IP Address <VirtualHost 162.

cert.security.security. The Apache HTTP Server Plug-In does not use the transport protocol (http or https) specified in the HTTP request (usually by the browser) to determine whether or not the SSL protocol is used to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server.ssl.jsp PathPrepend=/test2 #.net. 3. Configuring SSL Between the Apache HTTP Server Plug-In and WebLogic Server To use the SSL protocol between Apache HTTP Server Plug-In and WebLogic Server: ..localhost:7201 # Example: MatchExpression *. Access the certificate by reading the request attribute. Configure Apache HTTP Server to request a client certificate.jsp <some additional parameter> MatchExpression *.X509Certificate returns a java. </IfModule> </VirtualHost> <IfModule mod_weblogic.c> You must define a unique value for 'ServerName'or some Plug-In parameters will not work as expected.X509Certificate certificate • java..X509 certificate 2. WLS parameter . WebLogicCluster localhost:7101. WLS parameter .peer_certificates"). authenticate the user with the weblogic.. In WebLogic Server.cert.. The certificate is stored as one of the following request attributes: • javax. Implementing Two-way SSL between Apache and the HTTP Client: 1.net.#.. Although two-way SSL can be used between the HTTP client and Apache HTTP server..ssl.acl.getAttribute("javax.authenticate() method.certAuthenticator.security.. Using SSL with the Apache Plug-In You can use the Secure Sockets Layer (SSL) protocol to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server. for example: request.peer_certificates returns a weblogic. The SSL protocol provides confidentiality and integrity to the data passed between the Apache HTTP Server Plug-In and WebLogic Server.security.. note that one-way SSL is used between Apache HTTP Server and WebLogic Server.

5. allows WebLogic Server to determine whether to trust the certificate header.0. In previous releases of WebLogic Server. see SSL Parameters for Web Server Plug-Ins Specifying Trust for the WL-Proxy-Client-Cert Header The plug-in can encode users' identity certifications in the WL-Proxy-Client-Cert header and pass the header to WebLogic Server instances (see Proxying Requests to Another Web Server). set the WebLogicPort parameter in the httpd. For more information. 2.clientCertProxy</param-name> <param-value>true</param-value> </context-param> You can also use this parameter in a cluster as follows: <Cluster ClusterAddress="127.1.conf file to ON. In the Apache Server.1" Name="MyCluster" ClientCertProxyHeader="true"/> . Configure the WebLogic Server SSL listen port. A WebLogic Server instance uses the certificate information from that header.1 SP2. trusting that it comes from a secure source (the Plug-In). you need to explicitly define trust of the WL-Proxy-Client-Cert header. For a complete list of parameters. see Configuring the SSL Protocol. For an additional level of security. to authenticate the user.xml file as follows: ServletRequestImpl context-param <context-param> <param-name>weblogic. add the parameter to the web. Beginning with WebLogic Server 6. For more information. 4. Configure WebLogic Server for SSL.conf file that define information about the SSL connection. For the HTTPClusterServlet. see Configuring the SSL Protocol.0.httpd.xml file as follows: <context-param> <param-name>clientCertProxy</param-name> <param-value>true</param-value> </context-param> For Web applications. The clientCertProxy parameter has been added to the HTTPClusterServlet and Web applications. A new parameter. Set any additional parameters in the httpd. In the Apache Server. clientCertProxy. the default behavior was to always trust the WL-Proxy-Client-Cert header.conf file to the listen port configured in step 2. use a connection filter to limit all connections into WebLogic Server (therefore allowing WebLogic Server to only accept connections from the machine on which the plug-in is running). set the SecureProxy parameter in the httpd. add the parameter to the web. 3.

double click the lock and go to the certificates path: * Select the root CA (at the top) * Display it * Detail and then copy this certificate to a file using the Coded "Base 64 X509" option * Save the file. You must configure all parameters directly in the httpd. Issues with SSL-Apache Configuration The following known issues may arise when you configure the Apache plug-in to use SSL:  To prepare the plugin configuration. failover may not work properly when the plug-in tries to connect to a backend . for example.conf </IfModule>  If you use precompiled OpenSSL from Sunfreeware.cerý (which is also a PEM file)  tag.com.This parameter can be used with a third party proxy server such as a load balancer or an SSL accelerator to enable 2-way SSL authentication. to ýMyWeblogicCAToTrust.conf file. The PathTrim parameter must be configured inside the <Location> The following configuration is incorrect: <Location /weblogic> SetHandler weblogic-handler </Location> <IfModule mod_weblogic.jsp Include weblogic.c> MatchExpression *.c> WebLogicHost localhost WebLogicPort 7001 PathTrim /weblogic </IfModule> The following configuration is the correct setup: <Location /weblogic> SetHandler weblogic-handler PathTrim /weblogic </Location>  The Include directive does not work with Apache SSL. Do not use the following configuration when using SSL: <IfModule mod_weblogic.

networking problems. The plug-in continues trying to connect to that same WebLogic Server instance until ConnectTimeoutSecs is exceeded./apache_1. If you encounter such a failure. Failure of all WebLogic Server instances to respond. or other application failure. could indicate that WebLogic Server is not running or is unavailable. rebuild OpenSSL and modssl and Apache using the following configuration settings. ./configure "--with-apache=./Configure solaris-sparcv8-gcc -fexceptions --prefix=/home/egross/solaris/ssl shared make make install • For building modssl and Apache: cd . an error message is sent. Possible Causes of Connection Failures Failure of the WebLogic Server host to respond to a connection request could indicate possible problems with the host machine. the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and.8. a hung server.27 export LD_LIBRARY_PATH=/home/egross/solaris/ssl/lib .. the plug-in attempts to connect and send the request to other WebLogic Server instances in the cluster. Non-Clustered WebLogic Server If you are running only a single WebLogic Server instance the plug-in only attempts to connect to the server defined with the WebLogicHost parameter. a database problem. If the plug-in cannot connect or does not receive a response. cd mod_ssl-2. how long the plug-in waits for a response.3. If the attempt fails. Failover with a Single. • For building OpenSSL: .3..27" "--with-ssl=/home/egross/solaris/ssl" "-prefix=/usr/local/apache_so" "--enable-rule=SHARED_CORE" "--enable-shared=ssl" "-enable-module=so" "$@" cd . an HTTP 503 error message is returned.3. or other server failures.. Connection Errors and Clustering Failover When the Apache HTTP Server Plug-In attempts to connect to WebLogic Server./apache_1. after a connection is established.12-1.27 make make install  The current implementation of the WebLogic Server Apache plug-in does not support the use of multiple certificate files with ApacheSSL. Figure 2-1 demonstrates how the plug-in handles failover. If the connection fails or there is no response from any WebLogic Server in the cluster.instance of WebLogic Server.

if you store the session ID in the POST data. The updated list adds any new servers in the cluster and deletes any that are no longer part of the cluster or that have failed to respond to requests. If that attempt fails. Note: If the POST data is larger than 64K. in the POST data. or by URL encoding. the plug-in will not parse the POST data to obtain the session ID. After the first request is routed to one of these servers. and HTTP Sessions When a request contains a session information stored in a cookie. A request containing a cookie attempts to connect to the primary server. the session ID contains a reference to the specific server instance in which the session was originally established (called the primary server) and a reference to an additional server where the original session is replicated (called the secondary server). the plug-in cannot route the request to the correct primary or secondary server. Therefore. resulting in possible loss of session data. see Figure 2-1 Connection Failover. Failover. If both the primary and secondary servers fail. the plug-in uses that list as a starting point for load balancing among the members of the cluster. For more information. Cookies.The Dynamic Server List When you specify a list of WebLogic Servers in the WebLogicCluster parameter. Figure 2-1 Connection Failover . a dynamic server list is returned containing an updated list of servers in the cluster. the session is lost and the plug-in attempts to make a fresh connection to another server in the dynamic cluster list. the request is routed to the secondary server. This list is updated automatically with the HTTP response when a change in the cluster occurs.

.

In the Domain Structure tree.  Failed to write POST data to the temp file. see Using Third-Party JDBC Drivers with WebLogic Server In WebLogic Server.  POST timed out. If you have not already done so. Each WebLogic data source contains a pool of database connections.  SSL was specified without the parameter trustedCAFile. exceeds 65535. Failed to read the chunked request. Create JDBC data sources Before you begin Make sure that the JDBC drivers that you want to use to create database connections are installed on all servers on which you want to deploy the data source.  Idempotent is OFF. and Sybase. click Lock & Edit (see Use the Change Center). On the other hand. Informix.Notes: The HTTP error code thrown by the plug-in depends on the situation.  Unable to resolve the WebLogicHost parameter specified in the httpd. in the Change Center of the Administration Console. Applications look up the data source on the JNDI tree or in the local application context and then reserve a database connection with the getConnection method.conf file. expand Services > JDBC. then select Data Sources. MS SQL Server.  Port number specified by WebLogicPort.conf file.  The request header is of type Unknown Transfer-Encoding. the HTTP error code 503 is returned when:  The maximum number of retries is exceeded.conf file. A data source is a J2EE standard method of configuring connectivity to a database. To create a JDBC data source: 1. 2.  Unsuccessful in parsing the request while applying the PathTrim property. in the httpd. you configure database connectivity by adding JDBC data sources to your WebLogic domain. This value is computed by dividing ConnectTimeoutSecs by ConnectRetrySecs.  Encounetered an error reading POST data from the temp file. including BEA WebLogic Type 4 JDBC drivers for DB2. . Oracle. Some JDBC drivers are installed with WebLogic Server.  Encounetered an error reading POST data from client.  Failed to open a temporary(temp) file. Data sources and their connection pools provide connection management processes that help keep your system running and performant. For more information about working with JDBC drivers. Plug-in will return the HTTP error code 500 in the following conditions:  Neither WebLogicCluster nor WebLogicPort was specified in the httpd.

 This option is only available when you select an XA JDBC driver to make database connections.Select the JDBC driver you want to use to connect to the database. Logging Last Resource .xml) and throughout the Administration Console whenever referring to this data source. Recommended in place of Emulate Two-Phase Commit.3. follow these steps: a. If your DBMS is not listed.  This option is only available when you select a nonXA JDBC driver to make database connections. 4.Enter the JNDI path to where this JDBC data source will be bound. select Other. but many are not installed. The list includes common JDBC drivers for the selected DBMS.Select the DBMS of the database that you want to connect to. Select global transaction options: Supports Global Transactions .Enter a name for this JDBC data source. If you selected Supports Global Transactions. you should leave the option selected.Enables a non-XA JDBC connection to emulate participation in distributed transactions using JTA. On the Summary of Data Sources page. JNDI Name . Select this option only if your application can tolerate heuristic conditions. Applications look up the data source on the JNDI tree by this name when reserving a connection. Database Driver . Note: You must install JDBC drivers before you can use them to create database connections. enter or select the following information: Name . On the Transactions Options page. See Transaction Options. Some JDBC drivers are installed with WebLogic Server. On the JDBC Data Source Properties page. Clear this check box to disable (ignore) global transactions in this data source.Select this option to enable standard XA processing. 5. This name is used in the configuration file (config. select an option for transaction processing: (available options vary depending on whether you select an XA driver or a non-XA driver) Two-Phase Commit . Click Next to continue.Select this option to enable a non-XA JDBC connection to participate in global transactions using the Logging Last Resource (LLR) transaction optimization.Select this check box (the default) to enable global transaction support in this data source. click New.  . Database Type . Emulate Two-Phase Commit . In most cases.

Click Finish to save the JDBC data source configuration and deploy the data source to the targets that you selected.  This option is only available when you select a nonXA JDBC driver to make database connections.This option is only available when you select a nonXA JDBC driver to make database connections. Host Name . Database User Name . Exact database name requirements vary by JDBC driver and by DBMS. see Transaction Options b. For more information about transaction options. To activate these changes. Optionally. 4. Password/Confirm Password . review the connection parameters and click Test Configuration. click Activate Changes. 3. WebLogic attempts to create a connection from the Administration Server to the database.Enter the port on which the database server listens for connections requests. If the test is unsuccessful. 5. select Supports Local Transactions if the XA JDBC driver you selected supports local transactions as well as global transactions. Click Next to continue. 6. Click Next to continue.Enter the DNS name or IP address of the server that hosts the database.Select this option to enable the non-XA connection to participate in a global transaction as the only transaction participant. select the servers or clusters on which you want to deploy the data source. If the JDBC driver you selected is not installed on the Administration Server. On the Select Targets page. 2. you should click Next to skip this step. On the Connection Properties page. in the Change Center of the Administration Console. One-Phase Commit .Enter the database user account name that you want to use for each connection in the data source. enter values for the following properties: Database Name . you should correct any configuation errors and retry the test. . Port . On the Test Database Connection page. Click Next to continue.Enter the name of the database that you want to connect to. Results from the connection test are displayed at the top of the page.Enter the password for the database user acccount.

the extra overhead caused by a larger heap is smaller than the gains in garbage collection frequency and allocation speed. while another part garbage collects old objects to create more free space for new objects. The keep area contains the most recently allocated objects in the nursery and is not garbage collected until the next young collection. When the JVM uses a generational garbage collection strategy. A heap that is larger than the available physical memory in the system must be paged out to disk. In general. Tuning the Memory Management System Memory management is all about allocation of objects. The heap size has an impact on the JVM's performance. When the nursery becomes full. the more resources will be used for memory management. The more objects a Java application allocates. A small heap will become full quickly and must be garbage collected more often. A large heap introduces a slight overhead in garbage collection times. You can read more about how memory management in BEA JRockit works in Understanding Memory Management. also known as young space. which is the rest of the heap. especially during garbage collection. It is also prone to more fragmentation. and thus also on the Java application's performance. To distinguish between recently allocated objects and objects that have been around for a while in the nursery. the JVM uses a keep area. The following topics are covered:      Setting the Heap and Nursery Size Selecting and Tuning a Garbage Collector Tuning the Compaction of Memory Optimizing Memory Allocation Performance Getting Help on Memory Management Issues Setting the Heap and Nursery Size The heap is the area where the Java objects reside. where objects that have lived long enough in the nursery are moved to old space. One part of the memory management system finds a free spot for the new object.Not all changes take effect immediately—some require a restart (see Use the Change Center). All small objects are allocated in the nursery. Thus a good heap size setting would be a heap that is as large as possible within the available physical memory. a part of the heap is reserved for the nursery. This section covers the most important options available for tuning the memory management system in BEA JRockit. a young collection is performed. A correctly tuned memory management system minimizes the overhead inflicted by garbage collection and makes object allocation fast. making object allocation slower. Setting the Heap Size Command line options: -Xms:<min size> -Xmx:<max size> The heap size has an impact on allocation speed. garbage collection frequency and garbage collection times. as long as the heap doesn't get paged to disk. . which leads to long access times or even application freezes.

An optimal nursery size for maximum application throughput is such that as many objects as possible are garbage collected by young collection rather than old collection. If the optimal heap size for the application is known. and the static generational parallel garbage collector. garbage collection frequency and garbage collection times. and can be used as long as the entire heap can be addressed with 32 bits. The optimal nursery size for throughput is often quite large. A small nursery will become full quickly and must be garbage collected more often. For example: java -Xns:100m MyApplication This starts up the JVM with a fixed nursery size of 100 MB. Since all Java threads are paused while the young collection is performed. see the documentation on -Xms and -Xmx. For default values and limitations. On the other hand each reference requires twice as much memory. will dynamically set the nursery size to an approximation of the optimal value. while garbage collection of a large nursery takes slightly longer time.0 and later releases. Thus. The nursery size is set using the command line option -Xns:<size>. A nursery that is so small that few or no objects have died before a young collection is started is of very little use. on a 64. BEA JRockit can use compressed references. which makes it possible to address much more memory than with a 32-bit address. and neither is a nursery that is so large that no young collections are performed between garbage collections of the whole heap that are triggered due to allocation of large objects in old space. Compressed references are enabled by default whenever applicable. This gives you a controlled environment where you get a good heap size right from the start. . In BEA JRockit R27. -Xgc:genpar. Compressed references reduce the references to 32 bits. we recommend that you set -Xms and -Xmx to the same value. you will usually benefit from setting the maximum heap size below 4 GB as long as the amount of live data is less than 3-4 GB. the dynamic garbage collection mode optimized for throughput.There are two parameters for setting the heap size:   -Xms:<size>.3. which may lead to long young collection times. which sets the maximum heap size For example: java -Xms:1g -Xmx:1g MyApplication This starts up the JVM with a heap size fixed to 1 GB. you may want to reduce the nursery size below the optimal value to reduce the young collection pause times. Setting the Nursery and Keep Area Size Command line option: -Xns:<nursery size> The size of the nursery has an impact on allocation speed. This value approximates to about half of the free heap. To reduce the memory usage on 64bit systems. Setting the Heap Size on 64-bit Systems On 64-bit systems a memory address is 64 bits long. which sets the initial and minimum heap size -Xmx:<size>.bit system. -Xgcprio:throughput.

allowing the user to select a garbage collection strategy of their choice. There are three dynamic garbage collection modes: throughput. as well as in the garbage collection report printed out by -XgcReport. which optimizes the garbage collector for short and even pausetimes deterministic.For default values and limitations. and is defined as a percentage of the nursery. You can select a dynamic garbage collection mode by using the command line option -XgcPrio:<mode>. optimizing for a specific goal depending on which mode is used. For example: java -XXkeepAreaRatio:10 MyApplication This starts up the JVM with a keep area that is 10% of the nursery size. Without garbage collection the automatic memory management system would not work. which use one or several garbage collection strategies. or static. which select the best garbage collection strategy for a given goal. or set a static garbage collector with -Xgc:<strategy>. The promotion ratio can be observed in JRA recordings (see Using Mission Control Tools for more information) and verbose outputs from -Xverbose:memory=debug. and either the application developers would have to somehow recycle the memory themselves or the application would after a while use up all the memory in the system until it can't continue running as further memory allocation becomes impossible. Selecting and Tuning a Garbage Collector Garbage collection of objects is a necessary evil. which optimizes the garbage collector for very short and deterministic pause times  The dynamic garbage collection modes use advanced heuristics to tune the following parameters in runtime: . see the documentation on -Xns. By default the keep area is 25% of the nursery. Keep Area Command line option: -XXkeepAreaRatio:<percentage> The keep area size has an impact on both old collection and young collection frequency. An optimal keep area size is as small as possible while maintaining a low promotion ratio. The garbage collection modes are either dynamic. BEA JRockit offers several garbage collection modes. The impact of garbage collection can be distributed in different ways depending on the choice of the garbage collection method. Selecting a Dynamic Garbage Collection Mode The dynamic garbage collection modes adjust the memory management system in runtime. which optimizes the garbage collector for maximum application throughput   pausetime. A large keep area causes more frequent young collections. The keep area size can be changed using the command line option -XXkeepAreaRatio:<percentage>. while a keep area that is too small causes more frequent old collections when objects are promoted prematurely.

. or when a static environment isn't optimal for your application. Use throughput mode for applications that demand a high throughput but are not very sensitive to the occasional long garbage collection pause. BEA JRockit achieves this by using a parallel garbage collection strategy that stops the Java application during the whole garbage collection duration and uses all CPUs available to perform the garbage collection. and a parallel garbage collection strategy that stops the Java application during the entire garbage collection duration.   Garbage collection strategy Nursery size Compaction amount and type Use a dynamic garbage collection mode if you don't want to go through the time consuming process of tuning these parameters manually. see the documentation on -XgcPrio. BEA JRockit achieves this by choosing between a mostly concurrent garbage collection strategy that allows the Java application to continue running during large portions of the garbage collection duration. but keeps down the individual garbage collection pauses. and will also cause more frequent garbage collections. Throughput mode is default when BEA JRockit runs in -server mode (which is default). Each individual garbage collection pause may be long. Pausetime mode is enabled with the command line option -XgcPrio:pausetime. but in total the garbage collector takes as little CPU time as possible. For example: java -XgcPrio:pausetime MyApplication This starts up the JVM with the garbage collection mode optimized for short pauses. The mostly concurrent garbage collector introduces some extra overhead in keeping track of changes during the concurrent phases. This will lower the overall throughput somewhat. or can be enabled with the command line option -XgcPrio:throughput. thus giving the Java application as many CPU cycles as possible. Pausetime Mode Command line option: -XgcPrio:pausetime The dynamic garbage collection mode optimizing over pause times aims to keep the garbage collection pauses below a given pause target while maintaining as high throughput as possible. for example transaction based systems where transaction times must be stable. For more information. Use pausetime mode for applications that are sensitive to long latencies. Throughput Mode Command line option: -XgcPrio:throughput The dynamic garbage collection mode optimizing over application throughput uses as little CPU resources as possible for garbage collection. For example: java -XgcPrio:throughput MyApplication This starts up the JVM with the garbage collection mode optimized for throughput.

or with an invalid or expired license. For more information. Deterministic Mode Command line option: -XgcPrio:deterministic Note: This feature is available only as part of BEA WebLogic Real Time.  When making a JRA-recording. While all JMC tools are fully supported when running WLRT with the deterministic garbage collector. Use the deterministic mode for applications with strict demands on short and deterministic latencies. but it does introduce a slightly increased amount of Java code executed by the JVM. as a lower pause target will inflict more overhead on the memory management system. -Xmanagement does not prolong deterministic garbage collection pauses by itself. and can be changed with the command line option -XpauseTarget:<time in ms>. Setting a Pause Target for Pausetime Mode Command line option: -XpauseTarget:<time in ms> The pausetime mode uses a pause target for optimizing the pause times. The pause target impacts the application throughput. see the documentation on -XgcPrio. disable heap statistics (heapstat) if you run in a latency sensitive situation where you cannot accept the pause for the benefit of the information. Set the pause target as high as your application can tolerate. For more information. BEA JRockit achieves this by using a specially designed mostly concurrent garbage collector. For example: java -XgcPrio:pausetime -XpauseTarget:300ms MyApplication This starts up the JVM with the garbage collection optimized for short pauses and a pause target of 300 ms.For more information. you should be aware of some caveats. which allows the Java application to continue running as much as possible during the garbage collection. see the documentation on -XgcPrio. a warning message will be written to the console. The pause target for pausetime mode is by default 500 ms. Special Note for WLRT Users Deterministic garbage collection time can be affected by JRockit Mission Control (JMC). The dynamic garbage collection mode optimizing for deterministic pause times is designed to ensure extremely short garbage collection pause times and limit the total pause time within a prescribed window. Deterministic mode is enabled with the command line option -XgcPrio:deterministic. for example transaction based applications. If you attempt to enable it without the proper license. Heapstat provides additional bookkeeping of the  . For example: java -XgcPrio:deterministic MyApplication This starts up the JVM with the garbage collection mode optimized for short and deterministic pauses. This can affect response times and performance compared to not using -Xmanagement. see the documentation on -XpauseTarget.

The pause target impacts the application throughput. see the documentation on -XpauseTarget. For more information. please refer to Using Mission Control Tools. inside a pause. You can disable heapstat by using specific arguments when requesting the recording. with a different heap size and/or with more live data might break the deterministic behavior or cause performance degradation over time. For more information. For example: java -XgcPrio:deterministic -XpauseTarget:40ms MyApplication This starts up the JVM with the garbage collection optimized for short and deterministic pauses and a pause target of 40ms. might cause deterministic garbage collection pauses to last slightly longer. Setting a Pause Target for Deterministic Mode Command line option: -XpauseTarget:<time in ms> The deterministic mode uses a pause target for optimizing the pause times. How well it will succeed depends on the application and the hardware. even with heapstats disabled. as a lower pause target will inflict more overhead on the memory management system. Set the pause target as high as your application can tolerate. 0. and can be changed with the command line option -XpauseTarget:<time>. Selecting a Static Garbage Collection Strategy Command line option: -Xgc:<strategy> There are four major static garbage collection strategies available. a pause target on 30 ms has been verified on an application with 1 GB heap and an average of 30% live data or less at collection time. please see Creating a JRA Recording with BEA JRockit Mission Control 1.0.  For more information on JRockit Mission Control. singlepar. These statistics are collected at the beginning and at the end of a JRA-recording.0 GHz. 8 GB RAM Running on slower hardware.6 GHz. The garbage collector will aim on keeping the garbage collection pauses below the given pause target.  On requests for more information when the Memory Leak Detector is using its graphical user interface or the Ctrl-Break handler—for example to retrieve the number of instances of a type of object or to retrieve the list of references to an instance or to a class—a longer pause can be introduced. The pause target for deterministic mode is by default 30 ms.  Memory leak trend analysis can cause longer garbage collection pauses. For example. similar to JRA recordings. 4 GB RAM 4 x Intel Xeon 2. JRA recordings.5 MB level 2 cache. 2 MB level 2 cache.content of the heap. while faster hardware or less live data might allow you to set a lower pause target. running on the following hardware:   2 x Intel Xeon 3. which is a single-generational parallel garbage collector (same as parallel)  .

see the documentation on -Xgc. singlecon or singlepar  For example. so a mostly concurrent garbage collection should be used. for example: java -Xgc:gencon MyApplication This starts up the JVM with the generational concurrent garbage collector. which is a two-generational mostly concurrent garbage collector collector  When a static garbage collection strategy is selected.  . which is a two-generational parallel garbage collector singlecon. gencon. Long garbage collection pauses would cause transactions to time out. This suggests either gencon or singlecon. which is a single-generational mostly concurrent garbage gencon. genpar or singlepar Does your application allocate a lot of temporary objects?  Yes: Select a two-generational garbage collection strategy. Use a static garbage collection strategy if you want a well defined and predictable behavior and are willing to tune the JVM to find the best memory management settings for your application. gencon or genpar No: Select a single-generational garbage collection strategy. Changing Garbage Collection Strategy During Runtime You can change garbage collector strategies during runtime from the Memory tab of the BEA JRockit Management Console (in Mission Control) except for when these conditions exist: If you are using the dynamic garbage collection mode optimized for deterministic pause times. the garbage collection strategy will not change automatically in runtime. which suggests a two-generational garbage collector. No: Select a parallel garbage collection strategy. The transactions generate a lot of temporary or short lived objects. gencon or singlecon  1. Garbage Collector Strategy Selection Workflow To select the best garbage collection strategy for your application you can follow this workflow: 1. the BEA WebLogic Sip Server is a transaction based system that allocates new objects for each transaction and has short time-outs for transactions. You can set a static garbage collection strategy with the command line option -Xgc:<strategy>. Is your application sensitive to long garbage collection pauses (500 ms or more)?  Yes: Select a mostly concurrent garbage collection strategy.  genpar. For more information.

This message means that a concurrent sweep could not finish in time and the JVM is using all currently available resources to make up for it. BEA JRockit does partial compaction of the heap at each old collection. the verbose printout: [memdbg ] starting parallel sweeping phase appears below the command line (assuming you have set -Xverbose:memdbg). Fragmentation vs. just to start degrading again. for example: java -XXgcTrigger=20 MyApplication will trigger an old generation garbage collection when less than 20% of the free heap size is left unused. a parallel sweep is made. If you are using a parallel garbage collection strategy (in both the mark and the sweep phase). If you are using static single-spaced parallel garbage collection. If BEA JRockit fails to adapt and the above printout continues to appear. causing a long garbage collection pause. which leads to lower performance. BEA JRockit will eventually be forced to either do a full compaction of the heap. To avoid this. For more information. The size and position of the compaction area as well as the compaction method is selected by advanced heuristics. In this case. The heap becomes more and more fragmented for . you are most likely experiencing fragmentation problems. or both). BEA JRockit dynamically adjusts when to start an old generation garbage collection in order to avoid running out of free heap space during the concurrent phases of the garbage collection. insufficient compaction will lead to fragmentation of the heap. Garbage Collection Pauses Compaction is performed during garbage collection while all Java threads are paused. On the other hand. If your application shows performance degradation over time in a periodic manner. helping create contiguous free memory at the upper end. or throw an OutOfMemoryError. BEA JRockit dynamically tries to optimize this space and will occasionally run out of free heap during the concurrent garbage collection while it does. performance is being adversely affected. Compaction of a large area with many objects will thus increase the garbage collection pause times. then old generation garbage collections are performed whenever the heap is completely full. The triggering is based on such characteristics as how much space is available on the heap after previous collections. set the -XXgcTrigger option to trigger a garbage collection when there is still X% left of the heap. consult BEA JRockit Management Console's online help. depending on the garbage collection mode used. Tuning the Compaction of Memory Compaction is the process of moving chunks of allocated space towards the lower end of the heap. If the fragmentation increases over time. such that the performance degrades until it suddenly pops back to excellent. When the limit is hit. Tuning the Concurrent Garbage Collection Trigger Command line option: -XXgcTrigger:<percentage> When you are using a concurrent strategy for garbage collection (in either the mark or the sweep phase.

which increases the garbage collection pause proportionally to the number of references that have been updated. You can monitor the compaction ratio in -Xverbose:memory=debug outputs and JRA recordings. You can verify this by looking at -Xverbose:memory outputs. and then drops down again at the next old collection. If you see that the amount of used heap after each old collection keeps increasing over time until it hits the roof. For example: java -XXcompactRatio:1 MyApplication This starts up the JVM with a static compact ratio of about 1% of the heap. Setting the Compact Set Limit Command line option: -XXcompactSetLimit:<references> When compaction has moved objects. you are experiencing a fragmentation problem. but only until the next garbage collection. For more information.each old collection until finally object allocation becomes impossible and the JVM is forced to do a full compaction of the heap. In other cases you may want to increase the compaction ratio to keep heap fragmentation in control. The compact ratio can be defined to a static percentage of the heap using the command line option -XXcompactRatio:<percentage>. Adjusting Compaction Even though the compaction heuristics in BEA JRockit are designed to keep the garbage collection pauses low and even. This disables the heuristics for selecting a dynamic compaction ratio that depends on the heap layout. The garbage collector does this before the Java threads are allowed to run again. the references to these objects must be updated. A high compaction ratio keeps down the fragmentation on the heap but increases the compaction pause times. monitoring the JVM through the Console in Mission Control or by creating a JRA recording and examining the garbage collection data. There are several ways to adjust the compaction:     Setting the Compaction Ratio Setting the Compact Set Limit Turning Off Compaction Using Full Compaction Setting the Compaction Ratio Command line option: -XXcompactRatio:<percentage> Setting a static compaction ratio will force BEA JRockit to compact a specified percentage of the heap at each old collection. The full compaction eliminates the fragmentation. thus limiting a portion of the compaction . you may sometimes want to limit the compaction ratio further to reduce the garbage collection pauses. Use this option if you need to force BEA JRockit to use a smaller or larger compaction ratio than it would select by default. The compact set limit defines how many references there may be from objects outside the compaction area to objects within the compaction area. Compaction is optimally tuned when the fragmentation is kept on a low and constant level. see the documentation on -XXcompactRatio.

Note however that a full compaction of a large heap with a lot of objects may take several seconds to perform. use the command line option -XXnoCompaction. see the documentation for -XXnoCompaction. If. during a garbage collection. where "references" specifies the maximum number of references to objects within the compaction area. You can monitor the compaction behavior in -Xverbose:memory=debug outputs and JRA recordings. Note: -XXcompactSetLimit has no effect when the deterministic or pausetime garbage collection modes are used. Use this option to increase the compact set limit if too many compactions are canceled (aborted). Using Full Compaction Command line option: -XXfullCompaction Some applications are not sensitive to garbage collection pauses or perform old collections very infrequently. For these applications you may want to try running full compaction. Optimizing Memory Allocation Performance Apart from optimizing the garbage collection to clear space for object allocation. the number of references to the chosen compaction area exceeds the compact set limit. see the documentation for -XXfullCompaction. . For example: java -XXcompactSetLimit:20000 MyApplication This starts up the JVM with a compact set limit of 20000 references. you can tune the object allocation itself to maximize the application throughput.pause. The compact set limit depends on the garbage collection mode used. You can set a static compact set limit by using the command line option -XXcompactSetLimit:<references>. and compaction pause times in -Xverbose:gcpause=debug outputs and JRA recordings. for example: java -XXnoCompaction MyApplication For more information. see the documentation for -XXcompactSetLimit. and will for some modes adjust dynamically in runtime. as this maximizes the object allocation performance between the garbage collections. or to decrease the limit if the compaction pause times are too long. To turn on full compaction. the compaction will be canceled. To turn off compaction entirely. Turning Off Compaction Command line option: -XXnoCompaction Very few applications survive in the long run without any compaction at all. for example: java -XXfullCompaction MyApplication For more information. use the command line option -XXfullCompaction. For more information. but for those that do you can turn off the compaction entirely. as these garbage collector modes use other heuristics for adjusting the compaction pausetimes.

The thread local area size influences the allocation speed.preferred=<size> -XXlargeObjectLimit:<size> -XXminBlockSize:<size> The thread local area (TLA) is a chunk of free space reserved on the heap or in the nursery and given to a thread for its exclusive use. you can use the command line option -XXtlaSize:min=<size>. When a two-generational garbage collection strategy is used. which increases the impact of fragmentation. and varies between a minimum and a preferred size. and in BEA JRockit R27. A large TLA size allows each thread to allocate a lot of objects before requesting a new TLA. so that a larger TLA wouldn't ever become full. Increasing the minimum TLA size may improve garbage collection times slightly.preferred=<size>. A thread can allocate small objects in its own TLA without synchronizing with other threads.0 or older the minimum and preferred TLA size will always be the same value.2 and later it also allows the thread to allocate larger objects in the thread local area.Setting the Thread Local Area Size Command line options: -XXtlaSize:min=<size>. Decreasing the preferred TLA size is beneficial for applications where each thread allocates only a few objects before it is terminated. as the garbage collector can ignore any free chunks that are smaller than the minimum TLA size. a large TLA size prevents small chunks of free memory from being used for object allocation. a large minimum and preferred TLA size will also allow larger objects to be allocated in the nursery.1 or older and want to adjust the TLA size. A small preferred TLA size is also beneficial for applications with very many threads. Objects allocated in a TLA are however not thread local. where the threads don't have time to fill their TLAs before a garbage collection is performed. In BEA JRockit R27. When the TLA gets full the thread simply requests a new TLA. see the documentation on -XXtlaSize.preferred=512k MyApplication This starts up the JVM with a minimum TLA size of 1 kB and a preferred TLA size of 512 kB. the TLA size is dynamic depending on the size of the available chunks of free space. Increasing the preferred TLA size is beneficial for applications where each thread allocates a lot of objects. you should set -XXlargeObjectLimit:<size> and -XXminBlockSize:<size> to the same value as the minimum TLA size. Note however that the preferred TLA size should always be less than about 5% of the nursery size. Decreasing the minimum TLA size lessens the impact of fragmentation. For more information and default values. For example: java -XXtlaSize:min=1k. If you are using BEA JRockit R27. Note: If you are using BEA JRockit R27. but can also have an impact on garbage collection frequency.1 and later. A common setting for the TLA size is a minimum TLA size of 2-4 kB and a preferred TLA size of 16-256 kB. To adjust the TLA size. The syntax for Note: . On the other hand. They can be accessed by any thread and will be garbage collected globally.

as described in "Specifying Java Options for a WebLogic Server Instance". Tuning WebLogic Server The following sections describe how to tune WebLogic Server to match your application needs. For example: set JAVA_HOME=C:\bea\jdk141_03  For higher performance throughput. see "Creating Domains Using the Configuration Wizard". For simple invocations. To simply this process. set the minimum java heap size equal to the maximum heap size. BEA recommends that you incorporate the command into a script. where BEA_HOME is the directory that contains the product installation. Production Mode Default Tuning Values Using WebLogic Server "Native IO" Performance Packs Tuning the Default Execute Queue Threads Tuning Connection Backlog Buffering How JDBC Connection Pools Enhance Performance Setting Your Java Compiler Using WebLogic Server Clusters to Improve Performance Monitoring a WebLogic Server Domain Setting Java Parameters for Starting WebLogic Server Java parameters must be specified whenever you start WebLogic Server. If you used the Configuration Wizard to create your domain. this directory is BEA_HOME\user_projects\domain\domain-name. By default. For example: "%JAVA_HOME%\bin\java" -hotspot -Xms512m -Xmx512m -classpath %CLASSPATH% - . this can be done from the command line with the weblogic. because the arguments needed to start WebLogic Server from the command line can be lengthy and prone to error. you can modify the default values in the sample scripts that are provided with the WebLogic distribution to start WebLogic Server. The important performance tuning parameters in these files are the JAVA_HOME parameter and the Java heap size parameters:  Change the value of the variable JAVA_HOME to the location of your JDK.           Setting Java Parameters for Starting WebLogic Server Setting Performance-Related Configuration Parameters Development vs. However. and domain-name is the name of the domain directory defined by the selected configuration template. the WebLogic startup scripts are located in the domain-name directory where you specified your domain.Server command. For more information about creating domains using the Configuration Wizard. You need to modify some default Java values in these scripts to fit your environment and applications.setting the TLA size is -XXtlaSize:<size>.

see "Overview of WebLogic Server System Administration" in the Administration Guide. A domain may also include additional WebLogic Server instances called Managed Servers. the configuration file is located on the machine that hosts the Administration Server. Within a WebLogic Server domain. Table 4-1 Performance-Related config. Setting Performance-Related Configuration Parameters The WebLogic Server configuration file (config. See Tuning Execute ExecuteQueue ThreadCount ExecuteQueue QueueLength Queue Length . which are used mainly for servicing applications. Overview of WebLogic Server System Administration Table 4-1 lists the config. When the Administration Server starts. and provides persistent storage of WebLogic MBean attribute values. its value is stored in the appropriate administration MBean and written to the configuration file.xml Elements Element Server NativeIOEnabled Attributes Console Field For information Native IO See Using Enabled WebLogic Server "Native IO" Performance Packs. The Administration Server serves as a central point of contact for server instances and system administration tools. it reads the domain configuration file and overrides the default attribute values of the administration MBeans with any attribute values found in the configuration file. Thread Count See Tuning the Default Execute Queue Threads. Every time you change an attribute using the system administration tools (using either the command-line interface or the Administration Console). Tuning these parameters based on your system requirements (rather than running with default settings) can greatly improve both single-node performance and the scalability characteristics of an application.xml) contains a number of performance-related parameters that can be fine-tuned depending on your environment and applications.xml file parameters that affect server performance.See Specifying Heap Size Values for details about setting heap size options. For more information about system administration infastructure.

Stuck Thread Timer Interval Socket Readers See Allocating Execute Threads to Act as Socket Readers.QueueLengthThresholdPercent ThreadsIncrease ThreadsMaximum Thread Priority Queues for Overflow Queue Conditions. . Production Mode Default Tuning Values You can indicate whether a domain is to be used in a development environment or a production environment. Length Threshold Percent Threads Increase Threads Maximum Thread Priority Server StuckThreadMaxTime StuckThreadTimerInterval Stuck See Tuning the Thread Execute Max Time Thread Detection Behavior. See How JDBC Connection Pools Enhance Performance. Development vs. Server ThreadPoolPercentSocketReaders Server AcceptBacklog Accept Backlog JDBCConnectionPool InitialCapacity MaxCapacity Initial Capacity Max Capacity JDBCConnectionPool StatementCacheSize Statement See Caching Cache Size Prepared and Callable Statements. WebLogic Server uses different default values for various services depending on the type of environment you specify. See Tuning Connection Backlog Buffering.

Which Platforms Have Performance Packs? To see which supported platforms currently have performance packs available: 1. For information on switching the startup mode from development to production. Within each release table there is a "Performance Pack" entry that indicates whether a performance pack is "Included" in the release. you can still improve the performance of socket communication by configuring the proper number of socket reader threads for each server instance and client machine. see Changing the Runtime Mode in the Administration Console Online Help. Table 4-2 Development and Production Startup Mode Tuning Defaults Tuning Parameter Execute Queue: ThreadCount JDBC Connection Pool: MaxCapacity 15 threads 15 connections 25 threads 25 connections Development Mode Default Production Mode Default The tuning defaults discussed in throughout WebLogic Performance and Tuning Guide refer to the "development mode" defaults. 2.Table 4-2 lists the performance-related configuration parameters that differ when switching from development to production startup mode. if you must use the pure-Java socket reader implementation for host machines. Go to Supported Configurations for WebLogic Server . For a complete listing of the differences between development and production startup modes. click on the link for the platform that you need. native socket multiplexor to improve server performance. you can either click on a specific WebLogic Server release at the top of the page and scan the corresponding table. see the "Differences Between Configuration Startup Modes" section in Creating WebLogic Configurations Using the Configuration Wizard. 3. From the list of supported configurations. The ensuing page contains tables of information for each supported WebLogic Server releases (including service packs). Using WebLogic Server "Native IO" Performance Packs Benchmarks show major performance improvements when you use native performance packs on machines that host WebLogic Server instances. To verify performance pack information. which is the default startup mode when WebLogic Server is installed. Performance packs use a platform-optimized. the native socket reader multiplexor threads have their own execute queue and do not borrow threads from the default execute queue. For example. which frees up default execute threads to do application work. . However.

4. Threads consume resources. weblogic. Access the Administration Console for the domain. 2. Enabling Performance Packs The use of native performance packs are enabled by default in the config.admin. Start the Administration Server if it is not already running. In addition. WebLogic Server provides two other pre-configured queues:  weblogic.xml shipped with your distribution.HTTP—Available  only on Administration Servers. If the Enable Native IO check box is not selected. Tuning the Default Execute Queue Threads The value of the ThreadCount attribute of an ExecuteQueue element in the config. 5. check that the NativeIOEnabled attribute of the Server element is set to "true" (NativeIOEnabled=true). 6. Restart the server. You can also use the Administration Console to verify that performance packs are enabled: 1. it is reserved for administrative traffic. a new WebLogic Server instance is configured with a development mode execute queue. you cannot reconfigure it. Click Apply. 7.admin.xml file equals the number of simultaneous operations that can be performed by applications that use the execute queue. This work is then assigned to a thread that does the work on it. it is placed in an execute queue. weblogic. that contains 15 threads. As work enters an instance of WebLogic Server. this queue is reserved for communicating with the Administration Console. you cannot reconfigure it. Click the name of the server instance that you want to configure. select the check box. Expand the Servers node in the left pane to display the servers configured in your domain. To verify this setting in your configuration file. 3.or use your browser's Edit —> Find feature to search for all instances of "Performance Pack" on the page.default. By default. .kernel. so handle this attribute with care—you can degrade performance by increasing the value unnecessarily. 8. Select the Configuration —> Tuning tab.RMI—Both Administration Servers and Managed Servers have this queue.

Scenarios for Modifying the Default Thread Count To determine the ideal thread count for an execute queue. For more information.kernel. If you do not need to use more than 15 threads (the development default) or 25 threads (the production default) for your work. If you configure additional execute queues and assign applications to specific queues. Should You Modify the Default Thread Count? Adding more threads to the default execute queue does not necessarily imply that you can process more work. Because threads consume memory. you can degrade performance by increasing the value of the ThreadCount attribute unnecessarily. that client application will spend more time connected — and thus will require a higher thread count — than a client application that does a lot of client-side processing.Unless you configure additional execute queues. To access this throughput value. A high execute thread count causes more memory to be used and increases context switching. For example. monitor the queue's throughput while all applications in the queue are operating at maximum load. which can degrade performance. see Allocating Execute Threads to Act as Socket Readers. if your client application is thin and does a lot of its work through remote invocation. and that all thread requests are satisfied by using the default execute queue. you may need to tune the default number of execute queue threads and the percentage of threads that act as socket readers to achieve optimal performance. and assign applications to them. you will need more execute threads than an application that makes calls that are short and turn over very rapidly. increasing the number of threads will lead to enough context switching that the throughput for the queue begins to decrease. . (At some point. Web applications and RMI objects use weblogic. if your application makes database calls that take a long time to return.default. As a general rule. follow steps 1-6 in Modifying the Default Thread Count. monitor results on a pool-by-pool basis.) Note: The WebLogic Server Administration Console displays the cumulative throughput for all of a server's execute queues. Note: If native performance packs are not being used for your platform. For the latter case. These scenarios also assume that WebLogic Server is running under maximum load. you are still limited by the power of your processor. The value of the ThreadCount attribute depends very much on the type of work your application does. Increase the number of threads in the queue and repeat the load test until you reach the optimal throughput for the queue. using a smaller number of execute threads could improve performance. do not change the value of this attribute. Table 4-3 shows default scenarios for adjusting available threads in relation to the number of CPUs available in the WebLogic Server domain. Even if you add more threads.

the length of time the application might block threads can invalidate the formula. Cannot get 100 percent CPU utilization rate.. Practically ideal. but there is work that could be done. then four threads can be running concurrently with the number of stuck threads. For example. which can lead to significant performance degradation. For instance. Note: This recommendation is highly application-dependent.  Thread Count = number of CPUs Thread Count > number of CPUs (by a moderate number of threads) Thread Count > number of CPUs (by a large number of threads) Theoretically ideal. if you have four processors. Modifying the Default Thread Count . Thread Count < number of CPUs Results Do This: Your thread count is too low if:  Increase the thread count. To determine the amount of stuck threads. Your performance may increase as you decrease the number of threads. CPU is waiting to do work. Reduce the number of threads so that it equals the number of CPUs. Increase the thread count. context switching and a high CPU utilization rate. and then add only the number of "stuck" threads that you have determined. with a Tune the moderate number of threads and moderate amount of compare performance results. you want the execute threads to be 4 + the number of stuck threads. but the CPUs are still underutilized. Too much context switching. see Tuning the Execute Thread Detection Behavior.. So.Table 4-3 Scenarios for Modifying the Default Thread Count When.

To modify the default execute queue thread count using the Administration Console: 1. Start the Administration Server if it is not already running. 2. Access the Administration Console for the domain. 3. Expand the Servers node in the left pane to display the servers configured in your domain. 4. Right-click the name of the server instance that contains the execute queue you want to configure, and then select View Execute Queues on the pop-up menu to display a table of execute queues that can be modified. Note: You can only modify the default execute queue for the server or a userdefined execute queue. 5. In the Name column, click directly on the default execute queue name to display the Configuration tab for modifying execute queues. 6. Locate the Thread Count value and increase or decrease it, as appropriate. 7. Click Apply to save your changes. 8. Reboot the selected server to enable the new execute queue settings.

Assigning Applications to Execute Queues
Although you can configure the default execute queue to supply the optimal number threads for all WebLogic Server applications, configuring multiple execute queues can provide additional control for key applications. By using multiple execute queues, you can guarantee that selected applications have access to a fixed number of execute threads, regardless of the load on WebLogic Server. See Using Execute Queues to Control Thread Usage for more information on assigning applications to configured execute queues.

Allocating Execute Threads to Act as Socket Readers
For best socket performance, BEA recommends that you use the native socket reader implementation, rather than the pure-Java implementation, on machines that host WebLogic Server instances (see Using WebLogic Server "Native IO" Performance Packs). However, if you must use the pure-Java socket reader implementation for host machines, you can still improve the performance of socket communication by configuring the proper number of execute threads to act as socket reader threads for each server instance and client machine. The ThreadPoolPercentSocketReaders attribute sets the maximum percentage of execute threads that are set to read messages from a socket. The optimal value for this attribute is application-specific. The default value is 33, and the valid range is 1-99. Allocating execute threads to act as socket reader threads increases the speed and the ability of the server to accept client requests. It is essential to balance the number of

execute threads that are devoted to reading messages from a socket and those threads that perform the actual execution of tasks in the server.

Setting the Number of Socket Reader Threads For a Server Instance
To use the Administration Console to set the maximum percentage of execute threads that read messages from a socket: 1. Start the Administration Server if it is not already running. 2. Access the Administration Console for the domain. 3. Expand the Servers node in the left pane to display the servers configured in your domain. 4. Click the name of the server that you want to configure. 5. Select the Configuration —> Tuning tab. 6. Edit the percentage of Java reader threads in the Socket Readers attribute field. The number of Java socket readers is computed as a percentage of the number of total execute threads (as shown in the Thread Count field for the Execute Queue). 7. Apply the changes.

Setting the Number of Socket Reader Threads on Client Machines
On client machines, you can configure the number of available socket reader threads in the JVM that runs the client. Specify the socket readers by defining the following parameters in the java command line for the client:
-Dweblogic.ThreadPoolSize=value -Dweblogic.ThreadPoolPercentSocketReaders=value

Tuning Execute Queues for Overflow Conditions
You can configure WebLogic Server to detect and optionally address potential overflow conditions in the default execute queue or any user-defined execute queue. WebLogic Server considers a queue to have a possible overflow condition when its current size reaches a user-defined percentage of its maximum size. When this threshold is reached, the server changes its health state to "warning" and can optionally allocate additional threads to perform the outstanding work in the queue, thereby reducing its size. To automatically detect and address overflow conditions in a queue, you configure the following items:

The threshold at which the server indicates an overflow condition. This value is set as a percentage of the configured size of the execute queue (the QueueLength value).

The number of threads to add to the execute queue when an overflow condition is detected. These additional threads work to reduce the size of the queue to its normal operating size. The maximum number of threads available to the queue. In particular, setting the maximum number of threads prevents the server from assigning an overly high thread count in response to overload conditions.

To tune an execute queue using the WebLogic Server Administration Console: 1. Start the Administration Server if it is not already running. 2. Access the Administration Console for the domain. 3. Expand the Servers node in the left pane to display the servers configured in your domain. 4. Right-click the name of the server instance that contains the execute queue you want to configure, and then select View Execute Queues from the pop-up menu to display a table of execute queues that can be modified. Note: You can only modify the default execute queue for the server or a userdefined execute queue. 5. In the Name column, directly click the default execute queue name (or the userdefined execute queue) that you want to configure. 6. On the execute queue Configuration tab, specify how the server instance should detect an overflow condition for the selected queue by modifying the following attributes: • Queue Length: Specifies the maximum number of simultaneous requests that the server can hold in the queue. The default of 65536 requests represents a very large number of requests; outstanding requests in the queue should rarely, if ever reach this maximum value. Always leave the Queue Length at the default value of 65536 entries. • Queue Length Threshold Percent: The percentage (from 1-99) of the Queue Length size that can be reached before the server indicates an overflow condition for the queue. All actual queue length sizes below the threshold percentage are considered normal; sizes above the threshold percentage indicate an overflow. By default, the Queue Length Threshold Percent is set to 90 percent. • Thread Priority: The priority of the threads associated with the queue. By default, the Thread Priority is set to 5. 7. To specify how this server should address an overflow condition for the selected queue, modify the following attribute: • Threads Increase: The number of threads WebLogic Server should add to this execute queue when it detects an overflow condition. If you specify zero threads (the default), the server changes its health state to "warning" in response to an overflow condition in the execute queue, but it does not allocate additional threads to reduce the workload.

8. 3. rather than on a per-execute queue basis. see Overview of WebLogic Logging Services. By default. . the server changes its health state to "critical.admin. 2. the server changes its health state to "warning. Click Apply to save your changes.RMI." Because a stuck thread cannot complete its current work or accept new work. For more information. 9." (You can set up the Node Manager application to automatically shut down and restart servers in the critical health state. modify the following attribute: • Threads Maximum: The maximum number of threads that this execute queue can have. 10.HTTP. weblogic. Click the name of the server instance that you want to modify for improved stuck thread detection.admin. you cannot change the default behavior of setting the "warning" and "critical" health states when all threads in a particular execute queue become stuck. the server logs a message each time it diagnoses a stuck thread. To configure WebLogic Server stuck thread detection behavior: 1. this value prevents WebLogic Server from creating an overly high thread count in the queue in response to continual overflow conditions." WebLogic Server diagnoses a thread as stuck if it is continually working (not idle) for a set period of time. and by changing the frequency with which the server checks for stuck threads. You can tune a server's thread detection behavior by changing the length of time before a thread is diagnosed as stuck. or a user-defined execute queue become stuck. Note: Although you can change the criteria WebLogic Server uses to determine whether a thread is stuck. Tuning the Execute Thread Detection Behavior WebLogic Server automatically detects when a thread in an execute queue becomes "stuck. Threads Maximum is set to 400. Expand the Servers node in the left pane to display the servers configured in your domain. To limit the maximum number of threads that can be added to the selected queue. For more information. Start the Administration Server if it is not already running. Access the Administration Console for the domain. If all threads in an execute queue become stuck. 4. see "Node Manager Capabilities" in Configuring and Managing WebLogic Server. the server changes its health state to either "warning" or "critical" depending on the execute queue:   If all threads in the default queue become stuck. Reboot the selected server to enable the new execute queue settings. Note: You configure stuck thread detection parameters on a per-server basis.) If all threads in weblogic.

6. raise the Accept Backlog value from the default by 25 percent. 4. WebLogic Server sets this interval to 600 seconds.5. after which WebLogic Server periodically scans threads to see if they have been continually working for the length of time specified by Stuck Thread Max Time. Click the name of the server instance that you want to configure. that a thread must be continually working before this server diagnoses the thread as being stuck. 7. By default. 3. Select the Configuration —> Tuning tab. The default value is 50 and the maximum value is operating system dependent. Modify the following attributes as necessary to tune thread detection behavior for the server: • Stuck Thread Max Time: Enter the number of seconds. Reboot the server to use the new settings. 5. WebLogic Server considers a thread to be "stuck" after 600 seconds of continuous use. • Stuck Thread Timer Interval: Enter the number of seconds. and no other error messages are on the server. • If you are getting "connection refused" messages when you try to access WebLogic Server. the Accept Backlog value might be set too low. Start the Administration Server if it is not already running. if many connections are dropped or refused at the client. but the application has not accepted yet. Select the Configuration —> Tuning tab in the right pane.xml file to set the number of connection requests the WebLogic Server instance will accept before refusing additional requests. 6. . By default. Expand the Servers node in the left pane to display the servers configured in your domain. Continue increasing the value by 25 percent until the messages cease to appear. Click Apply to save your changes. The AcceptBacklog attribute specifies how many Transmission Control Protocol (TCP) connections can be buffered in a wait queue. 2. Modify the default Accept Backlog value as necessary to tune how many TCP connections can be buffered in a wait queue: • During operations. To tune the Accept Backlog value from the Administration Console: 1. Access the Administration Console for the domain. This fixed-size queue is populated with requests for connections that the TCP stack has received. 8. Tuning Connection Backlog Buffering Use the AcceptBacklog attribute of the Server element in the config.

rather than creating new database connections. the connection is returned to the pool and becomes available for other clients. If InitialCapacity is less than MaxCapacity. all database connections are acquired during server start-up. the creation of this connection pool will fail. There is little cost to opening and closing pool connections. However. How many connections should you create in the pool? A connection pool can grow and shrink according to configured parameters. WebLogic connection pools offer an efficient solution to the problem. . consider setting the InitialCapacity value equal to the MaxCapacity attribute's default production mode setting of 25. 25 for production mode. In addition to the following subsections. this can become a significant performance issue. How JDBC Connection Pools Enhance Performance Establishing a JDBC connection with a DBMS can be very slow. During development. The best performance occurs when the connection pool has as many connections as there are concurrent client sessions. Tuning JDBC Connection Pool Maximum Capacity The MaxCapacity attribute of the JDBCConnectionPool element allows you to set the maximum number of physical database connections that a connection pool can contain. the connection itself is not closed. This way.7. If the server cannot create this number of connections. Different JDBC drivers and database servers might limit the number of possible physical connections. When WebLogic Server starts. see "Performance Tuning Your JDBC Application" in Programming WebLogic JDBC. between a minimum and a maximum number of connections. If your application requires database connections that are repeatedly opened and closed. all resources should be working to complete requests as fast as possible. connections from the connection pools are opened and are available to all clients. the server needs to create additional database connections when its load is increased. When the server is under load. In production systems. it may be convenient to set the value of the InitialCapacity attribute to a low number to help the server start up faster. When a client closes a connection from a connection pool. And if you need to tune the MaxCapacity value. Tuning JDBC Connection Pool Initial Capacity The InitialCapacity attribute of the JDBCConnectionPool element enables you to set the number of physical database connections to create when configuring the pool. The default settings for development and production mode are equal to the default number of execute threads: 15 for development mode. Click Apply to save your changes. make sure to set the InitialCapacity so that it equals the MaxCapacity value.

Expand the Servers node in the left pane to display the servers configured in your domain. For more details. For more details.exe 6. Setting Your Java Compiler The standard Java compiler for compiling JSP servlets is javac. Start the Administration Server if it is not already running. there is considerable processing overhead for the communication between the application server and the database server and on the database server itself. Access the Administration Console for the domain. 3. 2. 4. When an application or EJB calls any of the statements stored in the cache. see "Increasing Performance with the Statement Cache" in the Administration Console Online Help. Enter the full path to the JRE rt. 7. Changing Compilers in the Administration Console To change your compiler in the Administration Console: 1. see "Usage Restrictions for the Statement Cache" in the Administration Console Online Help. improving performance for the current statement and leaving CPU cycles for other tasks. For example: c:\visualcafe31\bin\sj. The pool capacity is independent of the number of execute threads in the server. You can improve performance significantly by setting your server's java compiler to sj or jikes instead of javac. For example: . WebLogic Server reuses the statement stored in the cache. Click the name of the server instance that you want to configure. 5. it is advisable that the number of connections in the pool equal the number of concurrent client sessions that require JDBC connections. Reusing prepared and callable statements reduces CPU usage on the database server. Using the statement cache can dramatically increase performance.in production. Select the Configuration —> General tab and enter the full path of the compiler in the Java Compiler field. but you must consider its limitations before you decide to use it. WebLogic Server can cache prepared and callable statements used in your applications. To minimize the processing costs. There may be many more ongoing user sessions than there are execute threads.jar library in the Append to the Classpath field. Click Show on the Advanced Options bar to display additional attributes. The following sections discuss this procedure and other compiler considerations. Caching Prepared and Callable Statements When you use a prepared statement or callable statement in an application or EJB.

For more information about setting your server's java compiler in the weblogic. For more information.io. Setting Your Compiler in weblogic. you must use weblogic. Raise the file descriptor limit. . specify a different compiler (such as Symantec sj) using the -compiler flag. Restart your server for the new Java Compiler and Append to Classpath values to take effect.xml In the weblogic. for example: set rlim_fd_max = 4096 set rlim_fd_cur = 1024  Use the -native flag to use native threads when starting the JVM. see "Implementing EJBs" in Programming WebLogic Enterpise JavaBeans.jar 8.appc utility to compile EJB 2. For faster performance.xml file. Click Apply.BEA_HOME\jdk141_02\jre\lib\rt. the jsp-descriptor element defines parameter names and values for servlet JSPs. 9.xml file. If you compile Jar files for deployment into the EJB container. Compiling EJB Container Classes Use the weblogic. see the jsp-descriptor element.1 container classes. By default.0 and 1. Compiling on UNIX If you receive the following error message received when compiling JSP files on a UNIX machine: failed: java.IOException: Not enough space Try any or all of the following solutions:   Add more RAM if you have only 256 MB.   Use the compileCommand parameter to specify the Java compiler for compiling the generated JSP servlets.appc to generate the container classes. ejbc uses the javac compiler. Use the precompile parameter to configure WebLogic Server to precompile your JSPs when WebLogic Server starts up.

isolate issues in a single server environment before moving to a clustered environment. the number of concurrent users that can be supported and the number of transactions that can be processed in a given unit of time. The only limitation on cluster membership is that all WebLogic Servers must be able to communicate by IP multicast. Scalability and High Availability Scalability is the ability of a system to grow in one or more dimensions as more resources are added to the system. A domain can include multiple WebLogic Server clusters and non-clustered WebLogic Server instances. The same service can be provided on multiple servers in a cluster. adding additional servers to a cluster should provide linear scalability. except that they provide failover and load balancing. Given a well-designed application. add another WebLogic Server instance to your cluster—without changing your application. When doing benchmark or initial configuration test runs. For more information about clusters. it is entirely possible to increase performance by simply adding more resources. Typically. A cluster appears to its clients as a single server but is in fact a group of servers acting as one to provide increased scalability and reliability. If one server fails. Caution: Provided that you have resolved all application and environment bottleneck issues. Clusters provide two key benefits that are not provided by a single server: scalability and availability. New WebLogic Servers can be added to a cluster dynamically to increase capacity. another can take over.Using WebLogic Server Clusters to Improve Performance A WebLogic Server cluster is a group of WebLogic Servers instances that together provide fail-over and replicated services to support scalable high-availability operations for clients within a domain. WebLogic Server clusters bring scalability and high-availability to J2EE applications in a way that is transparent to application developers. To increase the load handling capabilities of WebLogic Server. Scalability expands the capacity of the middle tier beyond that of a single WebLogic Server or a single computer. The Administration Server for the domain manages all the configuration parameters for the clustered and non-clustered instances. A WebLogic Server cluster guarantees high-availability by using the redundancy of multiple servers to insulate clients from failures. these dimensions include (among other things). see "Introduction to WebLogic Server Clustering". The ability to have a functioning server take over from a failed server increases the availability of the application to clients. . Clustered WebLogic Server instances within a domain behave similarly to non-clustered instances.

Optimistic—When an Optimistic concurrency bean is updated. the container automatically invalidates corresponding read-only EJB instance. you should store user session data in HTTP sessions rather than stateful session EJBs as HTTP session management provides more replication options than stateful session EJBs. If updates to the EJBs are frequent. This is done to avoid optimistic concurrency exceptions being thrown by the other servers and hence the need to retry transactions. with a read-write pattern—In this pattern. By themselves. they are rarely a impact cluster scalability. ReadOnly . See JDBC Application Tuning. bottlenecks are introduced. when coupled with a session replication mechanism required to provide high-availability. the work done by the servers to invalidate the read-only EJBs becomes a serious bottleneck. the only solutions are to tune the database or reduce load on the database by exploring other options. In such situations. The following sections provide information on issues that impact the ability to linearly scale clustered WebLogic servers:      Database Bottlenecks Session Replication Invalidation of Entity EJBs Invalidation of HTTP sessions JNDI Binding. If updates to the EJBs are frequent. See Managing Sessions. any operation that requires communication between the servers in a cluster is a potential scalability hindrance. the database is the bottleneck. Session Replication User session data can be stored in two standard ways in a J2EE application: stateful session EJBs or HTTP sessions. When the state of the updateable bean changes. persistent data that would otherwise be represented by a single EJB are actually represented by two EJBs: one read-only and the other updateable. However. the EJB container sends a multicast message to other cluster members to invalidate their local copies of the bean. Unbinding and Rebinding Database Bottlenecks In many cases where a cluster of WebLogic servers fails to scale. the work done by the servers to invalidate each other's local caches become a serious bottleneck. If a J2EE application has Web and EJB components.How to Ensure Scalability for WebLogic Clusters In general. Invalidation of Entity EJBs This applies to entity EJBs that use a concurrency strategy of Optimistic or ReadOnly with a read-write pattern.

such as Sun Microsystems' Sun Enterprise 10000. Performance Considerations When Running Multiple Server Instances on Multi-CPU Machines With multi-processor machines. multi-processor servers. JNDI binds. additional consideration must be given to the ratio of the number of available CPUs to clustered WebLogic Server instances. However. consider measures to increase network throughput before increasing the number of available CPUs. In order to determine the optimal ratio of CPUs to WebLogic server instances. 3. rather than network or disk I/Obound. 2. If CPU utilization is consistently at or near 100 percent. can potentially host very large clusters or multiple clusters. you must first ensure that an application is truly CPU-bound. BEA advises users to not invalidate sessions unless absolutely required. Add additional CPUs until utilization reaches an acceptable level. If you discover that an application is primarily network I/O-bound. If such operations are performed too frequently. Test your application to determine the Network Requirements. Remember. HTTP sessions can also be invalidated. Use the following steps to determine the optional ratio of CPUs to server instances: 1. Test your application to determine the Disk I/O Requirements. installing a faster network interface card (NIC) may increase performance more than additional CPUs. This is not as expensive as entity EJB invalidation. increase the ratio of CPUs to servers by adding an additional CPU. Unbinding and Rebinding In general. since only the session data stored in the secondary server needs to be invalidated. they can reduce cluster scalability significantly. always reserve some spare . because most CPUs would remain idle while waiting to read available sockets. consider upgrading the number of disk spindles or individual disks and controllers before allocating additional CPUs. JNDI Binding. For truly network I/O-bound applications.Invalidation of HTTP sessions Similar to Invalidation of Entity EJBs. large. Because WebLogic Server has no built-in limit to the number of server instances that reside in a cluster. Begin performance tests using a ratio of one WebLogic Server instance for every available CPU. If you discover that an application is primarily disk I/O-bound. 4. unbinds and rebinds are expensive operations. these operations become a bigger bottleneck in clustered environments because JNDI tree changes have to be propagated to all members of a cluster.

unless you have administrative privileges.txt available in the documentation for the Linux kernel. Grant the user executing the Java application read and write permission to the file system. On Linux 1. You can do this with either the mount command or with the chmod and chown commands. The amount of memory available in the JVM heap. security.CPU cycles on your production systems to perform any administration tasks that may occur. It includes the following information:      The number of idle threads assigned to the queue. as measured by the number of requests already processed by the queue. Monitoring a WebLogic Server Domain The tool for monitoring the health and performance of your WebLogic Server domain is the Administration Console. as measured by the number waiting requests in the queue. To enable BEA JRockit to allocate large pages. system available by using this command: mount -t hugetlbfs nodev /mnt/hugepages 2. Throughput. HTTP. How to Configure Large Pages If you use this option. JNDI. Note: The following steps might need to be completed by your system administrator. you will need to configure large pages on you machine. For more details. Using the Administration Console. CORBA connection pools. you can view status and statistics for WebLogic Server resources such as servers. make a hugetblfs file 1. there is a Server —> Monitoring —> Performance tab on the Administration Console that provides performance metrics related to pending and processed requests for the current server instance. EJB. To do so. . the JTA subsystem. Reserve memory to be used for large pages by executing the following command: echo nn > /proc/sys/vm/nr_hugepages Where nn is the number of desired pages. use one of the following procedures. You should do this step as soon as possible after the machine has been started since ongoing memory usage creates fragmentation and Linux might be unable to allocate the number of specified pages. Queue Length. For a more thorough description of large pages on Linux. For example. JDBC. The oldest pending request in the queue. read the file vm/hugetlbpage. and JMS. see "Monitoring a WebLogic Server Domain in Configuring and Managing WebLogic Server.

and the protocol is stateless. However. then the server regards the client as dead. Context ctx = new InitialContext(env). overcoming these limitations. The server may not voluntarily communicate with the client. env. all you need to do in order to use HTTP tunneling is specify the HTTP protocol in the URL. a client may only make a request. It is generally used to tunnel through an HTTP port in a security firewall. Default is 40 seconds.put(Context. valid range is 20 to 900 seconds. so that the server may volunteer a response to the client. For example: Hashtable env = new Hashtable(). HTTP tunneling is disabled by default. Default is 45 seconds. Tunneling Client Ping When an HTTP tunnel connection is set up. you can expect some performance loss in comparison to a normal socket connection. and terminates the HTTP tunnel connection. and then accept a reply from a server. It is advised that you leave them at their default settings unless you experience connection problems. WebLogic HTTP tunneling simulates a T3Connection via the HTTP protocol. The client may also include instructions in a request. The client accepts the response and automatically sends another request immediately. but WebLogic Server provides tunneling functionality to make the connection appear to be a regular T3Connection. There are two attributes that you can configure in the Administration Console to tune a tunneled connection for performance. Connecting to WebLogic Server from the Client When your client requests a connection with WebLogic Server. Enable Tunneling Enables or disables HTTP tunneling. These properties are used by the server to determine whether the client connection is still valid. . valid range is 10 to 900 seconds. Tunneling Client Timeout If the number of seconds set in this attribute have elapsed since the client last sent a request to the server (in response to a reply). Note that the server must also support both the HTTP and T3 protocols in order to use HTTP tunneling. but this behavior happens regardless of whether the client application needs to communicate with the server. HTTP is a stateless protocol.PROVIDER_URL. when it would otherwise respond to the client's request. the client automatically sends a request to the server.Setting Up WebLogic Server for HTTP Tunneling HTTP tunneling provides a way to simulate a stateful socket connection between WebLogic Server and a Java client when your only option is to use the HTTP protocol. it does so anyway. If the server does not respond (as part of the application code) to the client request within the number of seconds set in this attribute. "http://wlhost:80"). meaning that a continuous two-way connection is not possible. The server checks the elapsed time at the interval specified by this attribute. Configuring the HTTP Tunneling Connection Under the HTTP protocol. or whether the client is still alive.

weblogic. Your application code does not need to do any extra work to make this happen. You can set up your WebLogic Server instance to listen for HTTP requests on any port. If you do not specify this parameter. <context-param> <param-name>weblogic. a special tag is appended to the http protocol. and image files. however. If the file being served is larger than this value.minimumNativeFileSize. The second parameter.http. weblogic. You may need to experiment to find the correct value for weblogic. The Configure Clusters window prompts you to configure the clusters in your domain. although the most common choice is port 80 since requests to port 80 are customarily allowed through a firewall. Using Native I/O for Serving Static Files (Windows Only) When running WebLogic Server on Windows NT/2000/XP you can specify that WebLogic Server use the native operating system call TransmitFile instead of using Java methods to serve static files such as HTML files. even if the port is 80. Configure Clusters A cluster is a group of WebLogic Server instances that work together to provide scalability and high-availability for applications.http. The client must specify the port in the URL. You specify the listen port for WebLogic Server in the Administration Console under the "Servers" node. as the load on the machine running WebLogic Server increases. add two parameters to the web. The following example shows the complete entries that should be added to the web.On the client side. under the "Network" tab.nativeIOEnabled</param-name> <param-value>TRUE</param-value> </context-param> <context-param> <param-name>weblogic. native I/O provides greater performance gains when serving larger files. text files. so that WebLogic Server knows this is a tunneling connection.xml deployment descriptor. native I/O is used.xml file after the <distributable> element and before <servlet> element. .xml deployment descriptor of a Web Application containing the files to be served using native I/O.nativeIOEnabled can also be set as a context parameter in the FileServlet. Generally.http.http.http. These entries must be placed in the web.minimumNativeFileSize</param-name> <param-value>500</param-value> </context-param> weblogic. The first parameter.http. Using native I/O can provide performance improvements when serving larger static files.nativeIOEnabled should be set to TRUE to enable native I/O file serving.minimumNativeFileSize sets the minimum file size for using native I/O. instead of a regular HTTP request. This step is optional. This window is displayed only if your domain contains at least one Managed Server. these gains diminish. To use native I/O. a value of 4K is used.

Multicast port Multicast port for the cluster. The default value in this field is new_Cluster_n. Valid multicast addresses are any valid IP addresses from 224. select the cluster in the list and click Delete. The value is incremented by 1 for each cluster that is added. Note: The wizard provides two views: a concise tabular view of all the clusters and an individual view of each cluster. To toggle the display mode between table and tab formats.255. Review the current list of cluster configurations. Enter a .192. where each cluster is represented by a tab—you switch between clusters by selecting the corresponding tab. Add or modify entries.0. based on the domain source you selected earlier.To configure clusters: 1. Multicast address Multicast address for the cluster. click Switch Display. A cluster address can be one of the following:  Comma-separated list of IP addresses or DNS names and ports. Valid values for multicast ports are from 1 to 65534. When you finish updating your settings. Note: If you are creating a domain that includes Service Bus functionality.255. dns_name:port  DNS name that maps to multiple IP addresses  localhost. . This address is used by cluster members to communicate with each other. where n specifies a numeric value that is used to differentiate among all default cluster names. DNS name. as required by your domain. The name of the cluster must be unique among all component names within the domain. the value of n for the first cluster is 1. The default value is 239. 2. . The default value is 7001. for example: dns_name:port.255. click Next. using the guidelines provided in the following table. you can configure only one cluster per domain. . Cluster address Cluster address that identifies the Managed Servers in the cluster. The multicast port is used by cluster members to communicate with each other. In this field . or IP address if the listen address of all Managed Servers is listening to the same .0. To delete a cluster. Note: Fields marked with an asterisk are required.1 to 239. .0. Name* Valid cluster name: a string of characters that can include spaces.0. Default values may vary.

invocation. Deploy objects homogeneously—to every server instance in your cluster—to simplify cluster administration. and Java Server Pages (JSPs). including Enterprise Java Beans (EJBs). In the sections that follow. Servlets and JSPs WebLogic Server provides clustering support for servlets and JSPs by replicating the HTTP session state of clients that access clustered servlets and JSPs. Web applications can consist of different types of objects. EJB handles may not work properly. and load balancing support that WebLogic Server provides for different types of objects. failover and load balancing for that object is available. WebLogic Server can maintain HTTP session states in memory. The following types of objects can be clustered in a WebLogic Server deployment:       Servlets JSPs EJBs Remote Method Invocation (RMI) objects Java Messaging Service (JMS) destinations Java Database Connectivity (JDBC) connections Different object types can have certain behaviors in common. When this is the case. Each object type has a unique set of behaviors related to control. a filesystem. What Types of Objects Can Be Clustered? A clustered application or application component is one that is available on multiple WebLogic Server instances in a cluster. If the cluster address is not set. If an object is clustered. failover. the methods that WebLogic Server uses to support clustering—and hence to provide load balancing and failover—can vary for different types of objects. or a database. and troubleshooting. maintenance. For this reason. the clustering support and implementation considerations for those similar object types may be same. and how it functions within an application. . servlets.address with unique port numbers The cluster address is used in entity and stateless EJBs to construct the host name portion of URLs. explanations and instructions for the following types of objects are generally combined:   Servlets and JSPs EJBs and RMI objects The sections that follow briefly describe the clustering.

BEA recommends that server-side clients also obtain connections via a data source on the JNDI tree. JDBC Connections WebLogic Server allows you to cluster JDBC objects. The multi data source . EJBs and RMI Objects Load balancing and failover for EJBs and RMI objects is handled using replica-aware stubs. see Load Balancing for Servlets and JSPs. Replica-aware stubs are created for EJBs and RMI objects as a result of the object compilation process. weight-based. WebLogic Server clusters support multiple algorithms for load balancing clustered EJBs and RMI objects: round-robin.  Multi data sources—Multi data sources are an abstraction around a group of data sources that provides load balancing or failover processing between the data sources associated with the multi data source. which can locate instances of the object throughout the cluster. Although not strictly required. round-robin-affinity. and random-affinity. You can balance the servlet and JSP load across a cluster using a WebLogic Server proxy plug-in or external load balancing hardware. EJBs and RMI objects are deployed homogeneously—to all the server instances in the cluster. to improve the availability of cluster-hosted applications. The cluster-aware nature of WebLogic data sources in external client applications allows a client to request another connection if the server instance hosting the previous connection fails. random.  Data Sources—In a cluster. WebLogic Server proxy plug-ins perform round robin load balancing. To understand failover support for different types of objects.To enable automatic failover of servlets and JSPs. external clients must obtain connections through a JDBC data source on the JNDI tree. session state must persist in memory. Failover for EJBs and RMI objects is accomplished using the object's replica-aware stub. When a client makes a call through a replica-aware stub to a service that fails. You can configure a cluster to use one of the other methods using the Administration Console. and then request a database connection. target them to the cluster. External load balancers typically support a variety of session load balancing mechanisms. By default. For more information. the stub detects the failure and retries the call on another replica. For information about how failover works for servlets and JSPs. see Replication and Failover for EJBs and RMIs. The method you select is maintained within the replicaaware stub obtained for clustered objects. weightbased-affinity. and for related requirements and programming considerations. see HTTP Session State Replication. see Load Balancing for EJBs and RMI Objects. Each JDBC object you configure for your cluster must exist on each managed server in the cluster—when you configure the JDBC objects. For details. The data source uses the WebLogic Server RMI driver to acquire a connection. including data sources and multi data sources. Multi data sources are bound to the JNDI tree or local application context just like data sources are bound to the JNDI tree. a WebLogic Server cluster will use the round-robin method. Applications lookup a multi data source on the JNDI tree just like they do for data sources.

 To learn more about how clustered multi data sources enable load balancing of connections.  External Clients Connections—External clients that require a database connection perform a JNDI lookup and obtain a replica-aware stub for the data source.determines which data source to use to satisfy the request depending on the algorithm selected in the multi data source configuration: load balancing or failover. but it can ease the process of reconnecting when a connection fails. In replicated database environments. multi data sources. see Configuring WebLogic JDBC Resources in the Configuring and Managing WebLogic JDBC. the same . connection requests will be handled by the local instance of the data source or multi data source. their connections can be to any cluster members. see Load Balancing for JDBC Connections. see Configure Clustered JDBC. The connection is pinned to the local server instance for the duration of the database transaction. To achieve this result. Replica-aware stubs contain load balancing logic for distributing the load among host server instances.  For instructions on configuring clustered JDBC objects. and as long as the application code retains it (until the connection is closed). Failover and Load Balancing for JDBC Connections Clustering your JDBC objects does not enable failover of connections. multi data sources may be clustered to support database failover. load balancing of connections. if intended for use in external clients. each managed server in the cluster must have similarly named/defined data sources. For more information about JDBC. A server-side data source will not go to another cluster member for its JDBC connections. JMS and Clustering The WebLogic Java Messaging Service (JMS) architecture implements clustering of multiple JMS servers by supporting cluster-wide. Although WebLogic Server supports distributing JMS destinations and connection factories throughout a cluster.  Server-Side Client Connections—For server-side use. and optionally. see Failover and JDBC Connections. Getting Connections with Clustered JDBC To ensure that any JDBC request can be handled equivalently by any cluster member. transparent access to destinations from any WebLogic Server server instance in the cluster. if applicable. See the following topics for more information:  To understand the behavior of clustered JDBC objects when failures occur. data sources and multi data sources should be targeted to the cluster so they are cluster-aware and. The stub for the data source contains a list of the server instances that host the data source—which should be all of the Managed Servers in the cluster.

but it does not guarantee that messages are actually received. One-to-Many Communication Using IP Multicast IP multicast is a simple broadcast technology that enables multiple applications to "subscribe" to a given IP address and port number and listen for messages.0. For instructions on setting up clustered JMS. For more information about load balancing and JMS components. If an application's local multicast buffer is full.1.192. This communication includes: . What Types of Objects Cannot Be Clustered? The following APIs and internal services cannot be clustered in WebLogic Server:   File services including file shares Time services You can still use these services on individual WebLogic Server instances in a cluster. Note: The default multicast value used by WebLogic Server is 239.255. Activating.0.255. Load balancing is supported for JMS. see Configure Migratable Targets for Pinned Services and Deploying. and Migrating Migratable Services. you must configure targets for JMS servers. • IP sockets.0. WebLogic Server uses IP multicast for all one-to-many communications among server instances in a cluster.0. To enable load balancing.0. which are the conduits for peer-to-peer communication between clustered server instances. the services do not make use of load balancing or failover features.0.255. see Load Balancing for JMS.0 to 239. which server instances use to broadcast availability of services and heartbeats that indicate continued availability. WebLogic Server instances allow for the possibility that they may occasionally miss messages that were broadcast over IP multicast. You should not use any multicast address within the range x. new multicast messages cannot be written to the buffer and the application is not notified when messages are "dropped." Because of this limitation. IP multicast broadcasts messages to applications. The way in which WebLogic Server uses IP multicast and socket communication affects the way you configure your cluster. WebLogic Server Communication in a Cluster WebLogic Server instances in a cluster communicate with one another using two basic network technologies: • IP multicast. However.JMS topic or queue is still managed separately by each WebLogic Server instance in the cluster. A multicast address is an IP address in the range from 224.

all routers and other tunneling technologies must be configured to propagate multicast messages to clustered server instances. If Your Cluster Spans Multiple Subnets in a WAN In many deployments. For instructions on setting the Multicast TTL parameter. Firewalls Can Break Multicast Communication Although it may be possible to tunnel multicast traffic through a firewall. server instances in a cluster determine when a server instance has failed. In other words. or to distribute clustered server instances over a larger geographical area. you may want to configure load balancing hardware to ensure that client requests are directed to server instances in the most efficient manner (to avoid unnecessary network hops). For more details. The sections that follow provide guidelines for avoiding problems with multicast communication in a cluster. your network must meet the following requirements:  Full support of IP multicast packet propagation. By monitoring heartbeat messages. you may want to distribute a WebLogic Server cluster across multiple subnets in a Wide Area Network (WAN) to increase redundancy. (Clustered server instances also monitor IP sockets as a more immediate method of determining when a server instance has failed. plan and configure your network topology to ensure that multicast messages are reliably transmitted to all server instances in the cluster. However.  Multicast Time-To-Live (TTL) value for the cluster high enough to ensure that routers do not discard multicast packets before they reach their final destination.) Multicast and Cluster Configuration Because multicast communications control critical functions related to detecting failures and maintaining the cluster-wide JNDI tree (described in Cluster-Wide JNDI Naming Service) it is important that neither the cluster configuration nor the network topology interfere with multicast communications. Note: Distributing a WebLogic Server cluster over a WAN may require network facilities in addition to the multicast requirements described above. see Configure Multicast Time-To-Live (TTL). Cluster-wide JNDI updates—Each WebLogic Server instance in a cluster uses multicast to announce the availability of clustered objects that are deployed or removed locally. Specifically. see Cluster-Wide JNDI Naming Service. Each server instance in the cluster monitors these announcements and updates its local JNDI tree to reflect current deployments of clustered objects. ensuring multicast messages are reliably transmitted.  Network latency low enough to ensure that most multicast messages reach their final destination in 200 to 300 milliseconds. this practice is not recommended for WebLogic Server clusters. Treat each WebLogic Server cluster as a .  Cluster heartbeats— Each WebLogic Server instance in a cluster uses multicast to broadcast regular "heartbeat" messages that advertise its availability. If you choose to distribute a cluster over a WAN (or across multiple subnets). clustered server instances reside within a single subnet. For example.

and ensure that the address can support the broadcast traffic of all clusters that use the address. simply because its heartbeat messages were not received in a timely manner. including NAK messages and heartbeat re-transmissions. assign a dedicated multicast address for use by WebLogic Server clusters. (This generally occurs only in a multi-tier cluster architecture. Increasing the size of the multicast buffers can improve the rate at which announcements are transmitted and received.  Accessing clustered objects that reside on a remote server instance. other applications should not broadcast or subscribe to the multicast address and port used by your cluster or clusters. when a remote Java client application accesses a remote object. and prevent multicast storms. If Multicast Storms Occur If server instances in a cluster do not process incoming messages on a timely basis. Sharing the cluster multicast address with other applications forces clustered server instances to process unnecessary messages. Do Not Share the Cluster Multicast Address with Other Applications Although multiple WebLogic Server clusters can share a single IP multicast address and port.) Note: The use of IP sockets in WebLogic Server extends beyond the cluster scenario—all RMI communication takes place using sockets. introducing overhead. For these reasons. Do not split this logical unit between different security zones. Clustered WebLogic Server instances use IP sockets for:  Accessing non-clustered objects deployed to another clustered server instance on a different machine. make sure that those applications use a different multicast address and port than the cluster does. Sharing a multicast address may also overload the IP multicast buffer and delay transmission of WebLogic Server heartbeat messages. increased network traffic. high-performance mechanism for transferring messages and data between two applications. for example. if the machine or machines that host your cluster also host other applications that use multicast communications. .  Replicating HTTP session states and stateful session EJB states between a primary and secondary server instance. and can stress the network and attached stations. Peer-to-Peer Communication Using IP Sockets IP sockets provide a simple. See Configure Multicast Buffer Size. any technologies that potentially delay or interrupt IP traffic can disrupt a WebLogic Server cluster by generating false failures due to missed heartbeats. such as the one described in Recommended Multi-Tier Architecture. Furthermore.logical unit that provides one or more distinct services to clients of a Web application. The repeated transmission of multicast packets on a network is referred to as a multicast storm. potentially causing endstations to hang or fail. That is. Such delays can result in a WebLogic Server instance being marked as failed. can result.

the console automatically deploys it to all members of the cluster (whether they are local to the Administration Server machine or they reside on remote machines. Two factors determine the efficiency of socket communications in WebLogic Server:  Whether the server instance's host system uses a native or a pure-Java socket reader implementation. using weblogic. Although a pinned deployment targets a specific server instance.ear -target server1 Cancelling Cluster Deployments . Deploy Applications Clustered objects in WebLogic Server should be deployed homogeneously. see the packaging topic in Deploying the Application in Developing Applications for WebLogic Server.  For systems that use pure-Java socket readers. all server instances in the cluster must be running during the deployment process. To ensure homogeneous deployment.) For a discussion of application deployment in clustered environments see Methods of Configuring Clusters. see Deploying WebLogic Server Applications. rather than the all cluster members is called a pinned deployment. whether the server instance is configured to use enough socket reader threads. For a broad discussion of deployment topics. You can perform a pinned deployment using the Administration Console or from the command line.Proper socket configuration is crucial to the performance of a WebLogic Server cluster. Package Applications for Deployment You must package applications before you deploy them to WebLogic Server. When you deploy an application or object to a cluster. rather than individual WebLogic Server instances in the cluster.Deployer -activate -name ArchivedEarJar -source C:/MyApps/JarEar. when you select a target use the cluster name. Pinned Deployment from the Command Line From a command shell. Note: All server instances in your cluster should be running when you deploy applications to the cluster using the Administration Console Deploying to a Single Server Instance (Pinned Deployment) Deploying a application to a server instance.Deployer. use the following syntax to target a server instance: java weblogic. The console automates deploying replica-aware objects to clusters. For more information.

Click the Activate Changes button in the top left corner of the console to activate your changes. In the Console. click Deployments. click the Lock & Edit button in the top left corner of the console. use the following syntax to cancel the deployment task ID: java weblogic. 7. Viewing Deployed Applications To view a deployed application in the Administration Console: 1.Deployer -adminurl http://admin:7001 -cancel -id tag Cancel Deployment Using the Administration Console In the Administration Console. If you have not already done so. Undeploying Deployed Applications To undeploy a deployed application from the WebLogic Server Administration Console: 1. Click Stop.Deployer. View a list of deployed applications in the table displayed in the Console.You can cancel a deployment using the Administration Console or from the command line. 5. Understanding Cluster Configuration This following sections explain how the information that defines the configuration of a cluster is stored and maintained. using weblogic. 4. open the Tasks node to view and to cancel any current deployment tasks. 2. click the Deployments node. and the methods you can use to accomplish configuration tasks:     Cluster Configuration and config. Click Yes. Select when you want the application to stop (undeploy). 3. Cancel Deployment from the Command Line From a command shell. 6. check the checkbox to the left of the application you want to undeploy.xml Role of the Administration Server How Dynamic Configuration Works Methods of Configuring Clusters . In the Console. 2. In the displayed table.

such as the Server. the weblogic. a domain could consist of only one WebLogic Server instance—however. in that case that sole server instance would be an Administration Server. In the unlikely event that the config. Whichever method is used. Strictly speaking. SSL and Log.xml file should be corrupted during the lifetime of the server instance. Role of the Administration Server The Administration Server is the WebLogic Server instance that configures and manages the WebLogic Server instances in its domain.configuration.xml for the domain. it loads the config. Configurable attributes are readable and writable.xml. There are a variety of ways to invoke the services of the Administration Server to accomplish configuration tasks.xml consists of a series of XML elements. ServerMBean has a getListenPort and a setListenPort method.Note: Much of the information in this section also pertains to the process of configuring a WebLogic domain in which the server instances are not clustered.xml in the directory: BEA_HOME/user_projects/domains/<domain_name>/config where domain_name is a domain-specific directory. To learn more about config. . as described in Methods of Configuring Clusters.xml. the Server element has a ListenPort attribute. the Server element includes the child elements WebServer. Each time the Administration Server starts successfully. with the same name as the domain.booted is created in the domain directory. The Domain element includes child elements. a backup configuration file named config. For example. the Administration Server for a cluster must be running when you modify the configuration.xml file is an XML document that describes the configuration of a WebLogic Server domain. that is.management. and all elements in the Domain descend from the Domain element.ServerMBean has a ListenPort attribute.dtd has a corresponding attribute in the configuration API. Cluster Configuration and config. It looks for config. For example. These child elements may have children of their own. and Application elements. The Domain element is the top-level element. config. it is possible to revert to this previous configuration. because each domain must have exactly one Administration Server. A domain can include multiple WebLogic Server clusters and non-clustered WebLogic Server instances. When the Administration Server starts. see Domain Configuration Files in Understanding Domain Configuration. and likewise. The Application element includes the child elements EJBComponent and WebAppComponent. Cluster. Each element has one or more configurable attributes. An attribute defined in config.xml The config.

the load balancing and failover capabilities supported by the domain configuration remain available. Note: If an Administration Server fails because of a hardware or software failure on its host machine. If the domain contains clustered server instances. In this way. those Managed Servers continue to run. As each additional server instance is started.The following figure shows a typical production environment that contains an Administration Server and multiple WebLogic Servers instances. Figure 4-1 WebLogic Server Configuration What Happens if the Administration Server Fails? The failure of an Administration Server for a domain does not affect the operation of Managed Servers in the domain. . it contacts the Administration Server for its configuration information. the Administration Server operates as the central control entity for the configuration of the entire domain. other server instances on the same machine may be similarly affected. When you start the server instances in such a domain. If an Administration Server for a domain becomes unavailable while the server instances it manages—clustered or otherwise—are up and running. the Administration Server is started first. even if the Administration Server fails.

If you are not able to remove the process that captured the listen port. This method is not recommended for initial cluster implementation. checking for out-of-range errors and data type mismatch errors. see Avoiding and Recovering From Server Failure in Managing Server Startup and Shutdown. Methods of Configuring Clusters There are several methods for configuring a clusters:  Domain Configuration Wizard The Domain Configuration Wizard is the recommended tool for creating a new domain or cluster. For a list of the tasks you can perform with the console. When an attribute is reconfigured. but the runtime value is not affected. For a list of the tasks you can perform with the wizard. In most cases you do not need to restart the server instance for your changes to take effect. Once the Administration Console has been started. the new value is immediately reflected in both the current run-time value of the attribute and the persistent value stored in config. see Domain Configuration Wizard Capabilities later in this section.xml. if you change a Managed Server's ListenPort value.xml. Not all configuration changes are applied dynamically.  WebLogic Server Application Programming Interface (API) You can write a program to modify the configuration attributes. the new port will not be used until the next time you start the Managed Server. and displays an error message for erroneous entries. see Administration Console Capabilities.  WebLogic Server Administration Console The Administration Console is a graphical user interface (GUI) to the BEA Administration Service. How Dynamic Configuration Works WebLogic Server allows you to change the configuration attributes of domain resources dynamically—while server instances are running. The updated value is stored in config.However.xml file to change the ListenPort value. if another process captures the listen port assigned to the Administration Server. . It allows you to perform a variety of domain configuration and monitoring functions. The Administration Console validates attribute changes. edit the config. you should stop the process that captured the port. the failure of an Administration Server itself does not interrupt the operation of Managed Servers in the domain. For example. For instructions on re-starting an Administration Server. based on the configuration application programming interface (API) provided with WebLogic Server.

and then supply key information. Domain Configuration Wizard Capabilities The Domain Configuration Wizard uses pre-configured domain templates to ease the process of creating a domain and its server instances. The wizard prompts you to select one of four typical domain configurations:  Single Server—domain with a single WebLogic Server instance. see WebLogic Scripting Tool. Administration Console Capabilities . you can select a domain template.  Managed Server (Owning Administrative Configuration) After you select the desired configuration type. monitor. see Creating WebLogic Domains Using the Configuration Wizard.  Java Management Extensions (JMX) JMX is the J2EE solution for monitoring and managing resources on a network. Using the wizard. and port numbers for the server instances you wish to created. For information on how to use the Domain Configuration Wizard. such as machine addresses. BEA WebLogic Server provides a set of MBeans that you can use to configure. the wizard prompts you to provide relevant details about the domain and its server instances. WebLogic Scripting Tool (WLST) The WebLogic Scripting Tool (WLST) is a command-line scripting interface that system administrators and operators use to monitor and manage WebLogic Server instances and domains. Note: The Domain Configuration Wizard can install the appropriate directory structure and scripts for a domain on a Managed Server that is running on a remote machine from the Administration Server. and one or more Managed Servers that are clustered.  Administration Server with clustered Managed Servers—domain with an Administration Server.  Administration Server with Managed Servers—domain with an Administration Server. and one or more Managed Servers that are not clustered. This is helpful if you need to use a Managed Server as a backup Administration Server for a domain. and manage WebLogic Server resources through JMX. names. For more information.

Note: In addition to distributing HTTP traffic. see Failover and Replication in a Cluster.These sections in Administration Console Online Help list and describe the clusterrelated configuration tasks you can perform using the WebLogic Server Administration Console. WebLogic Server supports the following Web servers and associated proxy plug-ins:  WebLogic Server with the HttpClusterServlet . external load balancers can distribute initial context requests that come from Java clients over t3 and the default channel. See Load Balancing for EJBs and RMI Objects for a discussion of object-level load balancing in WebLogic Server. and related planning and configuration considerations for architects and administrators. Load Balancing for Servlets and JSPs Load balancing of servlets and JSPs can be accomplished with the built-in load balancing capabilities of a WebLogic proxy plug-in or with separate load balancing hardware. and forwards HTTP requests to those instances on a round-robin basis. This load balancing method is described in Round Robin Load Balancing. Load Balancing with a Proxy Plug-in The WebLogic proxy plug-in maintains a list of WebLogic Server instances that host a clustered servlet or JSP. The plug-in also provides the logic necessary to locate the replica of a client's HTTP session state if a WebLogic Server instance should fail. It contains the following information:     Load Balancing for Servlets and JSPs Load Balancing for EJBs and RMI Objects Load Balancing for JMS Load Balancing for JDBC Connections For information about replication and failover in a cluster.      Servers Clusters Deploying Applications and Modules Monitoring a Server Monitoring a Cluster" Load Balancing in a Cluster This section describes the load balancing support that a WebLogic Server cluster provides for different types of objects.

it must support a compatible passive or active cookie persistence mechanism. . If the load balancer's active cookie persistence mechanism works by adding its own cookie to the client session. WebLogic Server clusters do not support active cookie persistence mechanisms that overwrite or modify the WebLogic HTTP session cookie. How Session Connection and Failover Work with a Proxy Plug-in For a description of connection and failover for HTTP sessions in a cluster with proxy plug-ins. see Configure Proxy Plug-Ins. no additional configuration is required to use the load balancer with a WebLogic Server cluster. the load balancer performs all encryption and decryption of data between clients and the WebLogic Server cluster.   Netscape Enterprise Server with the Netscape (proxy) plug-in Apache with the Apache Server (proxy) plug-in Microsoft Internet Information Server with the Microsoft-IIS (proxy) plug-in For instructions on setting up proxy plug-ins.  Active Cookie Persistence Certain active cookie persistence mechanisms can be used with WebLogic Server clusters. For information about the session cookie and how a load balancer uses session parameter data to maintain the relationship between the client and the primary WebLogic Server hosting a HTTP session state.  Passive Cookie Persistence Passive cookie persistence enables WebLogic Server to write a cookie containing session parameter information through the load balancer to the client. These can include advanced load-based balancing strategies that monitor the utilization of individual machines. Load Balancer Configuration Requirements If you choose to use load balancing hardware instead of a proxy plug-in. see Load Balancers and the WebLogic Session Cookie. and SSL persistence. see Accessing Clustered Servlets and JSPs Using a Proxy. Load Balancing HTTP Sessions with an External Load Balancer Clusters that utilize a hardware load balancing solution can use any load balancing algorithm supported by the hardware. provided the load balancer does not modify the WebLogic Server cookie. The load balancer then uses the plain text cookie that WebLogic Server inserts on the client to maintain an association between the client and a particular server in the cluster.  SSL Persistence When SSL persistence is used.

or file-based session persistence. The length of the value is configured by the IDLength parameter in the <sessiondescriptor> element in the weblogic. . see Configuring BIG-IPTM Hardware with Clusters. You must configure the load balancer with the offset and length of the string constant. the sessionid length is 52 bytes. see Programming Considerations for Clustered Servlets and JSPs. For general instructions on configuring load balancers. cookie. Related Programming Considerations For programming constraints and recommendations for clustered servlets and JSPs. if the secondary session does not exist. Instructions for configuring BIG-IP. the secondary_server_id is "NONE". Note: For sessions using non-replicated memory. the secondary_server_id is not present. For sessions that use in-memory replication. The correct values for the offset and length depend on the format of the session cookie. By default. The string uniquely identifies a server instance in the cluster.xml file for an application. The load balancing algorithm for an object is maintained in the replica-aware stub obtained for a clustered object. JDBC. How Session Connection and Failover Works with a Load Balancer For a description of connection and failover for HTTP sessions in a cluster with load balancing hardware. The format of a session cookie is: sessionid!primary_server_id!secondary_server_id where:  sessionid is a randomly generated identifier of the HTTP session.Load Balancers and the WebLogic Session Cookie A load balancer that uses passive cookie persistence can use a string in the WebLogic session cookie to associate a client with the server hosting its primary HTTP session state.  primary_server_id and secondary_server_id are 10 character identifiers of the primary and secondary hosts for the session. Load Balancing for EJBs and RMI Objects This section describes WebLogic Server load balancing algorithms for EJBs and RMI objects. see Accessing Clustered Servlets and JSPs with Load Balancing Hardware. see Configuring Load Balancers that Support Passive Cookie Persistence.

then follow other servers in order for future requests. For more information. The advantages of the round-robin algorithm are that it is simple. It is also the method used by WebLogic proxy plug-ins. in the Cluster Weight field. The round-robin algorithm cycles through a list of WebLogic Server instances in order. This algorithm is supported for RMI objects and EJBs. a WebLogic Server cluster uses round-robin load balancing. A load balancing algorithm that you configure for an object overrides the default load balancing algorithm for the cluster. If all servers have the same weight. This value determines what proportion of the load the server will bear relative to other servers. see Configure Load Balancing Method for EJBs and RMIs.cluster. For clustered objects. Because replica-aware stubs or proxy plug-ins access the servers in the same order. WebLogic Server supports custom parameter-based routing. Note: WebLogic Server does not always load balance an object's method calls. the list consists of all WebLogic Server instances that host the clustered servlet or JSP. cheap and very predictable. the 50-weight server will bear half as much as any other server. You can use the Server -> Configuration -> Cluster tab in the Administration Console to assign each server in the cluster a numerical weight between 1 and 100. see Parameter-Based Routing for Clustered Objects. If one server has weight 50 and all other servers have weight 100. . described in Round Robin Load Balancing. Weight-Based Load Balancing This algorithm applies only to EJB and RMI object clustering. a slow server can cause requests to "synchronize" on the server. For more information. For instructions. Convoying occurs when one server is significantly slower than the others. This algorithm makes it possible to apply the advantages of the round-robin algorithm to clusters that are not homogeneous. The primary disadvantage is that there is some chance of convoying. or with the homeload-algorithm or stateless-bean-load-algorithm in an EJB's deployment descriptor. see Optimization for Collocated Objects. You can also specify the load balancing algorithm for a specific RMI object using the -loadAlgorithm option in rmic. In addition to the standard load balancing algorithms. For proxy plug-ins. You can configure a different default load balancing method for the cluster by using the Administration Console to set weblogic.By default. Round Robin Load Balancing WebLogic Server uses the round-robin algorithm as the default load balancing strategy for clustered object stubs when no algorithm is specified. Weight-based load balancing improves on the round-robin algorithm by taking into account a pre-assigned weight for each server. they will each bear an equal proportion of the load.defaultLoadAlgorithm. the server list consists of WebLogic Server instances that host the clustered object.

 The number of non-clustered ("pinned") objects each server hosts. carefully determine the relative weights to assign to each server instance. random load balancing will give the less powerful machine as many requests as it gives more powerful machines. Over a small number of requests the load may not be balanced exactly evenly. see Optimization for Collocated Objects. requests are routed to servers at random. Disadvantages of random load balancing include the slight processing overhead incurred by generating a random number for each request. and the possibility that the load may not be evenly balanced over a small number of requests. For related information see Cluster-Wide JNDI Naming Service. the client-side stub attempts to choose a server instance to which it is already connected. Factors to consider include:  The processing capacity of the server's hardware in relationship to other servers (for example. the client considers its existing connections to WebLogic server instances when choosing the server instance on which to access an object. the new weighting information is propagated throughout the cluster via the replica-aware stubs. In random load balancing. If the server instance becomes . In this version of WebLogic Server. see Optimization for Collocated Objects. If you change the specified weight of a server and reboot it. If a machine hosting servers in a cluster has significantly less processing power than other machines in the cluster. Server Affinity Load Balancing Algorithms WebLogic Server provides three load balancing algorithms for RMI objects that provide server affinity. All stubs on that client attempt to use that server instance. A random allocation of requests does not allow for differences in processing power among the machines upon which server instances run. If an object is configured for server affinity. where each server instance runs on a similarly configured machine. increasingly so as the cumulative number of requests increases. and continues to use the same server instance for method calls. For more information. Random load balancing is recommended only for homogeneous cluster deployments. Note: WebLogic Server does not always load balance an object's method calls. weight-based load balancing is not supported for objects that communicate using the RMI/IIOP protocol. Random load balancing distributes requests evenly across server instances in the cluster. Random Load Balancing The random method of load balancing applies only to EJB and RMI object clustering. For more information. the number and performance of CPUs dedicated to WebLogic Server).If you use the weight-based algorithm. Notes: WebLogic Server does not always load balance an object's method calls. Server affinity turns off load balancing for external client connections: instead.

the context is obtained using a new connection to the specified server instance. (If a connection is not available. if possible.jndi. To reuse an existing connection between a particular JVM and the cluster. instead of being load balanced among the available server instances.WLContext properties you specify when obtaining context. you must use an affinity-based load balancing algorithm to ensure that method calls stick to a server instance. Otherwise.) ENABLE_SERVER_AFFINITY is only supported when the context is requested from the cluster address.unavailable.  weight-based-affinity—server affinity governs connections between external Java clients and server instances. Server affinity is used in combination with one of the standard load balancing methods: round-robin. random load balancing is used for connections between server instances.  If the initial context is requested from a the cluster. WebLogic Server accomplishes this by causing method calls on objects to "stick" to an existing connection.  random-affinity—server affinity governs connections between external Java clients and server instances. round robin load balancing is used for connections between server instances. context requests are load balanced on a round-robin basis among the clustered server instances. depending on how the context is obtained:  If the initial context is requested from a specific Managed Server. The purpose of server affinity is to minimize the number IP sockets opened between external Java clients and server instances in a cluster. weight-based load balancing is used for connections between server instances. To prevent redundant authentication of stateful CSIv2 clients. all remote calls will be authenticated. Server Affinity and Initial Context A client can request an initial context from a particular server instance in the cluster. Weight-Based Affinity. by default. The connection process varies. weight-based. and RandomAffinity. or from the cluster by specifying the cluster address in the URL. a new connection is created. . to a server instance to which the client is already connected. set ENABLE_SERVER_AFFINITY to true in the hashtable of weblogic. the stubs fail over. or random:  round-robin-affinity—server affinity governs connections between external Java clients and server instances. With server affinity algorithms. use one of the load balancing algorithms described in Round-Robin Affinity. the less costly server-to-server connections are still load-balanced according to the configured load balancing algorithm—load balancing is disabled only for external client connections. Server Affinity and IIOP Client Authentication Using CSIv2 If you use WebLogic Server's Common Secure Interoperability (CSIv2) functionality to support stateful interactions with WebLogic Server's J2EE Application Client ("thin client").

Round-Robin Affinity, Weight-Based Affinity, and RandomAffinity
WebLogic Server has three load balancing algorithms that provide server affinity:
   round-robin-affinity weight-based-affinity random-affinity

Server affinity is supported for all types of RMI objects including JMS objects, all EJB home interfaces, and stateless EJB remote interfaces. The server affinity algorithms consider existing connections between an external Java client and server instances in balancing the client load among WebLogic server instances. Server affinity:
 turns off load balancing between external Java clients and server instances

 causes method calls from an external Java client to stick to a server instance to which the client has an open connection, assuming that the connection supports the necessary protocol and QOS  in the case of failure, causes the client to failover to a server instance to which it has an open connection, assuming that the connection supports the necessary protocol and QOS  does not affect the load balancing performed for server-to-server connections

Server Affinity Examples
The following examples illustrate the effect of server affinity under a variety of circumstances. In each example, the objects deployed are configured for round-robinaffinity.

Example 1—Context from cluster
In this example, the client obtains context from the cluster. Lookups on the context and object calls stick to a single connection. Requests for new initial context are load balanced on a round-robin basis.

Figure 5-1 Client Obtains Context From the Cluster

1.

Client requests a new initial context from the cluster (Provider_URL=clusteraddress) and obtains the context from MS1. 2. Client does a lookup on the context for Object A. The lookup goes to MS1.

3. Client issues a call to Object A. The call goes to MS1, to which the client is already connected. Additional method calls to Object A stick to MS1.

4.

Client requests a new initial context from the cluster (Provider_URL=clusteraddress) and obtains the context from MS2. 5. Client does a lookup on the context for Object B. The call goes to MS2, to which the client is already connected. Additional method calls to Object B stick to MS2.

Example 2—Server Affinity and Failover
This example illustrates the effect that server affinity has on object failover. When a Managed Server goes down, the client fails over to another Managed Server to which it has a connection.

Figure 5-2 Server Affinity and Failover

1. 2.

Client requests new initial context from MS1. Client does a lookup on the context for Object A. The lookup goes to MS1.

3. Client makes a call to Object A. The call goes to MS1, to which the client is already connected. Additional calls to Object A stick to MS1. 4. The client obtains a stub for Object C, which is pinned to MS3. The client opens a connection to MS3. 5. MS1 fails.

6. Client makes a call to Object A.The client no longer has a connection to MS1. Because the client is connected to MS3, it fails over to a replica of Object A on MS3.

Example 3—Server affinity and server-to-server connections
This example illustrates the fact that server affinity does not affect the connections between server instances.

Figure 5-3 Server Affinity and Server-to-Server Connections

on a round-robin basis. The following figure illustrates this. 2. Figure 5-4 Collocation Optimization Overrides Load Balancer Logic for Method Call . Parameter-Based Routing for Clustered Objects Parameter-based routing allows you to control load balancing behavior at a lower level. This is a class that is called before each invocation with the parameters of the call. For information about creating custom CallRouter classes. In most cases.A JSP on MS4 obtains a stub for Object B. The CallRouter is free to examine the parameters and return the name server to which the call should be routed. rather than using a replica that resides on a remote server. Any clustered object can be assigned a CallRouter. For each method call. The JSP selects a replica on MS1. see Parameter-Based Routing for Clustered Objects in Programming WebLogic RMI. it is more efficient to use a replica that is collocated with the stub itself. Optimization for Collocated Objects WebLogic Server does not always load balance an object's method calls. the JSP cycles through the Managed Servers upon which Object B is available.

the servlet obtains a replica-aware stub for Object A. WebLogic Server attempts to use object replicas that are collocated with the transaction. If your Web application is deployed to a single cluster. Because a replica of Object A is also available on the same server instance. It is more efficient to use the local copy.In this example. WebLogic Server attempts to use collocated clustered objects that are enlisted as part of the same transaction. When a client creates a UserTransaction object. This optimization is depicted in the figure below. This optimization is often overlooked when planning WebLogic Server clusters. Figure 5-5 Collocation Optimization Extends to Other Objects in Transaction . In response to client activity. Transactional Collocation As an extension to the basic collocation strategy. The collocation optimization is also frequently confusing for administrators or developers who expect or require load balancing on each method call. If you require load balancing on each method call to a clustered object. because doing so avoids the network overhead of establishing peer connections to other servers in the cluster. the object is said to be collocated with the client's stub. rather than distributing the client's calls to other replicas of Object A in the cluster. WebLogic Server always uses the local. see Recommended Multi-Tier Architecture for information about how to plan your WebLogic Server cluster accordingly. collocated copy of Object A. the collocation optimization overrides any load balancing logic inherent in the replica-aware stub. a client connects to a servlet hosted by the first WebLogic Server instance in the cluster.

because the peer connections for A and B would be locked until the transaction committed. In this situation WebLogic Server always attempts to use replicas of A and B that reside on the same server as the UserTransaction object. added network overhead would be incurred for the duration of the transaction. This transactional collocation strategy is even more important than the basic optimization described in Optimization for Collocated Objects. rather than a multi-tiered connection. To use a load balancing algorithm that provides server affinity for JMS objects. to do the work of the transaction. For instructions. the client looks up Objects A and B to do the work of the transaction. regardless of the load balancing strategies in the stubs for A and B.In this example. you must configure the desired method for the cluster as a whole. Furthermore. WebLogic Server would need to employ a multi-tiered JDBC connection to commit the transaction.cluster. You can configure the load balancing algorithm by using the Administration Console to set weblogic. see Configure Load Balancing Method for EJBs and RMIs. By using collocating clustered objects during a transaction. Load Balancing for JMS WebLogic Server JMS supports server affinity for distributed JMS destinations and client connections. After beginning a new transaction. By default. a client attaches to he first WebLogic Server instance in the cluster and obtains a UserTransaction object. a WebLogic Server cluster uses the round-robin method to load balance objects. Server Affinity for Distributed JMS Destinations . WebLogic Server reduces the network load for accessing the individual objects. The server also can make use of a single-tiered JDBC connection. incurring additional network overhead.defaultLoadAlgorithm. If remote replicas of A and B were used.

A system administrator can establish cluster-wide. a server instance that is load balancing consumers or producers across multiple members of a distributed destination will first attempt to load balance across any destination members that are also running on the same server instance. Each JMS server is deployed on exactly one WebLogic Server and handles requests for a set of destinations. For instructions on setting up targets. the system administrator enables load balancing by specifying targets for JMS servers. The application uses the Java Naming and Directory Interface (JNDI) to look up a connection factory and create a connection to establish communication with a JMS server. WebLogic Server provides server affinity for client connections. but the client has an InitialContext on server C. see How Distributed Destination Load Balancing Is Affected When Using the Server Affinity Enabled Attribute in Programming WebLogic JMS. For instructions on deploying a JMS server to a migratable target. When creating a connection. During the configuration phase. For example. If an application has a connection to a given server instance.Server affinity is supported for JMS applications that use the distributed destination feature. Each JMS server handles requests for a set of destinations. but will choose between servers B and C. JMS will attempt to establish new JMS connections to the same server instance. Each connection factory can be deployed on multiple WebLogic Servers. assume the client has an InitialContext on server A and some other type of connection to server B. if the connection factory is configured for servers A and B. see Deploying. it will try to provide affinity to a server to which the client is already connected. transparent access to destinations from any server in the cluster by configuring multiple connection factories and using targets to assign them to WebLogic Servers. Activating. and Migrating Migratable Services. this feature is not supported for standalone destinations. JMS will try first to achieve initial context affinity. If a connection factory cannot achieve initial context affinity. For detailed information on how the JMS connection factory's Server Affinity Enabled option affects the load balancing preferences for distributed destination members. If the client then uses a connection factory configured for servers B and C it will not achieve initial context affinity. Connection factories are described in more detail in Connection Factory in Programming WebLogic JMS. Initial Context Affinity and Server Affinity for Client Connections A system administrator can establish load balancing of JMS destinations across multiple servers in a cluster by configuring multiple JMS servers and using targets to assign them to the defined WebLogic Servers. If you configure server affinity for JMS connection factories. see Configure Migratable Targets for Pinned Services. assuming that the server instance is configured for that connection factory. Requests for destinations not handled by a JMS server are forwarded to the appropriate server. The connection factory will instead attempt to achieve . For instance. It will attempt to connect to the same server or servers to which a client connected for its initial context. then the connection factory will not establish the new connection with A.

A load balancing multi data source provides the high available behavior described in Failover and JDBC Connections. no other connections and a connection factory configured for servers B and C. Load balancing support is an option you can choose when configuring a multi data source. and in addition. rather than server C. assume a client has an initial context on server A." and its associated services are removed from the JNDI naming tree. to which it already has a connection. How WebLogic Server Detects Failures WebLogic Server instances in a cluster detect failures of their peer server instances by monitoring:   Socket connections to a peer server Regular server heartbeat messages Failure Detection Using IP Sockets WebLogic Server instances monitor the use of IP sockets between peer server instances as an immediate method of detecting failures.server affinity by trying to create a connection to server B. That is. If a server connects to one of its peers in a cluster and begins transmitting data over a socket. the list is rotated so the first pool tapped cycles around the list. balances the load among the data sources in the multi data source. it will go to the same server as it did on the first attempt. see Configure Clustered JDBC. the data sources it contains are accessed using a round-robin scheme. For instance. A multi data source has an ordered list of data sources it contains. In a load-balancing multi data source. if the client attempts to make a second connection using the same connection factory. an unexpected closure of that socket causes the peer server to be marked as "failed. Load Balancing for JDBC Connections Load balancing of JDBC connection requires the use of a multi data source configured for load balancing. If a connection factory cannot provide either initial context affinity or server affinity. when the second connection is made. For instructions on clustering JDBC objects. if it chose server B for the first connection. then the connection factory is free to make a connection wherever possible. The WebLogic Server "Heartbeat" . the client will have a connection to server B and the server affinity rule will be enforced. The connection factory is unable to provide any affinity and is free to attempt new connections to either server B or C. In each successive client request for a multi data source connection. it always attempts to obtain a connection from the first data source in the list. Note: In the last case. If you do not configure the multi data source for load balancing.

All server instances in a cluster use multicast to broadcast regular server heartbeat messages to other members of the cluster. Servers broadcast their heartbeat messages at regular intervals of 10 seconds.." It then updates its local JNDI tree.If clustered server instances do not have opened sockets for peer-to-peer communication. each server in a cluster monitors the multicast address to ensure that all peer servers' heartbeat messages are being sent.e. to retract the services that were hosted on the failed server. Architecture In this context the architecture refers to how the tiers of an application are deployed to one or more clusters. failed servers may also be detected via the WebLogic Server heartbeat. Because not all Web applications are alike. and not necessarily physical divisions between hardware or software components. Cluster Architectures This following sections describe alternative architectures for a WebLogic Server cluster:      Architectural and Cluster Terminology Recommended Basic Architecture Recommended Multi-Tier Architecture Recommended Proxy Architectures Security Options for Cluster Architectures Architectural and Cluster Terminology This section defines terms used in this document. servers can detect failures even if they have no sockets open for peer-to-peer communication. Also keep in mind that the tiers represent logical divisions of an application's services. your application may not utilize all of the tiers described below. If a server monitoring the multicast address misses three heartbeats from a peer server (i. if necessary. . a single machine running a single WebLogic Server instance can provide all of the tiers described below. Each heartbeat message contains data that uniquely identifies the server that sends the message. In turn. In some cases. In this way. Note: For more information about how WebLogic Server uses IP sockets and multicast communications see WebLogic Server Communication in a Cluster. if it does not receive a heartbeat from the server for 30 seconds or longer). the monitoring server marks the peer server as "failed. Web Application Tiers A Web application is divided into several "tiers" that correspond to the logical services the application provides.

For example. the term load balancer describes any technology that distributes client connection requests to one or more distinct IP addresses. In most Web applications. which may also provide firewall-like security capabilities. servlets or Java Server Pages) to clients of a Web application. or port numbers. Load Balancer In this document. Combined Tier Architecture A cluster architecture in which all tiers of the Web application are deployed to a single WebLogic Server cluster is called a combined tier architecture.  Presentation Tier The presentation tier provides dynamic content (for example. untrusted sources. . The web tier is generally the first point of contact between external clients and the Web application. A WebLogic Server cluster that hosts EJBs provides an object tier. but it still permits access to those services from untrusted clients. Apache. Larger applications generally use hardware-based load balancing solutions such as those from Alteon WebSystems. applications. simple HTML pages) to clients of a Web application. Netscape Enterprise Server. because the DMZ is available to untrusted sources. A cluster of WebLogic Server instances that hosts servlets and/or JSPs comprises the presentation tier of a web application. or Microsoft Internet Information Server. The DMZ may be protected by a firewall that hides access to individual machines. Web Tier The web tier provides static content (for example. Enterprise JavaBeans or RMI classes) and their associated business logic to a Web application. However. If the cluster also serves static HTML pages for your application. A simple Web application may have a web tier that consists of one or more machines running WebLogic Express. it encompasses both the web tier and the presentation tier. internal systems may be protected by a firewall that denies all outside access.  Object Tier The object tier provides Java objects (for example. a simple Web application may use the DNS round-robin algorithm as a load balancer. it is less secure than an internal system. De-Militarized Zone (DMZ) The De-Militarized Zone (DMZ) is a logical collection of hardware and services that is made available to outside. For example. The DMZ may provide security against outside attacks to hardware and software. a bank of Web servers resides in the DMZ to allow browser-based clients access to static HTML content.

see Load Balancing HTTP Sessions with an External Load Balancer on page 5-2 for more information. or Microsoft Internet Information Server—that accesses clustered servlets provided by a WebLogic Server cluster. Figure 7-1 Recommended Basic Architecture The benefits of the Recommended Basic Architecture are:  Ease of administration .Load balancers provide the capability to associate a client connection with a particular server in the cluster. you must configure the cookie persistence mechanism to avoid overwriting the WebLogic Server cookie which tracks primary and secondary servers used for in-memory replication. session cookie persistence. With certain load balancing products. Proxy plug-ins also contain the logic for accessing the replica of a client's session state if the primary WebLogic Server hosting the session state fails. Netscape Enterprise Server. See For a discussion of external load balancers. The proxy plug-in contains the load balancing logic for accessing servlets and JSPs in a WebLogic Server cluster. Proxy Plug-In A proxy plug-in is a WebLogic Server extension to an HTTP server—such as Apache. Recommended Basic Architecture The recommended basic architecture is a combined tier architecture—all tiers of the Web application are deployed to the same WebLogic Server cluster. This architecture is illustrated in the following figure. which is required when using in-memory replication for client session information. and the WebLogic Server session cookie.

Load balancing and failover can be introduced only at the interfaces between Web application tiers. each object instance is available locally to each server. Because clustered objects are deployed on all WebLogic Server instances in the cluster. However. You do not need to maintain a separate bank of Web servers (and configure WebLogic Server proxy plug-ins) to benefit from clustered servlets. and the WebLogic Server session cookie. you can configure your load balancer to detect current server loads and direct client requests appropriately.  Flexible load balancing Using load balancing hardware directly in front of the WebLogic Server cluster enables you to use advanced load balancing policies for accessing both HTML and servlet content. so. WebLogic Server optimizes method calls to clustered EJBs by always selecting the local object instance. combined-tier clusters provide no opportunity for load balancing method calls to clustered EJBs. . it limits your ability to fully employ the load balancing and failover capabilities of a cluster. meets the needs of many Web applications. rather than distributing requests to remote objects and incurring additional network overhead. and EJBs. see Load Balancing HTTP Sessions with an External Load Balancer on page 5-2.  Optimal performance The combined tier architecture offers the best performance for applications in which most or all of the servlets or JSPs in the presentation tier typically access objects in the object tier. you must ensure that the load balancer maintains a client's connection to the WebLogic Server instance that hosts its primary session state (the point-of-contact server). When Not to Use a Combined Tier Architecture While a combined tier architecture. you can configure the entire Web application and deploy/undeploy objects using the WebLogic Server Console. servlets. For more information about load balancers. For example. such as the Recommended Basic Architecture. when tiers are deployed to a single cluster. a combined tier architecture meets the needs of most Web applications. see For a discussion of external load balancers.Because a single cluster hosts static HTTP pages. such as EJBs or JDBC objects Note: When using a third-party load balancer with in-memory session replication.  Robust security Placing a firewall in front of your load balancing hardware enables you to set up a De-Militarized Zone (DMZ) for your web application using minimal firewall policies. session cookie persistence. Because most load balancing and failover occurs between clients and the cluster itself. you can only load balance between clients and the cluster.

This collocation strategy is, in most cases, more efficient than load balancing each method request to a different server. However, if the processing load to individual servers becomes unbalanced, it may eventually become more efficient to submit method calls to remote objects rather than process methods locally. To utilize load balancing for method calls to clustered EJBs, you must split the presentation and object tiers of the Web application onto separate physical clusters, as described in the following section. Consider the frequency of invocations of the object tier by the presentation tier when deciding between a combined tier and multi-tier architecture. If presentation objects usually invoke the object tier, a combined tier architecture may offer better performance than a multi-tier architecture.

Recommended Multi-Tier Architecture
This section describes the Recommended Multi-Tier Architecture, in which different tiers of your application are deployed to different clusters. The recommended multi-tier architecture uses two separate WebLogic Server clusters: one to serve static HTTP content and clustered servlets, and one to serve clustered EJBs. The multi-tier cluster is recommended for Web applications that:
 Require load balancing for method calls to clustered EJBs.

 Require more flexibility for balancing the load between servers that provide HTTP content and servers that provide clustered objects.  Require higher availability (fewer single points of failure).

Note: Consider the frequency of invocations from the presentation tier to the object tier when considering a multi-tier architecture. If presentation objects usually invoke the object tier, a combined tier architecture may offer better performance than a multi-tier architecture. The following figure depicts the recommended multi-tier architecture.

Figure 7-2 Recommended Multi-Tier Architecture

Physical Hardware and Software Layers
In the Recommended Multi-Tier Architecture the application tiers are hosted on two separate physical layers of hardware and software.

Web/Presentation Layer
The web/presentation layer consists of a cluster of WebLogic Server instances dedicated to hosting static HTTP pages, servlets, and JSPs. This servlet cluster does not host clustered objects. Instead, servlets in the presentation tier cluster act as clients for clustered objects, which reside on an separate WebLogic Server cluster in the object layer.

Object Layer
The object layer consists of a cluster of WebLogic Server instances that hosts only clustered objects—EJBs and RMI objects as necessary for the web application. By hosting the object tier on a dedicated cluster, you lose the default collocation optimization for accessing clustered objects described in Optimization for Collocated Objects. However, you gain the ability to load balance on each method call to certain clustered objects, as described in the following section.

Benefits of Multi-Tier Architecture
The multi-tier architecture provides these advantages:
 Load Balancing EJB Methods

By hosting servlets and EJBs on separate clusters, servlet method calls to EJBs can be load balanced across multiple servers. This process is described in detail in Load Balancing Clustered Objects in a in Multi-Tier Architecture.
 Improved Server Load Balancing

Separating the presentation and object tiers onto separate clusters provides more options for distributing the load of the web application. For example, if the application accesses HTTP and servlet content more often than EJB content, you can use a large number of WebLogic Server instances in the presentation tier cluster to concentrate access to a smaller number of servers hosting EJBs.
 Higher Availability

By utilizing additional WebLogic Server instances, the multi-tier architecture has fewer points of failure than the basic cluster architecture. For example, if a WebLogic Server that hosts EJBs fails, the HTTP- and servlet-hosting capacity of the Web application is not affected.
 Improved Security Options

By separating the presentation and object tiers onto separate clusters, you can use a firewall policy that places only the servlet/JSP cluster in the DMZ. Servers hosting clustered objects can be further protected by denying direct access from untrusted clients. For more information, see Security Options for Cluster Architectures.

Load Balancing Clustered Objects in a in Multi-Tier Architecture
WebLogic Server's collocation optimization for clustered objects, described in Optimization for Collocated Objects, relies on having a clustered object (the EJB or RMI class) hosted on the same server instance as the replica-aware stub that calls the object. The net effect of isolating the object tier is that no client (HTTP client, Java client, or servlet) ever acquires a replica-aware stub on the same server that hosts the clustered object. Because of this, WebLogic Server cannot use its collocation optimization (described in Optimization for Collocated Objects), and servlet calls to clustered objects are automatically load balanced according to the logic contained in the replica-aware stub. The following figure depicts a client accessing a clustered EJB instance in the multi-tier architecture.

Figure 7-3 Load Balancing Objects in a Multi-Tier Architecture

in response to another client). the multi-tier architecture enables remote EJB access for applications that require load balancing for EJB method calls. if the same WebLogic Server cluster hosted both servlets and EJBs (as in the Recommended Basic Architecture). which lists the addresses of all servers that host the bean. The servlet obtains a replica-aware stub for the bean. it uses the load-balancing logic present in the bean's stub to locate a replica. 4. you can see the implication of isolating the object tier onto separate hardware and software: 1. However. the servlet would always invoke methods on the EJB replica hosted on the local server. the servlet accesses a stateless session EJB. as well as the load balancing logic for accessing bean replicas. An HTTP client connects to one of several WebLogic Server instances in the web/servlet cluster. WebLogic Server would not load balance requests for the EJB. 2.Tracing the path of the client connection.xml Deployment Descriptor Reference in Programming WebLogic Enterprise JavaBeans for more information. The servlet acts as a client to clustered objects required by the web application. See weblogic-ejb-jar. In the example above. going through a load balancer to reach the initial server. In the example above. Instead. The servlet looks up the EJB on the WebLogic Server cluster that hosts clustered objects. multiple method calls are directed using the round-robin algorithm for load balancing. When the servlet next accesses the EJB (for example. 3. Using the local EJB instance is more efficient than making remote method calls to an EJB on another server. In this example. The client accesses a servlet hosted on the WebLogic Server cluster. . Note: EJB replica-aware stubs and EJB home load algorithms are specified using elements of the EJB deployment descriptor.

For details. during peak socket usage. if your Web application requires any of the benefits described in Benefits of Multi-Tier Architecture. the number of sockets actual sockets in use would be less than this maximum. each server in the servlet/JSP cluster could potentially open a maximum of five sockets. Hardware Load Balancers Because the multi-tier architecture uses a hardware load balancer.Configuration Considerations for Multi-Tier Architecture IP Socket Usage Because the multi-tier architecture provides load balancing for clustered object calls. This overhead may be acceptable. each WebLogic Server in the cluster that hosts servlets and JSPs may potentially use a maximum of:  One socket for replicating HTTP session states between primary and secondary servers. however. you must configure the load balancer to maintain a "sticky" connection to the client's point-of-contact server if you use in-memory session state replication. Limitations of Multi-Tier Architectures This section summarizes the limitations of multi-tier cluster architectures. In most cases. the Web application incurs network overhead for all method calls to clustered objects. In particular. For details. the system generally utilizes more IP sockets than a combined-tier architecture. For example. while still fully utilizing each server's processing power. No Collocation Optimization Because the Recommended Multi-Tier Architecture cannot optimize object calls using the collocation strategy. ensure that you configure enough socket reader threads to accommodate the maximum potential socket usage. if your Web clients make heavy use of servlets and JSPs but access a relatively small set of clustered objects. see Configuring Reader Threads for Java Socket Implementation. This maximum represents a worst-case scenario where primary and secondary session states are equally dispersed throughout the servlet cluster. . You may configure a servlet cluster of ten WebLogic Server instances and an object cluster of three WebLogic Server instances. the multi-tier architecture enables you to concentrate the load of servlets and object appropriately. see Configure Load Balancing Method for EJBs and RMIs. for accessing remote objects For example. and each server in the servlet cluster simultaneously accesses a remote object on each server in the object cluster. plus  One socket for each WebLogic Server in the EJB cluster. If you use a pure-Java sockets implementation with the multi-tier architecture. in Figure 7-2.

In such an architecture. For instance. using a WebLogic proxy plug-in or HttpClusterServlet to direct servlet and JSP requests to a cluster. Binding those servers with IP addresses can cause address translation problems and prevent the servlet cluster from accessing individual server instances. unless clients are accessing WebLogic Server using t3 and the default channel. Outside the firewall the ExternalDNSName should translate to external IP address of the server. Recommended Proxy Architectures You can configure WebLogic Server clusters to operate alongside existing Web servers. Use of ExternalDNSName is required for configurations in which a firewall is performing Network Address Translation.Firewall Restrictions If you place a firewall between the servlet cluster and object cluster in a multi-tier architecture. Two-Tier Proxy Architecture The two-tier proxy architecture illustrated in the following figure is similar to the Recommended Basic Architecture. If the internal and external DNS names of a WebLogic Server instance are not identical. ExternalDNSName is required for configurations in which a firewall is performing Network Address Translation. rather than IP addresses. and clients are accessing WebLogic Server using HTTP via a proxy plug-in. a bank of Web servers provides static HTTP content for the Web application. The following sections describe two alternative proxy architectures. you must bind all servers in the object cluster to public DNS names. Figure 7-4 Two-Tier Proxy Architecture . except that static HTTP servers are hosted on a bank of Web servers. use the ExternalDNSName attribute for the server instance to define the server's external DNS name.

Dynamic content—servlets and JSPs—are proxied via the proxy plug-in or HttpClusterServlet to a WebLogic Server cluster that hosts servlets and JSPs for the presentation tier. keep in mind that the physical tier of Web servers should provide only static Web pages. Servlet/Object Layer The recommended two-tier proxy architecture hosts the presentation and object tiers on a cluster of WebLogic Server instances. Web Layer The proxy architecture utilizes a layer of hardware and software dedicated to the task of providing the application's web tier.Physical Hardware and Software Layers The two-tier proxy architecture contains two physical layers of hardware and software. This cluster can be deployed either on a single machine or on multiple separate machines. . This physical web layer can consist of one or more identically-configured machines that host one of the following application combinations:    WebLogic Server with the HttpClusterServlet Apache with the WebLogic Server Apache proxy plug-in Netscape Enterprise Server with the WebLogic Server NSAPI proxy plug-in  Microsoft Internet Information Server with the WebLogic Server MicrosoftIIS proxy plug-in Regardless of which Web server software you select.

Figure 7-5 Multi-Tier Proxy Architecture This architecture provides the same benefits (and the same limitations) as the Recommended Multi-Tier Architecture. Multi-Tier Proxy Architecture You can also use a bank of Web servers as the front-end to a pair of WebLogic Server clusters that host the presentation and object tiers. Proxy Architecture Benefits Using standalone Web servers and proxy plug-ins provides the following advantages:  Utilize Existing Hardware . It differs only insofar as the web tier is placed on a separate bank of Web servers that utilize WebLogic proxy plug-ins. This architecture is shown in the following figure.The Servlet/Object layer differs from the combined-tier cluster described in Recommended Basic Architecture in that it does not provide static HTTP content to application clients.

. however.  Familiar Firewall Policies Using a Web server proxy at the front-end of your Web application enables you to use familiar firewall policies to define your DMZ. load-based policies) that your load balancing hardware supports. You must also install and configure WebLogic proxy plug-ins to the Web servers in order to benefit from clustered servlet access and failover. In general. Note. In this case. you must ensure that the load balancer maintains a "sticky" connection between the client and its point-of-contact server. Using load balancing hardware provides more flexibility for defining load balancing algorithms that suit the capabilities of your system. you are limited to a simple roundrobin algorithm for clustered servlet requests. you can easily integrate existing Web servers with one or more WebLogic Server clusters to provide dynamic HTTP and clustered objects. and you do not need to install and configure one or more proxy plug-ins. using WebLogic Server with a load balancer requires no additional administration for client setup—you do not need to set up and maintain a separate layer of HTTP servers. First. With proxy plug-ins or the HttpClusterServlet. and do not appear within the WebLogic Server administrative domain. Proxy Architecture Limitations Using standalone Web servers and proxy plug-ins limits your Web application in the following ways:  Additional administration The Web servers in the proxy architecture must be configured using thirdparty utilities. Removing the Web proxy layer also reduces the number of network connections required to access the cluster. the load balancing algorithm is limited to a simple roundrobin strategy. You can use any load balancing strategy (for example.  Limited Load Balancing Options When you use proxy plug-ins or the HttpClusterServlet to access clustered servlets. Proxy Plug-In Versus Load Balancer Using a load balancer directly with a WebLogic Server cluster provides several benefits over proxying servlet requests.If you already have a Web application architecture that provides static HTTP content to clients. The figures above depict this DMZ policy. you can continue placing the Web servers in your DMZ while disallowing direct connections to the remaining WebLogic Server clusters in the architecture. that using a third-party load balancer may require additional configuration if you use in-memory session state replication. so that the client accesses the primary session state information.

However. the object layer. the single firewall can use any combination of policies (application-level restrictions. The sections that follow describe several common ways of defining your DMZ to create varying levels of application security. not all boundaries can support a physical firewall. and it can be used with either the Recommended Basic Architecture or Recommended Multi-Tier Architecture cluster architectures. The most important role for the firewall is to deny direct access to any other servers in the system. the servlet layer. Security Options for Cluster Architectures The boundaries between physical hardware/software layers in the recommended configurations provide potential points for defining your Web application's DeMilitarized Zone (DMZ). and certain boundaries can support only a subset of typical firewall policies.When using proxy plug-ins. IP masquerading) to filter access to three HTTP servers. and the database itself must not be accessible from untrusted clients. NAT. Figure 7-6 Basic Proxy with Firewall Architecture In the above configuration. no special configuration is necessary because the proxy automatically maintains a sticky connection. . In other words. Basic Firewall for Proxy Architectures The basic firewall configuration uses a single firewall between untrusted clients and the Web server layer.

In general. because you need only permit access to the web servers and deny access to all other systems. follow these configuration guidelines:  Bind to clustered server instances using publicly-listed DNS names. If you choose to define your DMZ more conservatively. Clusters. For example. rather than IP addresses. most sites rely on a firewall as the first line of defense for their Web applications. the basic firewall configuration creates a small-footprint DMZ that includes only three Web servers. see Channels. However.Note that you can place the physical firewall either in front of or behind the Web servers in the DMZ. and Firewalls in Designing and Configuring WebLogic Server Environments. Placing the firewall in front of the Web servers simplifies your firewall policies. Note: If the clustered servers segregate https and http traffic on a pair of custom channels. you can place additional firewalls using the information in Additional Security for Shared Databases. a more conservative DMZ definition might take into account the possibility that a malicious client may gain access to servers hosting the presentation and object tiers. Firewall Between Proxy Layer and Cluster If you place a firewall between the proxy layer and the cluster. use the ExternalDNSName attribute for the server instance to define the its external DNS name. to ensure that the proxy plug-ins can connect to each server in the cluster without address translation error that might otherwise occur. and should be used in front of load balancing hardware. DMZ with Basic Firewall Configurations By denying access to all but the Web server layer. Although many hardware solutions provide security features in addition to load balancing services. as shown below. the hacker may then be able to gain information about the proxied servers that the Web server accesses for dynamic content. firewalls provide the most well-tested and familiar security solution for restricting web traffic. as described in Firewall Considerations. Depending on the level of access. Figure 7-7 Basic Proxy with Firewall and Load Balancer Architecture . assume that a hacker gains access to one of the machines hosting a Web server.  If the internal and external DNS names of a clustered server instance are not identical. Combining Firewall with Load Balancer If you use load balancing hardware with a recommended cluster architecture. you must decide how to deploy the hardware in relationship to the basic firewall. Outside the firewall the ExternalDNSName should translate to external IP address of the server instance.

Expanding the Firewall for Internal Clients If you support internal clients that require direct access to your Web application (for example. This configuration is shown below. because the firewall need only limit access to the load balancer. Figure 7-8 VPN Users have Restricted Access Through Firewall .The above setup places the load balancer within the DMZ along with the web tier. you can expand the basic firewall configuration to allow restricted access to the presentation tier. the clients may be treated as trusted connections and can connect directly to the presentation tier going through a firewall. Using a firewall in this configuration can simplify security policy administration. remote machines that run proprietary Java applications). as described below. If you use a Virtual Private Network (VPN) to support remote clients. The way in which you expand access to the application depends on whether you treat the remote clients as trusted or untrusted connections. This setup can also simplify administration for sites that support internal clients to the Web application.

In this case. Figure 7-9 Application Components Have Restricted Access Through Firewall Additional Security for Shared Databases .If you do not use a VPN. you can modify the firewall policy to permit application-level connections to WebLogic Server instances hosting the presentation tier. as shown in the following figure. all connections to the Web application (even those from remote sites using proprietary client applications) should be treated as untrusted connections.

Troubleshooting Common Problems . Figure 7-10 DMZ with Two Firewalls Architecture In the above configuration. This configuration provides additional security in the unlikely event that the first firewall is breached. DMZ with Two Firewall Configuration The following configuration places an additional firewall in front of a database server that is shared by the Web application and internal (trusted) clients. and a hacker ultimately gains access to servers hosting the object tier. you should consider placing a hard boundary between the object layer that accesses your database. Doing so simply reinforces the DMZ boundaries described in Basic Firewall for Proxy Architectures by adding an additional firewall. the boundary between the object tier and the database is hardened using an additional firewall.If you use a single database that supports both internal data and data for externallyavailable Web applications. Note that this circumstance should be extremely unlikely in a production environment—your site should have the capability to detect and stop a malicious break-in long before a hacker gains access to machines in the object layer. The firewall maintains a strict application-level policy that denies access to all connections except JDBC connections from WebLogic Servers hosting the object tier.

This chapter provides guidelines on how to prevent cluster problems or troubleshoot them if they do occur. Before You Start the Cluster You can do a number of things to help prevent problems before you boot the cluster. The errors you are most likely to see if the multicast address is bad are: Unable to create a multicast socket for clustering Multicast socket send error Multicast socket receive error . The multicast address can be an IP number between 224. make sure the cluster's multicast address and port are correct and do not conflict with the multicast address and port of any other clusters on the network.0. they should use different ports. but can have different minor version numbers and service packs. The cluster's Administration Server is typically not configured as a cluster member.255.255. A multicast address is required for each cluster. or a host name with an IP address within that range.0.255. the combination of multicast address and port must be unique. If two clusters on a network use the same multicast address. Check the Server Version Numbers All servers in the cluster must have the same major version number. If the clusters use different multicast addresses. Before booting the cluster. If you try to start a cluster without a clustering license. they can use the same port or accept the default port. Check the Multicast Address A problem with the multicast address is one of the most common reasons a cluster does not start or a server fails to join a cluster. For each cluster on a network. You can check a cluster's multicast address and port on its Configuration-->Multicast tab in the Administration Console. Check for a Cluster License Your WebLogic Server license must include the clustering feature.0 and 239. 7001. but it should run the same major version of WebLogic Server used on the managed servers. you will see the error message Unable to find a license for clustering.

%WL_HOME%\server\lib\weblogic. and the minimum value is 5. rather than appending to an existing log file. or a server fails to join the cluster. CLASSPATH is set by the setEnv script. To view the thread count for the default execute queue. setEnv sets this value for CLASSPATH (as represented on Windows systems): set WL_HOME=C:\bea\weblogic700 set JAVA_HOME=C:\bea\jdk131 . change it to a higher value so that the Managed Server does not hang on startup. Remove or back up any log files you currently have. 1. configured with a fixed number of execute threads. which you run before you run startManagedWebLogic to start the managed servers.jar. Remember: a log file that contains multiple thread dumps is a prerequisite for diagnosing your problem. Stop the server. collect diagnostic information. set CLASSPATH=%JAVA_HOME%\lib\tools.jar. %CLASSPATH% If you change the value of CLASSPATH on one managed server. %WL_HOME%\server\lib\weblogic_sp. By default. You should create a new log file each time you boot a server. you must change it on all managed servers in the cluster.Check the CLASSPATH Value Make sure the value of CLASSPATH is the same on all managed servers in the cluster. If the value of Thread Count is below 5. choose the Configure Execute Queue command on the Advanced Options portion of the Configuration> General tab for the server. or change how setEnv sets CLASSPATH. .jar. 2. The most important information is a log file with multiple thread dumps from a Managed Server. The default thread count for the default queue is 15. The log file is especially important for diagnosing cluster freezes and deadlocks. Generate a Log File Before contacting BEA Technical Support for help with cluster-related problems. After You Start the Cluster Check Your Commands If the cluster fails to start. Check the Thread Count Each server instance in the cluster has a default execute queue. such as startManagedWebLogic or a java interpreter command. . the first step is to check any commands you have entered. for errors and misspellings.

168.  Use Kill -3 PID. If a server hangs. you can generate a thread dump using the JRockit Management Console. use one of the following methods to generate a thread dump.Server >> logfile.0. where PID is the root of the process tree.admin. To obtain the root PID.3. use kill -3 or <Ctrl>-<Break> to create the necessary thread dumps to diagnose your problem. Attach the compressed log file to an e-mail to your BEA Technical Support representative. The first PID reported will be the root process. 5. 7. Make sure to do this several times on each server. Start the server with this command. Continue running the cluster until you have reproduced the problem. assuming that the ps command has not been piped to another routine. see Getting a JRockit Thread Dump Under Linux. ** using a grep argument that is a string that will be found in the process stack that matches the server startup command. Getting a JRockit Thread Dump under Linux If you use the JRockit JVM under Linux. you can use the BEA Customer Support FTP site. If the compressed log file is too large.policy==$WL_HOME/lib/weblogic.txt . which turns on verbose garbage collection and redirects both the standard error and standard output to a log file: % java -ms64m -mx64m -verbose:gc -classpath $CLASSPATH -Dweblogic.txt Redirecting both standard error and standard output places thread dump information in the proper context with server informational and error messages and provides a more useful log. 8.policy -Dweblogic.host=192.tar logfile. 6. spaced about 5-10 seconds apart. to help diagnose deadlocks. perform a: ps -efHl | grep 'java' **.Name=clusterServer1 -Djava. Do not cut and paste the log file into the body of an e-mail.admin THREAD_DUMP command. .  Use the weblogic. 4.security.101:7001 weblogic.  If the JVM's management server is enabled (by starting the JVM with the -Xmanagement option). Note: If you are running the JRockit JVM under Linux. Compress the log file using a Unix utility: % tar czf logfile.domain=mydomain -Dweblogic.or zip it using a Windows utility.

each execute thread appears as a separate process under the Linux process stack. you should also check the garbage collection on the managed servers. Run utils. Check Garbage Collection If you are experiencing cluster problems. If garbage collection (either first or second generation) is taking 10 or more seconds.MulticastTest You can verify that multicast is working by running utils.Under Linux.MulticastTest from one of the managed servers. If garbage collection is taking too long. . you need to tune heap allocation (the msmx parameter) on your system. the servers will not be able to make the frequent heartbeat signals that tell the other cluster members they are running and available. otherwise no thread dump will be produced. To use Kill -3 on Linux you supply must match PID of the main WebLogic execute thread. See Using the WebLogic Server Java Utilities in WebLogic Server Command Reference.