Jeff Bounds Systems Engineer Sun Microsystems, Inc.

• Sun ONE™ Overview • Sun ONE Architecture • Sun ONE Studio – Java IDE • Sun ONE Application Framework • Sun ONE Application Server • Sun ONE Portal Server • Sun ONE Identity Server • Java vs .NET

The IT Advantage for ROA
Do More with Less

A New Role for IT
• • •

Transform the business Optimize the value chain Move closer to customers




Services On Demand

Evolutio n Not Revolution

D.A.R. T.

Sun ONE Architecture
Service Creation, Assembly and Deployment

Service Integration
Access to Data, Applications and Other Services

Service Container
Runtime Environment Persistence State Management High Availablity

Service Delivery
Connection Location Aggregation Formatting Content Delivery Syndication Personalization Caching Synchronization Application Management Provisioning

Applications/ Core Web Services Web Services

Identity and Policy
Roles, Security, Privacy, Management, Monitoring, QOS Operating System, Hardware, Storage, Network


Sun ONE Standards
Service Creation, Assembly and Deployment

Service Integration
UDDI, ebXML, JMS, Java Connectors, SQL, JDBC, CORBA, JavaMail, FTP, BPSS, EDI

Service Container

Service Delivery
WebDAV, SyncML, RDF, RSS, WML, cHTML, J2ME, MIDP, JavaCard, VoiceXML

HTML, XHTML, HTTP(S), SSL/TLS, Java, J2SE, J2EE, (EBJ, JSP, Servlets, JNDI, JMS, ...) JAX* (JAXM, JAXR, JAX-RPC, JAXB, JAXP), SOAP, WSDL, XML, XSLT, XML Schema, SAX DOM Italic = Emerging/ Future Standard

Applications/ Core Web Services

Web Services
(see Right Column)

Identity and Policy: Liberty, LDAP, vLIP, SP-DAN, DSML, UDDI,
ebXML, SASL, SAML, XACML, X.509, PKCS, PKIX, OCSP, CM, CIM-SOAP, WBEM, Kerberos, IKE, JAAS, J2SE Policy/Perms, JCA/JCE, P3P, XKMS, XML DSIG, XML Encrypt POSIX, NFS, FTP, Bind, Sendmail, DHCP, TCP, IPv6, Mobile IPv4, IPSec, GSS-API, PPP, Fibre Channel, SCSI, Infiniband


Evolution of Networked Computing


Scope of Sun ONE


Services on Demand

Services on Demand
Services on Demand is an umbrella concept for delivering services any time, anywhere, on any kind of client device. The concept comprises: – Internet Web Application delivery platform today – Emerging infrastructure for basic Web Services – A roadmap for enhancing Web Services for Federated Commerce with identity services and contextual awareness – Specifications for access by current and future deployment environments: J2EE, J2ME, Jini, JXTA, Grid Computing, etc. 1

Sun ONE Architecture: Integrated, Integratable
Integrated Stack
Service Creation, Assembly, and Deployment Service Container Service Delivery Applications/ Service Core Web Services Integration Web Services Identity and Policy Platform Applications/ Core Web Services Service Integration

Integratable Stack
Service Creation, Assembly, and Deployment

Service Delivery

Service Container Web Services

Identity and Policy Platform

Two Audiences for the Architecture
– Enterprises and Service Developers – Software Vendors: Gap Fillers, Competitors

Sun ONE Studio 4, Enterprise Edition


Sun ONE Studio 4

SOS ME(new)

Sun ONE Studio today
April 2002

Quantitative feedback
– – –

March 2001

Over 1,977,000 downloads 4/ 5 Stars Over 4.1 million distributions Rave reviews and awards (JavaWorld, PC Magazine, Software Development Online, InfoWorld) "We evaluated every Java IDE available and none offered the flexibility and freedom of the Forte for Java product.”
Tim Ferrell, IT Director McGee Corporation

4/ 5 S tars

F fo orte r Ja av O le rac J ev D eloper
InfoW orld R eview, April 2001


2001 Innovator Award

April 2001 1

Sun ONE Studio – based on an Open Tools Platform

Sun ONE Studio is based on the NetBeans framework -- an open tools platform that can be extended by the developer community Open source ensures APIs are not controlled by any one vendor The IDE is a platform:
– – – Provides feature rich functionality ISV partners provide value added plug-ins that easily integrate into the IDE ISVs can use NetBeans to develop own tools and solutions



Developer Ressources Portal

Product Support FAQs, Knowledge Base, Newsgroups, Bug Fixes, Docs, Fee Based Support, Web Based Training Community Participation – Newsgroups, Early Access Program, Chats, Contribute Content, Advisory Council, Newsletter Java programming support Submit and review bugs Download patches and modules


JSP Debugging - HTTP Monitor

• Source level debugging • Integrated with Web

Containers (Tomcat/iWS) • HTTP Monitor records / plays back web requests

Sun ONE Studio Update Service

Powerful Web-based Service for Developers – Wizard in the IDE – Patches – Module Updates – New Modules

Join the Early Access Program at


Sun ONE Studio

Sun ONE Studio, Mobile Edition
– –

Development of CLDC/MIDP Applications UEI Support for Integration of Emulators

One IDE Toolset for Java and C/C++/Fortran
– Debugging across Java and C/C++ Applications – Native Connector Tool: Automatic Generation of Java Classes accessing C/C++/Fortran Functions

Sun ONE Support
– –

XSLT Plug-In Module for Sun ONE Integration Server Plug-In Module of Sun ONE Application Framework

Sun ONE Studio 4, Enterprise Edition
• Full J2EE 1.3 Support
– EJB 2.0 (MDB) – JSP 1.2, Servlets 2.3 – Java Connector Architecture (JCA)

• Web Services Support • J2EE 1.3 Application Server Support • Windows NT, 2000 and XP, Solaris 8 and 9,

Red Hat Linux 7.2a


Application Server Integration

Plugging Modules for:

J2EE Reference Implementation 1.3.1 Sun ONE Application Server 7 Tomcat 4.0 Oracle 9i Application Server BEA WebLogic 6.1 & 7

Open source Application Server Integration API

Sun ONE Studio 4, Enterprise Edition


Sun ONE Application Framework


S1AF – Key Features
• • • • • • • •

Pure J2EE JAVA Evolving graphical tools. Enterprise strength Web Application Development Powerful Component usage methodology Well defined Models (and Custom models) Multiple Rendering (same business logic) Events (application level, page level and field level)

Web Services using JAX RPC (requiring no developer 1 code)

S1Af Architecture


S1AF – Architecture

VIEWS – Provides developers a client agnostic, hierarchical
representation of the model data. Enabling multiple rendering specifications to reuse common presentation logic, ensuring great structure and flexibility.

COMPONENTS - “Out of the box” visual components such as
Button, Check Box, Combo Box, etc. are available as well as 3rd party add-on components .

MODELS - Common interface for using any Enterprise
● ● ● ●

Web Service resources Database resources UIF (Enterprise Connectors) resources J2EE Connector Architecture resources

Sun ONE Studio and S1AF


Sun ONE Studio and S1AF


Useful URLs
• • • • • •

Sun ONE Portal Server


Portal Computing Is the Solution
Data No Matter Where It Resides Securely Aggregated and Personalized Targeted Communities Employee
Enterprise, Legacy, & Business Intelligence 3rd Party Data and Information Feeds Communication & Collaboration Web pages & links Process Automation Services




Identity Enabled Portal Platform
Data No Matter Where It Resides Securely Aggregated and Personalized Targeted Any Device Communities

Enterprise, Legacy & Business Intelligence 3rd Party Data and Information Feeds Communication & Collaboration Web Pages & Links




Process Automation Servcies
Identity Identity Attributes Functions

Authentication Mechanism Customer


Sun ONE Portal Server & Identity Management
Sun ONE Portal Server


Increases Security

Central control decreases inconsistencies Finer-grained policy enforcement Less duplication; common infrastructure Integrated, one product IT efficiencies

Reduces Costs
Sun ONE Identity Server
Delegated Administration

Identity Credentials Roles & Groups Preferences Policies & Profiles

Web Single Sign-On

Flexible Usage & Deployment
● ● ●

Centralized Access Control

Single sign-on Delegated administration Portal installation includes Identity Server Multiple portals and applications leverage common 1 infrastructure

Sun ONE Portal Server Product Line
ss cce A Secure Access to: ote m Re Intranet File Servers, Legacy Apps e cur Internal Web Apps Se
User Desktops

ss cce A Any Device Access bile Mo


Groupware Connectivity

VoiceXML, WAP 2.0/WAP Push J2ME Device & Sync Support

Sun ONE Portal Server
Identity & Policy Management Development Tools Personalization Search Web Services and Aggregation & Presentation Security

Sun ONE Identity Server Sun ONE Directory Server Sun ONE Web/Application Server

Portal Server Architecture
Sun ONE Portal Server
Portal Server Services
Desktop (JSP and Template) Providers Display Profiles Template Manager Rewriter NetMail

Search & Indexing

Sun ONE Identity Server
Policy Services Admin Services Java Development Kit, JAXP, JSS

Sun One Directory Server

Sun ONE Web Server

Use of Multi-Roles and Groups
AXA Financial – BtoC and BtoB Portals

Improve customer and partner interactions while gaining efficiencies and cost savings Sun ONE Portal Server (Business to Business and Consumer Portals) Platform reusability reduces time-to-market, lowers deployment costs Lower transaction costs



A Single Portal Infrastructure Serving Multiple Communities
State of New Jersey -- Government Portal

Address the demands of citizens, employees, other government agencies and NJ-based businesses Create multiple portals using Sun ONE Portal Server as common infrastructure The State of NJ realizes efficiences and cost savings while creating happy portal users enabling them to live and work 1 better in the state of New Jersey



Aggregation & Presentation
Delivers integrated content, applications, and services through customizable portlets.

Aggregated content & services



Tab-based grouping of content specified by portal users User defined personalization and preferences capability User Context and personalization via Standards-Based Identity for unified profiles and policy management Administrators control the customization options, down to portlet-level



Support for multiple authentication types Single Sign On Access control Policy enforcement Identity management

Authentication Methods

● ● ●

Windows NT domains UNIX log-n X.509 certificates LDAP Sun ONE Portal Server RADIUS SafeWord CrytoCard Java Card SmartCard


Secure Web-Based Access
Secure B2B and B2E Web-based access solution Integrated identity management Leverage existing corporate resources via the portal Low cost solution with increased ROI

Same authentication and authorization as on the Intranet

End user ease of use and familiarity without additional training

Ease of administration and maintanence

Benefits of Secure Web-Based Access

Easy and cost-effective
– Simplifies IT administration and maintenance overhead – Zero client footprint and Zero 'leave behind'

Pre-packaged, embedded components
– Installs as a complete environment (i.e., Directory, Admin, Policy, ...) – No integration required!

Standards-based solution without compromise
– Open Java API for channel, authentication, session, policy, profile, logging – Commitment to Industry Standards

Universal access
– Delivers on the promise of the Internet for anytime, anywhere access to key 1 applications and services

How Does It Work?

Delivers encrypted access to data, applications and files securely using the policy-based authentication and access control mechanism of the Sun ONE Portal Server

Netlet (Patented technology!)

Provides Web, NT, Unix and Mainframe Applications that are either pushed to the client as HTML Web pages or presented as Java applets that are downloaded dynamically


File access client provides access to most popular file systems, NT and Unix


Enables intranet access to HTML, XML, WML, Javascript and CSS content to remote client devices (i.e., similar to a Proxy Server)


Sun ONE Identity Server


Sun ONE Identity Server
“A comprehensive solution for managing identity and enforcing access to services. It tightly integrates the Sun ONE Directory Server with policy and user management to simplify the administration of users and to provide a single identity across a range of web and application servers.”

Identity Server Benefits

Provides consistent security policies across the network Supports centralized authentication and authorization Provides complete identity lifecycle management





Identity Management

Communication E-business Applications Applications

Enterprise Applications

Vertical Applications

Solution: Identity Management

Sun ONE Identity Management Framework
Directory Server
LDAP Repository Performance, Scalability High Availability, Replication UDDI Private Registry

Identity Server
Access Management/User Management Web SSO, Authentication, Audit/Logging Delegated Admin, User Self-Reg/ Self-Mgmnt Federated Identity (Liberty)

Directory Proxy
LDAP Proxy Fail Over, Load Balancing Schema Mapping, Client Routing

Certificate Server
PKCS standards compliance Registration/Certification Authority Bulk Enrollment, FIPS compliance

Meta Directory
Synchronization, Consolidation Join, Identity Provisioning

Identity Management Framework Deployment

Identity Server

Certificate Server

Web Proxy

Web/App Servers

LDAP Proxy

Directory Server





Sun ONE Identity Framework

Identity Management Framework Benefits

Increases Security
Centralized policy allows a single point of access enforcement All access is logged to single point for use w/ audit or intrusion detection tools Enables stronger security by allowing the use of digital certificates, token cards, smart cards, etc for all protected applications and resources

Reduces costs
Web single sign-on (SSO) enables major IT cost savings and user efficiencies User self-service and delegated account administration reduces IT help desk costs Centralized admin of users, policies, and services

Increase operational efficiencies
One button account management can create, maintain, and delete accounts from a single point across all services Keeps information synchronized across multiple data sources (e.g. Windows accounts, mail accounts, HR systems

Identity Management ROI

Average user spends 16 minutes/day being authenticated. At a 10,000-user company, this costs 2,666 employee hours per day. Any time savings will product productivity gains. On average, user-management takes 63% longer than necessary. This delay results in lost revenue, reduced communications, and lost productivity. Respondents predicted that time savings from the centralization and consolidation of user database management would be more than 1,200 hours a year. Managing users, user databases, authentication, and access control would result in an estimated 54,180 hours per year. Even a 25% improvement in efficiency in this case would result in a savings of more than 13,500 hours. Security is improved by offering a more exact match between the accounts and rights assigned to individuals and the rights needed by the business.
Survey by META Group Oct 2002

Identity Server Positioning

Identity Management solution for Intranets & Extranets
Component of S1 Portal Server, will be a component of Messaging, Calendar, and other Sun ONE product in 2003 Public APIs for easy integration by ISVs, OEMs, and customers Provides Federated Identity (via Liberty)

Provides Access Management (AAA)
Web SSO, Authentication, Authorization, Audit/Logging

Provides common Admin GUI for Users, Access Management, Services
Centralized/Delegated Admin, User Self-Registration, User SelfManagement

Project Liberty Organization

The Liberty Project is a business alliance formed to deliver and support a Federated Identity solution for the Internet
Open – Specifications created by its members Universal SSO Affiliated services and programs

Liberty membership includes:
Financial, banking, travel, airlines, telecom carriers, ISPs, wireless/mobile operators, device manufacturers, technology vendors 17 founders, 26 sponsors, over 2 billion identities represented Membership is open to affiliates non-profit government, public, or standards groups

Secure Network Identity: Project Liberty
Your choice: (1) Trust Microsoft with everything, or (2) Choose who you trust, when you trust them, and what you trust them to know: Project Liberty Project Liberty: Partnership of 100+ companies, representing more than one billion online identities, driving open, federated identity standards.
Financial Svcs Customer Community

Online Community

Wireless Community

Telecommunications Community Online Community

Retail Community Payment Community


More on the Liberty Alliance:


Liberty Specification

1.0 (July 15, 2002)
Identity Federation / Federation Termination
Name Registration – way to implement Federation that may speed performance (2 way index)

Single Sign-On Single Sign-Off (Global Logout)

2.0 (Summer 2003)
Attribute exchange (profile data exchange) Services Framework – way to find where a user has services available when there is a centralized Identity Provider, and multiple Service Providers

Java vs .NET


The purpose of this debate
Question: Why are we having this debate?


Sun's purpose
We want to help you build open systems We want to demonstrate how the JavaTM Community and J2EETM technology give you choice We want to show you how to build services deployable today on any server platform, available from any client or device


Opposing Strategies
Sun's strategy: Define open standards for JavaTM, XML, and Internet protocols with community, then compete on implementation

Maximizes your choice in development tools and deployment environments Choice reduces your technical and business risk

Microsoft's strategy: Corrupt standards with proprietary .NET lock-ins, bombard the market with tools supporting their lock-ins, then call .NET “open” because some (but not all) of its components are based upon standards

Microsoft's Notion of Choice

Which version of Windows and Internet Explorer will you choose?

Screenshot: .NET Framework download using Windows Update 1

What you should do

Listen carefully to the debate, and to your “gut”. Don't wait for MS to lock you in when .NET server finally ships someday. Choose to use the Java™ Platform and widely deployed J2EE™ technology today to build scalable, secure, cost effective systems.

What is the Java™ Platform?
The Java Platform includes:

Java Virtual Machine, core APIs, and related technologies defined by the Java Community in J2EETM, J2SETM, and J2METM specs. Related API and technology specifications defined via the Java Community Process (JCP)

Focus on JavaTM APIs as well as implementations and tools from Sun, partners, and the Java Community


TM What is the Java Community? More than 650 individuals and companies from around the world constitute the Java Community (

They use the Java Community Process (JCP) to define new Java technology standards

200+ Java Specification Requests (JSRs) to date, and counting ( Majority of JSRs (55%) aren't led by Sun

Apache, JCP, and Sun coordination insures that the open source community can implement JSRs ( and

The JavaTM Community: Strength in Numbers

● ●

Java programmers:
2.5 million, as of 2001 (source:
Gartner) IDC)

Prediction of 4 million by 2003 (source:

Java in universities:
78% teach Java, 50% require it (source:
TMC) )

Java usage is expected to grow 29.4% in 2003 alone (source: IDC Worldwide Developer Model, via

The Java Community: J2EE TM J2SE Executive Committee
● ● ● ● ● ● ●




Apache (ASF) Apple BEA Systems Borland Caldera Systems Cisco Systems Fujitsu Limited

● ● ● ● ● ● ●

Hewlett Packard
* Term,

IBM IONA Technologies Doug Lea Macromedia Nokia Oracle Sun Microsystems

representatives, and other details from:

J2EE Technology: Available Everywhere You Need It
• OSes with J2EE implementations include:


Solaris, Linux, Win32, zOS, OS/390, MacOS, HP-UX, Compaq Tru64, Compaq OpenVMS, (source: AIX

• 38 J2EE licensees with 16 J2EE 1.3 and 21
(sources: and

J2EE 1.2 implementations tested compliant
(source: "Server showdown between J2EE and .NET", Wireless Week, 15 April 2002)

• J2EE app server market share: >90%

.NET Products: Definitely .NOT Standards Based
• .NET is a set of Microsoft products. • CLI and C# may be ECMA standards, but:

Other, major parts of .NET have not been standardized (ASP.NET, ADO.NET, Winforms/ Webforms, Managed services of CLR, etc.)

• Microsoft guarantees no real competition is

possible, and your risks are maximized.


The Java™ Platform Enables Choice, and Choice is Good!

If Sun™ ONE products meet your needs, great. If not, mix and match our products with others' J2EETM implementations as needed

We even link to others' implementations


If your needs change, change the bits to meet them! Learn more:

Sun™ ONE and Standards
• The SunTM ONE stack is based upon open

standards at every level:

Programming model: The Java™ Platform (J2EE™, J2SE™, J2ME™) Business class Web services: Enabled via ebXML Simple Web services: WSDL/UDDI/SOAP Unix operating system and Internet networking technologies Project Liberty network identity and SSO

The Microsoft .NET Trap
"Microsoft's offering, for example, in each they said 'When you pick this product, you also have to pick our operating system.'" "The fact that we were locked in, if we made a Microsoft solution, to an all-Microsoft environment – not only now but in the future – was scary."
Larry Singer, CIO of the State of Georgia, interviewed by eWeek in "Sun's the ONE for Georgia Portal", 26 March 1 2002

Web Services Adoption Phases

1st Phase – Simple Web Services (Now)

Consumer-focused, stateless, SOAP over HTTP/S Deployed within organization boundaries to enable internal integration Deployed on extranets to enable business transactions with trading partners, suppliers, and customers, ebXML & UBL

2nd Phase – EAI Web Services (Begun)

3rd Phase – Business Web Services (2004?)

Sun's Focus is on Business Web Services TM

Service implementation platform standard Business web services standards More than 16 vendors and several open source projects support ebXML ex) Australian gas industry uses ebXML NOW! Identity system standard

ebXML and UBL
● ●

Liberty Project


Our Approach to Web Services Standards

We believe any standard should be developed

Through open and inclusive process Royalty-Free (RF) license

And must be

Agree on Standards and compete in Implementation

This is what JCP is all about


The Security Problem
Exponential growth of the Internet has lead to exponential increase in security incidents (now thousands yearly) Attacks by worms and viruses cost $17.1 billion USD worldwide in 2000 Code Red, a Windows IIS worm, caused $2.62 billion USD damage in 2001 Latest FBI/CSI Computer Crime Survey: $455.8 billion USD lost in the last year, up 367% over the last four years
Sources: Investor's Business Daily (10 December 2001) 1 and

Sun's Security Principles
Security must be addressed in all of your systems and services, with mutually reinforcing, independent, layered security controls Security must be integral with system design, not an afterthought Security must be built in, not bolted on


Sun Security in Practice: Designed in from the Beginning
• Sun holds secure computing as a core

• We design for security in depth, from

hardware to OS to container to client

Trusted Solaris, Solaris at EAL3 since 1995 and EAL4 as of Solaris 8 in 2000, fundamental Java security baked in

• Sun security resources:

Microsoft: 24 Years to Realize Security is Important
"We didn't just fall off the turnip truck a year ago and realize we needed to do this... We started thinking about this three years ago."
Craig Mundie, Chief Technical Officer, Senior Vice President, and head of Microsoft's “Trusted Computing” initiative, on why Microsoft waited 24 years to care about security, 13 November 2002,1282,56381,00.html

Microsoft's Security Record
• IIS so bad, Gartner urges switching from

Microsoft IIS to Sun™ ONE Web Server or Apache (details, and how to switch:

• 52,000 viruses afflicting Microsoft

DOS/Windows, as opposed to 5 for Unix/Linux (as of 22 May 2000, source: Visual Studio.NET CDs! (source:

• Microsoft shipped NIMDA worm on their

Microsoft's Security Record
• .NET isn't even released yet, and ASP.NET is

already broken (MS Security Bulletin “Unchecked buffer
in ASP.NET”: 026.asp)

• C# permits “unsafe” operations (labeled as such),

sacrificing all language based safety unmanaged code

• .NET permits a mixture of managed and
Imagine the damage unmanaged code can do

"Microsoft" and "Security", in the same sentence?
• Security is about consistent behavior • .NET hasn't been around long enough to have

a record in the real world (internal development does not count), but so far things don't look good speaks for itself: Why expect anything different from .NET?

• Microsoft's security record (or lack thereof)


Microsoft: Breaking Your Software to Fix Their Mistakes
"We're going to tell people that even if (it) means we're going to break some of your apps, we're going to make these things more secure. You're just going to have to go back and fix it."
Craig Mundie, Chief Technical Officer, Senior Vice President, and head of Microsoft's “Trusted Computing” initiative, on why Microsoft's years of ignoring security issues in their products are your problem, 13 November 2002,1282,56381,00.html

"Microsoft" and "Security", in the same sentence?
"I can't tell if the Gates memo represents a real change in Microsoft, or just another marketing tactic. Microsoft has made so many empty claims about their security processes – and the security of their processes – that when I hear another one I can't help believing it's more of the same flim-flam."
Bruce Schneier, Founder and CTO of Counterpane Internet Security, world reknowned security expert, and author of the best selling "Applied Cryptography" , commenting on Bill Gates' infamous January 2002 memo


Palladium: DRM By Any Other Name...
"Large media corporations, together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you,” he wrote. “Proprietary programs have included malicious features before, but this plan would make it universal."
Richard Stallman, founder of FSF and co-founder of the GNU project, on Microsoft's plans for Trusted Computing and Palladium, which he refers to as “treacherous computing”

.NET Wireless Strategy: Everywhere Windows
Microsoft doesn't understand heterogeneity:
"The strategy behind the compact framework is to deliver XML-based Web Services to next-generation, 'smart' mobile devices running on... Microsoft's Pocket PC and the upcoming Smartphone 2002."
"Microsoft Launches .NET Mobile Platform", by Jay Wrolstad, Wireless NewsFactor, 17 April 2002

Worse still, industry support is non-existent Their biggest supporter, Sendo, abandoned Smartphone for Nokia/J2ME instead:


J2ME™ Executive Committee
• • • • • • • •

BEA Systems Cisco Systems Ericsson IBM Insignia Matsushita (Panasonic) Motorola Nokia
* Term,

• • • • • • • •

Palm Philips Research In Motion Siemens Sony Sun Microsystems Texas Instruments Zucotto Wireless

representatives, and other details from:

The J2ME™ Platform: By the Numbers
• More than 50 Java-enabled handset models

(JavaOne, March 2002) • 22 to 25 million Java technology enabled phones deployed as of May 2002 • 60% of all data-phones will be Javaenabled by 2003 (Arc group, October 2001) • 120+ commercial J2ME licensees


Develop : Price Flexibility

Low Cost Tools: NetBeans
● ●

Sun Toshiba Mercury Interactive

Compuware Siemens Sitraka

● ●

Other Tools: Eclipse, jDeveloper, JBuilder Valuable Infrastructure: Ant, Struts, Xerces, Apache SOAP Choose the price of your tools based upon needs!

Deploy : Price Flexibility
ONE Application Server:

• Low cost servers: JBoss, JRun, Oracle9iAS, Sun
General Electric (see below) Boeing Dow Jones

• Apache/Tomcat: too many to count!

Consider how General Electric is really driving down development and deployment costs!


Cost to Deploy

Choose OS and Hardware

Solaris, Linux, Windows

Infrastructure costs falling

Oracle9i Application Server Sun ONE Application Server JBoss is significant


Cost to Maintain

Portable language and platform.

Consider SAP savings

Productivity of JavaTM/J2EETM
Significant reduction in (re) training costs

• Training / Porting


Cost – Risk

.NET is fully shipping when?

What bugs will happen in CLR? Security? JDK: 1.1, 1.2, 1.3,1.4,1.4.1 J2EE: 1.2, 1.3, 1.4 IBM WebSphere: 3.0, 3.5, 3.51, 4.0 BEA: 3.0,4.0,5.x,6.x,7.x

J2EETM is stable proven and mature
● ●

.NET : Deploy/Maintain

Hidden costs

Microsoft funding lots (most) activity in enterprise so it is hard to tell what development costs are so far. Server sprawl 1 app one server=>lots of machines to manage Support contracts are very often independently negotiated

Deploy : Hidden Costs


Coolest Thing

True innovation !
(from SmartCard to Mainframe and beyond)




Secure Identity Ubiquitous network access Smart Card configures the “service” on behalf of the user 260+ Million cards already shipped Smart Card is 5 years old




Spontaneous Networking Network Plug and Work Services on Demand Self Healing Networks Collaboration Messaging on steroids!

● ●

Innovation: Participation!
● ●

Anyone can learn JavaTM/J2EETM Anyone can :

Examine Java/J2EE Influence Java/J2EE Implement Java/J2EE Make money from Java/J2EE Google keyword java = 33,400,000 hits Google keyword J2EE = 945,000 hits

Millions have learned Java
● ●

Innovation: Participation!

With JavaTM/J2EETM you can:

Program smartcards to supercomputers Copy and share with minimal restriction


Freedom: Right to innovate

JavaTM/J2EETM allows companies other than Microsoft the right and the ability to innovate! Quick examples:

Apache Software Foundation JBoss BEA


Truth about Mixed Language Environment of .NET

• You have to use Microsoft specific extensions or

cannot use certain features of the language in order to run it in .NET

It is not ANSI standard C++, COBOL, for example

• Mixed code could be hard to maintain • Mixed code could be hard to share and

communicate best practices

• Steep learning curve from VB to VB.NET and C#:

Why not try Java programming language instead?


Java PetStore the real story!

Sun creates Java Pet Store as an example of Multi-tier java/J2EETM design MicroSoft creates a brand new application Stored procedures => SQL Sever only Built from ground up (no portability here) Designed for a purpose. Oracle tinkers with SQL in Java Pet Store and runs much faster than the MicroSoft client server app

Java PetStore the real story!
Examples of the 21 things Oracle changed in Java Pet Store 1.1.2 to blow away M$'s clientserver app.

InventoryEJB modified to eliminate unnecessary ejbStore() operations InventoryEJB modified to eliminate unnecessary calls to dao.load() Some debugging in String handling

● ●

J2EE scales 400%better than .NET


The latest chapter in the fairy tale
• Microsoft (significantly) funds TMC company

to run an exercise again with Java PetStore tutorial code (the old version) Can you guess what it showed?...


Spot the problems
● ● ● ● ● ●

TMC have apologized for a flawed exercise.

Testing or marketing ? JPS is not a benchmark! No run rules No peer review Hard to see any customer benefit

Very little disclosure (compare with SPECjAppServer) ●No expert tuning for J2EE but


Spot the problems

Some more technical insights:
LOC comparison just wrong, worse it is misleading

.NET code not even object oriented! ●Pricing is wrong and extremely limited ●JDK version ? 1.4 much faster than 1.3 ●Database tuning - no details? ●Dubious hardware selection ●No detailed disclosure ●No vendors gave permission to use their software

.....I could continue.

Still there was some value
This exercise shows just how portable J2EE applications are as TMC company tested JPS across 2 application servers apparently without code change!


Java PetStore : conclusion

Use industry standard benchmarks Beware Microsoft will use lots of influence to slow down the rate of adoption of Java and J2EE or anything else they don't like.


Jeff Bounds Systems Engineer Sun Microsystems, Inc.

Sign up to vote on this title
UsefulNot useful