Configuring Message Reliability in WebSphere Application Server

Configuring JMS in WAS could be quite confusing due to large number of settings and configuration resources (destination, queue/topic, connection factory, activation spec).

One of the most confusing aspects of this configuration is the quality of service (QOS) settings that deal with message reliability.

Read the rest of this post »

Posted in WebSphere,WebSphere Application Server Administration

What is the Best Tool to Replace Ant With?

At this day and age there is no reason to continue using Ant. Ant was a great tool for its time but this time has passed.

There are basically three build tools that can replace Ant: Maven, gradle and Buildr.

It is important to be able to continue using existing Ant scripts and custom tasks alongside the new tool. There is a multitude of useful open-source custom Ant tasks and with Ant being a de-facto standard for years, many development shops built vast libraries of Ant scripts and custom tasks.

Out of all three, Gradle has the best integration with Ant. It allows for using existing custom Ant tasks pretty much without any changes. It also allows for importing Ant scripts into Gradle build script. Gradle tasks can even depend on Ant targets (and vice versa). There is also easy access to Ant properties.

Read the rest of this post »

Posted in Ant,gradle

Update on DPBuddy Release 3.0

DPBuddy 3.0 is almost ready to go, a beta version should become available in March this year.
We're going to deliver pretty much all the features that were announced in the roadmap and more:

• Task for quiescing domains and objects. This task is able to wait for objects to go into the target state. This should be useful for fully automating "quiesce-import-unquiesce" deployment cycle.
• XPath-based transformation of DataPower configuration (or any XML file for that matter). This allows for creating environment-specific transformations of any complexity. Adding, deleting and updating elements is supported. Setting text in attributes and elements (similar to the current <a href="/datapower-deployment-policies-and-xpath"override feature of setConfig task) now supports expressions. E.g., if you wanted to add a prefix to the current server value in a load-balancing group, you could do this: <setText xpath="//LBGroupMembers/Server" expression="dev.+#currentValue"/>. All these features are supported for both import (including importing zip files) and copy tasks.
• Task for verifying operational state of objects. E.g., you may want to verify that all objects/services are in "UP" state after import.
• Integration of DataPower-related environment variables (e.g., a port number) with the prefix-based device definition, so all environment-specific properties could be defined in one place: dev.backend.port=9080, prod.backend.port=80.
• Task for downloading multiple files from the device
• Task for deleting DataPower objects, services and domains.
• Task for secure backup (execute secure backup and download the resulting file).
• Downloading of log files from the device.
• Improved error reporting for import and other tasks.

Stay tuned for more updates.

Posted in DataPower,dpbuddy

DataPower Virtual Machines are Coming

IBM recently published a statement of directions to release "virtual editions" of IBM WebSphere DataPower XG45 and XI52. These are probably two the most popular DataPower models.
DataPower functionality ("firmware") will be implemented as a VMWare VM.

This will greatly simplify use of DataPower for development. For example, development and test instances can be implemented as VMs, whereas production could remain hardware appliance-based.

Hopefully, this will also lead to increased popularity of DataPower platform as it makes it easier for potential customers to try it out (will we see a trial version of DataPower?).

Posted in DataPower

Using Eclipse for DataPower Development

If you're using Eclipse for developing IBM WebSphere DataPower artifacts (xslt, schemas, etc.) you can easily configure DPBuddy to automatically copy your artifacts to the target device and do various other chores. Since DPBuddy relies on Apache Ant, all you need to do is to define an Ant file with DPBuddy tasks and configure the Ant file as a builder for your project.

Here are the steps:

Read the rest of this post »

Posted in Ant,DataPower,Developer productivity,dpbuddy

Using Auto-complete in Eclipse Ant Editor for DPBuddy Tasks

Many developers utilize Eclipse for editing Ant files. Ant editor in Eclipse is fairly powerful, this article provides a good overview of its capabilities.

One of the most useful features is auto-complete for Ant tasks. Just press Ctrl-space and you'll see all attributes and nested elements supported by the task.

Auto-complete comes very handy when working with DPBuddy Ant tasks (and for developing WebSphere DataPower-related artifacts in general).

Just type '<dp:' (assuming that this is the prefix you assigned to DPBuddy's antlib) and then Ctrl-space and you'll see the list of all DPBuddy's tasks. Pressing Ctrl-space anywhere after the name of the task shows the list of attributes or nested elements.

Unfortunately, auto-complete won't display help for custom tasks. Apparently description of Ant tasks is embedded inside Eclipse and does not seem to be extendable.

Posted in Ant,DataPower,dpbuddy

DataPower Buddy 2.3.2 Bug Fix Release

Release 2.3.2 of dpbuddy fixes a single but significant issue preventing copying files (using dp:copy command) to the hard disk array. RAID is mounted under local: filesystem on the device; the name of the mount point can be found under Administration/Storage Devices/Hard Disk Array in WebGUI.

SOMA "CreateDir" action errors out when it is used to re-create the RAID mount directory. In this release of dpbuddy logic was added to ignore the error.

The updated DPBuddy package can be downloaded from dpbuddy download page.

Posted in DataPower,dpbuddy

Managing DataPower Using Maven

Please refer to this article.

Posted in DataPower,dpbuddy

DPBuddy Roadmap for Release 3.0

We're currently working on the next version of dpbuddy, our popular tool for managing IBM WebSphere DataPower appliances.
We're planning to implement the following new features:

• Tasks for quiescing domains and objects. The task will be able to wait for domain or object to go into the quiesced state..
• DPBuddy's xpath-based alternative to deployment policy can be used with import and even with copying files. Currently this feature is only supported with setConfig task, whereas majority of dpbuddy users rely on import. In other words, you'll be able to apply a simple xpath expression to make environment-specific changes to your configuraiton or files.
• Integration of DataPower-related environment variables (e.g., a port number) with the prefix-based device definition.
• Task for downloading multiple files from the device
• Task for deleting configuration and domains.
• Task for secure backup (execute secure backup and download the resulting file).
• Automated downloading of the log file from the device in case of errors.
• Tasks for various device management "actions".

What else would you like to see in the new version? Please comment on this post or in our google group.

Posted in dpbuddy

DataPower Buddy 2.3 Release

You can find DPBuddy 2.3 announcement here.

Posted in DataPower,dpbuddy,WebSphere,XML Appliances

Security Hardening of WebSphere Application Server Installations

It is a known fact that an out of the box WAS installation with security enabled is not entirely secure. There is a number of steps that has to be taken in order to "harden" the installation. Most of the steps are documented in the WebSphere hardening guide, which should be closely studied and followed by any WAS administrator or developer. The hardening guide, however, is a little light on the specifics regarding how to secure WAS at the OS level. For example, hardening should normally include changing file and directory permissions to restrict access to sensitive configuration files.

Why bother hardening the installation at the OS level? This helps defend against external threats, i.e., a server hosting the installation is compromised and against internal threats, i.e., an unauthorized access from inside.

Here are some of the things you can do to secure your installation on a Unix/Linux platform:
Read the rest of this post »

Posted in WebSphere,WebSphere Application Server Administration

DataPower Secure Backup with DPBuddy

Secure backup is the only way to backup the entire device, including keys and certificates. Therefore, it is desirable to run it on a regular basis.

You can easily do it with dpbuddy using its support for "do-action" command. Secure backup is simply one of the actions with a few additional parameters.

Here's how it could be expressed using Ant and dpbuddy. Note that we're using "local://" filesystem as a destination; in reality you probably want to use "ftp:" instead.

<target name="secure-backup" description="Backup the entire device">
    <tstamp/>
    <dp:action>
        <SecureBackup>
            <cert>test-cert</cert>
            <destination>local://sbackup-${DSTAMP}</destination>
        </SecureBackup>
    </dp:action>
</target>

Posted in DataPower,dpbuddy

WebSphere Application Server Tutorial and FAQ — WAS in 5 Minutes

If you're developing applications for WAS and you're new to it, this is what you need to know:

• What is the default URL of the admin console. https://$hostname:9043/ibm/console.
• What are the default ports. HTTP: 9080, HTTPS: 9443.
• How to locate the logs. Logs can be found under $install_root/profiles/$profile_name/logs/$server_name. The default profile name is AppSrv01 and the default server name is server1. Example:/usr/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/server1. SystemOut.log is the file containing everything that was logged to standard out. Logs can also be viewed from the admin console by navigating to Troubleshooting/Logging and Tracing/server_name/Runtime.
• How to start/stop a server. If you're dealing with a "Network Deployment" type of installation (multiple application servers running under the control of the "deployment manager"), your can start/stop a server from the console (Server/Server Types/WebSphere application servers). Otherwise you have to do it from command line. Go to install_root/bin and run ./startServer.sh server_name, e.g., ./startServer.sh server1 (this assumes that your installation has only one profile defined, otherwise you may need to "cd" to the profile_name/bin directory). Make sure that you run all commands using the appropriate system account. To stop the server, run ./stopServer.sh server_name -username user_name -password password. user_name and password is the credentials of an admin account, typically the same one you use to login to the console.
• How to deploy an application. In admin console, navigate to Applications/Application Types/WebSphere enterprise applications, click on "Install new application", select "Fast path", accept all the defaults except that on "step 2" make sure that you targeted correct servers (if you have multiple servers/clusters in your environment). Note that you can deploy a WAR file directly, you don't have to build an EAR. In this case, make sure that you set a context root on "step 4" screen of the wizard.
• How to change context root of a Web application. Go to Applications/Application Types/WebSphere enterprise applications/application_name/Context Root For Web Modules in the console. Re-start the application after the change.
• How to change the order of classloaders. If you're getting a ClassNotFoundException when you're starting the app, changing the order of classloaders is the first thing you may want to try. Go to Applications/Application Types/WebSphere enterprise applications/application_name/Manage Modules/module_name and make the appropriate selection in the "Class loader order" drop-down (this assumes you're doing it for a WAR module).
• How to enable dynamic class reloading. If you need to frequently update your deployed application (e.g., you use a local WAS installation for development), enabling dynamic reloading could be a huge time saver. Go to your application in the console, "Class loading and update detection", set "Override class reloading settings ..." and set polling interval to 2 seconds. See this post for more details on how to configure your development environment to support class reloading.
• How to find a host name and a port of the server. Go to Server/Server Types/WebSphere application servers. You'll find the host name in the Host Name column. To find a port, click on your server, and expand Ports. WC_defaulthost is the HTTP port and WC_defaulthost_secure is the HTTPS port.
• How to kill a JVM. If the normal "stop" routine failed to stop the server in a reasonable amount of time, you may need to kill it. In a "Network Deployment" environment, simply navigate to the list of servers, select the server and click "Terminate". A node agent will kill the JVM for you. To achieve the same from command line (the only option if you're running standalone), cd to install_root/profiles/profile_name/logs/server_name, and kill the process ID contained in the file server_name.pid. On Unix, you can simply do kill -9 `cat server1.pid` (assuming server1 is your server name). Use task manager of taskkill /PID on Windows.
• How to browse JMS messages. Go to Buses/Your bus name/Destinations/Your destination/Queue points/Your queue point/Runtime/Messages.
• Where to find configuration files. WAS has many configuration file, most of them are in XML/XMI format. The files are located under $install_root/profiles/$profile_name/config/cells/$cell_name.

This post is part of the series on WebSphere Application Server administration. Please subscribe to our blog if you'd like to receive updates.

Note: We offer professional services in the area of WebSphere architecture, implementation and operations. If you're looking for help with any of these tasks, please let us know.

Posted in Developer productivity,WebSphere,WebSphere Application Server Administration

Why Pay for DPBuddy Support?

You can find information on our support services here.

Posted in DataPower,dpbuddy

Keeping Multiple DataPower Devices in Sync

Most DataPower installations in production contain two DataPower devices with identical or similar configuration.
It is actually quite easy to keep the two devices in sync using Apache Ant and DPBuddy administration tool.
DPBuddy supports a notion of an environment prefix. The prefix groups together connectivity properties for each device:

dp.username=dpbuddy
dp.password=123 
dp.domain=deployTest
prod1.dp.xmlmgm.url=https://dp1.prod
prod2.dp.xmlmgm.url=https://dp2.prod

The above property list defines dp.username, dp.password and dp.domain properties that are common to all environments and two XML management URLs for our DataPower cluster.

Then the Ant target for importing configuration into both devices could look like this:

<parallel>
    <dp:import envPrefix="prod1" file="${import.file}" overwriteFiles="true" overwriteObjects="true" />
    <dp:import envPrefix="prod2" file="${import.file}" overwriteFiles="true" overwriteObjects="true" />
</parallel>

Note that for speed we chose to execute both imports in parallel; it is perfectly save to do it with dpbuddy as all of its tasks are thread-safe.

If your "dp:import" tasks is more complex (e.g. because of use of deployment policies), you may want to create an Ant macro for each task to avoid duplicating parameters.

MyArch, Inc. offers paid support for dpbuddy, including implementing custom enhancements. If you're interested, please contact us as info at myarch.com.

Posted in DataPower,dpbuddy