12. Leveraging Benefits of SOA Programming Model WAS V7 Keeps Pace with Industry Advancements Feature Packs enable you to selectively take advantage of new standards and features while maintaining a more stable internal release cycle. WAS 7.0 Web services EJB 3.0 Web 2.0 WAS 6.1 Choose the application server technology you need. Install additional functionality on core WAS 7 1. 2. 3. Web services EJB 3.0 Web 2.0 SCA Build the Application Server you want without waiting for new releases.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23. Capitalizing on Intelligent App Server Management WAS V7 Overcomes Challenges of Existing Base Management WebSphere Application Server V5 & V6 Base Product Architecture Node A Admin scripts Admin console Node Agent NOT included in Base product Admin logic hosted in the same JVM as application server and customer applications. Current Base Management Server configuration Node A configuration Cell config App Server
24. Capitalizing on Intelligent App Server Management WAS V7 Overcomes Challenges of Existing Base Management ( cont .) New Flexible Management Option WebSphere Application Server V7 Base Product Architecture Node A Admin scripts Server configuration Node A configuration Cell config Admin console App Server Admin Agent included in Base product Admin Agent
25. Capitalizing on Intelligent App Server Management WAS V7 ND Allows Loose Federation for Multi-node Management … Server configuration WAS Network Deployment (ND) Node X Admin scripts Node A configuration Cell config Admin console New Flexible Job Manager Job Manager Admin scripts Admin console Server configuration WAS Base Node A Node A configuration Cell config Admin Agent App Server
26.
27.
28.
29.
30.
31. Using Technology Innovation to Meet Evolving Needs WAS V7 Offers Enhanced Kerberos Support Broader implementation of Kerberos delivers improved interoperability with other applications and environments WebSphere Application Server Kerberos KDC Kerberos z/OS KDC WebSphere Application Server/zOS DB2 RACF LDAP Browser clients with desktop single sign-on SPNEGO token over HTTP/S Java clients With desktop single sign-on Kerberos SSO Kerberos cross domain trust Kerberos SSO Kerberos SSO RACF User Registry LDAP User Registry Kerberos token over RMI/IIOP, Web Services
Open Beta since May 2008 Announcement planned: Sept 9, 2008 Distributed eGA planned for Sept 26. z/OS pGA planned for Sept 26. IBM WebSphere Application Server for z/OS, V7.0 delivers a flexible, agile, solid foundation for SOA to align the advancements of business and IT. WebSphere Application Server is the visionary platform for SOA, advancing the alignment of business and IT for 10 years as the industry's runtime platform of choice. New and enhanced standards support delivers maximum flexibility and significantly improves productivity Java EE5 certification: Version 7.0 builds on top of the EJB 3.0 and Web services feature packs previously made available for Version 6.1, to deliver a fully certified Java EE5 implementation. Java EE5 delivers significant productivity improvements with support for EJB 3.0, exploitation of the annotation support added in Java SE V5 to reduce the number of artifacts required to build business applications, integration with the latest Web services standards, and enhanced support for new Web applications. Version 7.0 delivers support beyond the Java EE5 specification with enhancements in EJB deployment, automatic default bindings and reference resolution and a new XML-based binding file format. Java SE V6 support adds the ability to invoke the Java compiler from within the Java Virtual Machine (JVM) and provides scripts with the ability to access APIs within the JVM. Numerous components were added or upgraded in the areas of JMX, Java Web Start, JDBC 4.0, and new Web services. EJB 3.0 makes the programming model simpler by using Plain Old Java Objects (POJO). This enables unit testing of business logic using a JVM instead of needing a full application server, freeing developers to focus on business logic within their applications instead of the ultimate execution environment. When you are ready to run in the EJB container, the POJO can be annotated with markers that tell the container what services to apply to the bean. In WebSphere, the EJB container dynamically applies those services at runtime, thus vastly simplifying the entire deployment process. The Java Persistence APIs (JPA) provided by WebSphere Application Server are based on the Apache OJPA project and enable simpler entities to be created using the annotated POJO model. Expanded Web services support, including support for: New Web services standards deliver new capabilities for developing and deploying SOA-centric Web applications. Version 7.0 integrates support previously provided in the Web services Feature Pack and extends it with new support options. Web 2.0. Self explanatory. Security management and auditing improvements with new tools and capabilities. WebSphere Security Domains provides greater granularity management security controls and offers more flexibility in configuring security under centralized management. WebSphere Security Domains is designed to allow for a separation of WebSphere administrative security and your business application security. For example, business applications can be configured to use "external" user population LDAP registry while the WebSphere administration can use "internal" user population using a completely different LDAP registry. New Security Auditing capabilities offer enhanced compliancy and auditing. The auditing capabilities allow tracking a number of security-related events. Examples include administrative actions such as security configuration changes, key and certificate management, and access control policy changes. Business applications can be audited to record a number of security events such as authentication or authorization attempts. This new security logging and auditing capability ensures accountability for administrative actions. The WebSphere Secure proxy offers a new DMZ Hardened Proxy profile option. The DMZ Hardened Proxy is designed to improve security by minimizing the number of external ports opened, loading only signed JARs, and running as an unprivileged user when binding to well-known ports Kerberos provides interoperability and identity propagation with other applications (such as .NET, DB2, and others) that support Kerberos authentication. New management and administration options to help reduce cost and increase effectiveness. New Runtime Provisioning Service commissions only those components that are required for a given set of applications. At application server startup, Version 7.0 can be configured to only start the runtime components needed to support the application portfolio for a given application server. At application installation time, WebSphere examines the application and creates an application-specific "activation plan". This new granularity in application runtime component selection can significantly reduce the application server footprint and resources needed for a given application portfolio. Flexible Management dramatically reduces the overhead of administration in large and distributed WebSphere Application Server environments. An Administration agent within the base and Express editions that can be used to: - Reduce the server footprint associated with administration - Simplify administration of multiple base application servers instances - Work with the new Job Manager function of WebSphere Application Server Network Deployment to centralize the distribution of applications, application updates, or application server configuration updates across a large number WebSphere administrative domains (cells) Flexible Management delivers a loosely coupled management model based upon an asynchronous implementation that dramatically increases the scale of administration for application server implementations. Job Manager augments the Deployment Manager of WebSphere Application Server Network Deployment.
JAX-WS – Java API for XML and Web Services JAXB - Java API for XML Bindings StAX – Streaming API for XML JMX – Java Management Extension.
JSR 286 – Portlet Specification 2.0 Portlets will now be able to send and receive events in order to perform changes to the portlet state triggered by events Portlets will now be able to share session attributes with servlets and JSPs located within the same web application Portlets will now be able to share render parameters with other portlets Portlets will now be able to serve resources in the context of the portal
The support statement is given at the end of this presentation. While the WAS/Spring integration testing focused on core Spring capabilities, there are additional areas that need to be considered. For instance, there are fundamental security issues, documented at the end of this presentation.
DD editor = Deployment Descriptor editor IDE – Integrated Development Environment. SIP – Session Initiation Protocol
WSDL – Web services Description Language XSD – XML Schema Descriptor IMS – Information Mgmt System RUP - Rational Unified Process SIP – Session Initiation Protocol SCA – Service component Architecture
Dynamic start of app server components based on application needs Application examined by WAS runtime at app install to generate ‘activation plan’ Server runtime starts only those components required by activation plans Requires targeting of application scenarios to provide useful separation of app server components – staged across WAS releases V7 includes framework and ‘web/JDBC’ application scenario Also used in ‘fixed function servers’ (e.g., WAS Proxy server) – significant reduction in memory footprint Designed for extension by WebSphere family products
DCB – Data Control Block ASF- Application Support Facility JMS – Java Messaging Service JCA – Java Connection Architecture
Key Flexible Management Goal: Reduce Overhead of Administration Reduce App Server footprint related to admin functions Consolidate IBM Management Agents Drastically increase Scale for Administration Remote Administration option – on by default Current Network Deployment admin infrastructure model is “tightly coupled” Nodes are slaves to master Deployment Manager process Highly synchronized admin communications between nodes and dmgr Limited ability to scale Flexible Management is “loosely coupled” management Nodes are autonomous Asynchronous, non-blocking admin jobs queued for agent execution on the nodes Flexible Management is an option Backwards compatibility requirements
DMS = Open Source Device Management Service, implementation from Tivoli
Security options for Authentication/Authorization Minimum operator role required to submit a job on job manager User assumes whatever role defined at the base node/dmgr Fine grained admin security supported Scenario 1: same user registry, identity propagation Identity token passed from job manager to node/dmgr Scenario 2: Different user registry, supply user id/password during job submission User id/password passed from job manager and used to login at dmgr/node. Scenario 3: Different user registry, allow external user in authorization table, identity propagation Identity token propagated from job manager to node/dmgr. User assumes role defined at the node/dmgr even though user is not in the user registry of the node/dmgr.
The security auditing mechanism captures authentication, authorization, system management, security and audit policy management events into logged audit event records. These logged records can then be analyzed to indicate breaches over the security mechanisms in place, possible threats and attacks, and potential weaknesses in the security configuration of the working environment. API supports pluggable audit event emitter. On zOS, an implemention of the EventFactory integrates can be used to integrate SMF record reporting with the Auditing sub-system. Audit data can be protected by signing and encryption. Admin console GUI enables auditor to make policy changes, filtering changes, scope changes and basic enablement/changes to event factories and emitters
KDC – Key Distribution Centre - Kerberos RACF – Resource Access Control facility The security auditing mechanism captures authentication, authorization, system management, security and audit policy management events into logged audit event records. These logged records can then be analyzed to indicate breaches over the security mechanisms in place, possible threats and attacks, and potential weaknesses in the security configuration of the working environment. API supports pluggable audit event emitter. On zOS, an implemention of the EventFactory integrates can be used to integrate SMF record reporting with the Auditing sub-system. Audit data can be protected by signing and encryption. Admin console GUI enables auditor to make policy changes, filtering changes, scope changes and basic enablement/changes to event factories and emitters
Key points: New application representation in WebSphere is a Logical representation, distinct from the physical structure of the application code. The new logical application applies to the Post-deployment side of the Application Lifecycle. Limited to application elements hosted by the WebSphere runtime. Part of the structure of the logical application includes explicit rendering of a rich variety of Relationships between the parts of the application. The overall logical application is intended to represent some function recognizable to the business.