What are
Weblogic clusters?
A WebLogic Server cluster consists of multiple WebLogic Server server instances running simultaneously and working together to provide increased scalability and reliability. A cluster appears to clients to be a single WebLogic Server instance. The server instances that constitute a cluster can run on the same machine, or be located on different machines. You can increase a cluster's capacity by adding additional server instances to the cluster on an existing machine, or you can add machines to the cluster to host the incremental server instances. Each server instance in a cluster must run the same version of WebLogic Server.
Benefits of clustering:
Scalability:
The capacity of an application deployed on a WebLogic Server cluster can be increased dynamically to meet demand. You can add server instances to a cluster without interruption of service, the application continues to run without impact to clients and end users.
High-Availability:
In a WebLogic Server cluster, application processing can
continue when a server instance fails. You "cluster" application
components by deploying them on multiple server instances in the cluster, so,
if a server instance on which a component is running fails, another server
instance on which that component is deployed can continue application
processing
How to
select where and which driver we have to use?
This is a typical question. This is obsoletely depends on
application context.
Major impacting factors
i) load capacity number of connections
ii) Application contains PreparedStatements, CallableStatements
preferable is OCI if it is Oracle. (DB vendor specific driver)
iii) Thin Driver is preferable for certain number of
connections only. But is most widely used with Oracle RAC and Grid databases.
machines
A machine is a logical representation of the physical machine (computer) that hosts one or more WebLogic Server instances.
Machine is logical representation of physical machine.
We will assign managed servers with Machines.
Once we assign the managed servers with the machine we
can start and stop the servers through administration console.
Each machine is having one node manager.
Secure
Sockets Layer (SSL):
A browser attempts to connect to a website secured with
SSL.
The browser requests that the web
server identify itself.
The server sends the browser a copy of its SSL
Certificate.
The browser checks whether it trusts the SSL Certificate.
If so, it sends a message to the server.
The server sends back a digitally signed acknowledgement
to start an SSL encrypted session.
Encrypted data is shared between the browser and the server and https appears.
Encryption Protects Data during Transmission
Web servers and web browsers rely on the Secure Sockets
Layer (SSL) protocol to help users protect their data during transfer by
creating a uniquely encrypted channel for private communications over the
public Internet.
Each SSL Certificate consists of a key pair as well as
verified identification information. When a web browser (or client) points to a
secured website, the server shares the public key with the client to establish
an encryption method and a unique session key. The client confirms that it
recognizes and trusts the issuer of the SSL Certificate. This process is known
as the “SSL handshake” and it begins a secure session that protects message
privacy, message integrity, and server security.
SSL and SSL Certificates Explained
Secure Sockets Layer (SSL) and Transport Layer security (TLS ) are protocols that provide secure communications over a computer network or link.
They are commonly used in web browsing and email.
In this we
will look:
·
TLS and SSL
·
Public and Private keys
·
Why we need certificates and what they do
· How to get a digital certificate and understand the different common certificate types.
What is
TLS
TLS is based on SSL and was developed as a
replacement in response to known vulnerabilities in SSLv3.
Security
Provided
SSL/TLS provides data encryption, data integrity and authentication
·
No one has read your message
·
No one has changed your message
· You are communicating with the intended person (server)
When sending a message between two parties you have two
problems that you need to address.
·
How do you know that no one has read the message?
·
How do you know that no one has changed the message?
The solutions to these problems are to:
·
Encrypt it.– This makes the content unreadable so that to anyone viewing the
message it is just gibberish.
· Sign it– This allows the recipient to be confident that it was you who sent the message, and that the message hasn’t been changed.
Both of these processes require the use of keys.
These keys are simply numbers (128 bit being common) that
are then combined with the message using a particular method, commonly known as
an algorithm- e.g. RSA, to either encrypt or sign the message.
Symmetrical
Keys and Public and Private Keys
Almost all encryption methods in use today
employ public and private keys.
These are considered much more secure than the old symmetrical key arrangement.
With Public and Private keys, two keys are used
that are mathematically related (they belong as a key pair), but are
different.
This means a message encrypted with a public
key cannot be decrypted with the same public key.
To decrypt the message you require the private key.
With Public and Private keys, two keys are used
that are mathematically related (they belong as a key pair), but are
different.
This means a message encrypted with a public
key cannot be decrypted with the same public key.
To decrypt the message you require the private key.
Q- What
is a trusted store?
A- It is a list of CA certificates that you trust.
All web browsers come with a list of trusted CAs.
Q- Can I
add my own CA to my browser trusted store?
A- Yes on Windows if you right click on the
certificate you should see an install option
Q- What
is a self signed certificate?
A- A self signed certificate is a certificate signed by the same entity that the certificate verifies. It is like you approving your own passport application.
Admin
server to managed server interaction
Admin server
stores the master copy of domain configuration. Including the configuration for
all managed server in domain. (config.xml)
Note: - Config.xml: All configuration of domain written
in this file
Each managed server stores a local copy of its
configuration.
When a managed server starts, it connects to t admin server to synchronize t configuration.
[MSI: manage server independent] manually enable in old version By default it enable.
When
admin server down how managed server will be synchronized?
It will synchronize to the admin server through mbeans (everything has one mbeans)
If server is up then it will read from master copy i.e. config.xml
When configuration is changed, t admin server
sends changed configuration to managed servers.
Importance
of Administration Port on WebLogic
This feature is very important for WebLogic domain
management but WebLogic admins usually don’t take advantage of “WebLogic
Administration Port” property.
I am highly recommending enabling “Administration Port” for WebLogic domains which have high transaction traffic.
Why
WebLogic Administration Port?
By enabling Administration Port, you can separate
administration traffic from application traffic in your domain.
That’s fair enough to switch your WebLogic management to administration port.
Oracle
Documentation
In production environments, separating the two forms of
traffic ensures that critical administration operations
(starting and stopping servers, changing a server’s
configuration, and deploying applications)
do not compete with high-volume application traffic on the same network connection.
How to
do it?
Firstly, shutdown all managed servers.
This means for the production systems, you have to make a
planned system work.
If you don’t want to make and downtime do
the restart job one by one.
Click “Domain name” on the Domain Structure menu.
On “$Domain_Name > Configuration > General” tab,
then make “Enabled Administration Port”
Change default port value to another,
WebLogic
Migratable Target
Sometimes we need a service to run on ONLY ONE Managed Server. This kind of services are named "pinned services" because the services are pinned to a particular Managed Server. This could be an availability issue in the case the Managed Server goes down. To fix this problem, Oracle create the concept of "migratable target". A migratable target is created in order to define a set of servers on which a pinned service will migrate if the current managed server goes down. Technically, you can target a service/ server on a migratable target and define on the migratable target the behavior in case the migratable target is no longer running (in this case we can speak about a migratable services). This behavior is defined with the "Migration Policy" property.
Migration Policy" property options are:
Manual Service
Migration Only
Auto-Migrate Exactly-Once Services
Auto-Migrate Failure-Recovery Services :
"Open cmd prompt navigate to E:Oracle_MadhaviMiddlewareuser_projectsdomainsbase_domainbin>
startMangedWeblogic.cmd ms1 t3**********1:7001"
Creating machines:
Machine is logical representation of physical machine.
"We will assign managed servers with Machines. Once
we assign the managed servers with the machine
we can start and stop the servers through administration
console."
Each machine is having one node manager.
New machine creation :
Click “Machine” in Domain structure. Then click “New”
Enter new machine details such as Name, click “Next”
Node manager is a java service .it will start and stop
and monitoring the servers under that machine.
Nodemanger default port is 5556
Providing the Node Manager Properties:
Default Node manager Listen Port: 5556. Click “Finish”
When nodemanger is inactive need to start the nodmenager.
To start nodemanger
Navigate to weblogic_homeserverbin>startNodeManger.cmd
<nodemanger hostname> <nodemanger portnumber>
Eg : Startnodemagner.cmd 1123. 0.0.0**
Creating Nodmemanger service:
Navigate to weblogic_home/server/bin> run
installNodeMgrSvc.cmd
Navigate to serversàcontrol àstart the ms
Managed server is in Starting mode
After few minutes its changed to “Running” mode.
No comments:
Post a Comment