Create a WebLogic configuration / domain
The domain is a set of logically relevant WebLogic Server resources, you can manage it as a single management unit. The domain saves all resources and application information in an XML-based configuration library. To deploy and run applications on WebLogic Server, first create a domain. It is recommended to use the domain configuration wizard as a tool for creating a new domain. If you are preparing to write a script to create a domain, you should recommend using the domain configuration wizard of the Slient mode. It is also possible to create a WebLogic Server field from the "unpacking, ready-to-use" domain template or custom domain template. To create a custom domain template, use the Configuration Template Builder, which is a single Java application that allows you to create custom configuration and extensions. You can use these configurations and extensions to create and update the domain. The Domain Configuration Wizard has the following properties:
· Guide you to direct the process of creating or expanding the domain for the target environment.
· The wizard can create or extend the domain using the OOB predefined domain template or setup domain template.
· Wizard will create config.xml files, establish basic security, construct the startup script, and so on.
· You can start the wizard using the Graphical, Console or Silent mode.
To start the wizard with a Graphical Mode, run one of the following: The domain configuration template generator has the following properties:
· Guide you to complete the process of creating or extending configuration templates (JAR file).
• The Configuration Wizard can create a domain using the created configuration (domain) template.
You can only start the configuration template generator in a Graphical mode. To start the configuration template generator, run one of the following commands: Tips
• If WebLogic Domain / Configuration is distributed on multiple physical machines, you should only run domain configuration wizards on management server hardware (machine).
· Not required to be able to run domain configuration wizards on managed server hardware.
• Create a WebLogic field outside the WebLogic Server installation directory (by default, the domain created is located in% BEA_HOME% Ser_ProjectsDomains).
• When creating a startup script for the management server, if the script (STARTWEBLOGIC.CMD / SH) does not call the WebLogic.Server class in the domain directory, use this command line option to specify the location: -dweblogic.rootdirectory = path.
• When startManagedWeblogic.cmd / sh, if set, -dweblogic.rootdirectory will be set to the server root directory, which will be used to store files, such as log files and managed server independent (Managed-Server) Independence, MSI) file.
The server launch management server loads all configurations from the configuration library (Config.xml). All relevant managed servers must connect to the running management server during startup. The stand-alone managed server can load configuration from a local library (MSI-Config.xml). If WebLog is running on a computer with UNIX operating system, you can assign a UID or GID for the WebLogic Server process to bind it as root user after your computer performs all priority startup operations. If the WebLogic Server user wants to bind to a higher port (> 1024), no root permissions are required. Skills Write the following factors when writing the server to start the automated script:
· In the domain, the management server must be initiated before any relevant hosting server.
• When the hosted server is started as a related server, it is connected to the management server to download the configuration.
• Check if the hosted server is started as a stand-alone server, check if the MSI-Config.xml file is stored in the server root directory. · In UNIX, run the WebLogic Server boot script using 'Nohup' to ensure that the server is still running in the background even after you log out.
· In the OS, create a WebLogic Server user for installation and start servers.
· Store encrypted user identity, use the boot.properties file to avoid hard-coded user identities in the startup script.
• When the server is binding the server to a lower port (<1024) (this requires root permission), use the WebLogic UNIX machine configuration to bind the UID or GID.
• In order for the management server in the WebLogic domain to automatically restart during the machine restart, the DAEMON process functionality provided by the operating system is used.
o Windows service
o UNIX Daemon process
· When you use the domain configuration wizard to create a domain, the management server in the domain can be used as a service.
· In addition, you can use the InstallService.cmd and UninstallService.cmd scripts located in the domain folder or delete services in Windows Service Control Manager (SCM).
· If the management server and the hosting server are the same machine, the configuration management server process and the OS service dependence between the managed server process.
• Configure the RC script to add a WebLogic boot command at the correct run level.
Startup and shutdown classes You can configure WebLogic Server to call classes during startup and normal shutdown. Load and execute the startup class before the server initializes all subsystems and it accesses the open port to access the open port. Similarly, load the shutdown class before the server starts the normal shutdown process. Unlike the application file, you must manually make the boot and shutdown class in the deployed server local ClassPath. skill
• During the startup, the server-level startup class is available in the system classpath deployed WebLogic Server instance.
· Management Server in the domain cannot automatically deploy classes in the system classpath; the application level class can be distributed to the management server in the domain to the target server.
· When re-deploying the application, the application level startup class will be reloaded.
· You cannot dynamically reload the server level startup class; you can only reload them when their respective WebLogic Server is restarted.
· Use the application level startup class without defining the server level startup class.
The Node Manager automatically starts a managed server using the Node Manager feature provided by WebLogic Server, or restarts the failed managed server. The Node Manager enables administrators to remotely activate managed servers from the management server or command line (WebLogic.Admin Start ...). This can be implemented by communication with the management server without relying on the OS-specific remote login function. In addition, the node manager can also monitor the health of the server that it starts to activate except for the startup and closing managed server. If the appropriate configuration is performed, the Node Manager can automatically restart the managed server when the fault occurs.
skill
· When using the node manager, the remote boot attribute of the managed server is explicitly configured without relying on the environment provided by the node manager as the configuration of the host.
· The node manager only receives a request from the management server. When the management server is unavailable, it is impossible to remotely restart the managed server via the node manager.
• Configure the node manager as a service / daemon.
· Enable automatic restart of the managed server.
• Configuring the machine automatically shuts down when there is a fault, to close it before the Node Manager attempts to restart a fault. • The node manager running on a machine can be shared by multiple hosting servers running on the machine.
· The node manager can also be shared by the managed server in multiple domains on the same machine.
The WebLogic Server shutdown process is abnormal JVM termination can cause resource such as socket or program segment to be locked. The WebLogic Server process is closed in the operating system is considered an abnormality. WebLogic Server can be closely closed in the following ways:
· Use the Management Console 'Graceful Shutdown "hyperlink.
· Use the WebLogic.Admin Shutdown ... command.
· Use JMX, which is specifically called the STOP method for the ServerMbean class.
skill
· To close the production server normally, you need to use the WebLogic Management Console or WebLogic.Admin utility.
· Normal shutdown will not terminate the user session; it waits for the HTTP session to complete or timeout.
· You can also configure WebLogic Server to not wait (ignore the Session During Shutdown option).
· Normal shutdown timeout is configurable; By default, the server will wait for the shutdown process indefinitely.
• Use the 'Force Shutdown' option if the server does not respond to normal shutdown requests or when the server waits for a session (in standby).
• If it is configured to DAEMON, make sure that the STOP method in the RC script is configured to close the server when the machine restarts and stops.
• If the node manager is configured, the Termination Node Manager will not stop the corresponding server that they start. Various managed servers must be separately stopped.
Backup and Recovery To migrate or restore the WebLogic domain at the time of failure, back up the entire domain directory tree on the management server machine. This way, you can recover from hardware or system failures, but what you want is to restore domain directories and restart the management server. If the management server crashes, the management server will keep all the information on the running managed server in the running-management-service.xml file. When restarting, the management server will read this file and try to contact all previously running managed servers. If you do not host the server is running, Discovery mode may increase the startup time of the management server, but always use Discovery mode (which is open by default), so that the managed server has been running, the management server is re-operated Connect with all managed servers. Some important files that need to be noted / regularly backed up from the management server machine:
• Config.xml domain configuration library.
· CONFIG.XML.BOOTED Successfully started a good backup of domain configuration libraries.
· Boot.Properties launches the encrypted username and password required when the server is managed.
Running-management-servers.xml This is a list of currently running related managed servers. This file is used to discover the managed server when the management server is restarted and the managed server is running.
· Domain / configarchive / contains a copy of the domain configuration library file. When using the management tool to update, the management server copies the old config.xml file to this directory.
· DomainDMinServerDaPDapfiles is currently used by the domain's management server used by the LDAP data file.
• * .ldift files These files can be used to initialize the WebLogic Domain Embedded LDAP server to just create a domain.
· Domain / Admin Server / LDAP / Backup / EmbeddedldapBackup.zipWebLogic Domain Embedded LDAP server backup. The embedded LDAP is used to store the strategies used by users, groups, roles, default security areas, and MyRealm's security provider. · Batch / shell script setENV.cmd / sh, startWeblogic.cmd / sh, startmanagedWeblogic.cmd / sh.
Writing scripts for administrative tasks In order to create scripts for administrative domain configurations:
· Use the WebLogic.Admin utility command BatchUpdate, which runs a series of commands specified in a batch file. This command uses a JVM to run all listed commands.
· -Dweblogic.system.bootidentityFile option allows you to avoid hardcoding usernames and passwords in your text script.
· In order to build a logical branch in the operating system script, use the following command to obtain the return code of the weblogic.admin command:
O% Errorlevel% (Windows)
O 0 (Bash Shell)
· WebLogic.Admin's -adminURL options Since the management server retrieves the configured MBEAN and runtime MBean.
· Do not recommend directly modify the config.xml file.
· If you must modify the config.xml file:
o First, back up the original file before editing.
o Use the XML editor to avoid entry errors.
o When the management server is running, avoid editing the file.
· Use the WLConfig Ant task to write scripts for configuration information and integrated it into the entire build process.
• Use WebLogic Scripting Tool (WLST) to modify domain configuration when the management server is running and in offline. (dev2dev.bea.com)
• WLST provides a powerful SHELL interface for WebLogic Server, and it uses Jython as a scripting language.
· You can also use third-party solutions to manage configuration, such as WLSHELL usage. (www.wlshell.com)
· WLShell provides a powerful, unix style Shell interface for WebLogic Server; uses file system simulation for WebLogic Server MBeans.
The logging log is recorded and an event (such as a server startup and off), the new application deployment or information about one or more subsystem issues. Log messages include time and date of the event, as well as information related to the ID of the event user. Each WebLogic Server instance can maintain a server log, a HTTP access log, a JDBC log, a JTA transaction log. skill
· To prevent excessive spaces from log files, the corresponding server restarts, you need to enable log rotation (Log Rotation).
· Consider rotating the log according to the size rather than the generated time, because the use generation time This option will make the file grow very quickly.
• If you do not interactive debugging, and WebLogic Server is started in the background (Windows or Unix), use the following command to redirect the stdout and stderr to a file:
o -dweblogic.stdout = "stdout-filename"
o -dweblogic.stderr = "stderr-filename" · In production, if you do not enable WebLogic Server to create a JDBC log, you can avoid additional files I / O on the server.
· When using the Node Manager to start the managed server, the Node Manager captures the server's stdout and store it into a file. You can use the management console to view the contents of the file.
· Take a log file for WebLogic Server to familiarize yourself with regular operations so you can easily identify an exception log entry.
JDBC In WebLogic Server, the JDBC connection that uses pool buffers to the database to improve the performance of the application. The connection pool root is created for each application to create a new database connection. The JDBC connection pool is provided to the ready-made connection of your database. When using the connection pool, the number of connections to the database can be dynamically changed. However, the number of trying to increase the JDBC connection during the load peak period will deteriorate because the creation of a database connection is an expensive operation. The connecting pool can also improve performance by cache for reuse prepared statement and callable statEment. Re-use Prepared Statement and Callable Statement reduces the CPU utilization on the database server. By separating other applications to separate machines or hardware, it is possible to avoid processing power on the WebLogic Server machine; assigns a dedicated machine for the database.
skill
· If possible, arrange the database connection pool according to the size so that they will never increase the number of connections; set the initial capacity to maximum capacity.
• Set the maximum capacity of the connection pool at least equal to the number of execution threads.
• Configure Inactive Connection Timeout to specify that a connection to maintain a non-active state before being recovered to the pool.
• The Connection Leak Profiling option displays the connection of the leak in the connection pool. BEA recommends that you do not use this option in production; it uses additional resources and usually reduces the speed of the connection pool operation.
· If you are able to load the test connection as the overhead brought by the regular request processing, you can only use the Test Reserved Connections option.
· Avoid using production tables for "Test Table Name", and use dumns (such as DUAL).
• Use statement cache to improve the performance of Prepared and Callable Statement.
• Select the Least-Recently-Used (LRU) algorithm for the cache; this will delete a rarely used statement from the cache.
· When you create a connection pool or start WebLogic Server, if the database is not accessible, you can use the Connection Crection Retry Frequency to renew the connection to the database.
• When WebLogic Server is running, if the database is restarted, Test Frequency can start from 0 to increase, so all connections will be turned off and then reopened to re-establish a valid physical connection. After recreation all connections, it will be changed to 0 will prohibit the test.
• Use the Honors Global Transaction option to create TXDataSource when using the DataSource object for the connection pool.
· The only way you should use Non-TX DataSource is that when you want to do some work on the database, do not want to include the database to the current transaction.
• When configuring a connection pool to use the Non-XA database driver when used with the WebLogic JMS JDBC Store.
The JMSWebLogic Server JMS architecture allows you to create multiple JMS servers in a WebLogic domain. But each JMS server can only be instantiated (target) on a WebLogic Server because it is a "only" service. A JMS server can be used as a host of multiple destinations. Permanent Storage (Disk-based file or database accessible through JDBC) can be configured to store permanent messaging data. If you have to share a JMS memory across multiple destinations, configure multiple destination to reside on a JMS server. However, in order to use a separate permanent memory for each destination, create them under multiple JMS servers. Tips • Enable Direct Write Synchronization Writing Policy for JMS Files, which can release virtual memory (VM) stacks, but only when there are some concurrent active JMS clients, direct writing can significantly improve performance.
• Separate file storage on a separate disk, or even on a separate disk controller.
· To make file storage height, you can use Storage Area Network (SAN), a multi-port disk or disk mirror technology.
• Do not associate with the XA JDBC driver with the JMS JDBC memory, because JMS JDBC memory does not support the XA resource driver (WebLogic JMS implements its own XA resource).
· The expiration message using the USING Expiration Scan Interval Scan Dishou can release the VM, but too frequent scanning will increase the scanning overhead; make sure you do the optimal adjustment.
• Set the Messagesmaximum in the connection factory to adjust the size of the asynchronous message.
· Set the Time to Live property at the connection plant level to avoid messages.
· Disable the default JMS connection factory; for the production configured JMS connection plant.
• Configure a distributed destination for a load balancing JMS message across physical destination (configured in different JMS servers).
• Similar settings are used when deploying distributed destinations, using similar settings for each JMS server and member destination in the cluster.
Message Pipes Permanent and non-permanent messaging server memory unless the paging is enabled. Message page is a process of releasing the server memory occupied by permanent and non-permanent messages, because permanent messages are also cacked in memory. A message that is replaced out does not release all memory it uses. The message header and message attribute still stay in memory for finding, sorting, and filtration. The messages sent in the transactional session are only suitable for paging only after the session is submitted. Prior to this, the message was saved in memory. skill
• If JMS paging is enabled, the WLS 8.1 will automatically create a paging memory, but it is recommended to explicitly configure the page memory (you can specify the location of the memory).
· JMS page adds a WebLogic Server instance that can contain the number of messages data, without requiring an increase in JVM heap size.
• Pipement does degrade performance, but when the non-permanent message is paneped, its effect is small when the permanent message is paneled.
· Always configure the limit for the WebLogic JMS Server; the limit can prevent the message overflow server memory.
After the flow control defines the JMS server, you can configure one or more connection factories to create a connection using a predefined property. With stream control functions, you can determine that you will become overloaded when you become overload, and you will be able to reduce its speed. skill
· In order to reduce the speed of the production procedure of the destination from the WebLogic Server process, you need to configure the flow control.
• The traffic control inside the server will cause the server thread to slow down; be careful. Deploying WebLogic Server allows you to store deployment units as a single archive file, or an expanded directory containing the same content as the above archive file. The archive file is a single file that contains a class, static file, directory, and deployment descriptor file for all applications or modules. Deploy user applications on the managed server instance. This will manage applications (consoles) and domain configurations from user applications. In the production environment and multiple server environments, avoid the use of the application's automatic deployment. Running the WebLogic field in the "production mode" will prohibit automatic deployment in production. If you create a script to deploy an application as part of the entire structure, consider using WLDeploy Ant tasks. If you are set to Ignore Roles and Policies from DD before deploying the application (or module), set the onfuture redeploys option to Ignore Roles and Policies from DD, you can use the management console before Set security policies and security roles. However, these modifications that use the management console will overwrite the security specified in the deployment descriptor. skill
· Run the production application using the production mode.
• Avoid deploying user applications on the management server instance.
· In order to specify the default web application of the server, an empty context-root element or a value "/" element is used in WebLogic.xml or Application.xml file.
· After the application is deployed in the Management Console, the modification of the security policy for the application will overwrite the policies in the deployment descriptor.
After re-deploying an application, you can re-deploy the application itself or part of it. Redementing a complete application includes uninstalling all the classes, then deploy the app again using the modified file. Redeing the application in production is a very serious task that may affect performance, so you have to plan the application's update. If there is a web application in the production that is in use, redeploy will cause WebLogic Server to lose all Activities HTTP sessions. You can restore the HTTP session by opening a special property in the WebLogic.xml file (WebLogic.xml).
skill
· If you only modify the static file, you are possible without re-deploying the entire application.
· Side redeployed applications (WebLogic.Deployer ... -redeploy option)
...).
· I want to modify the deployment parameters without changing the application, you need to use the alternate deployment descriptor.
· To simplify the process of resetting the application archive file to multiple WebLogic Server instances during redeployment, you need to deploy segmentation mode.
· If the management server is not available, you can start a managed server with all segment applications in a stand-alone mode and make it complete.
Enterprise Applications If the client is in the same enterprise application class, WebLogic optimizes access to EJBs in the same enterprise-class application class. So, consider creating an enterprise archive file, not an independent deployment of applications. In addition, you can use the settings within the enterprise, instead of using multiple local settings in the deployment descriptor. Use the WebLogic console to create JDBC resources in the WebLogic Server domain without using WebLogic-Application.xml technology.
skill
• In WebLogic Server, avoid deploying EJB archive files and related web applications as separate stand-alone applications.
• When web components accesses EJB components in the same enterprise application, it can improve runtime performance.
· You can deploy enterprises as a deployment unit. • Do not put the application-specific class or JAR file into the system classpath (avoid restarting the server in order to reload them).
• When using WebLogic Server 8.1, use the new App-INF / LIB and App-INF / CLASS directory in the Enterprise Application Directory structure, which is to simplify the packaging of the utility class and utility archive file.
The pre-compilation production and test deployment should include the precompiled JSP page and EJB (using WebLogic.Appc if it is WebLogic.jspc /WebLogic.ejbc). They can capture the error in the application for a long time before you deploy the application. In addition, offline compilation can verify the compatibility of the deployment descriptor with the current specification. Deploying the compiled application can reduce the deployment time and the next server restart time. Develop deployment on the workstation of developers can use dynamic compilation.
skill
• Pre-compiled parameters are enabled in WebLogic.jar during the application deployment or during the server startup.
· In the production environment, you need to ban the running page check and recompile, you need to set the pagecheckseconds to -1.
· You can compile EJBs outside of server VM using WebLogic.Appc or WebLogic.ejbc (no longer use). This reduces the restart time of the server.
• Use the WebLogic.Deployer utility in the script, or it related to Ant task WLDeploy to automate deployment in the production environment.
Deployment Descriptor Editing Only the deployment descriptor for modifying the J2EE application will take effect only when the application is re-deployed. The WebLogic Management Console provides a way to modify certain deployment descriptor properties without re-deploying the application. When the domain is running, in order to take advantage of this feature, you must deploy an application (non-archive format) in the expanded directory structure. In order to modify the descriptor value of the application after deployment, do the following: Web Application Module> Your Application> Configuration tab> Descriptor tab. skill
· Use the tools provided by WebLogic Server to generate and edit the XML deployment descriptor.
· WebLogic Builder generates a descriptor; it includes an interface for editing a descriptor.
· DdInit is a command line utility that generates a deployment descriptor for the WebLogic Server application.
· DDCReate is an Ant task that can be used to create deployment descriptors for enterprise applications.
EJB stateless session EJB free pool can improve performance and throughput because beans are created during the server startup or deployment. WebLogic Server uses a BEAN instance to improve the performance of stateful session EJB. This cacry is stored in memory, so they can be used for client requests. Using application-level / federated caches will result in reduced fragmentation, and the utilization rate of memory and heap space is higher. However, the use of application-level / federated cache is limited to entity EJB in an enterprise application. For applications requiring high throughput, use the bean level cache. The bean cache is efficient because the tasks do not have to compete with a controlled thread in the joint cache. In order to use WebLogic to use the call to optimize the EJB component,
Set to True.
Write the local interface for the EJB to be accessed in the same enterprise application, or the same purpose can be reached.
The concurrent policies of entity EJB include:
Database: Follow the database to increase throughput (for EJB1.1 and 2.0, this is the default also recommended mechanism). Mutually exclusive: avoid dead locks; only when highly consistency is required on a non-clustered server. Optimistic: Do not remain locked in the EJB container or database during the transaction. But the EJB container ensures that the data is being updated is not modified. Read-only: At the end of the transaction, the container will not try to save the state of the bean; for the EJB that does not make any modifications to permanent data. Use read-only strategy, use
BEAN data caught in the container is invalid; this updates the data in the permanent memory when the timeout occurs.
skill
• Consider the number of threads to configure the maximum number of beans in the free pool.
· To limit the memory used by state session EJB, you need to set the maximum number of beans that can reside in the cache (Max-Beans-in-Cache).
· The cache will lead to frequent activation and passivation.
· The cache has led to waste of memory.
· When the ideal timeout period is reached, the LRU algorithm will keep the bean in a passivation state.
· To avoid passivation-state session EJBs, use the Not Recently Used (NRU) algorithm.
· EJB's local interface provides optimal access to the server-side EJB client.
• The joint cache has only adjusts a cache in WebLogic-Application.xml, not a multi-block.
• Message Drive Beans that use container managed transactions must use the XA connection plant.
Safety Never use development models for production servers; development mode will relax all servers in the domain. When using compatibility security, disabling guests to log in so that you can use guest login to access WebLogic resources in WebLogic Server. When you create a security policy, if you get through the policy statements you get inheritance, the new policy overwrites them if you have inherited the policy statement in the Policy Editor page. To modify the security policy defined in the J2EE deployment descriptor, you need to redeploy; modify the embedded LDAP policies in the management console are dynamic. Configure additional management users to roles such as Admin, Deployer, Monitor, or Operator. SerializedSystemini.dat contains messy information after processing the password in the domain; ensuring that you store the copy of this file in a safe place. Only the WebLogic system administrator account can be a read authority for serializedsystemini.dat. If you lose your management password, and you don't save the starting identity in the form of a boot.properties file, you can't restart the server.
skill
• Save the user who has the right to launch WebLogic Server in the boot.properties file to start identity.
· BEA recommends using security roles (rather than users or groups) to protect WebLogic resources; first assign users to groups, then create role statements.
• Do not install or run WebLogic Server with root privileges. If you have to bind to a request authorized port, use the Post-Bind Uid or Post-Bind GID in the WebLogic machine configuration.
• Set ownership of the WebLogic installation and application directory, only allowing the user account to run the server to access them.
Restore administrator password When using the default authentication program, if you have not modified global management roles (by default, you can give the administrator group), you can restore administrator passwords in the WebLogic domain. Want to recover the administrator password in the WebLogic domain, you need to complete the following steps:
• Modify to the domain directory on the command line, and then run the setENV script to set PATH and ClassPath. · Create a new defaultAuthenticatorinit.ldift; run java weblogic.security.utils.adminaccount
./
· Delete
/
The initialization status file in the / ldap subdirectory defaultAuthenticatorMyRealminit.initialized.
· Restart the server as a new user.
· To modify the old management user identity, you need to log in to the management console. (Optional)
SSL When using SSL for WebLogic Server, use KeyStore; no longer used to save the identity (private key and certificate) and trust (CA) in the file. Migrating from an early version requires you to create a KeyStore using a private key, certificate or trust file. If the network of WebLogic Server in the connection domain is untrustworthy, SSL is enabled on each server in the domain, so that the LDAP replication between the management server and the managed server can use the SSL connection. Enable management port in the domain requires all servers to use SSL. The default WebLogic installation represents an Exportable-Stregth SSL implementation (SSL can use the 512-bit key with bulk encryption). The key longer than 512 bits requires the Domestic-Stregth SSL license key provided by the BEA. If you use SSL in your production environment, use high-stregth SSL. It is generally considered that the key having less than 1024 bits is unreliable. SSL Hardware Accelerator: Running SSL on WebLogic Server will deplete the resources of the server to a large extent. By uninstalling SSL processing, resources can be applied to WebLogic feature. Web servers, load balancer, firewall or switches can perform SSL processing. In WebLogic Server, they can be filtered to control the entered connections. WebLogic Server improves a default connection filter implementation that you can configure it in the management console.
skill
· In production, do not use the sample SSL certificate provided with WebLogic.
• To avoid endanger applications, install and configure server-specific SSL certificates, then enable hostname authentication on the production server.
• Use SSL only on WebLogic Server when necessary because SSL reduces performance.
· To control the type of connection accepted by the WebLogic Server instance, use the connection filter.
• Run WebLogic Server on a machine with SSL hardware with a load balancer supported by SECURE Socket Layer, SSL, or using Java Cryptography Extension (JCE).
Protection Management Console If you use the management server (or in a single server domain) for the application service, do the following points to provide better security:
· Modify the default management user and password to a custom user and password.
· Modify the management console up and down the root path.
· Enable management ports within the domain range.
· Consider disabling the management console.
If you are using an external LDAP provider, store the server to the embedded LDAP server and set up a timeout on an external LDAP identification provider. This way, if an external LDAP server is not available, you can continue to restart and provide unprotected data to WebLogic Server. In addition, the control flag of all authentication providers is set to optional before you apply any modifications; this prevents configuration errors from causing production servers from being restarted. Based on the old-fashioned security field API, WebLogic Server provides a customized area called NTRRALM, which supports this unit's Windows domain authentication. NTREALM is quite useful for Windows domains that are not set to use Active Directory. skill
· Start the identity in the in-LDAP server.
· Want to control the production environment more well, use Active Directory authentication, not to use this machine's Windows Domain (NTREALM) authentication.
· To prevent denial of service attacks, modify the timeout and maximum size of the access protocol port (T3, COM, IIOP, HTTP POST timeout) on the server.
· Let the internal or external audit team perform a security audit.
The cluster WebLogic cluster is a set of managed servers in the domain, providing a single server view for a collaborative way. Use WebLogic clusters to increase efficiency, scalability, load balancing, and failure recovery. The WebLogic cluster is a process-level cluster that participates in the server can be located on different physical machines or on the same machine. IP multicast is a hub that exchanges the heartbeat signal in the cluster. So make sure you enable multicast communications in the WebLogic Server network.
skill
· If you use the web server agent, then configure two to avoid single point failures of the cluster.
• Make sure that objects stored in the HTTP session can be serialized when the applications on WebLogic Server are portable.
• At least three WebLogic Server instances are prevented in each cluster, such a server failure will stop the load balancing of the cluster.
· You cannot add management servers to the cluster.
• Use a separate multicast address to each cluster in the network.
• The server running in the cluster can monitor different ports of WebLogic Server 7.0.
• If you can, route cluster multicast communication using a separate hardware (NIC), the specific method is to configure the network channel, and separate the internal cluster communication with the external client, so that better performance can be obtained.
• Frequently accessed applications in the first class cluster (ex. War and ejb jar) to avoid network information flowing.
· To enable automatic failure recovery of servlets and JSP, use replication technology.
· Replication in memory is fast than other types of replication.
· When using replication in memory, you want to specify machine information for the server in the cluster.
· You need to define replication groups only when you need to control the secondary selection process.
• Use server similarity in all possible places can improve performance.
· Public use of available DNS names to identify WebLogic Server instances, instead of using IP addresses in enabling firewall environments.
· If a WebLogic cluster spans multiple sites, the network between the site must support multicast communication of cross-site clusters.
· With this leapfross architecture, you must configure a cluster's multicast TTL value to prevent the router from dropping them before the multicast package arrives at its destination.
Threading In order to improve the performance of WebLogic Server, use this I / O (performance package) if they are available. To ensure proper initial performance packages, you should detect errors during startup. The execution queue can be set to add threads in the overflow. However, avoid using the server to increase the ability to execute the number of threads to manage the peak period of the regular application load. Conversely, make a careful capacity planning and server adjustment; choose a best number to perform threads. skill
· Only when the CPU utilization does not reach 100%, the client request is often blocked and rejected, and the number of execution threads can be adjusted.
• When the number of threads is adjusted, the adjustment can be stopped if the throughput begins to fall, or the CPU utilization is lowered or remains constant.
• Do not set Stuck Thread Max Time and Stuck Thread Time Interval, so that during the peak processing peak, the regular request is mistaken to be a card.
· To divide the application components or provide a specific number of resources to a component, you need to create user-defined execution queues. Using customized execution queues can also avoid potential cases of dead locks.
· In order to provide a special resource to the message driver bean, you need to use a separate execution queue to each deployed message driver EJB.
• Dialect the deadlock fault on WebLogic Server and long-running requests, use a range of correctly scheduled thread dumps to determine possible reasons.
• If the T3 protocol is accessed by tunneling, the performance will drop approximately 15%; the tunneling T3 should be used on HTTP.
Test skill
• During capacity planning and testing, the peak load for applications may be developed.
• Optimize applications during testing; usually, on WebLogic Server, applications are limiting the biggest factor in performance and capacity.
• Test system performance at pressure, use appropriate and realistic test cases.
· The closer test cases and production conditions, the more precise test results.
• When the application is tested, it is ignored several examples of the start; run the test example to allow the server VM "warm up".
Monitoring Using the operating system-specific statistics to observe thread behavior and context switching. For example, on Solaris, you can use MPSTAT, PRSTAT, TOP to monitor CPU utilization. MPSTAT discloses CPU utilization, thread interrupts, and intentional and unintentional context switching. Top will help you find a process of exhausted CPUs. The WebLogic Management Console can be used to monitor the use of running servers, server threads, JVM stacks, log files, cluster statistics, and more. Enabling SNMP monitoring can utilize an existing SNMP monitoring framework to monitor your WebLogic domain resources through a central management server. 1.01: Third-party monitoring tools can also be used to monitor applications and system resources used by WebLogic Server (for example, ACSERA, ACSERA, ACSERA, etc. produced by Quest.
skill
· The SNMP agent is an component of the management server in the domain, so the fault of the management server instance may become a bottleneck.
· To monitor the WebLogic runtime MBeans, you can also use JMX monitoring tools in addition to the management console.
JVM uses JVM that provides better performance to applications (such as JROCKIT) of the server. The management console can be used to graphically monitor the usage of JVM stacks. In order to achieve better performance, it is required to test the JVM provider's option.
For example, these common "hotspots" JVM options you can set: -xx aggressiveHeap - use almost and the entire physical memory generally large heap. -Xx useism - Use privacy shared memory (Solaris). AggressiveHeap Warning: 1. Use all available memory. 2. Not compatible with -XMS -XMX. 3. Heap may steal memory from the stack. Privacy Shared Memory Warning (for Solaris only): 1. Lock the memory; only use it on the system. 2. Memory fragmentation prevents allocation of a continuous 4 MB page. 3. Abnormal JVM termination can result in a lock segment. 4. To discover and delete the lock segment, use IPCS and IPCRM. Tips • Do not set the server's heap size than the free RAM available on the machine.
· To achieve high performance and high throughput, the minimum JVM heap size is equivalent to the largest heap size.
• The logging feature for WebLogic Server is used for low memory conditions can be used to sample available free memory to detect low memory.
· When monitoring garbage collection, if the heap is always fixed at 85% idle, try to reduce the size of the heap.
• When setting, -noclassgc ensures that the PERM size is set to greater than the default value (32MB).
· Avoid using the -verbosegc option during production operation.
· Using parallel waste collection algorithms on multi-CPU machines to reduce waste time.
· In Intel-based architecture, in order to achieve better performance, configure WebLogic to use a JROCKIT virtual machine.
· To discover and delete the lock segment, use IPCS and IPCRM.
