Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

BEA WebLogic Server 9.0

VIEWS: 2,564 PAGES: 31

									BEA White Paper




BEA WebLogic Server ® 9.0
Copyright
Copyright © 2005 BEA Systems, Inc. All Rights Reserved.
September, 2005


Restricted Rights Legend
This document may not, in whole or in part, be photocopied, reproduced, translated, or reduced to any electronic
medium or machine readable form without prior consent, in writing, from BEA Systems, Inc. Information in this docu-
ment is subject to change without notice and does not represent a commitment on the part of BEA Systems, Inc.


Trademarks
BEA, Built on BEA, Jolt, Joltbeans, Steelthread, Top End, Tuxedo, BEA WebLogic Server, BEA Liquid Data for
WebLogic, BEA WebLogic Portal, BEA WebLogic Workshop, and WebLogic are registered trademarks of BEA
Systems, Inc. BEA AquaLogic, BEA AquaLogic Data Services Platform, BEA AquaLogic Enterprise Security, BEA
AquaLogic Service Bus, BEA dev2dev Subscriptions, BEA eLink, BEA MessageQ, BEA WebLogic Communications
Platform, BEA WebLogic Enterprise, BEA WebLogic Enterprise Platform, BEA WebLogic Enterprise Security, BEA
WebLogic Express, BEA WebLogic Integration, BEA WebLogic Java Adapter for Mainframe, BEA WebLogic JDriver,
BEA WebLogic Log Central, BEA WebLogic Network Gatekeeper, BEA WebLogic Platform, BEA JRockit, BEA
WebLogic SIP Server, and BEA WebLogic WorkGroup Edition are trademarks of BEA Systems, Inc. BEA Mission
Critical Support is a service mark of BEA Systems, Inc. All other company and product names may be the subject of
intellectual property rights reserved by third parties.




CWP1005E0905-1A
BEA White Paper – BEA WebLogic Server 9.0




Table of Contents
Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Enterprise Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
      BEA WebLogic Server in the Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
      SOA with WebLogic and AquaLogic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Multi-Layered Business Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
      The Presentation Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
          Data Binding and Transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
          BEA WebLogic Server Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
          Dynamic Web Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
          Web Page Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
          Thick Clients Including SOA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
          Front-End Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
          SSO and Integration With External Security Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
          Web Services and WSRP: SOA Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
      The Business Layer—Business Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
          Enterprise Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
          Robust Business Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
          Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
          Business Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
          Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
          High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
          Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
      The Integration (Back-End) Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
           Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
           Security System Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
           Data Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
           Integration With Other Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
      Governance Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
          Local Application Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
          Domain-Wide Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
          System Health Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
          Auditing Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
          Migration to BEA WebLogic Server 9.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
   What’s New: The Big Picture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
   Systems Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
   Performance and Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
   Enterprise Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
   Enterprise-Ready Messaging Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
   Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
   Supported Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

About BEA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
BEA White Paper – BEA WebLogic Server 9.0




Executive Summary
In this time of increasing enterprise integration and service-oriented architecture adoption, the choice of a
service and integration platform becomes ever more crucial. To fully leverage and protect your mission-critical
business infrastructure, a chosen platform should be not only standards-based, robust, and scalable, but easy
to configure, administrate, and govern, and flexible enough to accommodate varied development teams and
multiple application frameworks.

BEA WebLogic Server® satisfies these criteria and more: this award-winning enterprise-grade kernel is the
cornerstone of both the BEA WebLogic Platform™ application suite and the groundbreaking BEA AquaLogic™
SOA product family.

BEA WebLogic Server, now in its ninth revision, has famously hosted a wide range of service containers,
making it the developer’s and architect’s choice for more than eight years. Now it has become the business
owner’s choice for unbeatable return on investment: the ideal service host in an SOA, it brings a business
closer to zero downtime than any other application server. BEA WebLogic Server offers extensive support at
both the development and production ends of the application life cycle, while fully supporting the latest J2EE
specification (1.4) and a wide range of Web services standards. The result is greater interoperability than that of
any other application server on the market.

This white paper is divided into three sections:
  • Enterprise Overview: BEA WebLogic Server’s position in the enterprise and in a Service-Oriented
    Architecture (SOA)
  • Multi-Layered Business Solutions: Explains how BEA WebLogic Server helps implement solutions to a
    range of business problems
  • Conclusion: A summary of the major features of BEA WebLogic Server 9.0.


This document is written for both business decision makers and enterprise architects. It was designed to be
read either in individual sections or from start to finish. Together, the overview and conclusion give a high-level
overview of the server. Digging deeper will provide greater insight into how BEA WebLogic Server can help
solve specific business problems.



Enterprise Overview
BEA WebLogic Server 9.0 is a Java application server fully implementing the J2EE 1.4 specification, the latest
Web services standards, and the most advanced interoperability standards. BEA WebLogic Server is engineered
to deliver scalable, reliable unified security, transaction, and management services.

The J2EE 1.4 specification provides a standard set of APIs for creating distributed applications that can access
a wide variety of services such as databases, messaging services, and transactions; they allow dynamic Web
content to interoperate with disparate and even legacy systems. End-user clients access these applications
using Web browser or Java clients. BEA WebLogic Server installations consistently top the SPECjAppServer



                                                                                                                      5
BEA White Paper – BEA WebLogic Server 9.0




(spec.org/jAppServer2004) J2EE benchmarks, setting high-performance records and winning accolades for
high value.

Beyond the J2EE API, BEA WebLogic Server provides advanced messaging, data persistence, management,
high availability, clustering, and multi-platform development support. With the rest of the BEA WebLogic Platform
and the BEA AquaLogic product family, it provides a solid core of services that have withstood the demands of
the world’s largest enterprises and continue to be the most highly regarded implementations in the field.

BEA WebLogic Server also allows enterprises to deploy applications in a highly available and scalable environ-
ment. With it, enterprises can configure clusters of BEA WebLogic Server instances to distribute load and
provide extra capacity in case of hardware or network failures. Extensive security features protect access to
services, keep enterprise data secure, and prevent malicious attacks. Other tools allow system administrators
to monitor and tune the performance of applications and the server environment. Finally, BEA WebLogic Server
can be configured to automatically monitor and tune application throughput without human intervention.
Together, these features and tools provide a robust environment for secure deployment of mission-critical,
high-volume applications.


BEA WebLogic Server in the Enterprise
In the 1990s, Java became very popular as a solutions “glue”—unifying disparate systems through easy-to-
code interfaces and multi-platform support. BEA WebLogic Server began its life as a collection of Java services
that predated current J2EE specifications. Workspaces, transactional control, messaging, e-mail services, and
other services marked the early versions and made it increasingly vital to enterprises needing to unify service
offerings on a common platform.

BEA has a long history of “innovate, then standardize”—innovating where there is no standard, immediately
adopting a standard when it appears, and continuing to develop solutions where standards have yet to catch
up. As Java became mainstream, BEA WebLogic Server grew to support enterprise-wide requirements.




                                                                          Customers    Suppliers    Employees   Partners



Figure 1:

BEA WebLogic Server 9.0
Enterprise Configuration.
                                                     BEA WebLogic




                                       Business
                                                                    BEA WebLogic                      BEA WebLogic
                                                                       Portal                          Integration
                                                       Workshop




                                       Analysts




                                      Application                              BEA WebLogic Server
                                      Developers




                                      Enterprise                                       BEA JRockit
                                      Developers




                                                    Enterprise Information                         IT Infrastructure
                                                           Systems                                   Components

                                                                                                                        Web
                                                           CRM      ERP          MRP               DBMS   Messaging
                                                                                                                      Services




6
BEA White Paper – BEA WebLogic Server 9.0




BEA WebLogic Server 9.0 supports the following standards: SNMP management protocol, XA distributed
transactions, SSL v3, public key encryption, LDAP, J2EE 1.4, JavaSE 5.0 including CORBA orbs, FML32
buffers, XML, SAML, SPNEGO, and Web services.

BEA WebLogic Server 9.0 goes beyond existing standards to support multi-stream auditing, store-and-forward
messaging, side-by-side deployment, high-availability solutions including LAN, MAN, and WAN clustering
configurations, whole server migration, singleton services, context dying, a comprehensive diagnostics
framework that allows for automatic action, and support for multiple development frameworks.

What is the role of BEA WebLogic Server in your enterprise? That depends on the needs of your enterprise
architecture. BEA WebLogic Server has a Web container, an EJB business logic container including a data
persistence implementation, a high-performance file store, a messaging bus, a full online or offline message
delivery system, a transaction container, an integration point with a J2EE Connector Architecture container, an
RMI services host, an auditing host, a database pool manager, a JNDI registry, UDDI registry, a Web services
platform, an integration point with Tuxedo transactional MOM solutions, and a J2EE implementation.

The Multi-Layered Business Solutions section of this document (below) shows how BEA WebLogic Server can
address specific business needs.


SOA with WebLogic and AquaLogic
BEA WebLogic Server is the heart of the BEA WebLogic™ product family, which includes BEA WebLogic Portal®
                             .
and BEA WebLogic Integration™ Both run within BEA WebLogic Server, depending on core services such as
security services, transaction control, auditing, a Web and Servlet server, and an EJB container.




                                                                     Service Infrastructure

                                                              BEA AquaLogic Product Family
Figure 2:

                                              Packaged Applications                         Custom Applications
BEA WebLogic and AquaLogic
                                            SAP     ORCL      SEBL        PSFT        BEA       IBM    MSFT       ORCL
product stacks.



                                                                Application Infrastructure

                                                           BEA WebLogic
                                       EDGE       SIP                                  MSFT       Tuxedo      CICS
                                                           Product Family



                                        HPUX            AIX     Solaris          Windows         Mainframes




                                                                                                                         7
BEA White Paper – BEA WebLogic Server 9.0




Both BEA WebLogic Portal and BEA WebLogic Integration complement BEA WebLogic Server, logically
extending its core services to meet additional use cases. BEA WebLogic Portal builds on the server’s Web
container by partitioning the servlet into desktops, books, pages, and portlets, while BEA WebLogic Integration
leverages its transactional and EJB functionalities to provide long-running business processes that can be
easily monitored.

BEA AquaLogic Service Bus™ adds a layer of governance to all services offered by the BEA WebLogic product
family. Though not limited to working with BEA products, the BEA AquaLogic Service Bus is ideally suited to
homogenize the wide range of services provided by BEA WebLogic Server. The two product families comple-
ment each other, providing the necessary components for a true enterprise-wide SOA.



Multi-Layered Business Solutions
This section gives an overview of the purposes to which BEA WebLogic Server can be put. A more technical
architecture overview is available in the BEA WebLogic Server Architecture section.


The Presentation Layer
How can BEA WebLogic Server help present data? This section starts with internal presentation services such
as data binding, and progresses to thick clients.


Data Binding and Transformation
Whatever type of data an organization must present, if there are Java classes that bind or transform it, it will
run in BEA WebLogic Server. In fact, BEA WebLogic Integration includes a data engine for transforming binary
data into and out of XML. What follows are the out-of-the-box functions included with BEA WebLogic Server.




                                                         BEA WebLogic Server 9.0                                            BEA WebLogic Server 9.0

                                                                      Beehive/                                                        Beehive/
                                                     WLST              Spring        JavaEE    Portal                       WLST                    JavaEE          Portal
                                                                                                                                       Spring


                                                                        Web           SIP       BPEL
                                                                                                                                        Web
                                                                                                                                                        SIP         BPEL
Figure 3:                                                CFML         Services                                              CFML      Services



BEA WebLogic Server 9.0 SOA
service bus endpoints.
                                                                                                AquaLogic Service Bus




                                        BEA WebLogic Server 9.0                               BEA WebLogic Server 9.0                            BEA WebLogic Server 9.0

                                              Beehive/                                                  Beehive/                                              Beehive/
                                       WLST    Spring       JavaEE          Portal            WLST       Spring    JavaEE    Portal              WLST          Spring        JavaEE   Portal


                                                Web             SIP          BPEL                         Web       SIP       BPEL                              Web           SIP     BPEL
                                       CFML   Services                                        CFML      Services                                 CFML         Services




8
BEA White Paper – BEA WebLogic Server 9.0




XML
XML data requires a binding mechanism to translate it into and out of Java. BEA WebLogic Server 9.0 supports
BEA’s XMLBeans v2 through an Apache open source project (xmlbeans.apache.org/). Java objects can be
mapped to XML as Document objects, Streaming API for XML (StAX) cursors, or Plain Old Java Objects
(POJOs). BEA WebLogic Server supports the latest XML specifications in J2EE 1.4, including JAX-RPC, JAXP,
JAXR, SOAP with Attachments API for Java (SAAJ), and Web services technologies. In addition, BEA WebLogic
Server allows configuration of SAX- and DOM-style parsing and XSLT transformations for individual applications,
allowing for maximum flexibility when parsing, building documents, and displaying the results.


Other Services
For enterprises that need to surface FML32 data from Tuxedo, BEA WebLogic Server 9.0 includes the BEA
WebLogic Tuxedo Connector, which facilitates, with transactional control, Tuxedo buffer information transforma-
tion into Java.

J2EE 1.4 continues to support Java-CORBA interoperability, and the JDK 1.5 runtime contains a CORBA ORB.
The Integration Layer section of this document describes Java/CORBA transport capabilities in more detail.


BEA WebLogic Server Web Server
BEA WebLogic Server contains a fully functional Web server with a range of features: implementation of the
HTTP 1.1 specification, scalable connection pools with a queue to handle heavy loads, and configurable for-
warding to and from other servers. Security features include a certificate store, Public Key exchange including
Secure Socket Layer (SSL) v3, audit logging, automatic and configurable AA (Authorization and Authentication)
triggers, user group and role support, IP denial after a number of failed attempts, secure partitioning by path or
by document type, and single sign-on support through SAML v1.1 Identity Asserters and Credential Mappers
(see the Security System Integration section for details). BEA WebLogic Server also offers channel division
across multiple network interface cards and ports, allowing predictable integration with firewalls and routers.

BEA WebLogic Server’s Web Container is fully scalable and robust, with virtually flat scaling as server nodes
are added to a BEA WebLogic Server cluster. Permitting user sessions to automatically migrate to a secondary
server in the event of hardware failure allows business logic to service 10 or 10 million users without changing
the code.


Dynamic Web Pages
Web developers have long needed to produce and use dynamic Web pages. Early CGI programming solutions
were script-based, making them brittle and non-scalable. The 1997 introduction of the Java Servlet API gave
developers a standard way to generate dynamic Web content; today, most BEA WebLogic Server presentation
solutions utilize the BEA WebLogic Server Web container capabilities, including the handling of JSPs
(JavaServer Pages). BEA WebLogic Server 9.0 ships with a number of JSP tags—customizable references
embedded into Servlet pages—that assist with caching, processing, and looping. BEA WebLogic Server 9.0
also includes an implementation of the Java Standard Tag Library (JSTL), deployable as a .jar or a library.

Servlets are processes that wait within the Web container to handle specialized requests. Servlets managed by
BEA WebLogic Server include BEA WebLogic Server Administration Console (see the Administration Console
section), Web services, and Web Service Remote Portlets, or WSRP (see the Web Services and WSRP: SOA
Solutions section). It is also possible to write Servlets for customized request handling.


                                                                                                                     9
BEA White Paper – BEA WebLogic Server 9.0




WSRP portlets are Web services wrapped with presentation information; WSRP producer portlets created in
BEA WebLogic Server are deployed as Servlets, and are typically consumed by portals. The most complete
WSRP implementation on the market is contained in the BEA WebLogic Portal (bea.com/portal); in addition,
WSRP 2.0 producers may be created and hosted on BEA WebLogic Server 9.0 using Struts, pageflows, and
Web services support in the core server.


Web Page Interoperability
Once dynamic Web pages are hosted on BEA WebLogic Server, how do you manage groups of pages, Web
services, and WSRP portlets, moving easily from one to another while preserving context, security, and flow?
How to handle error handling, help pages, forms, wizards, etc.? The answer is Page Flow technology, part of
the Apache open-source project Beehive (incubator.apache.org/beehive). BEA created Page Flow and other
technologies as part of BEA WebLogic Server 8.1, then donated the technology to the open source community
to start the Beehive project. Beehive 1.0 is integrated with BEA WebLogic Server 9.0.

The most popular JSP Model 2 (also known as Model View Controller, or MVC) framework is Struts
(struts.apache.org); both Struts 1.1 and Struts 1.2 are included with BEA WebLogic Server 9.0. Beehive’s
Page Flow technology builds on the Struts engine and adds context handling, JSP tag support, inter-flow
communication, error handling, and logging. BEA engineers have further integrated Beehive with
BEA WebLogic Server, leveraging the power of security, unified logging, and error handling. BEA WebLogic
Workshop® offers a visual development fabric for creating and configuring Beehive Page Flows.


Thick Clients Including SOA
BEA WebLogic Server supports a wide variety of clients; “thick clients” require the distribution of code beyond
the serving of Web pages done by browser-based clients. Thick clients range from Java applets embedded in
Web pages to Java-based clients connecting via Remote Method Invocation (RMI), from CORBA orb connec-
tivity (through RMI/IIOP) to Web services and WSRP-enabled portals.


Applets
Applet downloads into client browsers allow Web pages to come alive with full connectivity to BEA WebLogic
Server—far beyond what is possible with asynchronous HTTP. BEA WebLogic Server can deliver applet jars
and maintain context with client users.


RMI Clients (Thick Clients)
Some solutions require a full-fledged Java application running on the client desktop. BEA WebLogic Server
supports Java Web Start, a standard J2SE 5.0 mechanism by which Java clients can get live information from
BEA WebLogic Server while functioning remotely. BEA WebLogic Server fully supports the RMI Java transport
layer (JRMP), and has developed an RMI implementation, t3, that is faster, more scalable, and more extensible
than the RMI spec. RMI clients can access the full range of features available on BEA WebLogic Server by
including the weblogic.jar on the remote classpath; alternatively, a smaller client can be built utilizing RMI/IIOP
and WebLogic lightweight client jars.




10
BEA White Paper – BEA WebLogic Server 9.0




Front-End Security
BEA WebLogic Server is protected externally by front-end security systems and internally by adherence to a
common security framework. It includes the only pluggable security architecture that allows for both integration
with all major third-party security frameworks and custom-built pluggable providers. Front-end security includes
protection against unsolicited requests (a.k.a. hackers) and compliance with common security standards that
allow for ease of development and deployment.


Hacker Protection
Unwanted system users appear both externally and internally, and they require different approaches to locking
down your server and its sensitive business assets.

External Protection
SSL: Sensitive data must be encrypted as it is transferred to and from client applications. BEA WebLogic Server
implements the industry standard SSL 3, with the PKI exchange of certificates allowing secure, encrypted data
exchange. There are separate ports for SSL and non-SSL data exchange, and the Web Container manages the
switch from secure to non-secure connections. BEA WebLogic Server also supports HTTP Header encryption
standards, encrypted cookies, and HTTP compression.

WS-Security: Web services must also be secured at the Web container perimeter. BEA WebLogic Server
supports WS-Security, which encrypts key Web service header information for non-repudiation of service
requests. This is beyond the level of data privacy afforded by SSL encryption for communication exchanges.

Failed logins: BEA WebLogic Server can protect against unregistered users with a “three strikes and you’re
out” policy that prevents future spurious login attempts from noted IP addresses.

Security alerts: Security is about not only secure software, but also secure coding and configuration practices.
At e-docs.bea.com/wls/docs90/lockdown/practices.html, BEA lists strategies to deal with common attacks
such as man-in-the-middle and cross-scripting; for supported customers, the company also maintains an
advisories posting with the latest patch information.

Internal Protection
Many attacks occur from behind firewalls. BEA WebLogic Server offers protection there as well, with password
protection, data protection, and secure messaging exchange services.

Password protection: In BEA WebLogic Server 9.0, user passwords are stored in either the internal LDAP or
the user security store; they cannot be retrieved from the Subject object. Passwords necessary to the
operation of BEA WebLogic Server itself (e.g., database passwords, external system passwords, and
WebLogic passwords) are automatically encrypted upon entry using the Cryptography API.

Cryptography API: The Cryptography API is also available for use in developing custom applications. For
example, an administrator who needs to retrieve passwords (to enable connectivity to another system, for
example) not encoded in a one-way hash, can write a custom Credential Mapper that uses the Cryptography
API to decrypt passwords for use.




                                                                                                                11
BEA White Paper – BEA WebLogic Server 9.0




Consistent security infrastructure: All containers within BEA WebLogic Server utilize the same security infra-
structure, and so are consistent in their treatment of subject, context, and authorization parameters. Once an
application is secured in one container, the same rules apply to all containers, providing a consistent security
mesh throughout a domain.


SSO and Integration With External Security Systems
Single sign-on (SSO) across disparate systems requires at least some level of common understanding regarding
authentication and authorization (AA), users, groups, and roles. BEA WebLogic Server 9.0 supports current Java
AA standards including Java AA Service (JAAS) and Java Authorization Contract with the Container (JACC);
SSO standards such as Security Assertion Markup Language (SAML); Web Service security standards such as
WS-Security, WS-I Basic Profile 1.0, WS-Policy, WS-Reliable Messaging, and WS-Addressing for interoperability;
and, in a following service pack, XML Access Control Markup Language (XACML).

In addition, BEA WebLogic Server goes beyond the standards to provide a complete option package, including
a full-featured Servlet Authentication Filter for use with SSO solutions such as SAML and Microsoft’s Simple
and Protected GSSAPI Negotiation Mechanism (SPENGO), a Certificate Validation Service implementation, and
the only pluggable security architecture—BEA’s own Security Service Provider Interface (SSPI)—that is compat-
ible with all leading security frameworks.


Web Services and WSRP: SOA Solutions
BEA WebLogic Server remains the number-one service platform for hosting SOA services, with a development-
to-deployment range of Web service coding, testing, staging, deploying, and configuration options. It offers
integration with the new BEA AquaLogic Service Bus™ which takes all hosted services (EJBs, JMS queues,
                                                   ,
Web services, etc.) and manages them in a technologically agnostic way, with homogeneous searchability,
service level agreements (SLAs), error handling, and transactional capabilities.


UDDI v2
BEA WebLogic Server 9.0 also ships with a Universal Description, Discovery, and Integration (UDDI) v2 registry.
Built on the Simple Object Access Protocol (SOAP) data communication standard, UDDI creates a global,
platform-independent, open architecture space that allows an organization to create a catalogue of its Web
services. The UDDI v2 registry can contain catalogued information about a business, the services it offers, and
the communication standards and interfaces it uses to conduct transactions.


Authoring Web Services
With BEA WebLogic Server 9.0, Web services are easy to author and deploy. Developers can choose the pro-
gramming model that suits them: Web Services Enterprise Edition (WSEE) 1.1 low-level services deployment,
development of JSR-181 Web services annotations (based on BEA-developed JSR-175 annotations), script-
based configuration from a WSDL, or other choices. With this approach, developers can quickly and easily cre-
ate Web services that allow for faster time to market, more productivity, less overall complexity, and lower cost
of ownership.




12
BEA White Paper – BEA WebLogic Server 9.0




Data Binding
As shown in Figure 4, data binding between Web services and application business logic is easy in BEA
WebLogic Server 9.0 with XMLBeans 2, an Apache project begun at BEA that maps XML schemas to and
from Java objects. Interface types include Plain Old Java Objects (POJOs), StAX (JSR 173) streaming parser
cursors, and standard XML Document objects.


Conversations
BEA WebLogic Server Web services are JSR 109–compliant, allowing for Web service deployment portability
between JSR 109–compliant containers; WS-Basic Profile, WS-Addressing, WS-Reliable Messaging, and
WS-Policy combine to establish secure Web service boundaries and compartmentalized messages. The new
BEA WebLogic Web service conversation framework for long-running WS processes incorporates and goes
beyond existing standards, leading the way toward the next generation of WS interoperability. The Web service
conversation framework supports asynchronous messaging and callback, leverages BEA WebLogic Server’s
robust messaging and high-availability solutions for 0% transaction loss, and can be easily created or migrated
from previous BEA WebLogic Web service instances.


WSRP
Web Service Remote Portlets (WSRPs) can be hosted on BEA WebLogic Server, for services with an added
configurable display component.




                                                                                   XML Bean
                                            XML
                                                                                                           Strongly typed
                                                                                               POJO
                                                         (Non) Lossy Binding
                                       Partial binding
                                       for versioning                          Tokenized                                         Java
                                                                                                                              application
                                      and intermediary                                                   Preserved ordering
                                                                                 store        Cursor
Figure 4:
                                         processing


XML data binding options in
BEA WebLogic Server 9.0.                                                                      Original      Full fidelity

                                                                                               XML




                                                                                                                              13
BEA White Paper – BEA WebLogic Server 9.0




The Business Layer—Business Logic
Enterprise Development
In production, BEA WebLogic Server can host a wide variety of application frameworks, including Cold Fusion
Meta Language pages, Spring open source application framework, Console Portal and WSRP producers, page
flows on Beehive, Web services annotation compilations, Beehive control, Spring application framework, and
J2EE CA adapters. There are many developmental on-ramps to deploying on the server, including BEA’s inte-
grated development environment, BEA WebLogic Workshop®, available with a service pack following BEA
WebLogic Server 9.0.

While BEA WebLogic Workshop is BEA’s preferred integrated development environment, all the advantages
conferred by BEA WebLogic Portal and BEA WebLogic Integration, it is only one of many tools available to
BEA WebLogic Server developers. Java 5 code created in any text editor and compiled will run in BEA
WebLogic Server. Tighter development integration (starting/stopping the server, compiling J2EE applications,
deploying/undeploying applications) is possible in Borland JBuilder 2006, Genuitec MyEclipseIDE, and Eclipse
JDT 3.1 + Web Tools Platform 1.0, with others to follow. Adoption of BEA WebLogic Server does not lock
developers into one development environment, but rather frees a development team to create in whatever
mode is best.

The ease of configuration and deployment of BEA WebLogic Server 9.0 means that the largest percentage of
development time is likely to be spent writing Java business functionality. BEA WebLogic Server 9.0 can host
any Java 5–compliant java jar, ear, war, rar, or Web service; a plethora of functional implementations are avail-
able, either as freeware or under license. BEA WebLogic Server has always been the developer’s choice: it is
easy to install and easy to configure with the best documentation and support on the market.




                                            BEA WebLogic Server 9.0

                                                   Beehive/
Figure 5:                                   WLST    Spring    JavaEE      Portal


                                                     Web
Multi-development platform.
                                            CFML   services    SIP         BPEL




14
BEA White Paper – BEA WebLogic Server 9.0




Robust Business Services
Business services are at the heart of any enterprise application. Deploying them onto the BEA WebLogic Server
platform makes it possible to leverage the full range of features available to your code: transactions, poolable
resources, security framework, work management, context management, clustering, diagnostics, and high availability.


Enterprise Java Beans (EJB)
EJB 2.1—poolable, callable, secure, robust, scalable, transactional resources—are appropriate when business
logic must be both poolable and under transactional control. EJBs may be called internally from the message,
Web, J2EE CA, or WSRP containers, or externally through RMI. EJBs can help secure business functionality and
make it available for a wide variety of Java clients. As easy to wrap up as Web services, EJBs can be search-
able, language-agnostic, and as easily callable as any other service. Entity EJBs make a useful interface to
persistent data, and the EJB container’s object/relational mapping capabilities are further enhanced by BEA
WebLogic Server’s extension of the EJB-QL query language for further object-relational (O/R) data configuration.

BEA WebLogic Server 9.0 has made several enhancements available to message-driven EJBs (MDBs), includ-
ing transaction batching for large volumes of messages and administrative pause and resume of MDBs. MDBs
are also callable from the J2EE CA container (see the J2EE Connector Architecture section for details).




                                                             Front-end Services

                                              Web Container              RMI Services - JNDI          Administration

Figure 6:                                                                  Messaging Container              Auditing
                                            Web Services and WSRP


BEA WebLogic Server 9.0
                                             Servlets and Pageflow             EJB Container         Diagnostic Framework
Service Containers.

                                            UDDI Registry and SSL            Singelton Service     Clustering (LAN, MAN, WAN)


                                                                                                        High Availability:
                                                                                                         Zero Downtime
                                            Transaction and Context Services/Work Area

                                                                                                         JMX (mBeans)
                                            Resource Pooling             Security Framework

                                                                                                     Two-Phase Deployment
                                               RDBMS and File               SPI Plug-ins (AA++)
                                                                                                       and Side-By-Side


                                                BEA WebLogic               Cryptography Services         Scripting Tool
                                              Tuxedo Connector


                                                     JCA                       Internal LDAP            Portal Framework



                                                             Back-end Services




                                                                                                                                15
BEA White Paper – BEA WebLogic Server 9.0




WorkManager
Running through the core of BEA WebLogic Server 9.0 are its WorkManager and Context services. Applications
now have a mechanism for scheduling work for execution by parallel/asynchronous threads, managed centrally
across all containers. Entry at any point into the server is tagged using “context dyeing,” and unique session IDs
are created that can be traced through the various containers, across JVMs, and back again.

Applications can configure scheduling guidelines (e.g., “this module should get 90% of CPU time” or “shut
down this application if you encounter stuck threads”) that BEA WebLogic Server will use in conjunction with
data collected in actual run-time performance to schedule CPU resources for the application. Applications no
longer must configure individual thread pools for specific components; instead, they can rely on BEA WebLogic
Server to monitor, tune, and allocate these resources.

It is also possible to call into the BEA WebLogic Server work manager API externally, and the J2EE CA container’s
implementation of work management leverages the infrastructure provided by the core subsystem. This allows
applications to obtain the same quality of service using Connectors as they can using the native interfaces of the
Core Work Manager. (For a more complete discussion of J2EE CA, messaging, database integration, and other
system-to-system communication, see the Integration (Back-End) Layer section.)


Transactions
Transactions are more than commits, rollbacks, and result heuristics. They represent threads of execution
touching multiple containers within the application server and calls into and out of the server, around the
cluster, into other systems, and back again. They may also involve multiple systems simultaneously agreeing to
commit or roll back.

Transaction services: BEA WebLogic Server 9.0 supports the latest Java Transaction Services (JTS) in its
transactional container services, and Java Transactional API (JTA); it also supports CORBA Object
Transactional Services (OTS) as defined in the J2EE 1.4 specification. JTA can be invoked in application code,
although services such as JMS and EJB use automatic transactional control with regard to connections,
invocations, and data storage.

Transactional control with XA: XA, invented by Bell Labs and Tuxedo engineers, is a world standard for
transaction coordination between multiple transaction containers; it allows for coordinated commits and rollbacks.
BEA WebLogic Server not only allows XA implementation in database connections, J2EE CA adapter connec-
tions, EJBs, and JMS connections, but also permits non-XA resources to participate in XA transactions through
“Logging Last Resource” transaction optimization. (See e-docs.bea.com/wls/docs90/jta/llr.html for details.)


More Java Services
For a complete list of Java services available to business logic from within BEA WebLogic Server 9.0, please
see e-docs.bea.com/wls/docs90/admin_ref/utils.html.




16
BEA White Paper – BEA WebLogic Server 9.0




Business Application Security
Security is at the heart of the BEA WebLogic Server product family. All services are given equal protection with a
unified security infrastructure that is highly configurable, dynamic, and pluggable with all major security frame-
works. For an overview of these security features, see e-docs.bea.com/wls/docs90/secintro/concepts.html.


Pluggable Framework SSPI
BEA WebLogic Server’s pluggable security service provider interface (SSPI) is the only one of its kind on the
market. It allows you to connect to existing user and group stores and external policy decision points, integrate
with enterprise security solutions, or craft custom solutions with an easy-to-build deployment model. There is
also a consistent callback mechanism and easy integration with BEA AquaLogic Enterprise Security™ for unified
                                                                                                 ,
policy management across the multiple domains of an SOA.

Included with BEA WebLogic Server 9.0 are plug-ins addressing authentication, authorization, identity assertion,
role mapping, credential mapping, certificate path (for handling certificate chains), key storage, authorization
adjudication, and auditing. Included Authentication Providers and Identity Asserters map to many different
credential stores. (See the Security System Integration section for more information.)


Data Encryption
In addition to automatic encryption management with SSL, PKI, Web service security, and password protection
in configuration files such as config.xml, BEA WebLogic Server also exposes these services to the application.
BEA WebLogic Server does not store passwords on its system in cleartext; encryption capabilities can be
leveraged at every layer and in every container.




Figure 7:                                           End Users



Side-by-side deployment.                            Session
                                                    Manager




                                       Original                    New
                                      Application               Application   QA Tools
                                       Instance                  Instance




                                                     RDBMS




                                                                                                                     17
BEA White Paper – BEA WebLogic Server 9.0




Scalability
Java has always offered the promise of “write once, run anywhere.” BEA WebLogic Server is known for almost
linear scalability: the ability to take a single instance of application code and deploy it across a cluster or clusters
of servers, or across a LAN, MAN, or WAN—with almost no loss of performance. Scalability is also important
within the server; BEA WebLogic Server 9.0 offers service pooling of JDBC connections, J2EE CA connections,
Java threads, sockets, file readers, Tuxedo connections, message queues and topics, messaging bridges,
Servlets, and EJBs. Also available are automatic server failover, server self-tuning, and overload protection.


High Availability
True zero downtime is almost impossible to achieve, but BEA WebLogic Server 9.0 gets closer than ever
before with a variety of deployment and management services.

Side-by-side deployment: BEA WebLogic Server 9.0 enables deployment of multiple versions of the same
application across a WebLogic cluster; new client requests are routed to the new version and there is no
impact on existing clients of the older version. BEA WebLogic Server will automatically retire the older version
of the application once all existing clients have completed their processing. This eliminates the need to build
out replicated versions of production environments, deploy two different versions in two environments, or use a
load-balancer to cutover application traffic to the new version.

HTTP Session, EJB, JMS, RMI, and JDBC availability: BEA WebLogic Server provides clustering support
for Servlets and JSPs by replicating the HTTP session state of clients that access clustered Servlets and JSPs.
BEA WebLogic Server can maintain HTTP session states in memory, a file system, or a database.

Load balancing and failover for EJBs and RMI objects is handled using replica-aware stubs, which can locate
instances of an object throughout a cluster. Replica-aware stubs are created for EJBs and RMI objects as a
result of the object compilation process. EJBs and RMI objects are deployed homogeneously to all server
instances in the cluster. The BEA WebLogic Java Messaging Service (JMS) architecture implements clustering
of multiple JMS servers, supporting cluster-wide transparent access to destinations from any BEA WebLogic
server instance in the cluster. Each JMS topic or queue, however, is still managed separately by each BEA
WebLogic Server instance in the cluster.

BEA WebLogic Server also allows clustering of JDBC objects, including data sources and multi-data sources,
to improve the availability of cluster-hosted applications. Each JDBC object configured for a cluster must exist
on each managed server in the cluster—when configuring JDBC objects, target them to the cluster.

MAN and WAN clustering: The state of an HTTP session running on a server instance in one cluster can be
replicated on a server instance in another cluster. The clusters can be located on different LANs within the
same MAN, or be in geographically distant locations within a WAN. Upon a failure of the primary server
instance, another member of the same cluster can recover the session data from the remote instance (in
another cluster) and make it available in the primary cluster. If no members of the cluster in which the primary
failed are available, the request can failover to the remote cluster hosting the session replica.




18
BEA White Paper – BEA WebLogic Server 9.0




Server failover: Leveraging the BEA WebLogic Diagnostic Framework, BEA WebLogic Server 9.0 now moni-
tors its own health. Using the configurable Node Manager, it allows itself to be brought down and automatically
migrated to another location if it senses that its systems are failing. In addition, a JMS implementation leverages
the automatic migration function to provide automatic JMS Server failover.

Zero-downtime upgrades: Upgrading and migrating BEA WebLogic Server domains has been made even
easier. A new upgrade wizard, which can be run in silent or GUI mode, provides complete and seamless
migration of existing domain artifacts including JTA transaction logs, JMS file and database stores, custom
security providers, node manager configuration, and anything else needed to migrate to the new 9.0 domain.

Singleton services: BEA WebLogic Server features for increasing the availability of singleton services include
support for multiple thread pools to harden individual servers against failures, health monitoring and life cycle
APIs to support detection restart of failed and ailing servers, the ability to upgrade software without interrupting
services, and the ability to automatically migrate server-dependent services such as JMS servers and JTA
transaction recovery services.


Performance
All J2EE-compliant application servers are not the same; BEA WebLogic Server 9.0 has many features that
others cannot match. Owner of numerous industry benchmark world records, BEA WebLogic Server typically
wins with half the hardware of its nearest competition. Major performance features include automatic CPU
scheduling based on workloads, JDBC performance gains including statement batching, JMS and messaging
performance improvements include file store disk scheduling algorithms, store-and-forward message queuing,
limited use of serialization and boxcarring disk writes, Logging Last Resource XA optimization for non-XA
resources, and a new conversational Web services framework.




                                              BEA WebLogic Service Cluster

Figure 8:

Zero-downtime service pack upgrades—
service pack upgrades are applied
across the cluster in a rotating fashion.




                                                                                                                    19
BEA White Paper – BEA WebLogic Server 9.0




The Integration (Back-End) Layer
BEA WebLogic Server’s integration with back-end systems is made up of pooled connectivity to non-Java
systems, messaging infrastructure and bridges to other systems, integration with security frameworks, and
data storage and integration with BEA Tuxedo.


Messaging
Asynchronous messaging is an essential part of any enterprise integration solution, providing a boundary
between the caller and the called. Such a boundary enables two systems with disparate service-level
agreements (SLAs) to interact. If only synchronous communication were possible, work would proceed at
the speed of the slower system. Multiply this situation by number of calls and number of systems; without
asynchronous messaging, functionality would soon grind to a halt.

BEA WebLogic Server takes messaging very seriously. Many new features have been added to the core JMS
Server implementation, going far beyond J2EE compliance.


Store and Forward
The most dramatic of the BEA WebLogic Server 9.0 messaging enhancements comes from existing Tuxedo
technology—store and forward (S&F). While not required by J2EE 1.4, S&F allows BEA WebLogic Server 9.0 to
become a true message powerhouse, matching the robustness and scalability of messaging pure-play products.
S&F allows message consumers—even durable subscribers—to be unavailable for a period of time without
messages piling up on the queue and causing the process to run out of memory. That’s because S&F works
together with the file store—based on a custom “log-based file system” and accompanying disk scheduling
algorithm (see the Data Persistence section for more)—to produce a seamless stream of queue and topic
availability, even under extremely high loads. Other performance gains come from JDBC statement batching,
minimizing serialization/deserialization of user buffers, and boxcarring of disk writes.


Preserving Message Order
Message ordering is a fundamental requirement of major messaging applications. BEA WebLogic Server JMS
guarantees that messages sent to a destination, distributed or otherwise, tagged with a certain “unit of order”
will be processed in the order sent. (The JMS specification asks only for sequential delivery, and only then from
a single producer to a single consumer.)


Connecting With Other Messaging Systems
For years, BEA WebLogic Server has shipped with a messaging bridge that uses J2EE CA technology to
provide on- and off-ramps to other messaging systems. The BEA WebLogic Server 9.0 messaging bridge,
taking advantage of S&F capabilities, does not rely on XA to provide exactly-once service. Instead, it uses its
own retransmission/duplicate-detection protocol, resulting in a significant performance increase.

BEA WebLogic Server 9.0 also provides a C language API for creating non-Java producers and consumers that
can take advantage of most of its add-on features, including clustering, S&F, security, and large-message support.




20
BEA White Paper – BEA WebLogic Server 9.0




Packaging Queues and Topics With Applications
BEA WebLogic Server defines extensions, called JMS Modules, to standard J2EE modules. An application can
use these extensions to configure required JMS resources, then package them in its application archive. The
application becomes fully self-contained, with no dependency on resources configured at the domain level.


Message Management
Due to unavailable message consumers, error conditions, or system failures, it is sometimes necessary to
manipulate messages, either manually or by procedure, to help them pass through a system. The BEA WebLogic
Server 9.0 console, with its expanded message management, offers sophisticated capabilities in this area, includ-
ing the ability to view and browse every message; to delete, move, import, and export messages; and to manage
durable subscribers manually. Each function can be coded into the application via pure JMX interfaces, or in a
script written in Jython and executed with BEA’s WebLogic Scripting Tool (WLST). (See Scripting Tools, below, for
more information.) All features are seamlessly integrated into the console for one-stop message management. The
JMS container also leverages an Automatic Server Migration feature—new to BEA WebLogic Server 9.0—to
provide automatic JMS failover.


Security System Integration
This document has covered security at all layers of the BEA WebLogic Server—the Web tier, the business layer,
and the back end—because it is pervasive across the platform. Pluggable security has been mentioned in pre-
vious sections; this section discusses the actual integration with security stores. Let’s start with the internal
LDAP server included with BEA WebLogic Server 9.0: it is a light-to-medium-weight LDAP server, ideal for stor-
ing role and resource policies for all sizes of application. All default security providers that ship with BEA
WebLogic Server 9.0 use this store for their policies.


Credential Stores
Authentication providers are easy to configure with BEA WebLogic Server, and many user and group store
interfaces are included: Active Directory, custom RDBMS, iPlanet, LADP, LADP x509, OpenLDAP, Novell,
Windows NT, and SAML. BEA WebLogic Server also manages plug-ins handling Public Key Infrastructure (PKI)
key storage and keychain certificate path configuration.


Policy Decisions
BEA WebLogic Server makes decisions regarding role assignment and resource access based on a rich set of
predicates, expanded with this release to include HTTP Servlet requests, HTTP Servlet sessions, and additional
date and time combinations. Roles are key in determining access authorization to every resource held by the
application server. They are easily configurable either via the console or through a chosen enterprise security
framework. All major security vendors support BEA WebLogic Server’s pluggable provider service interfaces,
including BEA AquaLogic Enterprise Security 2.0.


Integration With EAI Systems
BEA WebLogic Server supports a rich variety of Credential Mapper providers, intended to convert Java security
attributes into tokens that EAI systems can consume. This is especially important when connecting via J2EE
Connector Architecture (J2EE CA) adapters, when disparate credentials and roles may need to be mapped.



                                                                                                                    21
BEA White Paper – BEA WebLogic Server 9.0




Data Persistence
Virtually all enterprise applications require some form of data persistence. EJB Entity Beans (discussed above in
the Robust Business Services section) are one possible J2EE solution. This section covers two major data
stores: RDBMS and file stores.


Relational Database Access
BEA WebLogic Server 9.0 implements the JDBC 3.0 specification of database access, allowing finer granularity
when managing transactions (intermediary save-points) and tuning connection pools. BEA WebLogic Server
has continued to refine its database pooling, allowing some of the fastest database access from any applica-
tion server.

Ease of configuration: The various JDBC resource types (connection pools, data sources, transactional data
sources) have been consolidated into a new version of a “data source” so that applications configure a single
entity, instead of multiple entities, when specifying JDBC configuration. BEA WebLogic Server 9.0 defines
extensions, called JDBC Modules, to the standard J2EE Modules types. Administrators can configure required
JDBC resources, bundle them into a JDBC module, and package the module into the ear file of the application
that needs the resources. The application becomes fully self-contained, with no dependency on JDBC or JMS
resources configured at the domain level.

Database debugging: As in previous releases, BEA WebLogic Server 9.0 includes a set of JDBC drivers suit-
able for connecting with all major databases. In addition, it ships with a driver debugging tool, JDBC Spy. This
thin driver wrapper logs detailed information about all JDBC calls. The information in the logs can be used to
troubleshoot application problems. Logging is consistent, regardless of which BEA WebLogic Type 4 JDBC
driver is used; all parameters and function results for JDBC calls can be logged; and logging can be enabled
dynamically from the console.

File Storage
Instead of the standard Java file store access, BEA WebLogic Server uses a pool of file connections that allow the
application infrastructure to treat the file system as a poolable resource, with all the advantages of scalability. BEA
WebLogic Server 9.0 debuts a new implementation of file access based on a custom “log-based file system” and
an accompanying disk-scheduling algorithm, written in pure Java, that anticipates the location of the physical disk
to optimize reads and writes up to 10 times over other systems.


Integration With Other Systems
BEA WebLogic Server 9.0 offers many options for integration with non-Java systems not covered above.
Several large categories of integration are possible with BEA WebLogic Server 9.0: Web services/SOA (covered
in Thick Clients Including SOA); messaging bridges (covered in Messaging); J2EE CA Adapters; integration with
Tuxedo; Java-COM integration; B2B conversations; and long-running process integration.


J2EE Connector Architecture (J2EE CA)
Third-party J2EE CA adapters can be run in the BEA WebLogic Server 9.0 J2EE CA container, connecting a
J2EE application with virtually any technology, from SAP and PeopleSoft systems to FIX and SWIFT financial
trading protocols. BEA WebLogic Server 9.0 now supports J2EE CA version 1.5.



22
BEA White Paper – BEA WebLogic Server 9.0




The BEA WebLogic Server 9.0 J2EE CA container manages pooled connections, XA transactions, and security
context management. Since J2EE CA 1.5 is bi-directional, external systems can use this entry point to call into
BEA WebLogic Server 9.0 to begin interaction with the BEA WebLogic Server WorkManager (discussed in
detail in the WorkManager section above).


Java Mail API integration
A J2EE CA adapter could also be used with an e-mail server to send and receive messages. BEA WebLogic
Server fully supports the JavaMail 1.2 API, meaning that it is not necessary to use J2EE CA to use Java Mail.


BEA WebLogic Tuxedo Connector
BEA WebLogic Tuxedo Connector provides interoperability between BEA WebLogic Server applications and
BEA Tuxedo services. The connector allows BEA WebLogic Server clients to invoke BEA Tuxedo services and
Tuxedo clients to invoke BEA WebLogic Server Enterprise Java Beans (EJBs) in response to a service request.

BEA WebLogic Tuxedo Connector makes it possible to develop and support applications interoperating
between BEA WebLogic Server and BEA Tuxedo with a Java Application to Transaction Monitor Interface
(JATMI) similar to the BEA Tuxedo ATMI. BEA WebLogic Tuxedo Connector tBridge functionality provides
Tuxedo/Q and JMS advanced messaging services, in addition to CORBA service application calls.


jCOM
WebLogic jCOM is a software bridge that allows bidirectional access between Java/J2EE objects deployed
in BEA WebLogic Server; Microsoft ActiveX components available within Microsoft Office products, Visual
Basic, and C++ objects; and other Component Object Model/Distributed Component Object Model
(COM/DCOM) environments.

Web services are often the preferred way to communicate with Microsoft applications. While BEA suggests
migrating legacy COM applications to .NET, jCOM support is provided in BEA WebLogic Server 9.0 as a migration
path for interim solutions that require Java-to-COM integration. It is suitable for small projects or bridge solutions.

Business Processes and B2B: For business processes and business-to-business (B2B) conversations,
please see the BEA WebLogic Integration™ product (bea.com/integration).


Governance Services
Governance in BEA WebLogic Server 9.0 includes everything from JVM control to application debugging,
configuration and deployment; dynamic diagnostic monitoring to logging, auditing, and alerting; enterprise-wide
management of clusters to failover, high availability, security, application promotion, and upgrades.

Many of these tasks, if not all, can be performed with BEA WebLogic Server Console. This section not only
describes the administrative capabilities of the console but includes all aspects of application governance,
including intersection with the Java Virtual Machine, BEA WebLogic Diagnostics Framework, auditing,
monitoring, overload protection, and debugging capabilities.




                                                                                                                      23
BEA White Paper – BEA WebLogic Server 9.0




Local Application Management
Before addressing the operations, administration, and management needs of your enterprise, let’s take a look
at localized management at the machine or instance level, including scripting and coded administration,
debugging, and Java Virtual Machine (JVM) integration with the award-winning BEA JRockit.


Scripting Tools
BEA WebLogic Server 9.0 supports interaction with online and offline servers through a scripting language based
on Jython (Java Python): WebLogic Scripting Tool (WLST). It is possible to invoke commands through a live
console, or write Jython scripts that can be run offline. Either way, WLST permits interaction with both BEA
WebLogic Server and offline configuration scripts (config.xml). Since BEA WebLogic Server 9.0 XML configuration
files are 100% schema-compliant, changes made to offline files can be validated with any XML validation tool.


MBeans
All management calls into BEA WebLogic Server are made through the Java Messaging eXtension (JMX)
implementation using Management Beans, or MBeans. The console uses MBeans as its primary means of
communicating with a running server, so the two methods are entirely compatible.


Overload Protection
BEA WebLogic Server 9.0 helps govern system load through a set of protective features collectively known as
overload protection—limiting requests to the thread pool, throttling work managers, controlling the number of
Web-based requests by setting a limit on HTTP sessions, configuring server behavior on OutOfMemory excep-
tions, and proactive management of stuck threads.


Java Platform Debugger Architecture (JPDA)
BEA WebLogic Server 9.0 continues to support the Java Platform Debugger Architecture (JPDA), allowing
developers to attach a debugger to the server to pause, observe, and edit objects during development.


BEA JRockit Integration
BEA’s Java Virtual Machine (JVM), BEA JRockit, is the fastest JVM in operation and is responsible for most of
BEA WebLogic Server’s performance records. BEA JRockit provides simplified development and top perform-
ance through highly streamlined thread management and adaptive memory management. BEA JRockit also
has features that most JVMs do not, including management APIs, a management console, a runtime analyzer,
and a memory leak detector.

The performance impact of JRockit’s efficient analytical bytecode profiling is so small that it cannot be
measured. With JRockit, it is now safe to analyze and debug applications in both production and development.

For more information on the power of BEA WebLogic Server plus JRockit, please see bea.com/jrockit.




24
BEA White Paper – BEA WebLogic Server 9.0




Domain-Wide Administration
BEA WebLogic Server domains are administered through the browser-based WebLogic Server Administration
Console. These domains are logically related groups of BEA WebLogic Server resources that are managed as a
unit. Most of the zero-downtime features of the BEA WebLogic Server 9.0 kernel also appear in the BEA
WebLogic Server Administration Console.

One instance of BEA WebLogic Server in each domain is configured as an administration server. The administration
server hosts the Administration Console; managed servers (all other servers in a cluster) host applications. In a
domain with only a single BEA WebLogic Server instance, that server functions as both administration server and
managed server.


BEA WebLogic Server Administration Console
Primary functions of the BEA WebLogic Server Administration Console include starting, stopping, and
configuring BEA WebLogic server instances and clusters; configuring BEA WebLogic Server service containers
(e.g., database connectivity, messaging, Web services); managing users, groups, roles, and other security
parameters; configuring and deploying applications; monitoring server and application performance; and
viewing server and domain log files.

BEA WebLogic Server 9.0 Administration Console has a new look and feel, because it is now designed on the
struts-based portal framework, which includes Beehive page flow UI technology. This means that the console is
itself highly configurable: portlets can be added or subtracted from the view; the console can be rebranded
with a different look and feel; portlets can be consumed by other portals; custom portlets can be added to the
console framework; and new page flows can be constructed to suit specific administrative needs.

Multi-administrator functionality has been built into the console. Administrative functions can be delegated to
specific users; it is easily partitioned for the security of different groups and users. BEA WebLogic Server 9.0
also incorporates a two-phase commit configuration strategy: any administrator wishing to make modifications
to a running system must first lock the console, signaling to all others his or her control. During edits, changes
can be reviewed and rolled back if necessary before final commit.




Figure 9:

BEA WebLogic Server 9.0
Administration Console.




                                                                                                                    25
BEA White Paper – BEA WebLogic Server 9.0




Configuration assistants: BEA WebLogic Server 9.0 Administration Console is based on Struts and page
flows, and it includes many helper tools to guide you through commonly used functionalities. Instead of clicking
from page to page to create and group new users, for example, a “configuration assistant” flow moves through
all necessary steps, masking the complexity of the operations. This configurable portal allows for construction
of custom guides for custom operations.

Production redeployment: Production redeployment enables an administrator to redeploy a new version of an
application in a BEA WebLogic Server 9.0 production environment without stopping the deployed application
or otherwise interrupting the application's availability to clients. Production redeployment works by deploying a
new version of an updated application alongside an older version of the same application. BEA WebLogic
Server 9.0 automatically manages client connections so that only new client requests are directed to the new
version. Clients already connected to the application during the redeployment continue to use the older, retiring
version of the application until they complete their work.

Security policy management: BEA WebLogic Server 9.0 offers control over user, group, and role configura-
tion, with a new set of policy predicates including time, session, and request attributes that protect applications
more effectively. In addition, the Security Service Provider Interface (SSPI) allows creation of custom security
providers or integration with all major third-party security frameworks.


System Health Monitoring
BEA WebLogic Server 9.0 offers a unified diagnostic framework spanning the entire BEA WebLogic Platform:
the BEA WebLogic Diagnostic Framework. It has been embedded into each BEA WebLogic Server 9.0
container, creating the ability to instrument application and BEA WebLogic Server classes to diagnose
application execution; to set watches & notifications so that alerts are triggered when configured conditions
or thresholds are met; and to dye all inbound requests to track application processing.

The status of all BEA WebLogic Server 9.0 systems can be seen at a glance via the WebLogic Administration
Console; because the BEA WebLogic Diagnostic Framework API is public, hooks may be written that allow
BEA WebLogic Server to monitor the health of any applications alongside that of the core BEA WebLogic
Server containers.




Figure 10:

Diagnostics monitoring in
BEA WebLogic Server 9.0
Administration Console.




26
BEA White Paper – BEA WebLogic Server 9.0




Integration with high-availability systems: BEA WebLogic Server 9.0’s internal high availability solutions relating
to messaging, session failover, clustered services, overload protection, the diagnostics framework, upgrades,
side-by-side deployment, and other services can be made to work within industry-standard frameworks. BEA
WebLogic Server partners with a variety of high-availability solution vendors, making it possible to formulate a
complete disaster recovery profile that will provide complete protection in the event of environmental failure.


Administration Console Online Help
The Administration Console includes a complete help system. It has two parts:
  • How do I...? documents procedures for tasks that can be performed using the console

  • Administration Console Reference provides reference information for each page in the Console, including
    descriptions of all attributes that can be set using the console.

The Administration Console help system is available through the console itself or online at
e-docs.bea.com/wls/docs90/ConsoleHelp/index.html.


Auditing Compliance
Today, enterprise-wide governmental initiatives such as Sarbanes-Oxley and HIPAA require organizations to
integrate auditing with transactional records. BEA WebLogic Server 9.0 offers the level of auditing control that
applications need, even in the recording of non-routine, complex, and unusual transactions. BEA WebLogic
Server 9.0 auditing provides control over business applications, making it possible to reliably record, organize,
process, and transmit critical information throughout the organization, automating internal control activities
wherever possible.

BEA WebLogic Server 9.0 helps combat common difficulties arising from compliance, including the following:
  • Systems development, implementation, maintenance, and change management through the BEA
    WebLogic Server console
  • Data conversion and system interface controls through J2EE CA adapters, XML Beans 2, and encryption
    services, as well as robust data transmission through BEA WebLogic Server 9.0 transactional controls
  • Security technologies, protocols, and administration through BEA WebLogic Server Security Service
    Provider interfaces (including pluggable Auditing Providers), and through internal security functions
    (including user blocking and IP logging
  • Integration with third-party service providers through compliance with SOA Web services and the
    BEA AquaLogic product family.

Alerting and Notification
BEA WebLogic Server 9.0 continues its long-running support for the industry-standard SNMP management
protocol with the BEA WebLogic Server SNMP agent. The WebLogic SNMP agent is a BEA WebLogic Server
subsystem that gathers WebLogic management data (managed objects), converts the data to SNMP communi-
cation modules (trap notifications), and forwards the trap notifications to third-party SNMP management systems.
The BEA WebLogic SNMP agent, supporting the SNMPv1 and SNMPv2 protocols, can also respond to direct
requests from a manager using the PDU format.




                                                                                                                    27
BEA White Paper – BEA WebLogic Server 9.0




All managed objects that BEA WebLogic Server exposes for management through SNMP are defined in the BEA
WebLogic Server Management Information Base (MIB). BEA WebLogic Server 9.0 can be configured to provide
immediate notification when a certain condition has been met. Conditions encompass all states known to the
server through the WebLogic MBeans, including all information from the WebLogic Diagnostics Framework.


Logging
In addition to runtime auditing capabilities inherent in the BEA WebLogic Server 9.0 service containers,
running documentation logs must be available. BEA WebLogic Server 9.0 subsystems use logging services to
provide information about events such as the deployment of new applications or the failure of one or more
subsystems. A server instance may also use them to communicate its status and respond to specific events.
For example, WebLogic logging services can be used to report error conditions or listen for log messages from
a specific subsystem.

Each BEA WebLogic Server instance maintains a server log. Because each BEA WebLogic Server domain can
run concurrent, multiple instances of BEA WebLogic Server, the logging services collect messages generated
on multiple server instances into a single, domain-wide message log. For more information, see Server Log
Files and Domain Log Files at e-docs.bea.com/wls/docs90/logging/logging_services.html#1177266.

You can also create a custom catalog of log messages, using WebLogic utilities to generate Java classes to be
used in application code. The log messages generated from the applications will be integrated with, and treated
in the same way, as log messages generated by the server. For more information, see Writing Messages to the
BEA WebLogic Server Log at e-docs.bea.com/wls/docs90/i18n/writing.html#1178164.

Internationalization
Created log message catalogs can be written in any language and can be accompanied by translations for
different locales. BEA WebLogic Server support for internationalization ensures that log messages are
presented in the appropriate language for the locale under which they run. For more information, see
Internationalization and Localization for BEA WebLogic Server at
e-docs.bea.com/wls/docs90/i18n/Overview.html#1014699.


Security Advisory Process
BEA also keeps security processes up to date with frequent reviews of potential vulnerabilities in the enterprise.
Vulnerability patches are fully tested and documented and are available at dev2dev.bea.com/advisories.


Migration to BEA WebLogic Server 9.0
As noted in the Enterprise Development section above, BEA WebLogic Server 9.0 offers numerous developmental
on-ramps. Compelling reasons to migrate from other application servers to BEA WebLogic Server include linear
scalability through its server clustering mechanism, a pluggable security infrastructure, and an enterprise-grade
kernel that delivers true RASP capabilities, zero downtime, and record performance. For additional information
about migrating applications to BEA WebLogic Server 9.0, see bea.com/wls.

There are many compelling reasons for current BEA WebLogic customers to upgrade to BEA WebLogic Server
9.0, including enhanced kernel performance governing all core functionality; new zero-downtime high-availability



28
BEA White Paper – BEA WebLogic Server 9.0




features; scalable administrative capabilities including embedded WLST; MAN and WAN clustering and failover;
and significantly enhanced messaging functionality and administration, including newly asynchronous store and
forward and full console message administration.

An upgrade wizard makes it easy to migrate current BEA WebLogic Server 8.1 applications onto the BEA
WebLogic Server 9.0 platform. In addition, future upgrades of BEA WebLogic Server will include synchronization
with a patch repository, maintained by BEA, to help prevent service-pack and patch-library conflicts.

For a more complete discussion of upgrades from previous BEA WebLogic Server versions to 9.0, please see
the BEA WebLogic Server Upgrade White Paper at bea.com/wls.



Conclusion
BEA WebLogic Server 9.0 is the most significant BEA application server release to date. Fully compliant with
J2EE 1.4, this release tackles the biggest challenge facing enterprise networks today: reducing overall cost of
management and operations while delivering high reliability, continuous uptime, scalability, and mission-critical
integration solutions.


What’s New: The Big Picture
BEA WebLogic Server 9.0 is fully compliant with the J2EE 1.4 specification. This release implements and
extends the latest J2EE standards—Enterprise Web services 1.1, JMS 1.1, JMX 1.2, JDBC 3.0, Connector
Architecture 1.5, EJB 2.1, and more—to deliver unparalleled quality of service across the enterprise. The
following sections summarize key innovations.


Systems Management
BEA WebLogic Server 9.0 focuses on simplifying and streamlining the day-to-day management of production
systems with minimal disruption to live production environments. A comprehensive, centralized diagnostics
service lets administrators identify and resolve issues in real time, and accommodates the integration of
third-party analytic tools. This release of BEA WebLogic Server introduces a more extensible, “portalized”
Administration Console as well as a tightly controlled, predictable process for managing changes to a domain's
configuration regardless of the configuration tool used. A new scripting tool, a simplified domain directory
structure, and modular deployment capabilities automate and facilitate application configuration and deployment.

For more information, see System Administration and Management at
e-docs.bea.com/wls/docs90/notes/new.html#1208082.


Performance and Availability
Out-of-the-box support for WAN and MAN failover address catastrophic data center failures. Overall server
performance is greatly improved, with automated server migration and provisioning of services, policy-driven
processing, self-tuning capabilities, increased overload protection, cross-cluster failover, and more.

For more information, see Server Reliability, Availability, Scalability, and Performance at
e-docs.bea.com/wls/docs90/notes/new.html#1215373.


                                                                                                                    29
BEA White Paper – BEA WebLogic Server 9.0




Enterprise Web Services
Implementing Web services in Java is now safer and more portable than ever, thanks to the Web services in
J2EE 1.1 (JSR 921). This standard increases developer flexibility and choice by providing a common run-time
environment and industry-standard support for Java annotations and Web services extensions. The BEA
WebLogic Server implementation JSR 921 lets developers respond more effectively to changing business
requirements, with true asynchronous messaging support for conversational applications, interoperability
features designed for enterprise SOA, and improved XML processing. Developers can leverage BEA WebLogic
Web services to rapidly create, deploy, and adapt secure and fully interoperable enterprise Web services.

For more information, see J2EE Standard Web Services at
e-docs.bea.com/wls/docs90/notes/new.html#1205868.


Enterprise-Ready Messaging Infrastructure
BEA WebLogic Server 9.0 implements cross-domain communication, bi-directional transactions from enterprise
information systems, automatic destination migration for high availability, message store and forward for
improved reliability, and tightly controlled order of message delivery. In addition, this release improves manage-
ment and performance of enterprise and messaging-intensive applications.

For more information, see the following:
     • Java Message Service (JMS) e-docs.bea.com/wls/docs90/notes/new.html#1206087

     • Resource Adapters e-docs.bea.com/wls/docs90/notes/new.html#1206337

     • e-docs.bea.com/wls/docs90/ (all documentation)

     • e-docs.bea.com/wls/docs90/notes/index.html (every detail of BEA WebLogic Server 9.0).




Resources
Documentation
     • BEA WebLogic Server 9.0 documentation: e-docs.bea.com/wls/docs90/index.html

     • BEA WebLogic Platform product information: bea.com/weblogic

     • BEA AquaLogic product family: bea.com/aqualogic

     • BEA AquaLogic Service Bus documents: e-docs.bea.com/alsb/docs20/index.html.



Dev2Dev and Arc2Arc
BEA’s active developer-to-developer community, at dev2dev.bea.com, has spawned an architect community,
at dev2dev.bea.com/role/architect.


Supported Standards
For a complete list of BEA WebLogic Server 9.0 supported standards, please see
e-docs.bea.com/wls/docs90/notes/new.html#standards.




30
BEA White Paper – BEA WebLogic Server 9.0




About BEA
BEA Systems, Inc. (NASDAQ: BEAS) is a world leader in enterprise infrastructure software, providing standards-
based platforms to accelerate the secure flow of information and services. BEA product lines—WebLogic®, Tuxedo®,
and the new AquaLogic™ family of Service Infrastructure—help customers reduce IT complexity and successfully
deploy Service-Oriented Architectures to improve business agility and efficiency. For more information please visit
bea.com.




                                                                                                                      31
BEA Systems, Inc.

2315 North First Street
San Jose, CA 95131
+1.800.817.4232
+1.408.570.8000

bea.com                   CWP1005E0905-1A

								
To top