SOUG 2

Weblogic at CERN now and in the future

13.05.2014

Swiss Oracle User Group

Artur WiecekInfrastructure and Middleware ServicesCERN IT Department

SOUG 3

Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION

13.05.2014

Accelerating Science and Innovation

The Mission of CERN

Push back the frontiers of knowledgeE.g. the secrets of the Big Bang …what was the matter like within the first moments of the Universe’s existence?

Develop new technologies for accelerators and detectorsInformation technology - the Web and the GRIDMedicine - diagnosis and therapy

Train scientists and engineers of tomorrow

Unite people from different countries and cultures

6

CERN was founded 1954: 12 European States “Science for Peace”

Today: 21 Member States

Member States: Austria, Belgium, Bulgaria, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Israel, Italy, the Netherlands, Norway, Poland, Portugal, Slovakia, Spain, Sweden, Switzerland and the United Kingdom

Candidate for Accession: Romania

Associate Member in Pre-Stage to Membership: Serbia

Applicant States for Membership or Associate Membership:Brazil, Cyprus, Pakistan, Russia, Slovenia, Turkey, Ukraine

Observers to Council: India, Japan, Russia, Turkey, United States of America; European Commission and UNESCO

~ 2300 staff ~ 1600 other paid personnel ~ 10500 users Budget (2014) ~1000 MCHF

Science is getting more and more global

SOUG 8

Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION

13.05.2014

CERN IT culture• Specific factors

• Research/creative environment• Technology fashion

Role• Mission

• Provide best possible/cost effective environment for deployment of JEE applications

• Focus• Architecture• Availability

IT as Service

Physical infrastructure (HW)Delivers: installed, connected, tested hardware

Internal customers only

IAASDelivers: configured VMs/physical CPU, storage

Internal & external customers

PAASDelivers: platform services

Internal & external customers

Special infrastructure

(for e.g. Oracle)

Special HW

SAASDelivers: complex services,

Internal & external customers

Meta-service (?)(may be just a SAAS)

Manage horizontally to ensure can remove

special needs eventually

Standard model: where we want to be

Databasesjee

Service infrastructure

Storage infrastructure

DB/Java on demand

App servers

Agile infrastructure • Virtualisation everywhere• OpenStack -> target 100000s• Hyper-V, OVM 2.2 -> phasing out• KVM is in place, OVM3.3 is in beta….

SOUG 13

Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION

13.05.2014

Java app servers@CERN• 2 platforms:

• Tomcat (Java Public Service - JPS) (6 years)• Weblogic

• Areas:• Business Side/Administration• Engineering• Accelerator (ADF)

• Middleware products (forms, reports)• APEX

WLS Deployment 1/2• Started 4 years ago• RHES 5.x, 6.x, Apache 2.2• Kerberos/SSH node manager• CERN CC managed with Puppet• Everything is RPM.

Java app servers@CERN• 2 platforms:

• Tomcat (Java Public Service - JPS) (6 years)• Weblogic

• Areas:• Business Side/Administration• Engineering• Accelerator (ADF)

• Middleware products (forms, reports)• APEX

WLS Deployment 2/2• Weblogic 12.1.1/ Jrockit• All customisations in WLST scripts / LDAP• Fully certified stack (constantly updated,

PSU/CPU)• 200 clusters, 2 people

SOUG 18

Provisioning

13.05.2014

LDAP CONFIGURATION

SERVER

ADMIN SERVER

PUPPET AGENT

WLST SCRIPTS

MANAGED SERVERPUPPET AGENT

WLST SCRIPTS

MANAGED SERVERPUPPET AGENT

WLST SCRIPTS

SOUG 19

ADMIN SERVERS

Application Deployment

13.05.2014

WLS CLUSTER-

11

SSH WLS SSH GATEWAY

WLS CLUSTER-

21

WLS CLUSTER-

31

DOMAINADMIN-1

DOMAINADMIN-N

SOUG 20

Typical WLS Cluster

13.05.2014

HTTPDWLS

CLUSTER

DB appRDBMS

SSO

LDAP (AD)

SAML2(ADFS)

DNS MOD_WLS

SOUG 21

Patching

13.05.2014

WLS SERVER 1

RPM REPOSITORY

BUILD SERVER

BASE WLS INSTALLATION

APPLY ALL PATCHES

BUILD RPM

WLS SERVER 2

WLS SERVER 3

Monitoring• EM 12c

• Huge progress compare to 11g• 1 agent per domain• Driven by emcli• Issues:

• status• historical data

• Wily Introscope

Major upgrades• iAS 10.3.5 - OC4J gone

• 11g -> 12c migration• Weblogic 12.1.1 everywhere• Worked fine

CERN SSO

24

SSO

25

• It works! Some figures: ~31000 “signins” per day ~5000 “signouts”

• The hard work: Workaround the SAML2 & WLS constraints Fit the requirements of the legacy systems

• WLS does not provide the SLO: CERN saml2slo OpenSource (coming soon, hopefully) Very complicated to put in place/automate

SAML2 Issues• %20 spaces – wlsproxy servlet• Single security per domain• RDBMS Security Store• Fixed context /saml2• Artefact binding blocked

Issues and Concerns• Deployment

• app-1 app-2 after redeployment• Broken apps can break admin server & the

whole domain (XML parsers)• Developers

• Admin server vs. WLST, not always coherent• New WLS installer based on universal

installer – scary prospect.

SOUG 28

Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION

13.05.2014

SOUG 29

Java Services today…

Scope• Java EE

was(J2EE) Clients• AIS• EDMS• CS• ACC• J2EEPS

Deployment• Private• Public• 400 applications• 70 servers

Technologies• Weblogic• iAS (OC4J)• Tomcat• RHEL/SLC

Staff• 2 FTE

13.05.2014

SOUG 30

Java Services today…

REQUESTS

CAPACITY

13.05.2014

SOUG 31

One Platform to Rule Them All

Experience

DB in Demand

Technologies•Openstack

•Puppet•SSO

•IAS->Weblogic

Common Setup

For all clients

… and in the future.

13.05.2014

SOUG 3213.05.2014

Java Platform as a Service• On-Demand Provisioning• Self Management & Configuration• Scalability• Security (Systems, Data, SSO)• Improved redundancy• Higher productivity

SOUG 33Agile Infrastructure

SOUG 33

Java PaaS Services Stack

Website

Website

Java Java Java

App App

SSO

DB

Storage

Monitoring

DNS

Management

Web Services

Deployement

App App

13.05.2014

SOUG 34

Java PaaS Infrastructure• Support for any host

• Openstack VMs• Physical Servers and Virtual Machines

• Machine Pools• System configuration managed by Puppet• Multiple Java technologies

• Apache Tomcat • Oracle Weblogic• Designed to provide other Java environments

like JBoss, Glassfish, etc…

13.05.2014

SOUG 35

Java PaaS User Experience• More control for the users

• Self selection of Software type and versions• Self allocation of resources• Configuration management (Runtime properties,

logging properties, server-side libraries…)• SSO Management (ADFS Groups,

External/lightweight accounts, …)• Applications & configuration versioning• Management of Administrators and Authors

13.05.2014

SOUG 36

Java PaaS Architecture

Java MWDB

Java MWManager

Create Jobs

DaemonRead Jobs

ServicesRepository

Register services

ManagedHostManaged

HostManagedHostManaged

Host

ManagedHostManaged

HostManagedHostManaged

HostProvisioning & Management

tools

Dispatch Jobs

ManagedHostManaged

Host

DeployConfigureOperate

CERN Web

Services

CERN SSO

Register website

Admins

Users

DNSLB

Configure

ConfigureOperate

13.05.2014

SOUG 37

Front - End

● Java Web Application● User Interface: ZK Framework

– Java + Jquery + MVC– IT-DB standard

● Data Access: Hibernate– Object Relational Mapping– Easy to use

● Notifications: REST (Jersey)– Simple, easy

● Orchestration: Quartz13.05.2014

SOUG 38

Back – End

● On Demand Daemon● It looks for pending jobs● jobs & parameters → Execute Command

● It Works!

● Service Configuration Repository (LDAP)● Container, virtual host, mount points...● CReate Update Delete (CRUD API)

● Common actions across cloud:● Start/stop/deploy/undeploy● Apache configuration (mod_jk, shibboleth management

13.05.2014

SOUG 39

The Result

● Prototype is working● https://mysite01.web.cern.ch/mysite01

● Registration in the CERN Web Services● Apache Front End configuration● Creation of the default container● Deployment of the sample application

13.05.2014

SOUG 40

Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION

13.05.2014

Weblogic Challanges• WLS Swiss army knife for JEE• New remote data centre• Change deployment model• Do something with Admin server• So far so good but

• Oracle, please, don’t mess it up• Developer productivity• Keep it simple <-> Fusion?

SOUG 42

Java Platform

• Problem:• Growing demand/Limited resources

• Answer:• OnDemand model• One platform

• What made it possible?• Agile Infrastructure• Java technologies• Integration with IT services

13.05.2014

SOUG 43

Thank You

13.05.2014