Vous êtes sur la page 1sur 612

V5.

cover

Front cover

IBM WebSphere Application Server V7 Administration on Windows


(Course code WA370 / VA370)

Instructor Exercises Guide


ERC 1.0

WebSphere Education

Instructor Exercises Guide

Trademarks
IBM is a registered trademark of International Business Machines Corporation. The following are trademarks of International Business Machines Corporation in the United States, or other countries, or both: AIX Cloudscape developerWorks Express Informix OS/400 Rational z/OS Balance DataPower Domino HACMP iSeries Passport Advantage Tivoli zSeries CICS DB2 e-business on demand IMS Lotus RACF WebSphere 400

VMware and the VMware boxes logo and design, Virtual SMP and VMotion are registered trademarks or trademarks (the Marks) of VMware, Inc. in the United States and/or other jurisdictions. Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in the United States, and/or other countries. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT and Windows Vista are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others.

April 2009 edition


The information contained in this document has not been submitted to any formal IBM test and is distributed on an as is basis without any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer responsibility and depends on the customers ability to evaluate and integrate them into the customers operational environment. While each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.

Copyright International Business Machines Corporation 2009. All rights reserved. This document may not be reproduced in whole or in part without the prior written permission of IBM. Note to U.S. Government Users Documentation related to restricted rights Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.

V5.3
Instructor Exercises Guide

TOC

Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Instructor exercises overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Exercises configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Exercises description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Exercise 1. Installing WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . 1-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-63 Exercise 2. Installing IBM HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22 Exercise 3. WebSphere Information Center installation (optional) . . . . . . . . . . . . 3-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Exercise 4. Exploring the WebSphere Application Server administrative console 4-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 Exercise 5. Assembling an application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35 Exercise 6. Installing an application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-35 Exercise 7. Problem determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Part 1: Working with log files of the application server . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Part 2: Using the Log Analyzer for viewing service and JVM logs . . . . . . . . . . . . . . . . 7-9 Part 3: Enabling tracing on an application server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19 Part 4: Work with the Guided Troubleshooting component of IBM Support Assistant 7-24 Part 5: Work with a collector in the IBM Support Assistant. . . . . . . . . . . . . . . . . . . . . 7-33 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-43 Appendix: Installing the IBM Support Assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-44 Exercise 8. Using wsadmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-69

Copyright IBM Corp. 2009


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Contents

iii

Instructor Exercises Guide

Exercise 9. Creating a federated cell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-57 Exercise 10. Clustering and workload management . . . . . . . . . . . . . . . . . . . . . . . .10-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Exercise 11. Configuring the service integration bus . . . . . . . . . . . . . . . . . . . . . . .11-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Part 1: Applications used in this exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Part 2: The messaging environment created in the exercise . . . . . . . . . . . . . . . . . . . 11-4 Part 3: Setting up the service integration bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6 Part 4: Configuring the JMS resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23 Part 5: Installing the messaging applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27 Part 6: Testing the applications and exploring messaging engine policies . . . . . . . . 11-33 Part 7: (Optional) Configure the scalability messaging engine policy . . . . . . . . . . . . 11-45 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-56 Exercise 12. Configuring WebSphere security, including fine-grained administrative access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-17 Exercise 13. Configuring application security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-21 Exercise 14. Configuring SSL for WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-33 Exercise 15. Auditing (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-26 Exercise 16. Using the performance monitoring tools . . . . . . . . . . . . . . . . . . . . . .16-1 Exercise instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4 Exercise review and wrap-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-18

iv

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.3
Instructor Exercises Guide

TMK

Trademarks
The reader should recognize that the following terms, which appear in the content of this training document, are official trademarks of IBM or other companies: IBM is a registered trademark of International Business Machines Corporation. The following are trademarks of International Business Machines Corporation in the United States, or other countries, or both: AIX Cloudscape developerWorks Express Informix OS/400 Rational z/OS Balance DataPower Domino HACMP iSeries Passport Advantage Tivoli zSeries CICS DB2 e-business on demand IMS Lotus RACF WebSphere 400

VMware and the VMware boxes logo and design, Virtual SMP and VMotion are registered trademarks or trademarks (the Marks) of VMware, Inc. in the United States and/or other jurisdictions. Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in the United States, and/or other countries. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT and Windows Vista are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others.

Copyright IBM Corp. 2009


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Trademarks

Instructor Exercises Guide

vi

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.3
Instructor Exercises Guide

pref

Instructor exercises overview


The objectives of the exercises are for the students to successfully: Install WebSphere Application Server Create an initial profile Back up the configuration Explore the installed directory structure and files Locate important configuration and log files Verify the installation Install IBM HTTP Server Verify and test the installation Examine the installed directories and files Map the default application to use the Web server Regenerate the plug-in configuration file Install the WebSphere Information Center Navigate from the Welcome page Search for a topic in the Help Center Ensure that the WebSphere Application Server is started Launch the administrative console Explore the navigation and functions of the administrative console Use the administrative console to examine configuration information, resources, and properties Navigate the assembly and deploy tool Import and examine enterprise application components Define the following application scoped resources: -Data source -Authentication alias Export an enhanced EAR file that is ready for deployment Install an application using the administrative console Test the application using a Web browser Use the administrative console to view log data Find and view log files
Copyright IBM Corp. 2009 Instructor exercises overview
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

vii

Instructor Exercises Guide

Enable tracing on an application server Use memory leak and hang detection tools Use the IBM Support Assistant Use wsadmin and scripts to execute administrative commands Create a simple script using Jython Use the Jython editor and debugger Examine wsadmin settings Create a deployment manager profile Back up the deployment manager configuration Use the deployment manager administrative console Federate a node into the deployment manager cell Create an additional custom profile Create an unmanaged Web server node Start and stop the Web server by using the console Map an application to the Web server Create a cluster and add cluster members Map modules to clusters and Web servers Test load balancing and failover between two cluster members Configure a data replication domain for session management Configure the service integration bus, the messaging engine, and different bus destinations in WebSphere Application Server Configure JMS queues and activation specifications for message-driven beans Install and test the messaging features in the Trade Processor application Enable WebSphere security Configure administrative security (that is, access to administrative functions) Configure fine-grained administrative security Explore the SSL settings for WebSphere Application Server Configure a Web server to use SSL (optional) Generate a security report Create an audit user ID
viii WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.3
Instructor Exercises Guide

pref

Configure and enable WebSphere security auditing View the audit logs Use the integrated performance viewer within the administrative console Configure data collection levels on application resources Monitor the data collected by the performance instrumentation All the exercises depend on the previous exercises being successfully completed.

Copyright IBM Corp. 2009

Instructor exercises overview


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

ix

Instructor Exercises Guide

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.3
Instructor Exercises Guide

pref

Exercises configuration
In the lab each student has his or her own system and students work independently.

Copyright IBM Corp. 2009

Exercises configuration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

xi

Instructor Exercises Guide

xii

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.3
Instructor Exercises Guide

pref

Exercises description
This course includes the following exercises: Exercise 1. Installing WebSphere Application Server Exercise 2. Installing IBM HTTP Server Exercise 3. WebSphere Information Center installation (optional) Exercise 4. Exploring the WebSphere Application Server administrative console Exercise 5. Assembling an application Exercise 6. Installing the Trade application Exercise 7. Problem determination (optional) Exercise 8. Using wsadmin Exercise 9. Creating a federated cell Exercise 10. Clustering and workload management Exercise 11. Configuring the service integration bus Exercise 12. Enabling WebSphere administrative security, including fine-grained administrative access Exercise 13. Configuring application security Exercise 14. Configuring SSL for WebSphere Exercise 15. Auditing (optional) Exercise 16. Using the performance monitoring tools (optional) In the exercise instructions you will see each step prefixed by a line. You may wish to check off each step as you complete it to keep track of your progress. Most exercises include required sections which should always be completed. These may be required before performing later exercises. Some exercises may also include optional sections that you may wish to perform if you have sufficient time and want an additional challenge. This course includes two versions of the course exercises, with hints and without hints. The standard Exercise instructions section provides high-level instructions for the tasks you should perform. You need to apply the knowledge you gained in the unit presentation to perform the exercise. The Exercise instructions with hints provide more detailed instructions and hints to help you perform the exercise steps.
Copyright IBM Corp. 2009 Exercises description
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

xiii

Instructor Exercises Guide

xiv

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 1.Installing WebSphere Application Server


Estimated time
00:30

What this exercise is about


In this exercise, you will install WebSphere Application Server Network Deployment V7. In V7, the installation of WebSphere Application Server Network Deployment is a two-step process. The first step uses the installation wizard to install a set of shared product binaries. The second step uses the Profile Management Tool to create an application server profile. After installation, you test the product to ensure the WebSphere Application Server was installed successfully. You also create an application server profile, profile1.

What you should be able to do


At the end of the lab, you should be able to: Install WebSphere Application Server Create an initial profile Back up the configuration Explore the installed directory structure and files Locate important configuration and log files Verify the installation

Introduction
In this exercise you install WebSphere Application Server Network Deployment V7. WebSphere Application Server relies on TCP/IP networking, so you must have TCP/IP correctly configured, and it is important that the machine host name remains unchanged.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-1

Instructor Exercises Guide

The lab machine should be configured appropriately. Make sure you know the host name of the machine because you need it in the exercises. A Windows administrator user ID has been created for you. You should use this ID to log in to Windows and to configure services and database access.

User ID: administrator Password: web1sphere Note: Microsoft Windows passwords are case-sensitive. Linux A Linux administrator user ID has been created for you. You should use this ID to log in to Linux. User ID: root Password: web1sphere

Table 1: Exercise user ID and password variables <variable> Value administrator (Windows) <os_userid> root (Linux) <was_userid> wasadmin <master_password> web1sphere <db2_userid> db2admin (Windows) db2inst1 (Linux) web1sphere (Windows) <db2_password> was1edu (Linux) Information The exercise screen captures are Windows-centric; however, the majority of the instructions are applicable across all WebSphere-compatible platforms. There will be references in places to added appendixes noted by the [Appendix] marker. Refer to your platforms appendix for appropriate information. The standard classroom lab computers have a host name of was7hostXX (where XX is 01, 02, and so forth). If you are performing the labs on a computer with a different host name, substitute that name where appropriate.

1-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Open a command-prompt window and use the hostname command to determine the host name.

On Windows, most paths are listed as appropriate variables. When a <variable> is found, use the table below to determine the correct value for this variable. Table 2: Windows exercise variables <variable> Value <os_userid> administrator <was_userid> wasadmin <master_password> web1sphere <db2_userid> db2admin <db2_password> web1sphere <software_dir> C:\software <software_cds> C:\software_cds <was_root> C:\Program Files\IBM\WebSphere\AppServer <profile_root> C:\Program Files\IBM\WebSphere\AppServer\profiles <ihs_root> C:\Program Files\IBM\HTTPServer <plugin_root> C:\Program Files\IBM\HTTPServer\Plugins <db2_root> C:\Program Files\IBM\SQLLIB

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-3

Instructor Exercises Guide

Linux On Linux, most paths are listed as appropriate variables. When a <variable> is found, use the table below to determine the correct value for this variable. Table 3: Linux exercise variables <variable> Value <os_userid> root <was_userid> wasadmin <master_password> web1sphere <db2_userid> db2admin <db2_password> was1edu <software_dir> /usr/software <software_cds> /usr/software_cds <was_root> /opt/IBM/WebSphere/AppServer <profile_root> /opt/IBM/WebSphere/AppServer/profiles <ihs_root> /opt/IBM/HTTPServer <plugin_root> /opt/IBM/HTTPServer/Plugins <db2_root> /opt/ibm/db2/V9.5

Instructor exercise overview


In this exercise the students learn how to install WebSphere Application Server Network Deployment Version 7. The first step is to log in to Windows, using the user ID administrator, and password web1sphere This ID should have administrator group membership. If you are on a UNIX system, the user ID is root and the password is web1sphere The students then install WebSphere Application Server V7. The WebSphere Application Server V7 product installation files have already been downloaded and extracted onto each students machine, in directory: <software_cds>\WAS7. This is the directory where the students start their WebSphere Application Server installation process. The students need to select the node name and their host name during installation. In the labs you use the convention was7hostXX (where XX is 01, 02, and so on). If your machines have a different convention, remind students to use the correct names. Verify that machines can connect to each other using those names. The Linux image may not appear to meet the system prerequisites. Instead, the user is prompted with two options: Click Cancel to stop the installation and to install a supported
1-4 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

operating system or Click Next to continue the installation. Students should click Next and continue with the installation. Installation will complete successfully. After installation, the students learn to start the WebSphere Application Server server using command line tools and use the installation verification test and the snoop servlet to test the application server installation. The instructor should become familiar with the different product components and what they do. Also the instructor should be familiar with the tools such as the administrative console. Students are sure to discover and have questions beyond the scope of this lab. After Exercise 1, WebSphere Application Server Network Deployment will have been installed and a profile, profile1, will be created. Information Make sure that the CustomizeHost program has been run on all students machines as outlined in the lab setup guide; otherwise you will have endless problems with setup, and missing tools, and utilities.

Information When creating profiles in Linux machines, the wizard does not auto-fill the actual host name information; instead, the student sees localhost. Although it is recommended that students consult the instructor if unsure, this does not always happen; and students may use host names that are not the correct value. If this happens, they will probably be able to use the administrative console and even First steps to operate on the server. However, they will be unable to issue commands from a command prompt. There is a file in the profiles config/cells/<cellname>/nodes/<nodename>/servers folder called serverindex.xml. In that file, the host name is used several times (do not be fooled that they are all at the start of the file). Edit this file, change the host names that are not correct, stop the server using the First steps tool, and then start it manually using the startServer.sh command from the profiles bin folder. Do not change the server:port references where the server is an * these will work as they are set, which explains why the First steps and the administrative console can be used. This should be done early in the class to avoid problems later. So, it is best to verify that everyone is able to issue command-line commands immediately after they create their server during the Install lab.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-5

Instructor Exercises Guide

Exercise instructions
Logging in
__ 1. When you boot up your machine, you are prompted for a user ID and password. At this prompt, enter: User ID: administrator Password: web1sphere Be sure to use lowercase, for the Windows login fields are case-sensitive. If you are already logged in, but not as administrator, then log off your current ID and log in as: administrator __ a. Press Ctrl-Alt-Delete for the Windows Security window. Note Note: If you are using a VMware image, press Ctrl-Alt-Insert instead of Ctrl-Alt-Delete.

__ b. Click the Log Off... button. Are you sure you want to log off? Click Log Off. __ c. At the login window, type administrator and web1sphere into the correct fields. Linux To log into the Linux machine, use the following: User ID: root Password: web1sphere

Install WebSphere Application Server Network Deployment V7


The WebSphere Application Server Network Deployment V7 installation files have already been downloaded and extracted into a software directory on your machine (see your platform appropriate [Appendix] for the directory path). Install the WebSphere Application Server Network Deployment V7. __ 2. Start the WebSphere Application Server Launchpad. __ a. Start Windows Explorer (right-click My Computer > Explore or right-click Start > Explore). __ b. Navigate to <software_cds>\WAS7\.
1-6 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Run (double-click) launchpad.exe. Linux In a terminal window, navigate to <software_cds>/WAS7/ and invoke ./launchpad.sh

__ 3. The Launchpad is displayed. On the Welcome panel there are links that launch the installer programs for all of the installable components. __ 4. Click Launch the installation wizard for WebSphere Application Server Network Deployment to launch the installation wizard.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-7

Instructor Exercises Guide

__ a. The Welcome panel appears. The Welcome panel identifies the location of additional information, including information centers and support sites. Click Next to continue the installation.

1-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. On the Software License Agreement panel, click I accept both the IBM and the non-IBM terms to accept the license agreement, and click Next.

__ c. The installation wizard will check system prerequisites. When the check is complete, the System Prerequisites Check panel will appear. If the check detects any incorrect prerequisites, a warning page is displayed. If the check detects an existing installation of WebSphere Application Server, you are given the opportunity to add features to the existing copy, install a new copy, or perform an upgrade of a trial installation to a full product.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-9

Instructor Exercises Guide

The lab system should meet the prerequisites and should not have any version of WebSphere Application Server already installed. Click Next to continue the installation.

Information If the lab system does not meet the prerequisites, check with your instructor before continuing with the installation.

1-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. The Optional Features Installation panel allows you to choose if you want the sample applications installed. Additionally, you may install non-English language packages for the administrative console and for the application runtime environment. For this course, in order to save disk space, do not select any options. Click Next to continue.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-11

Instructor Exercises Guide

__ e. On the following Installation Directory panel, you can change the installation directory for WebSphere Application Server. Note the default installation directory location: C:\Program Files\IBM\WebSphere\AppServer. Do not change this directory location. Click Next.

In UNIX-based systems, the directory structures will be different. Refer to the appropriate [Appendix] for the appropriate directory structures. The install wizard gives the appropriate default values for these directories.

1-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

The WebSphere Application Server Environments panel appears. From this panel you can select which type of profile to create during the installation process. For this lab, from the list of environments, select None. You will use the Profile Management Tool, at the end of the installation process, to create an application server profile. The Profile Management Tool provides greater control over the options used during profile creation. Click Next to continue.

__ g. A warning message will appear indicating that WebSphere Application Server version 7.0 requires at least one profile to be functional. Click Yes to proceed with the installation without creating a profile. You will create a profile at the end of the installation.

__ h. The Repository for Centralized Installation Managers panel appears. From this panel you can choose to create a repository for centralized installation
Copyright IBM Corp. 2009 Exercise 1. Installing WebSphere Application Server
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-13

Instructor Exercises Guide

management. Deployment managers can access and install contents from the repository to other target locations. Click the Create a repository for Centralized Installation Managers box. Make sure the Populate the repository with this installation package box is checked and accept the default directory path of the repository as: C:\Program Files\IBM\WebSphere\cimrepos. Click Next.

In UNIX-based systems, the directory structures will be different. Refer to the appropriate [Appendix] for the appropriate directory structures. The install wizard gives the appropriate default values for these directories.

1-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ i.

Review the product to be installed and summary information shown on the Installation Summary panel. Click Next to start the installation. The installation can take several minutes to complete.

There is an additional step that can be helpful on UNIX platforms. There is the possibility to check for permissions. Leave the default and click Next. When a second summary screen comes up verifying that you do in fact have the appropriate permissions, click Next again.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-15

Instructor Exercises Guide

__ 5. Following the installation, the Installation Results panel appears. A profile needs to be created in order for WebSphere Application Server to be functional. Make sure the Create a new WebSphere Application Server profile using the Profile Management Tool box is checked. Click Finish.

1-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. On the Welcome panel for the Profile Management Tool, click Launch Profile Management Tool to continue.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-17

Instructor Exercises Guide

__ b. The Profiles list panel appears. Since you did not create a profile during installation, the list is empty. To begin creating a profile, click Create.

1-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information Profiles allow you to create multiple runtime environments on a system without installing the product again by creating profiles. When using the Profile Management Tool, there are several types of profiles that can created: Application server An application server environment runs your enterprise applications. An application server is managed from its own administrative console and functions independently from all other application servers. A new instance of a stand-alone node with a single application server is created. Stand-alone nodes have only one application server. Management A management profile provides the server and services for managing multiple application server environments. The administrative agent manages application servers on the same machine. The Network Deployment edition also includes a deployment manager for tightly coupled management and a job manager for loosely coupled management of topologies distributed over multiple machines. Each instance of the deployment manager defines a unique cell. Custom profile A custom profile contains an empty node, which does not contain an administrative console or servers. The typical use for a custom profile is to federate its node to a deployment manager. After federating the node, use the deployment manager to create a server or a cluster of servers within the node. Cell A cell creates two profiles: a management profile with a deployment manager and an application server profile. The application server is federated to the cell of the deployment manager. Secure proxy (configuration-only) A secure proxy profile is for use with a DMZ secure proxy server. You cannot start the secure proxy server on the Network Deployment installation. This configuration-only profile is intended only to be used to configure the profile using the administrative console. After you configure the profile, you can export the profile configuration and then import it into the secure proxy profile in your DMZ.

In this exercise, create a stand-alone application server profile called profile1.


Copyright IBM Corp. 2009 Exercise 1. Installing WebSphere Application Server
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-19

Instructor Exercises Guide

__ c. Select the Application server profile option and click Next.

1-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. The Profile Creation Options panel allows you to choose a profile creation process to meet your needs. There are two options: - Typical profile creation The typical profile option creates a profile that uses default configuration settings. - Advanced profile creation Through the advanced profile creation you are allowed to specify your own values for settings or accept default values. For this lab, click Advanced profile creation, as this will allow you to specify your own values for settings. Click Next.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-21

Instructor Exercises Guide

__ e. The Optional Application Deployment panel specifies what applications should be deployed during profile creation. For this lab, you want to deploy the administrative console and the default application. Make sure both applications are checked, and click Next.

Information In most cases, the administrative console will be required (in some production environments, administrators use only wsadmin and therefore do not install the administrative console). For these labs, the default application will be used for demonstrative purposes.

1-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

On the Profile Name and Location panel, provide a unique name and location for a profile. - Change the Profile name from AppSrv01 to profile1 - Change the Profile directory from <profile_root>\Appsrv01 to <profile_root>\profile1 - Verify that Create the server using the development template is unchecked. - Click Next.

__ g. The Node and Host Names panel allows you to set the node name, server name, and host name. Default values will be filled in based on the detected host name for your server. Information The form of the host name used (short or long) is not important, as both will work. What is important is that you are consistent when creating profiles. When ensuring that port

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-23

Instructor Exercises Guide

numbers are unique, WebSphere considers was7host01 and was7host01.ibm.com to be different machines and will therefore not ensure that each has unique ports.

Windows For this course, the host name should be the machine short name (something similar to was7hostXX, where XX is a number such as 01, 02, 03). The node name will then be generated as <short name>Node01 (that is, was7hostXXNode01). Open a command-prompt window and use the hostname command to determine the host name. Check with your instructor if you are unsure what the correct names should be.

On UNIX systems, the host name may be the long name (was7host01.ibm.com). Accept whatever the default is. Make sure that you are consistent in later exercises.
Ma

Ensure that the Node name and Host name are correct (they should be based on the short form of the host name and not localhost for example, was7host01Node01). For

1-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Server name, keep the default name (short name for Windows and long name on UNIX). Click Next.

__ h. The Administrative Security panel specifies whether to use initial administrative security. If selected, this panel specifies an initial administrative user ID and password to be used for activities such as console access. - Ensure that Enable administrative security is checked. - For User name, enter: wasadmin - For Password, enter: web1sphere - For Confirm password, enter: web1sphere

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-25

Instructor Exercises Guide

- Click Next to continue.

Information A feature in WebSphere Application Server V7 includes the ability to turn on administrative security during the creation of a profile. This requires the generation of a simple file-based registry.

1-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ i.

On the Security Certificate (Part 1) window, select Create a new default personal certificate and click Next.

Note The Issued to distinguished name and the Issued by distinguished name on the Security Certificate (Part 2) panel will have a common name (cn) that is one of the following values: IP address such as 192.168.192.128 Fully qualified domain name (FQDN) such as was7host01.localdomain or was7host01.ibm.com

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-27

Instructor Exercises Guide

__ j.

On the Security Certificate (Part 2) panel, accept the defaults. Click Next.

1-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ k. The Port Values Assignment panel provides the ability to specify which ports are to be used by the application server. Accept the defaults and click Next.

Information The Profile Management Tool makes an effort to ensure that unique and unused ports are recommended. But there are times when the administrator might need to manually set appropriate ports. Ports can also be reset after profile creation.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-29

Instructor Exercises Guide

__ l.

The Windows Service Definition panel appears next. This panel allows you to choose a Windows service to run the application server. For this lab, the application server will not be run as a Window service. - Deselect the Run the application server process as a Windows service box. - Click Next.

Linux There is a similar panel for the Linux install, which offers to run the application server process as a Linux service. Accept the default to not run as a service, and click Next.

1-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ m. The Web Server Definition panel appears next. This panel allows you to choose to create a Web server definition within the cell or application server. For this lab, the Web server will be added as a separate set. - Ensure the Create a Web server definition box is not checked. - Click Next.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-31

Instructor Exercises Guide

__ n. The Profile Creation Summary panel should be reviewed to verify the configuration values that will be used to create the profile. To create the profile, click Create.

Creating the profile will take several minutes to complete.

1-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ o. Once the profile creation successfully completes, the Profile Creation Complete panel appears. Ensure that the Launch the First steps console box is checked, and click Finish.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-33

Instructor Exercises Guide

__ p. The new profile will be shown in the profiles list. Close the Profile Management Tool. Click File, and then click Exit.

Using the First steps console


The First steps console allows you to access the WebSphere Information Center (at the IBM Web site), start or stop the server, and launch various tools. You can also migrate previous WebSphere Application Server versions to WebSphere Application Server V7. The First steps console that appears is associated with the application server profile, profile1, which was just created. Each profile has its own First steps console.

1-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 1. To confirm that your server is installed and that it can start properly, click Installation verification from the First steps console.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-35

Instructor Exercises Guide

__ a. The installation verification test tool runs and displays messages to indicate the verification status. Use the scroll bar to view all messages. At the bottom of the message list, you should see the messages: IVTL0070I: The installation Verification Tool verification succeeded. IVTL0080I: The installation verification is complete.

__ b. Close the First steps output - Installation verification output window.

1-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. From the First steps console click Administrative console. The administrative console will be launched for profile1. __ d. A certificate error window will appear. Click Continue to this website (not recommended) to continue to the administrative console login window.

Information Depending on the operating system and browser you are using, the security alert window or certificate error window will look slightly different. For specific instructions to correct the certificate error, see the optional section at the end of this lab. On Linux, select Accept this certificate permanently and click OK. Then click OK again to accept any additional warnings.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-37

Instructor Exercises Guide

__ e. Log in to the administrative console. - For the User ID enter: wasadmin - For the Password enter: web1sphere - Click Log in.

Information The user ID wasadmin was created during the profile creation process. It does not exist in the operating system registry or some LDAP registry, but instead exists in a file-based registry within the application server configuration. Now that the profile is completely created, the security can be reconfigured to use any desired registry.

1-38 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 2. The main page for the WebSphere administrative console appears.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-39

Instructor Exercises Guide

__ 3. Verify that the DefaultApplication has been installed and is running. __ a. Using the administrative console navigation tree, click Applications > Application Types > WebSphere enterprise applications.

The application status for the DefaultApplication should appear as a green arrow to indicate that the application is running. If you place your cursor over the arrow, a pop-up window should display Started.

1-40 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Open another browser window and type in the following URL: http://localhost:9080/snoop This executes a servlet called snoop, which comes with the DefaultApplication and brings up a page with information about the runtime environment of the server. This page provides further confirmation that the application server is operating correctly.

__ c. Close the snoop browser.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-41

Instructor Exercises Guide

__ d. Close the administrative console by clicking Logout. The administrative console will be examined more in later exercises. Close the browser.

__ 4. Exit from the First steps console. __ 5. Exit from the Launchpad and click OK, when the confirmation to close message appears.

Create a backup of profile1 using command line tools


Before continuing, create a backup of profile1 using the backupConfig command. The backupConfig command is a utility to back up the configuration of your profile to a file. You can later restore this configuration if needed. When the backupConfig command runs, it first stops the application server before creating the backup file. __ 1. Run the backupConfig command. __ a. Open a command-prompt window. __ b. Change to the <profile_root>\profile1\bin directory. __ c. Create the backup by entering the following command: backupConfig

Enter ./backupConfig.sh in the <profile_root>/profile1/bin directory.

1-42 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. As the backup process starts, you are challenged for a user ID and password.
:

- For User Identity, enter: wasadmin - For User Password, enter: web1sphere - Click OK.

Information This security challenge is due to the fact that administrative security was enabled during the creation of the profile. As such, all administrative functions, including backups, administrative console access, and wsadmin scripts, require authentication. During the rest of the labs, enter the administrative user ID and password when prompted. The lab instructions do not always indicate this step.

__ e. Once the backup has completed, a message indicating the number of files successfully backed up.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-43

Instructor Exercises Guide

Information By default, all servers on the node are stopped before the backup is made to prevent partially synchronized information from being saved. The -nostop option can be used with the backupConfig command to prevent the servers from being stopped before backing up the configuration.

__ 2. The command creates a backup file called WebSphereConfig_<date>.zip using the current date and places the compressed file in the <profile_root>\profile1\bin directory. To distinguish between multiple backups, modify the name using something more descriptive, such as the name of the profile. __ a. Copy the backup file to another directory to safe keeping. Enter the following command: copy WebSphereConfig_<YYYY-MM-DD>.zip <software_dir>\backups\backup_profile1.zip

On UNIX enter the following command: cp WebSphereConfig_<YYYY-MM-DD>.zip <software_dir>/backups/backup_profile1.zip

1-44 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information If you need to restore the configuration directory structure at a later time, you can use the restoreConfig command. You will need to specify the name of the backup file. The command restores the entire <profile_root>/<profilename>/config directory.

__ 3. Verify the application server has stopped by entering the following command: serverStatus server1

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-45

Instructor Exercises Guide

Verify the application server has stopped by entering the following command: ./serverStatus.sh server1

Information You can also run the serverStatus command with the -all option to give more details on all application servers on the node.

Explore the WebSphere Application Server directory structure


Now that WebSphere Application Server is installed, look through the directory structure and review what you installed. __ 1. Explore the WebSphere Application Server profile1 directory. __ a. Using Windows Explorer, navigate to the directory <profile_root>\profile1. __ 2. Review the subdirectories and their contents: bin programs, scripts, and DLLs config configuration files configuration configuration settings consolepreferences etc dummy key ring, keytab files, plug-in keys firststeps firststeps utility installableApps applications that may be installed installedApps applications installed in WebSphere Application Server installedConnectors installed resource adapters installedFilters logs trace and log files properties configuration property files used by WebSphere temp temporary area for files created during JSP processing tranlog wstemp temporary area for events

Check installation log files


A number of log files are created during the installation and profile creation process. It is useful to check these files to verify that the installation completed successfully.

1-46 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 1. Change to the logs directory under the WebSphere Application Server installation directory. __ a. Using WordPad, open log.txt located in the directory <was_root>\logs\install. This file records installation status messages.

On UNIX platforms, use an appropriate text editor instead of WordPad or Notepad. Depending on your specific installation, some possibilities include gedit, vi, or emacs.

__ 2. Change to the manageprofiles directory under the WebSphere Application Server logs directory. __ a. Using WordPad, open profile1_create.log in the directory <was_root>\logs\manageprofiles. This log records creation events that occurred when creating the profile, profile1. __ b. Look for the log message INSTCONFSUCCESS: Success: Profile profile1 now exits. to verify that profile1 was created successfully.

__ 3. Change to the logs directory under the WebSphere Application Server profile, profile1, installation directory. __ a. Navigate to the directory <profile_root>\profile1\logs. __ b. Using WordPad, open backupConfig.log. This log records events that occur when creating a backup of the configuration directory structure. __ c. Using WordPad, open ivtClient.log. This logs results from the installation verification command.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-47

Instructor Exercises Guide

__ d. Using WordPad, open AboutThisProfile.txt. This file logs information about the profile, including the <profile_root>, the profile name, the node and host names, and a number of the ports with which the profile was configured.

1-48 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Start the WebSphere Application Server


Verify the installation by starting the WebSphere Application Server in profile1 and looking at the log files. __ 1. The log file, startServer.log, records the startup messages from the server. This log file is located in the WebSphere Application Server profile1 installation directory <profile_root>\profile1\logs\server1. __ a. Navigate to the directory <profile_root>\profile1\logs\server1. __ b. Open startServer.log using WordPad and examine the contents of the file.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-49

Instructor Exercises Guide

Information A tail utility can also be very helpful when looking at log files (tail is not part of the standard Windows distribution). The tail utility makes it easier to monitor what is being actively written to a text-based log file. The tail utility can be obtained from: http://sources.redhat.com/cygwin/ __ 2. Enter: tail startServer.log This command will show the last few lines of the file startServer.log, where you will see the startup messages from the server. You can also use tail -f startServer.log which will continuously update your panel when new messages are added to the file. __ 3. To exit the tail utility, press Ctrl-C. This approach is more convenient than using a text editor; as text editors only show the messages written to the file at a point in time, whereas the tail -f command displays the file contents continuously as new entries are added.
.

__ 4. Delete all the log files in the directory <profile_root>\profile1\logs\server1. When the server is started, new log files will be created. This step ensures that new log files will be produced. __ 5. If it is not already started, start the WebSphere Application Server in profile1. __ a. In a command window, change to the <profile_root>\profile1\bin directory and enter the command: startServer server1

1-50 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty Enter the following command: ./startServer.sh server1

__ b. Verify the application server has started by entering the following command: serverStatus server1 -username wasadmin -password web1sphere

Enter the following command: ./serverStatus.sh server1 -username wasadmin -password web1sphere

Information You can also run the serverStatus command with the -all option to provide more details on all application servers on the node.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-51

Instructor Exercises Guide

__ 6. After successful startup of the server, review the startServer.log file for successful start messages. __ a. Using Windows Explorer, navigate to the directory <profile_root>\profile1\logs\server1. __ b. Open startServer.log using WordPad and examine the contents of the file. Look for the message Server server1 open for e-business, which indicates the server is ready. __ 7. Open the SystemErr.log file using Notepad. This log contains the standard output from the Java virtual machine (JVM) running the application server. This file will have numerous messages, but should not include any error messages if the server has started correctly. __ 8. Open the SystemOut.log file using Notepad. This log contains the standard output from the Java virtual machine (JVM) running the application server. This file will contain more detailed messages, indicating the steps performed during startup of the server. Steps documented in the log include security initialization, messaging initialization, registering resources in the JNDI namespace, EJB initialization, Web module initialization, and HTTP transport initialization. The log also contains messages from application System.out print line code. Information You may want to refer to the messages in the SystemOut.log or SystemErr.log again as you use the server and perform more functions. It might be a good idea to keep a tail -f on these files for the duration of the labs.

1-52 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 9. Stop the WebSphere Application Server, profile1. You can provide the user name and password on the command line or through the dialog box when prompted. __ a. In a command window, change to the <profile_root>\profile1\bin directory and enter the command: stopServer server1

Enter the following command: ./stopServer.sh server1

__ b. Verify the application server has stopped by entering the following command: serverStatus server1

Enter the following command: ./serverStatus.sh server1 -username wasadmin -password web1sphere

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-53

Instructor Exercises Guide

Correct the Web site security certificate error (optional)


When you first open the administrative console following installation, you may receive a Web site security certificate error window. You can simply select the option to continue to the Web site. However, to prevent an error window from appearing each time you access the administrative console, you can install the Web site certificate. The following steps will guide you through the process of correcting the Web site security certificate error for Internet Explorer V7.

If you are running on a UNIX operating system, there may be similar issues depending on the browser being used. Feel free to skip the rest of this lab or attempt to resolve the issues on your environment.

__ 1. If you have not already done so, click Continue to this website (not recommended) from the Web site security certificate error window.

1-54 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 2. The URL is shown in red, indicating a security certificate error. From the browser window, click Certificate Error.

__ 3. The Certificate Invalid window is shown, indicating that the security certificate presented by the Web site has errors. Click View certificates, to begin the process to correct the error.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-55

Instructor Exercises Guide

__ 4. The Certificate window appears. The certificate information indicates that the CA root certificate cannot be verified up to a trusted certification authority. Click the Certification Path tab to view.

Note The Issued to and the Issued by certificate information will be one of the following values: IP address such as 192.168.192.128 Fully qualified domain name (FQDN) such as was7host01.localdomain

1-56 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 5. From the Certification path, select the certificate that is in error. It will appear with a red error icon. Click View Certificate.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-57

Instructor Exercises Guide

__ 6. The certificate information indicates that this CA root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store. Click Install Certificate.

1-58 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 7. The Certificate Import Wizard Welcome window appears. Click Next.

__ 8. Accept the default to automatically select the certificate store based on the type of certificate. Click Next.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-59

Instructor Exercises Guide

__ 9. When the certificate import has completed, click Finish.

__ 10. The Security Warning window appears. Note the IP address or fully qualified domain name (FQDN) that is shown (the example displays an IP address): _______________________________. __ 11. Click Yes to continue the certificate installation.

1-60 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 12. A message window will appear to indicate that the import was successful. Click OK.

__ 13. Close any open certificate windows by clicking OK. __ 14. From the browser window, click Certificate Error again. __ 15. The Certificate Invalid window opens. Click View certificates. __ 16. From the General tab of the Certificate window, notice that the Certificate Information icon no longer has a red error icon associated with it.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-61

Instructor Exercises Guide

__ 17. Click the Certification Path tab. The first certificate listed in the certification path no longer has a red error icon associated with it.

__ 18. Click OK to close the Certificate window. __ 19. Once the certificate has been installed, change the URL for the administrative console using the IP address or fully qualified domain name that you noted earlier. The certificate error message should now be resolved.

End of lab

1-62 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


The first part of the exercise looked at the installation of WebSphere Application Server V7. The Profile Management Tool was also used to create an application server profile called profile1.

Copyright IBM Corp. 2009

Exercise 1. Installing WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

1-63

Instructor Exercises Guide

1-64 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 2. Installing IBM HTTP Server


Estimated time
00:30

What this exercise is about


In this lab exercise, you install the IBM HTTP Server and its plug-ins. After installation, you start the product to ensure the IBM HTTP Server was installed successfully.

What you should be able to do


At the end of the lab, you should be able to: Install IBM HTTP Server Verify and test the installation Examine the installed directories and files Map the default application to use the Web server Regenerate the plug-in configuration file

Introduction
A Windows administrator user ID has been created for you. Use this ID to log in to Windows and to configure services and database access. User ID: administrator Password: web1sphere Linux To log into the Linux machine, use the following: User ID: root Password: web1sphere

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-1

Instructor Exercises Guide

Information Microsoft Windows passwords are case-sensitive.

Instructor exercise overview


In this exercise the students learn how to install IBM HTTP Server and the WebSphere plug-ins. For the Linux image, it will not meet the system prerequisites. Instead, the user is prompted with two options: Click Cancel to stop the installation and to install a supported operating system or Click Next to continue the installation. Students should click Next and continue with the installation. The installation will complete successfully. At the end of this exercise IBM HTTP Server and the WebSphere plug-ins are installed.

2-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Install IBM HTTP Server
Install the IBM HTTP Server and its plug-ins. __ 1. Start the WebSphere Application Server Launchpad. __ a. Navigate to <software_cds>\WAS7-supplemental_1\. __ b. Double-click launchpad.exe to start the launchpad.

In a terminal window, navigate to <software_cds>/WAS7-supplemental_1/ and invoke ./launchpad.sh.

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-3

Instructor Exercises Guide

__ 2. On the Welcome panel click Launch the installation wizard for IBM HTTP Server to install IBM HTTP Server.

2-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. The Welcome to IBM HTTP Server 7.0 panel for the installation appears. Click Next.

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-5

Instructor Exercises Guide

__ b. Click I accept both the IBM and the non-IBM terms to accept the license agreement. Click Next.

2-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. The installation process checks to ensure that system prerequisites are satisfied. When the check is complete, the System Prerequisites Check panel appears. Verify that the message Passed: Your operating system completed the prerequisites check successfully. appears on the panel. Click Next.

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-7

Instructor Exercises Guide

__ d. The installation location panel appears. Note the default installation directory location, but do not change it. Click Next.

In UNIX-based systems, the directory structures will be different. Refer to the appropriate [Appendix] for the appropriate directory structures. The install wizard gives the appropriate default values for these directories.

2-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. The Port Values Assignment panel identifies the port values used by the HTTP server. Accept the default ports of 80 and 8008. Click Next.

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-9

Instructor Exercises Guide

__ f.

The Windows Service Definition panel appears. In the lab, you want to specify that the IBM HTTP Server is run as a Windows service.

This panel will not be there for UNIX systems. Continue to the next step.

- Ensure both check boxes are selected: Run IBM HTTP Server as a Window Service Run IBM HTTP Administration as a Windows Service - Ensure that Administrator is entered for User name and enter web1sphere for Password. Ensure Automatic is selected as the startup type. You may need to use the scroll bar to see Startup type. Click Next.

2-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. On the HTTP Administration Server Authentication panel, a user ID and password can be configured for the HTTP Server administration server. This ID is used later to allow the WebSphere cell to administratively control the HTTP Server. - Enter ihsadmin for the user ID. - Enter web1sphere for the passwords. - Click Next.

This next window only appears on UNIX systems. It allows you to create a local operating system user ID that will be used to own the plug-in configuration files. This helps alleviate the necessity of running the IBM HTTP Server administrative server as root. 1. Create a user ID to be used to run the IBM HTTP Server administration server.

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-11

Instructor Exercises Guide

2. Select both Setup IBM HTTP administration server to administer IBM HTTP Server and Create a unique user ID and group for IBM HTTP Server administration. Enter ihs for both the User ID and Group. Click Next.

2-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ h. The IBM HTTP Server Plug-in for IBM WebSphere Application Server panel appears next. This panel allows the WebSphere plug-in to be installed silently after the HTTP Server installation. In order to do this, the Web server definition and application server host name need to be specified. - For Web server definition, enter webserverXX (where XX represents the number used in your host name, such as 01, 02, 03). Open a command-prompt window and use the hostname command to determine the number for the host name. - For Host name accept the default. This should be in the form of was7hostXX (where XX represents the number used in your machine short name, such as 01, 02, 03). On some systems, this may also have the DNS suffix, for example, was7host01.ibm.com. - Click Next.

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-13

Instructor Exercises Guide

__ i.

The Installation summary panel appears. Review the summary for correctness. Click Next to begin the installation. The installation takes several minutes to complete.

2-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ j.

Once the installation is complete, a panel appears indicating the installation was successful. Click Finish to exit the installation wizard.

__ 3. Click Exit from the launchpad and click OK, when the confirmation to close message appears.

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-15

Instructor Exercises Guide

Web server administration server


__ 1. Start the IBM HTTP Server and the IBM HTTP administration server.

In a UNIX environment, processes have to be checked and started using terminal commands. __ a. From a command line enter: ps -ef | grep httpd __ b. If no httpd processes are running from the <ihs_root>, navigate to <ihs_root>/bin and execute: ./apachectl start __ c. Start the administrative server using the ./adminctl start command.

__ a. Click Start > Settings > Control Panel. __ b. Double-click Administrative Tools. __ c. Double-click Services. __ d. Look for the IBM HTTP Administration 7.0 and IBM HTTP Server 7.0 services.

2-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. Right-click IBM HTTP Administration 7.0 and click Start. __ f. Right-click IBM HTTP Server 7.0 and click Start.

__ g. Verify that both are running. The status for these should be Started.

__ 2. Check the status of the IBM HTTP Server using a browser. __ a. Open a browser and enter the following URL: http://localhost

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-17

Instructor Exercises Guide

__ b. If the IBM HTTP Server is up and running, the default IBM HTTP Server window will appear.

2-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Explore the IBM HTTP Server directory structure


Now that IBM HTTP Server is installed, look through the directory structure and review what you installed. __ 1. Explore the IBM HTTP Server directory. __ a. Open Windows Explorer. __ b. Navigate to the directory <ihs_root>\ __ 2. Review some of the subdirectories and their contents: bin programs, scripts, and DLLs conf configuration files logs trace, error and log files Plugins config, logs, properties, uninstall properties messages, versions

Check installation log files


A number of log files are created during the installation process. It is useful to check these files to verify that the installation completed successfully. __ 1. Change to the installation logs directory under the IBM HTTP Server installation directory. __ a. Navigate to the directory <ihs_root>\logs\install __ b. Using Notepad, open log.txt. This file records installation status messages.

On UNIX platforms, use an appropriate text editor instead of WordPad or Notepad. Depending on your specific installation, some possibilities include gedit, vi, or emacs.

__ c. Look for the log message INSTCONFSUCCESS at the end of the log to verify that the installation was successful.

__ 2. Change to the Plugins directory under the IBM HTTP Server directory. __ a. Navigate to the directory <ihs_root>\Plugins\logs\install __ b. Using Notepad, open log.txt. This log records WebSphere Application Server plug-ins installation status messages.
Copyright IBM Corp. 2009 Exercise 2. Installing IBM HTTP Server
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-19

Instructor Exercises Guide

__ c. Look for the log message INSTCONFSUCCESS to verify that the installation of the plug-ins was successful.

Review configuration and error files


Although there will be no further configuration required for this lab exercise, further configuration of the IBM HTTP Server and administration server is possible through configuration files located in the conf directory. __ 1. Change to the configuration directory under the IBM HTTP Server installation directory. __ a. Navigate to the directory <ihs_root>\conf. __ b. Using Notepad, open httpd.conf. This file contains configuration data for the IBM HTTP Server.

__ c. Scroll to the bottom of this file and notice the last two lines. They define the module that will be loaded as the WebSphere plug-in and define the path to the plugin-cfg.xml file.
2-20 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Close the file when you are finished with your review. __ e. Notice httpd.conf.default. This file contains the original configuration parameters. It can be copied, if you need to restore or use the original configuration parameters. __ f. Using Notepad, open admin.conf. This file contains configuration data for the administration server. Close the file when you are finished with your review.

__ g. Notice admin.conf.default. This file contains the original configuration parameters. It can be copied, if you need to restore or use the original administrative configuration parameters.

End of lab

Copyright IBM Corp. 2009

Exercise 2. Installing IBM HTTP Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

2-21

Instructor Exercises Guide

Exercise review and wrap-up


This exercise looked at the installation for IBM HTTP Server and the WebSphere plug-ins.

2-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 3. WebSphere Information Center installation (optional)


Estimated time
00:30

What this exercise is about


In this exercise, you install the WebSphere Application Server Information Center Help System.

What you should be able to do


At the end of the lab, you should be able to: Install the WebSphere Information Center Navigate from the Welcome page Search for a topic in the Help Center

Introduction
In this optional exercise, you install the Help System. The IBM WebSphere Help System is a viewer for displaying product or application information developed as Eclipse documentation plug-ins. The system provides a graphical user interface for browsing and searching online documentation. If you have installed an IBM product whose documentation is provided in the form of Eclipse plug-ins, the Help System is probably already installed, in which case you do not need to do this task. To confirm, search your file system for a directory called eclipse\plugins. The Help System compressed file has already been downloaded and has been stored in the software directory.

Requirements
To perform this exercise, you must have the compressed version of the Help System on the machine.

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-1

Instructor Exercises Guide

Instructor exercise overview


In this exercise the students learn how to install and use the downloadable Help System. No changes to the WebSphere lab system are required for subsequent labs.

3-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Install the Help System
Begin by extracting the contents of the file that has been downloaded. This file contains the Eclipse-based framework for running the Help System. The contents of the help system are called plug-ins. Those will be installed in a few steps. Information The Help System can be installed on any system; it does not require WebSphere to be on the same system. Even though the latest version of the information center is available online, it is often useful to have a local copy installed for times when network access is limited.

__ 1. Using Windows Explorer, navigate to <software_cds>\HelpSystem and examine the contents of this folder. Look for the file IBM_Help_301_Win.zip. Linux Navigate to <software_cds>/HelpSystem and look for IBM_Help_301_Linux_Intel.zip.

Information This file was downloaded from the following IBM WebSphere Web site: http://www.alphaworks.ibm.com/tech/iehs/download

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-3

Instructor Exercises Guide

__ 2. Extract the contents of the file IBM_Help_301_Win.zip to the <software_cds>\HelpSystem directory.

Expand the appropriate compressed file to <software_cds>/HelpSystem. For example, on Linux use: unzip IBM_Help_301_Linux_Intel.zip
.

__ a. Right-click and select Extract All.

The Windows extraction wizard will open. __ b. From the welcome pane, click Next.

3-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. You will be prompted for a destination to extract the files to. Enter directory <software_cds>\HelpSystem and click Next.

__ d. Click Finish when the extraction is complete. __ 3. Explore the <software_cds>\HelpSystem directory. __ a. Change to the <software_cds>\HelpSystem\IBM_Help_301_Win\ibm_help directory. There should be several .bat files along with an eclipse subdirectory.

Explore the <software_cds>/HelpSystem/ibm_help directory.

Start the Help System


The Help System uses a browser to view its contents; however, network access is not required since all the files will be loaded from your local machine. __ 1. Start the Help System.

Navigate to the ibm_help directory. Execute the following command to ensure that the scripts are executable: chmod +x *.sh
Copyright IBM Corp. 2009 Exercise 3. WebSphere Information Center installation (optional)
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-5

Instructor Exercises Guide

Run the ./help_start.sh script. You should have gotten an error saying basically java: command not found. That is because there is no system JRE available at this time.

__ a. Using a command-prompt window, navigate to the HelpSystem\IBM_Help_301_Win\ibm_help directory. __ b. Run the help_start.bat script (an error is expected). __ c. You should have gotten an error saying basically that 'java' is not a recognized command. That is because there is no system JRE available at this time.

__ d. Using your favorite text editor, edit the help_start.bat (or help_start.sh on UNIX systems). Information Instead of editing the scripts to explicitly point to a specific java, you could also install a system JRE or add an existing JRE to your path.

3-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. Modify the first line to add a fully qualified path to the WebSphere Application Server provided JRE. So, instead of the line starting with java, it would start with: <was_root>\java\bin\java __ f. Save and exit the file.

Since java may not be on the system path, change the reference to java in the second line of the script to a fully qualified path. Replace java with: <was_root>/java/bin/java

__ g. Make this change to the help_end script as well. __ h. Execute the help_start script again.

Depending on your UNIX configuration, the Help System might still not start. The issue is that the help_start.sh script attempts to bring up a Mozilla browser. If Mozilla is not available, it attempts to bring up a Konqueror browser (available on SUSE). If neither browser is available, the Help System returns an error message indicating that a compatible browser is not available. To get around this issue, there are a number of possible solutions. Three suggested solutions are described below. For these labs, the first solution is suggested. Edit the preferences.ini file for the Help System to specify your systems browser. The file is found in the following directory: ibm_help/eclipse/plugins/org.eclipse.help.base_3.0.1 The name of the field to change is called custom_browser_path. Assuming that your browser is Firefox, the update line should look like this: custom_browser_path=firefox %1 With that change made, the help_start script will now use Firefox instead of Mozilla or Konqueror as the browser of choice. Create a symlink for Mozilla to your browser. Assuming your system has Firefox and it exists in /usr/bin, issue the following command:
Copyright IBM Corp. 2009 Exercise 3. WebSphere Information Center installation (optional)
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-7

Instructor Exercises Guide

ln -s /usr/bin/firefox /usr/bin/mozilla After the symlink is created, the help_start system will work properly. Note: depending on your specific browser, additional symlinks may be needed. Instead of using the help_start script, run the IC_start script. This starts the help system on a well known port, but does not attempt to bring up a browser. You can then bring up your own browser and point it to: http://<machine>:8888/help/index.jsp The advantage of this approach is that it is not specific to a particular browser. It can also be accessed from any system on your network (while maintaining only a single copy). The disadvantage is that there are a few features that are not supported with the IC_start, such as the bookmarks.

__ 2. The Help System automatically appears. The Help System contains all static HTML files and will work with most browsers, including Internet Explorer, Firefox, and Netscape Communicator.

3-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. The Help System Welcome page is displayed.

Information In order to use the Help System, the start script needs to be run first. Just having the URL is not sufficient.

__ 4. Explore the documentation. You can use the browsers Back button to return to the previously visited pages.

Searching the Help System


The Help System includes a search facility that can be used. You can also find out more information about the search facility.

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-9

Instructor Exercises Guide

__ 1. On the left is a navigation frame containing a hierarchical view of topics. In the left pane double-click Viewing information in the help system to expand this folder and view the available topics. A number of topics are listed. Select Searching in the Help System.

__ 2. Select the other options in the left pane to get more information on using the Help System. On the right is the main frame showing the selected document.

3-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. Execute a search. __ a. Enter bookmarks in the Search field and click GO. Information The first search will cause the contents to be indexed.

__ b. Click the first search result entry to read the article. __ 4. To return to the table of contents after running a search, click the Contents tab at the bottom left of the navigation pane.

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-11

Instructor Exercises Guide

Stopping the Help System


When closing the Help System browser, the Help System process continues to run in the background. You must stop the Help System processes when you install documentation plug-ins or update the Help System with new plug-ins. __ 1. Stop the Help System. __ a. Using Windows Explorer, open the ibm_help folder. __ b. Execute the help_end.bat script.

Navigate to the ibm_help directory and run the ./help_end.sh script.

Installing and using documentation plug-ins


The Help System works with any information that has been packaged as an Eclipse documentation plug-in, including IBM product documentation plug-ins. IBM documentation plug-ins are easily identified because they use a common directory-naming convention (com.ibm.xxx.doc). Information The Network Deployment plug-in has already been downloaded for the class. The plug-ins can be downloaded from the following location by clicking the link that lists the plug-in of interest: http://www.ibm.com/software/webservers/appserv/library/

__ 2. The plug-ins you will work with have already been downloaded to the lab image. Navigate to the <software_cds>\HelpSystem directory. __ 3. Extract the plug-in files from:
3-12 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

com.ibm.websphere.nd.doc.zip com.ibm.websphere.ihs.doc.zip com.ibm.websphere.edge.doc.zip

Navigate to the <software_cds>\HelpSystem directory. Expand the compressed files to the <software_cds>/HelpSystem/ibm_help/eclipse/plugins directory. unzip <filename.zip> -d ibm_help/eclipse/plugins
.

__ a. Right-click com.ibm.websphere.nd.doc.zip and select Extract All. The Windows extraction wizard opens and prompts you for the location to extract the files to. __ b. When prompted to select a destination, enter the directory <software_cds>\HelpSystem\IBM_Help_301_Win\ibm_help\eclipse\plugins and click Next. __ c. When the extraction is complete, click Finish. __ d. Repeat the above steps and extract the contents of: com.ibm.websphere.ihs.doc.zip com.ibm.websphere.edge.doc.zip __ e. The extracted files added to the plugins directory include: com.ibm.business.doc com.ibm.etools.ejbbatchdeploy.doc_3.1.2 com.ibm.etools.wrd.freeform.doc_3.1.2 com.ibm.websphere.edge.doc_7.0.0 com.ibm.websphere.help.glossarydoc_6.2.0 com.ibm.websphere.home.doc_1.0.0 com.ibm.websphere.ihs.doc_7.0.0 com.ibm.websphere.installation.factory.doc_7.0.0 com.ibm.websphere.installation.nd.doc_7.0.0 com.ibm.websphere.migration.nd.doc_7.0.0 com.ibm.websphere.nd.doc_7.0.0 com.ibm.websphere.pmc.nd.doc_7.0.0

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-13

Instructor Exercises Guide

com.ibm.websphere.wim.doc

__ 4. Start the WebSphere Help System. __ a. Double-click the help_start.bat file in the ibm_help folder.

Navigate to the ibm_help directory and run the ./help_start.sh script.

3-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Notice in the navigation frame the documentation is available for both WebSphere Application Server Network Deployment and IBM HTTP Server.

__ 5. Click Network Deployment (Distributed platforms and Windows), Version 7.0 and view the details of the table of contents.

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-15

Instructor Exercises Guide

__ 6. Search the Help System. Information The first search creates an index, and will therefore take a bit of time. Future searches do not require additional indexing.
.

__ a. In the search area enter install log file and hit return or click GO. A list of search results are displayed. Select the first entry from the Search Results.

3-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 7. In order to see where in the hierarchy this particular page lies, click the Show in Table of Contents button in the top right section of the page.

Information Going to the Table of Contents view can often be very helpful. If the search result yielded an approximate answer, browsing the documents in the same general area can help narrow things down to a more desirable outcome.

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-17

Instructor Exercises Guide

__ 8. Bookmark this page for later use. __ a. Click the Bookmark Document button in the top right section of the page.

3-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Select the Bookmarks tab at the bottom of the Contents pane. This returns a listing of your bookmarks.

__ 9. Click the Contents button and continue to explore the information center documentation plug-ins. Information When more than one plug-in is loaded into the help system, it is possible to narrow the search area down to specific plug-ins or areas of plug-ins. This can be done by clicking the Search scope link and following the instructions on the subsequent screens.

__ 10. Stop the Help System. __ a. Using Windows Explorer, open the ibm_help folder and run the help_end.bat script.

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-19

Instructor Exercises Guide

Navigate to the ibm_help directory and run the ./help_end.sh script.

Information It is also possible to run the help system as a remote information center. This means that the Help System is installed and maintained on a single local system. Then any browser on your intranet can remotely access the Help System through the URL: http://<hostname>:8888/help/index.jsp To start the Help System as a local information center, run the IC_start script. Like the help_start and help_end scripts, you may need to modify the IC scripts to explicitly point to java.

End of lab

3-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


This exercise installed the offline Help System documentation and demonstrated some navigation techniques.

Copyright IBM Corp. 2009

Exercise 3. WebSphere Information Center installation (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

3-21

Instructor Exercises Guide

3-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 4. Exploring the WebSphere Application Server administrative console


Estimated time
00:45

What this exercise is about


In this exercise, you explore WebSphere Application Server V7 using the administrative console. You examine the configuration structure, and navigate within the WebSphere administrative console, which is used to perform server configuration, to gain knowledge and become familiar with what is available.

What you should be able to do


At the end of the exercise, you should be able to: Verify that WebSphere Application Server has started Launch the administrative console Explore the navigation and functions of the administrative console Use the administrative console to examine configuration information, resources, and properties

Introduction
In this exercise, you explore the WebSphere Application Server V7 configuration. Exploration includes starting the server and browsing through some of the configuration files. You will also start and navigate around the WebSphere administrative console. The application server should already be installed and tested, and you should be able to successfully start the server. The application server runs as a single JVM including all shared services and the containers to run applications. The WebSphere administrative console provides a graphical view of the configuration and includes forms and wizards to make it easier to perform configuration tasks.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-1

Instructor Exercises Guide

Requirements
To perform this exercise, you must have a working server and WebSphere administrative console.

Instructor exercise overview


In this exercise the students learn how to navigate within the WebSphere Application Server V7 environment, using the WebSphere administrative console. The students learn to start the server and examine the configuration, and they learn how to start the WebSphere administrative console. Additionally, the students explore and learn how to navigate within the WebSphere administrative console, and perform functions such as: Examine the properties of a server, application, virtual host, and JDBC provider Correctly log out of the WebSphere administrative console so that changes can be saved or discarded The instructor should become familiar with many of the functions within the WebSphere administrative console. Students are sure to discover and have questions beyond the scope of this lab. Following this exercise there are no changes to the system.

4-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Start the server
Before you can configure the application server environment, you must start all the required processes. For this exercise you use profile1 on server1. __ 1. Determine how many JVMs are running on your system.

Execute the command ps -ef | grep java to show the running Java processes.

__ a. Bring up the Task Manager by pressing Ctrl-Alt-Delete. __ b. Select the Processes tab and you see all the processes which are currently running. Sort the process list by name. __ c. Take note of how many java.exe programs are running. There should be none, unless you left the server running in an earlier exercise. __ d. Click the Mem Usage column heading to sort by memory usage. This ensures the larger processes (such as JVMs) are listed at the top. __ e. Minimize the Task Manager until later, when you look at it again after you start your server. __ 2. Start the server. __ a. In a command-prompt window, navigate to <profile_root>\profile1\bin. __ b. Enter the startServer server1 command to start the server.

Navigate to <profile_root>/profile1/bin and enter: ./startServer.sh server1

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-3

Instructor Exercises Guide

__ c. After a successful startup of the server you should see the message Server server1 open for e-business, which indicates the server is ready.

Information If you have problems starting the server, look at the startServer.log in the <profile_root>\profile1\logs\server1 directory.

__ 3. Restore the Task Manager window and you see that some additional processes have been started. One of those is a JVM (java.exe) for the application server, server1.

4-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information You can verify that the Java process is associated with the application server by comparing process IDs. To add the process ID column to the Task Manager window, Click View > Select Columns... and select PID (Process Identifier). Click OK.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-5

Instructor Exercises Guide

Explore configuration files


Examine some of the configuration files for the WebSphere Application Server. __ 1. Explore the configuration directory structure and view some of the configuration files. __ a. Navigate to <profile_root>\profile1\config

4-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. A few important files contained in the config directory are: <cell> is the cell name <node> is the node name <server> is the server name - Cell-wide resources config\cells\<cell>\resources.xml - Node-specific resources config\cells\<cell>\nodes\<node>\resources.xml - Server-specific resources such as JDBC and JMS providers config\cells\<cell>\nodes\<node>\servers\<server>\resources.xml - Global security settings config\cells\<cell>\security.xml - Virtual hosts config\cells\<cell>\virtualhosts.xml - Applications and endpoints for a node config\cells\<cell>\nodes\<node>\serverindex.xml - Configuration of a server config\cells\<cell>\nodes\<node>\servers\<server>\server.xml Information You should not edit these XML files manually; instead you should use the administrative console or wsadmin command line tool to make configuration changes that affect these files.

__ 2. Examine the Simple Object Access Protocol (SOAP) client configuration file <profile_root>\profile1\properties\soap.client.props. __ a. Navigate to: <profile_root>\profile1\properties __ b. Open soap.client.props in an editor. This file contains security configuration information used by clients such as wsadmin to authenticate with the security service. Important parameters are: loginUserid and loginPassword the ID and password must be specified using these parameters if loginSource=properties

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-7

Instructor Exercises Guide

loginSource specifies how the authentication information is obtained. The default is prompt, which means the user is prompted for a user ID and password.

__ 3. Close any editor windows still open.

Start the administrative console


The administrative console is the graphical user interface for managing WebSphere Application Server configuration settings for servers, applications, and other resources. The administrative console is a browser-based Web application that uses HTML and JavaScript. Information In a federated cell you always use the administrative console connected to the deployment manager so that changes are synchronized across the cell. In a stand-alone application server, you connect directly to the administrative console on the server.

__ 1. Open the administrative console. __ a. In a Windows environment: Start > Programs > IBM WebSphere > Application Server Network Deployment V7.0 > Profiles > profile1 > Administrative console.
4-8 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Another option is to open a browser and specify the address: http://localhost:9060/ibm/console

Although some versions of UNIX provide a shortcut to the console, entering the URL into a browser is the most consistent.

The administrative console should open:

__ 2. Enter wasadmin for the User ID and web1sphere for the Password. Click Log in.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-9

Instructor Exercises Guide

Information If security is enabled, as it is on your machine at the moment, you must log in using a valid user ID and password. If administrative security was disabled, the user ID you enter here would not matter, as it is just used to track configuration changes. A workspace is saved for each user, which includes unsaved configuration changes and navigation preferences.

The administrative console displays in three frames:

Banner this area is the top of the administrative console. It shows a welcome message for the user ID you logged into the administrative console. It displays links for logging out of the administrative console and accessing product information. Navigation tree this area is the left frame of the administrative console. It displays the types of information you can configure. There are 13 areas: Guided activities Servers Applications Services Security Environment System administration Users and groups Troubleshooting Service integration UDDI

4-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Resources

Monitoring and tuning

There is also a Welcome link, which takes you back to the main work area home page. Work area this area is the right frame of the administrative console. It displays the pages to create or change configuration information. The home page displayed in the work area shows the product version installed.

Explore the navigation tree


The administrative console navigation tree lists the tasks available in the administrative console. Tasks are grouped into organizational nodes that represent categories of tasks. __ 1. View the categories of tasks in the navigation tree. When you click a task in the navigation tree, a page is displayed in the work area containing one or more modules for completing the task. Use the View drop-down list at the top of the navigation tree to modify the lists of tasks according to your preferences. __ 2. Click the View drop-down list in the navigation tree.

You can organize the tasks as follows:

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-11

Instructor Exercises Guide

- All tasks this shows all tasks in the administrative console. - My tasks this shows only the tasks that you have added to the view. This list is initially empty, but provides a link to the My Tasks module. - WebSphere Application Server this shows only the tasks for this particular product, WebSphere Application Server. __ 3. Using My tasks allows you to create and edit a list of tasks to view in the navigation tree. My tasks is especially useful to customize the navigation to show only the tasks you use most often. __ a. Select My tasks from the drop-down list in View. __ b. There are no tasks currently selected. Click Add tasks to add a task to the view.

__ c. The work area shows the tasks that you can select to customize the My tasks view in the navigation tree.

4-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Check the boxes for Servers, Applications, and Resources. Click Apply.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-13

Instructor Exercises Guide

__ e. After applying your selections, your customized task list is displayed in the navigation tree.

__ f.

Continue to explore and customize the My tasks view and add additional tasks.

__ g. When completed, click Deselect All to remove all tasks. Click Apply. __ h. Select All tasks from the View drop-down list.

4-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Explore guided activities


In this part of the exercise, you look at the guided activities for WebSphere Application Server V7. Guided activities lead you through common administrative tasks that require you to visit multiple administrative console pages. __ 1. In the administrative console navigation tree, expand Guided Activities. In the stand-alone environment the guided activities include: - Connecting to a database - Routing requests through a Web server to an application server Information In the federated environment the guided activities include: - Connecting to a database - Routing requests through a Web server to an application server - Configuring a cluster and making applications highly available

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-15

Instructor Exercises Guide

__ a. Click Connecting to a database to view the first activity. The work area has information about the activity to help you perform this task successfully. It contains an introduction to the task, details other tasks to do before and after performing this task, as well as hints and tips to help you avoid and recover from problems and other tasks.

__ b. Continue to explore the details for connecting to a database or select another guided activity to explore.

4-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Explore server settings


In this part of the exercise, you look at some of the settings that can be configured using the administrative console, beginning with servers. __ 1. In the administrative console navigation tree, expand Servers and Server Types. In the stand-alone environment the only server types are: - WebSphere application servers - WebSphere MQ servers - Web servers Information In the federated environment you can also manage: Generic servers Proxy servers Version 5 JMS servers Clusters Cluster topology Generic server clusters Core groups

__ 2. Click WebSphere application servers. In the work area a table listing the application servers will be displayed. You should have one server, server1. This page is known as a collection page because it displays a collection of objects. The page has two options for controlling the amount of information displayed, Filter and Preferences.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-17

Instructor Exercises Guide

Information For some other collection pages, an additional option, Scope, is presented. An example of scope will be shown later.

__ 3. Click the Filter icon.

The filter feature allows you to use wildcards to match only the objects you want to work with if there are many objects of the same type. You can select a table column and specify the text to match. Information This option rarely needs to be used unless there are a lot of items.

4-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 4. Click server1. The configuration of server1 is displayed. This page is known as a details page. Notice there are two tabbed pages: - Runtime Runtime lists the current information used by the running server. - Configuration Configuration lists the saved settings that are used when the server is next started.

Some basic configuration settings are shown under General Properties, including the Classloader policy and the Class loading mode.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-19

Instructor Exercises Guide

For a description of any of the settings click More information about this page in the Help box.

__ 5. Under Server Infrastructure click to expand Java and Process Management. Click Process definition. Use this page to view or change settings for a process definition. This page provides command-line information for starting or initializing a process. Note that the Working directory entry starts with a $, such as ${USER_INSTALL_ROOT}. These are called WebSphere variables. They allow for substitutions to the absolute paths using symbolic names. You explore these later in this exercise. __ 6. Click Java Virtual Machine under Additional Properties. The advanced JVM settings for server1 are displayed. Scroll down and examine the settings. Use the Help box to get default values for these settings. - What is the value of Maximum heap size? _______________ - Is Debug Mode enabled? _______________ - Is the JIT (Just-In-Time compiler) enabled? _______________ __ 7. Click Cancel to return to the Process Definition page. __ 8. Click Process Logs under Additional Properties. The process log settings for server1 are displayed. These are the native stdout and stderr log files for the JVM process. Note These are different from the SystemOut.log and SystemErr.log files, which capture most output from the JVM, and support log file rotation to prevent the files from growing too large.

4-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 9. At the top of the page, notice there is a breadcrumb trail showing the pages you have visited.

__ 10. Click server1 from the breadcrumb trail to return to the server1 configuration page.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-21

Instructor Exercises Guide

__ 11. Under Communications expand Ports. The TCP/IP ports used by server1 are listed.

4-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 12. Click the Details link to get additional information on these ports.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-23

Instructor Exercises Guide

__ 13. Click SOAP_CONNECTOR_ADDRESS to configure the port. The host and port associated with the SOAP listener are displayed under the Port column. This is used by SOAP clients, such as the wsadmin command, to connect to the server to perform administration tasks. For a single server installation the default SOAP port is 8880. __ 14. Click server1 in the breadcrumb trail to return to the server1 details page. __ 15. Under Server Infrastructure, expand Administration. Click Server Components. The internal components of server1 are listed. The resources that you can administer are Name Server and Application Server. __ 16. Click Name Server. The name service settings for the application server are displayed. __ 17. Click server1 in the breadcrumb trail to return to the server1 details page. __ 18. Click the Runtime tab. The properties of the currently running instance of server1 are displayed: Process ID (PID). Record your process ID: _________ Cell name Node name State (which should be: Started)

4-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 19. Restore the Task Manager window, and verify that the process ID shown matches the PID for the java.exe process in the Processes list.

Issue ps -ef | grep <PID> from a terminal command prompt.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-25

Instructor Exercises Guide

Information If the process ID is not shown, click View from the menu and click PID (Process Identifier). Click OK. The PID column will be shown.

__ 20. Minimize Task Manager when you have completed your review.

Examine application settings


__ 1. In the administrative console navigation tree, expand Applications and then expand Application Types. There are three application types: - WebSphere enterprise applications - Business-level applications - Assets __ 2. Click WebSphere enterprise applications.

4-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

A collection page lists the applications in the configuration and their status. If you move the mouse cursor over a status icon and click, a window opens and displays the status.

The applications installed by default include: - DefaultApplication includes the snoop servlet - ivtApp installation verification test - query for information on Enterprise JavaBeans - If the sample applications were installed, they would also be listed here. At the moment you only have one server, but potentially the list could include applications installed on multiple servers on the same computer or in a network deployment cell. Information Tasks that can be performed on an application include: Start Stop Install Uninstall Update Rollout Update Remove File Export Export DDL Export File

__ 3. Click DefaultApplication This page shows the general properties of the application with links to a number of additional properties pages such as Details, Web Module, and Enterprise JavaBean Properties. It also shows a References page.
Copyright IBM Corp. 2009 Exercise 4. Exploring the WebSphere Application Server
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-27

Instructor Exercises Guide

__ 4. Under Modules, click Manage Modules. You should see one Web module, Default Web Application; one EJB module, Increment EJB module; and the servers that they are associated with. __ 5. Click the Default Web Application module. A detail page shows the general properties associated with the deployment of the Web module. __ 6. Click Manage Modules in the breadcrumb trail and select the Increment EJB module. A detail page shows the general properties associated with the deployment of the EJB module.

Examine environment settings


__ 1. In the administrative consoles navigation tree, expand Environment. The Environment options: Virtual Hosts Update global Web server plug-in configuration WebSphere Variables Shared Libraries Replication Domains Naming

__ 2. Click Virtual Hosts. In the work area a collection page lists the virtual hosts defined for the cell. __ 3. Click default_host. A details page shows the details for the virtual host. You can only directly change the virtual host name. Under Additional Properties you find links to other properties pages. __ 4. Click Host Aliases under Additional Properties. The host name and port combinations associated with this virtual host are displayed. For default_host the default values are: *:9080 (any host on the internal HTTP transport port) *:80 (any host on the external HTTP transport port) *:9443 (any host on the internal SSL transport port) *:5060 (any host on the SIP transport port) *:5061 (any host on the SIP transport port) *:443 (any host on the external SSL transport port).

In some cases you may need to define additional virtual hosts or modify default_host to support additional host-port combinations. __ 5. Click default_host in the breadcrumb trail to return to the default_host page.
4-28 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 6. Click MIME Types under Additional Properties. The MIME types associated with this virtual host are listed. __ 7. Click Virtual Hosts in the breadcrumb trail to return to the Virtual Hosts page. __ 8. Click admin_host and then click Host Aliases. __ 9. Examine the admin_host virtual host and write down the port numbers associated with this virtual host: _________________________ Note The browser should be accessing the administrative console on one of the ports associated with the admin_host virtual host.

__ 10. In the administrative consoles navigation tree, click WebSphere variables. In the work area a WebSphere variables collection page is displayed. This page includes the scope feature, because variables can be defined for a cell, node, or server. A drop-down list of all available scopes is provided to narrow the list of variables based on scope.

__ 11. From the scope drop-down list, select scope Cell=<cellname>. How many variables are defined for the cell? _______ __ 12. From the scope drop-down list, select scope Node=<nodename>. How many variables are defined for the node? ________ If there are more than the maximum rows (20 by default), a Next button is displayed to allow you to see the additional entries.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-29

Instructor Exercises Guide

Notice that many variable values include references to other variables, for example, ${USER_INSTALL_ROOT}. __ 13. From the scope drop-down list, select scope Node=<nodename>, Server=<servername>. How many variables are defined for the server? ________

4-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Examine resource settings


__ 1. In the administrative console navigation tree, expand Resources. The resources options are: Schedulers Object pool managers JMS JDBC Resource adapters Asynchronous beans Cache instances Mail URL Resource environment.

__ 2. Expand JDBC; click JDBC providers. A collection page lists the JDBC providers in the configuration. In a later exercise you configure a JDBC driver and data source for an application. __ 3. Expand JMS and click JMS providers. Click an instance of Default messaging provider. A details page shows some basic properties of the internal JMS provider. Under Additional Properties there are links for: Connection factories (for configuring a JMS connection factory) Queue connection factories Topic connection factories Queues Topics Activation specifications.

These settings can be defined at the cell, node, or server level so there is a scope selection option available. A collection page lists queue connection factories (if there are any defined). A queue connection factory is used to create connections to the associated JMS provider of JMS queue destinations, for point-to-point messaging. A collection page lists topic connection factories (if there are any defined). A topic connection factory is used to create connections to the associated JMS provider of JMS topic destinations, for publish/subscribe messaging. Information In future lab exercises you modify settings for some of the object types you have already explored and for other areas you have not yet explored.

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-31

Instructor Exercises Guide

Examine troubleshooting
The Troubleshooting area displays messages about runtime events and configuration problems. This area automatically refreshes and you can view either the runtime messages or configurations problems totals. __ 1. In the administrative consoles navigation tree, expand Troubleshooting. __ 2. Expand Runtime Messages. You see entries for: - Runtime error - Runtime warning - Runtime information The total number of errors, warnings, and information messages will be displayed when you select one of the options. Click Runtime information to view all of the messages. __ 3. In the Message column, click one of the messages (if there are any listed) to see the message detail. __ 4. In the navigation tree, expand Configuration Validation under Troubleshooting. You see entries for: - Configuration error - Configuration warning - Configuration information The total number of errors, warnings, and information messages will be displayed when you select one of the options. Click Configuration error to view all of the error messages. If you do not have any error messages, click the Configuration information messages. __ 5. If you have a configuration problem, click the link to it. The problem detail is displayed. On the next window you should see general properties information about the configuration problem. __ 6. Click the Back button to return to the Configuration Validation list and view other problems, if any exist.

4-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Modify the administrative console session timeout


When you are working with the administrative console, the session will expire if it has been idle for more than 30 minutes. In order to continue working, you will have to log in again. Many administrators find the default session idle duration too short. You can change the session idle duration to a time that works best for you. The session idle duration time cannot be modified from the administrative console. The timeout must be modified by executing a script. Information The administrative console session expiration script that you will use in this exercise can be found in the information center by searching for changing the console session expiration.

__ 1. Open the sample administrative console session expiration script. __ a. Navigate to <software_dir>\wsadmin\. __ b. Open timeout.jacl using a text editor. __ 2. Modify the timeout expiration fields. __ a. The invalidationTimeout field must be modified with the time that you want to specify for the session idle duration timeout. There are two locations where this field is specified in the script. Both instances must be changed.

__ b. Replace <timeout_value> with 120 for both instances of the invalidTimeout parameter.

__ c. Save the file. __ 3. Run the script to change the session expiration.
Copyright IBM Corp. 2009 Exercise 4. Exploring the WebSphere Application Server
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-33

Instructor Exercises Guide

__ a. From the command line run the timeout.jacl script using wsadmin from the <profile_root>\profile1\bin directory: wsadmin -f <software_dir>\wsadmin\timeout.jacl -username wasadmin -password web1sphere

In a command window, navigate to <profile_root>/profile1/bin and execute the following command: ./wsadmin.sh -f <software_dir>/wsadmin/timeout.jacl -username wasadmin -password web1sphere

__ b. The session expiration timeout is now set for 120 minutes. Information The timeout session expiration must be set for each profile administrative console. Later in the class you will be creating additional profiles. You will have to rerun the timeout script for each profile that you want to change the session timeout.

Note The wsadmin tool can be used to run scripts. You will learn more about wsadmin later in the course.

4-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Log out of the administrative console


When you are working in the administrative console, a work area is saved which includes all configuration changes you make in the session. When you log out you have the option to save or discard these changes. If you just close the browser, the session work area will be preserved. The next time you log in you have the option to recover the work area from the previous session. Information Any configuration changes that you want to keep must be saved to the master configuration; otherwise the new settings are not used.

__ 1. Click Logout at the top of the page in the taskbar. __ 2. If you have not made any changes to resources, you are returned to the login page. If changes were made, the Save page is displayed. Click Discard so that you do not overwrite the configuration. The Discard WorkSpace Changes page appears asking you to confirm the discard. Click Yes and the login page is displayed. __ 3. Close the browser.

You now generally know your way around the WebSphere administrative console.

End of exercise

Copyright IBM Corp. 2009

Exercise 4. Exploring the WebSphere Application Server


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

4-35

Instructor Exercises Guide

Exercise review and wrap-up


This exercise examined many of the features of the administrative console. You looked at the properties of servers, applications, environment settings, and resources.

4-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 5. Assembling an application


Estimated time
01:00

What this exercise is about


This exercise covers the steps necessary to assemble the Enterprise JavaBeans (EJB) Java archive (.jar) files, the Web archive (.war) files, and auxiliary files that combine an enterprise application into an enterprise archive (EAR) file that can be deployed to a Java EE 5 compliant application server. The assembly and deploy tool is used to complete this exercise.

What you should be able to do


At the end of the lab, you should be able to: Navigate the Assembly and Deploy tool Import and examine enterprise application components Define the following application-scoped resources: - Data source - Authentication alias Export an enhanced EAR file that is ready for deployment

Introduction
In this exercise, you perform the role of the application assembler. Assume that the development groups have created and tested the application in their test environment. Those responsible for bean development have provided you with the .jar files that contain the code for the Enterprise JavaBeans. The developers responsible for the presentation design have given you the .war files that contain the HTML pages, JSPs, and servlets. It is now your task to take these pieces and assemble them into an EAR file that can be installed in the WebSphere Application Server.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-1

Instructor Exercises Guide

You will be using files provided by the application developers. The application is made up of: One EJB module .jar file that contains the session beans and deployment descriptors One Web module .war file that contains the servlets, JSPs, and presentation (HTML and graphics) files along with a deployment descriptor In some cases, you might also be given a resource adapter archive module .rar or utility JAR files. For this exercise, however, there are no resource adapter archive modules or utility JAR files to be installed.

Requirements
To complete this exercise, you need the Rational assembly and deploy tool installed on your machine. This tool will be used to complete the exercise. You also need the following files, located in <software_dir>\Assemble: TradeWeb.war

5-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

TradeEJB.jar

As the assembly and deploy tool is currently only available for Windows and Linux, this exercise cannot be completed in other operating systems.

Instructor exercise overview


In this exercise the students take the actual components of an enterprise application and create an EAR file. The files needed for this exercise are located in <software_dir>\Assemble. The output of this exercise can be used in the follow-on lab, Install the Trade application. After this exercise, the students will have created a TradeApplication.ear file in the <profile_root>\profile1\installableApps directory. For recovery purposes, a known good copy of the file called TradeApplication.ear is also in the <software_dir>\Solutions directory. Note that even though the students create an enhanced EAR file, the enhancements will not be used when the application is installed on the server.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-3

Instructor Exercises Guide

Exercise instructions
Start the assembly and deploy tool
__ 1. Click Start > Programs > IBM Software Delivery Platform > IBM Rational Application Developer 7.5 > IBM Rational Application Developer in Windows. Linux Start the assembly and deploy by navigating to /opt/IBM/SDP and invoking: ./eclipse &

The assembly and deploy tool starts by asking you which directory to use for its workspace. Once you establish a workspace, you continue to use it for the project. Each project should have its own separate workspace. __ 2. Enter <software_dir>\Assemble\TradeApp and click OK.

Linux In the Workspace input area type /usr/software/Assemble/TradeApp

5-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

After a few moments the Welcome screen for the assembly and deploy tool opens. From the Welcome screen you can get an overview of the product or find out what is new in this release by selecting the icons.

__ 3. Close the Welcome view inside of the assembly and deploy tool by clicking the X to the right of its title, or simply click the Workbench icon. Do not close the assembly and deploy tool. __ 4. You should be in the Java EE perspective to begin assembling the application. This is the default perspective and is indicated by the title of the workbench.

__ 5. The Enterprise Explorer view shows all the modules currently loaded in the workspace (none at this time). The modules are categorized by the function they perform. As you add modules, they will appear under their corresponding folders. The empty area on the upper middle part of the window is where the different editors open and display the contents of the selected items on the other views. This area is called the editor pane. Below the editor pane is a multipurpose pane, containing several views. One of the views in the multipurpose pane is the Problems view, which should be in the foreground of the multipurpose pane. It contains any outstanding errors that need to

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-5

Instructor Exercises Guide

be resolved. This space is shared with several other views represented by the tabs at the top of the pane. You will get to use some of them in this exercise.

Create a new enterprise application project


__ 1. Create a new enterprise application project named TradeApplication. __ a. Select the File > New > Enterprise Application Project. __ b. Name the project: TradeApplication Information Since this is a new workspace, there are no servers defined. An installed server needs to be defined in the workspace so its runtime libraries will be added to new projects created in the workspace. Also the selected Target Runtime defines where applications will be deployed to, when asking assembly and deploy to run an application on a server.

5-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Click the New button to the right of Target Runtime to define a new server.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-7

Instructor Exercises Guide

__ d. Select IBM > WebSphere Application Server v7.0. Click Next.

__ e. Click Browse for the Installation directory.

5-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

Navigate to the <was_root> folder and click OK.

__ g. Click Finish.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-9

Instructor Exercises Guide

__ h. Make sure that the Project name is still set to TradeApplication. Click Next.

5-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ i.

Check Generate Deployment Descriptor. Click Finish.

__ j.

The TradeApplication project is now found in the Enterprise Explorer.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-11

Instructor Exercises Guide

Import the Trade application modules


In your case you have been given a set of modules, .war and .jar files, by development. These modules need to be assembled into a running application. Information Handing over individual application modules is the most common way to receive application components, especially when more than one development team is involved, each team being responsible for one or more modules. Another way to hand over an application for deployment is to receive an enterprise applications EAR file.

Add the Trade EJB module


You now define the EJB module that is used by the application. The EJB .jar file for this application has been given to you by the application developer, and it is named TradeEJB.jar. The JAR file contains the deployed code for the Enterprise JavaBeans. This JAR file was created using IBM Rational Application Developer. __ 1. From the menu, select File > Import.

5-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 2. From the Import dialog select EJB JAR file and click Next.

__ 3. In the Import dialog click Browse and navigate to <software_dir>\Assemble, select TradeEJB.jar, and click Open.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-13

Instructor Exercises Guide

__ 4. Ensure Add project to an EAR is checked and TradeApplication is showing in the EAR Project Name drop-down list.

Information Notice that the Target runtime for the TradeApplication is set to WebSphere Application Server v7.0. This value was inherited from the enterprise application, as all modules in an application run under the same server runtime.

__ 5. Click Finish to add the EJB JAR to the application. This may take some time to build. __ 6. Note that there are many warnings that appear on the Problems view.

These are caused by code or by declaring variables that are never used. You may just ignore them, or if you prefer, you may hide these entries using the Preferences

5-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

dialog. From the menu, select Window > Preferences. Expand Java > Compiler and select Errors/Warnings.

Change the following setting from warning to ignore: Potential programming problems: - Serializable class without serialVersionUID Unnecessary code: - Local variable is never read - Unused imports - Unused local or private member Generic types: - Unchecked generic type operation - Usage of a raw type

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-15

Instructor Exercises Guide

- Unused local or private member __ a. Click Apply. Click Yes to rebuild the workspace. Click OK. __ 7. The TradeEJB.jar file has been added to the application. Expand the module to reveal the details of its contents.

Information Double-clicking a module (the second entry) on the Enterprise Explorer view opens its deployment descriptor (if one has been created) in a specialized editor. Deployment descriptor editors have tabs along the bottom of the pane to give you access to the various sections of the file. Using these editors makes working with deployment descriptors much easier. If you change anything on a deployment descriptor, or any other file, you will see an asterisk on the tab where its name is displayed along the top of the editor pane. This indicates that the file has been altered and needs to be saved. Do not save any changes you make, and close the EJB deployment descriptor in the editor.

5-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Add the Web module


Next you add the Web module used by the application. The file for the Web module was assembled by the presentation developer using IBM Rational Application Developer. A Web module consists of the JSPs, HTML pages, and servlets contained within the .war file. __ 1. From the menu, select File > Import. __ 2. In the Import dialog select WAR file and click Next.

__ 3. In the Import dialog click Browse, navigate to <software_dir>\Assemble, and select TradeWeb.war. Click Open.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-17

Instructor Exercises Guide

__ 4. Ensure Add project to an EAR is checked and TradeApplication is showing in the EAR Project Name drop-down list.

__ a. Click Finish to add the TradeWeb module to the TradeApplication enterprise application. __ b. Click No in the dialog that asks if you wish to change to the Web perspective. __ c. Verify that the Web module has been added in the Enterprise Explorer.

__ d. At this point there may be errors showing on the Problems view. If there are errors in the TradeWeb module after importing the WAR file, they are likely to be unresolved references. It is always a good practice to resolve all errors and to investigate any warnings you may see in the Problems view. The next step will resolve the existing errors. __ 5. The TradeWeb module needs to know that some of the classes it refers to are defined in other modules, namely, the TradeEJB modules. This module should already have been added to the TradeWeb modules Java EE module dependencies. __ a. In the Enterprise Explorer view select TradeWeb, and from its context menu (right-click to get the context menu) select Properties.

5-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Select Java EE Module Dependencies. Verify that in Available dependent JARs, Allow both is selected and TradeEJB.jar is checked. Click Apply.

TradeEJB.jar can now be seen in the list of libraries under TradeWeb > Java Resources > Libraries > EAR Libraries. Note If this still does not clear the errors, perform step b above, first unchecking and then rechecking TradeEJB.jar; and click Apply. This seems to force a new validation in the tooling. The errors now should no longer appear in the Problems view.

__ 6. Change the context root of the Web module to: Trade/web __ a. The properties dialog for TradeWeb should still be open. Select Web Project Settings.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-19

Instructor Exercises Guide

__ b. Change the Context Root by typing: Trade/web

Ensure that you type the context root correctly, as it is case-sensitive. Click OK. __ c. You have now added the Web and EJB modules to the TradeApplication. You can see these modules in the Enterprise Explorer by expanding TradeApplication > TradeApplication > Modules.

5-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Add a test server


Earlier you specified that the target runtime environment is WebSphere Application Server V7. Now you add a WebSphere Application Server V7 that can be used to test the application if one does not already exist. __ 1. Right-click in the empty Servers view; then select New > Server from the pop-up menu.

__ 2. In the Define a New Server dialog accept the default options. Click Next.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-21

Instructor Exercises Guide

Linux Click Add next to Server runtime environment. In the subsequent WebSphere Runtime dialog specify: Name: WebSphere Application Server V7.0 Installation directory: /opt/IBM/WebSphere/Appserver Click Finish.

__ 3. Type the password web1sphere in the WebSphere Server Settings dialog. Click Finish.

5-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 4. WebSphere Application Server v7.0 should now appear in the Servers view.

Information Creating the WebSphere Application Server v7.0 in the Servers view allows you to test your application on an existing instance of the WebSphere runtime directly from the assembly and deploy workbench. You can easily install enterprise applications from the context menu by right-clicking WebSphere Application Server v7.0 and selecting Add and Remove Projects from the pop-up menu. You are not going to run through a test at this stage, as there is some additional configuration of the environment that still needs to be performed, and you will be testing the TradeApplication in a later exercise.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-23

Instructor Exercises Guide

Configure WebSphere data sources


You can define certain resources that are included with the application in the WebSphere Application Server Deployment editor. Any resources defined on this page are defined at the application scope. This approach is valuable in a development or test environment, but is not considered a good approach when releasing applications into a production environment. Although the steps that follow create application scoped resources, they will not be used in the labs that follow. This section is here to merely demonstrate how these resources could be added. Information In order to work with application scoped resources in the WebSphere administrative console, you need to select the application containing the resources and then under Resources select Application scoped resources.

In this section you define a JDBC provider and the data source required by the Trade application. Both of these resources are defined at the application scope and visible only to the TradeApplication. __ 1. Open the Server Deployment view.

5-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. Right-click TradeApplication; then select Java EE > Open WebSphere Application Server Deployment.

__ 2. Remove the existing Derby JDBC provider, as it is not used by the application.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-25

Instructor Exercises Guide

__ a. Select Derby JDBC Provider (XA) in the JDBC provider list and click Remove. The JDBC provider list will now be empty. Deleting the provider also deletes the data sources that use it.

__ 3. Create a new J2C authentication data entry. __ a. Scroll to the bottom of the editor page and expand Authentication. Click Add.

5-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Add a new alias with the following properties: Table 4: J2C authentication data Field name Value Alias TradeApp User ID db2admin Password web1sphere Description Authentication for Trade Application

Add a new alias with the following properties: Table 5: UNIX J2C authentication data Field name Value Alias TradeApp User ID db2inst Password was1edu Description Authentication for Trade Application

__ c. Click OK. __ d. You now see that the TradeApp authentication alias is added to the JAAS authentication list.

__ 4. Create a JDBC provider for DB2.


Copyright IBM Corp. 2009 Exercise 5. Assembling an application
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-27

Instructor Exercises Guide

__ a. Scroll to the top of the editor; then click Add next to the JDBC provider list.

__ b. In the Create JDBC Provider window, select IBM DB2 as the Database type. Select DB2 Universal JDBC Driver Provider (XA) as the JDBC provider type.

__ c. Click Next.

5-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. In the next window specify Trade for the name of the provider.

__ e. Click Finish. __ f. Verify that Trade has been added to the JDBC provider list.

__ 5. Next create the data source.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-29

Instructor Exercises Guide

__ a. Click Add to create a data source.

__ b. In the Create Data Source window select DB2 Universal JDBC Driver Provider (XA) as the JDBC provider. Make sure that the Version 5.0 data source option is selected. Click Next.

5-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. On the next page enter the properties of the data source. Enter the following information in the fields as provided. Leave default values for all other fields. Table 6: Data Source data Field name Value Name Trade JNDI name jdbc/tradeds Description Trade Datasource From the drop-down list Component-managed authentication alias select: TradeApp Use this data source in container-managed Checked persistence (CMP) .

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-31

Instructor Exercises Guide

__ d. Click Next. __ e. Set the following fields according to the table below: Table 7: Data source database details Field name Value databaseName TRADE driverType 4 serverName dbhost portNumber 50000

The settings for UNIX: Field name databaseName driverType serverName portNumber Value TRADE 4 dbhost 50001

__ f.

Click Finish.
Copyright IBM Corp. 2009

5-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

V5.2
Instructor Exercises Guide

EXempty

__ 6. Save your changes. From the main menu select File > Save (or press Ctrl-S). Close the WebSphere Application Server Deployment editor. Information These resource settings are saved within the EAR file in files under the META-INF\ibmconfig folder. These files are not part of the Java EE 5 specification but are recognized by WebSphere Application Server V7. The enterprise archive containing these files is called an enhanced EAR file.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-33

Instructor Exercises Guide

Export the enterprise archive (EAR) file


Save the file in the <profile_root>\profile1\installableApps directory. __ 1. Export the TradeApplication EAR file. __ a. In the Enterprise Explorer view on the upper left pane, right-click TradeApplication > Export > EAR file. __ b. In the Export dialog, click Browse and navigate to the folder <profile_root>\profile1\installableApps. __ c. In the Destination field, change the name of the EAR file to: enhancedTradeApplication.ear __ d. Uncheck Optimize for a specific server runtime. __ e. Click Save.

__ 2. Click Finish to export the EAR file. __ 3. Verify that the EAR file was saved successfully. __ 4. Exit assembly and deploy.

End of exercise

5-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


In this exercise, the assembly and deploy Toolkit was opened and used to assemble the modules for the Trade Application Case Study application into an enterprise archive. You will test the application in a later exercise.

Copyright IBM Corp. 2009

Exercise 5. Assembling an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

5-35

Instructor Exercises Guide

5-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 6. Installing an application


Estimated time
01:00

What this exercise is about


This exercise covers the tasks used to install two WebSphere enterprise applications in WebSphere Application Server, using the administrative console. The TradeApplication and the QuoteWS applications, both packaged as enhanced EAR files, are installed on the server.

What you should be able to do


At the end of the lab, you should be able to: Install an application using the administrative console Test the application using a Web browser

Introduction
In this exercise, you install the TradeApplication enterprise archive (EAR) file that was assembled using the assembly and deploy tool. The EAR file contains all the application modules, and also contains the definition of other resources required by the application. The second application, contained in the QuoteWS.ear file, also contains application scoped resources that will be used during installation. The applications are tested by accessing them from a Web browser.

Requirements
To perform this exercise, you must have WebSphere Application Server installed on the machine and a working application server with an administrative console. In addition, you will need a Web browser and DB2 installed, and the Trade application case study databases created and populated. You also need the TradeApplication.ear and the QuoteWS.ear files.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-1

Instructor Exercises Guide

Instructor exercise overview


The focus of this exercise is to introduce the students to the wizards in the administrative console. The students will use a wizard to install the applications and a Web browser to test both applications. The students complete the following tasks: Copy the TradeApplication.ear file to <profile_root>\profile1\installableApps (if the student has completed the Assembling the Trade application lab, this file is already in place). Copy the QuoteWS.ear file to <profile_root>\profile1\installableApps Use the wizard to install the applications. In the Trade application they will choose to ignore the application scoped resources. In the QuoteWS application they will use application scoped resources defined in the enhanced EAR file. Start the applications. Finally, the students open a Web browser and test the Trade application. If they have successfully installed the application, they should get the Trade applications welcome page to log in to the system. At this stage, the students should be able to log in with user ID of client, and look at the account information and the holdings for the user. They should also be able to register as a new user and log in using the new ID, and obtain local quotes as provided by the Web service in the QuoteWS application. Note: If the students applications are damaged beyond repair at this point, you can have them start over by copying the EAR files from the <software_dir>\solutions directory to the InstallableApps directory and redo the exercise. Following this exercise the Trade application has been installed and the necessary resources created using the administrative console.

6-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Start the server and the administrative console
Use the WebSphere Application Server administrative console to install the Trade application. Since the administrative console is a system application running on the server, the server has to be up and running before the console is started. __ 1. Start WebSphere Application Server if it is not already running. __ a. The server can be started from the <was_root>/bin directory. When using the <was_root> directory, the profile name must also be specified. In a command-prompt window, navigate to <was_root>\bin. __ b. Enter the startServer server1 -profileName profile1 command. __ c. The server has started when a message similar to the following appears: Server server1 open for e-business; process id is 2136 Note that the process id is a unique number, which represents the server process that is running on the system. Information The server can be started without the use of the profile name if you issue the startServer server1 command from the <profile_root>\<profile_name>\bin directory.

Navigate to the <was_root>/bin directory and enter the ./startServer.sh server1 -profileName profile1 command. The server can be started without the use of the profile name if you issue the ./startServer.sh server1 command from the <profile_root>/<profile_name>/bin directory. Also verify that DB2 has started on your system. This can be done by simply executing the following command in a terminal window: ps -ef | grep db2inst1 If there are no DB2 processes, make sure to manually start DB2 at this point (and again if you system restarts). Execute the following commands in a terminal window: su - db2inst1 db2start

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-3

Instructor Exercises Guide

__ 2. Open the WebSphere administrative console. __ a. In a Web browser, specify the address http://localhost:9060/ibm/console At this point, if you see a security alert or warning from the Web browser, click OK or the link to continue to the Web site. __ b. Enter wasadmin for the user ID and web1sphere for the password, and click Login.

Create J2C authentication aliases


Most system resources need to be able to authenticate to some kind of authentication registry. In the case of data sources you need to be able to authenticate to the database server, which in this case is set up to use the local OS user registry. __ 1. Create a new authentication alias named TradeApp. __ a. From the WebSphere administrative console, expand Security and click Global security. __ b. Under Authentication on the right, expand Java Authentication and Authorization Service. __ c. Click J2C authentication data.

__ d. Click New.

6-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. In the General Properties area, enter the following values: Table 8: J2C details Field Value Alias TradeApp User ID db2admin Password web1sphere Description For Trade data sources

In the General Properties area, enter the following values: Table 9: UNIX J2C details Field Value Alias TradeApp User ID db2inst1 Password was1edu Description For Trade data sources

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-5

Instructor Exercises Guide

__ f.

Click OK. Note that the alias was created but the name is not exactly as you defined. The wizard adds the node name in front of the alias name you entered.

__ g. Click the Save link to save your changes. __ 2. Edit the hosts file on your machine to map dbhost to the machine where the database server is running; in this case 127.0.0.1. The hosts file can be found in the \Windows\system32\drivers\etc folder.

In UNIX, edit /etc/hosts and enter the following values. 127.0.0.1 localhost dbhost quote.trade.com

Linux On SUSE Linux, it is common to define the host name on a separate line mapped to the IP address 127.0.0.2. However, this causes problems for the networking that WebSphere needs to do. Aside from adding the definitions for dbhost and quote.trade.com to 127.0.0.1, you will also need to modify the line starting with 127.0.0.2. Using a text editor, edit the /etc/hosts file:

6-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. In a command window, find your system IP address for eth0 by entering the following command: ifconfig

Note If the IP address changes during the course, the hosts file will need to be updated.

__ b. Edit the /etc/hosts file. Find the line that starts with 127.0.0.2 and comment it out by adding a # symbol as the first character of the line. __ c. Add a new line just below the one that was just commented out, and start it with the system IP address you looked up using ifconfig. The rest of the line should

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-7

Instructor Exercises Guide

have the host names (long and short versions) that appear on the commented out line just above.

__ 3. While you have the hosts file open, also map quote.trade.com to the same IP address; it is used to access the Web service that provides local stock quotes and

6-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

also runs on your local server. Also, ensure that the machine name (something like was7hostXX) is mapped to the same IP address.

Linux Do not add your machine name to the 127.0.0.1 line.

__ 4. Save and close the hosts file.

Create a JDBC provider and data sources for the Trade application
If there are any resources used by the application that are not defined in the EAR file, you have to define them using the administrative console. In this section, you create the data sources used by the Trade application. Information In general, it is considered a best practice to ignore, or remove, application scoped resources from enhanced EAR files when installing applications in a production environment.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-9

Instructor Exercises Guide

In this step of the exercise, you create the data source required by the Trade application. You also create the JDBC provider under which the data source exists. __ 1. Create the Trade data source. __ a. From the administrative console expand Resources > JDBC > Data sources. __ b. Select the Node=was7hostXXNode01 scope and click New.

__ c. Enter Trade for the data source name. This name is just a label and can be anything you like. Enter jdbc/tradeds for the JNDI name. This must be the

6-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

same name that is used by the application and must be unique in the environment. Click Next.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-11

Instructor Exercises Guide

Note If there are any existing JDBC providers, you will see the following screen as Step 2 in the wizard. Select Create new JDBC provider, and click Next. Otherwise, you will go directly to Step 2.1 Create new JDBC provider, in the wizard.

6-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Select the values on the table below in the Create new JDBC provider page.

Table 10: JDBC details Field Value Database type DB2 Provider type DB2 Universal JDBC Driver Provider Implementation type XA data source __ e. Keep all remaining defaults and click Next.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-13

Instructor Exercises Guide

__ f.

On the next page, you define where in the file system the JDBC provider will find the JDBC drivers. In this case the location is defined as: <db2_root>\java Enter this value in both directory locations fields.

Check the appropriate appendix for the correct value of <db2_root>/java.

Information The paths pointing to the JDBC drivers are actually entered by the wizard into the WebSphere environment variables named: DB2UNIVERSAL_JDBC_DRIVER_PATH and DB2UNIVERSAL_JDBC_DRIVER_NATIVEPATH. If these variables had been set before this step,

6-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

their values would have prefilled the entry fields. Anything entered here will overwrite the environment variables.

__ g. Click Next. __ h. Now you should be back in the data source definition part of the wizard and ready to define the database specific properties. Enter the following parameters on the page: Table 11: Data source details Field Value Driver type 4 Database name TRADE Server name dbhost Port number 50000

Enter the following parameters for the UNIX data source: Table 12: UNIX data source details Field Value Driver type 4 Database name TRADE Server name dbhost Port number 50001

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-15

Instructor Exercises Guide

__ i.

Click Next.

6-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ j.

On the next page, select was7hostXXNode01/TradeApp for the Component-managed authentication alias, and click Next.

__ k. On the next page, verify all the values entered, and click Finish to create the data source and JDBC provider. __ l. Save your changes.

__ 2. Create another data source as described in the previous steps __ a. Enter Quote for the data source name and jdbc/quoteds for the JNDI name.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-17

Instructor Exercises Guide

__ b. In Step 2 of Create a data source, select the JDBC provider you just created from the drop-down menu. Click Next.

__ c. Enter the following values in Step 3: Enter database specific properties for the data source, and click Next. Table 13: Quote Data source details Field Value Driver type 4 Database name QUOTE Server name dbhost Port number 50000

6-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty For UNIX systems: Table 14: Field Driver type Database name Server name Port number Value 4 QUOTE dbhost 50001

__ d. Select was7hostXXNode01/TradeApp for the Component-managed authentication alias, and click Next. __ e. Click Finish. __ f. Save your changes.

__ 3. Test the data source connections. __ a. On the Data Sources page, select the check boxes for Quote and Trade, and click the Test connection button. __ b. Make sure the connection was successful. Look for the successful messages at the top of the work area.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-19

Instructor Exercises Guide

Install the QuoteWS enterprise application


The QuoteWS application provides local stock quotes and acts as a Web services provider. The enhancedQuoteWS.ear file is an enhanced EAR file that contains definitions of other resources required by the application. The QuoteWS application provides local stock quotes by accessing the requested stock symbol from the QUOTE database and returning the price of the stock. The QuoteWS comes into play when the user decides that he or she does not want Internet quotes. This is done through the account preferences of each registered user. It also comes into play if the user has requested an Internet quote, but the external Web service is not available. In that case, after the external Web service fails, the application tries to retrieve the price of the same symbol by accessing the local Web service provided by QuoteWS. Since you are using the resources already defined in the EAR file, installing the enhancedQuoteWS.ear file is simple and straightforward. __ 1. Install the enhancedQuoteWS.ear. __ a. From the administrative console expand Applications and click New application. __ b. Click New Enterprise Application.

__ c. Select Local file system and click Browse.

6-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Navigate to <software_dir>\EarsAndWars, select the enhancedQuoteWS.ear file, and click Open. Click Next.

__ e. Select Fast Path - Prompt only when additional information is required, and click Next.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-21

Instructor Exercises Guide

__ f.

On the next page, you can select any additional installation options. Make sure that Process embedded configuration is selected.

Information If an EAR file is enhanced, the Process embedded configuration check box will be selected by default. If you want to ignore the application-scoped resources, you will need to deselect the Process embedded configuration option.

__ g. Accept the default values and click the Summary link. __ h. Click Finish to complete the installation. __ i. Save the changes.
Copyright IBM Corp. 2009

6-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

V5.2
Instructor Exercises Guide

EXempty

__ 2. Start the QuoteWS application. __ a. Expand Applications > Application Types, and select WebSphere enterprise applications. Verify that the QuoteWS application is listed. __ b. Select the check box next to QuoteWS and click Start.

__ 3. Verify the application scoped resources. __ a. After the application starts, click the QuoteWS link.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-23

Instructor Exercises Guide

__ b. Under References, click Application scoped resources.

6-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. In addition to the Quote data source that you created earlier in this exercise, you should also see a data source for an EJB timer service.

__ d. Click Quote to see additional details.

Install the TradeApplication enterprise application


The Trade application is packaged in an enhanced EAR file that contains a definition of the resources required by the application. However, these resources will not be used when installing the application. It is considered a best practice not to include application scoped resources when installing applications to the production environment. When installing the Trade application, you will choose to ignore all application scoped resources. __ 1. Install the TradeApplication.ear. __ a. Expand Applications > New Application, and select New Enterprise Application. __ b. In the Preparing for application installation page, select Local file system and click Browse. __ c. Navigate to the <software_dir>\EarsAndWars directory, select the TradeApplication.ear, and click Open. The Local file system field should now contain the path of the EAR file. Note You can use the EAR file that you created in the previous exercise if you want. However, in this exercise, you are going to ignore any embedded enhancements in the EAR file.

__ d. Click Next.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-25

Instructor Exercises Guide

__ e. The next page gives you the option to generate default bindings and mappings. At this time you will not be changing any bindings. Select Detailed - Show me all installation options and parameters. Click Next.

The server expands the EAR file in memory. Depending on the system, this could take a little while. The next page shows Select installation options. Scroll down the page, and notice that there are many steps to complete. You can complete each step in turn and click Next to navigate to the next step, or you can jump directly to a step by clicking its link. __ f. Select the check box to Precompile JavaServer Pages files and make sure that Process embedded configuration is not selected. Information Precompiling JSP pages takes more time to complete, but is a good option to select when testing. This way you can ensure all JSPs will compile. In production, this is a way to reduce the response time for the first request of a JSP. Notice that there is also an option to deploy Enterprise JavaBeans. This option regenerates deploy code for the Enterprise JavaBeans in the enterprise application. The developer already deployed the Enterprise JavaBeans in IBM Rational Application Developer before it was exported, so this step is not necessary. The Process embedded configuration will not be checked by default because the EAR file does not contain any enhancements. If you choose to use the EAR file that was exported in a previous lab, you will need to uncheck this option.

6-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. Click Next. __ h. You can now proceed through the various steps by clicking Next, and accepting the defaults. Or go directly to the Summary.
Copyright IBM Corp. 2009 Exercise 6. Installing an application
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-27

Instructor Exercises Guide

__ i. __ j.

Click the Summary link, and click Finish. Save the changes.

Start the Trade application


__ 1. Start the TradeApplication. __ a. Click Applications > Application Types > WebSphere enterprise applications. __ b. Select the check box next to the TradeApplication. __ c. Click Start.

Test the enterprise application


Test the application by accessing it via the WebSphere Application Servers HTTP transport. __ 1. Access and log in to the TradeApplication. __ a. Open a new Web browser, and access the TradeApplication by entering the following address: http://localhost:9080/Trade/web

6-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Click Login. The Trade login page (login.jsp) is displayed.

__ c. Log in to the application. Enter client for the User and web1sphere for the password. Click Login. __ d. The Account information page should be displayed.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-29

Instructor Exercises Guide

From this page you can get a stock quote, update account information, view your holdings, buy and sell stocks, and view transaction history pages. You can also log out, and navigate to the Administration and Welcome pages. Warning At this time, do not select the option to Broadcast transaction data as the server is not yet configured to perform this function and will fail if attempted.

__ e. Select the information icon, or circle i icon at various points in the application to access additional information for the purpose of education or troubleshooting.

The information icons appear throughout the application. Selecting an icon shows background information as to how the application performs a particular function. A pop-up window will appear with information for that icon.

__ f.

Close the information window.

6-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. On the Account Information page select IBM from the drop-down list and click Get Quote.

Information Depending on which browser is being used, a page refresh may be needed to see the update symbol list.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-31

Instructor Exercises Guide

__ h. Close the quote pop-up window. Feel free to obtain additional quotes.

6-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 2. Click the Buy and Sell tab. Feel free to buy and sell stock. Notice that as you buy and sell, your balance changes accordingly and also your holdings reflect your actions.

__ 3. Select the Holdings tab. The Holdings page shows what stocks are currently in your portfolio. It also displays your total equity.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-33

Instructor Exercises Guide

__ 4. Select the Transaction History tab. This page lists all transactions since you registered.

__ 5. Experiment with all features of the application to verify that all pages and functions work. You may also log out, register a new user, and verify all functions. __ 6. Log out of the application. __ 7. Log out of the administrative console and close the Web browser.

End of lab

6-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


The first part of the exercise looked at installing two applications using the administrative console. After installation of the QuoteWS and Trade applications, the applications were started and tested.

Copyright IBM Corp. 2009

Exercise 6. Installing an application


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

6-35

Instructor Exercises Guide

6-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 7. Problem determination


Estimated time
00:45

What this exercise is about


This lab illustrates how to view and configure log and trace files. In this exercise you use WebSphere various troubleshooting tools including Diagnostic Tracing, Log Analyzer, and the IBM Support Assistant.

What you should be able to do


At the end of the lab, you should be able to: Use the administrative console to view log data Find and view log files Enable tracing on an application server Use memory leak and hang detection tools Use the IBM Support Assistant

Introduction
In this lab, you locate and view log files for the WebSphere Application Server. You use a text editor to view the log files and use the Log Analyzer tool to view logs and trace files. Students also learn how to enable tracing for an application server by using the administrative console. You also install the IBM Support Assistant and tools provided to diagnose problems.

Requirements
To perform this exercise, you must have a working WebSphere Application Server server1, administrative console, and a running Default application and Trade application installed on profile1.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-1

Instructor Exercises Guide

Instructor exercise overview


This exercise is performed using server1. Students change settings and look at log files using the administrative console. Students will work with a preinstalled version of ISA. Students learn how to work with log and trace output using the Log Analyzer tool in ISA. For trace monitoring students use the HitCount application. Students also use the Guided Troubleshooting component of IBM Support Assistant to analyze an out-of-memory exception thrown by the BadApp application. The BadApp application will be installed as part of the exercise and uninstalled at the end.

Information about using Trace


Students will enable ConnectionManager for trace using com.ibm.ejs.j2c.ConnectionManager*=finer They then execute a series of requests: 1. /hitcount (Servlet HttpSession variable) which does not obtain a connection 2. /hitcount (using CMP EJB) which obtains a connection for each request 3. /ivtejb (using Session EJB) does not obtain a connection Note: /ivtejb returns a blank screen only. The second request will result in trace output and will have a different connection manager identified.

Information about the IBM Support Assistant


In order to save time, students will work with a preinstalled version of ISA. An appendix is provided to show how to install ISA. When running on Linux, ISA has a few issues that affect the lab. They must use the Mozilla browser so if it is not installed they need to follow the instructions provided in the lab to install it.

Information about Log Analyzer


In order to make the best use of time, have students start the Log Analyzer section of this exercise before you begin the lecture. Have the students work up to importing the symptom catalog. It will take several minutes to import the catalogs, so it is best to start the import early.

7-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions Preface


You can use any text editor to view most log files. Unless the instructions tell you differently, close the editor window after you examine each file.

Part 1: Working with log files of the application server


__ 1. Verify that server1 is running. __ a. Navigate to the <profile_root>\profile1\bin folder and execute the serverStatus server1 -username wasadmin -password web1sphere command. __ b. If server1 is not running, execute the startServer server1 command to start the application server.

Use a terminal window: __ a. Navigate to <profile_root>/profile1/bin __ b. At the prompt, enter: ./serverStatus.sh server1 -user wasadmin -password web1sphere __ c. If the server is not running, enter: ./startServer.sh server1
.

Information If the server has already been started, you will be challenged to provide a user ID and password when executing serverStatus commands. Enter wasadmin for the user ID and web1sphere for the password.

__ 2. You can change the location, name, and other settings of log files using the administrative console. __ a. Launch the administrative console. __ b. Click YES to proceed if you get a Security Alert. __ c. Log in. Enter wasadmin for the user ID and web1sphere for the password. __ d. In the navigation tree, select Troubleshooting > Logs and trace. In the pane on the right, click server1.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-3

Instructor Exercises Guide

Information You can also reach the configuration area for Logging and Tracing by selecting Servers > WebSphere application servers > server1. Click Logging and Tracing under the Troubleshooting section.

__ 3. Change the number of historical files and set the maximum size of the log file for System.out. The number of historical files grows from zero to the value of the maximum number of historical files field. The next rollover deletes the oldest historical file. __ a. Select JVM Logs.

7-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. You can view and modify settings from the Logging and Tracing window for System.out and System.err logs.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-5

Instructor Exercises Guide

__ c. Under General Properties for System.out set the Maximum Size to 3 MB and the Maximum Number of Historical Log Files to 2.

__ d. Click OK. __ e. Save the changes to the master configuration. __ 4. View SystemOut.log and SystemErr.log for server1 using the administrative console. __ a. Select Troubleshooting > Logging and Tracing > server1 > JVM Logs and select the Runtime tab. __ b. Click View to the right of the File Name field for System.out.

7-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. The default is to retrieve 250 lines in one step. You can specify the range of lines to be retrieved at the top of the Logging and Tracing window.

__ d. Retrieve lines 250 to 400 by typing 250-400 and click Refresh.

Information You can also navigate to the <profile_root>\profile1\logs\server1 folder to view the logs using a text editor. This is usually preferable since you can use the search features of your text editor.

__ 5. Configure the IBM service logs using the administrative console. Unlike the JVM logs, the IBM service logs cannot be viewed within the administrative console. You have to use a tool such as the Log Analyzer, which you will work with later in this exercise.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-7

Instructor Exercises Guide

__ a. Select Troubleshooting > Logs and trace > server1 > IBM Service Logs.

__ b. Verify that Enable service log is checked. Notice that you can disable the service log by clearing the box, but this is not recommend by IBM Support. Information To find the value for $(LOG_ROOT), you can look to Environment > WebSphere Variables. The name of the service log is activity.log, but this can be changed along with its location in the file system. Maximum file size can be set, and you can enable or disable a correlation ID.You can use the correlation ID to correlate activity to a particular client request.You can also use it to correlate activities on multiple application servers, if applicable.

__ c. Click OK. __ d. Save changes. __ e. Log out of the administrative console.

7-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Part 2: Using the Log Analyzer for viewing service and JVM logs
The Log Analyzer can be downloaded and run in the IBM Support Assistant. The Log Analyzer allows you to import log files, trace logs, and activity logs. A number of views are provided for log analysis. It also has the ability to combine several log files into a single unit for analysis. The log files can be analyzed against a symptom database of known error conditions and message text strings. You can use this tool to import the IBM service log and to analyze the record entries to assist in problem determination. Look at the analysis results when provided, to try to find where or why problems are occurring. You can also apply filters to look at specific record types or records that contain certain values. __ 1. Open up the IBM Support Assistant and launch the Log Analyzer tool. __ a. Double-click the ISA shortcut on you desktop and wait for the IBM Support Assistant to open. If the ISA shortcut is not available, use Windows Explorer to navigate to C:\Program Files\IBM\IBM Support Assistant\rcp and double-click rpclauncher.exe.

Linux Open a terminal window and navigate to /opt/ibm/IBMSupportAssistant/rcp. Launch ISA by entering the following command: ./rcplauncher

__ b. On the Welcome page click the Analyze Problem activity.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-9

Instructor Exercises Guide

__ c. Click the Tools tab.

__ d. You will see a catalog of tools that have been downloaded to the ISA. Select (highlight) Log Analyzer.

__ e. Click the Launch button and wait for the Log Analyzer tool to open.

7-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

When the Log Analyzer opens, you will be prompted to update the symptom catalog list. Ordinarily you would want to perform this update, but if you do not have Internet access, and in order to save time, click Cancel.

Warning If you update the symptom catalog, the new catalog will have to be compiled before you can use it for the first time. The compiling of the symptom catalog can take 10 to 20 minutes. Therefore, for this exercise Cancel any Update windows that might pop up.

Linux You may not be prompted to update the symptom catalog list. The activity.log is a binary file and needs to be converted to text in order for Log Analyzer to import it. On Windows there is a checkbox that tells Log Analyzer to treat activity.log as a text file. This check box does not seem to be available in Linux. Workaround for Linux: Convert activity.log to a text file using showlog.sh; then import it into Log Analyzer. In a later step you will be asked to import the activity log into Log Analyzer, so perform the following steps now to do the conversion. Open a terminal window and enter cd <profile_root>/profile1/bin Then type ./showlog.sh ../logs/activity.log > ../logs/activity1.log Later when you are asked to import the activity.log file, import activity1.log instead.

__ 2. Import symptom catalogs. __ a. In the Log Analyzer under Log Navigator, right-click Symptom Catalogs.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-11

Instructor Exercises Guide

__ b. Click Import Symptom Catalog....

__ c. Select From Local host. __ d. Browse for <software_dir>\Troubleshooting\IBM_WebSphere_Application_Server_Ver sion_7_0.symptom. Click Open. Note: on UNIX click OK. __ e. Clear the check box for Browse in symptom editor folder.

7-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

Click Finish.

__ g. Wait for the symptom catalog to be imported. This can take a few minutes to complete. Monitor the progress of the import in the lower right corner of the Log Analyzer console.

__ h. The import is complete when this message disappears. Verify that you see an entry for the catalog under the Symptom Catalogs folder in the Log Navigator. __ i. Repeat these steps to import the V6.1 symptom catalog IBM_WebSphere_Application_Server_Version_6_1.symptom.

__ 3. Import server1s activity log. __ a. From the Log Analyzer task menu, select File > Import Log.... __ b. Select Import from the local system and click Next.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-13

Instructor Exercises Guide

Note You may see the following exception.

If so, click Continue several times until you see Import from the local system window.

__ c. Expand the directory until you get to the profile1 log directory: <profile_root>\profile1\logs.

7-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Linux Remember to select and add activity1.log instead of activity.log.

__ d. Highlight activity.log and click Add.

__ e. Scroll to the table Logs to be imported into the Log Analyzer. Linux The next few steps are not necessary since you already converted the activity.log to text format earlier in the exercise. Proceed to the step where you click Finish.

__ f.

In the Log Type column, click the link for IBM WebSphere Application Server.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-15

Instructor Exercises Guide

__ g. Make sure the box for activity log is checked. Also check the box for Activity log is text-formatted.

__ h. Accept the defaults for everything else on the Details tab and click OK. __ i. __ j. Click Finish. On the Download Catalog Updates window click Cancel. Ordinarily you would want to update the symptom catalogs.

__ k. Wait for the activity log to be imported. You should then see the Log View populated with records from the activity log. __ 4. Examine the Log View in the Log Analyzer.

7-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. Notice each event has a Creation Time, Severity, Message Text, and so on. The severity values are 10 (information), 30 (warning), and 50 (error). Note The contents of your Log View will be different from what is shown in the screen capture above, which was created for illustrative purposes.

__ b. Filter the events by severity by clicking the down arrow on the Manage Filters icon.

__ c. Select Show error log records only.

__ d. Notice that only the events with severity 50 are now displayed in the Log View.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-17

Instructor Exercises Guide

__ e. Analyze an event against the symptom catalog by right-clicking any record in the Log View.

__ f.

Click Analyze Selection. You can also click Analyze All; however, it usually takes several minutes for the analysis depending on how many records are listed in the Log View.

__ g. If you are prompted again to update the symptom catalogs, click Cancel. __ h. When the analysis completes, you will see a message box indicating how many (if any) symptoms were found relating to the log record. Click OK. __ i. View the results of the analysis in the bottom pane below the Log View. Click any symptom code and select the Recommendations and actions tab.

__ j.

Scroll down on the Recommendations and actions tab and expand Recommendations to see the details. Information

This short exercise is meant to introduce you to some of the functions of the Log Analyzer. If you have time, you may explore some of the other features. The tool provides complete online documentation. To view the documentation, click Help > Help Contents.

7-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ k. When you are done exploring the Log Analyzer, close it by clicking File > Exit. Click Yes on the Log Message prompt. __ l. Minimize ISA. You will use it again later in this exercise.

Part 3: Enabling tracing on an application server


Additional logging can be enabled for events in the WebSphere Application Server by using the tracing features of WebSphere. Tracing impacts performance and should only be enabled on specific components when necessary. Try to reproduce the problem and dump the trace data to a log file. Disable tracing when it is no longer needed. __ 1. Log in to the administrative console. __ a. Enter wasadmin for the user ID and web1sphere for the password. __ 2. Configure Diagnostic Trace for server1. __ a. Select Troubleshooting > Logs and trace > server1 > Diagnostic Trace. __ b. Under Trace Output select File (the default) to specify you want trace entries written to a log file. __ c. Set the Maximum File Size to 25 and the Maximum Number of Historical Files to 2. __ d. Remember the name and location of the trace trace.log file. The default location is ${SERVER_LOG_ROOT}/trace.log. Click OK. __ e. Save the changes to the master configuration. __ 3. Change the trace level details. This is configured on a separate panel. __ a. Select Troubleshooting > Logs and trace > server1 > Change Log Detail Levels and wait until all components are shown in the browser window. __ b. Select the Runtime tab and wait until all components are visible. Information Changes made on the Runtime tab work on actively loaded modules and do not require a server restart. Changes made on the Configuration tab will not take place until the application server is restarted.

__ 4. Trace the J2C Connection Manager with a detail level of finer. To change the Log Detail Levels, you have two possibilities: __ a. Type in the multiple line entry field the following: *=info: com.ibm.ejs.j2c.ConnectionManager=finer __ b. Click OK.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-19

Instructor Exercises Guide

__ c. Or expand com.ibm.ejs.* and then expand com.ibm.ejs.j2c.*. Click com.ibm.ejs.j2c.ConnectionManager and select Message and Trace Levels > finer. Click OK.

Information The option of dynamically expanding the components will only display components that have been loaded by the application server. If the application server has not accessed the database since its last restart, the ConnectionManager component will not be listed under the com.ibm.ejs.j2c package.

Information The connection management architecture for both relational and procedural access to enterprise information systems (EIS) is based on the J2EE Connector Architecture (JCA) specification. The Connection Manager pools and manages connections within an application server. It is capable of managing connections obtained through both resource adapters defined by the JCA specification and data sources defined by the Java Database Connectivity (JDBC) 2.0 (and later) Extensions specification.

__ 5. Verify the trace output using the HitCount servlet in the DefaultApplication.

7-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

The trace settings you just specified will allow you to view when connection managers are utilized. You can see when specific connection managers are accessed and how long the access lasts. This could be helpful in determining which components access connection managers and when such access might be taking too long. __ a. In a command prompt window navigate to <profile_root>\profile1\logs\server1. Information Use the tail utility to monitor the trace output. If tail is not available on your system, use Notepad or any ASCII editor as the tool for opening the trace.log file in this directory.

__ b. If tail is available, start it: tail -f trace.log In the trace output find the message: TRAS0018I: The trace state has changed. The new trace state is *info:com.ibm.ejs.j2c.ConnectionManager=finer. Leave the tail window open. __ c. If tail is not available, open the trace.log using Notepad. Verify that you see the message: TRAS0018I: The trace state has changed. The new trace state is *info:com.ibm.ejs.j2c.ConnectionManager=finer. __ d. In a Web browser specify the following address: http://localhost:9080/hitcount?selection=SS2 Use the Reload (Refresh) button in the browser a few times. You should only see information in the tail window (or trace.log) about the servlet initialization (only if the servlet was not already running), but should not see any information about J2C connectivity. __ e. In the same browser of the HitCount Demonstration select Enterprise Java Bean (CMP), select Global Namespace, and select Commit. Click Increment.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-21

Instructor Exercises Guide

The address in the browser should change to the following: http://localhost/hitcount?selection=EJB&lookup=GBL&trans=CMT You should also see the following at the bottom of the Web page.

__ f.

There should now be a lot of trace information in the trace.log file. Look for the first occurrence of the message: allocateConnection in cm <some hex value> Entry If this was the first request of HitCount using CMP EJB, you will find the JDBC driver name getting the connection entry in the trace. Record the connection manager entry (the hexadecimal value): _____________

7-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. Reload the request in the browser. Look again for the first occurrence of the message allocateConnection in cm <some hex value> Entry after the reload time. Does the connection use the same entry? _____ Compare the timestamp and duration of both connections. __ h. Trace a request for a different application. In a new Web browser specify the address: http://localhost:9080/ivt/ivtejb Only a blank screen appears as response in the browser. Are there any connections shown in the tail window? Why not? _______________________________________________________________ Hint: What kind of Enterprise JavaBeans are used? (Hint: Not Entity Enterprise JavaBeans) _______________________ __ 6. Test the connection trace using the TradeApplication. __ a. In a new browser window enter the following address: http://localhost:9080/Trade/web __ b. Log in as user: client and password: web1sphere __ c. Does the connection use the same entry as the HitCount application did? _________ (Hint: Typically, a different application will get a new connection.) Note The tests above show that both the Trade application and the HitCount application (when using Enterprise JavaBeans) utilize the Connection Manager. You also could determine how long it took for the connections to perform tasks using the timestamp information. If there was a problem with database access, this information may help pinpoint where the problem originates.

Information Use Trace to obtain detailed information about the execution of WebSphere Application Server components, including application servers, clients, and other processes in the environment. Trace files show the time and sequence of methods called by WebSphere Application Server base classes, and you can use these files to pinpoint the failure. Trace output is generated as plain text in either basic, advanced, or log analyzer format as specified by the user. The basic and advanced formats for trace output are similar to the

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-23

Instructor Exercises Guide

basic and advanced formats that are available for the JVM message logs. You can also use the Log Analyzer to view and analyze trace output.
.

__ d. Close any Web browser windows that may still be open except the administrative console. __ e. Close the tail window. __ 7. Now that you are done working with trace, reset the Trace level to its original setting. __ a. Select Troubleshooting > Logs and trace > server1 > Change Log Detail Levels and wait until all components are shown in the browser window. __ b. Select the Runtime tab and wait until all components are visible. __ c. In the multiple line entry field, change it back to the following: *=info __ d. Click OK. __ 8. (Optional) Import the trace.log into the Log Analyzer and examine its contents. Follow the steps of the previous part of the lab. You can also import JVM log files into the Log Analyzer.

Part 4: Work with the Guided Troubleshooting component of IBM Support Assistant
IBM Support Assistant (ISA) improves your ability to locate IBM support, development, and educational information through a federated search interface (one search tool which can search through multiple resources). The goal is to simplify access to IBM product home pages, product support pages, product forums, and newsgroups through convenient links. It saves you time when submitting problems to IBM Support by collecting relevant information and then electronically creating a Problem Management Report (PMR) from within IBM Support Assistant. It also includes a support tool framework allowing for the easy installation of support tools associated with different IBM products. In this part of the exercise you will work with the Guided Troubleshooting component of the IBM Support Assistant. __ 1. Install the Badapp application. __ a. In a command prompt window navigate to <profile_root>\profile1\bin. __ b. Enter the command wsadmin -lang jython -user wasadmin -password web1sphere

7-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty Enter the command: ./wsadmin.sh -lang jython -user wasadmin -password web1sphere

__ c. Wait until you see the prompt wsadmin>, and then enter the following command on one line. Make sure that you replace the XX with your number in the node and cell names. Alternatively, you can go to <software_dir>\Troubleshooting and copy the command from the file BadAppInstall.txt. AdminApp.install('C:\software\Troubleshooting\Badapp.ear', '[-node was7hostXXNode01 -cell was7hostXXNode01Cell -server server1]') Linux Enter the following command: AdminApp.install('/usr/software/Troubleshooting/badapp.ear', '[-node was7host01Node01 -cell was7host01Node01Cell -server server1]')

__ d. Wait until you see the following message. ADMA5013I: Application BadAppEARProject installed successfully. __ e. Next, enter the following two commands. AdminConfig.save() quit __ 2. Verify that the application is installed and start it from the administrative console.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-25

Instructor Exercises Guide

__ a. Log in to the administrative console and click Applications > Application Types > WebSphere enterprise applications.

__ b. Check the box for BadAppEARProject, and click the Start button. __ c. Wait for the application to start successfully and its status is started (green arrow). __ 3. Run the application. __ a. From a Web browser enter the Web address: http://localhost:9080/BadAppWebProject

7-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Enter a 5 in the Bad Behavior Mode window, and click the Submit button.

__ c. The browser will seem to hang for several minutes. You will notice the progress bar moving very slowly.

__ d. After about 5 minutes you will see the following error message. Return page for BadApp Request status:OutOfMemoryException was thrown (was this expected?), see WAS logs An OutOfMemoryException has been thrown. If the application was not purposely written to display the error message, you would see this symptom only if you examined the servers JVM logs (SystemErr.log). __ e. Use Windows Explorer to navigate to <profile_root>\profile1\logs\server1. __ f. Use Notepad to open the SystemErr.log file. Search for the string: java.lang.OutOfMemoryError __ g. Following the OutOfMemoryError you should see a stack trace similar to the following.
SystemErr SystemErr
Copyright IBM Corp. 2009

R java.lang.OutOfMemoryError R at com.ibm.badapp.BadAppServlet$F(BadAppServlet.java:192)
Exercise 7. Problem determination
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-27

Instructor Exercises Guide

SystemErr SystemErr SystemErr SystemErr

R at com.ibm.badapp.BadAppServlet.docMethod(BadAppServlet.java:406) R at com.ibm.badapp.BadAppServlet.doPost(BadAppServlet.java:280) R at javax.servlet.http.HttpServlet.service(HttpServlet.java:738) R at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)

The stack trace may provide you with information to determine what application caused the out of memory condition. Information Also, by default, a servers JVM is configured so that whenever an OutOfMemoryException is thrown, a javacore file and a heapdump file will be dumped to the servers <profile_root>\<profile_name> directory. If you navigate to <profile_root>\profile1 you will see the following: heapdump.<time_stamp>.phd javacore.<time_stamp>.txt The IBM Support Assistant has different tools that will help you analyze the contents of the heapdump and javacore files.

__ h. Close the Web browser. Information In the following steps you will use the IBM Support Assistants Guided Troubleshooting feature. Here are the symptoms you have observed so far. 1) Web browser hangs after clicking the Submit button. 2) Error page suggesting an OutOfMemory exception 3) OutOfMemory exception in the SystemErr.log 4) heapdump and javacore files have been generated

__ 4. Open the IBM Support Assistant and launch the Guided Troubleshooter. __ a. Double-click the ISA shortcut on you desktop and wait for the IBM Support Assistant to open. If the ISA shortcut is not available, use Windows Explorer to navigate to C:\Program Files\IBM\IBM Support Assistant\rcp and double-click rpclauncher.exe.

7-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Linux Open the ISA window. If ISA is not running from earlier, open a terminal window and navigate to /opt/ibm/IBMSupportAssistant/rcp. Launch ISA by entering: ./rcplauncher

__ b. Click Analyze Problem on the IBM Support Assistant Welcome page. __ c. Select the Guided Troubleshooter tab. __ d. Select Troubleshoot a problem and click Next.

Note As you proceed through the guided troubleshooting process, you will be asked a series of questions. The instructions provide you with responses that are appropriate for the symptoms that you may or may not have observed. Notice that there is additional help and troubleshooting guidance at the bottom of each pane. It is worth taking time to read some of this information as you perform the following steps.

__ 5. Fill in the new case information. __ a. Enter BadApp_problem for the Case Name. __ b. The only required field is Case Name. The other fields in the screen capture are for illustrative purposes. You may enter information in these fields if you like. Notice that in the pane below this form there is a description of each field and examples of what information might be recorded there.
Copyright IBM Corp. 2009 Exercise 7. Problem determination
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-29

Instructor Exercises Guide

__ c. Click Next.

__ 6. Select a product to troubleshoot and begin characterizing the problem. __ a. Select WebSphere Application Server Troubleshooting and click Next. __ b. On the next screen select Guide me through identifying my symptom and failing component and click Next. __ c. Select The application performs poorly or behaves unexpectedly and click Next. __ d. Select My application is slow, or its performance degrades over time and click Next. __ e. Select Troubleshoot Java memory problems and click Next. __ 7. Begin troubleshooting Java memory problems. __ a. Select Troubleshoot IBM JVMs and click Next. __ b. Select JVM diagnostic files (heapdump or javacore) were automatically created by the JVM and click Next. __ c. Read the information about automatically generated heapdump and javacore files. If you have not already done so, use Windows Explorer to navigate to <profile_root>/profile1 and verify that a heapdump and a javacore files were recently generated. Click Next. __ d. Select A file containing verbose GC information or heapdump files exist and click Next. __ 8. Add the heapdump file to your case. __ a. Follow the three steps to add the heapdump file. Start by clicking the Add Files button.
7-30 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Browse to <profile_root>/profile1 and select the heapdump file. If you see an error message while browsing, click Continue.

__ c. If you see more than one heapdump, select the one with the latest timestamp in its file name. Click OK. __ d. Click Next. __ 9. Verify that you have collected the heapdump file into your case. __ a. On the right side of the screen, select the Case Manager tab and highlight your Case Name.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-31

Instructor Exercises Guide

__ b. You should see the heapdump file name. __ c. Back in the Guided Troubleshooting tab, select I collected the diagnostic data files, help me analyze them, and click Next. __ 10. Begin the analysis of the heapdump file. __ a. Select Analyze a heapdump file and click Next. __ b. Read the information on the Analyze the Heapdump Diagnostic File page.

__ c. Expand each topic to learn more about MDD4J and heapdumps. __ d. The next step is to use a tool called Memory Dump Diagnostic for Java (MDD4J) to analyze the heap dump. If time permits, you can click Next and continue with the analysis. Information The Memory Dump Diagnostic for Java (MDD4J) tool analyzes common formats of memory dumps (heapdumps) from the Java virtual machine (JVM) that is running WebSphere Application Server. The analysis of memory dumps is targeted towards identifying regions within the Java heap that might be root causes of memory leaks. The tool is capable of analyzing very large sized memory dumps obtained from production

7-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

environment application servers encountering heap exhaustion, large object requests, or OutOfMemoryErrors.

__ e. At this point, rather than going through the analysis using MDD4J, you will pause and save your case. Using the MDD4J is beyond the scope of this course. However, the last several steps have shown you how to navigate through the Guided Troubleshooting feature. Click Pause Case. __ f. On the prompt to stop the current case, click OK. You will be returned to the Guided Troubleshooting Welcome page.

Part 5: Work with a collector in the IBM Support Assistant.


If you are preparing to engage IBM Support to help you solve a problem, there is certain diagnostic data relevant to common problems that you must gather from your system and WebSphere Application Server. ISA has an interactive collector feature that will guide you through the diagnostic data collection process. __ 1. Access the collectors in IBM Support Assistant. __ a. Under the Analyze Problem tab, click the Collect Data tab.

__ b. You will add the collected data the BadApp case. Click the Select button, select the BadApp_Problem case, and click OK. BadApp_Problem should now show in the case window. __ 2. Select a collector. __ a. Under Select a Collector expand WebSphere Application Server 7.0.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-33

Instructor Exercises Guide

__ b. Expand General and select General Problem.

__ c. Click the Add >> button to the right of the list of collectors. __ d. Scroll to the right to verify that you see General Problem in the Collector Queue.

__ e. Select (highlight) the entry in the Collector Queue, and click the Collect All button. __ 3. Begin the interactive collection process. In the following steps you will respond to requests for information about your servers system, for example, installation locations, output file locations, administrative IDs, and so forth.

7-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. Read the description of the General Problem collector in the first User Input prompt and click OK.

__ b. As the collection proceeds, you can view the status in the Collector Status area.

__ c. Click the View Details button to examine the steps in the current collection process. You can also view the status by selecting the Current Status tab. __ d. The next User Input prompt provides a link to the MustGather document for General Problem. Click the link if you like, and read the document. Or just click OK to proceed.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-35

Instructor Exercises Guide

__ e. The next User Input prompt requests the path and name of the collection output. Enter <software_dir>\Troubleshooting\BadApp_Problem_Gen_Collector.zip

__ f.

Click OK.

__ g. Browse for the installation root <was_root>. Click OK.

Linux <was_root> is /opt/IBM/WebSphere/AppServer

7-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ h. Enter the Administrator User Name: wasadmin and Administrator Password: web1sphere Click OK.

__ i.

The collector will run for a few minutes; then you will be prompted to enter a trace string. Enter com.ibm.*=all

__ j.

Click OK.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-37

Instructor Exercises Guide

__ k. On the next prompt you will have an option to restart the server. Select Do not Restart Server.

__ l.

Click OK. The next prompt asks you: Proceed without restarting server. Click OK.

7-38 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ m. Wait a few minutes until you are prompted for additional trace strings. Select No.

__ n. Click OK. __ o. On the next prompt you will be asked if you wanted to set the number and size of the trace file. Select No.

__ p. Click OK. __ q. On the next prompt, click I Have Reproduced the Problem. Ordinarily you would take this opportunity to reproduce the problem with tracing enabled to

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-39

Instructor Exercises Guide

gather data specific to the problem you are seeing. But in order to save time, proceed as if you had. __ r. Click OK on the prompt telling you that the Collector Tool will run and take several minutes.

__ s. After several minutes you will be prompted with the following Informational Message.

__ t.

Click OK.

__ u. When prompted to provide feedback to IBM about the IBM Support Assistant, click No.

7-40 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ v. At this point you can choose to FTP the collected data to IBM Support. From the drop-down menu select Do Not FTP the Logs.

__ w. Click OK. __ x. Wait a few minutes for the collection to complete.

__ y. When the collection is complete, you will see the name of the file where the results are stored, in this case, BadApp_Problem_Gen_Collector.zip. __ 4. Examine the results of the collection. Linux On Linux, click the BadApp_Problem_Gen_Collector.zip link in the Collector Status window. An index of files in <software_dir>\Troubleshooting will be displayed in a Web

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-41

Instructor Exercises Guide

browser. Right-click BadApp_Problem_Gen_Collector.zip and select Open Link in New Window. Select Open with File Roller and click OK.

__ a. Use Windows Explorer to navigate to <software_dir>\Troubleshooting. __ b. Locate the file BadApp_Problem_Gen_Collector.zip, right-click it, and click Open. __ c. You should see three folders: autopdzip, profile1, and WAS_General_Problem. __ d. Open each folder and explore the contents. In the profile1 folder you will see the log files, properties files, heapdump, javacore, and so forth. In the WAS_General_Problem folder, there are several HTML files containing reports on the status of the server system. You may like to open these reports and view their content. __ e. When you are done examining the contents of BadApp_Problem_Gen_Collector.zip, close it. __ 5. Shut down the IBM Support Assistant. __ a. In the IBM Support Assistant Workbench, click Files > Exit. __ 6. Uninstall the BadApp application. This application was used for illustrative purposes in this exercise, and will not be used again. __ a. Log in to the administrative console. __ b. Click Applications > Application Types > WebSphere Enterprise applications. __ c. Select the check box for BadAppEARProject. __ d. Click the Uninstall button. Click OK to confirm the removal of the application. __ e. Save changes to the master configuration. __ f. Log out of the administrative console.

End of exercise

7-42 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


In this exercise you learned how to examine server log files using the administrative console, and how to use the Log Analyzer to examine the IBM service log (activity.log). You also learned how to configure diagnostic tracing on specific server components using the administrative console. You generated trace data by running different applications that accessed the server component. You examined the trace data to get a better understanding of how the component was behaving. Next you installed an application, BadApp, which has a built-in memory leak. Running the application resulted in an OutOfMemory exception being thrown. You used the Guided Troubleshooting feature of the IBM Support Assistant to work through a step-by-step investigation of the problem. Finally, you used one of the interactive collectors in the IBM Support Assistant to gather diagnostic data from your system relevant to a general problem.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-43

Instructor Exercises Guide

Appendix: Installing the IBM Support Assistant


In this lab exercise the IBM Support Assistant was already installed on your lab machines for your convenience and to save time. Following are instructions for installing IBM Support Assistant on a Windows machine.

Download and install the IBM Support Assistant


__ 1. Download the IBM Support Assistant V4.0.2 from the WebSphere support site using the following Web address http://www.ibm.com/software/support/isa/download.html __ 2. Download ISA V4.0.2 Workbench for Windows ibmsa-v402-wb-win32.zip to a temporary directory. __ 3. Extract ibmsa-v402-wb-win32.zip to a directory called C:\ISA __ 4. Install ISA V4.0.2 __ a. Navigate to the ibmsa-v402-wb-win32 folder and double-click setupwin32.exe. __ b. Click Next on the ISA Welcome page. __ c. Accept the license agreement and click Next. __ d. Accept the default install directory and click Next. __ e. Click Install on the summary page. Wait 2 minutes for the install to complete successfully and then click Finish. __ f. You should now see the IBM Support Assistant Workbench shortcut on the desktop.

__ 5. Install ISA add-ons for WebSphere Application Server V7.0 and several JVM tools. __ a. Double-click the IBM Support Assistant shortcut. __ b. Click Cancel on the Network Connections screen if you see it. __ c. In the ISA Workbench click Update > Find New > Product Add-ons. __ d. On the Product Add-ons to Install page, expand WebSphere. __ e. Scroll to locate WebSphere Application Server V7.0 and check the box beside it. __ f. Click Next.

__ g. On the Tools Add-ons to Install page, expand JVM-based Tools and check any of the boxes for the following tools. These tools are of particular interest for WebSphere Application Server. New versions and additional tools are available on a regular basis. IBM Monitoring and Diagnostic Tools for Java - Dump Analyzer v2.1.0 IBM Monitoring and Diagnostic Tools for Java - Garbage Collection and Memory Visualizer v2.1.0
7-44 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

IBM Pattern Modeling and Analysis Tool for Java Garbage Collector v2.4.0 IBM Thread and Monitor Dump Analyzer for Java (Tech Preview) v2.8.0 Memory Dump Diagnostic for Java (MDD4J) Beta v2.0.0 ThreadAnalyzer (Tech Preview) v6.0.3 Log Analyzer Note If the exact versions listed above are not available, then download the latest versions. However, the behavior of the later versions might be different from what is described in the lab exercises.

__ h. Click Next. __ i. __ j. Accept the licence agreement and click Next. Click Finish.

__ k. On the Results of Operation screen verify that the product add-on and the tool add-ons installed successfully. __ l. Click Finish.

__ m. When prompted to restart, click Yes. __ n. Close the IBM Support Assistant.

Copyright IBM Corp. 2009

Exercise 7. Problem determination


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

7-45

Instructor Exercises Guide

7-46 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 8. Using wsadmin


Estimated time
01:00

What this exercise is about


In this lab exercise, you use the wsadmin. You learn to manipulate wsadmin objects from the command line and from scripts. You also use the Rational Application Developer assembly and deploy tool to create, test, and debug wsadmin scripts written in Jython.

What you should be able to do


At the end of the lab, you should be able to: Use wsadmin and scripts to execute administrative commands Create a simple script using Jython Use the Jython editor and debugger Examine wsadmin settings

Introduction
The WebSphere Application Server wsadmin tool provides the ability to execute scripts for the purpose of making configuration changes in the application server. You can use the wsadmin tool to manage a WebSphere Application Server V7 installation. This tool uses the Bean Scripting Framework (BSF), which supports a variety of scripting languages to configure and control your WebSphere Application Server installation. The wsadmin tool supports the Jython and Jacl scripting languages. The Jython syntax for the wsadmin tool is the strategic direction for WebSphere Application Server administrative automation. The wsadmin shell makes Java objects available through language-specific interfaces. Scripts use these objects for application management, configuration, operational control, and for communication with MBeans running in the WebSphere server processes.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-1

Instructor Exercises Guide

Scripting is a nongraphical alternative that you can use to configure and manage the WebSphere Application Server.

Requirements
To perform this exercise, you must have a working WebSphere Application Server installed on the machine and also Rational Application Developer assembly and deploy available on the same or a different machine from the server.

Instructor exercise overview


In this exercise, the students complete several basic manipulations of wsadmin objects. Initially they will start wsadmin and run single wsadmin commands. Emphasize to the students that wsadmin is case-sensitive. AdminApp is not the same as adminApp. (AdminApp is correct.) There is a lot of room in this exercise for experimentation. Encourage students to use the Help object to retrieve help on specific objects. The students are also exposed to the scripting facilities provided by Rapid Application Developer. Note that only Jython is used in this exercise. For students that complain about that, emphasize the fact that by concentrating on only one language, IBM can better concentrate on providing better tooling and testing, which makes scripting easier and more enjoyable.

8-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
The wsadmin tool supports two scripting languages: Jython and Jacl. Rational Application Developer assembly and deploy only supports Jython. This exercise covers scripting using only Jython scripts.

Using wsadmin with Jython


When running scripts using the -f flag, to run a script contained in a file, wsadmin will run the appropriate language interpreter based on the file extension of the script being passed. Jython is used for scripts with a file type of .py and Jacl is used for scripts with a file extension of jacl. Even though the wsadmin shell has been improved to the point where in most cases you do not need to specify the -lang jython command-line option, some options like -profile still require you to specify the language used in the file containing the profile. If no -lang flag is specified, Jacl is considered the default language. This also applies when starting the wsadmin shell without passing a file to execute or when using wsadmin with the -c flag to pass and execute a single command. If Jython is preferred, the following command-line option is used for a one-time switch to use Jython: wsadmin -lang jython

The UNIX command would be: ./wsadmin.sh -lang jython

Information To use Jython as the default scripting language, edit the wsadmin.properties file found in the <profile_root>\profile1\properties directory. Look for the entry that contains com.ibm.ws.scripting.defaultLang=jacl and set it equal to jython This change will be global to this profile. It is also possible to define a property file for individual users or through an environment variable.

This section of the lab explores wsadmin using Jython commands: starting wsadmin, getting help, and running various commands.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-3

Instructor Exercises Guide

There are solution files in the <software_dir>\wsadmin folder. You can continue with the exercise and enter the commands by hand, or you can run the appropriate script.

Start wsadmin
__ 1. Start WebSphere Application Server. __ a. Open a command-prompt window and navigate to the <profile_root>\profile1\bin directory. __ b. Verify the server is running; enter the serverStatus server1 command. Enter the user ID wasadmin and password web1sphere when challenged.

The UNIX commands to check the server status and start the server are: ./serverStatus.sh server1 ./startServer.sh server1

__ c. If the application server is not running, start the server by entering the startServer server1 command. __ d. Do not close the command-prompt window. Wait for the server to complete its startup process. __ 2. List the command line options for wsadmin. __ a. Get command line help for wsadmin. From the <profile_root>\profile1\bin directory, enter: wsadmin -help

The UNIX command would be: ./wsadmin.sh -help

8-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

The resulting output displays a list of command-line options and descriptions of those options.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-5

Instructor Exercises Guide

__ 3. It is possible to run a single wsadmin command and exit the wsadmin shell. This is not very efficient since a JVM needs to be created every time a command is run. Enter following command: wsadmin -lang jython -c "AdminControl.getPort()" You will be prompted to log in. Enter user ID wasadmin and password web1sphere

The UNIX command would be: ./wsadmin.sh -lang jython -c "AdminControl.getPort()"

Information Note that depending on whether wsadmin has ever been run on your machine using the jython flag, you may get a slightly different output from that showing on the previous screen capture. The first time Jython is loaded by wsadmin, its libraries are loaded prior to the execution of the script. As each library is loaded, a message appears on the wsadmin console.

The port that wsadmin is using to connect to the application server is displayed.

8-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Warning Note that now that you are asking wsadmin to actually connect to a running server and retrieve some information (the port number), you are challenged for a user name and password. These must be valid credentials to the administrative security. Enter wasadmin and web1sphere to authenticate and continue. Ensure there are no spaces after each entry, or authentication will fail.

See the next section for alternatives on how to deal with security while using wsadmin.

Dealing with security


In WebSphere Application Server V7 administrative security is enabled by default. These security settings affect wsadmin inasmuch as a valid user ID and password must be used when starting a wsadmin session. Providing this authentication information can be done in several ways: 1. Supply user ID and password on the wsadmin command line 2. Supply user ID and password on the pop-up window 3. Save the user ID and password in the property files Options 1 and 2 require a person to enter the information every time wsadmin is started. This defeats the purpose of using wsadmin to automate configuration changes since a human must be available. Option three allows you to enter the authentication information only once, and then every time wsadmin starts it will authenticate using the information in the property files. Next you will enter the authentication information for wsadmin in the soap.client.props file and also encode the file to mask the password, which is entered initially in clear text. __ 1. Add the user ID and password to the properties file. __ a. Edit the soap.client.props file found under the <profile_root>\profile1\properties folder. __ b. Find the entries:

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-7

Instructor Exercises Guide

com.ibm.SOAP.loginUserid= com.ibm.SOAP.loginPassword= __ c. To the right of the equals sign, enter wasadmin and web1sphere in the corresponding fields.

Warning Realize that this is a potential security problem. Not only is a password being stored within this file (although it can be encoded), it means that any administrator who runs wsadmin will automatically have access to WebSphere without any authentication.

__ d. Save the file. Information If you are connecting to wsadmin using RMI instead of SOAP, the file to edit is: sas.client.props. This file is in the same folder as the file used for the SOAP connection. The entries to change are: com.ibm.CORBA.loginUserid= com.ibm.CORBA.loginPassword=

__ 2. Execute the same command again: wsadmin -lang jython -c "AdminControl.getPort()"

The UNIX command would be: ./wsadmin.sh -lang jython -c "AdminControl.getPort()"

8-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

You should not have been prompted for authentication. Having the authentication information in the property file also means that you can now stop the server without providing a user name and password. __ 3. If you are uncomfortable with leaving passwords visible in the properties file, a tool is provided to encode the passwords. Run the PropFilePasswordEncoder tool on the soap.client.props file.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-9

Instructor Exercises Guide

Information Note that a side effect of encoding the password is that the tool removes all comments from the file. If you want to look at comments in the soap.client.props file at a later time, you should save a backup copy and remove the password before running the encoding utility. Also note that encoding the password is no substitute for protecting the file system from unauthorized users.

__ a. From the command window on the <profile_root>\profile1\bin folder, invoke the following command (all in one line, do not type <space>): PropFilePasswordEncoder ..\properties\soap.client.props <space> com.ibm.SOAP.loginPassword -Backup

The UNIX command would be: ./PropFilePasswordEncoder.sh ../properties/soap.client.props <space> com.ibm.SOAP.loginPassword -Backup

__ b. Open the file to see the changes.

Invoking wsadmin to run a script in a file


As mentioned previously, running wsadmin multiple times using the -c command-line option is very inefficient as the Java virtual machine (JVM) hosting wsadmin needs to be started and shut down for every command. It is much more efficient, and faster, to combine multiple commands into a single file which can be run as a unit. The added benefit of this approach is that scripting logic can be included to make decisions and obtain runtime values dynamically.
8-10 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 1. From a command prompt (not the wsadmin prompt), you can run wsadmin with the -f <filename> option. This option gives you the ability to get wsadmin to load and run a script file. The command to run a script looks like the following: wsadmin -f <software_dir>\wsadmin\listJDBCProviders.py

The UNIX command would be: ./wsadmin.sh -f <software_dir>/wsadmin/listJDBCProviders.py

In the example above, the listJDBCProviders.py file is a script file that lists all the JDBC providers defined on the server, at all scopes including application scoped providers in the QuoteWS application. Run the script now to view all the JDBC providers defined on the server:

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-11

Instructor Exercises Guide

__ 2. Open the <software_dir>\wsadmin\listJDBCProviders.py file and examine its contents to try and understand what the script did. The source code is also shown below: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 19. 19. 20. 21. 22. 23. # # This script lists all defined JDBC providers # def showJdbcProviders(): providerEntries = AdminConfig.list("JDBCProvider") # split long line of entries into individual entries in list providerEntryList = providerEntries.split(lf) # print contents of list for provider in providerEntryList: print providerEntryList AdminConfig.reset() cell = AdminControl.getCell() node = AdminControl.getNode() lf = java.lang.System.getProperty("line.separator") slash = java.lang.System.getProperty("file.separator") print "System information: Cell=" + cell print "System information: Node=" + node showJdbcProviders()

A short explanation of the script: The pound character # indicates the line is a comment. The keyword def on line five indicates that the following lines of code are a subroutine. In Jython indentation defines blocks of code, so every line belonging to the def is indented the same amount of white space. The colon at the end of the line signifies the beginning of a block of code. The scripts first line of execution, on line 14, is the first non-indented line that is not a def in this case: AdminConfig.reset(). As you may recall, AdminConfig is one of the administrative objects. The reset() method cancels out any outstanding configuration changes that have not been saved. Next the cell and node are obtained using methods in the AdminControl object. The line separator and slash characters change depending on the operating environment, so it is always a good idea to obtain them at run time and not hardcode them.
8-12 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

The print command can be used as an informational or debugging aid. It can print constants and runtime variables easily, as you can see on lines 20 and 21. The last line, line 22, showJdbcProvider() calls the subroutine of the same name. Here the AdminConfig object is used to obtain a list of JDBC providers. The call returns a long string containing all the providers; between each provider there is an lf character. The split function makes a list of the long string using the lf character as the separator. The next couple of lines iterate through the list and display each entry. Note the iterator is implemented as a for loop. Also note the change in indentation for the line executing the body of the for loop. __ 3. If you are comfortable working with Jython scripting, feel free to modify and rerun the script.

Work with wsadmin administrative objects


In this part of the exercise you work within the wsadmin shell in the interactive mode. Once the wsadmin shell starts, you are presented with a command prompt where you can execute literally any valid command you wish. If you want to reduce the chances of making errors, you can open the <software_dir>\wsadmin\class_samples.py script and use it to copy and paste the individual commands. Otherwise just type the commands. __ 1. Start a wsadmin command session using the Jython language. __ a. Verify the directory is <profile_root>\profile1\bin __ b. Enter: wsadmin -lang jython

The UNIX command would be: ./wsadmin.sh -lang jython

__ 2. As you may know, there are five wsadmin administrative objects. They are: Help AdminControl AdminConfig AdminApp AdminTask

Almost all server configuration can be performed through these objects. Use wsadmin to display the help provided by each of the administrative objects.
Copyright IBM Corp. 2009 Exercise 8. Using wsadmin
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-13

Instructor Exercises Guide

Information The Help object is used to provide general help for the objects AdminApp, AdminConfig, AdminControl, AdminTask, and Help. It is also the interface to obtain information about MBeans (operations, attributes, and particular interface information about MBeans).

__ a. At the wsadmin prompt enter the following command: Help.help()

__ b. As you can see, the output has not been formatted and is hard to read. Now try the following command:

8-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

print Help.help()

Using the command print in front of nearly every other command produces formatted output, which is much easier to read. __ c. Now try to get help for the other administrative objects: AdminConfig.help() AdminControl.help() AdminApp.help() AdminTask.help() __ 3. You can also request specific help on a particular command, or method, of an administrative object. To display the command groups available for the AdminTask object, enter the command:

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-15

Instructor Exercises Guide

print AdminTask.help("-commandGroups")

__ 4. Suppose you are interested in the group of commands for configuring a cluster. To display the commands available to configure a cluster, enter the command: print AdminTask.help("ClusterConfigCommands")

8-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 5. Finally, if you want to know more information about the CreateCluster command, enter the command: print AdminTask.help("createCluster")

__ 6. Use the AdminApp object to list applications and application module information. Information The AdminApp object is used to work with application objects. This includes functions such as installing, uninstalling, listing, and editing.

__ a. At the wsadmin command prompt enter: print AdminApp.list() All applications installed on the application server are listed.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-17

Instructor Exercises Guide

Information The list of installed applications on your machine may be different from the screen capture above.

__ b. At the wsadmin command prompt, enter: print AdminApp.listModules("TradeApplication") A list of the installed Web and EJB Modules for the TradeApplication enterprise application are displayed.

__ 7. Use the AdminControl object to get information about the domain, cell, and host. Information The AdminControl object is used to invoke operational commands on live running objects. It supports utility methods for tracing, reconnecting the server, and converting data types.

__ a. At the wsadmin command prompt, enter: print AdminControl.getCell() The cell name is displayed.

__ b. At the wsadmin command prompt, enter: print AdminControl.getNode() The node name is displayed.

8-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. At the wsadmin command prompt, enter: print AdminControl.getHost() The node name is displayed.

__ 8. Use the AdminConfig object to modify the static configuration of a data source. You will modify the description of the data source in multiple steps using Jython commands, wsadmin commands, and one variable. Information The AdminConfig object manipulates the static configuration data for a WebSphere Application Server installation for all objects except applications. There are commands to list, create, remove, display, and modify configuration data.

__ a. Verify the name of the data sources. At the wsadmin command prompt, enter: print AdminConfig.list("DataSource") The names of the data sources are displayed.

__ b. At the wsadmin command prompt, enter the following: datasrc=AdminConfig.getid("/DataSource:Trade/") datasrc is a variable name. getid is an AdminConfig command that retrieves the configuration ID of the Data Source object. /DataSource:Trade/ is the hierarchical containment path of the configuration object, including the actual name of the object.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-19

Instructor Exercises Guide

__ c. To see the result of the previous commands, enter: print datasrc

__ d. To see the properties for the selected data source held by the datasrc variable, enter: print AdminConfig.show(datasrc)

__ e. Modify the description of the data source using the command: print AdminConfig.modify(datasrc, [["description", "Data source used in the Trade application"]]) modify is an AdminConfig command that changes the description of the data source in the configuration ID (which is stored in the variable datasrc) to the value Data source used in the Trade application. description is an attribute of server objects. __ f. Display the attributes of the data source and make sure the change took place:

8-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

print AdminConfig.show(datasrc)

__ g. Save the configuration changes: AdminConfig.save() __ 9. Use the AdminTask administrative object to get information about the node and server.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-21

Instructor Exercises Guide

Information The AdminTask object is used to run administrative commands. Administrative commands are discovered dynamically when you start wsadmin.

__ a. At the wsadmin command prompt, enter the following commands to gather information about the node and server: nodes=AdminTask.listNodes() nodes is a variable name. listNodes is an AdminTask command that displays all of the nodes in the cell. print AdminTask.listServerTypes(nodes) listServerTypes is an AdminTask command that lists server types for the value of nodes print AdminTask.listServers() listServers is an AdminTask command that lists the servers.

__ 10. Use various commands to get information on the configuration and server. __ a. At the wsadmin command prompt, enter the following commands: cell=AdminConfig.list("Cell") print cell cell is a variable name. list is an AdminConfig command that displays the cell. cellname=AdminConfig.showAttribute(cell,"name") print cellname cellname is a variable name. showAttribute is an AdminConfig command that displays all of the attributes of the cell.
8-22 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

nodes=AdminConfig.list("Node",cell) print nodes nodes is a variable name. list is an AdminConfig command that displays all of the nodes in the cell. nodename=AdminConfig.showAttribute(nodes,"name") print nodename nodename is a variable name. showAttribute is an AdminConfig command that displays all of the attributes of the nodes in the cell. print AdminConfig.showall(AdminConfig.list("Node")) node is a variable name. showall is an AdminConfig command that displays all of the attributes of the specified configuration object. server=AdminConfig.list("Server") print server server is a variable name. list is an AdminConfig command that displays the servers in the cell. AdminTask.showServerInfo(server)

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-23

Instructor Exercises Guide

showServerInfo is an AdminTask command that shows the information on the server.

Work with applications


Use wsadmin to uninstall the ivtApp application. The application to be uninstalled must first be stopped. Once an application is stopped, you can uninstall it. __ 1. Enter the following commands that will stop the ivtApp application and uninstall the application. __ a. This command gets the name of the application manager MBean for the applications running on the server. appManager=AdminControl.queryNames("type=ApplicationManager, cell="+cellname+",node="+nodename+",process=server1,*") print appManager Note The variables cellname and nodename were created in the previous step.

8-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. This command gets the application detail and assigns it to a variable. app=AdminControl.queryNames("type=Application,cell="+cellname+", node="+nodename+",process=server1,J2EEName=ivtApp,*") print app __ c. This command gets the application name and assigns it to a variable. appName=AdminControl.getAttribute(app,"name") print appName __ d. This command stops the ivtApp. AdminControl.invoke(appManager,"stopApplication",appName) __ e. This command uninstalls the ivtApp. AdminApp.uninstall(appName) Information Look for the message indicating the application ivtApp uninstalled successfully.

__ f.

Save the configuration to the repository. This command will update the repository with the information about the uninstalled ivtApp application. AdminConfig.save()

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-25

Instructor Exercises Guide

Information This sequence of commands is a typical example of what you would put in a general purpose Jython script. Once you try the individual commands and debug them, you can put all the commands in a file called uninstall.py and use it every time you need to uninstall an application. You would modify the commands slightly to accept the name of the application through a command-line parameter to the script.

__ 2. Verify the application has been uninstalled by using the administrative console. __ a. Log in to the administrative console using the user ID wasadmin and password web1sphere __ b. Expand Applications and Application Types. Select WebSphere enterprise applications. The ivtApp application should no longer be listed.

8-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. Reinstall the ivtApp application and verify that it is running. The ivtApp.ear file can be found in the <was_root>\installableApps directory. __ a. Copy the ivtApp.ear file from the <was_root>\installableApps directory to the <profile_root>\profile1\installableApps directory. __ b. Enter the following command that will install and start the ivtApp application: AdminApp.install("../installableApps/ivtApp.ear",["-appname ivtApp"]) This command installs the ivtApp.ear and gives it the name ivtApp. The -appname parameter is an installation option. Information Make sure there is a space between -appname and ivtApp when you enter the command. Look for the message indicating the application ivtApp installed successfully.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-27

Instructor Exercises Guide

8-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information You may or may not see the messages regarding Java EE security. If an EAR file contains a was.policy file, its contents are displayed when you install the application. This is a way of letting the administrator know that the file exists and as a reminder to check this file to make sure that resources granted access are allowed by the security policies of the organization.

__ c. This command saves the configuration to the repository. AdminConfig.save() __ d. This command starts the newly installed application. AdminControl.invoke(appManager,"startApplication",appName)

__ 4. Verify the application has been installed by using the administrative console. __ a. Log in to the administrative console, if needed, or refresh the current administrative console.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-29

Instructor Exercises Guide

__ b. Expand Applications and Application Types. Select WebSphere enterprise applications. The ivtApp application should be listed and running. If the application is not shown in the list, you may need to log out of the administrative console and log on again.

Information You can also obtain the application status using the following wsadmin command: print AdminControl.completeObjectName("type=Application,name=ivtApp,*") If the ivtApp application is running, then an MBean is created and will provide output. Otherwise, the command returns nothing.

__ c. Log out of the administrative console.

8-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exploring the scripting libraries


Many scripting operations are simple and straightforward. However, other operations might require a bit of investigation, reading, and trial and error, making it difficult for some users to take full advantage of scripting in their environments. In an effort to help users overcome the complexity of scripting, a new set of script libraries has been introduced in WebSphere Application Server V7. In this part of the lab you take an initial look at the available libraries and explore what they have to offer. __ 1. Open Windows Explorer and navigate to the following folder: <was_root>\scriptLibraries

Linux Open file browser and navigate to <was_root>/scriptLibraries.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-31

Instructor Exercises Guide

__ 2. Open each of the subfolders and discover the names of the libraries: Table 15: Scripting libraries Directory location application\V70 resources\J2C\V70 resources\JDBC\V70 resources\JMS\V70 resources\Provider\V70 security\V70 servers\V70 system\V70 utilities\V70 Script library AdminApplication AdminBLA AdminJ2C AdminJDBC AdminJMS AdminResources AdminAuthorizations AdminClusterManagement AdminServerManagement AdminNodeGroupManagement AdminNodeManagement AdminLibHelp AdminUtilities

Note The libraries use the administrative objects you looked at in the previous part of this exercise. All of these libraries are loaded when wsadmin starts and are readily available from the wsadmin command prompt, or to be used from your own scripts. Even though source code is provided, it is not meant to be modified by the user. Users of the libraries call code in the libraries from their own scripts. You may copy parts of the library code to other files and modify the copied code to improve it or better suit your needs.

__ 3. You can open the libraries in a text editor and look at the code. You will note that the code is well documented and exceptions and other errors are handled gracefully by providing meaningful error messages to the calling scripts. Use a text editor to open the AdminJDBC script library: <was_root>\scriptingLibraries\resources\JDBC\V70\AdminJDBC.py

8-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

In each library, after the usual copyright and disclaimer statement, there will be a list of procedure examples. The AdminJDBC library has nine example functions: - Ex1: createJDBCProvider Create a new JDBC provider in your environment. The script returns the configuration ID of the new JDBC provider. - Ex2: createJDBCProviderUsingTemplate Use a template to create a new JDBC provider. - Ex3: listJDBCProviderTemplates Display a list of configuration IDs for the JDBC provider templates. - Ex4: createDataSource Create a new data source in your configuration. The script returns the configuration ID of the new data source. - Ex5: createDataSourceUsingTemplate Use a teimplate to create a new data source in your configuration. The script returns the configuration ID of the new data source. - Ex6: listDataSourceTemplates Display a list of configuration IDs for the data source templates. - Ex7: listJDBCProviders Display a list of configuration IDs for the JDBC providers. - Ex8: listDataSources Display a list of configuration IDs for the data sources. - Ex9: help Display AdminJDBC script library online help. Navigate to Example 7 listJDBCProviders. As you can see with this example and all the examples in the library, these functions expose operations at a higher level than those provided by the administrative objects and provide a better abstraction to the script writer.

Examine the example functions provided by the library. Close the file when you are done examining it.
Copyright IBM Corp. 2009 Exercise 8. Using wsadmin
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-33

Instructor Exercises Guide

__ 4. A similar listing of functions available in a library can be obtained using the help() method. At the wsadmin prompt enter: print AdminJDBC.help()

__ 5. As with the administrative objects, you can get help on a specific method. Enter: print AdminJDBC.help("listJDBCProviders")

8-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 6. Not only can you use these commands in your own scripts, you can execute the commands directly. Enter: print AdminJDBC.listJDBCProviders()

As with any new library system it takes a while to become familiar and comfortable with the functions available. By combining these library functions with your own scripting logic in your Jython scripts, you can write scripts to configure your application servers.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-35

Instructor Exercises Guide

Using IBM Rational Application Developer to code, test, and debug Jython scripts
The Rational Application Developer assembly and deploy tool is enhanced with features specifically designed to write and debug Jython scripts. In this section of the lab you write a simple script to set the value of one of many WebSphere environment variables: in this case the variable that defines the path to the DB2 Universal JDBC driver. __ 1. Start Rational Application Developer by clicking Start > Programs > IBM Software Delivery Platform > IBM Rational Application Developer 7.5 > IBM Rational Application Developer. Linux Start Rational Application Developer by navigating to /opt/IBM/SDP and invoking: ./eclipse &

__ 2. The Rational Application Developer Workspace Launcher window opens. The Workspace field identifies the directory to be used for your workspace. As scripts are usually saved along with other application files, open the same workspace you used for assembling the Trade application. Make sure the workspace is: <software_dir>\Assemble\TradeApp Click OK.

8-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information You could use any workspace. Some organizations have a workspace dedicated to holding nothing but scripts.

__ 3. Once Rational Application Developer opens, the Java EE perspective will be in view. Switch to the Java EE perspective if it is not open. Note To get to the Java EE perspective click Window > Open Perspective > Other. Select Java EE (default) and click OK.

__ 4. Define the runtime environment. __ a. On the bottom pane of the Java EE perspective, click the Servers tab. __ b. If a server has been previously defined, proceed to the next step (creating a folder to contain your scripts). __ c. If a server has not been defined previously, continue with the rest of this step. __ d. Right-click in the empty Servers view to get the context menu. Select New > Server.

__ e. On the New Server pane, verify that the following fields are populated with these values: Servers host name: localhost Select the server type: WebSphere Application Server v7.0 Server name: WebSphere Application Server v7.0 at localhost Server runtime environment: click Add Name: WebSphere Application Server v7.0 Installation directory: <was_root> Click Finish and the server runtime environment will be parapeted

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-37

Instructor Exercises Guide

- Server runtime environment: WebSphere Application Server v7.0

__ f.

Click Next.

__ g. On the WebSphere Server Settings pane, accept the defaults: - WebSphere profile name: profile1 - The following options are selected: Automatically determine connection settings Run server with resources within the workspace Security is enabled on this server - User ID: wasadmin - Password: web1sphere - WebSphere server name: server1

8-38 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ h. Click Test Connection. The Test Connection window will appear. It should display Connection successful.

__ i.

Click Finish.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-39

Instructor Exercises Guide

__ 5. Create a folder to contain your scripts, called Scripts. __ a. From the main menu, click File > New > Other. __ b. From the list of available project types expand the Jython folder and select Jython Project. Click Next.

8-40 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Enter Scripts for the Project name and click Finish.

__ 6. Create a new Jython script file under the Scripts folder. __ a. Right-click the Scripts folder to open the context menu. Click New > Other. __ b. From the list of available project types select Jython > Jython Script File. Click Next. __ c. Enter setWASEnvVariable.py for the file name. Click Finish.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-41

Instructor Exercises Guide

__ d. The file opens in the Jython source editor on the upper right view of the Java EE perspective. You also see the file in the workspace structure under the Scripts folder. If the file is not visible, select the Scripts folder and right-click to open the context menu. Click Refresh. The file should appear in the list. Now you are ready to write the script.

Creating the script


As you know, the application server uses many of its own environment variables to consolidate information, such as paths, in one place. Once the environment variable is set, it is used in many places instead of entering the information contained in the variable many times. This reduces maintenance because if the information held in the variable ever changes, it only needs to be changed in one place. All the users of that information get it by referencing the environment variable and not the location directly. One such variable is the one used when accessing DB2 database drivers. The server needs to know where to find the drivers in order to add this information to its class path. This script sets the DB2UNIVERSAL_JDBC_DRIVER_PATH environment variable, but it could be used to change any variable. __ 1. On the Jython editor view enter the following code, which makes up the main of the script.

8-42 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information If you are not familiar with the term main, it refers to a method, or entry point, in a program that starts things rolling. In procedural languages what starts a program going is usually the first line of code encountered. In C, C++, and Java there is a method actually called main which is executed after the program is loaded. In Jython the first line executed is not necessarily the first line of the program or a method called main, but the first unindented line that has not been designated as a subroutine with the def keyword. Other languages use other conventions.

Ask the AdminControl object for the nodes name using the getNode() method. When typing this line of code in the editor, stop typing after entering: nodeName = Admin __ 2. Press Ctrl+Space; this key combination invokes command completion. Rational Application Developer provides you with all logical choices that may complete the line you are typing. From the list double-click to select AdminControl.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-43

Instructor Exercises Guide

__ 3. Type a period and again press Ctrl+Space. This time all the methods for the AdminControl object appear on the list. Continue typing and see how the list narrows as you enter characters. Type get and now you only see getter methods. Type an N, and select getNode from the list.

You should now have the complete line in the editor: nodeName = AdminControl.getNode() __ 4. Enter the rest of the code below using command completion and experimenting to see when it works and when it does not. Make sure to use the forward slash as you enter the directory path. If you do not want to type all the code, you can copy it from <software_dir>\wsadmin\setWASEnvVariable.py. varName = "DB2UNIVERSAL_JDBC_DRIVER_PATH" newVarValue = "<db2_root>/java" lf=java.lang.System.getProperty("line.separator") changeEnvValue(varName, newVarValue) print ("Saving configuration") AdminConfig.save() Linux If you copy and paste from the <software_dir>/wsadmin/setWASEnvVariable.py file you must edit the <db2_root>/java path.

__ 5. Note the line of code below: changeEnvValue(envVarName, envVarValue)

8-44 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

This code represents a subroutine call to the method changeEnvValue(). In Jython, subroutines must appear in the program before the code that calls them. This is a Jython interpreter restriction. Write the method now starting at the top of the file, before the code you wrote in the previous step: Warning Be careful when entering the code below to maintain the indentation shown. Indentation (leading white space) determines blocks of code in Jython. You may use spaces or tabs to achieve the level of indentation desired. Enter lines, which are shown split below, in one single line using the editor. If you do not want to type all the code, you can copy it from: <software_dir>\wsadmin\setWASEnvVariable.py.

Line 1: def changeEnvValue(envVarName, envVarValue): Line 2: print("Setting variable " + varName + " on node " + nodeName + ", to " + newVarValue) nodeId = AdminConfig.getid("/Node:"+nodeName+"/") varSubstitutions = AdminConfig.list("VariableSubstitutionEntry",nodeId) .split(lf) for varSubst in varSubstitutions: curVarName = AdminConfig.showAttribute(varSubst, "symbolicName") print AdminConfig.showall(varSubst, "value") AdminConfig.modify(varSubst,[["value", newVarValue]]) break

Line 3: Line 4:

Line 5: Line 6:

Line 7: Line 8:

Line 9:

Even though the code above seems complex, with a little explanation it will become clearer as to how it sets the environment variable:
Copyright IBM Corp. 2009 Exercise 8. Using wsadmin
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-45

Instructor Exercises Guide

- The subroutine is called from the main code, passing it two parameters: the name of the variable to change and the new value to be set for the variable. - The first line prints an information message indicating the variable name and the new value for the environment variable. It also prints the name of the node where the variable will be changed. - The next line gets the node ID using the nodes name as a parameter to the AdminConfig.getid() method. - The next line performs two operations. First it gets a list of all variable substitution entries. These entries are not returned in a true list that can be manipulated, but instead are returned in a long string containing all the entries, with a line feed character between each entry. The returned string must be converted into a true list object. This is accomplished by splitting the string using the line feed character as the delimiter. The line feed character is obtained at run time since it changes between operating systems. This was done in the main of the script. - Now that you have a list, you can iterate through the list using a for loop. In the loop each value in the list is assigned to the varSubst variable. - The first line inside the loop uses the showAttribute() method of AdminConfig to retrieve the actual name of the environment variable, which is printed on the next line. - Changing the value is accomplished by using the modify() method of AdminConfig. - If the variable was found and changed, the loop is broken by the keyword break. - If the variable was not found in this iteration the loop continues until all the environment variable names are looked up. __ 6. Save the file by pressing Ctrl+s.

8-46 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information To get the line numbers that appear on the left of the window from the context menu, click Window > Preferences > General > Editors > Text Editors. Check the box in front of Show line numbers and click Apply. Click OK.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-47

Instructor Exercises Guide

__ 7. Run the setWASEnvVariable script by selecting Run As > Administrative Script from the scripts context menu.

Note If you did not complete the previous exercises, your screen capture may look different from the one above. TradeApplication, TradeEJB, and TradeWeb will not appear in the navigator window.

__ 8. The first time you attempt to run the script you must provide some configuration parameters on the Edit configuration and launch pane. __ a. From the Scripting runtime drop-down list, select an existing runtime environment and proceed to the next step. __ b. If you need to create a runtime environment, click New to create a new scripting runtime and continue with this step.

8-48 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Select WebSphere Application Server V7.0 from the runtime environment list and click Next.

__ d. On the WebSphere Runtime pane, enter or browse to: <was_root>. Click Finish.

__ 9. Complete the script configuration. __ a. Under Security select the As defined in soap.client.props or sas.client.props file option. You set the user ID and password in the properties

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-49

Instructor Exercises Guide

file earlier in this exercise (if not, choose Specify and enter wasadmin and web1pshere as the user ID and password).

__ b. Click Apply. __ c. Feel free to explore the other tabs of the pane to see what is available. For example, you may pass a command-line parameter under the Arguments tab. __ d. Click Run. After this initial setup you may just click Run from the toolbar; Rational Application Developer remembers these values.

8-50 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. Rational Application Developer assembly and deploy will attempt to run the script in wsadmin. Any errors or output will appear on the Console view on the bottom right pane of perspective. The Console view will be opened automatically as required. __ f. Make sure the script runs without any errors. There will initially be numerous packaging messages that appear in red. They can be ignored.

__ g. There are times when the console seems to disappear, and a different console is displayed. This is because there are multiple consoles that are viewable. To see the list and select the console for the script, select the Display Selected Console drop-down list, and choose setWASEnvVariable.py.

Using the Jython debugger


Sometimes logic errors will prevent your script from producing the expected results. In those cases it is very useful to run the script using the Jython source debugger. Using the debugger, you are able to set breakpoints, examine variable values, cycle through the code step-by-step and, in most cases, figure out where the problem is. Sometimes it is useful to run a script through the debugger to figure out how it works. This is especially true when you are given a script someone else wrote and now you need to maintain it.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-51

Instructor Exercises Guide

A good way to start is to place a breakpoint at the first executable line of the script.The marker bar is the dark vertical bar located along the left side margin of the Jython editor view.

__ 1. From the Jython editor, set a breakpoint on the line containing the code: nodeName = AdminControl.getNode() Locate the line in the script, place the mouse pointer so that it is situated on top of the marker bar and aligned with the line of code where you want to apply the breakpoint, right-click, and select Toggle Breakpoint (you can also simply double-click).

__ 2. Select the setWASEnvVariable script on the Enterprise Explorer view. Right-click to open the context menu. From the context menu, click Debug As > Administrative Script.

8-52 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. Click Yes to switch to the Debug perspective.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-53

Instructor Exercises Guide

__ 4. The Debug perspective is opened. The script is started and then suspended once the breakpoint is reached.

Examine the Debug perspective: There are five panes; the default views are: Debug, Variables, Source, Outline, and Console. There are other views accessible through tabs on the panes. The toolbar on the Debug view controls execution of the script allowing you to Stop (Terminate), Run to the next breakpoint, Step into subroutine, Step over subroutine, Return from subroutine. These controls give total control over the

8-54 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

execution of the script. There are function keys F5-F8 that are assigned these same functions.

Below the toolbar you see the execution stack. It displays the calling sequence that executed. The Variables view allows you to examine the value of the variables that are in the scope of the breakpoint, that is, global variables and variables local to the subroutine you are in. At the moment you cannot change the value of the displayed variable. Sharing the same pane as the Variables view is the Breakpoints view. There you can control the various breakpoints of the script, enabling and disabling as necessary. The Source view shows the script. From the context menu on this view, you have access to a useful function: Run to Line. You can place the cursor anywhere on the source and click Run to Line, and the debugger will execute code to that line. It effectively is a temporary breakpoint.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-55

Instructor Exercises Guide

The Outline view shows the methods and loops in the script, allowing you to quickly find and jump to areas of interest. The Console view displays errors and other messages from the script and server. Feel free to experiment in the different views and discover the details of what is available. __ 5. Press the F6 key, or click the corresponding button on the Debug views toolbar to step over the statement where the debugger is stopped. This advances execution one statement at a time. __ 6. Watch the Variables view and look for the newly assigned variable and its value. __ 7. Step three more lines, watching the Variables view.

Note how the type and value of the selected variable is displayed, in detail, at the bottom of the view. __ 8. The next line should be the call to the subroutine: changeEnvValue(varName, newVarValue) __ 9. This time press F5, or click the corresponding button on the Debug views toolbar to step into the subroutine. __ 10. Continue to press F6 to run through the subroutine and its loop. Observe when a matching variable is found from the list of environment variables how the value is actually changed and how the loop ends when the break statement is executed. __ 11. After the subroutine ends, control is returned to the main part of the script where a message is printed and the configuration is saved. __ 12. Advance one more step, and the thread terminates. If you have to run through the program again, you can relaunch from a terminated thread. From the Debug view, select the terminated thread and right-click to open the context menu. Select Relaunch. You now have the basic skills for writing, testing, and debugging Jython scripts. Of course there is a lot more to it than this short exercise. Probably the most complex task ahead of you is to become familiar with what the administrative objects can do. There are many
8-56 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

examples and excellent articles in the information center and on the WebSphere Developer Web site. A good resource to learn about the methods available in the information center are the pages named: Using the AdminConfig object for scripted administration Commands for the AdminConfig object These pages exist for all other administrative objects; just substitute their names for AdminConfig and search the information center.

Using console command assist


The Websphere administrative console has the ability to display the command it uses to affect certain configuration changes. Information Not all configuration commands are displayed in this version. As new releases become available, the number of administrative console actions that display their commands will increase.

If the Rational Application Developer assembly and deploy tool is running, it can communicate with the administrative console and receive these commands so that they can be inserted into Jython scripts being worked on Rational Application Developer assembly and deploy. This feature effectively gives you the command to reuse in a script, saving you the time and research to figure it out on your own. This feature is configured using the console and the command used by the console application. In this exercise, set up the administrative console and Rational Application Developer to communicate with each other. __ 1. Make sure the server is running and log in to the administrative console. __ 2. From the main menu on the left expand System administration and select Console Preferences. __ 3. On the Console preferences window select both: Enable command assistance notifications

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-57

Instructor Exercises Guide

Log command assistance commands

__ 4. Click Apply. __ 5. Rational Application Developer should still be open from the previous section. If it is not open, open it to the same workspace on which you were working. __ a. Make sure you are on the Java EE perspective. __ b. From the main menu select Window > Show view > Other. __ c. Expand Server and select WebSphere Administration Command.

__ d. Click OK. __ e. Make sure the WebSphere Administration Command view is now visible.
8-58 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

Click the Select Server to Monitor drop-down arrow and click WebSphere Application Server v7.0 at localhost.

Information If the server name is not available on the list, switch to the Servers view and make sure the server is up and running.

__ 6. On the administrative console expand Applications and Application Types. Click WebSphere enterprise applications. __ 7. On the far right, under Help, click View administrative scripting command for last action.

This opens a new browser window where the last few administrative commands can be seen and also where you can control the behavior of command assistance. __ 8. Expand Preferences. If not already selected, check both command assistance preferences: Enable command assistance notifications

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-59

Instructor Exercises Guide

Log command assistance commands

Click Apply. __ 9. From the administrative console perform the following sequence of commands. As you perform the commands, switch between the Administrative Scripting Commands browser page, and Rational Application Developers WebSphere Administration Command view to see which commands show up in the windows: From the navigation menu, expand Resources and JDBC. Click JDBC providers. Click DB2 Universal JDBC Driver Provider (XA). From the navigation menu, click Data sources. Click Trade datasource. Change the description of the data source to Used by Trade application. Click OK. Save the change.

8-60 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 10. View the Rational Application Developer WebSphere Administration Command view.

Select a command in the list and right-click to open the context menu. There are three options available: - Insert Insert that command at the cursor position of a Jython script open in the Jython editor. - wsadmin Command help Get help on the command. - Remove Remove the command from the list. When requesting help, a Web browser view opens in Rational Application Developer and displays the information center page for that command, or administrative object. __ 11. Feel free to experiment using the console, inserting commands into a Jython script. __ 12. Exit Rational Application Developer.

Using properties file-based configuration


WebSphere Application Server V7 provides a new set of utilities for working with server configuration using properties files. You can create a properties file of human readable key value pairs based on your environment, make modifications to that file, and then apply the updated properties to a server. The objective of this portion of the lab is to provide you with a basic understanding of this new technique for administering your environment. You will extract the EndPoint resource for server1 that contains the list of port name value pairs. __ 1. Using wsadmin, extract the properties for the server1.
Copyright IBM Corp. 2009 Exercise 8. Using wsadmin
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-61

Instructor Exercises Guide

__ a. Navigate to the bin directory of the profile1: <was_root>\profiles\profile1\bin __ b. Start wsadmin. wsadmin -lang jython

The UNIX command would be: ./wsadmin.sh -lang jython

__ c. Properties files can be extracted for a variety of configuration attributes at different levels: a cell, a node, a server, one container in that server, and others. If you know what type of properties you want to modify, you can extract a properties file for your server using an object type filter. In this case you are going to extract the resource type EndPoint for server1 into a properties file called endpoint.props. Enter the command: AdminTask.extractConfigProperties("-propertiesFileName endpoint.props -configData Server=server1 -filterMechanism SELECTED_SUBTYPES -selectedSubTypes [EndPoint]")

8-62 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. The properties file is located in the current directory, in this case, <profile_root>\profile1\bin. Open the endpoint.props file with a text editor.

__ e. Open the administrative console. From the navigation tree, expand Servers and Server Types. Click WebSphere application servers.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-63

Instructor Exercises Guide

__ f.

From the server list click server1 to open the configuration work area. Under Communications, click Ports.

8-64 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. Compare the port values from the properties file with the ports listed on the administrative console. You are going to change the port value for SIB_MQ_ENDPOINT_ADDRESS. Click server1 from the breadcrumb trail and return to the configuration tab for server1. Leave the administrative console open. __ 2. Modify the endpoint.props file. __ a. Locate the port and value pair for SIB_MQ_ENDPOINT_ADDRESS. Change the port value, currently 5558, to 15558 __ b. Save the updated file, but do not close it.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-65

Instructor Exercises Guide

__ 3. Validate the updated properties file. __ a. From the wsadmin command line enter: AdminTask.validateConfigProperties("-propertiesFileName endpoint.props")

__ b. If the file validation is successful, true will be displayed as output. __ 4. Apply the updated properties file to the configuration. __ a. From the wsadmin command line enter: AdminTask.applyConfigProperties("-propertiesFileName endpoint.props")

__ b. If the configuration is updated successfully, two single quotes will be displayed as output. __ 5. Save the changes. __ a. From the wsadmin command line enter: AdminConfig.save()

8-66 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 6. From the administrative console, click Ports. Notice that the port value for SIB_MQ_ENDPOINT_ADDRESS has changed to 15558, reflecting the change you made in the properties file.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-67

Instructor Exercises Guide

__ 7. Change the port value for SIB_MQ_ENDPOINT_ADDRESS back to 5558. __ a. Modify the properties file and change the port value for SIB_MQ_ENDPOINT_ADDRESS to 5558. Save and close the properties file. __ b. Validate the updated properties file. AdminTask.validateConfigProperties("-propertiesFileName endpoint.props") __ c. Apply the updated properties file to the configuration. AdminTask.applyConfigProperties("-propertiesFileName endpoint.props") __ d. Save the changes. AdminConfig.save() __ e. Verify the change by checking the port values from the administrative console. SIB_MQ_ENDPOINT_ADDRESS should now have a port value of 5558. __ f. Log out of the administrative console.

__ g. Exit wsadmin.

End of exercise

8-68 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


In this lab, you learned to manipulate wsadmin objects from the command line using the Jython languages. You experimented with Rational Application Developer to create and step through a wsadmin script written in Jython. Finally you set up the WebSphere administrative console to communicate with Rational Application Developer to pass any administrative commands used by the administrative console back to Rational Application Developer.

Copyright IBM Corp. 2009

Exercise 8. Using wsadmin


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

8-69

Instructor Exercises Guide

8-70 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 9. Creating a federated cell


Estimated time
01:00

What this exercise is about


In this lab exercise, you experience the process of creating a WebSphere cell through the generation of a deployment manager profile followed by the federation of application server profiles.

What you should be able to do


At the end of the lab, you should be able to: Create a deployment manager profile Back up the deployment manager configuration Use the deployment manager administrative console Federate a node into the deployment manager cell Create an additional custom profile Create an unmanaged Web server node Start and stop the Web server by using the console Map an application to the Web server

Introduction
This exercise goes through the process of creating and federating a cell. The initial steps include creating two additional profiles, the first of which will be a deployment manager profile. Once the deployment manager profile is created, profile1 is federated into the cell. Then a custom profile is created and federated at the same time. This exercise not only demonstrates the process of creating a cell, but it also prepares the lab environment for other important steps including creating a node to manage a remote Web server and clustering an application server.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-1

Instructor Exercises Guide

Required materials
To perform this exercise, you must have the application server named server1 started. DefaultApplication and TradeApplication must be installed and running on server1.

9-2

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Instructor exercise overview


The first part of this exercise creates a deployment manager profile called DmgrProfile. After backing up each of the configurations for the profiles (profile1 and DmgrProfile), the original profile1 is federated. The student then uses the Profile Management Tool to create an additional profile called profile2. This is created as a custom profile that will automatically be federated during creation. The cell and both profiles (profile1 and profile2) are required for future labs. Profile1 and profile2 will be used to perform horizontal scaling, and a new node (ihsnode) is added to manage the IBM HTTP Server. Note Horizontal scaling implies that cluster members are spread across different physical machines. Clearly these labs are limited to only one machine (although instructors are encouraged to see if their students might attempt to connect multiple machines into their cells). However, the configurations used for these labs, having multiple profiles (even though they are on a single physical box), are logically the same as would be done in a true horizontal scaling situation. Using this configuration, the stand-alone student can complete all the labs and no network is required. Again, if students wish to map the federation, IHS, and clustering labs to separate machines, and the instructor is comfortable with that approach, the students should be encouraged to do so.

Note It is important, since all of these profiles end up being on the same machine, that the machine name is consistent. During the profile creation, the host name is used. It is important that the host name is the same during the creation of all the profiles. WebSphere tries to make sure that when new profiles are created, ports are not reused. But if WebSphere thinks two profiles are on different hosts, it does not need to make sure the ports are unique. The problem is that when the logic for the port conflicts is executed, the host names are compared as simple strings. This means if one profile was created using was7host01 and another with was7host01.ibm.com, WebSphere does not take into account that they are on the same hosts.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-3

Instructor Exercises Guide

Exercise instructions
During this exercise you transition your stand-alone application server environment to a cell environment containing two federated nodes and an unmanaged node for a Web server. It is important as you progress through the exercise that you have a good understanding of what you are creating. A topology of the existing environment will be shown as you begin each section of the exercise to help you understand how you are about to change the environment. The diagram below illustrates the beginning topology. As you begin the exercise, you have one stand-alone application server, named server1, contained in a node, named was7hostXXNode01.

When you complete the exercise you will end up with a cell, named was7hostXXCell01, containing the following nodes: Deployment manager node, named was7hostXXCellManager01 A federated node, named was7hostXXNode01, containing a node agent and an application server, named server1 A federated node, named was7hostXXNode01, containing only a node agent An unmanaged node, named ihsnode, containing an IHS administrative process and a Web server, named webserver01

9-4

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Create a deployment manager profile using the Profile Management Tool


During this section of the exercise you are going to create a deployment management profile that defines a cell, named was7hostXXCell01, containing a deployment manager node, named was7hostXXCellManager01. The existing application server, server1, will continue to be a stand-alone server contained in the node, was7hostXXNode01.

The Profile Management Tool is a GUI tool for creating WebSphere profiles. Using the profile wizard, you can create an application server profile, deployment manager profile,
Copyright IBM Corp. 2009 Exercise 9. Creating a federated cell
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-5

Instructor Exercises Guide

custom profile, or cell profile (which creates both a deployment manager and managed node). First create a deployment manager profile. __ 1. Start the Profile Management Tool. This is the same wizard you used earlier to create profile1. __ a. Click Start > Programs > IBM WebSphere > Application Server Network Deployment V7.0 > Profile Management Tool.

The UNIX command to run the Profile Management Tool is: <was_root>/bin/ProfileManagement/pmt.sh

Information It is also possible to create profiles from the command line using the manageprofiles -create script located in the <was_root>\bin directory.

For example: manageprofiles -create -profileName profile2 -profilePath "<profile_root>\profile2" -templatePath "<was_root>\profileTemplates\default" -nodeName was7host01Node02 -cellName was7host01Cell02 -hostName was71host01

9-6

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. The Welcome panel for the Profile Management Tool appears.

__ c. Click Launch Profile Management Tool. __ d. The Profiles list panel appears. Click Create.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-7

Instructor Exercises Guide

__ 2. Create a deployment manager profile called DmgrProfile. __ a. From the Environment Selection panel, select Management and click Next.

9-8

WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. From the Server Type Selection panel, select Deployment manager. Click Next.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-9

Instructor Exercises Guide

__ c. Select Advanced profile creation to specify your own configuration values during profile creation. Click Next.

__ d. Ensure that the Deploy the administrative console (recommended) check box is selected. The administrative console will be necessary for this class. Click Next.

9-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. From the Profile Name and Location panel, provide the following name and location information: - Profile name: DmgrProfile - Profile directory: <profile_root>\DmgrProfile - Do not select the Make this profile the default option. __ f. Click Next.

Information The default profile will initially be the first profile created. It is also possible to change which profile is designated as the default with the Profile Management Tool or the manageprofiles command. When running commands from the <was_root>\bin directory, commands will be executed against the runtime defined by the default profile. It is also possible to specify a particular profile using the -profileName argument.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-11

Instructor Exercises Guide

__ g. The Node and Host Names panel allows you to set the node name, server name, and host name. Default values will be filled in based on the detected host name for your server.

On UNIX systems, the host name may be the long name (was7host01.ibm.com). Accept whatever the default is. Make sure that you are consistent in later exercises.
Ma

Ensure that the Node name and Host name are correct (they should be based on the short form of the host name and not localhost for example, was7host01CellManager01). For Server name, keep the default name (short name for Windows and long name on UNIX). Click Next.

__ h. From the Administrative Security panel, you choose whether to enable administrative security. Verify that the Enable administrative security option check box is selected. Enter the following information: - User name: wasadmin - Password: web1sphere

9-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ i.

Click Next.

__ j.

From the Security Certificate (part 1) panel, accept the default selections: - Create a new default personal certificate - Create a new root signing certificate

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-13

Instructor Exercises Guide

__ k. Click Next.

Note The Issued to distinguished name and the Issued by distinguished name on the Security Certificate (Part 2) panel will have a common name (CN) that can take different forms depending on your environment: IP address such as 192.168.192.128 Fully qualified domain name (FQDN) such as was7host01.localdomain or was7host01.ibm.com

9-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ l.

Accept the Security Certificate (part 2) panel defaults. Click Next.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-15

Instructor Exercises Guide

__ m. The Port Values Assignment panel allows you to set any ports for the deployment manager to prevent conflicts with other profiles. Accept the default port values (which may be different from the example shown below). Information Note the administrative console port for the deployment manager. This will be used later in this exercise. Ordinarily, the administrative console port would use port 9060. But since these labs have already installed a stand-alone application server, the Profile Management Tool avoids reuse of any ports. It therefore uses port 9061 instead.

__ n. Click Next.

9-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ o. For this lab, do not run the deployment manager as a Windows service. From the Windows Service Definition panel, deselect the box for Run the deployment manager process as a Windows service. Click Next.

Depending on which UNIX operating system is being used, there may be a similar window offering to run the deployment manager as a service. In that case, do not have the process run as a service and click Next.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-17

Instructor Exercises Guide

__ p. The Profile Creation Summary panel appears with all of the choices you have made on previous panels. Verify the summary information with what you entered previously. Click Create.

9-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

The creation of the profile usually take several minutes to complete.

__ q. The profile creation completes and the profile DmgrProfile is created. Notice that the Launch the First steps console check box is selected. Click Finish and the First steps console will launch.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-19

Instructor Exercises Guide

__ 3. The First steps console is associated with the deployment manager profile, DmgrProfile, that was just created. Each profile has its own First steps console. Click Installation verification from the console.

9-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. The installation verification test tool runs and displays messages to indicate verification status. Use the scroll bar to scroll to the bottom to see all the messages. The following messages will be displayed if the installation verification was successful: IVTL00701: The Installation Verification Tool verification succeeded. IVTL00801: The installation verification is complete.

Information It is possible that there may be several warnings displayed. These may be ignored at this point.

__ b. Close the First steps output - Installation verification output window. __ c. Click Exit to close the First steps console. __ d. Click File > Exit to close the Profile Management Tool.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-21

Instructor Exercises Guide

Backup the DmgrProfile configuration


Before continuing, it is a good idea to back up the configuration for the DmgrProfile that was just created. __ 1. In a previous lab, the backupConfig command was used to create a backup. There is another WebSphere tool that makes backups of a profile as well (other than operating system-level backups). The backupConfig tool backs up only the configuration directory of a profile. The command manageprofiles -backupProfile backs up the configuration directory as well as other metadata. Information From the information center: -backupProfile Performs a file system backup of a profile folder and the profile metadata from the profile registry file. Any servers using the profile that you want to back up must first be stopped prior to invoking the manageprofiles command with the -backupProfile option. The -backupProfile parameter must be used with the -backupFile and -profileName parameters, for example: manageprofiles.bat(sh) -backupProfile -profileName <profile_name> -backupFile <backupFile_name>

__ a. In a command-prompt window, navigate to the <profile_root>\DmgrProfile\bin directory.

The UNIX commands for this step are: ./serverStatus.sh -all ./stopManager.sh ./manageprofiles.sh -backupProfile -profileName DmgrProfile -backupFile <software_dir>/backups/Dmgr_initial_backup.zip

__ b. Verify the status of the deployment manager process by entering the following command: serverStatus -all Specify the user ID wasadmin and password web1sphere in the dialog box when you are prompted.

9-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Stop the deployment manager process if it is running by issuing the following command: stopManager Specify the user ID wasadmin and password web1sphere in the dialog box when prompted.

__ d. Once the deployment manager has stopped, issue the following command to back up the entire profile: manageprofiles -backupProfile -profileName DmgrProfile -backupFile <software_dir>\backups\Dmgr_initial_backup.zip

__ 2. Since profile1 will be federated shortly, create a backup for it as well.

The UNIX commands for this step are: cd <profile_root>/profile1/bin ./stopServer.sh server1 ./manageprofiles.sh -backupProfile -profileName profile1 -backupFile <software_dir>/backups/Profile1_prefederation.zip

__ a. From the <profile_root>\profile1\bin directory, stop server1:


Copyright IBM Corp. 2009 Exercise 9. Creating a federated cell
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-23

Instructor Exercises Guide

stopServer server1 -profileName profile1 __ b. Make sure to perform the manageprofiles command from the <profile_root>\profile1\bin directory. Once server1 has stopped, issue the following command to back up the entire profile: manageprofiles -backupProfile -profileName profile1 -backupFile <software_dir>\backups\Profile1_prefederation.zip

__ 3. Start the deployment manager. __ a. In a command-prompt window navigate to <profile_root>\DmgrProfile\bin and run the startManager command to start the deployment manager. Windows You can also start the deployment manager using the Start menu by clicking Start > Programs > IBM WebSphere > Application Server Network Deployment V7.0 > Profiles > DmgrProfile > Start the deployment manager.

The UNIX command would be: ./startManager.sh

Federate profile1 into the deployment managers cell


During this section of the exercise you are going to federate the application server node, defined by profile1 and named was7hostXXNode01, into the cell was7hostXXCell01, which

9-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

is defined by the deployment manager profile. The federation process will add a node agent to the application server node.

__ 1. If you backed up the profile for profile1 in the previous section, the server needs to be started. Backing up a profile causes the profile server to be stopped. __ a. Navigate to the <profile_root>\profile1\bin folder and execute the serverStatus server1 command. __ b. If server1 is not running, start server1. __ 2. Open the administrative console for the deployment manager. __ a. Open a Web browser and specify the following address: http://localhost:9061/ibm/console Windows You can also start the deployment managers console using the Start menu by clicking Start > Programs > IBM WebSphere > Application Server Network Deployment V7.0 > Profiles > DmgrProfile > Administrative console.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-25

Instructor Exercises Guide

__ b. If prompted, on the Certificate Error window click Continue to this website (not recommended) to accept the consoles certificate. You can install the certificate, as you did in the first exercise, to correct this problem.

Accept any certificates that are offered.

__ c. Log in to administrative console as user ID wasadmin with a password of web1sphere __ 3. Federate a node into the cell. Information In this lab environment, synchronizing clocks will not be an issue since the cell will be running on a single machine. But, when federating distributed machines, it is necessary to make sure that the clocks are within five minutes of each other.
.

__ a. From the deployment manager administrative console navigation tree, expand System administration. Click Nodes. __ b. Click Add Node.

9-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. The Managed node option is selected as default. Keep this setting. A managed node contains a WebSphere application server and a node agent. The application server runs as part of the network deployment environment. Click Next.

__ d. Specify your host name was7hostXX (where XX is 01, 02, 03 ...) for the host. Specify security user names and passwords for both profile1 and the deployment manager. The user name and password should be wasadmin and web1sphere

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-27

Instructor Exercises Guide

__ e. Select the options to Include applications and Include buses. Keep all remaining defaults.

__ f.

Click OK. Information

The port number above is the JMX connector port of the node you want to federate to the cell.

9-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. On the next window do not select the node agent to run as a Windows service. Click OK.

Depending on the version of UNIX, this screen may not appear.

__ h. Verify that the node was added to the cell configuration. The console message Node was7hostXXNode01 has been successfully federated will be displayed.

__ i.

Click View the available nodes, which is displayed at the end of the message list.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-29

Instructor Exercises Guide

__ 4. Verify the cell configuration. __ a. Click View the available nodes. Two nodes should be listed, the deployment manager (was7hostXXCellManager01) and the was7hostXXNode01 node that was just added.

__ b. Verify that the node agent on was7hostXXNode01 has started. From System administration, click Node agents. The status of the node agent is Started.

9-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 5. Start the application server and test the snoop servlet. __ a. From the navigation tree, click Servers > Server Types > WebSphere application servers. __ b. Select server1 and click Start. The status for server1 should now be started. __ c. Verify the DefaultApplication is running. From the navigation tree, go to Applications > Application Types > WebSphere enterprise applications. DefaultApplication should be running. __ d. Open another browser window and enter the following address: http://localhost:9080/snoop __ e. Verify that the snoop servlet works.

Create a custom profile and federate into the deployment managers cell
During this section of the exercise you are going to create a custom profile, profile2, that defines a node, named was7hostXXNode02. The custom profile will be automatically federated it into the cell, was7hostXXCell01.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-31

Instructor Exercises Guide

A custom profile is useful because it does not create any application servers on the node; it only creates the configuration and the node agent. This means that no server1 will be created on that node. This is very helpful for expanding clusters. __ 1. Start the Profile Management Tool. __ a. Click Start > Programs > IBM WebSphere > Application Server Network Deployment V7.0 > Profile Management Tool.

The UNIX command to run the Profile Management Tool is: <was_root>/bin/ProfileManagement/pmt.sh

__ b. The Welcome window for the Profile Management Tool appears. Click Launch Profile Management Tool. __ 2. Create a custom profile called profile2 and federate it to the deployment managers configuration. __ a. Click Create from the Profiles list panel.

9-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. On the Environment Selection panel click Custom profile. Click Next.

__ c. On the Profile Creation Options page, select Advanced profile creation to specify your own configuration values during profile creation. Click Next.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-33

Instructor Exercises Guide

__ d. For the profile name and location enter profile2 and <profile_root>\profile2 Click Next.

__ e. Ensure that the Node name and Host name are correct (they should be based on the short form of the host name and not localhost for example,

9-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

was7host01Node02). For Server name, keep the default name (short name for Windows and long name on UNIX). Click Next.

Information For these labs, use the short name for your host. Although it is perfectly fine to use another form of the host name, it is important to be consistent. Since the short name was used in the initial WebSphere installation lab, the short name should be used here as well.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-35

Instructor Exercises Guide

__ f.

On the Federation panel enter the following information: Deployment manager host name: was7hostXX (where XX is 01, 02, 03 ...) User name: wasadmin Password: web1sphere Do not click the Federate this node later check box.

__ g. Click Next.

Information Not selecting Federate this node later causes the node to be federated now as part of the process defined by the wizard.

9-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ h. Accept the defaults on the Security Certificate (Part 1) panel. Click Next. __ i. __ j. Accept the defaults on the Security Certificate (Part 2) panel. Click Next. Accept the default on the Port Values Assignment panel. Click Next.

__ k. On the Profile Creation Summary panel, click Create. __ l. The profile creation is now complete.

__ m. On the Profile Creation Complete panel deselect the Launch the First steps console option. Do not use the First steps console for profile2. Click Finish to exit the wizard.

__ n. Close the Profile Management Tool.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-37

Instructor Exercises Guide

__ 3. The node was7hostXXNode02 has been automatically federated into the deployment managers configuration. Verify these new configuration changes. __ a. Using the administrative console, list the nodes. From the navigation tree, expand System administration. Click Nodes. There should be the federated node was7hostXXNode02. Updates sometimes require a console relogin.

Information Using a custom profile does not create a server instance. This is useful when adding nodes to a cell since the intention of federating a new node into a cell is normally to either add cluster members to the node or create servers named something other than server1.
.

__ 4. Verify that both node agents have been started. __ a. From the navigation tree, click Node agents. __ b. If any of the node agents need to be started, use the command: <profile_root>\profileX\bin\startNode (where X is 1 or 2)

The UNIX command would be: <profile_root>/profileX/bin/startNode (where X is 1 or 2)

9-38 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Add the IBM HTTP Server to the cell


During this section of the exercise you are going to add an unmanaged node, ihsnode, to the cell was7hostXXCell01. You will also add a Web server, webserver01, to the unmanaged node. Information about the Web server is communicated to the deployment manager through the IHS administrative process.

Create a new node and add the Web server to the node. When adding a node you may create either a managed node or unmanaged node. A managed node contains a WebSphere application server and a node agent. An unmanaged node does not have a node agent and is used for defining remote Web servers in the topology. __ 5. Create a new unmanaged node for the Web server. __ a. In the navigation tree, expand System administration and click Nodes. __ b. Click Add Node.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-39

Instructor Exercises Guide

__ c. In the Add Node window, select Unmanaged node and click Next.

__ d. In the Nodes window enter configuration information for the node: - Name: ihsnode - Host Name: was7hostXX (where XX is 01, 02, 03 . . .) - Platform Type: Windows

Enter the appropriate Platform Type for your environment.

9-40 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. Click OK.

__ f.

Save the changes.

__ g. The node ihsnode should now be displayed in the list of nodes.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-41

Instructor Exercises Guide

Add the Web server to the configuration


In this step the Web server definition will be added to the ihsnode. __ 1. Add the Web server to the ihsnode configuration. __ a. From the navigation tree, go to Servers > Server Types > Web servers. __ b. Click New to add a Web server. __ c. On Step 1 of creating a new Web server enter the following information: - Select ihsnode from the Select node drop-down list. - For Server name, enter: webserverXX (where XX is 01, 02, 03 ...) - Select IBM HTTP Server from the Type drop-down list. Information The Web server name must match the name that was assigned during the IBM HTTP Server installation. You can check the Web server name by looking in <plugin root>/logs.
.

Click Next.

9-42 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. On Step 2, specify the Web server template. Ensure that IHS is selected and click Next.

__ e. On Step 3, specify the properties for the new Web server. Enter the following information in the fields as provided. Click Next when complete. Table 16: Web server configuration details Field Name Value Port 80 Installation location <ihs_root> Service name IBMHTTPServer7.0 Plug-in installation location <plugin_root> Application mapping All Port 8008 Username ihsadmin Password web1sphere Confirm password web1sphere

When running on UNIX, there will not be a service name entry.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-43

Instructor Exercises Guide

Information The Application mapping to the Web server feature was added in V6.1. Previously, when a new Web server was added to the cell, the mapping of the applications to that Web server would need to be done in a separate step. This could be done manually either through the console or through a customized script created during the installation of the plug-in.

9-44 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

On Step 4, the summary, click Finish.

__ 2. Save the changes. __ 3. Stop and start the Web server using the administrative console. __ a. Select webserverXX and click Stop. The Web server status should now be stopped.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-45

Instructor Exercises Guide

__ b. Verify in Windows services that the Web server is not running.

On UNIX, it is possible to check if the Web server processes are running with the following command: ps -ef | grep -i httpd If the Web server or IHS administrative process is not running, they can be started with the following commands: /opt/IBM/HTTPServer/bin/apachectl start /opt/IBM/HTTPServer/bin/adminctl start

__ c. Start the Web server before continuing. Select the Web server and click Start. __ d. To verify the server has started, open a Web browser and connect to the IBM HTTP Server welcome page. Specify the following address: http://localhost

Mapping modules to servers


Each module of an application is mapped to one or more target servers. The target server can be an application server, a cluster of application servers, or a Web server. Web servers specified as targets will then have the routing information for the application generated in their plug-in configuration files.

9-46 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

This mapping usually takes place during application deployment. But, since the DefaultApplication was already deployed at the time this particular Web server was added, the DefaultApplication still needs to be mapped to your new Web server. That, in fact, was done for you during the last step of defining the Web server properties when All was selected for the Application mapping to the Web server. That step actually mapped all installed applications to the new Web server. This section of the lab verifies that the applications were correctly mapped to the new Web server. __ 1. Using the deployment manager administrative console, verify the mapping of the DefaultApplication modules to the Web server. __ a. From the navigation tree, expand Applications and Application Types. __ b. Click WebSphere enterprise applications. __ c. From the list of applications, click DefaultApplication. __ d. Under Modules, click Manage Modules.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-47

Instructor Exercises Guide

__ e. Notice that the Default Web Application module has already been mapped not only to the application server server1, but to ihsnode as well. This page can also be used to modify the mappings manually.

__ f.

Click DefaultApplication from the breadcrumb trail to return to the configuration window.

__ g. Under Detail Properties, click Target specific application status.

9-48 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ h. This view shows the mapping of a deployed object to servers.

Working with the plug-in configuration file


The plug-in configuration file contains routing information for all applications mapped to the Web server. The plug-in configuration file needs to be regenerated and propagated to the Web server whenever there are changes made to the WebSphere configuration that affect how requests are routed from the Web server to the application server. __ 1. Regenerate the plug-in configuration file. __ a. From the administrative console navigation tree, expand Servers and Server Types. Click Web servers. __ b. Select the Web server. Click Generate Plug-in.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-49

Instructor Exercises Guide

Information This step should not be necessary since the default behavior is to automatically generate a new plug-in configuration file whenever an update is made. But this step confirms that the setup is working correctly.

__ c. Verify the generation was successful by viewing the messages.

__ 2. View the plug-in configuration file, plugin-cfg.xml, from the administrative console. __ a. Click webserverXX. __ b. Under Additional Properties, click Plug-in properties.

9-50 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Under Plug-in properties, click View to see the plugin-cfg.xml file.

__ d. The next window shows the plug-in configuration file. Verify that the element: <UriGroup Name="default_host_server1_was7hostXXNode01_Cluster_URIs"> includes the element <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/snoop/*/>

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-51

Instructor Exercises Guide

This ensures URLs containing /snoop will be recognized by the plug-in and forwarded to the application server.

__ e. Look through the list of URIs for the /Trade/web entry. __ 3. After a plug-in configuration file is regenerated, it needs to be propagated to the Web server. You can propagate manually by copying the file from the application server machine to the Web server machine or you can do it from the administrative console. Information The default is to automatically generate the plug-in configuration file and to propagate the plug-in to the Web server. These settings can be viewed using the administrative console.

9-52 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

From the navigation tree, expand Servers and Server Types. Click Web servers and webserverXX. Under Additional Properties, click Plug-in properties.

__ a. From the navigation tree, expand Servers and Server Types. Click Web servers. You could also navigate directly to the window by clicking Web servers from the breadcrumb trail.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-53

Instructor Exercises Guide

__ b. Select the Web server and click Propagate Plug-in.

__ c. Verify the propagation was successful by viewing the messages.

9-54 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Test the plug-in configuration


By default, the Web server plug-in module checks for a new configuration file every 60 seconds. You can wait for the plug-in to find the changes, or you can restart the Web server to pick up the changes immediately. __ 1. Verify that the application server, server1, is running. __ 2. Verify that the IBM HTTP Server is running. __ 3. Access the snoop servlet. __ a. Open a Web browser. __ b. Specify the following address: http://localhost:9080/snoop By using the port 9080 you are bypassing the external IBM HTTP Server.

__ c. The details should be visible in the snoop servlet.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-55

Instructor Exercises Guide

__ 4. Verify the Web server is forwarding requests to the application server. __ a. Using a browser, specify the following address: http://localhost/snoop This request will first go to the Web server.

__ b. The details should be visible in the snoop servlet.

End of exercise

9-56 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


This exercise goes through the process of creating a cell by producing a deployment manager profile. It then federates two additional profiles (or nodes) into the cell. The first profile that was federated was profile1, which was created during the WebSphere installation exercise. The second profile was created as a custom profile.

Copyright IBM Corp. 2009

Exercise 9. Creating a federated cell


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

9-57

Instructor Exercises Guide

9-58 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 10.Clustering and workload management


Estimated time
01:00

What this exercise is about


This exercise covers the creation of a cluster. While creating the cluster, two cluster members are added. After the cluster is created, the Trade application is configured to run in the cluster. A replication domain is set up to use the memory-to-memory replication mechanism, and the application is tested to ensure that session failover works as expected. Testing is achieved by stopping one of the two servers in the cluster and watching the requests fail over to the remaining running server.

What you should be able to do


At the end of the lab, you should be able to: Create a cluster and add cluster members Map modules to clusters and Web servers Test load balancing and failover between two cluster members Configure a data replication domain for session management

Introduction
Up to this point you have worked with WebSphere Application Server V7 in a single server environment. In this lab, after having previously federated, you move to working with a cell using the deployment manager. You create a cluster so that workload can be managed between two servers, one on each node you already have. You also set up a memory-to-memory replication domain so that HTTP sessions can be shared in case of failure of one of the servers.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-1

Instructor Exercises Guide

Requirements
To do this lab, you require a properly set up computer with WebSphere Application Server V7 installed, as well as the necessary startup and program files.

Instructor exercise overview


This exercise creates a new cluster with two servers. The first server comes from the original profile created earlier in this class. The second server is part of the node that was created using a custom profile. The actual server is created at the time the cluster is created. Testing is done both before and after the distributed session management is configured, pointing out the differences. The type of scaling the students configure in this exercise, is logical horizontal scaling. It is termed logical because all nodes are on the same machine. In this situation, where all servers are on the same machine, it does not really make much difference if you do vertical or horizontal scaling. In fact, vertical scaling would be more efficient because you would have fewer node agents. However, this scenario (using two nodes) is more realistic, even though both nodes are on the same machine. If you have eager or advanced students in your class, you might want to pair them up and have them do true horizontal scaling where they cluster one node from each machine. You might even suggest they use separate machines for the deployment manager and for the Web server. Note: when using virtual machines, make sure they use a bridged network (not NAT). If your students get UnsatisfiedLink exceptions, make sure you check the definition of the DB2_UNIVERSAL_JDBC_DRIVER environment variable on both nodes. Make sure the definitions are correctly pointing to the path where the db2java.zip file exists on the machines. Next do a full resynchronize on both nodes. From a command window, not the console, stop and restart both node agents and also server1 and server2. That should fix it. It appears that the restart node agent button does not restart the node agents in the same way as doing it from the command line.

10-2 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Preface
To do this exercise, you must have completed the Federating a cell exercise as it sets up the environment of the nodes, node agents, and servers that will be clustered in this exercise.

Check nodes and node agents


Before you can begin creating the cluster, make sure both node agents are running and the nodes are synchronized. __ 1. Log in to the deployment managers administrative console using wasadmin and web1sphere __ 2. Make sure that both federated nodes, was7hostXXNode01 and was7hostXXNode02, are up, running, and synchronized. __ a. Select System Administration > Node agents.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-3

Instructor Exercises Guide

__ b. Select System Administration > Nodes.

Information If the node agents need to be started, use the startNode script from a command window to start them. Make sure you are in the bin folder for the proper profile you are trying to start.

Creating the TradeCluster cluster


In this step you create the cluster that contains the cluster members that participate in workload management of the Trade application. A cluster is composed of two or more servers in a cell, which are assigned to run the same applications. Clusters are logical abstractions that are equivalent to servers. __ 1. Create a new cluster called TradeCluster. __ a. Select Servers > Clusters > WebSphere application server clusters. __ b. Click New. __ c. Enter TradeCluster for the Cluster name.

10-4 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Select Prefer local and Configure HTTP session memory-to-memory replication.

Click Next.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-5

Instructor Exercises Guide

__ e. Under Select basis for first cluster member click Create the member by converting an existing application server, and from the drop-down list select the existing server1 server.

__ f.

Note how the Member name and Select node fields are now filled with the information from the existing server. Click Next.

__ 2. Add a new server called server2 to the cluster. This server should be created in node was7hostXXNode02. __ a. Enter server2 for the Member name. This becomes the name of a new server which is about to be created. __ b. Select was7hostXXNode02 from the drop-down list for the node name. This node was created in the previous lab using a custom profile.

10-6 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Make sure Generate unique HTTP Ports is selected. Click Add Member.

Information Notice the first server of the cluster is already listed at the bottom of the page. As new servers are added to the cluster, they are also displayed here.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-7

Instructor Exercises Guide

__ d. Notice that the new server now appears at the bottom of the page. Additional cluster members can be created at this time or after cluster creation.

__ e. Click Next and then Finish on the Summary page. __ f. Before saving the changes, if not already done, set the console preferences to synchronize configuration changes with the nodes when saving. Click the Preferences link.

__ g. On the Preferences page select Synchronize changes with Nodes.

__ h. Click Apply then click Save to save and synchronize with the nodes.
10-8 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information From now on, any saves will be automatically synchronized with the nodes during a save. Note that preferences settings are persistent and are retained throughout browser invocations.

__ i.

Click OK on the Synchronize changes with Nodes page.

__ 3. Modify the default_host virtual host configuration. This will allow browsers to have direct access to server2 without being forced to use the external IBM HTTP Server. __ a. View the HTTP Transport for server2. In the administrative console click Servers > Server Types > WebSphere application servers > server2. __ b. Expand Ports under Communications. The ports for server2 will be listed. Note the WC_defaulthost for server2 is 9081. You need to add this port number to the host aliases list for the default_host.

__ c. In the administrative console, navigate to Environment > Virtual Hosts > default_host. Click Host Aliases under Additional Properties. The host aliases for default_host are listed.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-9

Instructor Exercises Guide

__ d. If 9081 is not already defined, add it by clicking New. Leave the default * for the Host Name and specify 9081 for Port. Click OK and Save the changes.

__ e. Click OK on the dialog confirming that the nodes have been synchronized. __ 4. Verify the new cluster has been added to the server configuration.

10-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. Select Servers > Clusters > WebSphere application server clusters. The TradeCluster cluster should be displayed on the page.

__ 5. Start the TradeCluster. __ a. Select TradeCluster and click Start to start the servers on the cluster. Information Ripplestart starts each server in the cluster individually, one at a time. The first server is started, and not until it is running will the next server be started. This is useful in cases where cluster members are on the same machine and starting multiple servers at the same time would put the CPU under too much load. Ripplestart also works as a Ripple-restart if the servers are already running, stopping and restarting each server, one at a time. This, in addition to reducing the burden on the CPU, keeps applications available while the cluster is restarting.

__ b. Make sure both servers in the cluster have started. Note that this may take a few moments.

Set the applications to run on the cluster


Now that the cluster has been defined, the next step is to configure the applications to run on the cluster, rather than on individual servers. Since the Web server is used to workload manage the Web containers, the Web server also needs to be mapped to the applications. __ 1. For the TradeApplication, verify the next series of steps to map the modules to the TradeCluster cluster and the webserverXX Web server.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-11

Instructor Exercises Guide

__ a. Select Applications > Application Types > WebSphere enterprise applications.

__ b. Click TradeApplication. Under Modules click Manage Modules. Information WebSphere has already automatically mapped the application to the cluster and Web server since at this point there are no other reasonable choices. For the sake of doing it, the exercise still goes through the process.

10-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Select all the modules of the application. Then, in the Clusters and servers list, select both the TradeCluster cluster and the webserverXX Web server (use the Ctrl key to select multiple servers).

__ d. Click Apply. This creates the mapping. __ e. Click OK. __ f. Make sure that the modules were mapped to both the TradeCluster and the Web server.

__ g. Save the configuration changes. __ 2. Start the applications if necessary. __ 3. Regenerate and propagate the Web servers plug-in configuration file. (This should happen automatically; do it manually if it did not.)

Create a cluster scoped JDBC resource


When creating the first cluster member from the existing server1, all resources already defined at the server and node scope are maintained. Unfortunately, when adding the second server on the was7hostXXNode02 node, the resource definitions from server1 and was7hostXXNode01 are not automatically defined. You now have a problem: since both servers run the same applications, by virtue of being on the same cluster, they both need access to the same resources. One solution is to re-create the resources at the node scope for each additional node as its servers are added to the cluster. That will work, but the disadvantage is you have to do that every time a new nodes server is added to the cluster. A better solution is to define resources at the cluster scope.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-13

Instructor Exercises Guide

Information Resources can only be added at the cluster scope if the cluster members are running in similar operating environments. Since many resources require pointers to a file system location, having resources defined at the cluster scope for cluster members running in both Windows and Linux will not work. In that case you must define the resources at the node level.

__ 1. Remove the existing node scoped DB2 Universal JDBC Driver Provider (XA) provider. __ a. Using the administrative console, expand Resources > JDBC > JDBC Providers. __ b. Select the existing providers defined earlier at the Node=was7hostXXNode01 scope and click Delete.

Information Cluster scope takes precedence over node scope, so node scoped resources do not have to be deleted. However, deleting them does avoid ambiguity. Deleting the JDBC provider also deletes any data sources that were defined under it.

__ c. Save your changes.


10-14 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Click OK on the dialog confirming that the nodes have been synchronized. __ 2. Create cluster scoped JDBC provider and data source. __ a. Using the administrative console, expand Resources > JDBC > Data sources. __ b. From the Scope drop-down list select Cluster=TradeCluster. Click New. __ c. Make sure the Scope is set to TradeCluster. Enter Trade for the Data source name and jdbc/tradeds for the JNDI name. Click Next.

__ d. Since you do not yet have a cluster-scoped JDBC provider, select Create new JDBC provider. Click Next.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-15

Instructor Exercises Guide

Information At this point the Create Data source wizard temporarily branches into the Create JDBC provider wizard.

__ e. Create a cluster scoped JDBC provider. __ f. Select DB2 for the Database type, DB2 Universal JDBC Driver Provider for the Provider type, and XA data source for the Implementation type. Click Next.

10-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. Leave the path fields empty as you want the Node scope environment variables to be used instead. Click Next.

__ h. Enter TRADE for the Database name, dbhost for the Server name, and accept the other values as defaults.

On UNIX, change the port number to 50001

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-17

Instructor Exercises Guide

__ i.

Click Next.

__ j.

From the Component-managed authentication alias drop-down list select <nodename>/TradeApp. Click Next.

__ k. Click Finish. __ l. Save your changes.

10-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. Configure the WebSphere variable DB2UNIVERSAL_JDBC_DRIVER_PATH for node was7hostXXNode02 to point to the location of the DB2 JDBC drivers. Information This step does not need to be done for was7hostXXNode01 since the environment variables were already created.

__ a. Expand Environment and click WebSphere variables. __ b. Select the Node=was7hostXXNode02 scope. __ c. Click DB2UNIVERSAL_JDBC_DRIVER_PATH. __ d. Enter <db2_root>\java for the Value of the variable.

Enter <db2_root>/java

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-19

Instructor Exercises Guide

__ e. Click OK.

__ f.

Repeat the previous steps for DB2UNIVERSAL_JDBC_DRIVER_NATIVEPATH.

__ g. Save your changes and click OK on the dialog confirming that the nodes have been synchronized. __ 4. Test the data source connection. __ a. Using the administrative console, expand Resources > JDBC > Data sources. __ b. Make sure the Cluster=TradeCluster scope is selected. __ c. Select the Trade data source and click Test connection.

10-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Check the messages generated to make sure both node agents were able to connect.

Test the application


In this section of the exercise the application is tested in a clustered environment. The application is served from both application servers in the cluster until affinity is established, upon login, by the creation of an HTTP session object. From then on, all requests are directed to the same application server (or cluster member) that created the session. If the cluster member that created the session is not available, the Web server plug-in will reroute the request to another cluster member, creating new affinity with that server. Going to the cluster member will work to serve content that does not use information in the HTTP session object. At this stage of the exercise, attempting to use session information will fail. This problem is fixed later in this exercise, where session replication is configured. __ 1. At this point, stop the cluster and the node agents. This will allow them to load the new data source configurations. __ 2. Start the node agents and the cluster, and make sure all servers and applications are up and running. Information Remember that the node agents must be started using the startnode script directly from the <profile_root>\profile_name\bin folder. The cluster can be ripple started from the WebSphere administrative console once the node agents are running.

__ 3. Make sure the Web server is running. __ 4. Close all existing Web browser windows. __ 5. Open a new Web browser window. __ 6. Access the Trade application through the following address: http://localhost/Trade/web

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-21

Instructor Exercises Guide

__ 7. On the Welcome screen click Login.

Note that the runtime server information, in this case, indicates the page was served from server2, which is the server in was7hostXXNode02. Also note, on the bottom of the screen, that subsequent requests were served from both server1 and server2. The bottom of the screen is a frameset that calls a servlet to provide runtime information; requests to this servlet are workload managed between the two available servers in the cluster. __ 8. Click Refresh on the Web browser a few times and see that workload management continues to occur.

10-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 9. Click Show cookies. Notice that at this time there are no cookies, as login to the application has not yet happened. A session is established once a user logs in.

On certain UNIX platforms, you may actually see several cookies showing an LTPA security token. These, however, are not user session cookies. The cookie in question will be called JSESSIONID.

__ 10. Use client1 for the user name and web1sphere for the password to log in to the application. __ 11. Notice the runtime server information. Take note of which server served the request: ________________ __ 12. Click Show cookies again. This time you should see the CloneID of the server that served the request. This is indicated by the information after the colon.

__ 13. Continue testing the application; all the requests should now be served by the same server. Hint After you log in, look at the Runtime Info section of the left navigation bar, under Process. It shows which server is serving your requests.

__ 14. After you are satisfied that affinity has been established, use the WebSphere administrative console to stop the server that has been serving your requests. This will force failover to the other server in the cluster.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-23

Instructor Exercises Guide

__ 15. Without logging out of the application, navigate to another page of the application. This should result in an error as distributed session management has not yet been set.

Information Note that the server that served this request in this case is the other server in the cluster, server1. Since session management has not yet been configured, server1 cannot obtain server2s session information and fails to find the account of the logged in user, which is stored in the session.

Configure distributed session management


In order for session information to be shared between members of a cluster, a strategy to share session data must be put in place. WebSphere Application Server provides a variety of mechanisms to achieve this goal. The main strategies are database and memory-to-memory replication. Setting up either of these is very straighforward. In this exercise memory-to-memory replication is set up to handle session data replication. Session management must be set on each of the servers in the cluster. Perform the following steps first on server1 and then on server2. __ 1. Select Servers > Server Types > WebSphere application servers. __ 2. Click the hyperlink for either one of the servers.

10-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. Under Container Settings click Session management.

__ 4. Under Additional properties, click Distributed environment settings. __ 5. Click the Memory-to-memory replication hyperlink. __ 6. Select the TradeCluster Replication domain and set the Replication mode to Both client and server.

__ 7. Click OK and Save the changes. Information Starting in WebSphere Application Server V6.0, stateful session bean (SFSB) failover is supported. This new feature is exploited by the Trade application where a list of the 10 most recently viewed symbols is maintained by a stateful session bean. One more step is needed to enable failover of SFSB.

__ 8. On the breadcrumb trail click the server name.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-25

Instructor Exercises Guide

__ a. Under Container Settings, expand EJB Container Settings and click EJB container.

__ b. Click the memory-to-memory replication hyperlink.

10-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. On the next page select TradeCluster as the replication domain and use Both client and server as the replication mode of the server.

__ d. Click OK. __ e. Now that you have selected the replication domain, ensure the check box next to Enable stateful session bean failover has been selected.

__ f.

Click OK and Save the changes.

__ g. Repeat these steps for the next server. __ 9. Verify that the memory-to-memory replication settings for both the Web container and the EJB container are set correctly. It might also be a good idea to do a full synchronization of the nodes to make sure the settings have been propagated. __ 10. Restart the cluster. __ a. Select Servers > Clusters > WebSphere application server clusters.
Copyright IBM Corp. 2009 Exercise 10. Clustering and workload management
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-27

Instructor Exercises Guide

__ b. Select the check box for the TradeCluster. __ c. Click Ripplestart. Wait until all servers are started.

Test the application (again)


In this section of the exercise the application is tested again. However, now that session management has been configured, stopping one server should correctly fail over to the other server in the cluster without losing the session information. __ 1. Make sure all node agents, servers, and applications are up and running. __ 2. Make sure the Web server is running. __ 3. Close all existing Web browser windows. __ 4. Open a new Web browser window. This will make sure that the old cookies have been flushed. __ 5. Access the Trade application through the address: http://localhost/Trade/web

10-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 6. Click Login.

As before, note that the Runtime server information indicates the page was served from server2, which is the server in was7hostXXNode02. Also note, on the bottom of the screen, that subsequent requests were served from both server1 and server2. __ 7. Click Refresh on the Web browser a few times and see that workload management continues to occur.

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-29

Instructor Exercises Guide

__ 8. Click Show cookies. Notice that at this time there are no cookies, as login to the application has not yet happened. A session is established once a user logs in.

On certain UNIX platforms, you may actually see several cookies showing an LTPA security token. These, however, are not user session cookies.

__ 9. Use client for the user and web1sphere as the password, and log in to the application. __ 10. Notice the Runtime server information, which server served the request? _________________ __ 11. Click Show cookies again. This time you should see the CloneID of the server that served the request.

__ 12. Continue testing the application; all the requests should now be served by the same server as noted in the previous step. __ 13. After you are satisfied that affinity has been established, use the WebSphere administrative console to stop the server that has been serving your requests. This will force failover to the other server in the cluster.

10-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 14. Without logging out of the application, navigate to another page of the application.

Note that the server which served this request is the other server in the cluster, server2. Also, failover was successful and the session was not lost. The request was routed to server2, which had the session data replicated from server1 by the memory-to-memory session data replication. Information Note that in the screen capture above, server1 had established session affinity after logging in as the client user. After stopping server1, server2 handled the session failover. Your screen may look different depending on which server initially established session affinity.

End of exercise

Copyright IBM Corp. 2009

Exercise 10. Clustering and workload management


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

10-31

Instructor Exercises Guide

Exercise review and wrap-up


The first part of the exercise looked at creating a cluster of two servers, each in its own node. Next the applications were configured to run on the cluster by assigning the modules of the applications to the Web server and the cluster. Lastly the application was thoroughly tested in the clustered environment, and failover scenarios were created by stopping one of the servers. To make failover to work when session data is involved, the Data Replication Service was configured to use memory-to-memory replication. Stateful session bean failover was enabled and the application was tested in a failover scenario.

10-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 11.Configuring the service integration bus


Estimated time
01:00

What this exercise is about


This exercise shows you how to create a service integration bus and add a cluster as a member of the bus. You will also learn how to configure the bus and JMS resources necessary to support an application that makes use of messaging. You will install two applications, a message sending simulator and a transaction processor. You will use these applications to explore messaging behavior using the high availability messaging engine policy.

What you should be able to do


At the end of the lab, you should be able to: Configure the service integration bus, the messaging engine, and different bus destinations in WebSphere Application Server Configure JMS queues and activation specifications for message-driven beans Install and test the messaging features in the Trade Processor application

Introduction
There have been many changes to the way WebSphere default messaging is configured in WebSphere Application Server V7. There are new wizards to assist you in configuring how the messaging engines behave depending on the messaging engine policies. It is now possible to configure for high availability, providing automatic failover mechanisms. You may also configure for scalability where messaging engines can split the volume of messages and share the processing load. There is also a preconfigured policy for a combination of high availability and scalability.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-1

Instructor Exercises Guide

Operating a secured messaging bus has also been made simpler by improving the way users and groups are assigned the different roles necessary to send, receive, and connect to a messaging bus. In this exercise you configure both JMS and service integration bus resources to support two applications. The first application creates simulated transactions that represent buying and selling stocks. A Web page in the application lets you select the number of transactions of each type (buy or sell). Each transaction places messages on a JMS queue. The second application uses an MDB to listen to the same queue and receives the messages sent by the simulator. The transactions are displayed on a table. Every 30 seconds the oldest transaction is removed from the table.

Requirements
To do this lab you must have completed Exercise 10: Clustering.

Instructor exercise overview


This lab deals mainly with the setup of the systems integration bus. There are lots of places for students to make mistakes because there is a lot of typing in dialog boxes. In addition to typographical errors, they may also forget to select the SIBus name to associate JMS resources with SIBus artifacts.

11-2 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Part 1: Applications used in this exercise
The two applications that you install for this exercise require you to set up both service integration bus (SIB) and JMS resources. Table 17: Applications and their function Application Function Simulates the function of buying and selling stocks. You can select how many shares to buy or sell. For each operation a message is placed on a JMS queue. Each message has Message Sender Simulator a transaction number that includes the name MSGSenderSimulator.ear of the server that produced it and a sequence number. You can view the action of placing the message on the queue in the SystemOut log file. This application is driven by a message-driven bean EJB (MDB) which listens on the same queue on which the simulator places messages. As messages are received by the MDB, they are listed in a Trade Processor Application table on a Web page and displayed to the TPApplication.ear user. Every 30 seconds the oldest message is assumed to have been processed and is removed from the table. As messages are received and discarded, trace entries are written to the SystemOut log file. Below you see the user interface for both applications:

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-3

Instructor Exercises Guide

From the Monitor Web page you can create Buy messages and Sell messages and send them to a server for processing.

From the same Monitor Web page you can see which server received the messages for processing. The Transaction column shows what server sent the message as well as the order in which the message was received. Later in this exercise you will install and configure these applications. You also will configure the JMS and SIBus resources to make messaging work. Then you will try different messaging engine policies to see how you can change the behavior of the applications when running in a cluster to take advantage of scalability and high availability.

Part 2: The messaging environment created in the exercise

11-4 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

You will create the SIBus objects and the JMS objects required to support the two messaging applications. You will perform the following tasks in this exercise.

1. Create and secure an SIBus named: msgBus 2. Add the TradeCluster as a member of the bus. Once the TradeCluster is a member of the bus, the messaging engine (TradeCluster.000-msgBus) will become active in one of the cluster members, Server1 or Server2. 3. Create the bus destination named: TradeQueueDestination 4. Create the JMS objects required by the messaging applications: connection factory, destination queue, and activation specification. These are Java objects that will be scoped to the cluster and will be given JNDI names. 5. Install the messaging applications to the TradeCluster. In addition to creating this environment you will configure and test two messaging policies. High availability Scalability (optional)

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-5

Instructor Exercises Guide

Part 3: Setting up the service integration bus


In this section you will (1) create a secured service integration bus, (2) add the TradeCluster as a bus member, and (3) configure an SIBus destination. In addition, specific users and groups need to be authorized for the different bus roles.

__ 1. Create a secured service integration bus named msgBus. __ a. Make sure that the deployment manager is up and running. If not, open a command prompt, change to the directory <profile_root>\DmgrProfile\bin, and issue the startManager command. __ b. If server1 and server2 are running, stop them now. __ c. If the node agents for profile1 and profile2 are running, stop them now. Since you will be doing a lot of configuration in the following steps, stopping the node agents will save time during node synchronization. __ d. Log in to the administrative console as user ID wasadmin with password web1sphere __ e. From the administrative console's navigation menu on the left, expand Service integration and click Buses. __ f. On the Buses page, click New.

11-6 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. On Step 1 of the wizard enter msgBus for the name of the bus. Also make sure that Bus security is checked. Click Next.

__ h. In the next page of the wizard you configure bus security. This is a multiple-step process. Step 1.1 is the introduction. Read the information and then click Next. __ i. The next step in setting up bus security is to configure whether you need to use SSL for the transport. Since you are in a secured, isolated network, you do not

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-7

Instructor Exercises Guide

require SSL. Uncheck Require clients use SSL protected transports. Click Next.

11-8 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ j.

Next you choose which security domain to use for authenticating bus users. For this exercise select Inherit the cell level security domain. Click Next.

__ k. Read the confirmation page and click Next. __ l. On the final page click Finish to complete the creation of the new bus. Wait a few minutes for the bus to be created. Note To run with bus security enabled, global security must be enabled. The wizard automatically enables global security if you request the creation of a secure bus. Notice that this configuration did not require an SSL transport. A new feature in WebSphere Application Server Version 7 is that an authentication alias is no longer required for inter-engine communications (as long as all messaging engines are running on version 7).

__ m. Save the changes to the master configuration. __ n. Wait for the node synchronization to complete and click OK.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-9

Instructor Exercises Guide

__ o. Verify that the new bus is created and security is enabled.

__ 2. Install the SVG Viewer in the Internet Explorer browser. If you are using another browser such as Firefox, your steps might be slightly different. __ a. Use Windows Explorer to navigate to <software_cds>\misc\SVGViewer. __ b. Double-click SVGViewer.exe.

__ c. Wait until you see the Install succeeded message. Linux Nothing needs to be done on Linux. For background, feel free to read the rest of this information block. The Firefox browser has SVG support built in, so no plug-in needs to be installed. Unfortunately, the console support within WebSphere does not correctly recognize that Firefox on Linux has the correct support. There are a number of workarounds for this problem. One, which has already been added to the standard Linux image for this course, is to add a config property to Firefox. This is done by typing the following into the URL field:

11-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

about:config Then the following string is added (right-click New > String): name: general.useragent.override value: "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080410 Firefox/2.0.0.14"

__ d. Log out of the administrative console and back in using wasadmin and web1sphere __ 3. Assign the TradeCluster as a bus member and configure the high availability messaging engine policy. __ a. On the Buses page click msgBus. __ b. On the next page, under Topology click Bus members. __ c. On the Bus members page click Add. __ d. Select the Cluster radio button. The only defined cluster, TradeCluster, should be preselected. Click Next.

Note At this point you will need to complete the installation of the SVG Viewer. On Windows Internet Explorer you will be prompted to allow the browser to run the SVG Viewer add-on. Click the message and select Run ActiveX Control. Click Run on the Security warning.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-11

Instructor Exercises Guide

You will have to repeat the previous steps before this note to get back to the messaging engine policy assistance settings. Click Accept on the Software License Agreement.

Information In previous versions of WebSphere Application Server, setting up the core group policies that determine how messaging engines behave in a clustered environment was a complex task. Starting in version 7, you can enable messaging engine policy assistance and use wizards in the administrative console to assist you in selecting and maintaining messaging engine policies. In this exercise you configure and test two policies, first high availability and then scalability.

__ 4. Configure the high availability message engine policy. __ a. With the SVG Viewer installed you will see the policy diagram as shown below.

11-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Notice that the diagram shows the suggested configuration of the bus member, TradeCluster, for the high availability messaging engine policy. __ b. Click Next at the bottom of the messaging engine policy assistance settings window. __ c. Select File store and click Next.

Notice that one messaging engine will be created named TradeCluster.000-msgBus. Failover will be enabled with the preferred order of servers being server1 first, server2 second. However, the message store is still not completely configured.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-13

Instructor Exercises Guide

__ d. In the previous step you select the type of message store, File store. Now you need to specify where the log files will be located. Click the TradeCluster.000-msgBus link.

__ e. Enter ME_logs for both the Log directory path and the Permanent store directory path, and click Next.

11-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

Verify that you now see Yes in the column: Is the message store configured? Click Next again.

__ g. Accept the default heap sizes and click Next.

__ h. Read the Summary page and click Finish. The bus member is now fully configured and available. __ i. Save the changes to the master configuration.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-15

Instructor Exercises Guide

__ j.

Wait for the node synchronization to complete and click OK.

__ k. Verify that you now see the messaging engine policy enabled for high availability. __ 5. Create a bus destination called TradeQueueDestination. __ a. On the breadcrumb trail click msgBus. __ b. Under Destination resources click Destinations. __ c. Click New. __ d. In the Create new destination wizard select Queue and click Next.

11-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. Enter TradeQueueDestination for the Identifier and click Next.

__ f.

On Step 2 of the wizard, ensure that the bus member is Cluster=TradeCluster. There should be no other choice as there is only one bus member defined on the bus. Click Next.

__ g. Read the confirmation page and note that this process will create the queue points. Click Finish. __ h. Save the changes to the master configuration. __ i. Wait for the node synchronization to complete and click OK.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-17

Instructor Exercises Guide

__ j.

Verify that the new SIBus destination has been created.

Information When running a service integration bus with security enabled, you have to configure which users and groups are authorized for the different roles that the bus requires. In the following steps, you will assign users to security roles. However, before the actual bus security authorization can be configured, two other settings must be performed: Create a J2C alias to be used by the resources to authenticate with the server. Create a user in the user registry that matches the J2C alias so authentication will succeed.

__ 6. Create a J2C alias. __ a. On the administrative console, click Security > Global security. __ b. Under Authentication expand Java Authentication and Authorization service and click J2C authentication data. __ c. Click New.

11-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Enter SIB User for the Alias. Enter busUser for the User ID and web1sphere for the Password fields. Add an optional description if you like. Click OK.

__ e. Save the changes to the master configuration. __ f. Wait for the node synchronization to complete and click OK.

__ g. Verify that the new J2C alias has been created.

__ 7. Create a user in the current user registry that matches the attributes of the J2C alias just created. __ a. On the administrative console, click Users and Groups > Manage Users.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-19

Instructor Exercises Guide

__ b. Click Create. __ c. Enter busUser for the User ID. The first and last names can be anything; use SIBus and User, respectively. Enter web1sphere for the passwords.

__ d. Click Create. Click Close. __ e. Verify that the new user was created.

__ 8. Configure SIBus security. __ a. On the administrative console, click Service integration > Buses.

11-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Under Security, click the Enabled link.

__ c. Under Authorization Policy, click Users and groups in the bus connector role. In order to connect to the bus, valid credentials must be presented. __ d. Click New. __ e. On the first page of the wizard, select Users and click Next to search for all defined users.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-21

Instructor Exercises Guide

__ f.

A list of defined users in the current user registry is displayed. From the list select busUser and click Next.

__ g. Read the summary page and click Finish. __ h. Save the changes to the master configuration. The user, busUser, is now assigned to the bus connector role. __ i. Wait for the node synchronization to complete and click OK.

11-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Part 4: Configuring the JMS resources


Now that the service integration bus has been configured, it is necessary to configure the JMS resources so that the applications can produce and consume messages. There are three JMS resources that need to be configured for the applications to work; they are: JMS connection factory JMS queue JMS activation specification

Remember that applications have no knowledge of the service integration bus itself. The applications use JMS to place and retrieve messages using, in this case, a JMS queue. __ 1. Create a connection factory called Trade Connection Factory. __ a. In the administrative console go to Resources > JMS > Connection factories.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-23

Instructor Exercises Guide

__ b. From the Scope drop-down list select Cluster=TradeCluster.

__ c. Click New. __ d. Select Default messaging provider. Click OK. __ e. Change only the following values; accept the defaults for all the rest. Table 18: Fields and values for the connection factory Field Value Name JNDI name Bus name Mapping-configuration alias Container-managed authentication alias __ f. Trade Connection Factory jms/tradeCF msgBus DefaultPrincipalMapping was7hostXXCellManager01/SIB User

Click OK when you are done entering all of the values.

__ g. Save the changes to the master configuration. __ h. Wait for the node synchronization to complete and click OK. __ i. Verify that the connection factory was created.

11-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 2. Create a queue named Trade Processor Queue __ a. On the administrative console click Resources > JMS > Queues. __ b. From the Scope drop-down list select Cluster=TradeCluster. __ c. Click New. __ d. Select Default messaging provider. Click OK. __ e. Change only the following values; accept the defaults for all the rest. Table 19: Fields and values for the queue Field Name JNDI name Bus name Queue name __ f. Value Trade Processor Queue jms/tradeprocq msgBus TradeQueueDestination

Click OK when you are done entering all of the values.

__ g. Save the changes to the master configuration. __ h. Wait for the node synchronization to complete and click OK. __ i. Verify that the queue was created.

__ 3. Create the activation specification. __ a. From the administrative console click Resources > JMS > Activation specifications. __ b. From the Scope drop-down list select Cluster=TradeCluster. __ c. Click New. __ d. Select Default messaging provider. Click OK.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-25

Instructor Exercises Guide

__ e. Change only the following values; accept the defaults for all the rest. Table 20: Fields and values for the activation specification Field Name JNDI name Destination type Destination JNDI name Bus name Authentication alias __ f. Value Trade Processor Activation Spec jms/tradeAS Queue jms/tradeprocq msgBus was7hostXXCellManager01/SIB User

Click OK when you are done entering all of the values.

__ g. Save the changes to the master configuration. __ h. Wait for the node synchronization to complete and click OK. __ i. Verify that the activation specification was created.

11-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Part 5: Installing the messaging applications


As mentioned at the beginning of this exercise, two applications will be used to demonstrate messaging on the service integration bus. The first application generates messages that are placed on a queue, and the second application consumes those messages. Now that the message bus and the JMS resources have been configured, you must now install the applications. This will be a very straightforward installation since limited configuration is required.

__ 1. Install the MSGSenderSimulator application. __ a. From the administrative console, click Applications > New Application. __ b. On the New Application wizard, click New Enterprise Application. __ c. Select Local file system. __ d. Click the Browse button to the right of the Full path entry field. __ e. Navigate to the folder: <software_dir>\Messaging.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-27

Instructor Exercises Guide

__ f.

Select the file: MSGSenderSimulator.ear and click Open. Click Next.

__ g. Select Detailed - Show all installation options and parameters and click Next.

__ h. Click the link for Step 2 Map modules to servers. __ i. __ j. Check the box for the MSGSenderWeb module. Under the Clusters and servers window, select (highlight) TradeCluster.

__ k. Click Apply.

__ l.

Verify that the MSGSenderWeb module is mapped to the TradeCluster.

11-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Note Notice that the steps to map modules to servers is really not necessary because WebSphere does this automatically. However, it is worth verifying that the mapping is correct.

__ m. Click the link for Step 6 Bind message destination references to administered objects. __ n. In this step you map the reference used by the code to access the queue, to the JNDI name of the JMS queue you previously configured. Enter jms/tradeprocq in the Target Resource JNDI Name entry field.

__ o. Click Next to get to Step 7 Map resource references to resources. __ p. Here you configure the authentication alias used by the connection factory and map its name to the resource reference used in the application. Select the MSGSenderWeb module. __ q. Click Modify Resource Authentication Method to define which J2C alias to use.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-29

Instructor Exercises Guide

__ r.

The page expands to show the different options for authentication. Select Use default method and from the drop-down list select was7hostXXCellManager01/SIB User. Click Apply.

__ s. Select the MSgSenderWeb module again and click the Browse button in the Target Resource JNDI Name column of the table to see all defined JNDI names for connection factories.

11-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ t.

There is only one connection factory configured. Select it and click Apply.

__ u. Verify that the JNDI name and the authentication method have been set correctly.

__ v. Click the link for Step 11: Summary. Read the summary and click Finish. __ w. Wait for the application to install successfully and click Save to save to the master configuration. __ x. Click OK at the Node synchronization screen. __ y. At this point the wizard returns to the first page where you can install the next application. __ 2. Install the Trade processor application. __ a. Select Local file system. __ b. Click the Browse button to the right of the Full path entry field. __ c. Navigate to the folder: <software_dir>\Messaging.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-31

Instructor Exercises Guide

__ d. Select the file TPApplication.ear and click Open.

__ e. Click Next. __ f. Select Fast Path - Prompt only when additional information is required and click Next.

__ g. Click the link for Step 3 Summary. __ h. Read the summary and click Finish. __ i. __ j. Wait for the application to install successfully. Click Save to save the changes to the master configuration.

__ k. Wait for the node synchronization to complete and click OK. __ 3. Verify that both applications were installed successfully. __ a. From the administrative console, click Applications > Application Types > WebSphere enterprise applications. The application status you see will depend on whether the node agents are started. You will start all the required servers in the next part of the exercise. Note Most likely you will see additional applications installed on your lab machine depending on what you installed in previous lab exercises.

11-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Part 6: Testing the applications and exploring messaging engine policies


In this part of the exercise you test the applications under different messaging engine policies. Also you will explore the effects of configuring different activation specification options and queue options. The first configuration you will test is a single messaging engine using the high availability policy and all other default options. Before you can test the applications, both node agents and both cluster members need to be started. __ 1. Start the node agents. __ a. In a command window change directory to <profile_root>\profile1\bin and invoke the startNode command.

The UNIX command to start the node is: ./startNode.sh

__ b. Wait until the node agent is running.

__ c. To start the second node agent, change directories to <profile_root>\profile2\bin and invoke the startNode command. __ d. Wait until the node agent reports is running. __ e. Using the administrative console, verify that both node agents have started by clicking System administration > Node agents.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-33

Instructor Exercises Guide

__ 2. Start the cluster. __ a. Using the administrative console, click Servers > Clusters > WebSphere application server clusters. __ b. Check the box for TradeCluster and click Ripplestart.

Note Ripplestart stops servers (if they are running) and then starts all servers in a cluster, waiting for each of the servers to start before moving on to the next server. This alleviates the load on the processor because only one server is ever starting at a time.

__ c. Wait for the Status indicator to turn to a solid green arrow (may take several minutes) signifying that all servers in the cluster have started. (You may need to click the refresh icon several times.)

11-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Verify that both servers are started by clicking Servers > Server Types > WebSphere application servers.

__ e. If either of the servers is not yet started, select the server and click Start. __ 3. Ensure that both the applications you installed earlier are running. __ a. On the WebSphere administrative console click Applications > Application Types > WebSphere enterprise applications. __ b. Verify that both applications are in a started state.

Note If either of the applications is not running, and does not start upon selecting it and clicking Start, check the SystemOut logs to determine what is preventing the application from starting. Check the steps you went through when you installed the applications. The problem is most likely related to the resolution of resource references or authentication aliases not being applied to the resource references. If after checking these settings you still have a problem, contact your instructor.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-35

Instructor Exercises Guide

Information There are two applications installed, a message producer and a message consumer. The message simulator application is the message producer; the trade processor application is the consumer of messages. Since the applications are installed in a cluster, each server in the cluster runs both applications. When using the high availability messaging engine policy, only one messaging engine is started in the cluster. A WebSphere component called the high availability manager decides which server in the cluster gets to run the messaging engine (usually the first server to be started in the cluster). Should the server running the messaging engine fail, the high availability manager chooses another cluster member and starts the messaging engine there. In this configuration the messaging engine can fail over to another cluster member, thus providing high availability. Producers in any cluster member can generate and place messages on a queue. However, only the consumer which is on the same server as the running messaging engine gets to consume and process the messages. In the next few steps you prove these points.

__ 4. Invoke the Monitor HTML page. The Web page has been provided as part of the Trade processor application to more easily demonstrate the interactions between the application servers and messaging engines. __ a. Open a new browser and enter the Web address: http://localhost:9080/Trade/processor/Monitor.html

11-36 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Since you will be running the Monitor repeatedly throughout the rest of this exercise, you may want to bookmark the Web address in your browser.

The page has four frames: Top left: Message producer simulator running on server1 Top right: Trade processor running on server1 Bottom left: Message producer simulator running on server2 Bottom right: Trade processor running on server2 In the message sender applications you can select how many messages of each kind, buy or sell, are sent to the queue. Note You could use port 9081 for the monitor's Web address. Doing that would serve the page from server2 instead of server1.

__ 5. Determine which server is currently running the messaging engine.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-37

Instructor Exercises Guide

__ a. From the Monitor Web pages top left frame (sending messages from server: server1), leave the default values (1 message) for Buy and Sell messages and click the Send messages button.

__ b. Observe which server processed the messages, server1 or server2. __ c. Record the server name here________________________. In the high availability policy only one server in the cluster is running the messaging engine. __ d. From the Monitor Web pages bottom left frame (Sending messages from server: server2), leave the default values (1 message) for Buy and Sell messages and click the Send messages button. __ e. Record the server name here________________________. The same server should be processing messages sent from both server1 and server2.

11-38 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

Examine the SystemOut.log file for whatever server processed the messages in the last few steps. Use Windows Explorer to navigate to: <profile_root>\<profile_name>\logs\<server_name>

__ g. Open the SystemOut.log file with Notepad and look for messages similar to the following. SystemOut SystemOut SystemOut SystemOut SystemOut SystemOut SystemOut SystemOut O MDB received message: server1 - 2 O MDB received message: server1 - 1 O Removed message: server1 - 2 O Removed message: server1 - 1 O MDB received message: server2 - 1 O MDB received message: server2 - 2 O Removed message: server2 - 1 O Removed message: server2 - 2

The application receiving the messages is the one running on the server where the messaging engine is active. You can verify this by looking at the SystemOut.log file for both cluster members and looking for the message that indicates the messaging engine is in the Started state: Messaging engine TradeCluster.000-msgBus is in state Started. The other server in the cluster will have a message indicating the message engine is in the Joined state: Messaging engine TradeCluster.000-msgBus is in state Joined.

__ h. Close the browser in which the Monitor is running. __ 6. Test messaging engine failover. __ a. From the administrative console, stop the server in which the messaging engine is currently running (server1 or server2). __ b. Wait for the server to stop; then open the SystemOut.log file for the server that is still running and look for the following message near the end of the log. SibMessage I [msgBus:TradeCluster.000-msgBus] CWSID0016I: Messaging engine TradeCluster.000-msgBus is in state Started. __ c. This message indicates that the messaging engine has been started on the server that is still running. __ d. From the administrative console, start the server that you stopped in Step (a). __ e. Wait for the server to start; then open a browser and enter the Monitor Web address: http://localhost:9080/Trade/processor/Monitor.html

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-39

Instructor Exercises Guide

__ 7. Now check which server is processing the messages as you did before. __ a. From the Monitor Web pages top left frame (sending messages from server: server1), leave the default values for Buy and Sell messages and click the Send messages button. __ b. Observe which server processed the messages, server1 or server2. __ c. Record the server name here________________________. In the high availability policy only one server in the cluster is running the messaging engine. __ d. From the Monitor Web pages bottom left frame (Sending messages from server: server2), leave the default values (1 message) for Buy and Sell messages and click the Send messages button. __ e. Record the server name here________________________. The same server should be processing messages sent from both server1 and server2. __ f. You should observe that the messaging engine that failed over to the other server continues to process messages from both servers even when the other server is running again. The high availability policy has failover but not fail back.

__ g. Close the browser in which the Monitor is running. Information High availability: Pros and cons The fact that only one of the message consumers in a cluster gets to process messages might be just what you want. This configuration is called for when messaging order is important and messages should be processed in the same sequence in which they were produced (to ensure message order, more configuration may be required). If message order is not important, this configuration is not very efficient in a clustered configuration. All servers in the cluster are running the message consumer application, but only one of those servers actually processes them. There are at least two solutions to get more message consumers processing messages from the queue. In the next steps you first configure the activation specification to allow all consumers in the cluster to get messages, and later you change the messaging engine policy from high availability to scalability to provide workload management of the messaging engine.

__ 8. Configure the activation specification to start all MDBs in the cluster. There is an option to configure an activation specification to activate message-driven beans (MDBs) in all the servers, not just the server with the running messaging engine. The result of this configuring option is that all consumers in all cluster members receive messages.
11-40 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. From the administrative console click Resources > JMS > Activation specifications. __ b. Click the link for the Trade Processor Activation Spec. __ c. Near the bottom of the page, in the Advanced section, select Always activate MDBs in all servers and click OK.

__ d. Save the changes to the master configuration. __ e. Wait for the node synchronization to complete and click OK. __ 9. Ripplestart the TradeCluster. __ a. From the administrative console, click Servers > Clusters > WebSphere application server clusters. __ b. Check the box for TradeCluster and click the Ripplestart button. __ c. Wait for the Status indicator to turn to a solid green arrow (may take 56 minutes) signifying that all servers in the cluster have started. (You may need to click the refresh icon several times.) __ d. Verify that both servers are started by clicking Servers > Server Types > WebSphere application servers. __ 10. Test whether MDBs are active in both servers using the Monitor Web page. __ a. Start a new browser and enter the Web address http://localhost:9080/Trade/processor/Monitor.html

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-41

Instructor Exercises Guide

__ b. Make sure that both Trade processor applications have no pending transactions. You may quickly clear the table of pending transactions if necessary by selecting Reset from the Refresh drop-down list.

__ c. Leave the default values of 1 Buy and 1 Sell messages and click the Send messages button in the top left frame.

__ d. Which processor application displayed the messages? You should see similar behavior in your own browser. One message, the Buy message, was processed by Server1, and the other message, Sell, was processed by Server2. As a result
11-42 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

of the configuration of the activation specification that you just performed, there is now an active MDB on both servers that can consume messages. __ e. Now from the bottom left frame, send three Buy messages and two Sell messages.

__ f.

Notice the distribution of messages between the two processor applications. They each may, or may not, have received an equal number of messages. It is possible that the consumer application in the same server as the producer, may have received more messages, as seen below. But in the long run, with a much higher message volume, distribution should even out. This is based on how busy

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-43

Instructor Exercises Guide

the consumer, which is co-located with the producer, is at the time the messages become available on the queue.

__ g. Try sending some more messages from the producers in both servers and see which consumer picks up the messages. __ h. Close the browser in which the Monitor is running. Information Possible performance issues One of the problems with this activation specification configuration is that the single active messaging engine is now sending messages to queue points in multiple servers. In a local network with a small volume of messages, there may be no performance issues, but in a widely distributed environment, with heavy volume of messages, it can cause performance problems mainly due to network traffic.

11-44 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

To provide better scalability you can change the messaging engine policy to Scalability which requires a messaging engine in each cluster member.

Part 7: (Optional) Configure the scalability messaging engine policy


In this section you change the messaging policy to scalability. This involves creating another messaging engine that will run on the second cluster member.

Two different messaging engines will run on their preferred server unless that server fails; then its messaging engine will fail over to the other server. __ 1. Change the messaging engine policy to Scalability. __ a. On the WebSphere administrative console click Service integration > Buses. __ b. Click msgBus > Bus members > TradeCluster.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-45

Instructor Exercises Guide

__ c. Select Scalability.

Note Further configuration is required to implement this policy. A second messaging engine needs to be added.

__ d. Click OK. __ e. Save the changes to the master configuration. __ f. Wait for the node synchronization to complete and click OK.

__ 2. Create a new messaging engine. __ a. After saving the changes above, you should have been returned to the Bus members page. If you are not seeing this page then, using the WebSphere administrative console, click Service integration > Buses > msgBus > Bus members.

11-46 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Click TradeCluster.

__ c. Under Additional Properties click Messaging engines. __ d. Click the Add messaging engine button.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-47

Instructor Exercises Guide

__ e. Select File store; click Next.

__ f.

Enter ME_logs for both Log directory path and Permanent store directory path.

__ g. Click Next. __ h. Click Finish to create the messaging engine. __ i. __ j. Save the changes to the master configuration. Wait for the node synchronization to complete and click OK.

__ 3. Check to see if the new messaging engine started. __ a. Click Service integration > Buses > msgBus. __ b. Click Messaging engines.

11-48 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Verify that both messaging engines are running. In the figure below the second messaging engine failed to start.

Note It is very likely that the new messaging engine did not start. This is because in the previous steps of this exercise messaging engine TradeCluster.000.msgBus failed over to server2 and created its own log files. These files still exist but are not suitable for the new messaging engine TradeCluster.001.msgBus. You can further analyze this fact by looking at the system log and looking for the messages where the messaging engine attempts to start.

__ 4. If the second messaging engine, TradeCluster.001.msgBus, did not start, perform the following steps. __ a. Stop server2. __ b. Once the server has stopped, delete the following files from the <profile_root>\profile2\ME_logs folder: - Log - PermanentStore - TemporaryStore __ c. Start server2.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-49

Instructor Exercises Guide

__ d. Check again to make sure both messaging engines are running. (Refer to details in the previous step: Check to see if the new messaging engine started.)

__ 5. Another item to clean up, now that you have a messaging engine on each cluster member, is the setting on the activation specification which started the MDBs on all servers; that will happen automatically now. __ a. From the administrative console click Resources > JMS > Activation specifications. __ b. Click the link for the Trade Processor Activation Spec. __ c. Near the bottom of the page, in the Advanced section, uncheck Always activate MDBs in all servers.

__ d. Click OK. __ e. Save the changes to the master configuration. __ f. Wait for the node synchronization to complete and click OK.
Copyright IBM Corp. 2009

11-50 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

V5.2
Instructor Exercises Guide

EXempty

__ 6. Ripplestart the TradeCluster. __ a. From the administrative console, click Servers > Clusters > WebSphere application server clusters. __ b. Check the box for TradeCluster and click the Ripplestart button. __ c. Wait for the Status indicator to turn to a solid green arrow (may take 56 minutes) signifying that all servers in the cluster have started. (You may need to click the refresh icon several times.) __ d. Verify that both servers are started by clicking Servers > Server Types > WebSphere application servers. __ 7. Use the Monitor Web page to test the Scalability messaging engine policy. __ a. Open a browser and enter the Web address: http://localhost:9080/Trade/processor/Monitor.html __ b. For each server change the number of Buy and Sell messages to 1 and click the Send messages button for server1 and server2. Note The expected behavior is that messages are consumed on the same server where they are produced. Confirm this by looking at the Transaction column of the Trade processor. You should see that the source of the message is the same server where they are consumed.

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-51

Instructor Exercises Guide

Note If you prefer to have messages consumed across your servers, regardless of where they are produced, you can perform some additional configuration on the queue definition. A new feature in WebSphere Application Server V7 is the capability to control the local queue point behavior. You may, or may not, choose to prefer a local queue point.

__ 8. Configure the Trade Processor Queue to not prefer local queue points.This will allow the spreading of producer messages over all available queue points. __ a. From the administrative console click Resources > JMS > Queues. __ b. Click the link for the Trade Processor Queue.

__ c. Near the bottom of the page select Do not prefer a local queue point over other queue points. With this setting enabled, all available queue points are

11-52 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

treated equally, with no preference given to a local queue point. Messages are workload balanced across all queue points.

__ d. Click OK. __ e. Save changes to the master configuration. __ f. Ripplestart the cluster as you did in a previous step above.

__ 9. Test the new configuration. __ a. Open a browser and enter the Web address http://localhost:9080/Trade/processor/Monitor.html

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-53

Instructor Exercises Guide

__ b. Select two Buy messages from server1 and two Sell messages from server2. Select None for the other type of message on each server.

11-54 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Click the Send messages button for each server.

__ d. You should notice that the two Buy messages were distributed to each server as well as the two Sell messages. This demonstrates workload balancing between two servers. __ 10. This concludes the exercise. Log out of the administrative console and close any browsers that may still be open.

End of exercise

Copyright IBM Corp. 2009

Exercise 11. Configuring the service integration bus


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

11-55

Instructor Exercises Guide

Exercise review and wrap-up


In this exercise you configured the service integration bus and JMS resources as required by the Trade Processor and Message Sending Simulator applications. This included configuring the bus members, bus destination, JMS connection factory, JMS queue, and JMS activation specification. You then experimented with different configurations of the service integration bus and JMS resources, including two different messaging engine policies and settings in the JMS queue and activation specification that control the production and consumption of messages.

11-56 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 12.Configuring WebSphere security, including fine-grained administrative access


Estimated time
01:30

What this exercise is about


This exercise starts by ensuring that the WebSphere administrative security is enabled. With administrative security turned on (the default is that it is enabled during profile creation), there are several effects. These include the fact that administrative tools such as the administrative console, wsadmin, and many of the scripts (stopServer, serverStatus) require proper authentication and authorization to run. The exercise then goes through the process of defining new administrative users and granting them specific access to parts of the administrative console and verifies that access is limited to certain functions. This is done by first logging into the administrative console using the user ID that was created during the profile creation. This specific user has, by default, implicit rights to the WebSphere administrative console as it is the initial user created. This exercise creates additional users and defines which rights they will have within the administrative console. Finally, this exercise configures fine-grained access for both the TradeApplication and the DefaultApplication. Fine-grained access, a new console feature in WebSphere Application Server V7, is done by defining administrative authorization groups. These groups map specific scopes or objects to console users and roles, thus allowing those users that role access to those specific objects. When the console users attempt to access other objects for which they do not have fine-grained access configured, they only have the same access role level that was defined for them at the global level.

What you should be able to do


At the end of the exercise, you should be able to: Enable WebSphere security
Copyright IBM Corp. 2009 Exercise 12. Configuring WebSphere security, including fine-grained
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-1

Instructor Exercises Guide

Configure administrative security (that is, access to administrative functions) Configure fine-grained administrative security

Introduction
This lab configures access to the administrative console by defining a number of roles and mapping those roles to existing users. In order to test the configuration, you will attempt to perform various functions from the different users and see if the security configurations correctly limit access to various functions. The last part of this lab defines fine-grained access from different parts of the WebSphere environment.

Requirements
This exercise requires a workstation with WebSphere Application Server V7 installed and that the previous exercises for this course have been successfully completed.

Instructor exercise overview


This exercise is simple and straightforward, as long as the previous labs have been completed successfully.

12-2 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Verify administrative security
This exercise configures security access to the administrative tools. Before any security access takes effect, administrative security has to be enabled. This happens by default during the creation of a profile (but could easily be disabled). In this section of the lab, the state of administrative security is verified. __ 1. Check the state of administrative security. __ a. Log in to the administrative console using the user wasadmin and the password web1sphere Information At this point you already know the answer to whether administrative security is enabled. The fact that the administrative console prompted for a user name and password verifies that.

__ b. In the administrative console, click Security > Global security. __ c. Verify that the Enable administrative security option is checked. Information If administrative security is not enabled, you need to check the box, save your changes, make sure all nodes are synchronized, and then restart all of your WebSphere processes (deployment manager, node agents, and application servers).

Defining WebSphere administrative console users


When WebSphere Application Server is installed and profiles are created, administrative security is enabled by default. Initially, the only user that has access to the administrative console is the primary user that was specified during the profile creation. In these exercises, that would be the wasadmin user. So initially, in the case of these labs, the only user that can access the administrative console is wasadmin. In a real environment, it is desirable to have multiple administrative users and possibly have different rights for each user. This section of the lab creates users and maps them to different levels of console access. __ 1. Create WebSphere users for testing purposes.

Copyright IBM Corp. 2009

Exercise 12. Configuring WebSphere security, including fine-grained


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-3

Instructor Exercises Guide

__ a. In the administrative console, expand Users and Groups and click Manage Users. __ b. Leave the defaults and click Search. This will display the list of current WebSphere administrative users.

__ c. The wasadmin user was created during the profile creation and the busUser user was created in an earlier exercise. In order to create additional users for this lab, click Create. Information Other users may also exist, depending on which exercises have been completed.

12-4 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. Enter the User ID: wasadm Enter anything for the First name and Last name. Enter web1sphere for the Password and Confirm password. Then click Create.

__ e. Click Create Like to create additional users. Repeat this process for additional user IDs of wascfg, wasmon, and wasoper. Again, fill in anything for the First and Last name, but use web1sphere for the passwords. Information These user IDs are being created inside of the WebSphere user repository, not in the local operating system or in LDAP.

__ 2. Map these new user IDs to their appropriate administrative console roles. __ a. Under Users and Groups in the administrative console, select Administrative user roles. __ b. Click Add.

__ c. Click Search to display the list of available users. Select wasadm from the Available column near the bottom of the screen and click the right arrow to move it to the Mapped to role column. Then select the Administrator role near
Copyright IBM Corp. 2009 Exercise 12. Configuring WebSphere security, including fine-grained
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-5

Instructor Exercises Guide

the top of the screen. Click OK to create the mapping between the wasadm user and the Administrator role.

Information Depending on what components have been installed, it is possible for there to be additional roles within the list. Depending on which labs have been completed, your list of users may be different from the screen capture above.

__ d. Repeat these last two steps for wasoper, wascfg, and wasmon (mapping each user to the appropriate role).

12-6 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. Once all four users are mapped, save the changes.

__ a. In the administrative console, click System administration > Save changes to the master repository. __ b. Click Save. __ c. Click System administration > Nodes and select nodes was7hostXXNode01 and was7hostXXNode02. Click Full Resynchronize. Information Since these particular users are stored within the WebSphere configuration information, it is a good idea to do a full resynchronize with the nodes after creating new users.

__ 4. Extra credit (optional): Go back and add a new console user called wassecmgr and map it to the Admin Security Manager role. This user can now be used to map security roles for console users. At this point, the only user that has this ability would be wasadmin due to the fact that it is the primary user (and therefore has this ability implicitly).

Authenticate to the WebSphere administrative console and test mapped users


In this section of the lab, access to the console is granted to only correctly mapped users. And depending on the role to which they are mapped, the administrative console allows those users to execute only certain functions.

Copyright IBM Corp. 2009

Exercise 12. Configuring WebSphere security, including fine-grained


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-7

Instructor Exercises Guide

Information By default, the user ID used to define the authentication mechanism has implicit access as an administrator role.

__ 1. Bring up a new browser and log into the administrative console. __ a. Log in as wasadm

__ 2. Verify that full access to administrative functions is available. __ a. Check the functions available by clicking Applications > Application Types > WebSphere enterprise applications. __ b. Notice that all standard functions are available.

__ 3. Now verify the available functions for other users. __ a. Log out from the administrative console.

12-8 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Log back into the administrative console as wasoper, and see what functions are available on the Enterprise applications.

__ c. Notice that not all the same functions are available. Now only Start, Stop, and Rollout Update are available. __ 4. Log in as wascfg and wasmon and see what functions are available. __ 5. Close all Web browsers. This will ensure there are no existing session cookies when you start the next part of the exercise.

Enabling fine-grained control


Now that users have been created which have different types of access to the administrative console, it might be interesting to control the access more specifically. For example, in the following example the exercise creates two new administrative users. The first (TradeAppAdmin) is configured to have rights on only the TradeApplication. The second (DefaultAppAdmin) is configured to have rights on only the DefaultApplication. By creating this setup, the exercise demonstrates how fine-grained access controls can be granted to administrative users. These types of controls could be granted on many different types of objects, not just applications. The fine-grained access is defined by mapping administrative authorization groups to administrative console users. The administrative authorization groups themselves point at specific scopes or objects. When an administrative user attempts to access an object, and does not have global access, the access defined by the administrative authorization groups for the object is checked. __ 1. As was done in the previous section of this exercise, create two new users (TradeAppAdmin and DefaultAppAdmin) and map them to the monitor role. __ a. Make sure you are logged in to the administrative console with a user ID that gives you Admin Security Manager role access (this role provides permission to map console roles for console users and groups), like wasadmin. Since

Copyright IBM Corp. 2009

Exercise 12. Configuring WebSphere security, including fine-grained


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-9

Instructor Exercises Guide

wasadmin is the primary user ID, it has Admin Security Manager access implicitly.

__ b. In the administrative console, expand Users and Groups in the left navigation menu and select Manage Users. __ c. Leave the defaults and click Search. This will display the list of current WebSphere administrative users. Click Create. __ d. Enter the User ID TradeAppAdmin Enter anything for the First name and Last name. Enter web1sphere for the Password and Confirm password. Then click Create. __ e. Repeat this process to create the DefaultAppAdmin user. __ 2. Map the two new users to the global monitor role. Any console user or group that is used for fine-grained access requires a minimum role mapping of monitor. This means that they can view any objects, but can have additional rights on specific objects defined by administrative authorization groups. __ a. Under Users and Groups in the administrative console, select Administrative user roles. Click Add. __ b. Click Search to display the list of available users. Select both TradeAppAdmin and DefaultAppAdmin (hold down the control key to multi-select) from the Available column and click the right arrow to move them to the Mapped to role column. Select the Monitor role near the top of the screen and click OK.

12-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Save the changes. Wait for the nodes to synchronize and click OK.

__ 3. Create the administrative authorization groups for the TradeAppGroup and DefaultAppGroup. __ a. In the administrative console, click Security > Administrative Authorization Groups.

__ b. Click New to create the new authorization group.

Copyright IBM Corp. 2009

Exercise 12. Configuring WebSphere security, including fine-grained


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-11

Instructor Exercises Guide

__ c. Enter TradeAppGroup for the Name. __ d. Under Resources expand all the entries and the subentries. Take note of all of the different levels that can be defined in an administrative authorization group. Expand Applications; select the box next to TradeApplication.

__ e. Click Apply. __ f. On the right, under Additional Properties, click Administrative user roles.

__ g. Click Add to map the administrative console TradeAppAdmin user.

12-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ h. Select the Administrator role and then click Search to show all known users. Select TradeAppAdmin and then click the right arrow to move the user from the Available column to the Mapped to role column.

__ i. __ j.

Click OK. Save the changes. Wait for the nodes to synchronize and click OK.

__ k. Repeat these steps to create the DefaultAppGroup and map DefaultAppAdmin. Start by clicking Security > Administrative Authorization Groups and clicking New.

Copyright IBM Corp. 2009

Exercise 12. Configuring WebSphere security, including fine-grained


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-13

Instructor Exercises Guide

__ l.

Save the changes. Wait for the nodes to synchronize and click OK. The final list looks like this:

Test the fine-grained access


Now that the new administrative console users have been created, and the administrative authorization groups have been added and mapped to the applications, access by the users to the applications needs to be verified. __ 1. Open a new administrative console window and log in as TradeAppAdmin

__ 2. Once logged in, browse through various parts of the console. Notice that the TradeAppAdmin user has only monitor rights to most areas. But, also notice that

12-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

the TradeAppAdmin user has complete administrator rights to only the TradeApplication enterprise application.

__ 3. Log out of the administrative console, and log in again as DefaultAppAdmin __ 4. Again, browse through various parts of the administrative console and notice that this user only has monitor access. Navigate to the enterprise application list and

Copyright IBM Corp. 2009

Exercise 12. Configuring WebSphere security, including fine-grained


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-15

Instructor Exercises Guide

notice that this user has administrative access to the DefaultApplication, but not to anything else.

__ 5. Log out of any administrative console windows that may still be open and close all browsers.

End of lab

12-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


The exercise looked at setting up security for accessing the administrative console. This was done by creating new administrative console users and mapping them to global access roles. Then two new console users were mapped to administrative authorization groups to create fine-grained access to the TradeApplication and the DefaultApplication.

Copyright IBM Corp. 2009

Exercise 12. Configuring WebSphere security, including fine-grained


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

12-17

Instructor Exercises Guide

12-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 13.Configuring application security


Estimated time
01:30

What this exercise is about


This exercise secures the administration module of the Trade application using WebSphere application security. The application is tested with application security enabled and an explanation, through exploration of configuring application security in Rational Application Developer assembly and deploy.

What you should be able to do


At the end of the exercise, you should be able to: Define Java EE security roles Define access for resources in an application Enable and verify application security

Introduction
This lab deals with configuring application security for the Trade application using the administrative console and the Rational Application Developer assembly and deploy.

Requirements
This exercise requires a workstation with WebSphere Application Server V7 installed and that the previous exercises for this course have been successfully completed.

Instructor exercise overview


This exercise is simple and straightforward, as long as the previous labs have been completed successfully. In the optional part of the exercise, the explanation of how security works and how to configure using the Rational Application Developer assembly and deploy, it is assumed that the student can open, close, and navigate Rational Application Developer assembly and
Copyright IBM Corp. 2009 Exercise 13. Configuring application security
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-1

Instructor Exercises Guide

deploy. You might have to do a quick demonstration to refresh students memories, but they will have used the Rational Application Developer assembly and deploy by the time they get to this exercise.

13-2 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Enabling application security
In a previous exercise, administrative security was configured. This exercise enables and configures application security. The application security allows WebSphere to provide authentication and authorization for the enterprise applications. So, unlike administrative security (which secures the administrative interfaces), application security controls who has access to which parts of the enterprise applications being run within the application servers. In this section of the lab, WebSphere application security is enabled through the administrative console. __ 1. Configure the application security setting. __ a. Make sure you are logged in to the administrative console with a user ID that gives you administrator privileges, such as wasadmin or wasadm __ b. Click Security > Global security. __ c. Check the box next to Enable application security and click Apply.

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-3

Instructor Exercises Guide

Information WebSphere administration security was already enabled during profile creation. At this point, all that is being done is the enabling of application security. As such, there is no need to define user registries or authentication mechanisms.

__ d. Save the changes and make sure to synchronize the nodes. __ 2. Restart all WebSphere Application Server processes. __ a. Using the administrative console, stop the cluster. This stops all of the application servers within the cluster. __ b. Restart the cluster. Information In previous versions of WebSphere, all processes within the cell would have needed to be restarted. Because global security was already enabled at profile creation time, the inclusion of application security only required the restarting of the application servers.

Securing the Trade application


When running with application security enabled, enterprise applications can take advantage of role-based application security to restrict access to servlet and EJB resources. The Trade applications administration module has already been configured to take advantage of application security by adding a security role called TradeAdmin to the application and mapping it to parts of the administration module. At this point, all that still needs to be done by the administrator is to map the TradeAdmin security role to the users or groups that exist in the runtime environment. Information Java 2 security can also be used to provide fine-grained access to system resources, such as ports, sockets, file system, and so forth. Java 2 security is orthogonal to J2EE security and does not require administrative security to be enforced. In this exercise you do not use Java 2 security.

__ 1. Create a new user ID TradeUser to use for application authentication. __ a. In the administrative console, expand Users and Groups and click Manage Users.

13-4 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Leave the defaults and click Search. This will display the list of current administrative users. __ c. Click Create. __ d. Enter the User ID: TradeUser Enter anything for the First name and Last name. Enter web1sphere for the Password and Confirm password fields and click Create.

__ e. Click Close. __ 2. Test the application before mapping roles to users and groups. __ a. With all the servers up and running, access the address: http://localhost/Trade/web/welcome.html

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-5

Instructor Exercises Guide

__ b. Click Administration.

Information Note that only the administration part of the application has been enabled for security. The rest of the application can be accessed just as before application security was enabled.

13-6 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Try to log in to the administration module of the Trade application. Enter TradeUser and web1sphere and click Login.

__ d. At this point, you get an error page. This is because you have not defined TradeUser as a user that can assume the role of TradeAdmin. The TradeAdmin application security role has been mapped to various servlet and EJB methods within the Trade application. Once application security is enabled, a user attempting to access these secured methods has to be mapped to the TradeAdmin security role. __ 3. Create a registry group and user to which the TradeAdmin security role can be mapped. Information It would be easiest to simply map the application security role to a list of user IDs. But, it is a much better practice to use a group instead.

__ a. In the administrative console, expand Users and Groups and click Manage Groups.

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-7

Instructor Exercises Guide

__ b. Click Search. This will display the list of current WebSphere administrative groups. At this point, there should not be any.

__ c. Click Create. Enter TradeGroup or the Group name and anything for the Description. Click Create.

__ d. Click Close. __ 4. Add TradeUser to the TradeGroup. __ a. Click Users and Groups > Manage Groups.

13-8 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Click TradeGroup.

__ c. Click the Members tab.

__ d. Click Add Users.

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-9

Instructor Exercises Guide

__ e. On the next screen, click Search. The result shows the list of known users.

__ f.

Select TradeUser and click Add.

__ g. Click Close to verify that the TradeUser was added to the TradeGroup. __ 5. Map users and groups to Java EE security roles defined within the enterprise application. __ a. Click Applications > Application Types > WebSphere enterprise applications. __ b. Click TradeApplication.

13-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Under Detail Properties, click Security roles to user/group mapping. Note at this time there are no users or groups mapped to the TradeAdmin security role.

Information There are four types of users: Everyone, All authenticated, Mapped users and Mapped groups. The first two do not apply to this exercise as you do not want Everyone to access the administration module; and since there has been no previous opportunity to authenticate, that rules out All authenticated. The mapped entries refer to users and groups in the current user registry.

__ d. Select the TradeAdmin role and click Map Groups.

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-11

Instructor Exercises Guide

__ e. Make sure the Search String is * and click Search. Note that the Available list fills up with the group defined within the WebSphere user registry. __ f. Select TradeGroup and click the right arrow to move the entry to the Selected list.

__ g. Click OK.

__ h. Click OK. __ i. Save the changes.

13-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Note If necessary, in the left navigation bar click System administration > Save changes to master repository. Notice that there are pending changes that need to be saved to the master configuration. Click Save.

__ 6. Ensure that the nodes have been fully synchronized. __ a. Click System administration > Nodes. __ b. Select both the nodes in the cluster and click Full Resynchronize.

__ 7. Close all Web browser windows. Open a new Web browser. Access the welcome page of the Trade application at http://localhost/Trade/web/welcome.html __ 8. Click Administration. __ 9. Log in using TradeUser and web1sphere

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-13

Instructor Exercises Guide

Warning Beware, this may not work immediately. By default, the application server has a 10-minute authentication cache timeout. Therefore, if the initial login failure is still cached, it may not time out for up to 10 minutes. To solve this problem, you can either wait until the timeout happens or restart the application server. To view you security authentication timeout settings, go to Security > Global security > Authentication cache settings (which is under Authentication mechanisms).

__ 10. This time you are authenticated properly and allowed access.

13-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 11. From the menu click Adjust Balance.

__ 12. Enter a new amount for one or more users and click Set balance. __ 13. Confirm that the amount changed. __ 14. Click Logout.

How does it work? (optional)


To complete this part of the exercise, you need to open the assembly and deploy tool to the workspace you created earlier in this class when assembling the Trade application. The assembly and deploy tool is used to explore the EAR file, the TradeEJB and TradeWeb modules to see how security is configured. Instructions on using the assembly and deploy tool itself will be short and to the point; you should be familiar with the assembly and deploy tool from previous exercises. Information The assembly and deploy tool is currently only available for Windows and Linux.

__ 1. Start the assembly and deploy tool and point it to the workspace where you assembled the Trade application.

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-15

Instructor Exercises Guide

Linux Start the assembly and deploy tool by navigating to /opt/IBM/SDP and invoking the ./eclipse & command.

Note If you did not assemble the Trade application in an earlier exercise, complete the following steps: 5) Enter <software_dir>\Assemble\TradeApp and click OK. 6) Close the Welcome screen by clicking the X in the Welcome tab. 7) Click File > Import > Java EE > EAR file. 8) Click Next. 9) Browse to <software_dir>\solutions and select TradeApplication.ear. 10)Click OK. 11) Click Finish. This will import the TradeApplication.ear to explore for this portion of the exercise.

__ 2. Switch to the Java EE perspective, if it is not already set. __ 3. The first interesting question on your mind probably is: Why does clicking the Administration button on the welcome page cause an authorization challenge to be presented, and how does the application know which page to display with the login form? __ a. In the Enterprise Explorer expand TradeWeb > WebContent > WEB-INF. Double-click web.xml, which represents the deployment descriptor. The Web Application Deployment Descriptor Editor for this module opens on the editor pane on the upper right corner of the window. __ b. Double-click the web.xml tab to maximize the Web Application Deployment Descriptor Editor. This will enable you to see the Web Application Structure more easily.

13-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Click Login Configuration in the Web Application Structure.

You may see errors detected at the top of the page. This can be ignored. Note Note that the Authentication Method is set to FORM. This means the application provides its own login and error pages in this case adminlogin.jsp and loginfailure.jsp respectively. You may open these pages if you wish to see how they are coded.

When a protected resource is accessed by a non-authenticated user, WebSphere Application Server presents the login page instead of the requested resource. After successful authentication the originally requested resource is served. __ 4. The next question is: How are resources protected or secured? __ a. Click Security Constraint in the Web Application Structure of the editor.

Notice the role name TradeAdmin in the Authorization Constraint area.


Copyright IBM Corp. 2009 Exercise 13. Configuring application security
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-17

Instructor Exercises Guide

__ b. Click the Web Resource Collection (under Security Constraint) in the Web Application Structure of the editor.

In the Details section of the Web Resource Collection you should see a set of HTTP access methods and URL patterns which can be assigned to an Authorized role.

In this case you see that one of the URL patterns is /adminFunctions. This is the page called when the Administration button is clicked on the welcome page. At the bottom of the figure above note that the AdminFunctions resource collection has a Web resource name AdminFunctions. All of these resources are part of the security constraint that is associated with the TradeAdmin role.

13-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Any time any of the above resources are accessed by an non-authenticated user, the login page is presented instead.

This is how the Web module is protected. __ c. Double-click the web.xml tab again to reduce the size. __ 5. Enterprise JavaBeans are protected through method permissions, all Enterprise JavaBeans in this application are accessed through a session bean called TradeFacade. Therefore protecting the Enterprise JavaBeans only involves protecting key methods of this bean. __ a. Expand TradeEJB. Double-click the second TradeEJB, which represents the deployment descriptor. The deployment descriptor editor for this module opens on the editor pane on the upper right corner of the window.

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-19

Instructor Exercises Guide

__ b. Expand the Assembly and Method Permission lines of the editor.

__ c. Here you see that the TradeAdmin security role has been granted permission to access two methods of the TradeFacade EJB. These methods are the ones called to get the registered accounts and to set the balances for the accounts. __ 6. Security roles can be added through the application, EJB, and Web module deployment descriptor editors. In the case of the TradeApplication the security roles were added in the Web and EJB modules. There is also an option to add security roles to the application deployment descriptor. __ 7. Close the assembly and deploy tool when you finish exploring.

End of lab

13-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


The first part of the exercise looked at setting up security for accessing the WebSphere administrative console. Then application security was enabled and access to the Trade application was tested. Lastly an explanation of how Java EE security is configured in the assembly and deploy tool was presented.

Copyright IBM Corp. 2009

Exercise 13. Configuring application security


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

13-21

Instructor Exercises Guide

13-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 14.Configuring SSL for WebSphere


Estimated time
01:00

What this exercise is about


This exercise explores some of the features and configurations within WebSpheres SSL environment. It goes through the process of creating a profile and then examining the certificates created specifically for the node within the profile. It then explores some of the administration tasks required for managing the certificates within a cell. Finally, in an optional part of the exercise, the IHS is configured to use a self-signed certificate to secure the communications between a browser and the Web server.

What you should be able to do


At the end of the lab, you should be able to: Define the certificate life span of a profile Use the administrative console to find and view certificates within a cell Configure and run the certificate expiration service Propagate the generated plug-in keystore out to the plug-ins Create a keystore for a Web server Generate a self-signed key Configure IBM HTTP Server to load and use HTTPS

Introduction
WebSphere Application Server V7 configures and manages many of the SSL configurations that are required to secure communication within a cell. But, it is important to understand how this infrastructure works so that it can be maintained correctly. This exercise goes through creating a new profile and examining the certificates and keystores that are created for that new profile or node. The exercise then looks at the interfaces that deal with expiring certificates. It also
Copyright IBM Corp. 2009 Exercise 14. Configuring SSL for WebSphere
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-1

Instructor Exercises Guide

goes through the log files and security reports that are helpful in tracking when certificates are about to expire. Another very important step in managing a WebSphere environment is propagating keystores out to the Web server plug-ins. This lab goes through the steps required to view the plug-ins generated keystore and then propagate it out to the Web server. As an optional part of the lab, the last section goes through configuring the IBM HTTP Server for inbound SSL. iKeyman is used to generate a new keystore and self-signed certificate. IBM HTTP Server is then configured to support HTTPS communications using the newly created certificate.

Requirements
This lab requires a computer properly set up with WebSphere Application Server V7 installed, IBM HTTP Server installed, and the necessary startup and program files.

Instructor exercise overview


This lab starts off with creating a profile so that the students can see the configuration of the nodes personal certificate as well as the nodes root certificate. The first defaults to a 1-year lifespan, and the latter has a 15-year life span. The students then explore the SSL configuration, keystores, truststores, personal certificates and signer certificates using the administrative console. They also go through the interfaces dealing with certificate expiration so that they can better understand what happens when certificates are replaced. They also get to view the log file entries as well as the security report (which should give them a good feel for how to understand their environment and when things will expire). This lab should be fairly stable as much of it is simply exploring. One area to watch for is if students actually expire or manually replace their certificates. Things can get messy very quickly if they start doing the wrong things. That is why you have them do a backup before the lab starts. Use that to recover if necessary. One last note: when certificates are replaced (either manually or automatically) the behavior will change based on which fix pack was used. In the 7.0.0.0 version, a cell root certificate is used to sign any replacement certificates. While this sounds like a good thing, the fact that the signing certificate has changed can cause problems. So, in 7.0.0.1, the behavior changes to using the original node root certificate to sign replacement certificates. This is still not the best result. Thus there are expectations that in a future fix pack, all node certificates will be signed by the cell root certificate upon federation.

14-2 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Create a backup
Since this exercise makes changes to the existing environment which, if done incorrectly, could cause problems for the rest of the exercises, doing a backup at this point is a good idea. __ 1. Create a backup for the deployment manager. __ a. In a command-prompt window, navigate to the <profile_root>\DmgrProfile\bin directory. __ b. Stop the deployment manager process if it is running by issuing the following command: stopManager.bat -username wasadmin -password web1sphere

On UNIX: ./stopManager.sh -username wasadmin -password web1sphere

__ c. Once the deployment manager has stopped, issue the following command to backup the entire profile: manageprofiles.bat -backupProfile -profileName DmgrProfile -backupFile <software_dir>\backups\Pre-SSL_backup.zip

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-3

Instructor Exercises Guide

On UNIX: ./manageprofiles.sh -backupProfile -profileName DmgrProfile -backupFile <software_dir>/backups/Pre-SSL_backup.zip

__ 2. Restart the deployment manager. __ a. From a command window, in the deployment managers profile\bin directory, issue the startManager command.

Create a new profile


In order to better understand the various pieces of the SSL puzzle within the WebSphere Application Server environment, a new custom profile is created. This will help demonstrate how and where the various keystores and certificates are managed. __ 1. Start the Profile Management Tool. __ a. Click Start > Programs > IBM WebSphere > Application Server Network Deployment V7.0 > Profile Management Tool.

To start the Profile Management Tool on UNIX, navigate to <was_root>/bin/ProfileManagement and run ./pmt.sh &
.

__ b. The Welcome screen for the profile creation wizard appears. Click Launch Profile Management Tool. __ 2. Create a custom profile called SSL and federate it to the deployment managers configuration. __ a. In the Profiles window click Create. __ b. In the wizard, select the Custom profile option and click Next. __ c. On the Profile Creation Options page, select Advanced profile creation and click Next.

14-4 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. For the profile name and location enter SSL and <profile_root>\SSL Click Next.

__ e. On the Node name and Host name screen, ensure the values of was7hostXXNode03 and was7hostXX are entered (if on UNIX a fully qualified name is presented, accept it: was7hostXX.ibm.com). Click Next.

__ f.

On the Federation window enter was7hostXX for the deployment managers host name. The default SOAP port (8879) is shown. Enter wasadmin for the security user name and web1sphere for the password. Be sure that the

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-5

Instructor Exercises Guide

Federate this node later option is not selected. The node should automatically be federated to the cell during creation. Click Next.

__ g. On the next screen, accept the defaults for creating a new default personal certificate and a new root signing certificate. Click Next. Information On the next screen, you see the specifics of the certificates that are about to be created. The alternative on this screen is to import existing certificates.

14-6 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ h. On the next screen, which specifies the profiles node certificate information, accept the defaults and click Next. Make sure to read the next information block as it explains the importance of these entries and how they relate to SSL.

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-7

Instructor Exercises Guide

Information Unlike in WebSphere Application Server V6.1, each node (or profile) no longer gets a single self-signed certificate. Instead, in WebSphere Application Server V7, two certificates are created. The first one is the nodes personal certificate that is by default used for secured communication with the node and any application servers on that node. This personal certificate has a default life span of 1 year. Note that this is not a self-signed certificate. Instead, it is signed by the second certificate specified on this screen. That is the nodes root certificate. Unlike the nodes personal certificate, the nodes root certificate has a default life span of 15 years. This longer life span helps when the personal certificate is replaced close to when it is about to expire. Since all of the personal certificates (old and new) are signed by the nodes root certificate (which has a 15-year life span instead of just 1 year) any processes that need to communicate securely with the node agent or application servers will already have access to a valid copy of the nodes root signer certificate regardless of whether the personal certificate has been undated. This model helps solve some of the certificate propagation problems since updating personal certificates no longer requires any sort of certificate propagation to occur. As background, signer certificate propagation within a cell is accomplished through standard node synchronization. All of the node signer certificates are included in the cell truststore file, which is synchronized throughout the cell. Propagation to Web server plug-ins, however, is more tricky. In order for the plug-ins to be able to communicate securely with the application servers, they need access to the appropriate signer certificates. The node signer certificates are made available to the plug-ins in their generated plug-in key rings. Since the nodes root certificates are now being used as the signers, updating expiring personal certificates is no longer a problem. However, adding new nodes to a cell does require propagation of the plug-in key rings. Just like plugin-cfg.xml files, this propagation can either be done manually or, in some limited cases, automatically. Note: the keystore password defaults to WebAS

__ i. __ j.

Accept the default ports on the next screen. Click Next. On the summary screen, click Create.

__ k. The profile creation is now complete, uncheck the Launch the First steps console and click Finish. Close the Profile Management Tool. __ 3. Verify the new node in the administrative console. __ a. Open an instance of the administrative console and log in as wasadmin with password web1sphere

14-8 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. Go to System administration > Nodes and verify that this new node (was7hostXXNode03) now exists. __ c. Stop the node agent for node was7hostXXNode03. Since the node is not actually used in this exercise, and to save system resources, select the node and click Stop.

Examine the node certificates


This new node has a couple of certificates that are associated with it. The section of the exercise uses the administrative console to examine them. __ 1. Examine the node certificates. __ a. In the administrative console, navigate to Security > SSL certificate and key management. __ b. On the right side, under Related Items, click Key stores and certificates.

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-9

Instructor Exercises Guide

__ c. This screen shows a list of the keystores and trust files for the cell. Click the key store link for the node that was just created (was7hostXXNode03).

14-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. The next screen shows the basic information for the node keystore. On the right, under Additional Properties, click Personal certificates.

__ e. This screen shows the keystore entries for the node that was just created. Notice there are two chained certificates. The first, whose alias is default, is the new nodes personal certificate. Notice that it is set to expire in 1 year. The second is the new nodes root certificate, which expires in 15 years. Take note of the

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-11

Instructor Exercises Guide

root certificates Serial Number (Serial #: _______________________ ) and Expiration date (Date: _______________________ ).

__ f.

Tracking the serial numbers can be helpful. In other parts of the administrative console, the representation of the certificates can change. In order to tell which certificate is which, knowing the serial number can be helpful. Click the alias default for further information. Knowledge of the Fingerprint can also be helpful. Usually knowing just the last couple of bits is sufficient FB:55

14-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ g. Using the breadcrumb trail, return to the NodeDefaultKeyStore. This time, click the Signer certificates link. Notice that none are listed. This is because they are stored in the trust files. __ 2. Examine the nodes signer certificates. __ a. Using the breadcrumb trail, return to the Key stores and certificates. __ b. Click the CellDefaultTrustStore.

__ c. On the right, under Additional Properties, click Signer certificates.

__ d. At this point you get a list of signer certificates in the cell default truststore. Look for the root signer certificate (not the personal certificate) for the new node. The biggest clue will be the node name of was7hostXXNode03. But you can also

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-13

Instructor Exercises Guide

possibly tell by the expiration date which you saw in the previous step. In this case, the alias is default_4.

14-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. Click the alias for the new nodes root signer certificate.

__ f.

Notice that the Serial number matches the serial number from the previous step where you noted the information for the nodes root certificate. This verifies the fact that the signer certificate for the nodes root certificate was indeed added to the cell default truststore. And since the cell default truststore is synchronized to all nodes within a cell, all nodes and all application servers have access to all signer certificates. Information

It is expected that in a future fix pack, node certificates will no longer be signed by the node root certificate. Instead, upon federation, a new certificate will be generated for the federating node which will be signed by the cell root certificate. This is beneficial since adding new nodes to a cell will no longer require propagation of new plug-in keystores.

Examine certificate expiration and updating


Since the personal certificates have a life span of only 1 year, administrators need to be aware that these certificates will expire. Fortunately, WebSphere has a built-in mechanism to automatically update these certificates when they are about to expire. And, since the

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-15

Instructor Exercises Guide

signer certificates remain the same, there is no need to propagate anything new to the remote nodes or plug-ins. __ 1. Examine the certificate expiration settings. __ a. In the administrative console, navigate to Security > SSL certificate and key management. Under Configuration settings click Manage certificate expiration.

Built into WebSphere is a service that runs through the list of all certificates and replaces any that are about to expire. This screen configures when that service is run. It could be run immediately by clicking Start now, or it can be scheduled. As seen below, it defaults to running every forth Sunday at 21:30. This checking can be turned off by unchecking the Enable checking box. It is also possible to run the

14-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

checking service but to not automatically replace the existing certificates or to not delete the replaced expiring certificates.

By default, the expiration notifications are written to the log file. Additional notifications, including e-mail, can be configured by clicking the Notifications link under Related Items. Information The name of the Expiration notification threshold field can be misleading. When the expiration notification thread is run (either manually or through scheduling), it checks to see if any certificates are within X days (defined by the expiration notification threshold) of the current date. If there are any, they are subject to replacement. There is another field (not visible through the administrative console) that defines how many days out the notification (but not replacement) occurs.

__ b. Run the expiration notification service now by clicking Start now. Using a text editor, open the deployment managers SystemOut.log. Near the end of the file,

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-17

Instructor Exercises Guide

there will be an entry starting with Expiration Monitor and it looks something like this:

__ c. Since the cell has been newly created, there should be no certificates that need replacing. If any changes need to be saved, feel free to either save or discard. __ 2. Use the security report to view the list of all the certificates and their expiration dates. __ a. In the administrative console, navigate to Security > Global security. Click Security Configuration Report.

14-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. A new browser window shows the HTML report. Scroll to the bottom of the report and find the Certificate Management section.

__ c. Notice the list of the certificates and the expiration dates. This report can be a very helpful tool for administrators in dealing with their certificate management. Warning When WebSphere Application Server V7 updates a node certificate (either manually or automatically), the specifics of the replacement certificate depend on the fix pack level. If no fix packs are present (v7.0.0.0), the new node certificate will be created and will be signed by the cell root certificate (not by the node root certificate, as the original node certificate was signed). This might be important if existing SSL relationships exist which depend on the propagation of the signer certificate. In most situations, this does not cause a problem since all nodes have access to the cell root signer via the cell default truststore. Also, all plug-ins have access to the cell root signer via the generated keystores. Where this could become an issue is in cases where additional SSL configurations are established. If fix pack 1 (7.0.0.1) has been installed, replacement node certificates will be signed by the original signer. In most cases this means the node root certificate. Therefore, any existing SSL relationships should still work after a node certificate is replaced. Future fix packs may change this behavior.

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-19

Instructor Exercises Guide

Plug-in key ring propagation


Not only do the processes within cells (deployment managers, node agents, and application servers) need to have certificates and know about each others signer certificates, so do the Web server plug-ins. If the communication between the Web server plug-ins and the application servers is to be secured, the plug-ins and application servers need to be able to negotiate an SSL session. To do this, they need to have personal certificates (by default the application servers use the node personal certificate) and have access to each others signer certificates. WebSphere is able to make sure that all of the required certificates are available to the Web server plug-ins by creating the plug-ins keystores from within WebSphere. By doing so, WebSphere can make sure that not only does the plug-in have a valid personal certificate, but that it also has all of the necessary node signer certificates. At the same time, WebSphere can ensure that the plug-ins signer certificate is also available in the cell truststore. The real problem with this approach is that once WebSphere generates the plug-in keystore, it then still needs to be propagated to the machine running the Web server. There is also a problem with updating the plug-in keystores once new nodes are added to the cell (or if existing nodes have their signer certificates replaced). This would require that the plug-in keystores be regenerated and repropagated to the Web server. The propagation process of plug-in keystores is similar to the propagation of the plugin-cfg.xml file. It is usually done manually, but in some cases can be configured to be done automatically (although this is usually not desirable). __ 1. View the contents of the plug-in keystore.

14-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. In the administrative console, navigate to Servers > Server Types > Web servers. Click your webserver link (webserverXX). Then, under Additional Properties, click Plug-in properties.

__ b. Notice the plug-in keystore file name. Initially this file can be found within the configuration directory structure of the deployment manager. It can be found under the ihsnode directory. More specifically, the directory would be: <profile_root>\DmgrProfile\config\cells\<cell-name>\ nodes\ihsnode\servers\<web-server> This is also the same directory where the Web server specific version of the plugin-cfg.xml exists.

__ c. Take note of the size of the file.


Copyright IBM Corp. 2009 Exercise 14. Configuring SSL for WebSphere
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-21

Instructor Exercises Guide

__ d. Next, examine the contents of this file. In the console, click the Manage keys and certificates button. On the right, click Signer certificates.

__ e. At this point, there are probably at least two pages worth of signer certificates. Scroll to the bottom of the page and click the button to go to the next page. It would also be possible to filter based on the name default*.

__ f.

Verify that the signer certificate for the new node (was7hostXXNode03) is among the signer certificates.

__ 2. Propagate the plug-in keystore file. Although this is usually a manual process, there are some cases where it can be configured to be done automatically or through the administrative console.

14-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. Using Windows Explorer, navigate to the <plugin_root>\config\webserverXX directory. Take note of the size and date-time stamp for the current plugin-key.kdb.

__ b. Return to the administrative console and return to the Web servers plug-in properties page. Click the Copy to Web server key store directory button. __ c. Notice the message at the top of the administrative console window shows a successful copying of the files:

__ d. Return to the Explorer window and verify that the size of the file (and the date-time stamp) has changed.

__ 3. If you have time, try using iKeyman to open the kdb file above on the Web server machine and verify that the new signer certificate has been propagated.

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-23

Instructor Exercises Guide

Configuring SSL for IHS (optional)


This section of the lab steps through the process of creating a certificate and a key ring. These will then be used to configure SSL on the connection between the client browser and the Web server. __ 1. Create a new directory to hold the key ring. __ a. Create the directory: <ihs_root>\ssl __ 2. Create a key ring with a self-signed certificate for IHS. __ a. Run IHSs iKeyman. This can be done through either a command-line window or using Start > Programs > IBM HTTP Server V7.0 > Start Key Management Utility. This could also be done from the command line by executing the following command from <ihs_root>\bin: ikeyman.bat

On UNIX, from the bin directory, use the following command: ./ikeyman &

__ b. Create a new key ring by selecting Key Database File > New. __ c. Use type CMS, file name ihsKeyring.kdb, and a location of <ihs_root>\ssl Click OK.

14-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ d. When prompted for a password for the key ring, enter and confirm web1sphere as the password. If desired, modify the expiration time. Check the Stash the password to a file check box.

Warning The stash file is created containing an encoded form of the password. This encoding prevents casual viewing of the password, but is not highly secure. Therefore, you should protect this file by using operating system file permissions to prevent all access from unauthorized principals. The file name of the stash file will be the same as the name of the key file, only it will have an .sth suffix. The stash file gets stored in the same directory as the key file.

__ e. Click OK. __ 3. Create a new self-signed certificate. __ a. In iKeyman, select Create > New Self-Signed Certificate and enter the following information: Table 21: Self-signed certificate details Example Description Key label IHSCertificate Common name www.trade.com Organization Trade Organization unit Trade Locality myLocation State or province myState Zip code myZipcode

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-25

Instructor Exercises Guide

__ b. Accept the defaults for the Version, Key Size, and Validity Period.

__ c. Click OK. Information This stores the certificate in the key file in the Personal Certificates section. Optionally (there is no need to do this in the exercise) it is possible to extract the public signing certificate so that clients can use it. To do this, click Extract Certificate, and then enter a File Name and Location. Click OK.

__ d. Exit iKeyman by going to Key Database File > Exit. __ e. Check the contents of the <ihs_root>\ssl\ directory and verify that the following files were created: ihsKeyring.kdb, ihsKeyring.sth, and ihsKeyring.rdb. __ 4. Configure IHS for HTTPS. This requires modifying the httpd.conf in order to define the required setting to enable SSL for IBM HTTP Server. It also includes loading the SSL module, defining a listener port, defining a virtual host, and enabling SSL. __ a. Add www.trade.com to the hosts file by editing the file C:\WINDOWS\System32\drivers\etc\hosts and adding a line at the bottom to
14-26 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

define the host name www.trade.com and map it to your systems IP address. You can find your IP address by using the command ipconfig in a command window.

The hosts file on UNIX systems can be found at /etc/hosts The command to find your IP address on a UNIX system is: ifconfig -a

__ b. Save and exit the file. __ c. Back up the httpd.conf. Since changes are about to be made to the httpd.conf, it would be a good idea to make a backup of it before starting. Copy the httpd.conf in <ihs_root>\conf to httpd-backup.conf. __ d. Using a text editor, open httpd.conf in <ihs_root>\conf. Add a virtual host definition for HTTPS. This allows for the definition of HTTPS on a separate virtual host from HTTP. Place these lines near the very bottom of the httpd.conf, after the VirtualHost examples and before the loading of the WebSphere plug-in module. LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Listen 0.0.0.0:443 <VirtualHost *:443> SSLEnable </VirtualHost> KeyFile "C:/Program Files/IBM/HTTPServer/ssl/ihsKeyring.kdb"

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-27

Instructor Exercises Guide

SSLDisable Information There are sample configuration files in <software_dir>\ssl\ that can be used to copy and paste. These files include only the last portion of a completed httpd.conf.

Make sure the paths and slashes are correct if this is being done on a UNIX system. LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Listen 0.0.0.0:443 <VirtualHost *:443> SSLEnable </VirtualHost> KeyFile /usr/IBM/HTTPServer/ssl/ihsKeyring.kdb SSLDisable

__ e. Save your updates and exit the editor.

Testing the SSL connection


__ 1. Restart the IBM HTTP Server process so that the new httpd.conf settings take effect. __ a. Using the Window Services, select the IBM HTTP Server 7.0 service from its context menu select Restart.

On UNIX, use the command <ihs_root>/bin/apachectl restart to restart the server.

__ b. Verify that the IBM HTTP Server process is running by checking the system process list. If IBM HTTP Server failed to start, check the <ihs_root>\logs\error.log and <profile_root>\logs\<webserver>\http_plugin.log for the possible cause. __ 2. Connect to IBM HTTP Server using HTTPS. __ a. First, verify that the Web server is actually running. Connect to the following site:

14-28 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

http://localhost/

__ b. Now that the Web server is known to be running, enter the following address to verify that HTTPS is working (notice, the only difference is that the HTTP protocol was replaced with HTTPS): https://localhost/ __ 3. Correct the certificate warnings. There should be a warning since there are a couple of problems with the servers certificate. The first problem is that the server name does not match the URL (localhost versus www.trade.com). The second problem is that since a self-signed certificate is being used, the signer certificate is unknown to the browser. Both problems can be ignored, but the next few steps can help correct the issues (these steps are specific to IE 7 other browsers will have different interfaces).

Since your browser will be different on UNIX, the next few steps will not apply to your environment. In your case, simply accept the certificates.

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-29

Instructor Exercises Guide

__ a. Click Continue to this website.

__ b. Notice that the URL has a red background and there is a Certificate Error window. Click the Certificate Error. Then click View certificates.

__ c. On the pop-up Certificate window, the message indicates that the CA Root certificate is not trusted. This is simply because the certificate is self-signed and

14-30 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

unknown to the browser. Click the Install Certificate button to install the signer certificate.

__ d. Take all the defaults in the wizard that comes up. That will be a Next, another Next, a Finish and a Yes to install the certificate. Click OK and OK again to close the dialog boxes. __ e. Notice that the certificate warning is still there. Now use the following address and notice that the certificate warning is gone: https://www.trade.com/ __ 4. Finally, try connecting to both snoop and the TradeApplication using https: https://www.trade.com/snoop https://www.trade.com/Trade/web __ a. Verify that the application servers are running. __ b. Using a browser, connect to both of the addresses above. Note: if application security is enabled, the snoop servlet will prompt for authentication. This is because it has been configured to allow access to all authenticated users. Use any of the user IDs that have been created already to authenticate, for example wasadmin.

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-31

Instructor Exercises Guide

Notice that both addresses work correctly using secured communication. Also notice the icon next to the address window indicating that the communications are going over SSL (note: each browser has its own icon).

End of exercise

14-32 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise review and wrap-up


This lab introduced basic HTTPS configuration concepts for both IBM HTTP Server and WebSphere Application Server.

Copyright IBM Corp. 2009

Exercise 14. Configuring SSL for WebSphere


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

14-33

Instructor Exercises Guide

14-34 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 15.Auditing (optional)


Estimated time
01:00

What this exercise is about


The objective of this lab is to go through some of the new security auditing features in WebSphere Application Server V7. This exercise is split into two main sections. The first half goes through the process of enabling security auditing, setting basic audit configurations and viewing the audit reports. The second half, which is optional, goes through some slightly more advanced features of the auditing functionality, including encrypting and digitally signing the audit logs.

What you should be able to do


At the end of the exercise, you should be able to: Enable security auditing Configure security auditing for different administrative users Generate and view security audit reports Configure new event filters Configure digital signing for the audit logs Configure encryption settings for security auditing

Introduction
This lab goes through the process of configuring and enabling WebSphere auditing. It starts by defining a new administrative user that is defined as an auditor role. This allows for a level of separation between those with administrator rights and those that can audit. Next, the exercise configures and enables the basic auditing settings and views the resulting audit logs. Finally, the last section of the exercise is optional and goes very briefly through some slightly more advanced features of auditing. These features include adding filters, digitally signing, and encrypting audit records.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-1

Instructor Exercises Guide

Requirements
This exercise requires a workstation with WebSphere Application Server V7 installed and that the previous exercises for this course have been successfully completed.

Instructor exercise overview


This exercise is simple and straightforward, as long as the previous labs have been completed successfully.

15-2 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise instructions
Defining WebSphere administrative console users
WebSphere has the ability to grant administrative users different roles to distinguish between the sorts of access they have within a cell or application server. With WebSphere Application Server V7, a new role of auditor has been added and is required to configure and enable any of the auditing features. By having a separate role for auditing, it is possible to distinguish between administrative users and those users to whom you want to grant access for the auditing functions. First create some WebSphere users for testing purposes. __ 1. For security reasons, it is not necessarily desirable to have administrators be able to configure and control the audit settings. The primary security user has implicit rights to the audit functionality, but other administrators do not (unless they have explicitly had the audit role added to their user). This step goes through adding a new user named wasaudit and assigning it to the auditor role. __ a. Log in to the WebSphere administrative console as wasadmin (or some other user in the administrative security manager role). __ b. Expand Users and Groups in the left navigation menu and select Manage Users.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-3

Instructor Exercises Guide

__ c. Leave the defaults and click Search. This displays the list of current WebSphere administrative users.

__ d. Click Create to create the new wasaudit user. Information Other users may also exist, depending on which exercises have been completed.

15-4 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ e. Enter the User ID: wasaudit Enter anything for the First name and Last name. Enter web1sphere for the Password and Confirm password. Then click Create.

__ f.

Click Close to exit the Manage Users wizard.

__ 2. Assign the Auditor role to the wasaudit user. __ a. Under Users and Groups in the administrative console, select Administrative user roles. Click Add.

__ b. Click Search to display the list of available users. Select wasaudit from the Available column near the bottom of the screen and click the right arrow to move it to the Mapped to role column. Then select the Auditor role near the top

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-5

Instructor Exercises Guide

of the screen. Click OK to create the mapping between the wasaudit user and the auditor role.

__ 3. Save the changes. Wait for the nodes to synchronize and click OK.

15-6 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Information Since these particular users are stored within the WebSphere configuration information, it is a good idea to do a full resynchronize with the nodes after creating new users.

Configure and enable WebSphere security auditing


Now that an auditor user exists, this part of the exercise configures and enables WebSphere security auditing. Before auditing can be enabled, several configuration settings need to be set so that the audit service knows what to do with the audit events. This section of the exercise simply turns on the basic auditing functions and sends the output to a log file. __ 1. Before enabling security auditing, there are some configuration settings that need to be set. __ a. In the administrative console, click Security > Security auditing. __ b. Before enabling the auditing, it is necessary to determine what happens with the audit records. Start by clicking Audit monitor under Related Items. __ c. Under Notifications, click New. __ d. This screen defines the notification specifics. Enter Log_Notification for the Notification name and check the Message log box. This causes the audit logs

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-7

Instructor Exercises Guide

to be written to a local log file. It is also be possible to configure e-mail notifications if that is desired.

__ e. Click OK And Save the changes. __ f. Wait for the nodes to synchronize and click OK.

__ g. Now that a notification definition exists, it is possible to configure auditing to use that notification. On the same screen, check the Enable monitoring box and

15-8 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

verify that Log_Notification has been selected in the Monitor notification drop-down list.

__ h. Click OK and Save the changes. __ i. Wait for the nodes to synchronize and click OK. This returns you to the main Security auditing page.

__ 2. Now that the configuration settings have been completed, it is possible to enable the auditing.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-9

Instructor Exercises Guide

__ a. At this point, check the Enable security auditing box. From the Audit subsystem failure action drop-down list, select Log warning. And from the Primary auditor user name, select wasaudit.

Information The Audit subsystem failure action drop-down menu has the following options: No warning: The No warning action specifies that the auditor will not be notified of a failure in the audit subsystem. The product will continue processing but audit reporting will be disabled. Log warning: The Log warning action specifies that the auditor will be notified of a failure in the audit subsystem. The product will continue processing but audit reporting will be disabled. Terminate server: The Terminate server action specifies the application server to gracefully quiesce when a fatal error occurs in the auditing subsystem. If e-mail notifications are configured, the auditor will be sent a notification that an error has occurred. If logging to the system log is configured, the notification of the failure will be logged to the system file.

__ b. Click Apply and Save the changes. __ c. Wait for the nodes to synchronize and click OK.

15-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 3. Restart all the processes in the environment so that they all pick up the changes. In this case, this includes the deployment manager, the node agents, and the application servers.

View the audit logs


WebSphere security auditing has now been turned on. This part of the exercise goes through the process of viewing the audit data. The fastest way to view the data is to simply look at the log file that is generated, but that can be difficult to read. The other way to view the data is to use wsadmin to generate an HTML report. This part of the exercise goes through both of these options. __ 1. View the log records with a text editor. __ a. Using a text editor, open the file called BinaryAudit in the <profile_root>\DmgrProfile\logs\dmgr directory.

Information In a stand-alone application server environment the name of the file will simply be BinaryAudit.log. In a federated environment, the file name will differ depending on which process you are inspecting.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-11

Instructor Exercises Guide

__ b. Notice the sequence numbers. Those are the individual audit records, but this format certainly is not easy to read.

__ c. If a better text editor than Notepad is used, the output can be slightly more readable, but still not easy to read.

__ d. It is also possible, if available, to use tail -f in a command window to track the entries added to the log file in real time.
15-12 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 2. Verify that auditing is actually seeing events that need to be reported. __ a. Open a new browser instance to the administrative console. __ b. When prompted for a user name and password, enter BADUSER and web1sphere

__ c. Reopen the audit log file in a text editor and search for BADUSER There will be several instances, but the format of the records makes it difficult to read and understand. __ 3. View the log entries using the Audit Log Reader. This is an interface available through wsadmin which will convert the audit log entries into an HTML report. __ a. Open a command prompt and change directory to <profile_root>\DmgrProfile\bin __ b. Enter the command: wsadmin -lang jython -username wasaudit -password web1sphere

The command on UNIX platforms is: ./wsadmin.sh -lang jython -username wasaudit -password web1sphere

__ c. Once the wsadmin shell has started, enter the following command to generate an HTML report: AdminTask.binaryAuditLogReader("-interactive")

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-13

Instructor Exercises Guide

__ d. The interactive mode will prompt for input for the following questions. Enter the following: Table 22: Responses for interactive AdminTask Field Value fileName <enter audit log file name with full path> C:\basicAuditReport.html outputLocation UNIX: /tmp/basicAuditReport.html keyStorePassword <blank> dataPoints <blank> timeStampFilter <blank> reportMode basic outcomeFilter <blank> eventFilter <blank> sequenceFilter <blank> Select F

__ e. At this point an HTML file by the name of basicAuditReport.html is generated. Browse to the C:\ directory and double-click basicAuditReport.html to open it in a browser.
15-14 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty The audit report was generated in the /tmp directory. With a Firefox browser, go to File > Open File and browse to /tmp. Select basic AuditReport.html and click Open.

__ 4. Generate a complete audit report.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-15

Instructor Exercises Guide

__ a. Using the commands in the previous step, regenerate the audit report. But this time enter complete for the reportMode and change the output file name to completeAuditReport.html

15-16 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ b. View the report with a browser. Notice that the audit reports include much more detail.

Information For more detailed information about the audit logs and what information is available, see the article in WebSphere Application Server V7 Information Center, Using the audit reader.

Create a new event filter (reference, optional)


At this point, WebSphere Security Auditing has been configured and enabled. And, the logs have been viewed through a text interface as well as an HTML report. Those are the most basic steps for getting started with Auditing. The rest of the exercise goes through some additional features, including configuring filters and encryption of the audit data. Since these features might not be of interest to all students, these parts have been marked as Reference and are not covered in complete detail. In this part of the exercise, an additional event filter is created. This filter tells the audit service to audit any authorization failures. __ 1. Add an Event type. __ a. Log in to the administrative console as wasaudit using the password of web1sphere
Copyright IBM Corp. 2009 Exercise 15. Auditing (optional)
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-17

Instructor Exercises Guide

__ b. Go to Security > Security auditing. __ c. Click Event type filters under Related Items. __ d. Click New. __ e. Enter Authorization_Event for the Name. Select SECURITY_AUTHZ from the Selectable events region and click the right arrow to move it into the Enabled events. Then select DENIED from the Selectable events outcomes and click the right arrow to move it into the Enabled event outcomes.

__ f.

Click OK and Save the changes.

__ g. Wait for the nodes to synchronize, and click OK. Information Although the event has now been defined, WebSphere still needs additional configuration so that it will both gather and report audit records relating to the event. The event factory is where the configuration is done to define what events are gathered. The service provider is where the configuration occurs to define which events are reported. See the information center for details on the numerous other event types that can be configured.

15-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ 2. The next step is to configure the service provider. __ a. Go back to the Security auditing page and click Audit service provider. There is only one defined at this point, click auditServiceProviderImpl_1. __ b. Notice that the Authorization_Event that was just created is listed under the Selectable filters, but is not part of the Enabled filters list. Select the new filter and click the right arrow to move it to the Enabled filters list.

__ c. Click OK and Save the changes. __ 3. The next step is to update the event factory configuration. __ a. Return to the Security auditing page and click Audit event factory configuration. There is only one defined at this point; click auditEventFactoryImpl_1.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-19

Instructor Exercises Guide

__ b. Like in the service provider screen, move the Authorization_Event to the Enabled filters for the event factory.

__ c. Click OK and Save the changes. __ 4. Restart all of the WebSphere processes (deployment manager, node agents, and application servers) in order for the changes to take effect. Note Since you logged in to the administrative console as wasaudit instead of wasadmin, you will not be able to stop the server process from the console. Either log out and log back in as wasadmin or restart the servers from the command line.

__ 5. Once the servers have been restarted, look at the audit log file in the <profile_root>\DmgrProfile\logs\dmgr directory. Take note of the latest sequence number and enter it here: ____________ __ 6. Now, attempt to stop the deployment manager using wasaudit as the user name. Since the wasaudit user is not a console administrator, this should fail.

15-20 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ a. Open a command prompt and change directory to <profile_root>\DmgrProfile\bin __ b. Enter the command: stopManager.bat -username wasaudit -password web1sphere

__ c. Once the stopServer command has failed, look at the BinaryAudit.log file again (the one with the latest time stamp if there is more than one audit log). Look for the SECURITY_AUTHZ entry that shows the denial.

Additional audit features (optional reference)


This section of the exercise is optional reference. It simply lists and briefly describes some of the other features that can be taken advantage of when it comes to the audit logs. This section is not intended to provide detailed instructions. __ 1. Digitally sign the audit records.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-21

Instructor Exercises Guide

Information Digitally signing the audit logs is interesting because that can protect the integrity of the data within the files.

__ a. In order to digitally sign the audit records, a number of things need to happen, including enabling of the signing as well as choosing which certificate is used to do the signing. After the configuration is done, all the WebSphere processes need to be restarted. __ b. In order to get to the configuration screen to configure the signing, as an administrator go to Security > Security auditing > Audit record signing configuration.

15-22 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Since you will not actually be configuring the signing in this exercise, click Cancel. __ 2. Encrypt the audit records. Information Encrypting the audit logs not only protects the integrity of the data within the files but also makes them unreadable by anyone without the right access to the certificate used to encrypt the data.

In order to encrypt the audit records, a number of things need to happen, including the creation of a special keystore and certificate to be used for encrypting the audit data. Then, the encryption needs to be enabled and the new certificate needs to be specified. After the configuration is done, all the WebSphere processes need to be restarted. __ a. To create the new keystore, go to Security > Security auditing > Audit encryption key stores and certificates, click New and create a keystore. __ b. Enter AuditKeyStore for the Name and <profile_root>\DmgrProfile\properties\audit for the Path. Enter was1sphere for both passwords. Accept the default type PKCS12.

__ c. Click OK. Save changes. __ d. You should now see the new keystore listed. Click AuditKeyStore.

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-23

Instructor Exercises Guide

__ e. On the right, click Personal certificates to create the audit certificate that will be located in the new keystore. __ f. Click Create self-signed Certificate and enter the appropriate information. Important You will not actually create the self-signed certificate in this exercise. So you will just click Cancel at this point. __ g. Click Cancel. __ h. To configure the encryption, go to Security > Security auditing > Audit record encryption configuration. Enable the encryption and specify the certificate to be used.

__ i. __ j.

Click Cancel. Restart all server processes.


Copyright IBM Corp. 2009

15-24 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

V5.2
Instructor Exercises Guide

EXempty

__ k. After all the processes have been restarted for the changes to take effect, you will need to specify the keystore and keystore password when generating the audit reports. __ 3. Enabling verbose logging. __ a. In order to enable verbose audit logging, go to Security > Security auditing, check the Enable verbose auditing box, and click Apply.

Information For more information on verbose audit logging, see the article in WebSphere Application Server V7 Information Center on Security Auditing detail.

End of lab

Copyright IBM Corp. 2009

Exercise 15. Auditing (optional)


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

15-25

Instructor Exercises Guide

Exercise review and wrap-up


This exercise looked at enabling and configuring security auditing using the WebSphere administrative console. It then went through several different ways to view the data. Finally, in optional sections, the exercise also looked very briefly at some slightly more advanced features, including digitally signing and encrypting the audit records.

15-26 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Exercise 16.Using the performance monitoring tools


Estimated time
00:30

What this exercise is about


In this exercise, you use the performance tools available in WebSphere Application Server to monitor various application and server resources in real time, and generate tuning advice.

What you should be able to do


At the end of the lab, you should be able to: Use the integrated performance viewer within the administrative console Configure data collection levels on application resources Monitor the data collected by the performance instrumentation

Introduction
WebSphere Application Server offers a collection of tools to monitor and help tune the runtime environment, including Tivoli Performance Viewer, the TPV advisor and request metrics. The Tivoli Performance Viewer is the user interface for monitoring the performance of application servers, servlets, and other resources in the environment. It is integrated into the administrative console and can be used for a number of tasks, including viewing real-time performance data, gauging the load on servers over time, and evaluating the efficiency of resource allocations. The Tivoli Performance Viewer advisor provides advice to help tune systems for optimal performance and recommendations to remedy inefficient server resource settings. It generates advice based on data collected by the Performance Monitoring Infrastructure (PMI). Request metrics allow you to track the response time of the individual components traversed by a transaction, providing you with an in-depth understanding of the application flow that satisfies the user request.
Copyright IBM Corp. 2009 Exercise 16. Using the performance monitoring tools
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-1

Instructor Exercises Guide

Requirements
To complete this exercise, you require a properly set up computer with WebSphere Application Server installed as well as the necessary startup and program files.

Instructor exercise overview


This lab has the following outline: Step 1: Resetting the environment Step 2: Enabling performance monitoring and setting using preferences Step 3: Viewing servlets and Web applications module data Step 4: Viewing enterprise beans module data Step 5: Using the TPV performance advisor Step 6: Using request metrics Step 7: Using a log file in Tivoli Performance Viewer (optional) Below are some general notes along with miscellaneous comments related to specific steps: The only files needed for this exercise are located in <software_dir>\Troubleshooting\SVGViewer (Adobe plug-in for the browser). For creating stress, you will use ApacheBench with the -n option to create multiple requests. Be careful with the -c option (concurrent user) when using HitCount with a Cloudscape data source, because it has some limitation for concurrent connections. (Highly skilled students can change this data source to DB2.) In Step 3, you use the snoop servlet, which is part of WebSpheres Default Web Application, to view performance data collected for a servlet in TPV. In Step 4, you monitor the Increment EJB of the HitCount application. It is a CMP entity bean that has only one instance serving multiple invocations. You will then compare it with the ivtEJBObject EJB of the ivtejb application. This latter is a stateful session bean and therefore has as many instances as invoking clients. Note that ivtejb returns a blank screen only. Answer to question 3.a, Why were there not 300 more instances created?: The single instance of Increment was activated to server each 300 or more invocations. Answer to question 3.b, Why is there more than one instance of ivtEJBObject?: Being a stateful session bean, a new instance is created for each invoking client.

16-2 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

In Step 6, you monitor the Trade application using request metrics.

Copyright IBM Corp. 2009

Exercise 16. Using the performance monitoring tools


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-3

Instructor Exercises Guide

Exercise instructions Preface


In the first part of this exercise, you use Tivoli Performance Viewer to monitor applications running on WebSphere Application Server. When the Performance Viewer is running in a Network Deployment environment, the data is collected at each of the nodes and stored in memory at the node agent. Data is then viewed from the deployment manager. This architecture enables the monitoring work to be distributed among the nodes. In this exercise, you monitor applications running on profile1s single server, server1.

Resetting the environment


If you changed the maximum heap size to a lower value (because class machines often do not have enough memory to run the deployment manager), it is recommend that you restore the maximum heap size to the default setting, because the Tivoli Performance Viewer executes inside the deployment manager. __ 1. Verify that the deployment manager, and the node agent and WebSphere Application Server server1 in profile1 are all running. __ 2. Start the administrative console and log in. Information You can stop server2 and its node agent to free up physical memory if the class machines have limited RAM. As a rule of thumb, if your machine has less than 2 G of RAM it may be beneficial to run only server1 for this lab.

Enabling performance monitoring and setting user preferences


Before the Tivoli Performance Viewer can begin monitoring data, the performance monitoring service must be started. The monitoring service is enabled by default on the application server. __ 1. Verify that the Performance Monitoring Infrastructure (PMI) is enabled for server1. __ a. In the administrative console navigation tree, click Monitoring and Tuning > Performance Monitoring Infrastructure (PMI). In the workspace area on the right pane of the administrative console, click server1. __ b. On the Configuration tab, make sure that Enable Performance Monitoring Infrastructure (PMI) is already selected. This is the default setting.
16-4 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. In the Currently monitored statistic set area, notice that the Basic level is selected. This is the default monitoring level setting. __ d. Click the Runtime tab and verify that Basic is selected (default statistic set).

__ e. Click Cancel. Information The Runtime tab allows you to change the monitoring settings without having to restart the server. The new settings are applied immediately after clicking OK. If the Persist my changes check box is selected, the runtime settings are saved and will appear in the Configuration tab. This option allows you to make immediate changes to the PMI settings, and have them become the standard configuration the next time the server is started.

Copyright IBM Corp. 2009

Exercise 16. Using the performance monitoring tools


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-5

Instructor Exercises Guide

__ 2. In order to get more frequent data collection, change the Monitoring Refresh Rate to 20 seconds. __ a. Under Monitoring and Tuning, expand Performance Viewer and click Current activity. __ b. On the right pane, select the check box for server1 and start the monitoring process for this server by clicking Start Monitoring.

__ c. Click the server1 link to view its current activity. If the tree for server1 is collapsed, click [+] next to server1 to expand it. Expand Settings and click User. __ d. In the User Settings panel, change the Data Collection Refresh Rate to 20 seconds. Click Apply.

16-6 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Viewing servlet and Web applications module data


To view any performance data in a graphical mode, the browser must be enabled to show Scalable Vector Graphics (SVG) data. SVG is a graphics file format and Web development language that can be displayed using an SVG Viewer, or SVG enabled browser. You should have already installed the SVG Viewer in a previous exercise. __ 1. If you have not already done so in a previous exercise, install the SVG Viewer from Adobe before using the browser to view the data produced by TPV. __ a. Run the SVGViewWindows.exe program to install this viewer. It can be found in the <software_dir>\Troubleshooting\SVGViewer directory. Linux Nothing needs to be done on Linux. For background, feel free to read the rest of this information block. The Firefox browser has SVG support built in, so no plug-in needs to be installed. Unfortunately, the console support within WebSphere does not correctly recognize that Firefox on Linux has the correct support.
Copyright IBM Corp. 2009 Exercise 16. Using the performance monitoring tools
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-7

Instructor Exercises Guide

There are a number of workarounds for this problem. One, which has already been added to the standard Linux image for this course, is to add a config property to Firefox. This is done by typing the following into the URL field: about:config Then the following string was added (right-click New > String): name: general.useragent.override value: "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080410 Firefox/2.0.0.14"

__ b. Log out of the administrative console and restart the browser. Windows If you are using Mozilla or Firefox as your browser, there may be some graphical data visible without installing SVG Viewer, but you should still install the viewer. For reference, the latest version of SVG Viewer is available at: http://www.adobe.com/svg/

__ 2. Open a new browser and start the snoop servlet at the Web address (URL): http://localhost:9080/snoop If application security is enabled, you will be prompted for a user ID and password. Log in as wasadmin, if necessary. This executes the snoop servlet, which is part of the Default application, and brings up a page with various information about the servlet. A servlet must be loaded in order for data collection to take place. Leave the browser window open as you will come back here soon. __ 3. Using the administrative console, navigate to the Tivoli Performance Viewer and monitor server1: __ a. Click Monitoring and Tuning > Performance Viewer > Current activity > server1. __ b. Expand Summary Reports and select Servlets. In the Servlets Summary Report pane, locate the entry for the Snoop Servlet, which is part of DefaultWebApplication.war. Information You may have to go the next page of the report to find the listing for the snoop servlet. Use the arrows at the bottom of the page to navigate to the different pages of the report. As an

16-8 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

alternative, you can use filters to reduce the amount of information shown, or sort by application name or other attribute.

__ c. Explore the additional summary reports: Are there any Enterprise JavaBeans being monitored? Click EJBs under Summary Reports. The EJBs Summary Report lists all enterprise beans running on this server, the amount of time spent in their methods, the number of EJB invocations and the total time spent in each enterprise bean. Click Connection Pool. The Connection Pool Summary Report lists all data source connections that are defined in the application server and shows their usage over time. The performance data is displayed in graph form. Click Thread Pool. The Thread Pool Summary Report shows the usage of all tread pools in the application server over time. __ 4. Inside Tivoli Performance Viewer (TPV), view the available performance counters for the snoop servlet and the JVM Runtime module. __ a. In TPV, expand Performance Modules and select the JVM Runtime check box. Expand Web Applications > DefaultApplication > DefaultWebApplication.war > Servlets and select Snoop Servlet.

Copyright IBM Corp. 2009

Exercise 16. Using the performance monitoring tools


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-9

Instructor Exercises Guide

Information If Snoop Servlet is not available, try to call snoop again using the other browser, then click Refresh in the TPV navigation pane.

__ b. Click View Module(s) at the top of the viewer (you may need to scroll your browser). You will see a table or a graph displaying the monitored data.

16-10 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ c. Use the browser to reload the snoop servlet several times by clicking the browser refresh button. Review the changes in the console. Information You should see changes in the metrics for the snoop servlet. The request count should increase and the service time may change. Keep in mind the JVM Runtime counters may change too.

Warning When viewing graphs and comparing lines, take note of the Scale value. The Performance viewer scales values such that all data points can fit on the graph. Notice in the screen capture above that the graph for UpTime appears above the HeapSize graph even though the values are lower.

Copyright IBM Corp. 2009

Exercise 16. Using the performance monitoring tools


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-11

Instructor Exercises Guide

__ d. In the Performance viewer, click View Table to switch to a tabular view of the performance data. You can toggle back and forth between the table and graph view by selecting the View Table or View Graph button.

__ e. Reload the snoop servlet several times and observe the servlet metrics

16-12 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

__ f.

You can also test the HelloHTML.jsp by selecting it in the Performance Modules tree as you did for the snoop servlet. Then enter the following address in the browser window: http://localhost:9080/hello

__ g. To monitor other modules and components, you may need to click Refresh and View Module(s) again.

Using the TPV performance advisor


WebSphere Application Server includes a performance advisor, the TPV advisor, which is accessed from inside the Tivoli Performance Viewer and provides helpful tuning advice for various resources for example, dynacache size, JVM heap size, and so forth. The TPV advisor also provides recommendations to address inefficient settings. __ 1. To access TPV advisor messages, in the administrative console, select Monitoring and Tuning > Performance Viewer > Current Activity > server1. In the TPV navigation pane, click Advisor under server1.

__ a. In the pane on the right, read the provided advice messages. Are there some Alert messages?_____ Is there a configuration advice message?____ If more than one page is available, view the messages on subsequent pages.

Copyright IBM Corp. 2009

Exercise 16. Using the performance monitoring tools


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-13

Instructor Exercises Guide

__ b. Click the link for the TUNE5042W: Enable servlet caching... message to see the advice details.

Information In your lab environment, the CPU utilization is usually low. You should see the configuration advice to enable the servlet caching with descriptions as to how to use the console to enable this feature. You should run the performance advisor with a representative workload. ApacheBench is only a simple tool, not designed for distributed software testing. A more robust tool is IBM Rational Performance Tester (http://www.ibm.com/software/awdtools/tester/performance/index.html) or OpenSTA (http://opensta.org/).

Hint The TPV advisor requires that you enable performance modules, counters, or both. You can find more details in: IBM Redbook, SG24-6392, IBM WebSphere Application Server V6 Scalability and Performance Handbook.

16-14 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

Using request metrics


Request metrics log the time spent at major components of the application server, such as the Web server plug-in, Web container, EJB container, and so forth. The request metric architecture differs from the Performance Monitoring Infrastructure (PMI). PMI provides information about average system resource usage, with no correlation between the data across different WebSphere components. On the other hand, request metrics track each individual transaction within WebSphere Application Server, recording the response time of the major components such as time in the Web server or in the Enterprise JavaBeans (EJB) container. The collected information can be saved to log files or forwarded to an Application Response Measurement (ARM) agent. __ 1. Using the administrative console, enable request metrics by selecting Monitoring and Tuning > Request metrics. __ a. Under General Properties, select Prepare Servers for request metrics collection. __ b. Under Components to be instrumented, select ALL. __ c. Set Trace level to Debug. Information Setting the trace level to Debug provides detailed instrumentation data, including response times for all intra-process servlet and Enterprise JavaBeans (EJB) calls. This provides a fine level of detail on each method call. Setting the trace level to Hops generates instrumentation information on process boundaries only (for example, a servlet request coming from a browser or a Web server and a JDBC request going to a database). You can also filter requests so that only specific incoming requests will result in request metrics being logged. This can keep the logs from being overloaded with request metrics for every request.

Copyright IBM Corp. 2009

Exercise 16. Using the performance monitoring tools


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-15

Instructor Exercises Guide

__ d. Under Request Metrics Destination, select Standard Logs.

__ e. Click OK. __ f. Save directly to the master configuration and log out of the administrative console.

__ g. Restart server1. __ 2. Open a Web browser and run the Trade application by entering the following address: http://localhost:9080/Trade/web __ 3. Log in to the Trade application as the user: client/web1sphere Notice that the first page returned is the Account Information page: it shows basic user information including name, e-mail address, account balance, and home and business addresses. __ 4. Now look at the standard output log. In the <profile_root>/profile1/logs/server1 directory, open the SystemOut.log file. Find the first entry with a message ID of PMRM0003I: 0000002e PmiRmArmWrapp I PMRM0003I: parent:ver=1,ip=192.168.61.129,time=1233808789417,
16-16 WebSphere Application Server V7 Administration
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.2
Instructor Exercises Guide

EXempty

pid=1548,reqid=1,event=1 - current:ver=1,ip=192.168.61.129, time=1233808789417,pid=1548,reqid=1,event=1 type=URI detail=/Trade/web/login.jsp elapsed=31 Request metrics messages appear in the log with the message ID of PMRM0003I. Notice that the first entry corresponds to the URI /Trade/web/login.jsp, which is invoked when you click the Login button. Two correlators are shown, a parent correlator and a current correlator, representing the upstream request and the current operation, respectively. A correlator consists of the comma-separated fields following the parent or current keyword. If the parent and current correlators are the same, as in this case where all field values are the same (including reqid=1), then the record represents an operation that occurs as it enters WebSphere Application Server. In this example, the login.jsp invocation took 30 milliseconds to execute. Information The time and pid fields are the start time and ID of the application server process. Type and detail are the description of the type of operation being timed and its name, respectively. Most important is the measured elapsed time in milliseconds, which includes all suboperations called by this operation. The reqid is an unique ID assigned to the request by request metrics.

__ 5. How much time did the retrieval of the Account Information page take? Scroll to the bottom of the log and look for a record with type=URI and detail=/Trade/web/AccountInfo. In this example, the elapsed time was 31 seconds. This cumulative time includes all suboperations invoked by the AccountInfo servlet. Write down the correlators (identical) reqid value (1 in this case): _____ __ 6. Disable Request Metrics. __ a. Select Monitoring and Tuning > Request metrics. __ b. Deselect Prepare Servers for Request metrics collection. __ c. Click OK. __ d. Save directly to the master configuration and log out of the administrative console. __ e. Restart server1.

End of exercise

Copyright IBM Corp. 2009

Exercise 16. Using the performance monitoring tools


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

16-17

Instructor Exercises Guide

Exercise review and wrap-up


In this lab, you used WebSpheres PMI technology and integrated Tivoli Performance Viewer to monitor application and system resources. You enabled the request metrics function and used it to monitor application flow. In addition, you used the TPV Performance advisor to generate tuning advice.

16-18 WebSphere Application Server V7 Administration


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.

Copyright IBM Corp. 2009

V5.3

backpg

Back page