Store Asymmetric Key Container In Load Balanced Cloud Environment
I've been tasked with signing some data with the
RSACryptoServiceProvider.SignData() Method. In order to generate the public and private key i've used the RSACryptoServiceProvider and passed a keycontainername in order to store the keys safely.
When i run the MSDN example
to generate a set of public/private keys on my machine with the fixed keycontainername, the expected public / private keys are generated every time the same.
This will work fine on a single server environment, however, we are operating on an elastic environment where the servers are load balanced. If i encrypt the data with a private key on any one single machine and store this data in through the RSACryptoServiceProvider
the data will only exist at the machine level. Each machine will use a different key to sign the data and the user of the public key won't be able to verify the signature.
Is it that important that i use the RSACryptoServiceProvider to store the private key, the example is explicit in that i should never store the key in a text file but why is this more of a risk than storing the keycontainername in a text file?
Thanks
Aaron
Yes, It is important. Per my understanding, there is a X509Certificate2 class to create RSACryptoServiceProvider to get a private key. The certificate and private key itself would be kept in the
Windows certificate store. You can then limit access to the private key through the certificate store to certain accounts.
Similar Messages
-
Access Manager 6 2005Q1 naming service behind load balancer
Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
The load balancer VIP is setup in active/failover mode so all requests go to one server. We implemented it this way because our load balancers do not support SSL with cookies.
The data returned to the agent from a call to the naming service contains the host name of our AM hosts instead of the load balancer VIP. Subsequent calls from the agent to AM bypass the load balancer and go directly to one of the AM hosts.
We are looking to upgrade our load balancers to a version that supports cookies with ssl in order to take advantage of the second AM host.
How do we configure AM so the values returned by the naming service contain the load balancer VIP instead of the actual AM host names?Bernhard,
We have upgraded our Web PA to version 2.1-09. One of your previous replies stated the com.iplanet.am.naming.ignoreNamingservice property was not availalbe in the PA agent properties but only in the Java SKD. Indeed we do not see such a key in the new Web PA AMAgent.properties.
Can you please explain how to configure the AMAgent.properties and/or the Access Manager server (or properties) so that subsequent calls to the services (returned by the call to the naming service) get directed thru the load balancer? Below are the setting in our AMAgent and AMConfig properties files
AMAgent.properties
com.sun.am.namingURL = https://lb-mydomain.com:443/amserver/namingservice
com.sun.am.policy.am.loginURL = https://lb-mydomain.com:443/amserver/UI/Login
AMConfig.properties
com.iplanet.am.server.protocol=https
com.iplanet.am.server.host=am.mydomain.com
com.iplanet.am.server.port=443
com.iplanet.am.console.protocol=https
com.iplanet.am.console.host=lb-mydomain.com
com.iplanet.am.console.port=443
com.iplanet.am.profile.host=lb-mydomain.com
com.iplanet.am.profile.port=443
com.iplanet.am.naming.url=https://lb-mydomain.com:443/amserver/namingservice
com.iplanet.am.notification.url=https://lb-mydomain.com:443/amserver/notifica
tionservice
If we set com.iplanet.am.server.host=lb-mydomain.com we get an exception when trying to start the AM web container. I don't know if this may be partof our issue or not. Please comment.
Thanks,
Craig -
Site behind load balancer - Key not valid for use in specified state
Hi,
I have created a sharepoint application page to access an active end point on ADFS and establish a fedauth session. All works well in single server. But when the page runs behind load balancer with 2 servers, it fails with key not valid for use in specified
state exception. Stickiness is enabled on load balancer. verified that.
I had made few changes to config file in microsoft.identitymodel section to accomodate adfs custom login. This included removing securitytokenhandlers and issuertokenresolvers as well. Is this impacting the encryption/decryption in anyway?
Any pointers would help.
Reference point for my application page : http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=76Hi,
As I understand, you encountered the error “Key not valid for use in specified state” when ADFS custom login.
In order to run in Windows Azure Web Sites a Web application which uses WIF for handling authentication, you must change the default cookie protection method (DPAPI, not available on Windows Azure Web Sites) to something that will work in a farmed environment
and with the IIS’ user profile load turned off.
1. If you are using the Identity and Access Tools for VS2012, just go to the Configuration tab and check the box “Enable Web farm ready cookies”.
2. If you want to do things by hand, add the following code snippet in your system.identitymodel/identityConfiguration element:
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,
System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
There is a similar case:
http://stackoverflow.com/questions/19323287/key-not-valid-for-use-in-specified-state-error-for-net-4-5-mvc-4-application
Best regards,
Sara Fan
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Azure Cloud Service Scaling - do I have to configure a Load Balancer?
I'm a little bit confused by how scaling in Azure works. I'm using a Cloud Service and have 2 web roles running a PHP application. I can RDP on both machines and both applications run great on each machine. Also I don't have any problems calling the staging
URL.
But I can't figure out if I configure scaling so that 2 machines run always, if I have to configure a load balancer somehow. Or is this already done for me?
In Azure VM's I had to create a load-balanced set endpoint for an endpoint, but what about cloud services?
And how is this done in the XML configuration file for my service? What if I don't do it?Hi,
Scaling is affected by core usage. Larger role instances or Virtual Machines use more cores. You can only scale an application within the limit of cores for your subscription. For example, if your subscription has a limit of twenty cores
and you run an application with two medium sized Virtual Machines (a total of four cores), you can only scale up other cloud service deployments in your subscription by sixteen cores. All Virtual Machines in an availability set that are used in scaling an
application must be the same size.
Windows Azure supports load balance for cloud services and standard websites, we just need to set instance count to more than 1 to enable load balance. For virtual machines, it needs to set up manually.
Please refer this link for Load Balance a Virtual Machine:
http://www.windowsazure.com/en-us/manage/windows/common-tasks/how-to-load-balance-virtual-machines/
for more information.
Auto scale lets you set scaling limits and scheduling goals to ensure you are always getting optimal performance
Please refer this link for Scaling on Cloud Services:
http://azure.microsoft.com/en-us/services/cloud-services/
Also, Please refer this link for Scaling an Application :
http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-scale/
XML configuration : Azure (Load-balanced) Endpoints can only be used for TCP/UDP based services. please check
https://techlib.barracuda.com/display/BNGv54/How+to+Configure+a+High+Availability+Cluster+in+Azure/printable for the detailed information
Hope this helps.
Regards,
Shirisha Paderu. -
Hi
My environment is a workgroup, so failover clustering or other domain based solution are not suitable.
I want to make the xml config store highly available:
server1 and server2 will be behind a load balancer, both servers will have a file share named "AppFabricXmlCofigShare".
Assuming the virtual name for the load balanced point for the servers is "VirtualServer", can I configure AppFabric caching(using the AppFabric configuration wizard) to use the xml store and point to "\\VirtualServer\AppFabricXmlCofigShare"?
*Every update which I will make to the configuration(via PowerShell)
I will manually update on both server1 and server2 so they will be the same.
Logically, I can't think of a reason why it shouldn't work but here is my concern: Does AppFabric updates the config store by itself(without me initiating the update via PowerShell) for its own logic purposes?
Do you got any other concerns about this solution?
Thank You for your time!Status update:
This solution is now well tested and deployed in production, Just remember to update both xml files when you make changes.
For me it's a better solution than sql server based config, because AppFabric loads a lot faster after a server restarts when its config is xml than sql server based config.
I'm still waiting for feedback from some of the Microsoft support here regarding possible issues which may occur when using this solution.
Thanks. -
Will app store approve an app to load external swf containing actionscript code in it?
Will app store approve an app to load external swf containing actionscript code in it?
Hi...It is not in the application bundle...it will be hosted on a server and from there it will be loaded in the application. I had created one sample application where it is loading a swf which is hosted on different server. This swf contained some actionscript code on its timeline. This app was working on ipad. I just wanted to know whether App Store will approve this.
-
Help! Azure Cloud Services and Virtual Machine Web Servers Load Balancing
I have a cloud service. I have two virtual machines setup as web servers each with IIS installed. I have configured my domain registrar to point my domain name to the cloud service IP address. I also went into the endpoints of each virtual machine and verified
that I have http port 80 setup on both in a load balanced set.
I am unable to access websites on either server at this point. DNS propogation site shows "error: token mismatch"...this has been setup since yesterday and still error.
Can anyone assist me in where I went wrong? Am I confused to how the cloud service should work? I am assuming it will allow me to load balance the two virtual machines in the way I have configured above. Please help!!!!Hi,
Thank you for posting in here.
We are checking on this issue and will get back at earliest.
Regards,
Manu Rekhar -
Azure: "Cloud Services" for VM - Load Balancing, yes, and other things?
I'm trying to get a handle on the significance of the cloud service
(that is created when a new VM is created). I understand that a group of
VMs need to belong to the same cloud service in order to participate in
Load Balancing. I can't see any other reason to group VMs into a single
Cloud Service. On the other hand it seems like overkill to create a
cloud service for each VM.
Are there any advantages/reasons to adding a group of VMs to Cloud Service other than Load Balancing?Hi,
If you made a group VMs as a cloud service, you can configure them and manage them by yourself, you could select Linux or Windows Server VMs and either compose the VM images in the cloud or upload a VHD you’re previously
created using Hyper-V, You can capture a VM and add it your image gallery for easy reuse. you also could run a product like Active Directory or SQL Server or SharePoint Server successfully, etc...
I suggest you have a look at following article. (create VM as cloud service belong to IaaS)
#http://davidpallmann.blogspot.in/2012/07/windows-azure-is-3-lane-highway-how-to.html
Best Regards
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Load Balancing Directory Servers with Access Manager - Simple questions
Hi.
We are in the process of configuring 2 Access Manager instances (servers) accessing the same logical LDAP repository (comprising physically of two Directory Servers working together with Multi-Master Replication configured and tested) For doing this, we are following guide number 819-6258.
The guide uses BigIP load balancer for load balancing the directory servers. However, we intend to use Directory Proxy Server. Since we faced some (unresolved) issues last time that we used DPS, there are some simple questions that I would be very grateful to have answers to:
1. The guide, in section 3.2.10 (To configure Access Manager 1 with the Directory Server load balancer), talks about making changes at 4 places, and replacing the existing entry (hostname and port) with the load balancer's hostname and port (assuming that the load balancer has already been configured). It says that changes need not be made on Access Manager 2 since the LDAPs are in replication, and hence changes will be replicated at all places. However, the guide also states that changes have to be made in two files, namely AMConfig.properties, and the serverconfig.xml file. But these changes will not be reflected on Access Manager 2, since these files are local on each machine.
Question 1. Do changes have to be made in AMConfig.properties and serverconfig.xml files on the other machine hosting Access Manager 2?
Question 2: What is the purpose of putting these values here? Specifically, what is achieved by specifying the Directory server host and port in AMConfig.properties, as well as in serverconfig.xml?
Question 3. In the HTTP console, there is the option of specifying multiple primary LDAP servers, as well as multiple secondary LDAP servers. What is the purpose of these? Are secondary servers attempted when none of the list in the primary list are accessible? Also, if there are multiple entries in the primary server list, are they accessed in a round robin fashion (hereby providing rudimentary load balancing), or are other servers accessed only when the one mentioned first is not reachable etc.?
2. Since I do not have a load balancer setup yet, I tried the following deviation to the above, which, according to me, should have worked. If viewed in the HTTP console, LDAP / Membership / MSISDN and Policy configuration all pointed to the DS on host 1. When I changed all these to point to the directory server on host 2 (and made AMConfig.properties and serverconfig.xml on host 1 point to DS of host 2 as well), things should have worked fine, but apparently Access manager 1 could not be started. Error from Webserver:
[14/Aug/2006:04:30:36] info (13937): WEB0100: Loading web module in virtual server [https-machine_1_FQDN] at [search]
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Exception in thread "EventService" java.lang.ExceptionInInitializerError
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.iplanet.services.ldap.event.EventServicePolling.run(EventServicePolling.java:132)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at java.lang.Thread.run(Thread.java:595)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: Caused by: java.lang.InterruptedException
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: at com.sun.identity.sm.ServiceManager.<clinit>(ServiceManager.java:74)
[14/Aug/2006:04:31:48] warning (13937): CORE3283: stderr: ... 2 more
In effect, AM on 1 did not start. On rolling back the changes, things again worked like previously.
Will be really grateful for any help / insight / experience on dealing with the above.
Thanks!Update to the above, incase anyone is reading:
We setup a similar setup in Windows, and it worked. Here is a detailed account of what was done:
1. Host 1: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST1:389)
2. Host 2: Start installer, install automatically, chose Directory server, Directory Administration server, Directory Proxy server, Web server, Access Manager.
All installed, and worked fine. (AMConfig.properties, serverconfig.xml, and the info in LDAP service, all pointed to HOST2:389)
3. Host 1: Started replication. Set to Master
4. Host 2: Started replication. Set to Master
5. Host 1: Setup replication agreement to Host 2
6. Host 2: Setup replication agreement to Host 1
7. Initiated the remote replica from Host 1 ----> Host 2
Note that since default installation uses abc.....xyz as the encryption key, setting this to same was not an issue.
9. Started webserver for Host 1 and logged into AM as amadmin.
10. Added Host 2 FQDN in DNS Aliases / Realms
11. Added http://HOST2_FQDN:80 in the Platform server (instance) list.
12. Started Host 2 webserver. Logged in AM on Host 2, things worked fine.
At this stage, note the following:
a) Host 1:
AMConfig.properties file has
com.iplanet.am.directory.host=host1_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host1_FQDN" port="389" type="SIMPLE" />
b) Host 2:
AMConfig.properties file has
com.iplanet.am.directory.host=host2_FQDN
and
com.iplanet.am.directory.port=389
serverconfig.xml has:
<Server name="Server1" host="host2_FQDN" port="389" type="SIMPLE" />
c) If one logs into AM, and checks LDAP servers for LDAP / Policy Configuration / Membership etc services, they all contain Host2_FQDN:389 (which makes sense, since replica 2 was initialized from 1)
Returning back to the configuations:
13. On Host 1, login into the Admin server console of the Directory server. Navigate to the DPS, and confgure the following:
a) Network Group
b) LDAP servers
c) Load Balancing
d) Change Group
e) Action on-bind
f) Allow all actions (permit modification / deletion etc.).
g) any other configuations required - Am willing to give detailed steps if someone needs them to help me / themselves! :)
So now, we have DPS configured and running on Host1:489, and distributing load to DS1 and DS2 on a 50:50 basis.
14. Now, log into AM on Host 1, and instead of Host1_fqdn:389 (for DS) in the following places, specify Host1_fqdn:489 (for the DPS)--
LDAP Authentication
MSISDN server
Membership Service
Policy configuation.
Verified that this propagated to the Policy Configuration service and the LDAP authentication service that are already registered with the default organization.
15. Log out of AM. Following the documentation, modify directory.host and directory.port in AMConfig.properties to point to Host 1_FQDN and 489 respectively. Make this change in AMConfig.properties of both Host 1 as well as 2.
16. Edit serverconfig.xml on both hosts, and instead of they pointing to their local directory servers, point both to host1_FQDN:489
17. When you start the webserver, it will refuse to start. Will spew errors such as:
[https-host1_FQDN]: Sun ONE Web Server 6.1SP5 B06/23/2005 17:36
[https-host1_FQDN]: info: CORE3016: daemon is running as super-user
[https-host1_FQDN]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.5.0_04] from [Sun Microsystems Inc.]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amserver]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [ampassword]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amcommon]
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [amconsole]
[https-host1_FQDN]: warning: WEB6100: locale-charset-info is deprecated, please use parameter-encoding
[https-host1_FQDN]: info: WEB0100: Loading web module in virtual server [https-host1_FQDN] at [search]
[https-host1_FQDN]: warning: CORE3283: stderr: netscape.ldap.LDAPException: error result (32); matchedDN = dc=sun,dc=com; No such object (DN changed)
[https-host1_FQDN]: warning: CORE3283: stderr: Got LDAPServiceException code=-1
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getConnection(DSConfigMgr.java:357)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewFailoverConnection(DSConfigMgr.java:314)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewConnection(DSConfigMgr.java:253)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:184)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.services.ldap.DSConfigMgr.getNewProxyConnection(DSConfigMgr.java:194)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.initLdapPool(DataLayer.java:1248)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.(DataLayer.java:190)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:215)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ums.DataLayer.getInstance(DataLayer.java:246)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:156)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ldap.SMSLdapObject.(SMSLdapObject.java:124)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[https-host1_FQDN]: warning: CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:350)
[https-host1_FQDN]: warning: CORE3283: stderr: at java.lang.Class.newInstance(Class.java:303)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.SMSEntry.(SMSEntry.java:216)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.identity.sm.ServiceSchemaManager.(ServiceSchemaManager.java:67)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.getServiceSchemaManager(AMClientDetector.java:219)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.am.util.AMClientDetector.(AMClientDetector.java:94)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.sun.mobile.filter.AMLController.init(AMLController.java:85)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:322)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:120)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3271)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3747)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: warning: CORE3283: stderr: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: warning: CORE3283: stderr: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: failure: WebModule[amserver]: WEB2783: Servlet /amserver threw load() exception
[https-host1_FQDN]: javax.servlet.ServletException: WEB2778: Servlet.init() for servlet LoginLogoutMapping threw exception
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:949)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]: ----- Root Cause -----
[https-host1_FQDN]: java.lang.NullPointerException
[https-host1_FQDN]: at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
[https-host1_FQDN]: at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
[https-host1_FQDN]: at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
[https-host1_FQDN]: at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
[https-host1_FQDN]: at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
[https-host1_FQDN]: at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
[https-host1_FQDN]: at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
[https-host1_FQDN]: at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
[https-host1_FQDN]: at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
[https-host1_FQDN]:
[https-host1_FQDN]: info: HTTP3072: [LS ls1] http://host1_FQDN:58080 [i]ready to accept requests
[https-host1_FQDN]: startup: server started successfully
Success!
The server https-host1_FQDN has started up.
The server infact, didn't start up (nothing even listening on 58080).
However, if AMConfig.properties is left as it originally was, and only serverconfig.xml files were changed as mentioned above, web servers started fine, and things worked all okay. (Alright, except for some glitches when viewed in /amconsole. If /amserver/console is accessed, all is good. Can this mean that all is still not well? I am not sure).
So far so good. Now comes the sad part. When the same is done on Solaris 9, things dont work. You continue to get the above error, OR the following error, and the web server will refuse to start:
Differences in Solaris and Windows are as follows:
1. Windows hosts have 1 IP and hostname. Solaris hosts have 3 IPs and hostnames (for DS, DPS, and webserver).
No other difference from an architectural perspective.
Any help / insight on why the above is not working (and why the hell does the documentation seem so sketchy / insecure / incorrect).
Thanks a bunch! -
PKCS#11 Provider unable to fetch asymmetric keys and certificates
Hi,
I'm facing a problem while getting keys and certificate from Eracom HSM (ProtectServer Orange:38039 Model: PSO:PL50) using Sun PKCS#11 Provider. It gets only the symmetric keys but NEVER gets the asymmetric keys.
My code snippet and configuration file are:
Java Code:
java.io.InputStream is = new java.io.FileInputStream("pkcs11.cfg");
sun.security.pkcs11.SunPKCS11 pkcs11_provider = new sun.security.pkcs11.SunPKCS11(is);
System.out.println("Provider Name : " + pkcs11_provider.getName());
java.security.Security.addProvider(pkcs11_provider);
KeyStore ks = KeyStore.getInstance("PKCS11", pkcs11_provider);
ks.load(null, "password".toCharArray());
java.util.Enumeration obj_enumeration = ks.aliases();
while (obj_enumeration.hasMoreElements()) {
String str_certAlias = (String) obj_enumeration.nextElement();
System.out.println("Alias : " + str_certAlias);
pkcs11.cfg:
name = Eracom
library = G:\Eracom\cryptoki.dll
slot = 0
attributes(*, CKO_PRIVATE_KEY, *) = {
CKA_TOKEN = false
CKA_SENSITIVE = false
CKA_EXTRACTABLE = true
CKA_DECRYPT = true
CKA_SIGN = true
CKA_SIGN_RECOVER = true
CKA_UNWRAP = true
attributes(*, CKO_PUBLIC_KEY, *) = {
CKA_ENCRYPT = true
CKA_VERIFY = true
CKA_VERIFY_RECOVER = true
CKA_WRAP = true
I also ran my program without specifying any attributes in configuration file, also tried many other combination, but in all cases (with or without attributes) only symmetric keys are loaded from HSM. I am able to get all keys (symmteric and asymmteric) and certificates from the same HSM using IAIK PKCS#11 Provider. Though, the Sun PKCS#11 Provider is working fine with SmartCard tokens (Rainbow, Alladin etc.)
Any help to resolve my problem would be highly appreciated.
Thanks in advance.I recently had a problem with ECDSA and the PKCS#11 library of nCipher. Here's info from one of their engineers about the PKCS11 library:
"There are two separate issues - one is that our current pkcs11
release doesn't support ECDSA signature with SHA-2 hashes
(the v11.00 firmware adds support for it, but the main release version of
the pkcs11 library hasn't been updated to take advantage of it yet).
There is a hotfix version that does support SHA-2 hashes with some
restrictions, talk to [email protected] for details, and V11.10
should be out soon and have that merged in.
But the issue with setting CKA_SIGN is that our underlying HSM API
allows elliptic curve keys to be either key exchange (ECDH) or
signature (ECDSA) keys, but not both at one.
At the PKCS #11 level, if you specify CKA_DERIVE=true and let
CKA_SIGN default, it will default to false, and vice versa.
If you specify both CKA_DERIVE=true and CKA_SIGN=true, then we
return CKR_TEMPLATE_INCONSISTENT because we can't do both with
the same key. (However, the tests using C_GetMechanismInfo will
show that we can do both mechanisms, because we can - so long
as you use different keys, even though they have the same PKCS#11
type.)
I can't comment on when or how that will be changed."
I was using the PKCS#11 library through NSS when I ran into the problem, but I imagine Java would run into similar problems also using the PKCS#11 library. I was able to generate keypairs but not create a CSR (which required making a signature, which required SHA-2).
Can you just use the java classes to speak to the netHSM? I've never directly written code to do so myself, but I have used Corestreet's OCSP product that uses the java classes to speak to the nCipher HSMs (though not using EC). It might work better than going through the PKCS#11 layer. There should be a java directory under NFAST_HOME that contains some jars.
Please post back if you figure anything out as I'll probably be playing with this stuff myself soon.
Dave -
Hi!
Got a service bus farm containing 3 servers.
The same severs also got WFM 1.0
Here I have a problem, I want to use a custom DNS for the sites and load balance it.
I use autogenerated certificates and thats a problem, they are all signed to the first server in the farm.
Most guides on the internet are using severhostname and no custom dns with loadbalancing.
It seems I can't get around the problem which leaves error 401 because of no real trust.
Is there any way to use custom DNS and loadbalance this?
Thank you in advance!Here's the best set of articles on the Internet about how to Load balance WFM 1.0. Its the only way I've ever gotten it to work.
http://www.harbar.net/archive/2013/08/02/Article-Workflow-Manager-Farms-for-SharePoint-2013-Part-Four-End.aspx
One of the keys is that you can use different certificates for Workflow Manager than the ones you use for the load balanced sites. Follow the article and you should be fine.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
We are testing clustering and load balancing using WLS 6SP1. We have found that
the fail over works fine (i.e. we kill a server and the next call is invoked on
another server). However, we find that all calls (modulo failover) always go to
the same server. We expected to get round-robin for each home access. I've attached
the config.xml and deployment descriptors. What am I missing here? Is there anything
special I should be doing code wise?
BTW: All calls are going to a stateless session bean.
Regards,
Andy
[config.zip]
Viresh Garg <[email protected]> wrote:
>The attached config.zip seems to be corrupted. I can't download it.
Wierd, I've just managed to download it. Anyway, I'll paste the
contents into the text below.
>
>I am assuming that you are using a JAVA client. Could you describe your
>test case to
>test the load balancing between home methods of EJB ( what kind of EJB??)
We have a stateless session bean. At each request we use JNDI to
obtain a handle to a stateless session bean. We invoke an
operation on it and then call remove on the stateless session
bean. We run several of these clients (Java clients) and observe
the system load and network traffic. We see that network traffic
is almost minimal and system load on the "other" server is non-
existent. We know that other server can satisfy calls to the
stateless session bean because fail over (between calls) works
correctly. I'm sure we are doing something daft, but I can't spot it.
--------------------- config.xml ---------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!--If your domain is active, please do not edit the config.xml file. Any changes
made to that file while the domain is active will not have any effect on the domain's
configuration and are likely to be lost. If your domain is inactive, you may edit
this file with an XML editor. If you do so, please refer to the configuration
documentation at http://edocs.bea.com/wls/docs60/adminguide/config_xml.html.
In general, we recommend that changes to your configuration file be made through
the Administration Console.-->
<Domain Name="myDomain">
<Security Name="petstore"
PasswordPolicy="wl_default_password_policy" Realm="myRealm"/>
<Application Name="wl_management_internal2" Path="C:\bea\wlserver6.0sp1\config\tmp">
<WebAppComponent Name="wl_management_internal2"
Targets="petstoreServer" URI="wl_management_internal2.war"/>
</Application>
<PasswordPolicy Name="wl_default_password_policy"/>
<Server Cluster="PetStoreCluster" ClusterWeight="80"
IIOPEnabled="false" JavaCompiler="C:\bea\jdk130/bin/javac"
ListenAddress="194.152.80.29" ListenPort="7001" Machine="ROWAN"
Name="petstoreServer" NativeIOEnabled="false"
RootDirectory="C:\bea\wlserver6.0sp1" StdoutDebugEnabled="true"
StdoutEnabled="true" StdoutSeverityLevel="64"
ThreadPoolSize="15" TransactionLogFilePrefix="config/myDomain/logs/">
<Log FileName="./config/myDomain/logs/weblogic.log" Name="petstoreServer"/>
<ServerDebug DebugAbbreviation="false" DebugCluster="true"
DebugClusterAnnouncements="true"
DebugClusterFragments="true" DebugClusterHeartbeats="true"
DebugConnection="true" DebugEJB="true" DebugEJBCache="true"
DebugEJBCalls="false" DebugEJBDeployment="true"
DebugEJBFreepool="true" DebugEJBLocking="true"
DebugEJBPersistence="true" DebugEJBSecurity="true"
DebugEventManager="true" DebugFailOver="true"
DebugHttp="true" DebugJMSBackEnd="true" DebugJMSBoot="true"
DebugJMSCommon="true" DebugJMSConfig="true"
DebugJMSDurableSubscribers="true" DebugJMSFrontEnd="true"
DebugJMSJDBCScavengeOnFlush="true" DebugJMSLocking="true"
DebugJMSStore="true" DebugJMSXA="true" DebugJNDI="true"
DebugJNDIFactories="true" DebugJNDIResolution="false"
DebugLoadBalancing="true" DebugMessaging="true"
DebugRC4="true" DebugRSA="true" DebugReplication="true"
DebugReplicationDetails="true" DebugRouting="true"
DebugSSL="true" DebugSecurityPasswordPolicy="true"
DebugSecurityRealm="true" DebugTunnelingConnection="true"
DebugTunnelingConnectionTimeout="true"
DebugURLResolution="true" JDBCConn="true" JDBCSQL="true"
JTA2PC="true" JTAAPI="true" JTAJDBC="true"
JTAPropagate="true" JTARMI="true" JTARecovery="true"
JTATLOG="true" JTAXA="true" ListenThreadDebug="true"
LogDGCStatistics="true" MagicThreadDumpBackToSocket="false"
MagicThreadDumpEnabled="false"
MagicThreadDumpFile="debugMagicThreadDumpFile"
MagicThreadDumpHost="localhost" Name="petstoreServer"/>
<SSL CertificateCacheSize="3" Enabled="true" ListenPort="7002"
Name="petstoreServer"
ServerCertificateChainFileName="./config/myDomain/ca.pem"
ServerCertificateFileName="./config/myDomain/democert.pem"
ServerKeyFileName="./config/myDomain/demokey.pem" TrustedCAFileName="./config/myDomain/ca.pem"/>
<WebServer DefaultWebApp="tour"
LogFileName="./config/myDomain/logs/access.log"
LoggingEnabled="true" Name="petstoreServer"/>
<KernelDebug Name="petstoreServer"/>
</Server>
<Application Name="wl_management_internal1" Path="C:\bea\wlserver6.0sp1\config\tmp">
<WebAppComponent Name="wl_management_internal1"
Targets="petstoreServer" URI="wl_management_internal1.war"/>
</Application>
<Application Deployed="true" Name="tour" Path="C:\bea\wlserver6.0sp1\config\myDomain\applications">
<WebAppComponent Name="tour" Targets="petstoreServer" URI="tour.war"/>
</Application>
<FileRealm Name="myFileRealm"/>
<Security Name="myDomain"
PasswordPolicy="wl_default_password_policy" Realm="wl_default_realm"/>
<Application Deployed="true" Name="monitorApp1_1" Path="C:\bea\wlserver6.0sp1\config\myDomain\applications\monitorApp1_1.ear">
<EJBComponent Name="monitorBeans1_1" Targets="PetStoreCluster" URI="monitorBeans1_1.jar"/>
<WebAppComponent Name="monitorClient1_1"
Targets="PetStoreCluster" URI="monitorClient1_1.war"/>
</Application>
<ApplicationManager Name="petstore"/>
<FileRealm Name="wl_default_file_realm"/>
<JDBCConnectionPool CapacityIncrement="1"
DriverName="com.inet.tds.TdsDriver" InitialCapacity="1"
JDBCXADebugLevel="0" LoginDelaySeconds="0" MaxCapacity="10"
Name="monitorSimplePool"
Properties="sql7=true;user=sa;port=1433;password=;url=jdbc:inetdae7:194.152.80.29;host=194.152.80.29;database=poc3a"
RefreshMinutes="0" ShrinkPeriodMinutes="15"
ShrinkingEnabled="true" SupportsLocalTransaction="false"
Targets="PetStoreCluster" TestConnectionsOnRelease="false"
TestConnectionsOnReserve="false" URL="jdbc:inetdae7:194.152.80.29"/>
<Machine Name="ROWAN"/>
<Log FileName="./config/myDomain/logs/wl-domain.log" Name="petstore"/>
<Server AcceptBacklog="50" AdministrationPort="0"
Cluster="PetStoreCluster" ClusterWeight="100"
CompleteHTTPMessageTimeout="480"
CompleteIIOPMessageTimeout="480" CompleteT3MessageTimeout="480"
ConsoleInputEnabled="false" DGCIdlePeriodsUntilTimeout="2"
DefaultIIOPPassword="guest" DefaultIIOPUser="guest"
DefaultProtocol="t3" DefaultSecureProtocol="t3s"
EnabledForDomainLog="true" HelpPageURL="/docs/adminhelp/"
HttpdEnabled="true" IIOPEnabled="false"
IdlePeriodsUntilTimeout="4" InstrumentStackTraceEnabled="false"
JDBCLoggingEnabled="false"
JMSDefaultConnectionFactoriesEnabled="true"
JavaCompiler="C:\bea\jdk130/bin/javac"
ListenAddress="194.152.80.1" ListenPort="7001"
ListenThreadStartDelaySecs="0"
LogRemoteExceptionsEnabled="false" LoginTimeout="1000"
LoginTimeoutMillis="5000" Machine="MOUSE"
MaxHTTPMessageSize="10000000" MaxIIOPMessageSize="10000000"
MaxT3MessageSize="10000000" Name="petstoreServerClone"
NativeIOEnabled="false" NetworkClassLoadingEnabled="false"
PeriodLength="60000" ResponseTimeout="0"
ReverseDNSAllowed="false" RjvmIdleTimeout="0"
RootDirectory="C:\bea\wlserver6.0sp1"
SocketReaderTimeoutMaxMillis="1000"
SocketReaderTimeoutMinMillis="100" StdoutDebugEnabled="true"
StdoutEnabled="true" StdoutSeverityLevel="64"
ThreadPoolPercentSocketReaders="33" ThreadPoolSize="15"
TransactionLogFilePrefix="config/myDomain/logs/"
TunnelingClientPingSecs="45" TunnelingClientTimeoutSecs="40"
TunnelingEnabled="false" WorkspaceShowUserKeysOnly="false"
ZACEnabled="true" ZACPublishRoot="exports">
<WebServer ClusteringEnabled="false" DefaultWebApp="tour"
HttpsKeepAliveSecs="60" KeepAliveEnabled="true"
KeepAliveSecs="30" LogFileBufferKBytes="8"
LogFileFlushSecs="60" LogFileFormat="common"
LogFileName="./config/myDomain/logs/access.log"
LogRotationPeriodMins="2147483647" LogRotationType="size"
LoggingEnabled="true" MaxLogFileSizeKBytes="0"
MaxPostSize="-1" MaxPostTimeSecs="-1"
Name="petstoreServerClone" PostTimeoutSecs="0" WAPEnabled="false"/>
<SSL CertificateCacheSize="3" ClientCertificateEnforced="false"
Enabled="true" ExportKeyLifespan="500" HandlerEnabled="true"
KeyEncrypted="false" ListenPort="8002"
LoginTimeoutMillis="25000" MDAcceleration="Java"
Name="petstoreServerClone" PeerValidationEnforced="0"
RC4Acceleration="Native/Java" RSAAcceleration="Native/Java"
ServerCertificateChainFileName="./config/myDomain/ca.pem"
ServerCertificateFileName="./config/myDomain/democert.pem"
ServerKeyFileName="./config/myDomain/demokey.pem"
TrustedCAFileName="./config/myDomain/ca.pem" UseJava="true"/>
<Log FileCount="7" FileMinSize="500"
FileName="./config/myDomain/logs/weblogic_clone.log"
FileTimeSpan="24" Name="petstoreServerClone"
NumberOfFilesLimited="false" RotationType="none"/>
<KernelDebug Name="petstoreServerClone"/>
<ServerDebug DebugAbbreviation="false" DebugCluster="true"
DebugClusterAnnouncements="true"
DebugClusterFragments="true" DebugClusterHeartbeats="true"
DebugConnection="true" DebugEJB="true" DebugEJBCache="true"
DebugEJBCalls="false" DebugEJBDeployment="true"
DebugEJBFreepool="true" DebugEJBLocking="true"
DebugEJBPersistence="true" DebugEJBSecurity="true"
DebugEventManager="true" DebugFailOver="true"
DebugHttp="true" DebugJMSBackEnd="true" DebugJMSBoot="true"
DebugJMSCommon="true" DebugJMSConfig="true"
DebugJMSDurableSubscribers="true" DebugJMSFrontEnd="true"
DebugJMSJDBCScavengeOnFlush="true" DebugJMSLocking="true"
DebugJMSStore="true" DebugJMSXA="true" DebugJNDI="true"
DebugJNDIFactories="true" DebugJNDIResolution="false"
DebugLoadBalancing="true" DebugMessaging="true"
DebugRC4="true" DebugRSA="true" DebugReplication="true"
DebugReplicationDetails="true" DebugRouting="true"
DebugSSL="true" DebugSecurityPasswordPolicy="true"
DebugSecurityRealm="true" DebugTunnelingConnection="true"
DebugTunnelingConnectionTimeout="true"
DebugURLResolution="true" JDBCConn="true" JDBCSQL="true"
JTA2PC="true" JTAAPI="true" JTAJDBC="true"
JTAPropagate="true" JTARMI="true" JTARecovery="true"
JTATLOG="true" JTAXA="true" ListenThreadDebug="true"
LogDGCStatistics="false" MagicThreadDumpBackToSocket="false"
MagicThreadDumpEnabled="false"
MagicThreadDumpFile="debugMagicThreadDumpFile"
MagicThreadDumpHost="localhost" Name="petstoreServerClone"/>
</Server>
<Log FileName="myDomain.log" Name="myDomain"/>
<JTA Name="myDomain"/>
<Machine Name="MOUSE"/>
<ApplicationManager Name="myDomain"/>
<Realm FileRealm="myFileRealm" Name="myRealm"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<Cluster ClusterAddress="194.152.80.1,194.152.80.29:7001"
DefaultLoadAlgorithm="round-robin"
MulticastAddress="224.10.10.1" Name="PetStoreCluster" ServiceAgeThresholdSeconds="180"/>
<Application Name="console" Path="C:\bea\wlserver6.0sp1\config\examples\applications">
<WebAppComponent Name="console" Targets="petstoreServer" URI="console.war"/>
</Application>
<JDBCDataSource JNDIName="monitorSimplePool"
Name="monitorSimpleDB_1" PoolName="monitorSimplePool" Targets="PetStoreCluster"/>
</Domain>
---------------------- ejb-jar.xml -------------------------
<?xml version="1.0"?>
<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans
1.1//EN' 'http://java.sun.com/j2ee/dtds/ejb-jar_1_1.dtd'>
<ejb-jar>
<enterprise-beans>
<entity>
<ejb-name>ContractCMP</ejb-name>
<home>com.liffe.monitor.contractonly.server.cmp.ContractCMPHome</home>
<remote>com.liffe.monitor.contractonly.server.Contract</remote>
<ejb-class>com.liffe.monitor.contractonly.server.cmp.ContractCMPBean</ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>com.liffe.monitor.general.ContractPK</prim-key-class>
<reentrant>False</reentrant>
<cmp-field>
<field-name>contractCode</field-name>
</cmp-field>
<cmp-field>
<field-name>tradeVolume</field-name>
</cmp-field>
<cmp-field>
<field-name>suspended</field-name>
</cmp-field>
</entity>
<entity>
<ejb-name>ContractBMP</ejb-name>
<home>com.liffe.monitor.contractonly.server.bmp.ContractBMPHome</home>
<remote>com.liffe.monitor.contractonly.server.Contract</remote>
<ejb-class>com.liffe.monitor.contractonly.server.bmp.ContractBMPBean</ejb-class>
<persistence-type>Bean</persistence-type>
<prim-key-class>com.liffe.monitor.general.ContractPK</prim-key-class>
<reentrant>False</reentrant>
</entity>
<session>
<ejb-name>ContractMonitor</ejb-name>
<home>com.liffe.monitor.contractonly.server.ContractMonitorHome</home>
<remote>com.liffe.monitor.contractonly.server.ContractMonitor</remote>
<ejb-class>com.liffe.monitor.contractonly.server.ContractMonitorBean</ejb-class>
<session-type>Stateful</session-type>
<transaction-type>Container</transaction-type>
<ejb-ref>
<ejb-ref-name>ejb/ContractCMPHome</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<home>com.liffe.monitor.contractonly.server.cmp.ContractCMPHome</home>
<remote>com.liffe.monitor.contractonly.server.Contract</remote>
</ejb-ref>
<ejb-ref>
<ejb-ref-name>ejb/ContractBMPHome</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<home>com.liffe.monitor.contractonly.server.bmp.ContractBMPHome</home>
<remote>com.liffe.monitor.contractonly.server.Contract</remote>
</ejb-ref>
</session>
<session>
<ejb-name>InjectorTarget</ejb-name>
<home>com.liffe.monitor.injector.server.InjectorTargetHome</home>
<remote>com.liffe.monitor.injector.server.InjectorTarget</remote>
<ejb-class>com.liffe.monitor.injector.server.InjectorTargetBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<ejb-ref>
<ejb-ref-name>ejb/ContractCMPHome</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<home>com.liffe.monitor.contractonly.server.cmp.ContractCMPHome</home>
<remote>com.liffe.monitor.contractonly.server.Contract</remote>
</ejb-ref>
<ejb-ref>
<ejb-ref-name>ejb/ContractBMPHome</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<home>com.liffe.monitor.contractonly.server.bmp.ContractBMPHome</home>
<remote>com.liffe.monitor.contractonly.server.Contract</remote>
</ejb-ref>
</session>
</enterprise-beans>
<assembly-descriptor>
<method-permission>
<role-name>everyone</role-name>
<method>
<ejb-name>InjectorTarget</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<container-transaction>
<method>
<ejb-name>ContractCMP</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
<container-transaction>
<method>
<ejb-name>ContractMonitor</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
<container-transaction>
<method>
<ejb-name>InjectorTarget</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
------------------- weblogic-ejb-jar.xml -----------------
<?xml version="1.0"?>
<!DOCTYPE weblogic-ejb-jar PUBLIC '-//BEA Systems, Inc.//DTD WebLogic 5.1.0 EJB//EN'
'http://www.bea.com/servers/wls510/dtd/weblogic-ejb-jar.dtd'>
<weblogic-ejb-jar>
<weblogic-enterprise-bean>
<ejb-name>ContractCMP</ejb-name>
<caching-descriptor>
<max-beans-in-cache>1000</max-beans-in-cache>
</caching-descriptor>
<persistence-descriptor>
<persistence-type>
<type-identifier>WebLogic_CMP_RDBMS</type-identifier>
<type-version>5.1.0</type-version>
<type-storage>META-INF/weblogic-cmp-rdbms-jar-contractonly-cmp.xml</type-storage>
</persistence-type>
<persistence-use>
<type-identifier>WebLogic_CMP_RDBMS</type-identifier>
<type-version>5.1.0</type-version>
</persistence-use>
</persistence-descriptor>
<clustering-descriptor>
<home-is-clusterable>true</home-is-clusterable>
<home-load-algorithm>random</home-load-algorithm>
</clustering-descriptor>
<transaction-descriptor>
<trans-timeout-seconds>15</trans-timeout-seconds>
</transaction-descriptor>
<jndi-name>com.liffe.monitor.contractonly.server.cmp.ContractCMPHome</jndi-name>
<transaction-isolation>
<isolation-level>TRANSACTION_READ_COMMITTED</isolation-level>
<method>
<ejb-name>ContractCMP</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
</transaction-isolation>
</weblogic-enterprise-bean>
<weblogic-enterprise-bean>
<ejb-name>ContractBMP</ejb-name>
<caching-descriptor>
<max-beans-in-cache>1000</max-beans-in-cache>
</caching-descriptor>
<clustering-descriptor>
<home-is-clusterable>true</home-is-clusterable>
<home-load-algorithm>random</home-load-algorithm>
</clustering-descriptor>
<transaction-descriptor>
<trans-timeout-seconds>15</trans-timeout-seconds>
</transaction-descriptor>
<jndi-name>com.liffe.monitor.contractonly.server.bmp.ContractBMPHome</jndi-name>
<transaction-isolation>
<isolation-level>TRANSACTION_READ_COMMITTED</isolation-level>
<method>
<ejb-name>ContractBMP</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
</transaction-isolation>
</weblogic-enterprise-bean>
<weblogic-enterprise-bean>
<ejb-name>ContractMonitor</ejb-name>
<caching-descriptor>
<max-beans-in-cache>100</max-beans-in-cache>
</caching-descriptor>
<clustering-descriptor>
<home-is-clusterable>true</home-is-clusterable>
<home-load-algorithm>round-robin</home-load-algorithm>
</clustering-descriptor>
<reference-descriptor>
<ejb-reference-description>
<ejb-ref-name>ejb/ContractCMPHome</ejb-ref-name>
<jndi-name>com.liffe.monitor.contractonly.server.cmp.ContractCMPHome</jndi-name>
</ejb-reference-description>
<ejb-reference-description>
<ejb-ref-name>ejb/ContractBMPHome</ejb-ref-name>
<jndi-name>com.liffe.monitor.contractonly.server.bmp.ContractBMPHome</jndi-name>
</ejb-reference-description>
</reference-descriptor>
<jndi-name>com.liffe.monitor.contractonly.server.ContractMonitorHome</jndi-name>
</weblogic-enterprise-bean>
<weblogic-enterprise-bean>
<ejb-name>InjectorTarget</ejb-name>
<caching-descriptor>
<max-beans-in-free-pool>50</max-beans-in-free-pool>
</caching-descriptor>
<clustering-descriptor>
<home-is-clusterable>true</home-is-clusterable>
<home-load-algorithm>round-robin</home-load-algorithm>
</clustering-descriptor>
<reference-descriptor>
<ejb-reference-description>
<ejb-ref-name>ejb/ContractCMPHome</ejb-ref-name>
<jndi-name>com.liffe.monitor.contractonly.server.cmp.ContractCMPHome</jndi-name>
</ejb-reference-description>
<ejb-reference-description>
<ejb-ref-name>ejb/ContractBMPHome</ejb-ref-name>
<jndi-name>com.liffe.monitor.contractonly.server.bmp.ContractBMPHome</jndi-name>
</ejb-reference-description>
</reference-descriptor>
<jndi-name>ejb/InjectorTargetHome</jndi-name>
</weblogic-enterprise-bean>
</weblogic-ejb-jar>
---------------------- weblogic-cmp-.... ---------------------
<!DOCTYPE weblogic-rdbms-bean PUBLIC
'-//BEA Systems, Inc.//DTD WebLogic 5.1.0 EJB RDBMS Persistence//EN'
'http://www.bea.com/servers/wls510/dtd/weblogic-rdbms-persistence.dtd'>
<weblogic-rdbms-bean>
<pool-name>monitorSimplePool</pool-name>
<table-name>Contract</table-name>
<attribute-map>
<object-link>
<bean-field>contractCode</bean-field>
<dbms-column>contractCode</dbms-column>
</object-link>
<object-link>
<bean-field>tradeVolume</bean-field>
<dbms-column>tradeVolume</dbms-column>
</object-link>
<object-link>
<bean-field>suspended</bean-field>
<dbms-column>suspended</dbms-column>
</object-link>
</attribute-map>
<finder-list>
<finder>
<method-name>findByGTVolume</method-name>
<method-params>
<method-param>int</method-param>
</method-params>
<finder-query><![CDATA[(> tradeVolume $0)]]></finder-query>
</finder>
<finder>
<method-name>findAllContracts</method-name>
<finder-query><![CDATA[(isNotNull contractCode)]]></finder-query>
</finder>
</finder-list>
<options>
<use-quoted-names>false</use-quoted-names>
</options>
</weblogic-rdbms-bean>
-
Hi all,
I have a service object (SO1) which has been set to Load Balancing.
This service object has an attribute which serves as a number allocator
(NA1).
This NA1 provides a unique number across the whole application for each of
the record that require to store into DB.
The problem is, will the NA1 get replicated if the SO1 is replicated?
If yes, will NA1 crash?
Regards,
Martin Chan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Senior Analyst/Programmer
Dept of Education and Training
Mobile : 0413-996-116
Email: martin.chandet.nsw.edu.au
Tel: 02-9942-9685Hi Serge,
Could you prefix it with the PID of the load balanced process ?No I can't. At least not at the moment.
When a service object is replicated, it is automatically replicated into adifferent partition...
Thanks.
An advice, make the NA1 shared. So if you get to do multithreaded accessto
it, you won't screw up things.I am thinking it may be better off to create it as a service object on it's
own.
How is the number returned by the NA1 generated ?It gets generated by Forte's code.
... Try to make it so that the
load balanced partitions don't need to access the database more than onein
5 min. to get a new Seed Key. This would not need to PID.Thanks for your advise.
Regards
Martin Chan
-----Original Message-----
From: Serge Blais [mailto:Serge.BlaisSun.com]
Sent: Tuesday, 3 April 2001 14:17
To: Chan, Martin
Subject: RE: (forte-users) SO Load Balancing Question
Your right, they can generate the same number. How much control do you have
over the ID being generated? Could you prefix it with the PID of the load
balanced process ?
Just a note: When a service object is replicated, it is automatically
replicated into a different partition, possibly on the same machine or on a
different one.
An advice, make the NA1 shared. So if you get to do multithreaded access to
it, you won't screw up things.
How is the number returned by the NA1 generated ? If NA1 is using a stored
procedure, or something like:
Start TRX
read number
newnumber = number+5000
write back newnumber
End Trx
Something like will be very safe. The Database Index Table is taking care
of the critical section. Then you can be sure that each replicate can be
independent (not hit into each other) for 5000 iterations. Depending on the
frequency, you may want to up this number or lower this number. Too high it
would make the key very high very soon with wholes in the sequence. Too low
and you would have hit between the replicates. Try to make it so that the
load balanced partitions don't need to access the database more than one in
5 min. to get a new Seed Key. This would not need to PID.
Serge
At 01:59 PM 4/3/2001 +1000, you wrote:
Hi Serge,
The number return by the NA1 is used as a primary key for each of therecord
that stores in the DB.
The Number Allocator NA1 is required to access to DB to update an ID table
which carry the next available sequence number. NA1 will only update this
table for every 5000 records.
For example, the initial value of the sequence is: 1
The next update will change the value to 5001, next will be 10001 and soon.
>
The properties of this NA1 class at runtime
Shared - Disallowed
Distributed - Disallowed
Transactional - Is Default
Monitored - Disallowed
Unfortunately, this attribute is not a handle but is instantiated by theSO1
itself.
I have been thinking, if SO1 is replicated within the same partition, and
each replicate will carry its own NA1. NA1 and the replicate of NA1 may
return a same number if their initial values of the sequence are the same.
Correct?
Regards
Martin Chan
-----Original Message-----
From: Serge Blais [mailto:Serge.BlaisSun.com]
Sent: Tuesday, 3 April 2001 13:11
To: Chan, Martin; forte-userslists.xpedior.com
Subject: Re: (forte-users) SO Load Balancing Question
Let's see if I understand right.
You have a service object that keep a handle to an object that either keep
state information, or that generate state information. Now the thing to
figure out is which is it. Let's assume that NA1 is a number generator,
that does not need to be synchronized or that doesn't need to access any
external resource. It would still work, depending on the algorythm you are
using.
Will they share the same NA1? It depends on the nature of NA1, but for sure
NA1 would have to be an anchored object. An if multiple partitions would
share the same object "only" for key generation, you would bring down your
performance on key generation or key update (by adding one inter-process
call).
In short:
1. Many scenarios can happen, you need to be clearer on your description.
2. If you are sharing an object by load balanced partitions, this greatly
reduce the gain of load balancing the partition.
3. If NA1 is keeping state, any access to it would need to be controlled
"shared".
Have fun now...
Serge
At 12:30 PM 4/3/2001 +1000, Chan, Martin wrote:
Hi all,
I have a service object (SO1) which has been set to Load Balancing.
This service object has an attribute which serves as a number allocator
(NA1).
This NA1 provides a unique number across the whole application for each
of
the record that require to store into DB.
The problem is, will the NA1 get replicated if the SO1 is replicated?
If yes, will NA1 crash?
Regards,
Martin Chan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Senior Analyst/Programmer
Dept of Education and Training
Mobile : 0413-996-116
Email: martin.chandet.nsw.edu.au
Tel: 02-9942-9685
For the archives, go to: http://lists.xpedior.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.comSerge Blais
Professional Services Engineer
iPlanet Expertise Center
Sun Professional Services
Cell : (514) 234-4110
Serge.BlaisSun.comSerge Blais
Professional Services Engineer
iPlanet Expertise Center
Sun Professional Services
Cell : (514) 234-4110
Serge.BlaisSun.com -
Hello,
When performing settings on JMS connection factory, one can set (check the "Load Balancing Enabled" option in the Configuration tab, Load Balance sub tab).
In the help documentation, we can read:
Specifies whether non-anonymous producers created through a connection factory are load balanced within a distributed destination on a per-call basis.
*If enabled, the associated message producers are load balanced on every send() or publish() .+
I have performed some tests and I don't see the expected behaviour that is to say load-balancing for each send or publish call.
So first what does mean "non-anonymous producers" ? Does that mean that we have to create JMS connection with username/password arguments ? If yes, I have used the same credentials than the ones used for the admin console and again I don't see load-balancing on physical queues belonging to one distributed queue !
Could you give, please, me advice on how to get the load-balancing working per send or publish call ?
Best Regards.Hello,
The content of the config.xml:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://www.bea.com/ns/weblogic/90/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>FRANCOISdomain</name>
<domain-version>10.3.2.0</domain-version>
<security-configuration>
<name>FRANCOISdomain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:agent-authenticatorType">
<n1:name xmlns:n1="http://www.bea.com/ns/weblogic/90/security">OpenAMProvider</n1:name>
<n2:control-flag xmlns:n2="http://www.bea.com/ns/weblogic/90/security">OPTIONAL</n2:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}mq1iuVKohqULL/lwkqBF0PCxYeSXcHavSgc2TO4mKEWr81KYRukVzT/6Icj2576UhryaX5E/RzUKDJUZrEWAshpbE9B023NHogEtz7K0XQhToHxukFCiBy5I5mM8XpN4</credential-encrypted>
<node-manager-username>myusername</node-manager-username>
<node-manager-password-encrypted>{AES}r3SsMwpQiaNUYrGsTljMgyB9i4A0TELOfOni+RxRP/0=</node-manager-password-encrypted>
</security-configuration>
<jta>
<timeout-seconds>120</timeout-seconds>
</jta>
<log>
<file-name>logs/FRANCOISdomain.log</file-name>
<rotation-type>bySize</rotation-type>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-min-size>20480</file-min-size>
<rotate-log-on-startup>true</rotate-log-on-startup>
<log4j-logging-enabled>false</log4j-logging-enabled>
</log>
<snmp-agent-deployment>
<name>ServerSNMPAgent-0</name>
<enabled>true</enabled>
<send-automatic-traps-enabled>true</send-automatic-traps-enabled>
<snmp-port>1610</snmp-port>
<snmp-trap-version>1</snmp-trap-version>
<community-prefix>public</community-prefix>
<community-based-access-enabled>true</community-based-access-enabled>
<snmp-engine-id>ServerSNMPAgent-0</snmp-engine-id>
<authentication-protocol>noAuth</authentication-protocol>
<privacy-protocol>noPriv</privacy-protocol>
<inform-retry-interval>10000</inform-retry-interval>
<max-inform-retry-count>1</max-inform-retry-count>
<localized-key-cache-invalidation-interval>3600000</localized-key-cache-invalidation-interval>
<snmp-access-for-user-m-beans-enabled>true</snmp-access-for-user-m-beans-enabled>
<inform-enabled>false</inform-enabled>
<master-agent-x-port>7050</master-agent-x-port>
<target>AdminServer</target>
</snmp-agent-deployment>
<server>
<name>AdminServer</name>
<log>
<name>AdminServer</name>
<file-name>logs/AdminServer__%yyyy%_%MM%_%dd%_%hh%_%mm%.log</file-name>
<rotation-type>bySize</rotation-type>
<file-min-size>20480</file-min-size>
<logger-severity>Info</logger-severity>
<log-file-severity>Notice</log-file-severity>
<stdout-severity>Notice</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
</log>
<listen-port>20001</listen-port>
<iiop-enabled>true</iiop-enabled>
<default-iiop-user>iiopuser</default-iiop-user>
<default-iiop-password-encrypted>{AES}v2+TWtuxeDCyJ5ztyFko4t3ISkqKnlXEGK350FHvCXM=</default-iiop-password-encrypted>
<listen-address>10.10.166.103</listen-address>
</server>
<server>
<name>managed1</name>
<reverse-dns-allowed>false</reverse-dns-allowed>
<native-io-enabled>true</native-io-enabled>
<thread-pool-percent-socket-readers>33</thread-pool-percent-socket-readers>
<max-message-size>10000000</max-message-size>
<max-http-message-size>-1</max-http-message-size>
<complete-message-timeout>60</complete-message-timeout>
<idle-connection-timeout>65</idle-connection-timeout>
<period-length>60000</period-length>
<idle-periods-until-timeout>4</idle-periods-until-timeout>
<dgc-idle-periods-until-timeout>5</dgc-idle-periods-until-timeout>
<ssl>
<enabled>true</enabled>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>false</hostname-verification-ignored>
<export-key-lifespan>500</export-key-lifespan>
<client-certificate-enforced>false</client-certificate-enforced>
<listen-port>20012</listen-port>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<server-private-key-alias>myhost.mycompany.com</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>{AES}haHJwbqbttygoo71Dyb3dQck2VsEd1woFGijvFXM0sA=</server-private-key-pass-phrase-encrypted>
<ssl-rejection-logging-enabled>true</ssl-rejection-logging-enabled>
<inbound-certificate-validation>BuiltinSSLValidationOnly</inbound-certificate-validation>
<outbound-certificate-validation>BuiltinSSLValidationOnly</outbound-certificate-validation>
<allow-unencrypted-null-cipher>false</allow-unencrypted-null-cipher>
<use-server-certs>false</use-server-certs>
</ssl>
<log>
<file-name>logs/managed1_%yyyy%_%MM%_%dd%_%hh%_%mm%.log</file-name>
<rotation-type>bySize</rotation-type>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<rotation-time>00:00</rotation-time>
<file-min-size>20480</file-min-size>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Debug</logger-severity>
<logger-severity-properties>com.iplanet=Debug;test.ejb=Debug;com.sun.indentity=Debug;org.apache.http=Debug;test.servlet=Debug</logger-severity-properties>
<log-file-severity>Debug</log-file-severity>
<stdout-severity>Debug</stdout-severity>
<domain-log-broadcast-severity>Debug</domain-log-broadcast-severity>
<domain-log-broadcast-filter xsi:nil="true"></domain-log-broadcast-filter>
<memory-buffer-severity>Debug</memory-buffer-severity>
<memory-buffer-filter xsi:nil="true"></memory-buffer-filter>
<log4j-logging-enabled>true</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>false</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>50</domain-log-broadcaster-buffer-size>
</log>
<max-open-sock-count>-1</max-open-sock-count>
<stuck-thread-max-time>600</stuck-thread-max-time>
<stuck-thread-timer-interval>60</stuck-thread-timer-interval>
<machine>FRANCOIS_Machine1</machine>
<listen-port>20011</listen-port>
<listen-port-enabled>true</listen-port-enabled>
<cluster>FRANCOIS_cluster</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
<frontend-http-port>0</frontend-http-port>
<frontend-https-port>0</frontend-https-port>
<keep-alive-enabled>true</keep-alive-enabled>
<keep-alive-secs>30</keep-alive-secs>
<https-keep-alive-secs>60</https-keep-alive-secs>
<post-timeout-secs>30</post-timeout-secs>
<max-post-size>-1</max-post-size>
<send-server-header-enabled>false</send-server-header-enabled>
<wap-enabled>false</wap-enabled>
<accept-context-path-in-get-real-path>false</accept-context-path-in-get-real-path>
</web-server>
<server-debug>
<debug-scope>
<name>weblogic.security</name>
<enabled>false</enabled>
</debug-scope>
<debug-scope>
<name>weblogic.servlet</name>
<enabled>false</enabled>
</debug-scope>
<debug-scope>
<name>default</name>
<enabled>false</enabled>
</debug-scope>
<debug-scope>
<name>weblogic</name>
<enabled>false</enabled>
</debug-scope>
</server-debug>
<listen-address>host.mycompany.com</listen-address>
<accept-backlog>300</accept-backlog>
<login-timeout-millis>5000</login-timeout-millis>
<java-compiler>javac</java-compiler>
<tunneling-enabled>true</tunneling-enabled>
<tunneling-client-ping-secs>45</tunneling-client-ping-secs>
<tunneling-client-timeout-secs>40</tunneling-client-timeout-secs>
<server-start>
<java-vendor>Sun</java-vendor>
<java-home>/opt/32bit/jdk1.6.0_18</java-home>
<class-path>${CLASSPATH}:/opt/32bit/jdk1.6.0_18/lib/tools.jar:/product/DSL60/wlserver_10.3/server/lib/weblogic_sp.jar:/product/DSL60/wlserver_10.3/server/lib/weblogic.jar:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/lib/agent.jar:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/lib/openssoclientsdk.jar:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/locale:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/Agent_002/config</class-path>
<bea-home>/product/DSL60</bea-home>
<root-directory>/product/DSL60/wls/domain/FRANCOISdomain</root-directory>
<security-policy-file>/product/DSL60/wlserver_10.3/server/lib/weblogic.policy</security-policy-file>
<arguments>-Dname=WL1_MYCOMPANY_PID -Dlog4j.configuration=file:///product/DSL60/wls/domain/FRANCOISdomain/lib/log4j.xml -Declipselink.register.run.mbean=true -Xms1024m -Xmx1024m -XX:MaxPermSize=256m -d32 -Doracle.net.tns.admin=/opt/oracle/11.2.0/network/admin/tnsname.ora -Djava.util.logging.config.file=/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/config/OpenSSOAgentLogConfig.properties -DLOG_COMPATMODE=Off</arguments>
<username>myusername</username>
<password-encrypted>{AES}+o7kEIuvUEC1C4IoVveulxKTyN3upgWDglcqqgOEwt4=</password-encrypted>
</server-start>
<jta-migratable-target>
<user-preferred-server>managed1</user-preferred-server>
<cluster>FRANCOIS_cluster</cluster>
</jta-migratable-target>
<low-memory-time-interval>3600</low-memory-time-interval>
<low-memory-sample-size>10</low-memory-sample-size>
<low-memory-granularity-level>5</low-memory-granularity-level>
<low-memory-gc-threshold>5</low-memory-gc-threshold>
<auto-kill-if-failed>true</auto-kill-if-failed>
<health-check-interval-seconds>30</health-check-interval-seconds>
<managed-server-independence-enabled>true</managed-server-independence-enabled>
<client-cert-proxy-enabled>false</client-cert-proxy-enabled>
<key-stores>CustomIdentityAndCustomTrust</key-stores>
<custom-identity-key-store-file-name>/product/FILES/PAF/cert/opensso.jks</custom-identity-key-store-file-name>
<custom-identity-key-store-type>JKS</custom-identity-key-store-type>
<custom-identity-key-store-pass-phrase-encrypted>{AES}yg0Tx8tcfZsqM2sYbfTPEDl7ceN5X5zUEALaBM58wS8=</custom-identity-key-store-pass-phrase-encrypted>
<custom-trust-key-store-file-name>/product/FILES/PAF/cert/opensso.jks</custom-trust-key-store-file-name>
<custom-trust-key-store-type>JKS</custom-trust-key-store-type>
<custom-trust-key-store-pass-phrase-encrypted>{AES}8Ghgu1RUTF7st3f69sZKdb6vTfWiFvk1g+CUi63utBA=</custom-trust-key-store-pass-phrase-encrypted>
<overload-protection>
<shared-capacity-for-work-managers>1111</shared-capacity-for-work-managers>
<panic-action>system-exit</panic-action>
<failure-action>no-action</failure-action>
<free-memory-percent-high-threshold>0</free-memory-percent-high-threshold>
<free-memory-percent-low-threshold>0</free-memory-percent-low-threshold>
</overload-protection>
</server>
<server>
<name>managed2</name>
<reverse-dns-allowed>false</reverse-dns-allowed>
<native-io-enabled>true</native-io-enabled>
<thread-pool-percent-socket-readers>33</thread-pool-percent-socket-readers>
<max-message-size>10000000</max-message-size>
<complete-message-timeout>60</complete-message-timeout>
<idle-connection-timeout>65</idle-connection-timeout>
<period-length>60000</period-length>
<idle-periods-until-timeout>4</idle-periods-until-timeout>
<dgc-idle-periods-until-timeout>5</dgc-idle-periods-until-timeout>
<log>
<file-name>logs/managed2_%yyyy%_%MM%_%dd%_%hh%_%mm%.log</file-name>
<rotation-type>bySize</rotation-type>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<rotation-time>00:00</rotation-time>
<file-min-size>20480</file-min-size>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Debug</logger-severity>
<logger-severity-properties>org.apache.http=Error</logger-severity-properties>
<log-file-severity>Debug</log-file-severity>
<stdout-severity>Debug</stdout-severity>
<domain-log-broadcast-severity>Debug</domain-log-broadcast-severity>
<domain-log-broadcast-filter xsi:nil="true"></domain-log-broadcast-filter>
<memory-buffer-severity>Debug</memory-buffer-severity>
<memory-buffer-filter xsi:nil="true"></memory-buffer-filter>
<log4j-logging-enabled>true</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>false</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>50</domain-log-broadcaster-buffer-size>
</log>
<max-open-sock-count>-1</max-open-sock-count>
<stuck-thread-max-time>600</stuck-thread-max-time>
<stuck-thread-timer-interval>60</stuck-thread-timer-interval>
<machine>FRANCOIS_Machine1</machine>
<listen-port>20021</listen-port>
<cluster>FRANCOIS_cluster</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>10.10.166.103</listen-address>
<accept-backlog>300</accept-backlog>
<login-timeout-millis>5000</login-timeout-millis>
<tunneling-enabled>true</tunneling-enabled>
<tunneling-client-ping-secs>45</tunneling-client-ping-secs>
<tunneling-client-timeout-secs>40</tunneling-client-timeout-secs>
<server-start>
<java-vendor>Sun</java-vendor>
<java-home>/opt/32bit/jdk1.6.0_18</java-home>
<class-path>${CLASSPATH}:/opt/32bit/jdk1.6.0_18/lib/tools.jar:/product/DSL60/wlserver_10.3/server/lib/weblogic_sp.jar:/product/DSL60/wlserver_10.3/server/lib/weblogic.jar:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/lib/agent.jar:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/lib/openssoclientsdk.jar:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/locale:/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/Agent_003/config</class-path>
<bea-home>/product/DSL60</bea-home>
<root-directory>/product/DSL60/wls/domain/FRANCOISdomain</root-directory>
<security-policy-file>/product/DSL60/wlserver_10.3/server/lib/weblogic.policy</security-policy-file>
<arguments>-Dname=WL1_MYCOMPANY_PID -Dlog4j.configuration=file:///product/DSL60/wls/domain/FRANCOISdomain/lib/log4j.xml -Declipselink.register.run.mbean=true -Xms1024m -Xmx1024m -XX:MaxPermSize=256m -d32 -Doracle.net.tns.admin=/opt/oracle/11.2.0/network/admin/tnsname.ora -Djava.util.logging.config.file=/product/FILES/PAF/j2ee_agents/weblogic_v10_agent/config/OpenSSOAgentLogConfig.properties -DLOG_COMPATMODE=Off</arguments>
<username>myusername</username>
<password-encrypted>{AES}AveXfjkD6M1nkwLoBOtN9QhrOA+C1d84AP+A2WThpN0=</password-encrypted>
</server-start>
<jta-migratable-target>
<user-preferred-server>managed2</user-preferred-server>
<cluster>FRANCOIS_cluster</cluster>
</jta-migratable-target>
<low-memory-time-interval>3600</low-memory-time-interval>
<low-memory-sample-size>10</low-memory-sample-size>
<low-memory-granularity-level>5</low-memory-granularity-level>
<low-memory-gc-threshold>5</low-memory-gc-threshold>
<auto-kill-if-failed>true</auto-kill-if-failed>
<health-check-interval-seconds>30</health-check-interval-seconds>
<managed-server-independence-enabled>true</managed-server-independence-enabled>
</server>
<cluster>
<name>FRANCOIS_cluster</name>
<cluster-address>10.10.166.103:20011,10.10.166.103:20021</cluster-address>
<default-load-algorithm>round-robin</default-load-algorithm>
<cluster-messaging-mode>unicast</cluster-messaging-mode>
<cluster-broadcast-channel></cluster-broadcast-channel>
<weblogic-plugin-enabled>true</weblogic-plugin-enabled>
<frontend-http-port>20011</frontend-http-port>
<frontend-https-port>20012</frontend-https-port>
<number-of-servers-in-cluster-address>1</number-of-servers-in-cluster-address>
</cluster>
<production-mode-enabled>false</production-mode-enabled>
<embedded-ldap>
<name>FRANCOISdomain</name>
<credential-encrypted>{AES}M6zrsdwO+PvT05M07l6QPOBMLacz4b6Z9+DT5EDxQPABYDdIzZbossnMLiXSSodJ</credential-encrypted>
</embedded-ldap>
<archive-configuration-count>3</archive-configuration-count>
<config-backup-enabled>true</config-backup-enabled>
<configuration-version>10.3.2.0</configuration-version>
<library>
<name>mycompany-domain-logging.jar#[email protected]</name>
<target>FRANCOIS_cluster</target>
<module-type xsi:nil="true"></module-type>
<source-path>servers/AdminServer/upload/mycompany-domain-logging.jar/app/mycompany-domain-logging.jar</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>stage</staging-mode>
</library>
<library>
<name>eclipselink-custom.jar#[email protected]</name>
<target>FRANCOIS_cluster</target>
<module-type xsi:nil="true"></module-type>
<source-path>servers/AdminServer/upload/eclipselink-custom.jar/app/eclipselink-custom.jar</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>stage</staging-mode>
</library>
<machine>
<name>FRANCOIS_Machine1</name>
<node-manager>
<nm-type>Plain</nm-type>
<listen-address>10.10.166.103</listen-address>
<listen-port>5566</listen-port>
</node-manager>
</machine>
<jms-server>
<name>JMSServer1</name>
<target>managed1</target>
<persistent-store>jdbcStore1</persistent-store>
</jms-server>
<jms-server>
<name>JMSServer2</name>
<target>managed2</target>
<persistent-store>jdbcStore2</persistent-store>
</jms-server>
<migratable-target>
<name>managed1 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>managed1</user-preferred-server>
<cluster>FRANCOIS_cluster</cluster>
</migratable-target>
<migratable-target>
<name>managed2 (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>managed2</user-preferred-server>
<cluster>FRANCOIS_cluster</cluster>
</migratable-target>
<startup-class>
<name>AppenderStartup</name>
<target>FRANCOIS_cluster</target>
<class-name>com.mycompany.logging.AppenderStartup</class-name>
<load-before-app-deployments>true</load-before-app-deployments>
</startup-class>
<jdbc-store>
<name>jdbcStore1</name>
<prefix-name>jdbcStore1</prefix-name>
<data-source>technical_mycompany_noxa.ds</data-source>
<target>managed1</target>
</jdbc-store>
<jdbc-store>
<name>jdbcStore2</name>
<prefix-name>jdbcStore2</prefix-name>
<data-source>mycompany_noxa_failover.ds</data-source>
<target>managed2</target>
</jdbc-store>
<jms-system-resource>
<name>EclipseLink_Module</name>
<target>FRANCOIS_cluster</target>
<sub-deployment>
<name>DeployToCluster</name>
<target>FRANCOIS_cluster</target>
</sub-deployment>
<descriptor-file-name>jms/eclipselink_module-jms.xml</descriptor-file-name>
</jms-system-resource>
<jms-system-resource>
<name>TESTJMS</name>
<target>FRANCOIS_cluster</target>
<sub-deployment>
<name>TestQueueM1</name>
<target>JMSServer1</target>
</sub-deployment>
<sub-deployment>
<name>TestQueueM2</name>
<target>JMSServer2</target>
</sub-deployment>
<descriptor-file-name>jms/testjms-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>AdminServer</admin-server-name>
<jdbc-system-resource>
<name>mycompany_xa_failover.ds</name>
<target>FRANCOIS_cluster</target>
<descriptor-file-name>jdbc/mycompany_xa_failover2eds-4849-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>mycompany_noxa_failover.ds</name>
<target>FRANCOIS_cluster</target>
<descriptor-file-name>jdbc/mycompany_noxa_failover2eds-3264-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>technical_mycompany_noxa.ds</name>
<target>FRANCOIS_cluster</target>
<descriptor-file-name>jdbc/technical_mycompany_noxa2eds-3047-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain>
Best Regards. -
Load Balancing and Failover in Dual Ethernet
I have a cisco 2911/K9 router with two 4Mbps Leased line connection from two different ISPs to my remote office. Remote office has cisco 2811 router
Main office has MPLS connection with static Ip routing apart from the two leased lines
All handoffs are ethernet
Is it possible to do load sharing as well as fail over between the two ISPs, if so how am i to achieve that
Kindly help meDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If your MPLS vendor supports no dynamic routing, they why do you ask about BGP? Or, do they only support dynamic routing with BGP?
You can do equal cost multi-path with BGP (may require a hidden command to fully utilize).
You could do GRE tunnels across the MPLS cloud and dynamically route between them using your choice of a dynamic routing protocol.
Both your devices should support OER/PfR (may require a feature upgrade). OER/PfR will actually dynamically load balance.
SLA features should also be available on both your routers, those too might require a IOS feature upgrade.
Configuration examples might be found on Cisco's main web site.
Maybe you are looking for
-
My neice is trying to use the Build-a-Bear website, which requires Flash to login and run its services. However, the plug in is loading correctly, but we cannot enter letters into the login box, just numbers. It's not a firefox problem with entering
-
Why can I not select the transparency flattener preset option when exporting to a pdf?
Hi all, I have not had to use this option in quite a while so may have forgotten a few things. In InDesign, under Edit>Transparency Flattener Presets, I have created a new preset and included the option of converting all text to outlines. However, wh
-
I Know that for using XML Interop I have to produce an XML file like that : <?xml version="1.0" encoding="UTF-8" standalone="no"?> <jdeRequest comment="" environment="PY812" pwd="xxxx" role="*ALL" session="" sessionidle="" type="callmethod" user="BUF
-
What does it mean when upgrading to iTunes Plus?
Ok ~ So was about to upgrade to iTunes Plus, and when I click it I find this: 106 Total Songs 14 Songs 5 Albums And then I'm given a price. I'm not sure what the break down is, or what 106, 14 are in comparison to one another. And I thought I had pur
-
Can I go back to the older version of itunes (9)
My dad & I don't like the new itunes set up. Is there a way to downgrade a version?