Upload
abba
View
41
Download
2
Embed Size (px)
DESCRIPTION
Distributed Object Technology & CORBA/Java Solutions. Building Enterprise Servers for OS/390 with OrbixWeb . by Peter Kanis. Contents. The SwiBi (Swisscom Billing) project. Requirements & Constraints. Architecture. Session Balancing. Security with RACF. Server Framework - PowerPoint PPT Presentation
Citation preview
Building Enterprise Serversfor OS/390
with OrbixWeb
byPeter Kanis
Distributed Object Technology & CORBA/Java Solutions
ContentsContents
The The SwiBi SwiBi (Swisscom Billing) project.(Swisscom Billing) project. Requirements & Constraints.Requirements & Constraints. Architecture.Architecture. Session Balancing.Session Balancing. Security with RACF.Security with RACF. Server FrameworkServer Framework
Distributed garbage collectionDistributed garbage collection Multi-threading model.Multi-threading model.
Logging, monotoring, testing & administration.Logging, monotoring, testing & administration. Server Design.Server Design.
The Swisscom Billing (SwiBi) ProjectThe Swisscom Billing (SwiBi) Project
Current billing stream is managed with a Current billing stream is managed with a dinosaurian host application…dinosaurian host application…
SwiBiSwiBi should replace this with an intelligent, should replace this with an intelligent, modern enterprise server.modern enterprise server.
Unfortunately, the new must run in parallel with Unfortunately, the new must run in parallel with the old:the old:
Stuck with a legacy database for COBOL with Stuck with a legacy database for COBOL with fixed length fields.fixed length fields.
Have to use stored procedures written in COBOL.Have to use stored procedures written in COBOL.
Servers should be deployable on Servers should be deployable on OS/390 USSOS/390 USS and and AIXAIX..
Clients must be deployable on standardised Clients must be deployable on standardised Windows NT work-stations (Swisscom Workplace Windows NT work-stations (Swisscom Workplace 2000).2000).
Servers must support up to 3500 concurrent Servers must support up to 3500 concurrent intranet users with no noticeable performance intranet users with no noticeable performance degradation:degradation:
Need multiple parallel servers.Need multiple parallel servers. Servers need to be multi-threaded.Servers need to be multi-threaded. Need session balancing.Need session balancing.
Requirements and Constraints (1)Requirements and Constraints (1)
Servers should be available from 6:30 to 20:00.Servers should be available from 6:30 to 20:00. Need a certain amount of fault tolerance.Need a certain amount of fault tolerance. Need some form of monitoring software.Need some form of monitoring software. Need distributed garbage collection.Need distributed garbage collection.
Users are already defined for the old software and Users are already defined for the old software and should be authenticated through should be authenticated through RACFRACF..
Need an authentication server on OS/390.Need an authentication server on OS/390. Cannot use SSL for internal political reasons.Cannot use SSL for internal political reasons. Should at least have some form of encryption on Should at least have some form of encryption on
passwords.passwords. < 1 year from conception to deployment.< 1 year from conception to deployment.
Need an efficient RAD environment and language.Need an efficient RAD environment and language.
Requirements and Constraints (2)Requirements and Constraints (2)
CORBAC++
Servant
Oracle/D
B2
gateway
CORBAC++ Client
MFC
Windows AIX MVS
DB2
Architecture variant 1Architecture variant 1
Already in use within Swisscom.Already in use within Swisscom. Not deployable on OS/390.Not deployable on OS/390. No authentication through RACF.No authentication through RACF. Inadequate throughput to DB.Inadequate throughput to DB. Long development time with C++.Long development time with C++. Poor reliability with MFC.Poor reliability with MFC.
CORBAC++ Client
MFC
Windows
OrbixIMS
GatewayIMS DB2
OS/390 USS MVS
Already in use within Swisscom.Already in use within Swisscom. Not deployable on AIX.Not deployable on AIX. Large data blocks cannot be passed through IMS.Large data blocks cannot be passed through IMS. Long development time with C++ and COBOL.Long development time with C++ and COBOL. Inadequate or inexistent monitoring tools.Inadequate or inexistent monitoring tools.
Architecture variant 2Architecture variant 2
CORBAor RMI
Java Client
Windows
DB2
MVSOS/390 USS
CORBAC++
Servant
CORBA orRMI Java
Server
IIOP
IIOPRMI
CLI
JDBC
Can be deployed on AIX.Can be deployed on AIX. Possible authentication through RACF.Possible authentication through RACF. RMI locks us into Java CORBA leaves it open.RMI locks us into Java CORBA leaves it open. Long development time with C++ variant.Long development time with C++ variant. Logging and monitoring tools available.Logging and monitoring tools available.
Architecture variant 3Architecture variant 3
OrbixWebJava 2Client Applet
Windows OrbixWebSessionBalancer
OrbixWebRACF
AuthenticationServant
OrbixWebSwiBi
Servants
OS/390 USS MVS
DB2
RACFSAF
IIOP
IIOP
IIOP
JDBC
RRSAF
IIOP
Architecture OS/390Architecture OS/390
OrbixWebJava 2Client Applet
Windows
OrbixWebRACF
Authentication
OS/390 USS
MVS
DB2
RACF
SAF
IIOP
IIOP
IIOP
DRDA
OrbixWebSessionBalancer
OrbixWebSwiBi
Servants
JDBC
DB2 ClientEnabler
AIX Node
IIOP
Architecture OS/390 + AIXArchitecture OS/390 + AIX
Distributes client sessions between the available Distributes client sessions between the available servers using a round robin algorithm.servers using a round robin algorithm.
Registered servers uses a “heart-beat” to check in Registered servers uses a “heart-beat” to check in with the balancer.with the balancer.
Supplies an interface for administrationSupplies an interface for administration List registered servers.List registered servers. Stop a server.Stop a server. Stop a group of servers.Stop a group of servers. Stop all the servers in a group on a given host.Stop all the servers in a group on a given host.
Integrated into the server framework.Integrated into the server framework.
Session Balancing (1)Session Balancing (1)
OrbixWebJava 2
Client Applet
OrbixWebSessionBalancer
OrbixWebSwiBi
Servants
Connectioninfo
Registercheck-in
shutdown
invocations
Session Balancing (2)Session Balancing (2)
OrbixWebAdministration
Client
List Servers etc..
Server Status
Authentication with RACF (1)Authentication with RACF (1)
• The IBM JDK 1.1.8 security classes are not adequate for developing a serious authentication system:– They return erroneous error codes.
– There is no way of verifying class/entity rights for a third party.
• We wrote our own JNI library for accessing RACF:– void authenticate( userId, password);
– void changePassword(userId, oldPassword, newPassword);
– boolean isMemberOfGroup( userId, group);
– boolean canRead( userId, securityClass, entityName);
– boolean canUpdate( userId, securityClass, entityName);
– boolean canAlter( userId, securityClass, entityName);
– boolean canControl( userId, securityClass, entityName);
Authentication with RACF (2)Authentication with RACF (2)
• We couldn’t use SSL:– It would only be necessary for the authentication phase.
– The performance loss over the whole application would be too high.
– This is an intranet application where SSL would be overkill.
– Swisscom has no wish to maintain the necessary certificates.
• We created our own password Encryptor:– Uses a mutating cipher with a configurable lifetime.
– Random shift expansion algorithm.
– An 8 char password results in a 64 byte block.
Authentication with RACF (3)Authentication with RACF (3)
OrbixWebJava 2
Client Applet
OrbixWebRACF
AuthenticationServant
getCipher()
Encryptor
OrbixWebSwiBi
Servant
encryptPassword()
logon()
getCipher()authenticate() +isMemberOfGroup()
The Server Framework (1)The Server Framework (1)
All the servers have a common set of All the servers have a common set of requirements:requirements:
ORB initialisation.ORB initialisation. Application initialisation from properties files.Application initialisation from properties files. A multi-threading model.A multi-threading model. Distributed garbage collection.Distributed garbage collection. A logging and/or monitoring mechanism.A logging and/or monitoring mechanism. Possibility of session balancing.Possibility of session balancing.
The server framework supplies all this in a re-The server framework supplies all this in a re-usable set of Java packages.usable set of Java packages.
Allows fast development of OrbixWeb Servers Allows fast development of OrbixWeb Servers and clients by simply initialising the and clients by simply initialising the ApplicationApplication or or ClientClient classes. classes.
Application ORB
Orb PropertiesObjectManagerWorkerThread
OrbixThreadFilter
static getApplication();connect();run();getAppProperty();
The Server Framework (2)
App. Properties
ObjectManagerThread
Authenticator
BalancerClientThread
RequestQueue
The Server Framework (3)
Client
ORB Orb Properties
static getClient();connect();run();getAppProperty();
App. Properties
The Server Framework (4)The Server Framework (4)
Default OrbixWeb settings will cause problems Default OrbixWeb settings will cause problems with daemon on the server host:with daemon on the server host:
Client connections remain open for 8-10 hours.Client connections remain open for 8-10 hours. Every object is located through the daemon.Every object is located through the daemon. After a while the daemon used 1Gigabyte of After a while the daemon used 1Gigabyte of
resources and eventually dies.resources and eventually dies. The server requires the following settings:The server requires the following settings:
IT_IIOP_USE_LOCATOR=IT_IIOP_USE_LOCATOR=falsefalse IT_IIOP_LISTEN_PORT=IT_IIOP_LISTEN_PORT=00
The client requires:The client requires: IT_KEEP_ALIVE_FORWARDER_CONN=IT_KEEP_ALIVE_FORWARDER_CONN=falsefalse
Distributed Garbage Collection (1)Distributed Garbage Collection (1)
Objects connected to the ORB Objects connected to the ORB do not get do not get deleteddeleted as there is a reference to them in the as there is a reference to them in the ORBORB..
There is no reference counting mechanism There is no reference counting mechanism implemented in the OMG Java definition for implemented in the OMG Java definition for CORBA.CORBA.
There is no direct access to the ORB object table There is no direct access to the ORB object table in OrbixWeb.in OrbixWeb.
Must be automated, we don’t want to have to Must be automated, we don’t want to have to explicitly call garbage collection methods on the explicitly call garbage collection methods on the servant objects.servant objects.
Should run in the finalizer of the client stubs.Should run in the finalizer of the client stubs.
Distributed Garbage Collection (2)Distributed Garbage Collection (2)
Have a standard interface Have a standard interface destroyabledestroyable which which declares a declares a destroy destroy method:method:
The The destroy() destroy() implementation disconnects the implementation disconnects the object from the object from the ORBORB allowing the Java garbage allowing the Java garbage collection to remove it.collection to remove it.
All classes except the factory class inherit from All classes except the factory class inherit from this.this.
We built a post compiler for We built a post compiler for idlidl that adds a that adds a finalizer to the client classes if they contain the finalizer to the client classes if they contain the destroydestroy method. method.
We added an “evictor” thread which disconnects We added an “evictor” thread which disconnects objects after a configurable inactivity time (2 hrs).objects after a configurable inactivity time (2 hrs).
Distributed Garbage Collection (3)Distributed Garbage Collection (3)
The Server Framework maintains a table of The Server Framework maintains a table of objects connected to the objects connected to the ORBORB..
The table is 2 dimensional, allowing us to parent - The table is 2 dimensional, allowing us to parent - child relationship between objects. If a parent is child relationship between objects. If a parent is removed, all its children are also.removed, all its children are also.
Debuggers are too invasive to be of any use Debuggers are too invasive to be of any use during testing and leave no permanent record of during testing and leave no permanent record of events.events.
Require a way of tracing distributed apps for Require a way of tracing distributed apps for testing.testing.
Require a permanent record of logs.Require a permanent record of logs. Traces must be time stamped and contain Traces must be time stamped and contain
information on the source of the trace such as information on the source of the trace such as Host, Process, Thread, Class, Method and line in Host, Process, Thread, Class, Method and line in the java file.the java file.
Require a script driven testing tool for repeatable Require a script driven testing tool for repeatable testing and regression testing.testing and regression testing.
Logging, monitoring, testingLogging, monitoring, testing& administration (1)& administration (1)
Logging, monitoring, testingLogging, monitoring, testing& administration (2)& administration (2)
Require a method of changing the trace level Require a method of changing the trace level interactively and watching events online without interactively and watching events online without stopping the server.stopping the server.
Need a centralised repository of logs to facilitate Need a centralised repository of logs to facilitate administration.administration.
Require the tracing mechanism for testing to be Require the tracing mechanism for testing to be used for logging in production.used for logging in production.
Require an tool to easily view and manage trace Require an tool to easily view and manage trace files in the repository.files in the repository.
Khephren 2000
Test Hosts
Process being traced or tested
TraceEngine class
TracesControl
Server Host
TraceRepository
Repository Management
Servant
Trace EngineServant
Control Hosts
KhephrenProcess Monitor
Traces
Control
Trace ViewerHosts
KhephrenTrace Viewer
Traces fromRepository
Traces
Repository MgrHosts
KhephrenRepository Manager
Archive, delete etc.
Design (1)Design (1)
All the servers are based around a singleton All the servers are based around a singleton factory object that is published to thfactory object that is published to the ORB e ORB and is and is not entered in the object management table.not entered in the object management table.
The factory is the unique entry point into the The factory is the unique entry point into the system and implements any security and system and implements any security and administration functionality.administration functionality.
The factory creates the top level objects that The factory creates the top level objects that implement the application’s business logic.implement the application’s business logic.
These top level objects are related 1:1 to the These top level objects are related 1:1 to the client and are responsible for creating any client and are responsible for creating any children needed for the business logic.children needed for the business logic.
Client
Factory
Design (2)Design (2)
BusinessObject
BusinessObject
Client
Server
1
1 2
2
3
3
1 connect, logon and get 1 connect, logon and get business object.business object.
2 create business object and 2 create business object and add to manager table.add to manager table.
3 invoke operations on 3 invoke operations on business object.business object.
Design (3)Design (3)
We considered 2 approaches to the design:We considered 2 approaches to the design: A vertical approach where each business object is A vertical approach where each business object is
built from interface to database access as a unit.built from interface to database access as a unit. A horizontal approach where the application is A horizontal approach where the application is
layered.layered. We chose the horizontal approach for pragmatic We chose the horizontal approach for pragmatic
reasons:reasons: It is hard to find programmers who are expert in all It is hard to find programmers who are expert in all
the technologies being used.the technologies being used. We had on hand experts in SQL, pure java and We had on hand experts in SQL, pure java and
CORBA programming.CORBA programming. It is easier to add interfaces to other middleware It is easier to add interfaces to other middleware
technologies using a layered approach.technologies using a layered approach.
SwiBi Server layering (1)
CORBA IDL layercom.swisscom.swibi.server.boa
Business Object layercom.swisscom.server.bo
Access Object Layercom.swisscom.server.ao
Application layercom.swisscom.swibi.server.appl
Java CORBA Client
DB2
SwiBi Servant layering(2)
CORBA IDL layercom.swisscom.swibi.server.boa
Java CORBA Client
RMI layercom.swisscom.swibi.server.rmi
Java RMI Client
Business Object layercom.swisscom.swibi.server.bo
Access Object Layercom.swisscom.swibi.server.ao
Application layercom.swisscom.swibi.server.appl
DB2
The SwiBi Team
Analysis, Design & ProgrammingSever: Peter Kanis,Jürgen Fritz, Stefan Fink, Urs Schimming, Urs Badertscher, Markus Streit, Daniel Steiner, Daniel Wildi, Beat Bilang, Bruno RothClient: Stefan Marty, Felix Boss, Niklaus Rötlisberger, Daniel Wildi
Management Hans Brüschweiler, Heinz Bösch