Saturday, October 8, 2016

Clustering in WAS -WebSphere Application Server Interview Questions - Part -18

Def of CLUSTERING : It is a set of AppServers having same applications Installed,Grouped locally for WORKLOADMANAGEMENT (WLM)
(or)

-----> Grouping of AppServers under a single application / name

-----> Using Clustering we can create a scope and achieved through WORKLOADMANAGEMENT and FAILOVER
(OR)

-----> Every cluster member must have the same configuration and same version.We can say each cluster member is the clone to one another.

-----> Clustering concept is for High Availability and and Workload Management.

Q) How to install an application in one cluster member out of multiple members?

A) One cannot deploy application in one cluster member alone in the clustered environment since application which is deployed in one cluster member will be shared across to the other cluster members automatically. So logically it is equivalent, installing application in cluster level.

----> Make the "cluster member weight" where you DONT want the application to be installed as Zero.

There are 2 types of CLUSTERING

1) VERTICAL CLUSTERING : Deployed the application on one machine and we can run that application on our own box(or) machine.

----> In this Vertical Clustering Machine FailOver is not possible.

----> If the machine gets failed we cannot run that application (or) SINGLE POINT OF FAILURE.

---> If one Server fails the other Server will takes care

----> If machine fails nothing can be done.
(OR)

----->  All the JVMs resides on the same physical machine along with the DMGR.

-----> When the JVM failover happens other JVM in that cluster will handle the request as part of the High Availability.

-----> But when the physical machine failover happens we will lose every thing

2) HORIZONTAL CLUSTERING : Grouping of AppServers in which one AppServer should be on one node and Another AppServer should be on another node.

-----> Means if we take two machines one application should be deployed on different machines Remotely (or) one application should run in INDIA and another application should run in AMERICA.

-----> If Machine1 application will be deployed on Machine2 so we have to know the IP address of Machine1 then only it is possible to deployed that application Successfully.

----> Both Machines should have Internet Connection.

----> Here no SINGLE POINT OF FAILURE.

----> It Supports MACHINE FAILOVER.

(OR)

-----> DMGR and the JVMs resides on the different machines.This will work even when the physical machine failover is happened.

WORKLOADMANAGEMENT : Sharing requests across Multiple Servers.

SCALABILITY : can add 2/3 members or add a cluster member to existing member

LOADBALANCING :  Allocate workload proportionality among available resources.

AVAILABILITY : System runs if server fails with Clustering.  (or)

----> Applications are still available if a server fails.

Next Page : http://webspherelife.blogspot.com/2018/09/clustering-in-was-websphere-application.html

Fix-pack, Refresh-pack and Hot-deployment - WebSphere Application Server Interview Questions - Part -17

FIX PACK : It fixes certain issues

-----> If we got any problem we have to raise PMR(PROBLEM MANAGEMENT REPORT) to IBM. They will provide a fix to that problem.

----> Up to 6.1 version 43 FIX PACKS have been issued.

REFRESH PACK : A milestone for release it takes you to release say 6.0.0.1 (like a new release of software).

----> If you apply rp2 it becomes 6.0.0.2

----> If you apply rp35 becomes 6.0.2.35 which is not a release.

HOT DEPLOYMENT :

----> Adding modules or additional services to existing application or new application without stopping application server as well as application

----> It will not effect to Business Impact.

----> When application is went to production environment then we cannot stop the application as application requests will come so in that case we will go for that HOT DEPLOYMENT.

SESSION MANAGEMENT :

Q) what is the session management in Version 6.1 and if we use cookies and ssl what are the advantages and disadvantages?

A) ----> Http is stateless protocol , It will not maintain any session.

-----> To maintain a session in websites like shopping websites,we need a session management mechanism like cookies, URL rewriting , file persistence, JVM in-memory session management etc...

-----> Considering performance , Maintaining session information in JVM is the best method of session management.

------> Considering security, Maintaining session on Database is the best method of session

management.

-----> Cookie is a small unit of memory/program that is used to store data for further client requests.

-----> An HTTP Session is series of requests to servlet originating from same user at same browser.

-----> Sessions allow applications running in web Container to keep track of individual users.

-----> Many web applications allow users to dynamically collect data as move through site based on series of selection of pages they visit

-----> When user goes to next or what site displays next it will depend on what the user has choosen previously from that site.

-----> For this maintaining of data the application will stores it in Session.

CONTEXT ROOT :

----> Context Root of web application is stored in application.xml file

----> Every web application developed within websphere studio has a Context Root associated with it.

----> Context Root helps to distinguish multiple applications deployed on same application server.

----> By Context Root only your Configuration file (PLUGIN-CNF.XML) routes the request to the particular application

Plug-in and Trace - WebSphere Application Server Interview Questions - Part -16

Def of PLUGIN: It is the communication between WEBSERVER TO APP SERVER

----> PLUG-IN Configuration file contains routing information for all applications mapped to WEBSERVER.

----> PLUGIN-CNF.XML file will have all Configuration setting determine whether the request is for WEBSERVER or APPLICATION SERVER.

-----> Whenever request comes to Web Server it first stores in PLUG-IN and afterwards PLUG-IN will checks that request or URL is compared

----> The PLUG-IN will forwards the request to WEB CONTAINER.

There are 2 types of PLUG-INS.

1) GENERATE PLUG-IN : Means deployment files information is save in PLUGIN-CFG.XML file

2) PROPAGATE PLUG-IN : Means deployment files information is stored in WEBSERVER.

Q) How to set PLUG-IN Logs?

A) ----> Goto Admin Console ------> Servers -----> Web Servers -----> Web Server -----> logfiles(Configuration tab) (Here we can change path of log files ) (Access.log, error.log)

Q) When do you regenerate the PLUG-IN CONFIG file ?

A) PLUG-IN Configuration file needs to be regenerated and propagated to the web servers when there are changes to your WebSphere configuration that affect how requests are routed from WEB SERVER to APPLICATION SERVER.

1) Installing an application

2) Creating or changing a virtual host

3) Creating a new Server.

4) Modifying HTTP transport settings (HTTP ports)

5) Creating or altering a cluster

TRACE : Trace is an informational record that is intended to specific Engineers (or) Developers to use

Q) What is trace file and where you get more details in trace or log files?

A) Trace file contains the step by step details of the WAS process. Trace file only contains more details than the log file.

(or)

Trace is a log file for tracing a particular memory.

Q) How do you setup traces ?

A) Admin Console-----> Trouble Shooting -----> logs and trace -----> Server name -----> Choose Diagnostic trace.

Global Security - WebSphere Application Server Interview Questions - Part -15

-----> It provides Authentication and Authorization for WEBSPHERE APPLICATION SERVER

STEP1 : Enable GLOBAL SECURITY.

STEP2 : Config application to user security.

STEP3 : Users and Groups Permission.

STEP4 : Deploy

STEP5 : Go to Bin

STEP6 : Goto Console Security [WebSphere Security]

STEP7 : Goto Admin, Monitor, Operator, Configurator

STEP8 : Goto Mycomputer ------> Right Click -----> Manage -----> Local User -----> User

STEP9 : Create User ID and Password for above roles

STEP10 : Create roles for Monitor ----> Mon , Configurator ----> Conf Operator ----> op

STEP11 : Goto Groups -----> Conf -----> Add check names

STEP12 : In Console Goto Security ----> Enable ----> Change Local OS -----> Config -----> User ID -----> Server ----> Was Admin ----> Ok ----> Save

STEP13 : Restart Server.

STEP14 : Goto Users and Groups

STEP15 : Manage Users

STEP16 : Manage Groups

-----> It will not work for Local OS Security we need to Federate

STEP17 : Goto Admin User roles

STEP 18 : Add Users and Groups

STEP19 : In Admin User role

STEP20 : Add Users and Groups

STEP21 : Start with Operator -----> User ID and Password

STEP22 : Start and Stop Operator

STEP23 : Login with Monitor in Admin Console

STEP24 : Config all we will not have option to Start , Stop Groups

STEP25 : Login Admin Add Group name

USER ROLES IN WAS :

There are 4 types of USER ROLES

1) MONITOR : Gives Least Privilege . It allows user to view WebSphere Configuration and Current Application Server state.

2) OPERATOR : Monitor privilege plus the ability to change runtime state,
such as starting or stopping servers

3) CONFIGURATOR : Monitor privilege plus the ability to change the WebSphere Configurations.

4) ADMINISTRATOR : Operator , Configurator , Monitor plus additional privileges like Modify User and Password

----> Modifying the primary administrative user and password

----> Mapping users and groups to the administrator role

----> Enabling or disabling administrative and Java 2 security

Unix commands - WebSphere Application Server Interview Questions - Part -14

1) Tail : Displays last 10 lines from ending

Syntax : $ tail file-name

2) Ch mod : Change Mod

Syntax : $ ch-mod [user/group/others/all]+[permission] file-name

----> User : read , write , execute (r,w,x)

----> Group : read , execute (r,x)

----> Others : No Permissions.

a) Read : 4

b) Write : 2

c) Execute : 1

3) Top : View CPU usage for all processes

Syntax : $ top

4) Kill : Used for terminating process

Syntax : $ kill [-signal] [process id]

ex: $ kill -9 process id

5) $ kill -0 : Terminates all current process except your shell

6) Who : List all users who are currently on the system.

Syntax : $ who

7) who am i : Reports the details about the command user.

Syntax : $ who am i

Plug-in parameters in WAS - WebSphere Application Server Interview Questions - Part -13

PLUG-IN Parameters are

a. Maximum Web container threads, set on the Web container : maximum size of
the thread pool is set to 50

----> Minimum Thread Pool Size is 10

b. ConnectionIOTimeout, set on the HttpTransport : The default value is 5 seconds

c. ConnectionKeepAliveTimeout, set on the HttpTransport : This is the maximum time to wait for the next request on a KeepAlive connection.

-----> The default value is 5 seconds.

----> If the next request on this KeepAlive connection is not received within this time, the connection will be closed.

d. MaxConnectBacklog, set on the HttpTransport : The MaxConnectBacklog setting controls the number of such requests that get queued up before the plug-in is refused more connection requests.

----> If this number is exceeded, the requests from the plug-in will not be able to connect to
the HttpTransport port.

----> If not specified by the user, the default value of this parameter is 512.

-----> Example: If a Web container is configured for a maximum of 50 concurrent
threads and 512 requests in the backlog, we can have 512 + 50 = 562 concurrent
requests from the plug-in to port 9080. Fifty of these are in the application server
and the rest are waiting in the backlog’s FIFO queue in the OS kernel. If the 563
rd request from the plug-in comes into port 9080, it will be rejected and the plug-in
will get an ETIMEDOUT error in http_plugin.log.

e. MaxKeepAliveConnections, set on the HttpTransport : This parameter has been provided in the HttpTransport to improve performance by enabling reuse of HTTP connections that have already been established between the plug-in and the application server’s HttpTranport.

-----> It provides a performance boost because it prevents each new HTTP request from creating a
new connection (new connection creation has an overhead on the plug-in and
the HttpTransport). This is analogous to a JDBC connection pool, where a single
JDBC connection is used by many different requests.

----> The maximum number of concurrent KeepAlive connections across all the HTTP
transports in a Web container should be less than the maximum number of
concurrent threads allowed in that Web container

f. MaxKeepAliveRequests, set on the HttpTransport : This parameter specifies the maximum number of requests which can be processed on a single KeepAlive connection. This is an integer value which defaults to 100 if not specified by the user. Setting this property to a high value
provides better performance. Setting this property to a low value can help prevent denial of service attacks if a client tries to hold on to a KeepAlive connection indefinitely. This custom property is ignored if MaxKeepAliveConnections is equal to zero.


  Parameters on the Web server side

a. OS parameter: TCP/IP timeout :  When a TCP/IP client is not able to communicate with a TCP/IP server in the time specified by the TCP/IP timeout, that request is aborted. This is one of the ways in which a request from the plug-in (TCP/IP client) to the HttpTransport
(TCP/IP server) fails, thus marking that the application server down.

----> Once this setting is changed, it not only affects the plug-in, but also every other
TCP/IP client application running on that node.

b. Plugin-cfg.xml parameter ConnectTimeout : The ConnectTimeout attribute of a Server element allows the plug-in to perform non-blocking connections with the application server. Non-blocking connections are beneficial when the plug-in is unable to contact the destination to determine if the port is available or unavailable. If no ConnectTimeout value is specified, the
plug-in performs a blocking connect in which the plug-in sits until an operating
system times out and allows the plug-in to mark the server unavailable.

---> A value of 0 causes the plug-in to perform a blocking connect.

---> A value greater than 0 specifies the number of seconds you want the plug-in to wait for a successful connection.

----> If a connection does not occur after that time interval, the plug-in marks the server unavailable and fails over to one of the other servers defined in the server group.

c. Plugin-cfg.xml parameter RetryInterval : This attribute is added to ServerCluster tag in the plugin-cfg.xml file.

----> If the server or clone is marked down by the plug-in, the value of this parameter will
specify when the plug-in will retry that application server. If not specified by the
user, the default value is 60 seconds.

----> A higher value will cause an application server to be offline for a longer period of
time (in case it’s already recovered). A smaller value will cause new requests to
receive a delayed response more frequently if the application server is still down.

SSL Secured Socket Layer -WebSphere Application Server Interview Questions - Part -12

----> It is a Protocol to provide Secured communication.

----> Protocol means follow rules and regulations according to instructions given by the client or enduser

-----> 1) FTP (FILE TRANSFER PROTOCOL)

-----> 2) TCP/IP (TRANSMISSION CONTROL PROTOCOL / INTERNET PROTOCOL)

----> It establishes communication along with Data Integrity and Encryption over the network between the nodes.

----> Here HTTP is a standard protocol.

----> In HTTP we cant secured our information means we cannot kept secret data whenever we are sending from one place to another place.

----> Means here HTTP is not using any Security to send any data to the client or end user.

----> HTTP is sending request from browser to Server.

SSL CONFIGURATION :

STEP 1 : Goto Tools -----> Options -----> Advance Encryption ------> View Certificate ----> Click lock ------> More information -----> View Certificate

STEP 2 : Take an domain name means any bank www.ICICI Bank.com(URL)

URL MEANS UNIFORM RESOURCE LOCATOR.

STEP 3 : Check Server to know IP address and Host name.

STEP 4 : Giving IP address or Host name with Proxy request or HTTP request.

STEP 5 : Creating SSL for domain.

STEP 6 : Here we have to generate a key for SSL means we have to follow 5 steps to generate a key or Certificate.

Q) What SSL Certificate Contains ?

A) SSL Certificate may contain

1) domain name

2) company name

3) address

4) city

5) state and country.

----> It will also contain the expiry date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate.

----> When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued.

----> If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.

SSL Handshake
--------------

Client Server

1. Client issues secure request (https://test.com/index.jsp)
----------------------------------------------------------------->
2. Server sends x.509 certificate to containing server’s Public Key
<----------------------------------------------------------------
3. Client checks the server’s certificate against the list of known CA’s . (If certificate is not trusted , Browser may give option to accept certificate at user’s risk .
---------------------------------------------------------------------------------
4. Client generates random symmetric key and encrypts using server’s public key and sends to server.
---------------------------------------------------------------------------->
5. Client & Server knows the Symmetric key and encrypt the user data using symmetric key during the rest of the session
<-------------------------------------------------------------------------------->

(i) Generate a Key

a) Key Name
b) Key Password
c) Key Size
d) Key Algorithm (These are stored in JKS(JAVA KEY STORE))

-----> Here if we want to Generate a key we have to give some requirements

1) CN(Common Name) : ICICI Bank.com

2) CO (Company Organisation) : Wipro.

3) Location : HYDERABAD.

4) State : AP

5) Country : IN

(ii) CSR (CERTIFICATE SIGNING REQUEST)

a) Generate Certificate Request

b) Certificate Authorities (CA)

C) Server CA.crt / pm ----> Stored in JKS

d) Intermediate CA ------> Stored in JKS

(iii) Sending CSR for CA

(iv) Import into JKS (get Certificates and import into Key Store)

(v) List the Key Store

2 types of SSL

1) one way SSL (unlimited Clients)

2) two way SSL (Limited Clients)

Q) What you do when SSL will expires ?

A) goto var/was/App/JDK/bin-----> Ikeyman tool

1) First i will take the KeyStore backup ( Sample certificate)

2) Later i will delete that original certificate

3) Next i will generate the keys

4) After wards i will import the new Certificate

----> If Certificate is expiring take the backup sample of that certificate

EX : Sample.jks (back up)

----> After taking the back up delete that Sample certificate

SSL Enabling : Types of Configuring and enabling SSL

1) APPSERVER TO CONSOLE

2) APPSERVER TO DMGR

3) APPSERVER TO DATABASE

Enabling SSL in the IBM HTTP Server configuration:

Procedure :

STEP 1 : Navigate to the configuration folder in the installation directory for IBM HTTP Server. The default path is C:\Program Files\IBM\HTTPServer\conf.

STEP 2 : Open the httpd.conf file in a text editor.

STEP 3 : Comment out the following line by adding the # symbol to the beginning of the line

Installing your Certificates on a IBM HTTP Server

Storing a CA Certificate:

Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
Select Key Database File from the main User Interface, select Open.
In the Open dialog box, select your key database name. Click OK.
In the Password Prompt dialog box, enter your password and click OK.
Select Signer Certificates in the Key Database content frame, click the Add button.
In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
In the Label dialog box, enter a label name and click OK.

To receive the CA-signed certificate into a key database:

Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
Select Key Database File from the main User Interface, select Open.
In the Open dialog box, select your key database name. Click OK.
In the Password Prompt dialog box, enter your password, click OK.
Select Personal Certificates in the Key Database content frame and then click the Receive button.
In the Receive Certificate from a File dialog box, select the certificate file. Click OK.

WebSphere Life