User: alborini
Date: 01/04/25 05:40:26
Modified: src/docs jbossdocs.xml
Added: src/docs production.xml
Log:
Added first draft for production howto.
Revision Changes Path
1.15 +2 -0 manual/src/docs/jbossdocs.xml
Index: jbossdocs.xml
===================================================================
RCS file: /cvsroot/jboss/manual/src/docs/jbossdocs.xml,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- jbossdocs.xml 2001/04/04 02:43:21 1.14
+++ jbossdocs.xml 2001/04/25 12:40:26 1.15
@@ -7,6 +7,7 @@
<!ENTITY advconfig.xml SYSTEM "advconfig.xml">
<!ENTITY jdbc-database.xml SYSTEM "jdbc-database.xml">
<!ENTITY designnotes.xml SYSTEM "designnotes.xml">
+ <!ENTITY production.xml SYSTEM "production.xml">
<!ENTITY howtotomcat.xml SYSTEM "howtotomcat.xml">
<!ENTITY howtormhexamples.xml SYSTEM "howtormhexamples.xml">
<!ENTITY howtojmx.xml SYSTEM "howtojmx.xml">
@@ -49,6 +50,7 @@
&howtomdb.xml;
&designnotes.xml;
&jbosssx.xml;
+&production.xml;
<chapter id="howto">
<title>Howto</title>
&howtotomcat.xml;
1.1 manual/src/docs/production.xml
Index: production.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<chapter id = "production">
<title>JBoss in production</title>
<para>Author:
<author>
<firstname>Sebastien</firstname>
<surname>Alborini</surname>
</author>
<email>[EMAIL PROTECTED]</email>
</para>
<section>
<title>Introduction</title>
<para>JBoss is now considered to be production ready. This section
will give a few guidelines for putting JBoss in production use. I will first review
the Hardware / OS / JVM compatibility question, and then give a few tips for tweaking
your JBoss configuration for production use.</para>
<para>JBoss is a completely modular application server, and thus it
can be thoroughly configured. For ease of use reasons however, the default
configuration is more intended for developpers than for administrators. This document
will outline some of the options that you might reasonably want to change before
putting JBoss in production. This includes settings for increased performance,
enhanced security, and ease of administration.</para>
<para>If you have other production tips and tricks, please share them
with the JBoss community by posting them on the jboss-user mailing list.</para>
</section>
<section>
<title>Hardware / OS / JVM</title>
<para>JBoss is 100% pure Java, so it should run on any Java platform.
The recommended JVM version is jdk1.3. JBoss used to run with jdk1.2.2 with a little
tuning, but this is not supported anymore.</para>
<para>For example, JBoss has been reported to run well on a variety of
PCs with Windows NT / 2000 / Linux, on Sun/Solaris boxe, on MacOs X...</para>
<para>Be aware however that JBoss performance is very dependant on the
underlying configuration. For example, informal tests show that on the same PC box, it
can run twice as fast under Windows 2000 / Sun JVM than under Linux 2.2 / Sun
JVM.</para>
<para>Linux users probably already know that linux does not support
real threads. Under heavy load, JBoss will for example crash with 200 concurrent users
under linux, whereas it can handle 1000 of them on the same box with Windows 2000. Of
course, if you use Apache or Jetty in front of JBoss to handle the thread pooling,
this will not be a problem.</para>
</section>
<section>
<title>Security</title>
<para>Security is a nagging concern for the admin in charge of a
production site. Some of JBoss default settings are not secure at all, so please read
carefully.</para>
<section>
<title>Use EJB security</title>
<para>The EJB specification provides the possibility to
restrict access to your beans on a per-method basis, using authentication and
authorization. By default, JBoss does not enforce such restrictions, and any call is
allowed through the container. To enforce a security policy in JBoss, you have to
setup a security domain, define roles... For a description of EJB security in JBoss,
see <xref linkend = "JBossSX"/>, or see <xref linkend = "howtojaas"/>.</para>
</section>
<section>
<title>Open Ports</title>
<para>JBoss starts a number of services by default, which
listen on a number of ports. For security reasons, you might want to firewall these
ports and/or to close the corresponding services. The ports used by JBoss are shown in
<xref linkend = "production.open_ports"/></para>
<table id="production.open_ports">
<title>Open Ports</title>
<tgroup cols = "4">
<thead>
<row>
<entry>Port Number</entry>
<entry>JBoss service</entry>
<entry>Configured in</entry>
<entry>Description</entry>
<entry>Should be open
to</entry>
</row>
</thead>
<tbody>
<row>
<entry>1099</entry>
<entry>JNDI</entry>
<entry>jnp.properties</entry>
<entry>Used by clients to
connect to JBoss to get the initial naming context.</entry>
<entry>EJB clients</entry>
</row>
<row>
<entry>Anonymous</entry>
<entry>JNDI/RMI</entry>
<entry>N/A</entry>
<entry>Used by clients to
lookup the naming context. It is currently not possible to configure this in standard
JBoss (TODO), you have to rebuild the server, see <ulink
url="http://www.mail-archive.com/[email protected]/msg09680.html";>this
message</ulink>.</entry>
<entry>EJB clients</entry>
</row>
<row>
<entry>1476</entry>
<entry>Hypersonic DB</entry>
<entry>jboss.jcml</entry>
<entry>Hypersonic is a pure
Java DB included in JBoss as a sample.</entry>
<entry>DB clients</entry>
</row>
<row>
<entry>4444</entry>
<entry>RMI Object Port</entry>
<entry>standardjboss.xml /
jboss.xml</entry>
<entry>Used for clients to
connect to the server.</entry>
<entry>EJB clients</entry>
</row>
<row>
<entry>8082</entry>
<entry>HTML JMX adaptor</entry>
<entry>jboss.jcml</entry>
<entry>This is the HTML
interface for dynamic administration of JBoss services. It allows you to start, stop
and review all the mbeans in the server. Don't let it open to anybody, since it allows
people to deploy/undeploy applications, to view DB passwords, and even to shutdown the
server!</entry>
<entry>Admin</entry>
</row>
<row>
<entry>8083</entry>
<entry>Webserver for Java
Classes</entry>
<entry>jboss.jcml</entry>
<entry>Allows clients to
dynamically download classes from JBoss</entry>
<entry>EJB clients</entry>
</row>
</tbody>
</tgroup>
</table>
</section>
</section>
<section>
<title>Performance</title>
<section>
<title>Memory</title>
<para>To be able to run on a number of different machines,
JBoss has very low memory settings by default. You will usually run JBoss in
production on a Big Box (TM), so you can tweak the settings to take advantage of your
memory :
<itemizedlist>
<listitem>
<para>increase the VM maxsize. This
can be done in the command line options of the java command in run.bat / run.sh, see
the documentation of your JVM for more details</para>
</listitem>
<listitem>
<para>increase the cache size for your
beans. The more beans in your cache, the less swapping and calls to the DB. For
details on how to configure the cache for your beans, see <xref
linkend="adv.config-cache"/>.</para>
</listitem>
</itemizedlist>
</para>
</section>
<section>
<title>Logging</title>
<para>Logging can be very slow, and by default JBoss is quite
verbose. To change the logging policy for JBoss, see the logging entries in
jboss.jcml. You may also want to use file logging instead of console logging.</para>
</section>
<section>
<title>Tuned updates</title>
<para>Tuned updates for CMP entity beans are turned off by
default. Using them can dramatically increase the performance of DB synchronizations.
For details on tuned updates, see <xref linkend="jaws-options"/>.</para>
</section>
<section>
<title>JBoss services</title>
<para>JBoss starts a number of services by default, but you
probably don't need all of them. For example, JBoss includes the InstantDB database
system, but you can get rid of it if you use another DB system.</para>
<para>All the services started by JBoss are listed as mbeans
in jboss.jcml.</para>
</section>
</section>
<section>
<title>Administration</title>
<para>A few tools for easier administration are provided with JBoss.
</para>
<section>
<title>Automatic startup</title>
<para>For Windows NT, guidelines and examples to run JBoss as
a NT Service are given in the contrib cvs module.</para>
<para>For linux, rc.d init scripts are provided in the contrib
cvs module.</para>
</section>
<section>
<title>Remote monitoring and administration</title>
<para>Since JBoss is entirely JMX-based, it should be very
easy to remotely manage the server and the applications deployed on it: every JMX
adaptor can plug into it!</para>
<para>Currently, the HTML JMX adaptor provides a convenient
way to monitor, inspect, and perform actions on all the mbeans started by JBoss. The
HTML adaptor is started by default in jboss.jcml. To use it, surf to
http://yourserver:8082. Among the things you can do with it for now:</para>
<itemizedlist>
<listitem>
<para>Start, stop, and change settings for
most mbeans</para>
</listitem>
<listitem>
<para>Deploy and undeploy applications with
the J2EEDeployer mbean. On a production site, you may not want to use the
AutoDeployer, but rather have direct control on the deployment process</para>
</listitem>
<listitem>
<para>View the whole JNDI namespace with the
JNDIView mbean. The global namespace is accessible from all the clients, it will
contain your beans, JMS topics and queues, as well as all the JBoss services that need
to be accessible. You will also see the component namespaces for your beans: these are
accessible only from within the bean, they contain mainly environmnent variables, EJB
references. See <xref linkend="howto-jndi"/></para>
</listitem>
<listitem>
<para>Create and destroy JMS topics / queues
with the JMSServer mbean</para>
</listitem>
<listitem>
<para>Shutdown the server!</para>
</listitem>
</itemizedlist>
<para>A program is currently being developed in the
<quote>admin</quote> CVS module to monitor JBoss, gather metrics values. It is still
in BETA version. To be continued...</para>
</section>
</section>
</chapter>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
