User: starksm Date: 01/04/26 09:28:04 Modified: src/docs production.xml Log: The JNDI/RMI port is now configurable. Indicate this for JBoss 2.3+ Revision Changes Path 1.2 +178 -178 manual/src/docs/production.xml Index: production.xml =================================================================== RCS file: /cvsroot/jboss/manual/src/docs/production.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- production.xml 2001/04/25 12:40:26 1.1 +++ production.xml 2001/04/26 16:28:04 1.2 @@ -1,178 +1,178 @@ -<?xml version="1.0" encoding="UTF-8"?> -<chapter id = "production"> - <title>JBoss in production</title> - <para>Author: - <author> - <firstname>Sebastien</firstname> - <surname>Alborini</surname> - </author> - <email>[EMAIL PROTECTED]</email> - </para> - - <section> - <title>Introduction</title> - - <para>JBoss is now considered to be production ready. This section will give a few guidelines for putting JBoss in production use. I will first review the Hardware / OS / JVM compatibility question, and then give a few tips for tweaking your JBoss configuration for production use.</para> - - <para>JBoss is a completely modular application server, and thus it can be thoroughly configured. For ease of use reasons however, the default configuration is more intended for developpers than for administrators. This document will outline some of the options that you might reasonably want to change before putting JBoss in production. This includes settings for increased performance, enhanced security, and ease of administration.</para> - - <para>If you have other production tips and tricks, please share them with the JBoss community by posting them on the jboss-user mailing list.</para> - - </section> - - <section> - <title>Hardware / OS / JVM</title> - <para>JBoss is 100% pure Java, so it should run on any Java platform. The recommended JVM version is jdk1.3. JBoss used to run with jdk1.2.2 with a little tuning, but this is not supported anymore.</para> - - <para>For example, JBoss has been reported to run well on a variety of PCs with Windows NT / 2000 / Linux, on Sun/Solaris boxe, on MacOs X...</para> - - <para>Be aware however that JBoss performance is very dependant on the underlying configuration. For example, informal tests show that on the same PC box, it can run twice as fast under Windows 2000 / Sun JVM than under Linux 2.2 / Sun JVM.</para> - - <para>Linux users probably already know that linux does not support real threads. Under heavy load, JBoss will for example crash with 200 concurrent users under linux, whereas it can handle 1000 of them on the same box with Windows 2000. Of course, if you use Apache or Jetty in front of JBoss to handle the thread pooling, this will not be a problem.</para> - </section> - - <section> - <title>Security</title> - <para>Security is a nagging concern for the admin in charge of a production site. Some of JBoss default settings are not secure at all, so please read carefully.</para> - - <section> - <title>Use EJB security</title> - <para>The EJB specification provides the possibility to restrict access to your beans on a per-method basis, using authentication and authorization. By default, JBoss does not enforce such restrictions, and any call is allowed through the container. To enforce a security policy in JBoss, you have to setup a security domain, define roles... For a description of EJB security in JBoss, see <xref linkend = "JBossSX"/>, or see <xref linkend = "howtojaas"/>.</para> - </section> - - <section> - <title>Open Ports</title> - <para>JBoss starts a number of services by default, which listen on a number of ports. For security reasons, you might want to firewall these ports and/or to close the corresponding services. The ports used by JBoss are shown in <xref linkend = "production.open_ports"/></para> - - <table id="production.open_ports"> - <title>Open Ports</title> - <tgroup cols = "4"> - <thead> - <row> - <entry>Port Number</entry> - <entry>JBoss service</entry> - <entry>Configured in</entry> - <entry>Description</entry> - <entry>Should be open to</entry> - </row> - </thead> - <tbody> - <row> - <entry>1099</entry> - <entry>JNDI</entry> - <entry>jnp.properties</entry> - <entry>Used by clients to connect to JBoss to get the initial naming context.</entry> - <entry>EJB clients</entry> - </row> - <row> - <entry>Anonymous</entry> - <entry>JNDI/RMI</entry> - <entry>N/A</entry> - <entry>Used by clients to lookup the naming context. It is currently not possible to configure this in standard JBoss (TODO), you have to rebuild the server, see <ulink url="http://www.mail-archive.com/[email protected]/msg09680.html";>this message</ulink>.</entry> - <entry>EJB clients</entry> - </row> - <row> - <entry>1476</entry> - <entry>Hypersonic DB</entry> - <entry>jboss.jcml</entry> - <entry>Hypersonic is a pure Java DB included in JBoss as a sample.</entry> - <entry>DB clients</entry> - </row> - <row> - <entry>4444</entry> - <entry>RMI Object Port</entry> - <entry>standardjboss.xml / jboss.xml</entry> - <entry>Used for clients to connect to the server.</entry> - <entry>EJB clients</entry> - </row> - <row> - <entry>8082</entry> - <entry>HTML JMX adaptor</entry> - <entry>jboss.jcml</entry> - <entry>This is the HTML interface for dynamic administration of JBoss services. It allows you to start, stop and review all the mbeans in the server. Don't let it open to anybody, since it allows people to deploy/undeploy applications, to view DB passwords, and even to shutdown the server!</entry> - <entry>Admin</entry> - </row> - <row> - <entry>8083</entry> - <entry>Webserver for Java Classes</entry> - <entry>jboss.jcml</entry> - <entry>Allows clients to dynamically download classes from JBoss</entry> - <entry>EJB clients</entry> - </row> - </tbody> - </tgroup> - </table> - </section> - </section> - - <section> - <title>Performance</title> - <section> - <title>Memory</title> - <para>To be able to run on a number of different machines, JBoss has very low memory settings by default. You will usually run JBoss in production on a Big Box (TM), so you can tweak the settings to take advantage of your memory : - <itemizedlist> - <listitem> - <para>increase the VM maxsize. This can be done in the command line options of the java command in run.bat / run.sh, see the documentation of your JVM for more details</para> - </listitem> - <listitem> - <para>increase the cache size for your beans. The more beans in your cache, the less swapping and calls to the DB. For details on how to configure the cache for your beans, see <xref linkend="adv.config-cache"/>.</para> - </listitem> - </itemizedlist> - </para> - </section> - - <section> - <title>Logging</title> - <para>Logging can be very slow, and by default JBoss is quite verbose. To change the logging policy for JBoss, see the logging entries in jboss.jcml. You may also want to use file logging instead of console logging.</para> - </section> - - <section> - <title>Tuned updates</title> - <para>Tuned updates for CMP entity beans are turned off by default. Using them can dramatically increase the performance of DB synchronizations. For details on tuned updates, see <xref linkend="jaws-options"/>.</para> - </section> - - <section> - <title>JBoss services</title> - <para>JBoss starts a number of services by default, but you probably don't need all of them. For example, JBoss includes the InstantDB database system, but you can get rid of it if you use another DB system.</para> - - <para>All the services started by JBoss are listed as mbeans in jboss.jcml.</para> - </section> - </section> - - <section> - <title>Administration</title> - <para>A few tools for easier administration are provided with JBoss. </para> - - <section> - <title>Automatic startup</title> - <para>For Windows NT, guidelines and examples to run JBoss as a NT Service are given in the contrib cvs module.</para> - - <para>For linux, rc.d init scripts are provided in the contrib cvs module.</para> - </section> - - <section> - <title>Remote monitoring and administration</title> - <para>Since JBoss is entirely JMX-based, it should be very easy to remotely manage the server and the applications deployed on it: every JMX adaptor can plug into it!</para> - <para>Currently, the HTML JMX adaptor provides a convenient way to monitor, inspect, and perform actions on all the mbeans started by JBoss. The HTML adaptor is started by default in jboss.jcml. To use it, surf to http://yourserver:8082. Among the things you can do with it for now:</para> - <itemizedlist> - <listitem> - <para>Start, stop, and change settings for most mbeans</para> - </listitem> - <listitem> - <para>Deploy and undeploy applications with the J2EEDeployer mbean. On a production site, you may not want to use the AutoDeployer, but rather have direct control on the deployment process</para> - </listitem> - <listitem> - <para>View the whole JNDI namespace with the JNDIView mbean. The global namespace is accessible from all the clients, it will contain your beans, JMS topics and queues, as well as all the JBoss services that need to be accessible. You will also see the component namespaces for your beans: these are accessible only from within the bean, they contain mainly environmnent variables, EJB references. See <xref linkend="howto-jndi"/></para> - </listitem> - <listitem> - <para>Create and destroy JMS topics / queues with the JMSServer mbean</para> - </listitem> - <listitem> - <para>Shutdown the server!</para> - </listitem> - </itemizedlist> - <para>A program is currently being developed in the <quote>admin</quote> CVS module to monitor JBoss, gather metrics values. It is still in BETA version. To be continued...</para> - </section> - </section> -</chapter> - +<?xml version="1.0" encoding="UTF-8"?> +<chapter id = "production"> + <title>JBoss in production</title> + <para>Author: + <author> + <firstname>Sebastien</firstname> + <surname>Alborini</surname> + </author> + <email>[EMAIL PROTECTED]</email> + </para> + + <section> + <title>Introduction</title> + + <para>JBoss is now considered to be production ready. This section will give a few guidelines for putting JBoss in production use. I will first review the Hardware / OS / JVM compatibility question, and then give a few tips for tweaking your JBoss configuration for production use.</para> + + <para>JBoss is a completely modular application server, and thus it can be thoroughly configured. For ease of use reasons however, the default configuration is more intended for developpers than for administrators. This document will outline some of the options that you might reasonably want to change before putting JBoss in production. This includes settings for increased performance, enhanced security, and ease of administration.</para> + + <para>If you have other production tips and tricks, please share them with the JBoss community by posting them on the jboss-user mailing list.</para> + + </section> + + <section> + <title>Hardware / OS / JVM</title> + <para>JBoss is 100% pure Java, so it should run on any Java platform. The recommended JVM version is jdk1.3. JBoss used to run with jdk1.2.2 with a little tuning, but this is not supported anymore.</para> + + <para>For example, JBoss has been reported to run well on a variety of PCs with Windows NT / 2000 / Linux, on Sun/Solaris boxe, on MacOs X...</para> + + <para>Be aware however that JBoss performance is very dependant on the underlying configuration. For example, informal tests show that on the same PC box, it can run twice as fast under Windows 2000 / Sun JVM than under Linux 2.2 / Sun JVM.</para> + + <para>Linux users probably already know that linux does not support real threads. Under heavy load, JBoss will for example crash with 200 concurrent users under linux, whereas it can handle 1000 of them on the same box with Windows 2000. Of course, if you use Apache or Jetty in front of JBoss to handle the thread pooling, this will not be a problem.</para> + </section> + + <section> + <title>Security</title> + <para>Security is a nagging concern for the admin in charge of a production site. Some of JBoss default settings are not secure at all, so please read carefully.</para> + + <section> + <title>Use EJB security</title> + <para>The EJB specification provides the possibility to restrict access to your beans on a per-method basis, using authentication and authorization. By default, JBoss does not enforce such restrictions, and any call is allowed through the container. To enforce a security policy in JBoss, you have to setup a security domain, define roles... For a description of EJB security in JBoss, see <xref linkend = "JBossSX"/>, or see <xref linkend = "howtojaas"/>.</para> + </section> + + <section> + <title>Open Ports</title> + <para>JBoss starts a number of services by default, which listen on a number of ports. For security reasons, you might want to firewall these ports and/or to close the corresponding services. The ports used by JBoss are shown in <xref linkend = "production.open_ports"/></para> + + <table id="production.open_ports"> + <title>Open Ports</title> + <tgroup cols = "4"> + <thead> + <row> + <entry>Port Number</entry> + <entry>JBoss service</entry> + <entry>Configured in</entry> + <entry>Description</entry> + <entry>Should be open to</entry> + </row> + </thead> + <tbody> + <row> + <entry>1099</entry> + <entry>JNDI</entry> + <entry>jnp.properties</entry> + <entry>Used by clients to connect to JBoss to get the initial naming context.</entry> + <entry>EJB clients</entry> + </row> + <row> + <entry>Anonymous</entry> + <entry>JNDI/RMI</entry> + <entry>jnp.properties</entry> + <entry>Used by clients to lookup the naming context. This port is configurable in JBoss 2.3+. To set the port in an earlier version you have to rebuild the server, see <ulink url="http://www.mail-archive.com/[email protected]/msg09680.html";>this message</ulink>.</entry> + <entry>EJB clients</entry> + </row> + <row> + <entry>1476</entry> + <entry>Hypersonic DB</entry> + <entry>jboss.jcml</entry> + <entry>Hypersonic is a pure Java DB included in JBoss as a sample.</entry> + <entry>DB clients</entry> + </row> + <row> + <entry>4444</entry> + <entry>RMI Object Port</entry> + <entry>standardjboss.xml / jboss.xml</entry> + <entry>Used for clients to connect to the server.</entry> + <entry>EJB clients</entry> + </row> + <row> + <entry>8082</entry> + <entry>HTML JMX adaptor</entry> + <entry>jboss.jcml</entry> + <entry>This is the HTML interface for dynamic administration of JBoss services. It allows you to start, stop and review all the mbeans in the server. Don't let it open to anybody, since it allows people to deploy/undeploy applications, to view DB passwords, and even to shutdown the server!</entry> + <entry>Admin</entry> + </row> + <row> + <entry>8083</entry> + <entry>Webserver for Java Classes</entry> + <entry>jboss.jcml</entry> + <entry>Allows clients to dynamically download classes from JBoss</entry> + <entry>EJB clients</entry> + </row> + </tbody> + </tgroup> + </table> + </section> + </section> + + <section> + <title>Performance</title> + <section> + <title>Memory</title> + <para>To be able to run on a number of different machines, JBoss has very low memory settings by default. You will usually run JBoss in production on a Big Box (TM), so you can tweak the settings to take advantage of your memory : + <itemizedlist> + <listitem> + <para>increase the VM maxsize. This can be done in the command line options of the java command in run.bat / run.sh, see the documentation of your JVM for more details</para> + </listitem> + <listitem> + <para>increase the cache size for your beans. The more beans in your cache, the less swapping and calls to the DB. For details on how to configure the cache for your beans, see <xref linkend="adv.config-cache"/>.</para> + </listitem> + </itemizedlist> + </para> + </section> + + <section> + <title>Logging</title> + <para>Logging can be very slow, and by default JBoss is quite verbose. To change the logging policy for JBoss, see the logging entries in jboss.jcml. You may also want to use file logging instead of console logging.</para> + </section> + + <section> + <title>Tuned updates</title> + <para>Tuned updates for CMP entity beans are turned off by default. Using them can dramatically increase the performance of DB synchronizations. For details on tuned updates, see <xref linkend="jaws-options"/>.</para> + </section> + + <section> + <title>JBoss services</title> + <para>JBoss starts a number of services by default, but you probably don't need all of them. For example, JBoss includes the InstantDB database system, but you can get rid of it if you use another DB system.</para> + + <para>All the services started by JBoss are listed as mbeans in jboss.jcml.</para> + </section> + </section> + + <section> + <title>Administration</title> + <para>A few tools for easier administration are provided with JBoss. </para> + + <section> + <title>Automatic startup</title> + <para>For Windows NT, guidelines and examples to run JBoss as a NT Service are given in the contrib cvs module.</para> + + <para>For linux, rc.d init scripts are provided in the contrib cvs module.</para> + </section> + + <section> + <title>Remote monitoring and administration</title> + <para>Since JBoss is entirely JMX-based, it should be very easy to remotely manage the server and the applications deployed on it: every JMX adaptor can plug into it!</para> + <para>Currently, the HTML JMX adaptor provides a convenient way to monitor, inspect, and perform actions on all the mbeans started by JBoss. The HTML adaptor is started by default in jboss.jcml. To use it, surf to http://yourserver:8082. Among the things you can do with it for now:</para> + <itemizedlist> + <listitem> + <para>Start, stop, and change settings for most mbeans</para> + </listitem> + <listitem> + <para>Deploy and undeploy applications with the J2EEDeployer mbean. On a production site, you may not want to use the AutoDeployer, but rather have direct control on the deployment process</para> + </listitem> + <listitem> + <para>View the whole JNDI namespace with the JNDIView mbean. The global namespace is accessible from all the clients, it will contain your beans, JMS topics and queues, as well as all the JBoss services that need to be accessible. You will also see the component namespaces for your beans: these are accessible only from within the bean, they contain mainly environmnent variables, EJB references. See <xref linkend="howto-jndi"/></para> + </listitem> + <listitem> + <para>Create and destroy JMS topics / queues with the JMSServer mbean</para> + </listitem> + <listitem> + <para>Shutdown the server!</para> + </listitem> + </itemizedlist> + <para>A program is currently being developed in the <quote>admin</quote> CVS module to monitor JBoss, gather metrics values. It is still in BETA version. To be continued...</para> + </section> + </section> +</chapter> + _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
