HP Application Server 8.0

raviolicharientismInternet and Web Development

Oct 31, 2013 (3 years and 7 months ago)

102 views













HP Application Server 8.0















A Technical White Paper
By TechMetrix Research

Prepared for HP

Audience: Project Managers, Technical Architects, and Developers
© TechMetrix Research, 2002 HP Application Server 8.0


2

Table of contents

2.1

A
RCHITECTURE
.................................................................................................6

2.2

M
AIN
S
ERVICES
................................................................................................9

2.2.1

Session management, persistence of data................................................9

2.2.2

Authentication and authorization mechanisms.........................................10

2.2.3

XTF: XML Transformation tool...............................................................15

2.2.4

URI Registry Service...........................................................................18

2.2.5

Other Services...................................................................................19

2.3

L
OAD
B
ALANCE
B
ROKER
(LBB)............................................................................21

2.4

D
YNAMIC
A
PPLICATION
L
AUNCHER
(DAL)................................................................23

2.5

T
OOLS
........................................................................................................24

2.5.1

Configuration Console.........................................................................24

2.5.2

RadPak.............................................................................................26

2.5.3

System Console..................................................................................28

2.5.4

Application deployment.......................................................................30

2.6

C
ONCLUSION
.................................................................................................32





Table of figures

Fig. 1 –

HP-AS J2EE compliance............................................................................5

Fig. 2 –

HP-AS 8.0 architecture.............................................................................6

Fig. 3 –

Security management.............................................................................10

Fig. 4 –

Configuration Console.............................................................................11

Fig. 5 –

Login form............................................................................................13

Fig. 6 –

Login failure form..................................................................................13

Fig. 7 –

Partitioning of applications using different Realms and Security Stores...........14

Fig. 8 –

URI Registries.......................................................................................18

Fig. 9 –

Load balancing by the LBB......................................................................21

Fig. 10 –

Using an LBB proxy to cross a firewall.......................................................22

Fig. 11 –

Declaration of server for LBB...................................................................24

Fig. 12 –

Declaration of an application for LBB.........................................................25

Fig. 13 –

Association between application and server for LBB....................................25

Fig. 14 –

EJB Discovery........................................................................................26

Fig. 15 –

RadPak Browser.....................................................................................27

Fig. 16 –

Log Browser..........................................................................................28

Fig. 17 –

Deployment Browser..............................................................................28

Fig. 18 –

JNDI Browser........................................................................................29

Fig. 19 –

JMX Browser.........................................................................................29

Fig. 20 –

Deploying applications via the RadPak.......................................................30

Fig. 21 –

Deploying applications from the system console (Deployment Window).........31

© TechMetrix Research, 2002 HP Application Server 8.0


3
1. Executive Summary

 Background
HP's acquisition of Bluestone and its Total-e-Business software suite has endowed
the company with a first-rate server platform. Total - e-Server – the application
server forming the technological keystone of Hewlett-Packard’s Middleware
solution - enjoyed many key assets thanks to its modular architecture, optimized
for maximum availability and scalability.

HP Application Server (HP-AS) is the direct descendent of Total e-Server. It has
greatly improved upon the modular architecture of its predecessor, while bringing
major improvements and a host of new features. In particular, it is worth
highlighting the use of Java Management Extensions (JMX) as the primary
mechanism for integration and communication between the different components
of the architecture. One new priority is the emphasis on standards compliance,
the aim being to offer increasing compatibility with the latest versions of the J2EE
standard. HP-AS is therefore fully compatible with the J2EE 1.2 specification and
supports the majority of features covered in J2EE 1.3 , and is expected to be
announced as J2EE 1.3 certified at the JavaOne show in March, 2002.



© TechMetrix Research, 2002 HP Application Server 8.0


4
 Specific features of the Application Server
HP Application Server is available in two versions:

 HP Application Server (HP-AS)
 HP Application Server Resilient Edition, with enhanced, mission-critical
functionality

We certainly applaud HP's strategic decision to make HP-AS available free of
charge. This version, available on CD or by download, includes a license that
authorizes development and production use of applications within an
organization. We imagine that this decision will help increase distribution and
penetration of the HP solution and will be an important factor in its success.
Furthermore, HP-AS Resilient Edition, while not free, adds all of the mission-
critical, fault tolerant capabilities and is very aggressively priced. HP-AS is clearly
out to claim ownership in the realm of lowest Total Cost of Ownership.


The specific features of HP-AS can be split into three main areas:

 Modularity and extensibility: an extensible, modular service architecture
whose different components are integrated into a JMX-based framework.

 Reliability and performance: an architecture designed to favor high
availability, load balancing, fault-tolerance, hot deployment and dynamic
application launching.

 Versatility: the inclusion of an XML content management framework to
facilitate development of multichannel applications.

© TechMetrix Research, 2002 HP Application Server 8.0


5
 J2EE Compatibility
Not only does HP-AS comply fully with the J2EE 1.2 specification, it also almost
completely supports the more recent version of the standard, J2EE 1.3. HP is
likely to announce its J2EE 1.3 at the JavaOne show in March, 2002.

The different technologies supported by HP-AS are summarized in the table
below:

Technology
HP-AS 8.0
Standard Edition
HP-AS 8.0
Resilient Edition
Database Connectivity JDBC 2.0 JDBC 2.0, XA
Naming & Directory Services JNDI 1.2.1 JNDI 1.2.1
Java Servlets Servlet 2.3 Servlet 2.3
Java Server Pages JSP 1.2 JSP 1.2
Enterprise JavaBeans
EJB 1.1 & EJB 2.0

EJB 1.1 & EJB 2.0


RMI-IIOP RMI-IIOP 1.0 RMI-IIOP 1.0
Object Request Broker Iona Orbix2000 Iona Orbix2000
Mail services
JavaMail 1.1
JAF 1.0
JavaMail 1.1
JAF 1.0
Transaction services
JTA 1.0.1,
JTS 1.2
OTS 1.1
Local transaction support
JTA 1.0.1
JTS 1.2
OTS 1.1
Global transaction
support (XA)
Asynchronous messaging n/a
JMS 1.0.2
HP Message Service 1.0
SonicMQ 3.5 L.E.
Enterprise Connector
Architecture
JCA 1.0 JCA 1.0
XML processing
JAXP 1.1
SAX 2, DOM Level 1 & 2
XSLT, XPath
JAXP 1.1
SAX 2, DOM Level 1 & 2
XSLT, XPath
Management Extensions JMX 1.0 JMX 1.0
Security & authentication
JAAS 1.0
X509 certificates
JAAS 1.0
X509 certificates
Fig. 1 – HP-AS J2EE compliance

On the whole, the differences between the Standard and Resilient editions
concern the additional possibilities provided by HP-AS Resilient Edition:

 JMS support, with the inclusion of HP Message Service 1.0 [HP’s new JMS-
compliant product], support for Sonic Software’s SonicMQ 3.5 MOM, and
support for the XA protocol
 Support for distributed transactions including of XA-capable JDBC drivers from
Data Direct (previously Merant)
 Heightened fault tolerance, with the possibility of persisting sessions in
databases or files



EJB 2.0 support: full support for message-driven beans, CMP entity bean support available as an early access
feature (full support for EJB 1.1 BMP and CMP entity beans included).

© TechMetrix Research, 2002 HP Application Server 8.0


6
2. Presentation of HP-AS 8.0 Functionality
2.1 Architecture
EJB Container
X
Y
X
Y
EJB
EJB Container
X
Y
X
Y
EJB
X
Y
X
Y
EJB
Core Services Framework (CSF)
Listeners
HTTP, HTTPS, SAPPHIRE, (SOAP), …
J2EE APIs
JTS-JTA
JDBC
JNDI
JMX
JMS
OTS
JCA
JAXP
JAAS
Java
Mail
RMI
IIOP
JAF
Access
Manager
XTF
Session
Manager
Services

Services

Web Container
Servlet
JSP
Web Container
Servlet
JSP
URI
Service
Security Stores
Data Stores
Message Services
Tools
RadPak
Admin
Console
WebGain
Plug-in
TogetherSoft
Plug-in
Insevo Business Integration Framework Plug-in
(JCA Adapters: SAP, Siebel,…)
Legacy
Systems
Enterprise
Connectors

Fig. 2 – HP-AS 8.0 architecture

HP-AS is a 100% Java environment with its own integrated HTTP server However,
HP-AS can also be coupled with the leading Web servers on the market:

 Apache HTTP Server
 Microsoft Internet Information Server
 iPlanet Web Server

HP-AS features a modular, flexible architecture:

 The application server consists of a set of pluggable components or 'services'
 Deployment of each of these services is optional, and configurable. This
means you can adapt the server configuration, thereby limiting the resources
being used to the bare essentials

This modular architecture also endows HP-AS with good prospects for
extensibility. Indeed, to take a new technology on board, you simply need to
develop a suitable plug-in that can be deployed as an additional service.

© TechMetrix Research, 2002 HP Application Server 8.0


7
The HP-AS environment also supports hot-versioning: any alterations to the
configuration are taken into account on the fly. The same is true for deployment
and redeployment of applications.

 Core Service Framework (CSF)
The HP-AS architecture is based on a framework called the Core Services
Framework (CSF), which meets the specifications covered by the Java Services
Framework (JSR-111). The CSF contains the different elements required for
deploying services:

 Referencing of services and resources
 Cooperation between entities in the framework
 Setup of the standard interface and environment required by Services
 Management of resource access

 Partitions
Within the framework, by using Partitions you can separate different services
(logically or functionally), so as to prevent interference between them. This
separation may be necessary, for example, for Application Service Providers
(ASPs).

There is only one partition by default, the root partition, which contains the HP-
AS server kernel. HP-AS's set of common services also resides in the root
partition and cannot be duplicated in other partitions.

Each partition has its own security settings and own
CLASSPATH
(enabling different
versions of services or APIs to co-exist on the same server). Within a single
partition, all the services share the same resources.

Using partitions therefore makes it possible to keep different sets of services well
isolated. However, it is possible for an incident occurring in one partition to alter
the operation of other partitions, if the incident involves one of the common
services residing in the root partition.
© TechMetrix Research, 2002 HP Application Server 8.0


8

 Services
HP-AS is made up of a collection of different Services which co-operate within the
Core Services Framework. These Services include the three main containers
required in a J2EE environment:
 the Web container, which hosts the servlets and JSP pages for applications
 the EJB container, which hosts the EJB components of applications
 the Application Client container, released as an early access feature, which
includes services for remote client application

The implementations of these container services are compatible with the J2EE
specifications (Servlet 2.3, JSP 1.2, and EJB 1.1 and 2.0). Moreover, a large
number of APIs are available for these services: JNDI, JDBC, JAXP, JAAS,
JavaMail, JAF, JMS, JTA, JTS, JCA, and RMI-IIOP.

Other Services manage interconnection, persistence, transactions, security,
access control, and include:

 The Listener - the entry point for requests destined for the application
server, which supports the HTTP and HTTPS communication protocols (SOAP
support is additional, via the HP Web Service Platform)

 Comprehensive state management, enabling you to choose multiple
persistence strategies in line with performance and availability constraints

 The transaction management service Total e-Transaction (based on Arjuna
JTS), which enables use of distributed transactions via the XA protocol

 A JAXP service giving simple, standardized access to processing tools
(parsing, transformation, reading/writing) for XML documents

 An XML transformation service called XTF (XML Transformation Framework),
used, in particular, to adapt content for multiple graphical interfaces
(browsers, PDAs, mobile phone, etc.)

 A JMS service coupled with a MOM (Message-Oriented Middleware) HP
Message Service 1.0 for processing asynchronous messages between
applications

© TechMetrix Research, 2002 HP Application Server 8.0


9
2.2 Main Services
2.2.1 Session management, persistence of data
 Session Manager
The purpose of the Session Manager is to provide a
session management service that can be accessed
by all the server components. It can store all kinds
of information, and monitor the lifecycle of this
information according to various settings (lifetime,
expiry date, downtime). It also handles the notification of events associated with
sessions, and initializes certain parameters to default values.

Different methods for storing session information are provided, according to the
levels of performance and fault-tolerance required:

 Persistence of sessions in memory
This is the most basic method. It provides no fault-tolerance, and does not
allow the session state to persist should the server fail. Also, as memory is a
critical server resource, only a limited number of sessions can be stored so as
to avoid hindering server performance.

 Persistence of sessions in files


This is the simplest option offering fault-tolerance and persistence of
conversational states, even after a server failure. However, using this method
slows the server down quite significantly, due to the time required to save
session information to file.

 Persistence of sessions in cache, and backup in file


With this option, sessions are stored in memory, in a cache. Once the number
of sessions reaches a threshold (see persistence of sessions in memory), a
portion of the sessions are then saved as files. If the server stops normally,
then all sessions are saved to file; however, should the server stop
unexpectedly, only the sessions already saved will be restored.

 Persistence of sessions in database


As with the file storage method, this method provides fault-tolerance and
persistence of information. However, with this method, session information is
centralized and accessible from any server instance. This provides greater
flexibility in the area of load balancing. As the session information can be
accessed from any server, there is no need for one user's requests to be
systematically sent to the server that created the session. Also, in the event
of normal or unplanned stoppage of the server, users can be seamlessly



only included in HP-AS Resilient Edition


Session Manager key benefits

• Fault-tolerance
• Simple and multiple configurations.
© TechMetrix Research, 2002 HP Application Server 8.0


10
redirected to another server without session information being lost. Moreover,
using a cache reduces the time to access session information.

 Custom session persistence
Finally, it is also possible to implement your own mechanism for storing
session information and the related configuration.


2.2.2 Authentication and authorization mechanisms

The security mechanisms bring various services
together to interact within HP-AS. User
authentication is carried out by a JAAS service.
Meanwhile, resource access control is carried out
by a set of services (AccessManagers,
AccessProviders), Security Policies, and representations of different security
entities (users, groups, roles) encapsulated in Realms which use underlying
storage facilities (referred to as Security Stores).

Service Repository
BROWSER
Listeners
JAAS
Web Container
Servlets
JSPs
Access Manager
Access Provider
HTTP
HTTPS
Security
Stores
EJB Container
EJB Service
Repository
Security
Policy
X
Y
X
Y
EJB

Realm

Fig. 3 – Security management
These mechanisms represent users via Realms. Each Realm represents the
information from a security data source called a Security Store. This information
consists of users, groups and roles. HP-AS offers a secure interface for
manipulating this data from the configuration console.

Key benefits

• Declarative and programmatic security
• Automatic login mechanism.
© TechMetrix Research, 2002 HP Application Server 8.0


11
The security management interface enables you to modify both the configuration
files concerned, and the related data. So, you can create, modify or delete
Realms, users, groups, and roles, and grant roles to users and/or groups.


Fig. 4 – Configuration Console

For authentication, as for access control, data is managed by one type of service,
the AccessProviders. These interface between the server and the Security Stores.
An AccessProvider uses its related Realm to obtain the security credentials
required for authentication.

The AccessManager service directs the authentication requests to the appropriate
AccessProvider in accordance with the security configuration defined.

The standard facilities used as security stores are XML files and databases. It is
unfortunate that there is not an AccessProvider that lets an LDAP directory be
used as a security store, although it will be provided with a future version of HP-
AS. However, it is possible to implement and use custom AccessProviders so as to
cover specific requirements.
© TechMetrix Research, 2002 HP Application Server 8.0


12
 Managing security in applications
At application level, security and resource access can be managed either
declaratively or programmatically. The declarative approach for managing
security in Web applications involves defining security rules in the deployment
descriptor (
web.xml
). The security configuration options allow you to:

 protect resources according to their access URLs and the different HTTP
protocol methods (
GET
,
POST
).
 specify the level of security required for data exchange (HTTP / HTTPS)
 choose the method used for authentication (Basic, Digest, Form,
Certificates), and to define, if required, a user interface for authentication
(login form).

For example, with an application that has both front-office and back-office,
sections, it is possible to authorize access to one or other according to roles.
Suppose you want to give access to the back-office area to managers only. On
deployment, you will need to:

 Place the back-office part in a particular URL sub-tree
(eg.: “
/back/*
” in the example below)

 Define an access restriction for the back-office area in the deployment
descriptor, by adding the following declarations:

<!-- Declaration of security roles -->
<security-role>
<role-name>manager</role-name>
</security-role>

<!-- Declaration of security rules -->
<security-constraint>
<web-resource-collection>
<web-resource-name>boDir</web-resource-name>
<url-pattern>/back/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<!—transport-guarantee: NONE, INTEGRAL, CONFIDENTIAL-->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Configuration of authentication method -->
<login-config>
<!-- FORM, BASIC, DIGEST, CLIENT-CERT -->
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/loginFailed.jsp</form-error-page>
</form-login-config>
</login-config>

© TechMetrix Research, 2002 HP Application Server 8.0


13

 Design the interface for the login and login failure forms



Fig. 5 – Login form


Fig. 6 – Login failure form


Invocation of the two forms (for login and login failure) is handled seamlessly by
HP-AS when a users attempts to access a protected page.

The cost of implementing this access restriction mechanism is low, and involves
simply developing the JSP pages for the two forms (login, and login failed). This
avoids having to develop your own authentication and access authorization
methods and also ensures that these mechanisms stay independent from the
server platform (these authentication and access authorization mechanisms are
an integral part of the J2EE specification).

Under the same principle, when it comes to EJB deployment it is possible to
specify access authorizations for each business method, and match them up with
the security roles authorized to call these methods.

© TechMetrix Research, 2002 HP Application Server 8.0


14
You can also call on security mechanisms within the application
(programmatically), via an instance of LoginContext. This object enables you to
check if the user is authenticated and if they belong to a given security role. The
application behavior can therefore be customized according to the roles allocated
to the client (e.g. function only available to members of a given role, which will
be hidden to clients that don't belong to this role). However, despite allowing for
finer control of security within the application, this approach (proprietary to HP-
AS) does affect portability of applications to other J2EE platforms.

Lastly, for applications using different security data sources (and therefore
different Realms), it is possible to allow applications to sit side by side by placing
them within different partitions. All partitions are independent from each other
and have their own Realm (in tandem with the related AccessProvider and
Security Store) for security management.


Service Repository
JAAS
Access Manager
Partition A
Access
Provider
Service 1… n
XML Realm
Partition B
Access
Provider
Service 1… n
JDBC Realm
Listeners
Request Mapper
JDBC
Security Store
XML
Security Store

Fig. 7 – Partitioning of applications using different Realms and Security Stores
© TechMetrix Research, 2002 HP Application Server 8.0


15
XTF key benefits

• Enhances development of multichannel
applications.
2.2.3 XTF: XML Transformation tool
 Framework XTF
XTF is a framework used to transform content in
Web applications so that it suits different client
types (user agents). By using XTF, the most
suitable stylesheet for each client can be selected
(depending on the
User-agent
and
Accept

parameters of the HTTP agent), thereby making an application easily available on
different devices according to their specifications: HTML, WML (Wireless Mark-up
Language), HDML (Handheld Device Mark-up Language), and so on.

To make this framework easier to use, HP-AS offers various tools:

 Dedicated tags for JSPs
 a specialized XTF servlet
 an XTF Service (available to application components placed outside the Web
container, or as part of development of a specific service )


 Configuration
Wherever the framework is used, you can control the tools' behavior, through
various configuration files that enable you to:

 Map the display specifications to the available stylesheets, for different
devices
 Map client types to display specifications
 Define tools used for transformations. Four tools are already available for
this: XSLT with choice of processor, XSLTC (transformation of style sheets
into compiled tools, via Apache Xalan XSLTC), a caching tool, and a log tool.

Available stylesheets are configured in an XML file. XSL stylesheets are grouped
together by type (login, menu…) and then identified by device (HTML, WML, etc.).

<xsl-stylesheets xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="D:/hp-as/serveur/xml/schemas/xsl-stylesheets-1_0.xsd">
<xsl-stylesheet type="menu">
<device name="HTML" sheet="file:/D:/xslt/Menu_HTML.xsl"/>
<device name="WML" sheet="file:/D:/xslt/Menu_WML.xsl"/>
<device name="HDML" sheet="file:/D:/xslt/Menu_HDML.xsl"/>
</xsl-stylesheet>
<xsl-stylesheet type="hello">
<device name="HTML" sheet="file:/D:/xslt/Hello_HTML.xsl"/>
<device name="WML" sheet="file:/D:/xslt/Hello_WML.xsl"/>
<device name="HDML" sheet="file:/D:/xslt/Hello_HDML.xsl"/>
</xsl-stylesheet>
</xsl-stylesheets>

To identify the client display specifications, two XML files are required, one for the
User-Agent
parameter, one for the request's
Accept
parameter. These files
© TechMetrix Research, 2002 HP Application Server 8.0


16
associate a parameter value to a device name, thereby identifying the display
specifications to be observed.


<agents xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="D:/hp-as/serveur/xml/schemas/agents-1_0.xsd">
<agent match="UP/3." device-name="HDML"/>
<agent match="UP.Browser/3." device-name="HDML"/>
<agent match="YOURWAP.com" device-name="WML"/>
<agent match="UP/" device-name="WML"/>
<agent match="UP.Browser/" device-name="WML"/>
<agent match="MSIE " device-name="HTML"/>
<agent match="Mozilla" device-name="HTML"/>
</agents>


<accepts xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="D:/hp-as/serveur/xml/schemas/accepts-1_0.xsd">
<accept match="text/x-hdml" device-name="HDML"/>
<accept match="text/vnd.wap.wml" device-name="WML"/>
<accept match="text/html" device-name="HTML"/>
<accept match="*/*" device-name="HTML"/>
</accepts>


 Calling XTF from JSPs
To call XTF from JSPs (i.e. in an application designed after the MVC model), two
specific tags are available:

 The
XTF
tag carries out a transformation. It specifies the type of the
transformation, the configuration file in which it is defined, the client type
(device), the log level, the name of the variable that will hold the result of
the transformation, and the contents of the XML document to be
transformed (in string format)

 The
clientClassifier
tag is used to select the right specifications for the
client type, according to the information provided by the request (
User-
Agent
and
Accept
). Mappings between client types and device specifications
are found in configuration files specified within this tag.

It is useful to string together the two tags so as to use the
clientClassifier
tag
to detect the client type specification, so that the right transformation can then
be performed by the
XTF
tag.
© TechMetrix Research, 2002 HP Application Server 8.0


17

<%@ taglib uri="/clientClassifier" prefix="clientClassifier" %>

<clientClassifier:clientClassifier
deviceNameVarName="deviceName"
userAgent='<%= request.getHeader( "User-Agent" ) %>'
userAgentURL="file:/config/agents.xml"
accept='<%= request.getHeader( "Accept" ) %>'
acceptURL="file:/config/accepts.xml"
debug='true'
/>

<%@ taglib uri="/xtf" prefix="xtf" %>

<xtf:XTF
outputContentVarName="XTFOutput"
inputXML='<%= request.getAttribute( "xmlOutput" ) %>'
transformationName='<%= deviceName %>'
type='<%= request.getAttribute( "docType" ) %>'
transformationXMLFile="/config/transformations.xml"
logLevel="FLOW"
/>

<% out.print( XTFOutput ); %>


 Calling XTF from a Servlet
To call XTF from a servlet, you can develop your own servlet by extending the
AbstractXTFServlet
class. However, HP-AS does have a specific servlet,
XTFServlet
, which provides the same functions as the JSP tags. This servlet can
be configured using the following initialization parameters:


XmlReqAttrName
, the name of the attribute containing the XML string in the
request.

TransformationXMLFile
, the configuration file defining the available
transformations.

UserAgentURL
, the file containing the mappings between the
User-Agent

parameter and the display specifications.

AcceptURL
, the file with the mappings between the
Accept
parameter and
the display specifications.

 Using the XTF service
This service enables XTF instances to be obtained, via the default configuration or
a specific configuration. It gives access to the transformation tools, even outside
of the containers (when developing a service, for example).
© TechMetrix Research, 2002 HP Application Server 8.0


18
URI Registry key benefits

• Optimizes access to static documents.
2.2.4 URI Registry Service

The URI Registry optimizes access to static
documents by using a cache system.

The service is an aggregation of various registries
enabling resources to be identified via their URIs. Each of these registries is
associated with a data source (files, JDBC …), and has its own unique name and
cache:

HP-AS 1
URI Registry
Registry 1
Cache
Registry 2
Cache
Registry 3
Cache
HP-AS 2
URI Registry
Registry 1
Cache
Registry 2
Cache
Registry 3
Cache
JDBC Store
XML Store1 XML Store 2 Custom Store

Fig. 8 – URI Registries

A configuration file is used to define the different registries making up the
service. For each one, the data source is defined, along with the cache
management policy (maximum size and deletion policy).

On startup, the cache is initialized so as to create a HashTable which associates
the URIs and their content as byte arrays. This association can be updated when
using the service by resolving the URIs requested.

The associations are stored in a file which is regularly scanned when the cache is
updated. This regular scanning mechanism authorizes dynamic addition of URIs
that will be taken into account when the cache is updated.

© TechMetrix Research, 2002 HP Application Server 8.0


19
JAXP key benefits

• Centralizes management of XML tools
2.2.5 Other Services
 JAXP Service
The JAXP service is used to obtain instances of
tools (Parsers, Transformers, DocumentBuilders)
for handling XML streams. A configuration file
defines the classes to be used for each type of tool.
In this file, some of the tool properties are defined,
enabling the applications to test whether the tool meets their needs.

For example, for a DOM parser, you can specify whether it recognizes XML
Namespaces, or whether it validates the documents when parsing.

This service is also able to recycle parsers so as to optimize resource usage.

 Connector Service
The Connector Service depends on other Services, so if you want to use it, you
will also have to deploy:

 The Transaction service, to manage distributed transactions.
 The ClassLoader Service, which prevents you from having to add the
resource adapter archives to the server’s
CLASSPATH
. New resources can
therefore be configured dynamically.
 The ReferenceResolver service used to access resources from applications
by a JNDI lookup

The service behaves like a JCA-compliant Connector Factory. Also, it manages
connections within a pool so as to optimize use of physical connections.

To set up new resources, you need a Resource Adapter archive, which must be
deployed on the server. Then, you need to modify a configuration file, which
contains all the information relating to the new resource: driver, URL, JNDI name,
authentication, etc.
Note that this Service can use JDBC 1.0 and 2.0 in the same way as a JCA-
compatible Resource Adapter.

To access one of these resources from an application, you perform a JNDI lookup,
and declare the resource in the deployment descriptor of the application.
© TechMetrix Research, 2002 HP Application Server 8.0


20
JMX key benefits

• Hot configuration and deployment.
• Secure interface.

 Transaction Service
In the Resilient Edition, HP-AS includes the Total-e-Transaction transaction
manager (based on the Arjuna JTS transaction monitor), thus enabling distributed
transactions to be managed via JTA and JTS.


 JMS Service
The JMS service handles JMS integration in HP-AS and in particular, the
transmission of messages between the JMS server and EJB container (required for
using Message-Driven Beans). The JMS service covers:

 Management of connections as a pool
 Detection of faulty connections
 Management of concurrence between messages
 XA transactions

HP-AS offers the ability to plug in any JMS server. HP-AS Resilient Edition
includes HP Message Service 1.0, which is HP’s new JMS server. HP-AS has also
been extensively tested with Sonic Software’s SonicMQ 3.5, which enables
transactional messages to be managed via the transaction Service.

 JMX Service and Administration
HP-AS 8.0 enables you to modify the server
configuration on the fly. This is made possible by
using MBeans to carry out services. A service can
consist of one or more MBeans, or even none.
Thanks to the MBean Agent Service (a registry of
MBeans deployed on the server), JMX can be used to alter certain configuration
settings.

The Configuration Console, RadPak and the System Console use this option for
hot configuration of the server.

We note that access to the server via these tools is secure. A command
processing chain is set up independently from other protocols (HTTP and HTTPS).
It uses a JMX Listener to receive requests and a dedicated AccessProvider to carry
out authentication.

A service for scanning configuration files is also set up, so as to take
modifications to most configuration files into account dynamically. The file
consultation intervals can be specified.
© TechMetrix Research, 2002 HP Application Server 8.0


21
2.3 Load Balance Broker (LBB)
The Load Balance Broker (LBB) is the component
responsible for balancing loads and users in line
with session and Internet Quality of Service
(IQoS) constraints.
The protocols supported by the LBB are HTTP,
HTTPS, Secure Sapphire Protocol and Corbaloc.



The LBB architecture is shown below:

LBB
HP-AS
HP-AS
HP-AS
HP-AS
HTTP Listener
BROWSER

Fig. 9 – Load balancing by the LBB



 Load and session balancing
Workloads are balanced as follows: When a request is received, the LBB
determines which HP-AS instance to forward the request to, by searching for the
available instance with the fewest requests underway.

However, for some applications or configurations, it is necessary to distribute
requests in accordance with sessions. So, for applications deployed in session
affinity mode (relevant parameter set to TRUE in the application properties), all
the requests from one user must systematically be redirected to the same HP-AS
instance (in session affinity mode, the sessions created by a server instance are
only accessible to this server).

Depending on the user, IQoS management can also enable requests to be
directed to servers with different IQoS levels.

The LBB server keeps a list of available HP-AS server instances, their state and
the number of requests underway for each one. This avoids redirecting a request
to a faulty server, and enables instances to be selected from the servers with the
highest availability.

LBB key benefits

• Controls load balancing
• Manages ease of navigation for groups of
users
• Easy to implement
• Can be used with a firewall
© TechMetrix Research, 2002 HP Application Server 8.0


22
This is the list used to look up and select the server. To make sure that loads are
balanced evenly, two algorithms are possible: Random Chooser and Round Robin
Chooser. These algorithms choose from the available server instances. To
optimize load balancing, an "Instance shuffle" mechanism helps prevent disparity
of loads between instances, as the list of server instances is periodically
rearranged.

 Using LBB proxies
We note that the LBBs can exchange data securely with the client as well as with
the servers. However, this security comes at a cost (data encryption) which
affects performance. To guarantee security between the LBB and servers, it is
best to use an architecture featuring a firewall and an LBB Proxy module.

If using a firewall, the LBB proxies enable communication with LBBs of Web
servers situated outside the firewall.


Zone protégée par le Firewall
HTTP Listener
LBB
Sapphire Listener
LBB
HP-AS
HP-AS
HP-AS
HP-AS
Firewall

Fig. 10 – Using an LBB proxy to cross a firewall

If using several front-ends with an LBB component that redirects requests to the
same set of servers, each LBB only counts the requests redirected by itself. This
means that each LBB has only a partial view of the actual workload of each
server.


© TechMetrix Research, 2002 HP Application Server 8.0


23

 Internet Quality of Service (IQoS)
Setting up an Internet Quality of Service (IQoS)
policy for an application involves deployment on
several machines cooperating via the LBB load
balancing system. A precise QoS level is attributed to
each server on which the application is deployed.


In parallel, a user group can be allocated a given QoS level (via the application).

You can therefore set priorities for distribution of requests according to their
origin. Once authenticated, each user is directed to a machine with a QoS level
closest to their allocated level. If no instances with the required QoS level are
able to process the request, it is redirected to an instance with a lower QoS level .


2.4 Dynamic Application Launcher (DAL)
The DAL is used to automatically start or restart
instances of HP-AS. If the LBB detects that an HP-AS
instance is down, then it contacts the DAL associated
with this server so as to try and restart the instance.
Similarly, if an instance referenced by the LBB has
not yet started, then the LBB contacts the relevant
DAL so that it starts the instance automatically.

This helps conceal system errors from users. Furthermore, maintenance is
automated for all the machines known by the LBBs.



IQoS Key benefits

With a good combination of LBB and session
management tools, users can be shielded from server
failure and continue to use their applications
DAL Key benefits
• Manages fault tolerance
• Enhances user comfort and satisfaction
• Limits maintenance costs
© TechMetrix Research, 2002 HP Application Server 8.0


24
Key benefits

• Simplifies security management.
• Simplifies LBB configuration
2.5 Tools
2.5.1 Configuration Console

The Configuration Console is a secure Web
application used to modify a number of server
settings (LBB configuration, HP-AS configuration,
shutdown/startup). More services will be configurable
through the console in a future version.


Once connected to an HP-AS server instance, it is possible to modify the security
settings (see section –Authentication and authorization mechanisms) and to stop
the server.

When connecting to an LBB, it is also possible to modify the security settings and
shut down the server. The LBB server can also be configured by defining the
following:


 The different instances of HP-AS available, and their properties:


Fig. 11 – Declaration of server for LBB
© TechMetrix Research, 2002 HP Application Server 8.0


25

 The applications whose workload will be balanced across these servers:



Fig. 12 – Declaration of an application for LBB


 The associations between HP-AS servers and applications:



Fig. 13 – Association between application and server for LBB.

© TechMetrix Research, 2002 HP Application Server 8.0


26
2.5.2 RadPak

 Presentation
The RadPak is used to manage the different archives
and XML configuration files in a J2EE application. It
also enables applications and data sources to be
deployed on instances of the HP-AS server. The
functions available include:


 Transparent browsing and management of archives (drag & drop)

 Several dedicated editors for different file types (ANT, EJB, WAR, EAR,
etc.)

 EJB project Wizard, for building EJB projects via a simplified interface

 EJB Discovery, a tool which inventories the different EJBs in a project and
simplifies input of components' deployment properties by pre-filling certain
fields with the appropriate values:


Fig. 14 – EJB Discovery


Key benefits
• Deployment simplified for multiple servers.
• Advanced packaging for development.
© TechMetrix Research, 2002 HP Application Server 8.0


27


The RadPak graphical interface offers different views of a document, depending
on the information it contains. So, for all XML files there is a text view and a tree-
view. There are also a certain number of dedicated views provided for editing
certain file types:

 Manifest - information from
manifest.mf
files
 Ant - application build scripts (
build.xml
)
 AppClient - client application deployment descriptor (
application-
client.xml
)
 EAR - enterprise application deployment descriptor (
application.xml
)
 EJB - EJB deployment descriptor (
ejb-jar.xml)

 RAR - resource adapter deployment descriptor(
ra.xml
)
 SAR - service deployment descriptor (
default.service
)
 Taglib - JSP tag library deployment descriptor (
taglib.tld
)
 WAR - Web application deployment descriptor (
web.xml
)


Fig. 15 – RadPak Browser
© TechMetrix Research, 2002 HP Application Server 8.0


28
2.5.3 System Console

To launch the server, there are two modes
available: text or console. The latter provides a
graphical interface giving the user different views
of the server properties:





 Log Browser, for viewing the logs generated by the server:


Fig. 16 – Log Browser



 Deployment Browser, for consulting the server's deployment descriptor:


Fig. 17 – Deployment Browser
System Console Key benefits

• Server monitoring
• Access to a number of parameters that
can be modified on the fly.
© TechMetrix Research, 2002 HP Application Server 8.0


29

 JNDI Browser, for consulting the registry of available services:


Fig. 18 – JNDI Browser



 The JMX Browser is certainly the most feature-rich view. This tool enables
you to browse the server's repository of MBeans. For each of the MBeans,
you can invoke the methods exposed via JMX by using an interface to
input required method arguments. In this way, you can access many of
the server settings, for both consultation and modification purposes.


Fig. 19 – JMX Browser


 Finally, the Deployment Window provides an interface for browsing the
local file system and deploying applications on the server by drag & drop.
© TechMetrix Research, 2002 HP Application Server 8.0


30
2.5.4 Application deployment
There are various tools that can be used to deploy applications (RadPak, system
console); this task can also be carried out by modifying the server's configuration
file.

To deploy an archive using the RadPak, you drag and drop the archive onto the
remote file system corresponding to the HP-AS instance on which you want to
deploy the application. Alternatively, there is a contextual menu from which you
can select the server instance to which the application is to be deployed.

For development phases, it is also possible to 'share' a directory containing the
application, so as to deploy it on the server without having to create an archive
file.


Fig. 20 – Deploying applications via the RadPak

© TechMetrix Research, 2002 HP Application Server 8.0


31
Likewise, the system console enables you to deploy applications by drag & drop
from the Deployment Window , or via a menu.


Fig. 21 – Deploying applications from the system console (Deployment Window)


To manually deploy applications by directly modifying the server configuration,
you proceed as follows:

 copy the archive to the target server instance

 edit the configuration file of the target partition for deployment:

<j2ee-partition-service>

<war application="HPAS_DEFAULT"
context-path="/login"
mime-type="application/zip"
url="file:///d:/hp-as/serveur/deployment/login.war"/>
</j2ee-partition-service>

Once the configuration file is saved, the application will be deployed when the file
is next automatically scanned by HP-AS. The server will add a "timestamp"
attribute to the declaration of application parameters in the configuration file. To
redeploy the application from these parameters, the "timestamp" attribute should
be deleted from the configuration file.

When redeploying an application, the server makes sure it does not hinder the
operation. Updates are therefore only carried out after all current requests have
been processed and all user session information has been stored.

© TechMetrix Research, 2002 HP Application Server 8.0


32
2.6 Conclusion
Building on a modular architecture, HP Application Server 8.0 brings a host of
enhancements, notably in the area of J2EE support (full J2EE 1.3 support should
be announced in the near future). With its application server, HP provides a solid
foundation for building e-business applications.

TechMetrix Research believes HP Application Server 8.0 is a wise application
server choice. The product's maturity combined with HP's aggressive pricing
strategy should help increase distribution and penetration of the HP solution and
will be an important factor in its success.
© TechMetrix Research, 2002 HP Application Server 8.0


33

A White Paper written by
TechMetrix Research

Author
Sylvain Mougenot

Editor
Laurent Denanot
Jean-Christophe Cimetiere

Translation
Hannah Riley

Published
RC03
March 2002


USA


TechMetrix Research
76 Bedford Street, suite 33
Lexington, MA 02420


Tel.: +1.781.890.3900
Fax: +1.781.240.0502

EUROPEAN HEADQUARTERS

TechMetrix Research/SQLI
55/57 Rue Saint Roch
75001 PARIS
FRANCE


Tel.: + 33 1 44 55 40 00
Fax: + 33 1 44 55 40 01

SWITZERLAND


TechMetrix Research/SQLI
Chemin de la Rueyre
116-118
CH-1020 RENENS

Tel.: + 41 (0) 21 637 72 30
Fax : + 41 (0) 21 637 72 31

http://www.techmetrix.com

info@techmetrix.com



TechMetrix Research is a technically oriented analyst firm
focused on e-business application development needs.
TechMetrix Research has developed a unique evaluation
approach to provide accurate information on software.
Based in Lexington-MA (USA) and Paris (France), the firm publishes comparison reports and
product reviews, which are real helpers when it comes to making decisions, or simply
keeping pace with the fast moving e-business market.
As its parent company (SQLI) provides information system development and implementation
services to major companies, TechMetrix Research also benefits from the feedback and
experience acquired during large-scale, long-term development projects.
SQLI is a European global system integrator of 800 employees offering full service and
continuing coaching to enable companies to move profitably toward an all-Internet solution.

Assessments and conclusions rendered by TechMetrix Research are proprietary. TechMetrix Research and/or TechMetrix Research
analysts cannot be held liable for any damages directly or indirectly caused by decisions made using any TechMetrix Research
material.
Names appearing in this document that are registered trademarks are not mentioned as being so, nor is the trademark symbol
inserted with each mention of these registered trademarks. This document uses these trademarks for editorial purposes only. In no
way does TechMetrix Research have the intention of infringing on any registered trademark mentioned in editorial.

© TechMetrix Research 2002 - www.techmetrix.com