Building Enterprise Servers for OS/390 with OrbixWeb by Peter Kanis Distributed Object Technology &...

Building Enterprise Serversfor OS/390

with OrbixWeb

byPeter Kanis

Distributed Object Technology & CORBA/Java Solutions

ContentsContents

The The SwiBi SwiBi (Swisscom Billing) project.(Swisscom Billing) project. Requirements & Constraints.Requirements & Constraints. Architecture.Architecture. Session Balancing.Session Balancing. Security with RACF.Security with RACF. Server FrameworkServer Framework

Distributed garbage collectionDistributed garbage collection Multi-threading model.Multi-threading model.

Logging, monotoring, testing & administration.Logging, monotoring, testing & administration. Server Design.Server Design.

The Swisscom Billing (SwiBi) ProjectThe Swisscom Billing (SwiBi) Project

Current billing stream is managed with a Current billing stream is managed with a dinosaurian host application…dinosaurian host application…

SwiBiSwiBi should replace this with an intelligent, should replace this with an intelligent, modern enterprise server.modern enterprise server.

Unfortunately, the new must run in parallel with Unfortunately, the new must run in parallel with the old:the old:

Stuck with a legacy database for COBOL with Stuck with a legacy database for COBOL with fixed length fields.fixed length fields.

Have to use stored procedures written in COBOL.Have to use stored procedures written in COBOL.

Servers should be deployable on Servers should be deployable on OS/390 USSOS/390 USS and and AIXAIX..

Clients must be deployable on standardised Clients must be deployable on standardised Windows NT work-stations (Swisscom Workplace Windows NT work-stations (Swisscom Workplace 2000).2000).

Servers must support up to 3500 concurrent Servers must support up to 3500 concurrent intranet users with no noticeable performance intranet users with no noticeable performance degradation:degradation:

Need multiple parallel servers.Need multiple parallel servers. Servers need to be multi-threaded.Servers need to be multi-threaded. Need session balancing.Need session balancing.

Requirements and Constraints (1)Requirements and Constraints (1)

Servers should be available from 6:30 to 20:00.Servers should be available from 6:30 to 20:00. Need a certain amount of fault tolerance.Need a certain amount of fault tolerance. Need some form of monitoring software.Need some form of monitoring software. Need distributed garbage collection.Need distributed garbage collection.

Users are already defined for the old software and Users are already defined for the old software and should be authenticated through should be authenticated through RACFRACF..

Need an authentication server on OS/390.Need an authentication server on OS/390. Cannot use SSL for internal political reasons.Cannot use SSL for internal political reasons. Should at least have some form of encryption on Should at least have some form of encryption on

passwords.passwords. < 1 year from conception to deployment.< 1 year from conception to deployment.

Need an efficient RAD environment and language.Need an efficient RAD environment and language.

Requirements and Constraints (2)Requirements and Constraints (2)

CORBAC++

Servant

Oracle/D

B2

gateway

CORBAC++ Client

MFC

Windows AIX MVS

DB2

Architecture variant 1Architecture variant 1

Already in use within Swisscom.Already in use within Swisscom. Not deployable on OS/390.Not deployable on OS/390. No authentication through RACF.No authentication through RACF. Inadequate throughput to DB.Inadequate throughput to DB. Long development time with C++.Long development time with C++. Poor reliability with MFC.Poor reliability with MFC.

CORBAC++ Client

MFC

Windows

OrbixIMS

GatewayIMS DB2

OS/390 USS MVS

Already in use within Swisscom.Already in use within Swisscom. Not deployable on AIX.Not deployable on AIX. Large data blocks cannot be passed through IMS.Large data blocks cannot be passed through IMS. Long development time with C++ and COBOL.Long development time with C++ and COBOL. Inadequate or inexistent monitoring tools.Inadequate or inexistent monitoring tools.


CORBAor RMI

Java Client

Windows

DB2

MVSOS/390 USS

CORBAC++

Servant

CORBA orRMI Java

Server

IIOP

IIOPRMI

CLI

JDBC

Can be deployed on AIX.Can be deployed on AIX. Possible authentication through RACF.Possible authentication through RACF. RMI locks us into Java CORBA leaves it open.RMI locks us into Java CORBA leaves it open. Long development time with C++ variant.Long development time with C++ variant. Logging and monitoring tools available.Logging and monitoring tools available.


OrbixWebJava 2Client Applet

Windows OrbixWebSessionBalancer

OrbixWebRACF

AuthenticationServant

OrbixWebSwiBi

Servants

OS/390 USS MVS

DB2

RACFSAF

IIOP

IIOP

IIOP

JDBC

RRSAF

IIOP

Architecture OS/390Architecture OS/390

OrbixWebJava 2Client Applet

Windows

OrbixWebRACF

Authentication

OS/390 USS

MVS

DB2

RACF

SAF

IIOP

IIOP

IIOP

DRDA

OrbixWebSessionBalancer

OrbixWebSwiBi

Servants

JDBC

DB2 ClientEnabler

AIX Node

IIOP

Architecture OS/390 + AIXArchitecture OS/390 + AIX

Distributes client sessions between the available Distributes client sessions between the available servers using a round robin algorithm.servers using a round robin algorithm.

Registered servers uses a “heart-beat” to check in Registered servers uses a “heart-beat” to check in with the balancer.with the balancer.

Supplies an interface for administrationSupplies an interface for administration List registered servers.List registered servers. Stop a server.Stop a server. Stop a group of servers.Stop a group of servers. Stop all the servers in a group on a given host.Stop all the servers in a group on a given host.

Integrated into the server framework.Integrated into the server framework.

Session Balancing (1)Session Balancing (1)

OrbixWebJava 2

Client Applet

OrbixWebSessionBalancer

OrbixWebSwiBi

Servants

Connectioninfo

Registercheck-in

shutdown

invocations

Session Balancing (2)Session Balancing (2)

OrbixWebAdministration

Client

List Servers etc..

Server Status

Authentication with RACF (1)Authentication with RACF (1)

• The IBM JDK 1.1.8 security classes are not adequate for developing a serious authentication system:– They return erroneous error codes.

– There is no way of verifying class/entity rights for a third party.

• We wrote our own JNI library for accessing RACF:– void authenticate( userId, password);

– void changePassword(userId, oldPassword, newPassword);

– boolean isMemberOfGroup( userId, group);

– boolean canRead( userId, securityClass, entityName);

– boolean canUpdate( userId, securityClass, entityName);

– boolean canAlter( userId, securityClass, entityName);

– boolean canControl( userId, securityClass, entityName);


• We couldn’t use SSL:– It would only be necessary for the authentication phase.

– The performance loss over the whole application would be too high.

– This is an intranet application where SSL would be overkill.

– Swisscom has no wish to maintain the necessary certificates.

• We created our own password Encryptor:– Uses a mutating cipher with a configurable lifetime.

– Random shift expansion algorithm.

– An 8 char password results in a 64 byte block.


OrbixWebJava 2

Client Applet

OrbixWebRACF

AuthenticationServant

getCipher()

Encryptor

OrbixWebSwiBi

Servant

encryptPassword()

logon()

getCipher()authenticate() +isMemberOfGroup()

The Server Framework (1)The Server Framework (1)

All the servers have a common set of All the servers have a common set of requirements:requirements:

ORB initialisation.ORB initialisation. Application initialisation from properties files.Application initialisation from properties files. A multi-threading model.A multi-threading model. Distributed garbage collection.Distributed garbage collection. A logging and/or monitoring mechanism.A logging and/or monitoring mechanism. Possibility of session balancing.Possibility of session balancing.

The server framework supplies all this in a re-The server framework supplies all this in a re-usable set of Java packages.usable set of Java packages.

Allows fast development of OrbixWeb Servers Allows fast development of OrbixWeb Servers and clients by simply initialising the and clients by simply initialising the ApplicationApplication or or ClientClient classes. classes.

Application ORB

Orb PropertiesObjectManagerWorkerThread

OrbixThreadFilter

static getApplication();connect();run();getAppProperty();

The Server Framework (2)

App. Properties

ObjectManagerThread

Authenticator

BalancerClientThread

RequestQueue

The Server Framework (3)

Client

ORB Orb Properties

static getClient();connect();run();getAppProperty();

App. Properties

The Server Framework (4)The Server Framework (4)

Default OrbixWeb settings will cause problems Default OrbixWeb settings will cause problems with daemon on the server host:with daemon on the server host:

Client connections remain open for 8-10 hours.Client connections remain open for 8-10 hours. Every object is located through the daemon.Every object is located through the daemon. After a while the daemon used 1Gigabyte of After a while the daemon used 1Gigabyte of

resources and eventually dies.resources and eventually dies. The server requires the following settings:The server requires the following settings:

IT_IIOP_USE_LOCATOR=IT_IIOP_USE_LOCATOR=falsefalse IT_IIOP_LISTEN_PORT=IT_IIOP_LISTEN_PORT=00

The client requires:The client requires: IT_KEEP_ALIVE_FORWARDER_CONN=IT_KEEP_ALIVE_FORWARDER_CONN=falsefalse

Distributed Garbage Collection (1)Distributed Garbage Collection (1)

Objects connected to the ORB Objects connected to the ORB do not get do not get deleteddeleted as there is a reference to them in the as there is a reference to them in the ORBORB..

There is no reference counting mechanism There is no reference counting mechanism implemented in the OMG Java definition for implemented in the OMG Java definition for CORBA.CORBA.

There is no direct access to the ORB object table There is no direct access to the ORB object table in OrbixWeb.in OrbixWeb.

Must be automated, we don’t want to have to Must be automated, we don’t want to have to explicitly call garbage collection methods on the explicitly call garbage collection methods on the servant objects.servant objects.

Should run in the finalizer of the client stubs.Should run in the finalizer of the client stubs.


Have a standard interface Have a standard interface destroyabledestroyable which which declares a declares a destroy destroy method:method:

The The destroy() destroy() implementation disconnects the implementation disconnects the object from the object from the ORBORB allowing the Java garbage allowing the Java garbage collection to remove it.collection to remove it.

All classes except the factory class inherit from All classes except the factory class inherit from this.this.

We built a post compiler for We built a post compiler for idlidl that adds a that adds a finalizer to the client classes if they contain the finalizer to the client classes if they contain the destroydestroy method. method.

We added an “evictor” thread which disconnects We added an “evictor” thread which disconnects objects after a configurable inactivity time (2 hrs).objects after a configurable inactivity time (2 hrs).


The Server Framework maintains a table of The Server Framework maintains a table of objects connected to the objects connected to the ORBORB..

The table is 2 dimensional, allowing us to parent - The table is 2 dimensional, allowing us to parent - child relationship between objects. If a parent is child relationship between objects. If a parent is removed, all its children are also.removed, all its children are also.

Debuggers are too invasive to be of any use Debuggers are too invasive to be of any use during testing and leave no permanent record of during testing and leave no permanent record of events.events.

Require a way of tracing distributed apps for Require a way of tracing distributed apps for testing.testing.

Require a permanent record of logs.Require a permanent record of logs. Traces must be time stamped and contain Traces must be time stamped and contain

information on the source of the trace such as information on the source of the trace such as Host, Process, Thread, Class, Method and line in Host, Process, Thread, Class, Method and line in the java file.the java file.

Require a script driven testing tool for repeatable Require a script driven testing tool for repeatable testing and regression testing.testing and regression testing.

Logging, monitoring, testingLogging, monitoring, testing& administration (1)& administration (1)

Logging, monitoring, testingLogging, monitoring, testing& administration (2)& administration (2)

Require a method of changing the trace level Require a method of changing the trace level interactively and watching events online without interactively and watching events online without stopping the server.stopping the server.

Need a centralised repository of logs to facilitate Need a centralised repository of logs to facilitate administration.administration.

Require the tracing mechanism for testing to be Require the tracing mechanism for testing to be used for logging in production.used for logging in production.

Require an tool to easily view and manage trace Require an tool to easily view and manage trace files in the repository.files in the repository.

Khephren 2000

Test Hosts

Process being traced or tested

TraceEngine class

TracesControl

Server Host

TraceRepository

Repository Management

Servant

Trace EngineServant

Control Hosts

KhephrenProcess Monitor

Traces

Control

Trace ViewerHosts

KhephrenTrace Viewer

Traces fromRepository

Traces

Repository MgrHosts

KhephrenRepository Manager

Archive, delete etc.

Design (1)Design (1)

All the servers are based around a singleton All the servers are based around a singleton factory object that is published to thfactory object that is published to the ORB e ORB and is and is not entered in the object management table.not entered in the object management table.

The factory is the unique entry point into the The factory is the unique entry point into the system and implements any security and system and implements any security and administration functionality.administration functionality.

The factory creates the top level objects that The factory creates the top level objects that implement the application’s business logic.implement the application’s business logic.

These top level objects are related 1:1 to the These top level objects are related 1:1 to the client and are responsible for creating any client and are responsible for creating any children needed for the business logic.children needed for the business logic.

Client

Factory


BusinessObject

BusinessObject

Client

Server

1

1 2

2

3

3

1 connect, logon and get 1 connect, logon and get business object.business object.

2 create business object and 2 create business object and add to manager table.add to manager table.

3 invoke operations on 3 invoke operations on business object.business object.


We considered 2 approaches to the design:We considered 2 approaches to the design: A vertical approach where each business object is A vertical approach where each business object is

built from interface to database access as a unit.built from interface to database access as a unit. A horizontal approach where the application is A horizontal approach where the application is

layered.layered. We chose the horizontal approach for pragmatic We chose the horizontal approach for pragmatic

reasons:reasons: It is hard to find programmers who are expert in all It is hard to find programmers who are expert in all

the technologies being used.the technologies being used. We had on hand experts in SQL, pure java and We had on hand experts in SQL, pure java and

CORBA programming.CORBA programming. It is easier to add interfaces to other middleware It is easier to add interfaces to other middleware

technologies using a layered approach.technologies using a layered approach.

SwiBi Server layering (1)

CORBA IDL layercom.swisscom.swibi.server.boa

Business Object layercom.swisscom.server.bo

Access Object Layercom.swisscom.server.ao

Application layercom.swisscom.swibi.server.appl

Java CORBA Client

DB2

SwiBi Servant layering(2)

CORBA IDL layercom.swisscom.swibi.server.boa

Java CORBA Client

RMI layercom.swisscom.swibi.server.rmi

Java RMI Client

Business Object layercom.swisscom.swibi.server.bo

Access Object Layercom.swisscom.swibi.server.ao

Application layercom.swisscom.swibi.server.appl

DB2

The SwiBi Team

Analysis, Design & ProgrammingSever: Peter Kanis,Jürgen Fritz, Stefan Fink, Urs Schimming, Urs Badertscher, Markus Streit, Daniel Steiner, Daniel Wildi, Beat Bilang, Bruno RothClient: Stefan Marty, Felix Boss, Niklaus Rötlisberger, Daniel Wildi

Management Hans Brüschweiler, Heinz Bösch

Building Enterprise Servers for OS/390 with OrbixWeb by Peter Kanis Distributed Object Technology &...

Documents

Transcript of Building Enterprise Servers for OS/390 with OrbixWeb by Peter Kanis Distributed Object Technology &...