EXAM WAS

Recommand readings

• Recommend reading list from WebSphere Notes blog

Other Resources

• IBM on-line edcuation
• A professional WebSphere blog: WebSphere Notes
• Joseph Amrith Raj's WebSphere and SOA library [1]
  • Websphere 7 (000-377) [2]: 詳細介紹 000-377 的認證考試, 參考書及考試範圍.

IBM Trainning courses

• IBM Taiwan 教育訓練: WebSphere Family

Questions and Answers (IBM 000-377: Practice Exam)

Q1

• Centralized Installation Manager (CIM): [3]

The Centralized Installation Manager introduces support for remote installation functionality in WebSphere Application Server V7. The deployment manager can be used as a central interface for installing WebSphere Application Server to remote hosts and integrating them into a cell. These remote hosts do not require any IBM software to be present before installation, as the installation is performed using operating system tools. In addition to installing WebSphere Application Server, the V7 deployment manager also has the ability to remotely install fix packs, refresh packs, and interim fixes on remote nodes that have been added to the cell. Fixes can be downloaded from IBM directly within the deployment manager’s administrative console and remotely installed to member nodes.

To install WebSphere Application Server on a remote host, you must define the host as an installation target. In addition to specifying the host name or IP address, you can also provide authentication information for the remote host, as either a user ID and password or an SSH key. After you have defined installation targets, you can start a remote installation to one or more of those hosts using the “available installations” panel. You can use a wizard in the administrative console to specify installation options, or you can provide a response file. The Centralized Installation Manager accepts the same response file format as the traditional installer.

Reference: Centralized Installation Manager [4]

• Job manager: In WebSphere version 7, the concept of flexible management is introduced. The Job Manager plays a key role in a flexible management infrastructure by allowing a user to make administrative changes to application server environments across multiple WebSphere cells. [5]

High-level overview of a job manager architecture

Ref: p46 in WebSphere Application Server V7 Administration and Configuration Guide

Q4

• Install Verification Tool (IVT): Use the installation verification tools to verify that the installation of the product and the application server profile is successful. After installing the product and verifying the installation, you can configure the installation by creating more profiles. You can also install other packages on the product installation image, such as IBM HTTP server, the Web server plug-ins, or the Application Client. [6]

答案 c 是錯: 因為 IVT 完成後, IBM HTTP Server 還沒有 install, 無法開啟 the laungh page of the IBM HTTP server.

 

Q5

A: The WebSphere Applicatin Server installed successfully

Topic: Create profiles; Install application server successfully

Ref:

• Table 2 in Installing WebSphere Application Server
• WebSphere Application Server

Install Log files

• <app_server_root>/logs/install/log.txt: Logs all installation events
• <app_server_root>/logs/manageprofiles/profile_name_create.log
  • Traces all events that occur during the creation of the named profile
  • Created when using the Profile Management tool or the manageprofiles command

Indicators for profile_name_create.log:

• INSTCONFFAILED: Total installation failure.
• INSTCONFSUCCESS: Successful installation.
• INSTCONFPARTIALSUCCESS: Installation errors occurred but the installation is still usable. Additional information in other log files identifies the errors.

Q7

Topic: JNDI, NameNotFoundExecption

• dumpNameSpace command: You can use the dumpNameSpace tool to dump the contents of a name space accessed through a name server. The dumpNameSpace tool is based on Java Naming and Directory Interface (JNDI). [7]. 這個命令會列出 application server 上的 JNDI tree.

Note: NameNotFoundException 似乎很常生, 用 google 去找關鍵字 dumpNamespace NameNotFoundException 可以找到很多相關的 article.

這題是在問, 當 stand-along AP server 的 naming service 由另一台主機提供時, 該如處理 NameNotFoundExcept.

Q8

Topic: Diagnostic Data

• First-Failure Data Capture (FFDC): WebSphere Application Server V6 includes a feature called First Failure Data Capture (FFDC). The FFDC feature runs in the background and collects events and errors that occur during WebSphere Application Server runtime. The information that it collects are written to log files in the <WAS_install_root>/profiles/<profile>/logs/ffdc directory [8].

FFDC does not affect the performance of WebSphere Application Server and should not be disabled. The FFDC logs will not, most likely, be useful in your problem determination efforts. However, they might be useful to the WebSphere Application Server support team if you open a PMR.

Ref Also:

• WebSphere Application Server v5.0 Problem Determination Facilities
• Problem determination
• Configuring first failure data capture log file purges

Q9

A: Wait for the thread monitor to signal a possible hung thread, then take three thread dumps several seconds apart.

Topic: Thread monitor

Ref:

• WebSphere Application Server 6.1 Problem determination guide

After being notified a hung thread problem, the most logical next step is to trigger a Java thread dump. Use the thread ID from the notification to find the hung thread in the dump, and use the stack trace information to begin investigation the cause of the problem.

Q10

Topic: Data replication service

Data replication service 的資訊參考 [9]. 用到 DRS 的 WAS process 包括:

1. Stateful session EJB persistence and failover
2. HTTP session persistence and failover
3. Dynamic cache replication

Q11

Topic: IBM Support; Diagnostic trace data

Difficult problems might require the use of tracing, which brings to the surface the low-level flow of control and interactions between components. Use Diagnostic trace to capture detailed information about the execution of servers, clients, and other processes in the environment. Trace files indicate the time and sequence of methods called by WebSphere® Application Server base classes, and you can use these files to pinpoint the failure. [10]

啟動 Diagnostic Trace 功能的方式, 參考: [11]

• Using the Diagnostic trace

Q12

Topic: IBM Support; IBM Support Assistance Agent (ISA Agent)

The agent manager, together with agents, provides the ability to run data collection and other tasks remotely. 參考[12] 第 4 張 slide.

IBM support 的部署架構圖參考 [13] 的第6 張 slide.

 

Q13

Enable security auditing 後, audit 的結果可以輸出至 log 檔. 這個 log 檔的名稱為: BinaryAudit_<cellName>_<nodeName>_<serverName>.log. 使用 AdminTask.binaryAuditLogReader('-interactive') 看此 log 檔. View the log entries using the Audit Log Reader. This is an interface available through wsadmin which will convert the audit log entries into an html report. 參考 p14 in WAS Audit lab.

補充:

• The AdminTask object is used to access a set of task-oriented administrative commands that provide an alternative way to access the configuration commands and the running object management commands. Ref: p452 in WAS 7 redbook.

• WAS Audit lab download

• Use the commands and parameters in the AuditReaderCommands group to display audit record information from the binary audit log. [14]

Use the following commands to query the binary audit log:

   * binaryAuditLogReader   * showAuditLogEncryptionInfo

Q14

A: Configure Global security to use an LDAP registry and create a new security domain with a user realm definition for the file based registry and assign it to the desired application servers.

Topic: Multiple security domain; LDAP server; user registry; file based registry

和 Q16 考相同的概念.

題目分析:

cell 的使用者資料分別放在 LDAP 及 file based registry. 要進行使用者登入檢查時, 就要分成兩個 security domain. file based registry 的 security 的 domain 要和 LDAP server 的 domain 不一樣. 做法上使用 Global security with LDAP server, 那麼 cell 的使用者的登入檢查會透過 LDAP server 取得資料. 對於那些要對 file based registry 做使用者檢核的, 則另外開一個 security domain.

Multiple security domain allows different security settings in the same cell.

The concepts of the multiple security domains

Ref:

• WebSphere Application Server V6 - Enabling Global Security using LDAP User Registry
• Multiple Security Domian
• LDAP 中文介紹
• Introduction to LDAP: Part 1, Installation and simple Java LDAP programming
• Introduction to LDAP: Part 2: LDAP and WebSphere

Q15

Topic: J2EE Application Security in application level

J2EE application level security is specified using security roles.

J2EE 的 artifacts, 包含 EJB 及 web components, 皆是透過 role based authorization 來進行使用的授權. 所以在部署時, 需要指定那些 role 可以使用那些 J2EE 的 artifacts.

Securing J2EE Application from http://publib.boulder.ibm.com/infocenter/ieduasst/v1r1m0/index.jsp?topic=/com.ibm.iea.was_v6/was/6.0.1/Security/WASv601_Sec_J2EE_Security/player.html

Ref:

• 參考 6th slide in J2EE Application Security in IBM Education
• 8th slide in J2EE Application Security in IBM Education for EJB role based authorization.
• 14th slide in J2EE Application Security in IBM Education for web component role based authorization.

Q16

Topic: Multiple security domain

參考 6th slide in Multiple security domains in IBM Education

Q17

A: Enable administrative security for the cell

Authentication occurs when client creates a connection to Service Integration Bus resources. User ID/password are authenticated using the configured User Registory of the Application server.

Refer to the answers in Q90

Topic: Service Integration Bus security

Ref:

• Service Integration Bus Security
• Security Administration

Q18

Topic: Resource security

J2C adaptor: J2EE Connector (J2C) resource adapters.

Ref:

• Resource security
• WAS 6 Security Architecture

JAAS ( Java Authentication Authorization Service )

Q19

A: Verify that the CellDefaultTrustStore has the appropriate signing certificates in it and run the syncNode script on node-B.

Topic: WebSphere security

Ref:

• ch16-50 in WAS61 course material
• System Management Commands

All singing certificates for the cell are put into a cell wide truststore. By sharing a single trust store, any member of the cell can securely communicate with any other member of the cell.

每個 cell 中的 application server 的 trust 還要同步, 才能做到 cell 中的每個 AP server 使用安全機制相互溝通。

syncNode command: Forces full synchronization between the node and the deployment manager.

key.p12 file is a default persoanl certificate. [15]

 

Q22

?? 找不到資料

 

Q23

A: Set classloader policy on the application server to single.

Classloader policy are used in the level of Application Module Class Loader in the Class Loader hierarchy. [16]

left Application Class loader isolation policy

Single policy: All applications share a application module class loader - no application isolation.

Multiple policy (default): Each application get its own application module class loader - provides application isolation.

 

Ref:

• Class loader overview [17]

Q24

Q26

Topic: Websphere Platform messaging

Message Driver Beans (MDBs) use a JMS ActivationSpec to connect to the JMS Provider (SIBus)

Service Integration Bus (SIBus) is the JMS provider delivered with WebSphere Application server.

Ref: ch15-6, ch15-7, ch15-23 in WAS61 Course Material.

Q27

A: Method permissions

Topic: WebSphere Security

In J2EE security,

• EJB are protected with method permissions, which are mapped to the security roles.
• Servlet and JSPs are protected with security constraints, which are mapped to the security roles.

Ref: ch16-30, Ch16-31, WAS61 Course Material

 

Q28

A: Queue, connection factory, activation specification

Topic: WebSphere Platform Messaging

• Session EJBs use a JMS Connection factory to connect to the JMS provider.
• Message Driver Beans (MDBs) use a JMS activation specification to connect to the JMS provider.

Ref: Ch15-22, ch15-23 in WAS61 course material

Q29

Global naming 分成四個部份

1. Cell root: read only persisent
2. Cell persistent root: read/write persistent (can be modified programmatically)
3. Node persistent root: read/write persistent
4. Server root: read/write transient

Ref:

• WebSphere Naming Introduction [18]
• Naming - Overview and Example [19]

Q30

In version five there are three scoping levels: Cell level, Node level, and Server level. The configuration repository hierarchy reflects these three levels. When you define a resource at a Cell level, every process has access to that resource. When you define a resource at the Node level, every process on that node has access to that resource. And when you define at the application server level, then only that application server on that node has access to that resource.

Network Deployment in version six adds another level called Cluster level. When resources are defined at the cluster level, then all cluster members in that cluster have access to that resource on whatever machine they’re running.

What is relevant to Express on the stand-alone Node is the Application scoping. Another module discusses Enhanced EAR files – those EARs that contain application code and resource definitions. Because the resources are defined in the deployment descriptors of the enhanced EAR file, when the application is moved in the Network Deployment environment from one location to another, those application scoped resources will be moved with the application. From the perspective of Express, this reduces the number of steps required to make your application run. An administrator does not need to configure these resources at the Node level or at the Cell level when they’re packaged in the enhanced EAR file. If you have resources that are defined with the identical name at more than one level, the application server will see the resource that is defined closest to the application. This means that if you have the same resource defined on the Node and on the Cell, then the Node resource is the one that the application will use.

Ref:

• System Management - Resource Scopes [20]

Q31

A: Use an isolated class loader for this shared library on the shared library settings page and associate the shared library with the Web modules class loader.

Topic: isolated shared library, class loader

Isolated Shared Libraries

An Isolated Shared Library is another way to deploy application artifacts into the WebSphere runtime environment. An Isolated Shared Library can be associated or shared with one or many WebSphere application and Web module class loaders. The Isolated Shared Library will provide a mechanism where you can share a common set of classes across a subset of the applications within the WebSphere Application Server.

This is similar to the server associated shared library, but an Isolated Shared Library is not typically used across ALL applications. An Isolated Shared Library associated with the application class loader can be thought of as an application associated shared library that can be shared across a subset of the applications in the WebSphere Application Server. However, unlike application associated shared libraries, Isolated Shared Libraries DO NOT have visibility to application classes loaded by the application class loader.

WebSphere Application Server version 7.0 includes a new feature, Isolated Shared Libraries, to provide a way to share a common set of classes across a subset of the applications within the WebSphere Application Server. The major benefit to Isolated Shared Libraries is the ability to reduce the number of class instances that are loaded in a JVM reducing the JVM’s memory footprint. To better understand the benefit of Isolated Shared Libraries, look at how a solution deployer can decide to share an application associated shared library across multiple applications. The solution deployer has several possibilities: Using an Isolated Shared Library, the solution deployer can combine pieces of the prior two solutions. Isolated Shared Libraries each have their own class loader allowing a single instance of the classes to be shared across the applications. Each application can specify which Isolated Shared Libraries it wants to reference and different applications can reference different versions of the Isolated Shared Library resulting in a set of applications sharing an Isolated Shared Library. The advantage here is seen in comparison to the previous example: with Isolated Shared Libraries, you are now sharing a single copy of version x and a single copy of version y for a total of two instances in memory. Isolated Shared Libraries do not have visibility to application classes loaded by the application class loader.

Path to Shared Library page: Environment > Shared Libraries.

Shared libraries 也可以設定 scope. scope 的層級分為: cell, a node, or a server.

After you 1) create a shared library and 2) map an application to the selected scope, you can associate the shared library with the application or its modules.

• To associate a shared library with an application or module, use the Shared library references page for the application. Click Applications > Enterprise Applications > application_name > Shared library references.
• To associate a shared library with a server class loader, use the settings page for the library reference for the server class loader. Click Servers > Application servers > server_name > Java and Process Management > Class loader > class_loader_ID > Shared library references > shared_library_name.

Ref:

• Isolated shared libraries [21]
• Class Loader Details [22]
• Shared library collection [23]

Note: 要更改 WAS Adm console 的顯示語言, 只要更改 browser 的顯示語言即可. 在 firefox: 工具 > 選項 > 內容 > 語言 > 選擇

Q32

A: Assign the destination to a specific bus member.

Topic: Service Integration Technology

The bus member will host the destination.

Ref:

• P10 in Service Integration Resource Management [24]
• Service Integration Technologies - Overview [25]

Q33

A: URI element under UriGroup With a Name attribute equal to the context root of the mapped application.

Topic: Web Server plug-in

Ref:

• Web Server Plug-in installation [26]

Map applications to a specific web server

An example of plugin-cfg.xml:

<?xml version="1.0" encoding="BIG5"?><!--HTTP server plugin config file for the webserver PremisesNodeCell.PremisesNode.webserver1 generated on 2010.10.04 at 03:08:07 PM CST--><Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" HTTPMaxHeaders="300" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false">   <Log LogLevel="Error" Name="C:/Program Files/IBM/WebSphere/Plugins/logs/webserver1/http_plugin.log"/>   <Property Name="ESIEnable" Value="true"/>   <Property Name="ESIMaxCacheSize" Value="1024"/>   <Property Name="ESIInvalidationMonitor" Value="false"/>   <Property Name="ESIEnableToPassCookies" Value="false"/>   <VirtualHostGroup Name="default_host">      <VirtualHost Name="*:9080"/>      <VirtualHost Name="*:80"/>      <VirtualHost Name="*:9443"/>      <VirtualHost Name="*:5060"/>      <VirtualHost Name="*:5061"/>      <VirtualHost Name="*:443"/>   </VirtualHostGroup>   <ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="server1_PremisesNode_Cluster" PostBufferSize="64" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60">      <Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="-1" Name="PremisesNode_server1" ServerIOTimeout="0" WaitForContinue="false">         <Transport Hostname="WSE62" Port="9080" Protocol="http"/>         <Transport Hostname="WSE62" Port="9443" Protocol="https">            <Property Name="keyring" Value="C:/Program Files/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb"/>            <Property Name="stashfile" Value="C:/Program Files/IBM/WebSphere/Plugins/config/webserver1/plugin-key.sth"/>         </Transport>      </Server>   </ServerCluster>   <UriGroup Name="default_host_server1_PremisesNode_Cluster_URIs">      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/snoop/*"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hello"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hitcount"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsp"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsv"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="*.jsw"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/j_security_check"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/ibm_security_logout"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/servlet/*"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/ivt/*"/>      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/wbe/*"/>   </UriGroup>   <Route ServerCluster="server1_PremisesNode_Cluster" UriGroup="default_host_server1_PremisesNode_Cluster_URIs" VirtualHostGroup="default_host"/>   <RequestMetrics armEnabled="false" loggingEnabled="false" rmEnabled="false" traceLevel="HOPS">      <filters enable="false" type="URI">         <filterValues enable="false" value="/snoop"/>         <filterValues enable="false" value="/hitcount"/>      </filters>      <filters enable="false" type="SOURCE_IP">         <filterValues enable="false" value="255.255.255.255"/>         <filterValues enable="false" value="254.254.254.254"/>      </filters>      <filters enable="false" type="JMS">         <filterValues enable="false" value="destination=aaa"/>      </filters>      <filters enable="false" type="WEB_SERVICES">         <filterValues enable="false" value="wsdlPort=aaa:op=bbb:nameSpace=ccc"/>      </filters>   </RequestMetrics></Config>

Q36

Topic: WebSphere platform messaging , high availability messaging

在 High availability messaging 的架構下, the architecture rovides for multiple message driven beans to utilze a common queue and single persistent store, as shown in the following figure.

所以在本題中, 若要讓 所有 cluster member 的 MDB1 instance 能夠由 Destination1 取得訊息, 需要讓所有的 MDB1 instace 在所有的 cluster member 執行. 所以答案為: enable the option Always activate MDBs in all servers on MDB1s activation specification.

圖片:16-MDBHighAvail

Messaging and High Availability

Ref:

• Ch15-24, ch15-25 in WAS61 course material
• Clustering theory and concepts [27]
• Service Integration Technologies - High Availability [28]

Q37

Topic: WebSphere platform messaging , high availability messaging

當 high availabile manager (HA Mgr) 執行 failover 機制, 啟動另一台 message engine 後, 若先前的 ME 回復正常, HA Mgr 不會再轉回去回來的 ME, 常新的 ME 正常運作時。

Q38

Topic: Session persistence

在設定 session 的 memory-to-memory replication 時, 要先設定 replicatoin domain (Environment > Replication Domains > New)。之後, 再去設定 server 的 memory-to-memory configuration (Application Server >> <server name> >> Session Management >> Distributed environment settings >> Memory-to-memory)。當中, 要選擇 server 的 session 的 replication domain 及 replication mode。

Setting the replication domain for memory-to-memory replication

Ref:

• ch14-27 ~ ch14-30 in WAS 61 course material

Q39

Topic: Session affinity; session affinity and failover

Any cluster member in the server cluster has the ability to see any user’s session saved to persistent storage. If one of the cluster members fail, the user can continue to use session information from another cluster member in the server cluster. This is known as (Session) failover.

With cluster members, the Web server plug-in provides affinity routing among cluster member instances. [P729 (chapter 10 session managment) in WAS 61 System Management and configuration.]

Ref: Chapter 10 Session Management in WAS 61 System Management and configuration

補充資料

Session affinity

The Servlet 2.4 specification requires that an HTTP session be:

• Accessible only to the Web application that created the session.

The session ID, but not the session data, can be shared across Web applications.

• Handled by a single JVM for that application at any one time

Session affinity and failover

Server clusters provide a solution for failure of an application server. Sessions created by cluster members in the server cluster share a common persistent session store. Therefore, any cluster member in the server cluster has the ability to see any user’s session saved to persistent storage. If one of the cluster members fail, the user can continue to use session information from another cluster member in the server cluster. This is known as failover. Failover works regardless of whether the nodes reside on the same machine or several machines. See Figure 10-7 on page 691.

Q40

Topic: HTTP server remote administration; Create a managed node

Ref: Section: 8.3.4 IBM HTTP Server remote administration in red book: WAS 61 System Management and configuration

Managed Node: A managed node is a HTTP server that can be administrated by a node agent.

Q41

Topic: Session Affinity

Ref: Section Affinity in red book: WAS 6.1 System Management and Configuration

According to the Servlet 2.4, only a single cluster member can control and access a given session at a time. The requests derived from the session cannot be processed by other cluster members.

Q42

Q: What does backupConfig backup?

A: Profile configuration.

Topic: 5.9.1 Backing up a profile configuration

Ref: pp. 259-260 in read book: WAS 6.1 System Management and Configuration.

Use the backupConfig command to back up a profile. The command will zip the configuration file and store it in the current directory or a specified file name. The zip file can be restored using the restoreConfig command. By default, backupConfig will stop all servers in the configuration before performing the backup.

 

Q43

Q: Where can administrator find binding information for an application

A: In the deployment descriptors.

Topic: J2EE Packaging

Ref: p13 in IBM Websphere deployment and advanced configuration by Barcia et. al.

Deployment descritpros

Descriptors describe the contents of various J2EE modules and are used by the container when deploying an application.

Standard J2EE deployment descritpros define elements or references to other elements. The IBM binding file (ibm-application-bnd.xmi) is used to map elements and references into the runtime environment.

You can find the binding information in the IBM binding files which are a type of deployment descriptors.

Q44

Q: Which of the following statements best describes the type of data collected by request metrics (RM)?

A: Tracks individual transaction, recording the processing time for each component

Topic: Performance monitor

Ref:

1. WASv6_PMRM_article_v1.pdf
2. Measuring performance of WebSphere Process Server applications using the Request Metrics tool

"The Request Metrics (RM) tooling was introduced in WebSphere Application Server Version 6 (hereafter called Application Server) to monitor applications performance by tracking individual transactions through a recording of the processing time in selected Application Server components." Measuring performance of WebSphere Process Server applications using the Request Metrics tool

 

Q45

A: Using wasadmin, invoke the setInstrumentationLevel operation on the PerfMBean.

Topic: Enabling PMI data collection

Ref:

• Enableing PMI using the was admin

You can use the command line to enable Performance Monitoring Infrastructure (PMI). Using wsadmin, you can invoke operations on Perf Mbean to obtain the PMI data, set or obtain PMI monitoring levels, and enable data counters.

If PMI data are not enabled yet, you need to first enable PMI data by invoking setInstrumentationLevel operation on PerfMBean.

要從 admin console 啟動 PMI: Monitoring and Tuning >> Performance Monitoring Infrastructure (PMI) >> Enable Performance Monitoring Infrastructure (PMI). 所以選項 C, D 是錯誤的.

Enable PMI from admin console

Q46

A: reduce server start time and memory footprint

Topic: runtime provision

Ref:

• Online presentation
• WebSphere Application Server 管理密技與性能調校
• IBMо WebSphereо Application Server V7

Websphere runtime provision

The runtime provisioning component analyzes the deployed applications on the application server to determine which runtime components to enable to successfully run the application. If some components, for example the runtime for Enterprise Java Beans, is not required to run the deployed applications, that particular component will not be enabled, resulting in a lower memory footprint for the application server.

 

Q47

A: Increase the sie of the large object area (LOA)

Topic: Performance; large object area

Ref: How to allocate large objects into Large Object Area on IBM

Problem(Abstract)

IBM Sovereign 1.4.2 SDK SR1 and later (build date of 20050209 and later) supports the configuration of Large Object Area to reserve the Java™ heap for allocating large objects (>=64 KB).

Cause

As objects are allocated and freed, the heap can become fragmented in such a way that allocation can be met only by time-consuming compactions. This problem is more pronounced if an application allocates large objects. In an attempt to alleviate this problem, the large object area (LOA) is allocated. Fragmentation is genarally only an issue with the 1.4.2 SDK and prior. In the 1.5 SDK and later, the LOA size is automatically controlled by the garbage collector.

Q48

A: View advice messages in Tivoli Performance Viewer (TPV) by clicking the Advisor link

Topic: Performance monitoring

Ref:

• Obtain advice from advisors
• Chapter 11 in WAS V7 Administration and Configuration Guide

Path for Tivoli Performance Viewer: Monitoring and Tuning >> Performance Viewer >> Current Activity >> <Server Name> >> Advisor

Tuning WebSphere® Application Server is a critical part of getting the best performance from your Web site. However, tuning WebSphere Application Server involves analyzing performance data and determining the optimal server configuration. This determination requires considerable knowledge about the various components in the application server and their performance characteristics. The performance advisors encapsulate this knowledge, analyze the performance data, and provide configuration recommendations to improve the application server performance. Therefore, the performance advisors provide a starting point to the application server tuning process and help you without requiring that you become an expert.

 

Q49

A: The WebSphere Application Server Network Deployment cells CIM repository.

Topic: Centralized Installation Manager (CIM)

Ref:Centralized Installation Manager [29]

CIM repository holds packages that are available for remote installation.

Q50

A: External HTTP Server, HTTP Server Plug-in, embedded HTTP Server and Web Container

Topic: Application Flow

Ref: p71 in chapter 2, WebSphere Application Server V6: System Management and Configuration Handbook

Application flow in WAS

 

Q51

A: Configure dynamic caching

Topic: Dynamic cache service

Ref: p31 in chapter 2, WebSphere Application Server V6: System Management and Configuration Handbook

The dynamic cache service improves performance by caching the output of servlets, commands, Web services, and JSP files. The dynamic cache works within an application server, intercepting calls to objects that can be cached, for example, through a servlet's service() method or a command's execute() method. The dynamic cache either stores the object's output to or serves the object's content from the dynamic cache.

 

Q52

A: A job manager which administers multiple application server nodes through administrative agent.

Topic: Flexible management technology

keyword: job manager

Administrative Agent 是將 Application Server 原本中的管理工作分離出來, 獨自成為一個 agent.

Job manager 提供一個非同步化的管理工作執行機制, 以克服 internet 的不穩定的情況. . The management model relies on the submission of management jobs to these remote endpoint, which can be either a WebSphere Application Server (base) admin agent or Network Deployment deployment manager.

Job manager topologies

Ref:

• What's new in WebSphere Application Server V7
• System administration for WebSphere Application Server V7: Part 3: Administering a flexible management topology

 

Q53

A: not shared, push only, both push and pull.

Topic: Dynamic caching service

Path to enable dynamic cache service: Server >> Application servers >> ${server} >> Container Service >> Dynamic Service

Dynamic Cache Example

Ref:

• Dynamic cache [30]
• Data Replication Service [31]
• Tuning guide for dynamic cache and data replication service [32]
• Dynamic Cache replication using DRS [33]

Cache Replication Cache Replication allows cached objects to be shared across multiple server in a cluster.

There are three primary replication settings for dynamic cache that control the amount and type of information, including the object name, the object value, and invalidation messages, that flows between servers:

• NOT_SHARED: no objects or IDs are shared with the server, except when invalidate.
• SHARED_PUSH: the cached object and its ID are sent to all servers in the replication domain at the time that the object is placed in cache. This makes the object immediately available to the applications on other servers. It also speeds up application server performance at the expense of greater network traffic and additional I/O churn, in the case of objects that are cached in disk.
• SHARED_PUSH_PULL: the cached object is kept locally to the server that created it, but the cache ID is shared with other servers. If a remote server needs the object, it requests the object by name from the creating server.

 

Q54

A: Lease-based exclusive locks on files

Topic: Deployment for transactional high availability; administering the transaction service

The high availability of the transaction service enables any server in a cluster to recover the transactional work for any other server in the same cluster. This facility forms part of the overall WebSphere® Application Server high availability (HA) strategy.

Peer recovery processing The standard recovery process that is performed when an application server restarts is for the server to retrieve and process the logged transaction information, recover transactional work and complete indoubt transactions. Completion of the transactional work (and hence the release of any database locks held by the transactions) takes place after the server successfully restarts and processes its transaction logs. If the server is slow to recover or requires manual intervention, the transactional work cannot be completed and access to associated databases is disrupted.

To minimize such disruption to transactional work and the associated databases, WebSphere Application Server provides a high availability strategy known as transaction peer recovery.

Peer recovery is provided within a server cluster. A peer server (another cluster member) can process the recovery logs of a failed server while the peer continues to manage its own transactional workload. You do not have to wait for the failed server to restart, or start a new application server specifically to recover the failed server.

Ref:

• Transactional high availability [34]
• How to choose between automated and manual transaction peer recovery [35]
• Administering the transaction service [36]

 

Q55

A: Spread messaging workload across multiple servers.

Topic: messaging, multiple Service Integration buses (SIBus)

Ref: 參考投影片 WebSphere Application Server Messaging Configuring and using MQ. 此投影片對 MQ 及 SIBus 的概念有詳細的介紹, 說明在 was 上各種不同的 Message 的 configuration.

Q56

A: Flexible management can be an alternative to the network deployment cell model.

job manager 不能夠執行 deploy manager 的所有工作. job manager 的主要工作是告訴 deployment manager 做什麼事. 工作的執行交由 delopyment manager 來負責.

Topic: Flexible management technology.

Ref: Q52

Q57

A: Session management can persist session-related information in several ways.

Topic: Session management

Use memory-to-memory replication 或者 database 來儲存 session 的資訊.

Ref: 12.5 Session identifiers in WAS 6 System Management and Configuration Handbook

WebSphere supports three approaches to track sessions:

1. Secure Sockets Layer (SSL) session identifiers, where SSL session information is used to track the HTTP session ID.
2. Cookies, where the application server session support generates a unique session ID for each user and returns this ID to the user’s browser using a

cookie. The default name for the session management cookie is JSESSIONID. Using cookies is the most common method of session management.

1. URL rewriting

Ref: p38 in WAS 6 System Management and Configuration Handbook

High Availability Manager has been added with the intent of eliminating single points of failure. It is responsible for running key services on available application servers, rather than on a dedicated one such as the deployment manager.

Ref: p18 in WAS 6 System Management and Configuration Handbook

Q58

A: Request Metrics; Tivoli Performace viewer (TPV)

Topic: Performance tuning.

Ref:

• IBM WebSphere Developer Technical Journal: Writing PMI applications using the JMX interface
• IBM WebSphere Developer Technical Journal: Writing a Performance Monitoring Tool Using WebSphere Application Server's Performance Monitoring Infrastructure API

WebSphere Application Server contains a basic viewer for looking at PMI data, the Tivoli® Performance Viewer (TPV), with which users can look at various graphs and values of PMI counters. Many third party tools that use these PMI interfaces are also available, often used for identifying thresholds for PMI counters and for helping customers tell when a Web site is experiencing a performance problem.

 

Q59

A: SDK fix pack

Ref: Recommended fixes for WebSphere Application Server

Feature Packs: IBM® WebSphere® Application Server Feature Packs are optionally installable product extensions that offer targeted, incremental new features. [37]

SDK fix packs: fix packs for SDK used by the WAS.

Q60

A: Tivoli Performance Viewer

Topic: Performance monitoring

Ref: IBM WebSphere Developer Technical Journal: Writing a Performance Monitoring Tool Using WebSphere Application Server's Performance Monitoring Infrastructure API

Q61

kw: Enable PMI using administrative console.

Topic: Performance Monitoring Infrastructure (PMI)

Ref:

• Enabling PMI using the administrative console
• 11.2 Enabling monitoring infrastructures in WebSphere Application Server V7 Administration and Configuration Guide

Procedure

  1. Open the administrative console.  2. Click Servers > Application Servers in the console navigation tree.  3. Click a server.  4. Click the Configuration tab.  5. Click Performance Monitoring Infrastructure (PMI) under Performance.  6. Select the Enable Performance Monitoring Infrastructure (PMI) check box.  7. Optionally, select the check box Use sequential counter updates to enable precise statistic update.  8. Optionally, choose a statistic set that needs to be monitored under Currently Monitored Statistic Set.  9. Optionally, click on Custom to selectively enable or disable statistics. Choose a component from the left side tree and enable or disable statistics on the right side table. Go back to the main PMI configuration page by clicking the Performance Monitoring Infrastructure link. 10. Click Apply or OK. 11. Click Save. 12. Restart the application server. The changes you make will not take effect until you restart the application server.

 

Q62

ORB: Object Request Broker

Go to: Servers >> Application Servers >> ${server_name} >> Thread Pools to see the thread pools in the application server.

Thread pools managed by a application server

Ref:

• Thread pool settings [38]

 

Q63

A: manageprofiles

manageProfiles 命令也可以用來 backup 及 restore profiles.

答案 A, B, D 的語法錯誤

wsadmin 指令不能來 backup and restore profiles, 但可以 import 及 exprot profiles.

Topic: Managing profiles

Ref: manageprofiles command

 

manageprofiles command

The manageprofiles command line tool creates all application server runtime environments. The command creates a profile, which is the set of files that define the runtime environment for a stand-alone application server.

The manageprofiles command creates the runtime environment for a WebSphere Application Server process in a set of files called a profile. The profile defines the runtime environment and includes all of the files that the server processes in the runtime environment can change.

The manageprofiles command and its graphical user interface, the Profile Management tool, are the only ways to create runtime environments.

The manageprofiles command is used to perform the following:

• create a profile (-create)
• delete a profile (-delete)
• augment a profile (-augment)
• unaugment a profile (-unaugment)
• delete all profiles (-deleteAll)
• list all profiles (-listProfiles)
• get a profile name (-getName)
• get a profile path (-getPath)
• validate a profile registry (-validateRegistry)
• validate and update a profile registry (-validateAndUpdateRegistry)
• get the default profile name (-getDefaultName)
• set the default profile name (-setDefaultName)
• backup a profile (-backupProfile)
• restore a profile (-restoreProfile)

 

backupConfig command

The 'backupConfig' command is a simple utility to back up the configuration of your node to a file. Issue the command from the profile_root/bin directory. [39]

Syntax:

backupConfig.sh backup_file [options]

restoreConfig command

Use the restoreConfig command to restore the configuration of your node after backing up the configuration using the backupConfig command. Issue the command from the profile_root/bin directory. [40]

Syntax:

 restoreConfig.sh backup_file [options]

wsadmin tools

he WebSphere Application Server wsadmin tool runs scripts. You can use the wsadmin tool to manage WebSphere Application Server as well as the configuration, application deployment, and server run-time operations. [41]

Do not pass in empty strings in place of command options. The wsadmin tool displays general help information if you specify an empty string as the command option. Use the following command-line invocation syntax for the wsadmin scripting client:

wsadmin [-h(help)] [-?] [-c <commands>] [-p <properties_file_name>] [-profile <profile_script_name>] [-profileName <profile_name>][-f <script_file_name>] [-javaoption java_option][-lang language] [-wsadmin_classpath classpath][-conntype SOAP [-host host_name]   [-port port_number] [-user userid] [-password password] | [-conntype RMI [-host host_name]    [-port port_number] [-user userid] [-password password] | NONE]

Q64

A: the wsadmin script; the -Xverbosegc command-line option; the -Xoptionsfile command-line options with appropriate text file.

Topic: tunninh and debugging

選項 B, E 是用在 java 指令, ex: java -verbose:gc Ref:

• Enabling verbose garbage collection (verbosegc) in WebSphere Application Server
• Using verbose garbage collection to analyze IBM WebSphere Portal memory concerns

 

Q65

A: Ther will be a Property element under ServerCluster with a Name attribute which includes the new cluster members name.

Topic: Session affinity

Ref: p628 in WebSphere Application Server V7 Administration and Configuration Guide

The application server ID can be seen in the Web server plug-in configuration file, plug-in-cfg.xml file, as shown in Example 12-4. Example 12-4 Server ID from plugin-cfg.xml file

<?xml version="1.0" encoding="ISO-8859-1"?><!--HTTP server pluginconfig file for the cell ITSOCell generated on 2004.10.15 at 07:21:03PM BST--><Config>......<ServerCluster Name="MyCluster"><Server CloneID="vuel491u" LoadBalanceWeight="2"Name="NodeA_server1"><Transport Hostname="wan" Port="9080" Protocol="http"/><Transport Hostname="wan" Port="9443" Protocol="https">......</Config>

Q66

Topic: wsadmin management objects

Ref: 8.1 Overview of WebSphere scripting in WebSphere Application Server V7 Administration and Configuration Guide

沒有 AdminDeploy 這個指令

Management objects in wsadmin scripting

Help object The Help object provides a quick way to get information about methods, operations, and attributes while using scripting.

AdminControl object: work on running objects and connected server

The AdminControl object is used for operational control. It communicates with MBeans that represent live objects running a WebSphere server process. It includes commands to query existing running objects and their attributes and invoke operations on the objects. In addition to the operational commands, the AdminControl object supports commands to query information about the connected server, convenient commands for client tracing, reconnecting to a server, and starting and stopping a server.

Note that because the AdminControl object operates on live MBeans, it cannot be used to start a deployment manager, node agent, or standalone application server.

AdminConfig: Work on configuration objects

The AdminConfig object is used to manage the configuration information that is stored in the repository. This object communicates with the WebSphere Application Server configuration service component to make configuration inquires and changes. You can use it to query existing configuration objects, create configuration objects, modify existing objects, and remove configuration objects. In a distributed server environment, the AdminConfig commands are available only if a scripting client is connected to the deployment manager. When connected to a node agent or a managed application server, the AdminConfig commands will not be available because the configuration for these server processes are copies of the master configuration that resides in the deployment manager.

AdminApp: Work on deployed applications

The AdminApp object can update application metadata, map virtual hosts to Web modules, and map servers to modules for applications already installed. Changes to an application, such as specifying a library for the application to use or setting session management configuration properties, are performed using the AdminConfig object.

AdminTask: An alternative way for configuration and running objects.

The AdminTask object is used to access a set of task-oriented administrative commands that provide an alternative way to access the configuration commands and the running object management commands.

Q67

A: From the web servers list, select a particular web server. In the properties view, click Plug-in properties.

View plug-in configuration file from admin console

Q68

Keyword: Select "Class loaded with local class loader first" on the settings page for the Web modules class loader.

Path to set the class loader policy for a web module:

 Applications >> Enterprise Application >> ${applicationName} >> Manage Modules >> ${webModuleName} >> Class loader order

Set web module class loader

Q69

JMS point-to-point messaging and the default messaging provider

JMS publish/subscribe messaging and the default messaging provider

Ref:

• JMS queue resources and service integration [42]
• JMS topic resources and service integration [43]

Q72

A: The application server class loader

Topic: class loader; shared library; native libraries.

 

注意到這題中沒有用到 isolated share library, 所以 library 要和 application class loader 關聯在一起.

Native libraries cannot be loaded more than once by a class loader. Thus, it is preferable for native libraries to use 1)an isolated shared library or 2)to be loaded within shared libraries associated with the class loader of an application server. See the Use an isolated class loader for this shared library setting.[44]

Isolated share library 請參考 Q31

web module, enterprise application, 及 application server 都有自己的 class loader. Shared library 要設在 application server 的層級, 這樣 shared library 中的類別才能給不同的 enterprise application, web module 分享使用.

Ref:

• Java Class loader overview
• IBM WebSphere® Application Server Version: V6.1 Architecture

Q73

Q: What is the most common role that naming plays in WehSphere Application Server?

A: Allows applications to obtain references to objects such as EJB homes.

Q74

A: connection factories

J2EE Connector Architecture

Topic: J2EE Connector factory

Ref:

• The J2EE Connector Architecture's Resource Adapter

ConnectionFactory is an interface that allows an application component to get a connection to an EIS instance. An application establishes a connection through the getConnection method. Then, this method must ask the application server to allocate a connection through the server's ConnectionManager.allocateConnection method. The resource adapter relinquishes this responsibility to the application server since the server is in charge of pooling connections and providing other services. Any of the resource adapter's specific request information must be passed to the ConnectionManager.allocateConnection method through the ConnectionRequestInfo parameter. The method getConnection can be overloaded if the EIS requires additional functionality. Below is a code sample that illustrates how an EIS vendor might implement this interface.[45]

Q75

A: JDBC provider

Topic: Accessing database from WebSphere

Ref: p.492 in WebSphere Application Server V7 Administration and Configuration Guide

Note:

• JCA: the J2EE Connector Architecture (JCA) ??

 

Q76

Topic: Packaging applications for deployment

Application scope is a new scope for J2EE resource definitions. The resource definitions are in the application contex of the configuration tree. The Application Server Toolkit (AST) and wsadmin can be used to view/modify an application scope resource.

An enhanced EAR file contains a simple embedded configuration archive. This is where users can define the required configurations for the application, such as, Resources, Virtual Hosts, Shared Library, etc. The application resources and properties come with the application. All the application information needed to install the application on the Application Server is included. In this way, users can deploy an application and create its required configurations all in one shot. And, moving an application from one server to another, moves the required resources as well. A WebSphere enhanced EAR is a regular JEE EAR file, but with additional configuration information for resources required by JEE applications. While adding this extra configuration information at packaging time is not mandatory, it can simplify deployment of JEE applications to WebSphere if the environments where the application is to be deployed are similar.

The supplemental information in an Enhanced EAR is modified by using the WebSphere Application Server Deployment editor. The information itself lives in XML files in a folder called ibmconfig in the EAR file’s META-INF folder.

Enhanced EAR file contents

Ref:

• Managed Application Resoures [46]
• 14.8 WebSphere Enhanced EAR in WebSphere Application Server V7 Administration and Configuration Guide

Q77

First Step Options

Q78

A: Create the CIM repository using the Installation Factory

Topic: Centralized intallation manager

The CIM repository is a directory on your file system that contains files that are available for remote installation. This directory can be created and associated with your WebSphere Application Server installation at installation time, or later, using the Installation Factory tool. This repository can contain installation packages for each platform to which you will be installing remotely, regardless of the local platform.

Ref:

• 7th slide in [47]

Q79

A: The system administrator is installing a variant of WebSphere Application Server that is not Network Deployment.

WebSphere Profile types

Ref: p6 in WebSphere Application Server V7 Administration and Configuration Guide

Q80

Q: Which of the following options in NOT a valid method of running the Profile Management Tool?

Topic: Profile management

A: Select System Administration >> Run Profile Management Tool in the administrative console.

Administrative console 沒有提供 profile management 的功能, 因為已經進入 runtime 了.

 

2.1.7 Profile generation Profiles can be created at any point of time during or after installation by using graphical or command line tools. The profile management tools provided with WebSphere Application Server are:

• The manageProfiles command: Command line interface for profile management functions.
• Profile Management Tool (PMT): A GUI interface that gathers user input and invokes the manageprofiles command line tool to manage the profiles.

Ref: Chapter 2 in WebSphere Application Server V7 Administration and Configuration Guide

81

Q: How is the response file specified in a silent installation scenario?

A: Specified as a command-line option on the install command

Ref: p109 in WebSphere Application Server V7 Administration and Configuration Guide.

2.4.5 Creating a profile in silent mode with PMT Profiles can also be created in silent mode using a response file. The command to use is:

pmt(.sh) -options response_file -silent

The command to start the wizard is platform-specific and is located in install_root/bin/ProfileManagement.

You can use a response file when creating future profiles to populate the input fields with values contained in the response file.

Q82

A: The administrator can disable Application1 Security

問題中的 administrator 並沒有 assing 任何的 role 給新的 App1Domian 下的使用者 App1Admin. 所以, App1Admin 不能 disable application1 security.

另外, App1Admin 的使用者資料在 local OS register, 沒有在 file-based federated repository. Administrative applications will use the global security configuration. 所以, App1Admin 不能 access the administrative console.

第三, 因為 Applicatin1 的安全已啟動, 所以 administrator 沒有辨法 access application1. Security configuration data stored with these domains will override the data from the global security configuration stored at the cell level.

The global security configuration is still used by administrative applications, and is the default configuration used by user applications.

Ref:

• Multiple security domains [48]
• p164 WebSphere Application Server V6: System Management and Configuration Handbook

Global Security

The user ID specified during login is used to track configuration changes made by the user. This allows you to recover from unsaved session changes made under the same user ID, for example when a session times out or the user closes the Web browser without saving. The user ID for login depends on whether WebSphere global security is enabled.

• WebSphere global security is not enabled:

If global security is not enabled, you can enter any user ID, valid or not to log in to the administrative console. The user ID is used to track changes to the configuration, but is not authenticated. You can also simply leave the User ID field blank and click the Log In button.

• WebSphere global security is enabled.

If global security is enabled, you must enter a valid user ID and password.

Q83

A: By mapping application roles to users or groups within the WebSphere user registry.

Topic: J2EE Application Security

Multiple security domain

Ref: 6th slide in [49]

Q84

???

Q85

Topic: Multiple Security domains

WebSphere security domains are now more flexible and can be scoped to specific

• cells,
• servers,
• clusters, or
• service integration buses

in an environment. Security configuration data stored with these domains will override the data from the global security configuration stored at the cell level. The global security configuration is still used by administrative applications, and is the default configuration used by user applications.

Ref:

• Multipe Security Domains [50]

 

Q86

A: The password to the AuditkeyStore

Topic: audit encryption

Ref:

• Part 6: (Optional) Encrypt the audit logs in WASv7 Audit Lab

Note: A keystore is a repository of security certificates, either Certification Authority Certificates or Public key certificates - used for instance in SSL encryption. [51]

 

Q87

A: An administrator user account that has auditor role access must be used

Topic: Security auditing

Security auditing is designed to create and provide auditing records that can be used to ensure the integrity of a secured environment. Auditing can be configured to capture data on authentication, authorization and other security events. This data is then stored in audit even records which provide an audit trail which can be used for vulnerability analysis, to identify accountability for key events and to provide a mechanism to comply with certain regulatory laws.

A new security role is also introduced with the security audit feature. This is done so that the auditing security role can be separate from the administrative security role in an environment. At installation time the default administrative user is granted the auditor role; this can then be changed to setup a separate user with the auditor role, which has the ability to grant the auditor security role to other users and to manage the auditing configuration. The auditor role is not yet supported in the fine-grained security administration feature.

Ref: 11th slide in Security auditing

 

Q88

A: SIBus messaging engine cannot be managed by fine-grained administration.

Topic: Fine-grained administrative security

Ref: 4th slide in Fine-grained administrative security [52]

Fined-grained administrative security

可以定義每個資源上的各別使用者. Resources 可以是: Cells, node groups, nodes, clusters, servers and applications. 注意 SIBus 不能使用 fine-grained administrative security.

In WebSphere Application Server version 7, administrative security is more fine-grained, allowing more specific configuration options. The administrative roles are now scoped to resource instances instead of the entire cell. Access can be granted to each user per resource instance. For example a user can only be granted configurator access to specific application, an application server or a node. That user cannot access any other resources outside assigned resources. In this release fine-grained security can be configured through the administrative console or using with wsadmin scripts. There is no support offered to use fine-grained security with service integration bus resources.

• Fine-grained administrative security
  • WebSphere Application Server V7 provides fine- grained administrative capability
  • Users can now be defined with administrative roles on a specific set of resources: Cells, node groups, nodes, clusters, servers and applications
  • Supported through the administrative console and a wsadmin scripting interface
  • No support for service integration bus resources

 

Q89

A: Use the Manage Users page in the administrative console and change the primary administrative user's password.

Topic: Administrative security

Ref:

• Administrative Security Overview
• Messaging enhancements [53]

 

• Security Administration [54]

Change administrator password

 

Q90

A: Map the connection factory;s authentication alias to the bus connector role

Ref:

• Configuring users and groups in the bus connector role
• Messaging enhancements

Version 6.1 also makes it easier for you to create a robust security configuration for your messaging resources. The bus security options in previous versions were relatively limited. New wsadmin tasks and a new “bus security” panel in the administrative console enable you to easily enable or disable security for your messaging resources.

Bus Connector role

Bus security requires administrative security to be enabled, which is the default in this release. You can also use the bus security configuration to select the transport chains that can be used for bus communication, enable client authentication, and assign bus users to authorization roles. By default, external clients will be denied access to a secured bus, even with valid credentials, because they need to be explicitly added to the “bus connector” role to access bus resources.[55]

Users must be authorized to connect to a service integration bus.

On the Configuration pane to add a user or group to the bus connector role, there are three users or groups you can add: Configuring users and groups in the bus connector role

• Group name: Give a specified group the bus connector role.
• User name: Give a specified user the bus connector role.
• Server: The server identity. This represents the identity of a WebSphere® Application Server. Using the server identity for a JMS message-driven bean (MDB) is not supported.
• Everyone: All users connecting in. If this is specified then users are able to connect without authenticating. These users are treated as anonymous users.
• AllAuthenticated: All users that have authenticated to the bus. This results in the group AllAuthenticated being added to the authorization model.

Q91

A: Distributed environment settings in the web container.

Topic: 12.7 Persistent session management

Ref:

 * Fig 12-5 in WebSphere Application Server V7 Administration and Configuration Guide * Fig 12-14 in WebSphere Application Server V7 Administration and Configuration Guide

There are two ways to configure session persistence as shown in Figure 12-5:

• Database persistence, supported for the Web container only
• Memory-to-memory session state replication using the data replication

service available in distributed server environments

 

Q92

A: Dynamic cache replication; HTTP session persistence and failover; Stateful session EJB persistence and failover.

Topic: Data Replication Service (DRS)

Ref: Q10.

 

Q93

A: enable mixed nodes with different capabilities within the same cell for administration purposes.

Topic: 6.5 Working with nodes in a distributed environment

Ref:

• System Management - Node Group

• Creating a node group [56]

Node Groups allow nodes of similar capabilities to be logically grouped together within a cell. This grouping of nodes allows for the validation of capabilities of a defined Node Group before performing specific functions. For example, a specific function like adding a node would be checked to see if the node that you are adding has same capabilities as the nodes in the Node Group. There always exists a Node Group definition in V6, and in most cases, the default should be sufficient.

In a distributed environment, you can have nodes in a cell with different capabilities. However, there are restrictions on how the nodes can coexist. Node groups are created to group nodes of similar capability together to allow validation during system administration processes. Effectively, this means that a node group establishes a boundary from which servers can be selected for a cluster.

Ref: 6.5.5 Node groups in WebSphere Application Server V7 Administration and Configuration Guide

 

Q94

A: Use the Load Balancer component of the Edge Components

Topic: Load balancer; Edge Components overview

Ref:

• WebSphere Application Server Network Deployment, Edge Components Overview

Q95

A: Unmanaged HTTP servers

Topic: External server

Ref: 2.3.4 External servers (P24) in WebSphere Application Server V6: System Management and Configuration Handbook

Unmanaged Web server nodes, as the name implies, are not managed by WebSphere. You normally find these outside the firewall, or in the demilitarized zone. You must manually copy or FTP Web server plug-in files to the Web server. However, if you define the Web server as a node, you can generate custom plug-in files for it.

Q96

A: The provided answer is: First register with a local administrative agent, and then register with the job manager.

But, accordning to the content in page 45 in WebSphere Application Server V7 Administration and Configuration Guide, the answer should be: Register directly with job manager.

Topic: 2.1.6 Job manager profile

Ref:

• p45 in WebSphere Application Server V7 Administration and Configuration Guide
• Flexible management configuration

To participate in flexible management, a standalone application server first registers itself with the administrative agent. The administrative agent must then register the node for the application server with the job manager.

If a deployment manager wants to participate in an environment controlled by a job manager, the deployment manager registers directly with the job manager; no administrative agent is involved in this case.

 

 

Q97

A: job manager and Deployment manager

Topic: flexible management environment

Job manager topologies

Q98

A: the deployment manager if its administrative security is enabled

Topic: administrative console; System management in a distributed server environment

Ref:

• System management
• 3.1.3 System management in a distributed server environment in WebSphere Application Server V6: System Management and Configuration Handbook

Administrative console

The administrative console is a Web-based interface that provides configuration and operation capability. The administrator connects to the application using a Web browser client. Users assigned to different administration roles can manage the application server and certain components and services using this interface.

The administrative console is a system application, crucial to the operation of WebSphere and, as such, is not exposed as an enterprise application on the console. In stand-alone application servers, the administrative console runs in the application server. In the Network Deployment distributed server environment, the administrative console application runs on the deployment manager. When a node is added to a cell, the administrative console application is deleted from the node and the configuration files are integrated into the master cell repository that the deployment manager maintains.

Source: P68 in WebSphere Application Server V6: System Management and Configuration Handbook

WebSphere provides the following managed servers and processes:

• Deployment manager provides a single point to access configuration

information and control for a cell. The deployment manager aggregates and communicates with the node agent processes on each node in the system.

• Node agent aggregates and controls the WebSphere managed processes on

its node. There is one node agent per node.

• Application server is a managed server that hosts J2EE applications.

Source: P69 in WebSphere Application Server V6: System Management and Configuration Handbook

Q99

A: HTTP Session replication and Stateful Session bean replication

Topic:

Ref:

• 12.9.2 Memory-to-memory replication in WebSphere Application Server V6: System Management and Configuration Handbook

Replication domain

The memory-to-memory replication function is accomplished by the creation of a data replication service instance in an application server that communicates to other data replication service instances in remote application servers. You must configure this data replication service instance as a part of a replication domain. Data replication service instances on disparate application servers that replicate to one another must be configured as a part of the same domain. You must configure all session managers connected to a replication domain to have the same topology. If one session manager instance in a domain is configured to use the client/server topology, then the rest of the session manager instances in that domain must be a combination of servers configured as Client only and Server only.

If one session manager instance is configured to use the peer-to-peer topology, then all session manager instances must be configured as both client and server. For example, a server-only data replication service instance and a both client and server data replication service instance cannot exist in the same replication domain. Multiple data replication service instances that exist on the same application server due to session manager memory-to-memory configuration at various levels that are configured to be part of the same domain must have the same mode.

You should create a separate replication domain for each consumer. For example, create one replication domain for session manager and another replication domain for dynamic cache. The only situation where you should configure one replication domain is when you configure session manager replication and stateful session bean failover. Using one replication domain in this case ensures that the backup state information of HTTP sessions and stateful session beans are on the same application servers

Source: p642 WebSphere Application Server V7 Administration and Configuration Guide

 

Q101

Keyword: scalability with high availability; messaging engine policy

Ref: Scalability with high availability messaging engine policy

Scalability with high availability messaging engine policy

The scalability with high availability messaging engine policy is a predefined messaging engine policy type that is provided when you use messaging engine policy assistance. It helps you to configure a cluster that is a member of a bus when you require both high availability and scalability in the cluster.

The scalability with high availability configuration ensures that there is a messaging engine for each server in a cluster, and that each messaging engine has a failover location.

The scalability with high availability messaging engine policy creates a single messaging engine for each server in the cluster. Each messaging engine can fail over to one other specified server in the cluster. Each server can host up to two messaging engines, such that there is an ordered circular relationship between the servers. Each messaging engine can fail back, that is, if a messaging engine fails over to another server, and then the original server becomes available again, the messaging engine automatically moves back to that server. [57]

Q102

About SIBuses in a cell:

• A cell may host multiple buses
• Each bus can have servers and clusters as bus members
• A single SIBus cannot span multiple WAS cells
• Bus destinations are associated with one or more bus members, therey by associating it with the corresponding MEs. (ch15-17 in WAS1 Course Material)

圖片:15-MessageEngine

Message Engine

補充: Message Engine, destinations

A SIBus member can be a server or a cluster. Each bus manger contains a Message Engine (ME). Message Engines are to manage messageing resources. A common pattern is one ME per server. MEs provide a connection point for clients to put or get messages. A cluster can multiple MEs for high availability. Within a bus, each Messaging Engine has a unique identity.

One Messaging Engine is automatically created for the application server or the cluster when defining a new bus member.

The data store preserves messages, subscriptions, and so on, so that they survive if the server or messaging engine is stopped and restarted. It is also used for the overflow of the non-persistent messages in some Quality of Service options.

Ref:

• ch15-10 in WAS 61 course material
• Service Intergration Technolgies: Architecture [58]

Q103

Unmanaged node 是指 node 沒有 node agent 來管理. 一個 node 沒有 node agent, deploy manager 便無法管理該 node. 如此, 無法透過 administrative console 來將 plug-in 自動 propagate 到 web server 上. 除了這個之外, 其它一切都可以正常運作. 也就是說:

• 可以在 administrative console 產生 plug-in configuration file.
• Application 仍可以使用此 web server.
• Web server 仍可以做 request routing.

Q104

Topic: Cluster

Ref:

• Clusters and workload management
• Creating a cluster: Basic cluster settings

 

A vertical cluster has cluster members on the same node, or physical machine. A horizontal cluster has cluster members on multiple nodes across many machines in a cell. You can configure either type of cluster, or have a combination of vertical and horizontal clusters.

Select Prefer local if you want to enable host-scoped routing optimization. This option is enabled by default. When this option is enabled, if possible, EJB requests are routed to the client host. This option improves performance because client requests are sent to local enterprise beans.

Q105

A: Database persistence to external datastore

Topic: Session management

Q106

A: Memory Dump Diagnostic for Java (MDD4j)

Topic: Diagonistic; memory leak, heap dumps

.phd file is a IBM® heap dump files.

補充資料

Memory Dump Diagnostic for Java (MDD4J)

The Memory Dump Diagnostic for Java tool analyzes common formats of memory dumps (heap dumps) from the Java virtual machine (JVM) that is running the WebSphere® Application Server or any other standalone Java applications. The analysis of memory dumps is targeted towards identifying data structures within the Java heap that might be root causes of memory leaks. The analysis also identifies major contributors to the Java heap footprint of the application and their ownership relationship. The tool is capable of analyzing very large memory dumps obtained from production-environment application servers encountering OutOfMemoryError issues.

IBM Thread and Monitor Dump Analyzer (TMDA)

IBM Thread and Monitor Dump Analyzer (TMDA) provides analysis for Java thread dumps or javacores such as those from WebSphere Application Server. You can analyze thread usage at several different levels, starting with a high-level graphical view and drilling down to a detailed tally of individual threads. If any deadlocks exist in the thread dump, TMDA detects and reports them.

Log Analyzer

Log Analyzer is a graphical user interface that provides a single point of contact for browsing, analyzing, and correlating logs produced by multiple products. In addition to importing log files from multiple products, Log Analyzer enables you to import and select symptom catalogs against which log files can be analyzed and correlated.

Thread Analyzer (Deprecated)

What it's used for: NOTE: Thread Analyzer is deprecated. Please use the recommended tool which is the IBM Thread and Monitor Dump Analyzer for Java. [59]

Description: ThreadAnalyzer provides analysis for Java thread dumps (or Javacores) such as those from WebSphere Application Server. Thread usage can be analyzed at several different levels, starting with a high-level graphical view, and drilling down to a detailed tally of individual threads. If any deadlocks exist in the thread dump, ThreadAnalyzer will detect and report them.

 

Ref:

• Diagnosing problems using IBM Support Assistant Tools [60]
• Locating and analyzing heap dumps [61]

 

 

Q107

A: using the wasadmin command prompt: 注意, 在 AdminControl.invoke 是使用 dumpThreads, 不是 dumpAllThreads

> jvm = AdminControl.completeObjectName('type=JVM,process=server1,*')> AdminControl.invoke(jvm, 'dumpThreads')

Ref:

• Dumping threads in server processes using scripting [62]

Q108

A: : set the log detail level to fine, finer, finest or all.

Topic: Diagnoistic; Enable trace at server startup

Ref: Enable trace at server startup [63]

Use the administrative console to enable tracing at a server's startup. You can use trace to assist you in monitoring system performance and diagnosing problems.

The diagnostic trace configuration settings for a server process determines the initial trace state for a server process. The configuration settings are read at server startup and used to configure the trace service. You can also change many of the trace service properties or settings while the server process is running.

Q109

A: Use appropriate settings for log rotation and number of historical logs.

Top: jvm logs gathering.

Limiting the growth of JVM log files using scripting

You can use scripting to configure the size of Java™ virtual machine (JVM) log files. JVM logs record events or information from a running JVM.

Ref: Limiting the growth of JVM log files using scripting [64]

ffdcRun.properties 檔案是用來設定 The first failure data capture (FFDC) log file [65]

Q110

A: Examine the application server SystemErr.log and look for OutOfMemoryError exceptions and stack traces

去看 SystemErr.log 中找 OutOfMemoryError Exceptions, 看看是那一個 application 產生的例外. A heapdump can be automatically or manually generated when memory leaks occur.

javacore dump is also called thread dump.

Topic: ??

A javacore dump, or a thread dump as it is also called, is one of the primary problem determination documents that an application server creates. Also, the performance impact of creating a javacore dump is usually ignorable. Therefore, in most product environments, you should not suppress the creation of a javacore dump. [66]

 

Q111

A: Memory Dump Diagnostic for java

Topic: memory leak, diagnostic

Ref: Q106

Q112

A: The administrator has not define the jms/CF connection factory at a scope visible to the fourth cluster member.

Topic: JNDI, NameNotFoundException

Ref:

A JMS topic connection factory is used to create connections to the associated messaging provider of JMS topic destinations, for publish and subscribe messaging. [67]

To understand why a naming operation is failing, view the dump of a namespace. You can use the dumpNameSpace tool to dump the contents of a namespace accessed through a name server. The dumpNameSpace tool is based on Java™ Naming and Directory Interface (JNDI). [68]

取自"http://163.17.17.66/mediawiki/index.php/WAS_7_Certification"