Preview only show first 10 pages with watermark. For full document please download

2014-05 Wste Adrian Guang Nikhila

Rating
Date

November 2018
Size

2.4MB
Views

8,806
Categories

Computers & electronics Software Computer utilities Database software

Transcript

® IBM Software Group Deployment Options of Server Components of IBM Decision Optimization Center Adrian Curic ([email protected]) Guang Feng ([email protected]) Nikhila Arkalgud ([email protected]) IBM ILOG Optimization Technical Support Engineers, Level 2 29 May 2014 WebSphere® Support Technical Exchange This session will be recorded and a replay will be available on IBM.COM sites. When speaking, do not state any confidential information, your name, company name or any information that you do not want shared publicly in the replay. By speaking during this presentation, you assume liability for your comments. IBM Software Group Agenda What’s new in IBM Decision Optimization Center V3.8 OpenSSL Heartbleed Vulnerability Walkthrough of Manual Deployment Troubleshooting for Common Pitfalls Management of Jobs Conclusions WebSphere® Support Technical Exchange 2 IBM Software Group What’s new in IBM Decision Optimization Center V3.8 WebSphere® Support Technical Exchange 3 IBM Software Group What's new in IBM Decision Optimization Center V3.8 Brief introduction to IBM Decision Optimization Center Enhanced Security Model New User roles and rights Custom tasks with composite jobs Deploying Applications New Decision Optimization Center Console Some other new features Server platform support WebSphere® Support Technical Exchange 4 IBM Software Group IBM Decision Optimization Center V3.8 New Name - IBM Decision Optimization Center starting V3.8 released in March 2014, previously called IBM ILOG ODM Enterprise IBM Decision Optimization Center: Makes optimization technology accessible to business, enabling intelligent planning and scheduling decisions Empowers business to make better decisions through what-if analysis, scenario management and collaboration Gives R&D a CPLEX-powered development platform for developing innovative Operations Research decision support applications Several editions are available: IBM Decision Optimization Center Developer Edition IBM Decision Optimization Center Optimization Server IBM Decision Optimization Center Optimization Engine IBM Decision Optimization Center Data Server IBM Decision Optimization Center Client Edition IBM Decision Optimization Center Planner Edition WebSphere® Support Technical Exchange 5 IBM Software Group Enhanced Security Model – SSL Certificates User authentication using J2EE Server security components Communication between IBM Decision Optimization Center Studio or using Service API performed over SSL secured https connection SSL Certificates: HTTPS protocol establishes trust in the server from the client’s part Validate through a trusted third party (CA: Certificate Authority) or internal user Self-Signed by the Server itself. Self-signed will get browser to prompt to manually accept the certificate WebSphere® Support Technical Exchange 6 IBM Software Group Enhanced Security Model – User roles All Users must be declared using standard J2EE Framework Two key J2EE Roles are defined odmeuser odmeadmin Server installer script creates a simple file based user-realm and populates with default sample user names Default Sample User names as defined in odme-default{groups|users}.properties Role and group User IDs odmeuser anne, keith odmeadmin tim, steve, __odmesystem WebSphere® Support Technical Exchange 7 IBM Software Group Enhanced Security Model – User roles Special user id __odmesystem (leading double underscore) For internal communication between Optimization server and Data Server For Production Systems replace default user realm with enterprisegrade user registry configurations Standard J2EE LDAP (Lightweight Directory Access Protocol) and JAAS (Java® Authentication and Authorization Service) integration can be used A default J2EE Administrator will be defined for the J2EE Server wastim for WAS (WebSphere Application Server) system for WAS CE All Users created with default password manager WebSphere® Support Technical Exchange 8 IBM Software Group Enhanced Security Model - Overview WebSphere® Support Technical Exchange 9 IBM Software Group User roles and rights odmeuser role can: Start a Studio session with an odmapp already deployed to the server Deploy a private odmapp that they will own View the list of public and owned odmapp applications deployed on the server Submit server-side solve or custom tasks for those odmapp applications, and list the corresponding jobs Abort or delete the jobs that they own Start, Stop, Undeploy private odmapp applications that they own odmeadmin role can: Perform all role capabilities of odmeuser Deploy a public odmapp Start, Stop, Undeploy any odmapp Submit solve or custom tasks for any odmapp List, abort or delete the jobs submitted by any user WebSphere® Support Technical Exchange 10 IBM Software Group Custom tasks with composite jobs Helps in simplifying complex applications through modularization Idea is to enable a custom task to submit other jobs to be processed sequentially or in parallel Can be useful to decompose a problem into smaller problems Simulate by varying some parameters across multiple scenarios Parent/children job managed by the Optimization server: This feature is available only when using the Optimization Server Parent job should be running to submit a child job Aborting parent job, automatically aborts all its child jobs Jobs must relate to different scenarios Parent and children jobs are displayed specifically in the Web Console WebSphere® Support Technical Exchange 11 IBM Software Group Deploying Applications Two Options Through the eclipse IDE Using the Command Line – Enhanced! WebSphere® Support Technical Exchange 12 IBM Software Group Deploying Applications – using IDE odmeadmin user access required to deploy or undeploy an application You must login to Optimization Server and Data Server Direct Database access is removed Multi-User applications require an Application Server to deploy Option of using a local database server is not available in this mode WebSphere® Support Technical Exchange 13 IBM Software Group Deploying Applications – using command line odmdeploy command to deploy and configure parameters through command line No need to use eclipse IDE Package ODM Project into .odmapp file Helps automate scripts for production environment Deploy an .odmapp directly without the entire project Authentication information can be provided at command line Syntax odmdeploy [options] [@optsFile] odmeProjectDirectory [oplProjectDirectory] Options can be stored and read from a file using @optsFile syntax For Server SSL certificate handling, options to save and load certificates are available Has eXtended options to help diagnose deployment issues WebSphere® Support Technical Exchange 14 IBM Software Group New Decision Optimization Center Console Console has 3 main pages: Dashboard - a general overview of applications and jobs hosted Jobs - to access details and to interact with jobs hosted Application - to access details and to interact with applications hosted WebSphere® Support Technical Exchange 15 IBM Software Group Application Console - Visibility User Role Application Type Can View Can Modify (delete, start or stop) Public Yes Yes Private Yes Yes Public Yes No Private Only if owner of application Only if owner of application odmeadmins odmeusers WebSphere® Support Technical Exchange 16 IBM Software Group Some other new features in V3.8 REST API Help developers integrate applications and build Web UI API provided for Application, Job and Dataservice Security with Basic Authentication and admin/user roles provided Groovy Scripting An alternative api to Java Can be complied to Java bytecode Easy to integrate with Java code Can be compiled and packaged in application jar (static packaging) or can be compiled on the fly and executed (dynamic packaging) Studio Improvements An interactive Gantt chart Simplified XML menu completion Scenario Explorer for multiple users to view and track scenarios Load CSV files by specifying the directory on the file system WebSphere® Support Technical Exchange 17 IBM Software Group Server platform support Platforms Drop windows 32bit Add support of AIX 7.1 Add support of Windows Server 2012 Application Server Drop WAS 6.1 and JDK 5 Drop WAS 8, Add WAS 8.5.5 Add WAS ND (8.5.5 and 7.0) Deprecate WAS CE Databases Drop DB2 9.5 and DB2 9.1 Add DB2 Enterprise Server 10.5 Add MSQL Enterprise 2012 Bundle DB2 Workgroup Server Edition 10.5, drop DB2 Express-C Upgrade to Oracle 11g Enterprise Edition R3 (from R1) Upgrade to Oracle 10g Enterprise Edition R3 (from R1) WebSphere® Support Technical Exchange 18 IBM Software Group OpenSSL Heartbleed Vulnerability WebSphere® Support Technical Exchange 19 IBM Software Group Open SSL Heartbleed Vulnerability OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160) Allows a remote attacker to expose sensitive data including user authentication and secret keys, through incorrect memory handling in the TLS heartbeat extension ILOG Optimization products are NOT vulnerable to this bug The Heartbleed vulnerability affects HTTP servers that use OpenSSL implementations of SSL/TLS, not the client parts or stand-alone deployments They do not contain HTTP server code at all. They use the Application Server code implemented in WebSphere Application Server Applications are safe as long as IBM JDK and IBM HTTP Server are used Technote: http://www.ibm.com/support/docview.wss?uid=swg21670144 Only risky situation is to WebSphere Application Server Community Edition with a non-IBM JDK or non-IBM HTTP Server We recommend to switch to IBM JDK and apply required patches to HTTP Server WebSphere® Support Technical Exchange 20 IBM Software Group Walkthrough of Manual Deployment WebSphere® Support Technical Exchange 21 IBM Software Group Walkthrough of Manual Deployment Preparatory Set up users and groups Configure data store Configure Buses and JMS resources Deploy server components Post-install Configuration Server Verification WebSphere® Support Technical Exchange 22 IBM Software Group Preparatory Install Decision Optimization Center Avoid installing into “Program Files” folder Install WebSphere Application Server Don’t install samples Create a profile with security enabled (V3.8 only) Download JDBC Drivers, if using Oracle or MS SQL Server. Also drop JDBC Drivers into \\server\configure-scripts \\lib \Developer\ide\eclipse\dropins\oplide\plugins\ilog.odms.ide.od m_3.8.0… Repackage EARs Initialize database WebSphere® Support Technical Exchange 23 IBM Software Group Preparatory Turn on Application Server security (new in V3.8) WebSphere® Support Technical Exchange 24 IBM Software Group Set up users and groups (new in V3.8) Create groups odmeadmins and odmeusers WebSphere® Support Technical Exchange 25 IBM Software Group Set up users and groups (new in V3.8) Create users Exact names and passwords are at your choice Has to be added to proper groups WebSphere® Support Technical Exchange 26 IBM Software Group Configure Data Sources Data source is used to specify how a server component should connect to databases WebSphere® Support Technical Exchange 27 IBM Software Group Configure Data Sources WebSphere® Support Technical Exchange 28 IBM Software Group Configure Buses and JMS resources Bus is the backbone for JMS communications. WebSphere® Support Technical Exchange 29 IBM Software Group Configure Buses and JMS resources JMS resources define how server components interacts with each other. WebSphere® Support Technical Exchange 30 IBM Software Group Deploy Server Components Deploy the server components Use the default values if you used default names for data sources, buses and JMS resources WebSphere® Support Technical Exchange 31 IBM Software Group Deploy Server Components Resource references are adjustable later WebSphere® Support Technical Exchange 32 IBM Software Group Post-install Configuration Map odmuser to odmeadmins group for all enterprise applications WebSphere® Support Technical Exchange 33 IBM Software Group Post-install Configuration Specify local deployment folders for odmeoptimserver-processor and odme-data-mgmt WebSphere® Support Technical Exchange 34 IBM Software Group Post-install Configuration Customize odme-optimserver-processor WebSphere® Support Technical Exchange 35 IBM Software Group Verification Verify the Web console. Empty when firstly deployed. https://server:944x/odme/console/ WebSphere® Support Technical Exchange 36 IBM Software Group Verification Try to deploy an ODM application to the server WebSphere® Support Technical Exchange 37 IBM Software Group Troubleshooting for Common Pitfalls WebSphere® Support Technical Exchange 38 IBM Software Group The installer cannot find the required Java libraries Error message: installServer.bat reports that tools.jar library is not found. Cause: the Java home directory is not correctly configured. Solution: make sure the Java SDK 6 is correctly installed and bit aligned (if Decision Optimization Center is 64 bit, Java SDK must also be 64 bit). Install "Server and IBM SDK" > "IBM SDK 6" package. Edit the JAVA_HOME environment variable and add the correct Java SDK installation directory. WebSphere® Support Technical Exchange 39 IBM Software Group The installer cannot create the database tables Error message: installServer.bat reports that the CREATE TABLE command is not successful. Cause: the database user account used for the installation does not have privileges to create table. Solution: add the CREATE ANY TABLE rights to the database user account. WebSphere® Support Technical Exchange 40 IBM Software Group The WAS server or the database server are not accessible Error message: cannot connect to.. or service not found Cause: network connectivity, ports blocked by firewall or port conflicts. Solution: follow the steps below to identify the exact cause: Use database management console to make sure the database services are running. Run remote SQL query. Test network connectivity. WebSphere® Support Technical Exchange 41 IBM Software Group Access the database management console and run remote SQL queries Oracle: Enterprise Management Database Control https://:5500/em SQL query from command line: sqlplus userid/password@databaseid DB2: Database Control Center Start Menu > Programs > IBM DB2 > DB2_Instance_Name > General Administration Tools > Control Center SQL query from command line: db2cmd db2 => connect to databaseid user userid Microsoft SQL Server: Configuration Manager Start Menu > Microsoft SQL Server > Configuration Tools > SQL Server Configuration Manager SQL query from command line: sqlcmd [-U login id] [-P password] [-S server] [-H hostname] WebSphere® Support Technical Exchange 42 IBM Software Group Test the network connectivity Open a command prompt window and execute the following commands on the server and client machines to test the network connectivity: TCP/IP: ping 127.0.0.1 Loopback connectivity (on the server machine): ipconfig Note the IPv4 address returned (for example 123.45.1.123) and test the loop back on the IPv4 address: ping (for example: ping 123.45.1.123) DNS Configuration: hostname Test DNS: ping Port connectivity: netstat –an Check connections on the ports used by the WAS and the database servers. WebSphere® Support Technical Exchange 43 IBM Software Group Check the ports used by the WAS and database servers The default listening ports used by the servers are: WebSphere Application Server: 9060, 9080, 9043, 9443 %WAS_HOME%\profiles\profileName\properties\portdef.props And for the database servers: Oracle: 1521 DB2: 50000 Microsoft SQL Server: 1433 Check the product documentation for additional required ports. Ensure that the ports used by WAS and database servers are free and that are not blocked by a firewall. WebSphere® Support Technical Exchange 44 IBM Software Group Database access error during ODM application deployment Error while deploying: “Java.sqlBatchUpdate Exception: "PARAM_NAME" invalid identifier Query: DataModifyQuery(sql="INSERT INTO DEPLOYEDAPP_PARAMS ...” Cause: the Optimization Server JOBS database was not correctly created during install or it was corrupted afterwards. Solution: Add the CRATE ANY TABLE rights to the database user account. Use the database configuration script to correctly create the database table (for example, fix the Oracle database using the script: \server\server\databases\oracle-createtables.sql). WebSphere® Support Technical Exchange 45 IBM Software Group DB2 database integrity error after sudden disconnection / shutdown Error while the ODM application connects to database: DB2 “cannot find TEMP file” error Cause: DB2 didn’t had time to update and save the required files. Solution: in the WAS management console, set custom properties for the DB2 database: progressiveStreaming, with a value of 2. fullyMaterializeInputStreams, with a value of true. WebSphere® Support Technical Exchange 46 IBM Software Group Oracle database integrity error after sudden disconnection / shutdown Error while the ODM application connects to database: DSRA0302E: XAException occurred. Error code is: XAER_RMERR (-3). Exception is: WTRN0037W: The transaction service encountered an error on an xa_recover operation. Cause: Oracle database didn’t had time to update and save the required files. WebSphere Application Server has insufficient permissions to rollback a XA transaction on Oracle. Solution: as user SYS (in SQLPlus, login with connect SYS as SYSDBA), run the following command on your Oracle server: grant select on DBA_PENDING_TRANSACTIONS to PUBLIC; WebSphere® Support Technical Exchange 47 IBM Software Group Management of Jobs WebSphere® Support Technical Exchange 48 IBM Software Group Job Status Job status can be monitored using the API functions: " state="+taskCtrl.getState() + " phase="+taskCtrl.getCompletionPhase() If an error is recoverable, the solve process will be restarted, up to 5 times (using column RETRY_COUNT), then will go into the state FAILED_AFTER_TOO_MANY_RETRIES. The states FAILED_AND_TO_CLEAN and FAILED_AFTER_TOO_MANY_RETRIES_AND_TO_CL EAN are just used internally to check that the scenario is correctly unlocked after the failure. WebSphere® Support Technical Exchange 49 IBM Software Group Reuse of solve subprocesses Reuse of subprocesses across solves reduces latency by eliminating startup and initialization time for each new solve. Subprocess control parameters can be set system-wide for the Optimization Server (on the JobProcessor J2EE Resource Adapter), or individually for each ODM Application. minIdle — The minimum number of idle processes waiting idle in the process pool for a given deployed ODM application. maxIdle — The maximum number of idle processes waiting idle in a process pool for a deployed ODM application. maxReuse — The number of times a process can be reused before being evicted from the process pool. idleTimeLimit — The time limit in minutes of an idle process in a pool for a deployed ODM application. WebSphere® Support Technical Exchange 50 IBM Software Group Setting subprocess parameters globally for all ODM applications WebSphere® Support Technical Exchange 51 IBM Software Group Setting subprocess parameters for a given ODM application The values of parameters can be set individually for each ODM application in the application's .odmds deployment descriptor file. From the ODM IDE, open the ODM application's .odmds file using the plain text editor, locate the section and insert a set of as in the following code example: WebSphere® Support Technical Exchange 52 IBM Software Group Choosing the values of the subprocess parameters Short-running ODM applications – significant gains can be obtained. minIdle - to the average number of solve jobs that are likely to be submitted in parallel, bounded by the available machine resources. maxIdle - to the maximum number of solve jobs that the machine's resources can handle in parallel. maxReuse – to a value that the machine can handle. Larger values will result in increased memory consumption over time. Long-running ODM applications – little benefit. both minIdle and maxIdle could be set to a value equal to the number of solve jobs expected to be running in parallel. maxReuse set to 0 so that processes get cleaned up after each solve. Subprocess memory requirements are much larger. WebSphere® Support Technical Exchange 53 IBM Software Group Conclusions WebSphere® Support Technical Exchange 54 IBM Software Group Conclusions We discussed new features in Decision Optimization Center V3.8 and discussed the features and improvements related to server deployment. We also discussed the impact of HeartBleed bug to ODM Enterprise/Decision Optimization Center users. We gave a brief introduction to the tasks required for manual installation and discussed some simple customization. http://www.ibm.com/support/docview.wss?uid=swg21674210 We demonstrated how to debug some common pitfalls in the install process. Lastly, we discussed Job Management. WebSphere® Support Technical Exchange 55 IBM Software Group Additional WebSphere Product Resources Learn about upcoming WebSphere Support Technical Exchange webcasts, and access previously recorded presentations at: http://www.ibm.com/software/websphere/support/supp_tech.html Discover the latest trends in WebSphere Technology and implementation, participate in technically-focused briefings, webcasts and podcasts at: http://www.ibm.com/developerworks/websphere/community/ Join the Global WebSphere Community: http://www.websphereusergroup.org Access key product show-me demos and tutorials by visiting IBM Education Assistant: http://www.ibm.com/software/info/education/assistant View a webcast replay with step-by-step instructions for using the Service Request (SR) tool for submitting problems electronically: http://www.ibm.com/software/websphere/support/d2w.html Sign up to receive weekly technical My Notifications emails: http://www.ibm.com/software/support/einfo.html WebSphere® Support Technical Exchange 56 IBM Software Group Connect with us! 1. Get notified on upcoming webcasts Send an e-mail to [email protected] with subject line “iste subscribe” to get a list of mailing lists and to subscribe 2. Tell us what you want to learn Send us suggestions for future topics or improvements about our webcasts to [email protected] 3. Be connected! Connect with us on Facebook WebSphere® Support Technical Exchange 57 IBM Software Group Join the Client Success Essentials Community Easily find important Support resources Connect with the Experts Support Technical Exchanges Ask the Experts Sessions Product Support Newsletters Blog & Forums Training videos, IEA modules Event Readiness Proactive Services Offerings Essential Links to key sites IBM Support Portal Client Success Portal Fix Central http://ibm.biz/Client-Success-Essentials WebSphere® Support Technical Exchange IBM Software Group THE INFORMATION CONTAINED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION CONTAINED IN THIS PRESENTATION, IT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. IN ADDITION, THIS INFORMATION IS BASED ON IBM’S CURRENT PLANS AND STRATEGY, WHICH ARE SUBJECT TO CHANGE BY IBM WITHOUT NOTICE. IBM SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, THIS PRESENTATION OR ANY OTHER DOCUMENTATION, NOTHING CONTAINED IN THIS PRESENTATION IS INTENDED TO NOR SHALL HAVE THE EFFECT OF CREATING ANY WARRANTIES OR REPRESENTATIONS FROM IBM (OR ITS SUPPLIERS OR LICENSORS), OR ALTERING THE TERMS AND CONDITIONS OF ANY AGREEMENT OR LICENSE GOVERNING THE USE OF IBM PRODUCT OR SOFTWARE. Copyright and Trademark Information IBM, The IBM Logo and IBM.COM are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks and others are available on the web under “Copyright and Trademark Information” located at www.ibm.com/legal/copytrade.shtml. WebSphere® Support Technical Exchange 59

2014-05 Wste Adrian Guang Nikhila

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.