AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise

© 2015 IBM Corporation

WebSphere Application Server Installationand Maintenance in the Enterprise

Tom Alcott STSM

Acknowledgements

• Special Thanks to Yee-Kang Chang, WebSphere ApplicationServer Installation Architect for his comments and suggestions

1

Agenda

• WebSphere Installation and Update

• WebSphere Maintenance Overview

• Why Apply Maintenance

• Planning for Maintenance

• Recommendations (aka “Best Practices”)

Manual Install and Update Process

1. Full install of GA: Select features and provide other

install-time input

2. Install fix packs (if needed)

3. Apply JDK Maintenance

4. Install one or more interim fixes (if needed)

5. Create and configure App Servers and other artifacts

6. Deploy applications

Installing and configuring WAS usually requires many steps:

Typically need to iterate over these steps toachieve desired end result – not a pure linearprocess!

V7.0

V7.0.0.17

iFix “A” and “B”A

B

JDK 1.6 SR9 FP1

wsadmin script

J2EE app

Install Factory - Creating a Custom Install Package (CIP)

Command Line

Invocation Tool

Automated,customizedWAS installpackage

Processing

Engine

V7.0

V7.0.0.17

JDK 1.6 SR9 FP1

Build Definition

XML

iFix “A” & “B”

AB

Single package containing

V7.0

V7.0.0.17

J2EE Applications

Configuration archive

JDK 1.6 SR9 FP1

iFix “A” and “B”

3rd-party Scripts

J2EE Applications

Configuration Archive

3rd-party Scripts

C:\>ifcli

Composition

Tool (GUI)

Create

Using a CIP for New Scratch Install or Update

System Level After CIP InstallationV7.0.0.17JDK 1.6 SR9 FP1iFix “A” and “B”

V7.0

V7.0.0.7

V7.0.0.13

V7.0.0.15

iFix “A”+

JDK 1.6.0 SR3

V7.0+

New

Scratch

Install

Update Existing

InstallationsExisting WAS Installations

Install CIP

Final System Level

Single package containing

V7.0

V7.0.0.17JDK 1.6.0 SR3

iFix “A” and “B”

…

Install…Automated,customizedWAS installpackage

IBM Installation Manager – WAS v8.0 and Above

Full product lifecycle management

– Install

– Update (fix packs and fixes)

– Modification

– Rollback

– Uninstall

No need for separate programs to

do install and maintenance

– Formerly ISMP and UPDI

Consistent user experience across platforms and products–Able to install multiple products in one pass– No need for multiple steps to install GA level of software first, and then updateto certain fix pack and fixes.–Able to install exactly the level of product desired

IBM Installation Manager: User Interfaces

• Graphical User Interface• For getting started and where GUI is suitable

• To record a (template) response file

• “Silent” Interfaces• Command Line (IMCL)

– Run commands directly from command prompt

– Suitable for scripting and automation

• Response File– Drive operations via XML-based response files

– Suitable for silent operations and automation

• Console Mode• Interactive text-based user interface

– Similar to the GUI but text-based

• For getting started and where GUI is unavailable

IBM Installation Manager: Modes

• “How IM is deployed on your system”

• Administrator Mode

• For administrators or root user only

• Only 1 administrator instance of IM per system

• Non-administrator (User) Mode

• Per-user isolation

– Each user has own instance of IM to manage own set of products

• Only 1 instance of IM per user

• Group Mode

• Shared IM instance between multiple users to co-manage a set ofproducts

– Not available on Windows and IBM i

– Check product documentation for group mode support

Note: Regardless of modes, IM does not support concurrent operations.

IBM Installation Manager: Modes

• “Install Kit”• A deployment option or “mode” without IM installed on the system

– Use the IM installer or “install kit” directly

– Command line or response file operations only

• Suitable for enterprise deployment– Allows for control and flexibility but more responsibilities on the users

• More details shortly!

• Consider and decide on which mode to use before you deployIM• Consider how your installs will be managed

• Consider your security requirements

• Consider if automation or integration with existing (automated)deployment solutions is needed

• Switching between modes is not supported – No safe way to do soafter the fact so plan carefully

IM Shared Installer – aka “Installation Kits”

Unzipped

IM Kit

Binary PayloadMount drive with IM

• An approach for reducing IM footprint:• Separate binaries

1. Unzip install kitsfor the target hosts.Eg. If you have Linux and AIXtargets, unzip both install kits.

2. Record or create a response filefor the install or service activity

3. From the host where the productinstall will be located, mount the shareddrive with the Install Kit, and execute theinstall.

Install Kit Technote for Rational http://www-01.ibm.com/support/docview.wss?uid=swg27017738 Can BeAdapted for WebSphere Application Server

Note: You can never use an older Install Kit with a product install that has been serviced by a newer Kit.

IM App Data

IM App DataIM App Data

R/O Binaries

IM - Packaging Utility Overview

Description:• Packaging tool that creates and manages software package repositories in the correct format

for IBM Installation Manager.

• GUI and Command Line modes that are consistent with Installation Manager “Look and Feel”

Packaging Utility can perform the following tasks:• Packaging Utility essentially copies from Source Repositories into a Target or Enterprise

Repository.

• It is intelligent about the artifacts it copies, eliminating duplication..

• A repository created by Packaging Utility can be used as a Source Repository for anotherTarget Repository.

• Copy multiple versions of a product to one repository. Users point to the same repository toupdate installed products.

• List available fixes in a repository

• Delete packages that are no longer needed

• In Packaging Utility 1.5.2 and above, copy just the artifacts for your platforms!

– Note: Platform Option is Only available in Command Line.

– PUCL copy packageID_version -repositories source_repository -platform os=os,arch=arch -

target destination_repository -acceptLicense

IM - Packaging Utility

Enterprise

RepositoryRAD v8

WAS v8

IIM

IIM

IIM

IIM

IBM

Packaging Utility Media forRAD v8

Live Repository

for WAS 8

WAS-ND Centralized Installation ManagerFaster time to value & lower operational costs through new install & maintenance tech.

CIM V8 is available from Job Manager & DManager

– Job Manager based solution spans the boundaries

of the cell

– Install targets are specified in agentless fashion

– Install and config job scheduling is supported

CIM V8 is able to remotely install WebSphere

Application Server, IBM HTTP Server, Application

Clients, DMZ Security Proxy Server, and Web Server

Plug-ins

Better than V7 CIM scalability due to more distributed

architecture

– CIM V7” function is still available with Deployment

Manager along with new “CIM V8” function

Distributed & z/OS scenarios supported

CentralizedInstallation

Manager

IIM Install Kit:• Response File• Install jobs

IIMRepository

IIM

Inventory info

Binarypayload

Target

Separation between Job Manager,

Target Hosts and IIM repositories

Automated Provisioning with SCO

On-premises BYO h/w(Distributed and z)

Dispenses WAStopology

Smart CloudOrchestrator

(SCO)

A Few Words on Liberty Profile (1 of 3)

• Archive and IM install options

• Simple command line archive installjava –jar wlp-nd-runtime-8.5.5.2.jar

• IM as the managed install option for full product lifecyclemanagement

• Servicing Liberty

• Archive install

– Install new level side-by-side and “swing” over user files and serverconfiguration data

– Note Liberty’s “zero migration” design principle

– Fixes are archive installs too

• IBM Installation Manager

– In-place update of current level to new service (fix pack) level

– Fixes are managed through IM


• Server package for continuous delivery pipeline

• A compressed archive of a configured Liberty server type alongwith its applications via the server package command

• Package only what you need to minimize the footprint of apackaged server via the –include=minify option

• Facilitates deployment of Liberty Profile servers acrossenvironments for continuous delivery (DevOps)

• Enterprise Deployment

• Create, manage and deploy server packages to spin up and downmany instances of Liberty in a cloud-like manner

– Some users use IM to create and manage “master images” and thencreate server packages from them for deployment

• Check out Liberty Collectives and Admin Center for large scaledeployment


• IBM WebSphere Liberty Repository

• An online repository to deliver Liberty platform extensions

– Enables fine-grained access to runtime capabilities and early access tonew content for Dev and Ops team(s)

– Content includes individual features, admin scripts, config snippets,samples, tools and more

Integrated with Liberty command line, Installation Managerofferings and WebSphere Developer Tools

• “On-premise” with Liberty Asset Repository Service

– Available on GitHub at https://github.com/WASdev/tool.lars

• For more information

• http://WASdev.net/downloads

• AAI-2358: Getting Rapid, Right-Sized and Recent with the LibertyRepository

Agenda






Maintenance Overview

• iFixes for WebSphere (distributed platforms only)• Single fix to address one specific problem• Intended to be a temporary / emergency bridge to availability in a fix pack.• Tested at a functional level only

• ++APAR for zOS• Custom fix package for a specific customer• Intended to be a temporary bridge to availability in a fix pack.

• Fix Packs• Vehicle for delivery of preventive maintenance -- fixes for known reported

problems, including:– Security vulnerabilities (SEC/INT) APARs– High impact / pervasive (HIPER) APARs

• Undergo regression testing– Build, functional, system and performance testing– Customer persona testing, IBM stack product testing, mixed pack levels

• Update strategy documentation on IBM Support web site• V7• http://www-01.ibm.com/support/docview.wss?uid=swg27012749• V8• http://www-01.ibm.com/support/docview.wss?uid=swg27023315• V8.5• http://www-01.ibm.com/support/docview.wss?uid=swg27036014

Fix Pack Quality

• Primary quality focus for fix packs is elimination of regressions

• More details in following charts

• APAR fixes that could change application behavior are nowcontrolled via custom properties

• Default is the previous behavior, unless the change is for asecurity vulnerability

• Analysis and Actions for every PE / ZE (regression) APAR

• APAR certification for select components

• Extra level of review if components show any patterns ofregression

• There are four main aspectsof Fix Pack testing

Fix Pack | Test Overview

Regression

Testing

(FVT/SVT/Performance)

APARVerification

InstallTesting

ProductIntegrationTesting

Fix Pack | Test Overview

• Install Test Description – A core set of installation test cases which are run against a matrix of supported

platforms and editions Timing – Fully executed within a Fix Pack release

• APAR Verification Description – All developers are responsible for specifically verifying their APARs fix the intended

failing test case prior to shipping a Fix Pack Timing – All APARs individually tested within a Fix Pack release

• Regression Testing BVT (Build Verification Testing)

Description – Automated tests which verify that a driver installs and meets someelementary requirements

Timing – Run on each new driver released FVT (Function Verification Testing)

Description – Automated test buckets which cover all major product function Timing – Fully executed within a Fix Pack release

SVT (System Verification Testing) Description – Automated test buckets (including long runs) which cover more complex

scenarios Timing – Fully executed within a Fix Pack release

Performance Testing Description – High load test cases to ensure the robustness and response of the product Timing – Fully executed within a Fix Pack release

• Stacked Product Testing Description – Testing to show that dependent products are not negatively impacted with a new Fix

Pack Timing – Fully executed within a Fix Pack release

WebSphere Service Stream Continuous Test

• Dedicated team

• System test coverage on service stream Fix Packs• Cover all service streams

o Feature Packs

o Java SDK updates• Test each Fix Pack on a variety of hardware

• Rolling upgrades with continuous availability

• Mixed Fix Pack versions

• Long Runs• Continuous 7-days under load in ND client based environment

o 80+% CPU utilization,

o 500+ clients

o 150+ transactions/sec

• Various application workloads rotated across Fix Pack test cycles• Example: System Management Continuous Deployments

o Stresses administration via continually deploying / redeployingapplications

o Run in conjunction with a transactional intensive application

Supporting Software Upgrade Support

• Testing and “certification” is done on a finite set of supporting softwareversions.

• Our Supported Product list states the minimum required versions ofdependent products, and IBM has tested with each of these levels.

• Because other products frequently ship fixes, updates, and new releases, wecannot test every possible configuration. In general, you can install and runwith updates to supported products if those updates are forward compatible.

• New levels/releases are tested at various intervals, both with a new releaseand between release cycles and are then added to the supported list.

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27006921

Agenda






Why Apply Maintenance

• Are You Proactive or Reactive?

• Applying Maintenance Proactively Can Reduce Outages

• What’s the cost of an unplanned outage?

• How does an outage impact revenue, profit, productivity? .

• Manufacturing has long practiced Preventive Maintenance

• Same principles apply to software

What about “If It’s Not Broken, Don’t Fix It?”

• Lets Examine the Differences Between WAS V8.0.0.7 and8.0.0.8

• This single fixpack delivered fixes for over 301 uniqueWebSphere Application Server defects that existed betweenthese two versions

• If You’re Never Changing Anything And Everything IsRunning OK

• Then I might agree with you

• What Happens When Critical Security Fix Needs to be Applied ?

o And It Breaks The System!!

Selected V8.0.0.8 APARs

• General• Heap size increases by 6 MB after PM79693

• Web 2.0 web messaging exceeds TCP connection limit

• 100% CPU Use• Transactions rolled back silently when coordinated by the UOWManager

• Issues with messaging engine not starting up during server start

• Unexpected results of transaction recovery service in relation to HA mgr.

• EJB Container

• Deadlock in appserver process during startup.

Selected V8.0.0.8 APARs

• Adminconsole

• Cross-site request forgery in administrative console

• Nodesync command might fail when hotRestartSync JVM argumentis in use

• Scripting

• Nested curly braces are not working

• Messaging Engine

• Messages stuck in pending acknowledgement state in WebSphereApplication Server service integrations bus destination

Selected V8.0.0.8 APARs• Security

• Standalone LDAP failover settings not used for admin authorizationmodifications

• During console keystore creation, validation failed: both passwordand verify password were not supplied.

• Provide an option to skip canonical lookup for a specific HostNameduring SPNEGO Single signon

• JNDI connection pooling does not work for SSL connection.

• CSIv2 session cache not taking GlobalSecurity and SecurityDomaininto account.

• Potential Cross-site scripting vulnerability

• Single Sign On might not work when multiple security domain isenabled.

A Slight Digression on Migration

• Updates to a New Release, aka “Migration”• Migration Could Be Considered a Major Maintenance Update

• Required to Maintain Currency

o Especially After End Of Service (EOS)

• Need an ROI for Migration ?

o What’s the Cost of Extended Support?

o What’s the Cost of an Unplanned Outage ?

• After EOS or End of Extended Support

o Do You Still Drive a 20 Year Old Car?

• If So, Can You Still Get Parts?

Agenda






Develop and Maintain an Inventory of IT Infrastructure

• An accurate IT inventory can help assess risk

• Quickly access their risk to a problem and urgency

• Develop and maintain an up-to-date hardware andsoftware inventory of the entire IT infrastructure thatincludes:

• Production systems

• IP addresses

• Patch status

• Patch level

• Vulnerabilities

• Physical location of the patch

• Custodian of the patch

• Function of the patch.

Assess Impact of Problems (1 of 2)

• Perform an initial assessment to “triage” patches.

• Decide which systems are to be patched

• Which patches are installed first.

• Use your asset inventory

• Not every enterprise needs to install every patch.

• Factors to consider

o Type and delivery of attack (security)

o Severity of the problem

o Criticality of the system.

Assess Impact of Problems (2 of 2)

• Focus on the most critical updates first.• For some problems there are alternatives that can be employed short term

o Server restart for memory leaks, threading issues, etc.

o Critical Patches should be installed with “all due haste”

• With a “day zero” attack, 48 hours is too long

• Some Patches May Warrant 7/24 Effort Until Patchedo E.g. an Equity Trading System subject to a DOS attack

• Documento Which patches are installed

o The reason for not installing

o Priorities for patching systems in the future.

• Many customers balance the need to maintain currency, thusminimizing exposures, with the effort involved in updating by onlyscheduling regular production system updates 2-3 times per year.

Testing Patches

• Patch management process should include a methodology fortesting and safely installing patches.

• Evaluate its impact on the particular computing environment

• Ensure that one problem (or more) is not created while fixing another.

• Create a detailed implementation plan

• Patch should be tested appropriately in a representative environment.

o This could take a few hours to a few days

• A back-out plan should also be developed

• If the patch adversely affects a production system, it can be quicklyreversed and the system restored to its original state.

Fall-back scenario

• Plan for a fallback should the upgrade go badly

• Test the plan

• Ideal characteristics for a fall-back:• No uninstall/install necessaryo Takes too long, potential for errors

• No server startupo We’d like to avoid this if we can due to startup times.

• Obviously Maintenance Requires Stop & Start

• Mitigate Operational Impact• Multiple Cells then “Turn a switch”o Entry in an IP sprayer

o Entry in a plugin-cfg.xml file

o Entry in cell persistent namespace (for EJB clients)

• Separate (full) Installs for each Fixpacko Symbolic link from configuration to binaries

o Warning – Maintenance Sometimes Changes Configuration !

Single cell vs. Multiple Cells

• Multiple cells• Less vulnerable to cell specific failure scenarios• Independent, less risky WAS upgrades• May require more hardware

o Each cell running on it’s own set of nodes

• Additional Administrative Efforto Non-Issue with Scripting

• Application roll-out tends to be simpler• IP sprayer can provides routing at the HTTP server tier

o Good to have, but not required.

• Single cell• Vulnerable to single cell failures• Unified administration• More difficult administration of application roll-out• Need session affinity at the Web container tier

• Above is applicable to WAS-ND and all “stack” products (WVE, Portal, etc)

Other Options

• Full Installations for each Fixpack (also known as “SwingingProfiles”

• Not Officially Supported (Testing Planned)

• I’ve seen in work in practice (this isn’t an endorsement)

• Creating Service Images

“ Swinging Profiles “ (note not officially supported)

• Basic Procedure• .Install WAS 800x

• Create a profile on WAS 800x usingo <WASHOME_800x>WASsym_n/bin/manageprofiles.sh -create -profileName profile_n -profilePath

profile_path> -templatePath WASsym_n/profileTemplates/default

where WASsym_n --> WASHOME_800x. Note, you should use the sym link in two places above: to

reference the manageprofiles.sh script and to reference the profile template, to ensure consistency.

• In setupCmdLine.sh, the WAS_HOME variable automatically gets set to the path used inthe templatePath argument: WASsym_n

• .Install WAS 800x+k

• Stop profile_n

• .Change WASsym_n --> WAS_HOME_800x+k

• .Restart profile_no It uses the postinstaller to align profile_n with WAS_HOME_800x+k

• In case of a problem with WAS_HOME_800x+k, stop profile_n and change the symlinkback

• For multiple profiles, each profile has its own WASsym_n_unique symlink. Each profile isalways created with its symlink initially pointing to the same WAS_HOME from whichmanageprofiles was called.

Service Images with IIM (1 of 2)

• Create Master command line (you could also use a response file):• imcl com.ibm.websphere.ND.v85 -repositories

https://www.ibm.com/software/repositorymanager/com.ibm.websphere.ND.v85 -installationDirectory <install_home>/AppServer -dataLocation <install_home>/iim_appData -sharedResourcesDirectory <install_home>iim_shared -preferencescom.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false –acceptLicense-showProgress

• This results in folders like:o <install_home>/AppServer

o /iim_data

o /iim_shared

• This creates the Agent Data Location and Shared Resources Directory as peer folders ofthe product installation.

• Keeping these folders co-located with the product installation will enable you to applymaintenance to this install image in the future.

• You can now package up all directories in this master image and copy it to your productionsystems.

• The operating system and architecture, and directory structures in your production systemsmust exactly match those in the environment used to create the master image

Service Images with IIM (2 of 2)• Applying maintenance to your install image

• At some time in the future, you might need to apply a fix pack or ifix directly toyour deployed product image.

• To do this, you simply need to use an Installation Manager installer and specifythe same –dataLocation and –sharedResourcesDirectory that is associated withyour product installation.

• The installer must always be at the same or higher level than was previouslyused.o If you performed the initial install with Installation Manager 1.5.3 and then did an update

with 1.6.0, you can never go back to an installer older than 1.6.0.

o Doing so can result in corruption of the Installation Manager metadata.

• One way to guard against this is to package up the installer with the productimage, like this:

• <install_home>/AppServer

• /iim_data

• /iim_shared

• /iim_installer_160

Agenda






The Best “Best Practice”

• Rigorous Software Engineering Practices• Application architecture

• Detailed Design

• Application Development

• Testing

• Utilize a set of well-designed and dedicated environments• Production Likeo Hardware/OS

o Software Levels

• Application Development

• Application Test

• Prior to production deployment.• Problems can be identified prior to production,

• Reduces the risk and cost associated with problem resolution inproduction.

Development Stages and Test Environments

Development Environment

Development(WebSphere Studio)



SCM

Integration Workstation(WebSphere Studio)

Development IntegrationRuntime Environment

HTTP/WAS

Performance TestEnvironment

System Test Environment

Pre-Production Environment

HTTP HTTP

WAS WASWAS WAS

Router

Production Environment

HTTP HTTP

WAS WASWAS WAS

Router

HTTP

WAS WASWAS

HTTP

WASWAS

HTTP/WAS

Stage – a place where anactivity occursEnvironment – a set ofhardware and softwarethat supports the stage

E.g., during the systemtest stage, I perform testsin the system testenvironment

High Availability for IIM (1/2)

• Binaries

• Employ Shared Drive for Binaries (and create Installation Kit)

• Install Data

• "Agent Data Location" (sometimes also known as the app Datalocation)

– Contains metadata that includes the history and state of all installsbeing managed by Installation Manager.

– This directory is critical to the healthy functioning of InstallationManager. Once the directory is created, it cannot be moved andshould not be touched. If the Agent Data Location becomes corrupt,then all product installations that are tracked by that Agent DataLocation will become unserviceable and will need to be reinstalled ifservice is needed.

– Given the critical nature of this directory on the file system, it shouldbe backed up periodically and/or remotely mounted on a highlyavailable shared file system.

46

High Availability for IIM (2/2)

• Install Data

• Shared Resources Directory

– This is where IM saves files needed for currently installed products andalso files for rollback

– 1 shared resources directory per IM instance and set upon installationof the first product

– Can opt to not save files for rollback but may not be empty even if youhave chosen to not save files for rollback

– Another important directory for IM so advisable to backup the sharedresources directory alongside the agent data location besides theproduct installs too

– The agent data location and the shared resources directory go hand-in-hand for each IM instance so backup and restore together

Some IM Tips & Tricks

• Do not save files for rollback to conserve disk space

• GUI

– Uncheck “Save files for rollback” under the Files for Rollback tab of IM’sPreferences menu

– Click “Delete Saved Files” to remove currently saved files

• IMCL or Response File’s Preference– com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false

– Currently saved files will be removed on the next IM operation with thepreference set

• Copy by platforms when using IBM Packaging Utility

• Copy only artifacts for the platforms that you need

• Conserve disk space and optimize download time

• This is the -platform option for PUCL


• Use IMCL updateAll -installationDirectory<installLocation> to update all product offerings installed at a

particular location

• A shorthand to update everything installed at a particular location

• IM will search all specified repositories for updates and update allinstalled product offerings

• Suitable when you have full knowledge of and control over thecontent in the repositories you are using e.g. your own custom orenterprise repositories

– Otherwise, do not use this and specify the exact offering(s) andversion(s) and fixes to apply in your command or response file

• Caution: updateAll without the –installationDirectory optionwill update everything managed by the particular IM! Use with care!

Note: Same shorthand exists for the uninstallAll command.


• imcl listInstalledPackages –verbose will show what youhave installed in a human readable or friendly manner

• Can scope the output to a particular install location via the -installationDirectory option

• Use the -showProgress (-sP) or the –showVerboseProgress (-sVP) option for more “feedback” when you work with IMCLdirectly

Simplify your life

• Minimize the number of different releases and configurationssupported

• Conversely Multiple Cells May Simply Maintenance

• Document the architecture and topology

• Keep it current

• Know what runs where

• Know who is responsible for each piece

• Document version and fix levels

• Keep it current

• Expect to spend much more time than you think

Automate your processes

• Automate as much as possible (and document the remainder indetail)

• Product installation

• Application deployment

• Maintenance

• Regression test bucket

– Run regression testing under a sustained load that is equal to, or greaterthan, the maximum production load expected

• Use Jython, rather than JACL

o JACL stabilized, beginning in release 6.1

• Conversion utility available with about 80% coverage

Apply maintenance regularly

• Plan to apply maintenance to each system two or three times/year orabout every four to six months

• Establish and publish a regular cycle for doing this

• Plan carefully

• Evaluate pre-req’s and co-req’s for ALL products involved

• Open PMR’s as necessary for products higher in the stack (i.e. Portal)

Maintenance for WAS

• Periodic application of new Fix Packs on a periodic basis• Proactively apply preventive maintenance (SEC / INT, HIPER, CVE and

other APARs)

• Upgrade schedule varies according to your operations• Most customers plan an upgrade at least twice a year

• Not necessary or feasible to upgrade to every Fix Pack– That is why iFixes are provided

• Minimize iFixes applied• Difficult to track as the number increases, and the number of systems

increases

• Not tested to the extent of Fix Packs

• Increasingly complex to build and apply as the number increases, andas more code changes are made

• Moving up to newer Fix Packs regularly is the key to easily applyingfuture iFixes

• Large topologies require deliberate, controlled management• Including periodic preventive maintenance• http://www.ibm.com/developerworks/websphere/techjournal/0711_polozoff/0711_polozoff.ht

ml

Maintenance Strategy Example – WAS Fix Packs

• Scenario• Apply fixpack maintenance every 4-6 months (2-3 times/year)

– Select maintenance windows based on business demand

• Avoid Peak Season(s)

– Rollout cycle takes 6 weeks across environments

– Maintain identical code levels across each system within anenvironment

Shared Development

Integration SandboxesApplication FunctionTest and System LevelTest Environments

Application FunctionTest and System LevelTest Environments

Application FunctionTest and System LevelTest Environments

WAS 8.0.0.1 GA Sept 26,2011

Maintenance WindowStarts Oct 3, 2011

Apply to DevelopmentStarting Oct 5, 2011

Two weeks stability indevelopment

Roll out to next stage

Apply to test environmentsstarting Oct, 19, 2011

Two Weeks Stability in Test


Apply to Pre-Productionstarting Nov 2 2011

Two Weeks Stability in PreProduction

Regression Test Complete

Apply to Productionstarting Nov 16 2011

WAS 8.0.0.3 GA April 16 2012

Maintenance WindowStarts April 30, 2012

Apply to DevelopmentStarting May 1, 2012

Two weeks stability indevelopment


Apply to test environmentsstarting May 15 2012

Two Weeks Stability in Test


Apply to Pre-Productionstarting May 29, 2012

Two Weeks Stability in PreProduction

Regression Test Complete

Apply to Productionstarting June 12, 2012

Development Test Pre Production Production

Stay Up To Datehttp://www-947.ibm.com/support/entry/portal/Overview/Software/WebSphere/WebSphere_Application_Server

Fix Pack Schedule

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Monitor and review

• Review all logs on a regular basis

• Check IBM site for news flashes• www.ibm.com/software/support

• www.ibm.com/software/websphere/support

• Check Common Vulnerability and Exposure Site

• http://cve.mitre.org/

• Watch carefully for any alerts

• Recent Java real number vulnerability is a DoS attack.– For many applications this isn’t as critical as a it's not as bad as a data

modification vulnerability, but for a trading platform, it is huge.

• Monitor especially for Security Alerts for ALL software, including baseOS and ISV code• Be prepared to roll out quickly

• Check code for deprecated methods when Java level changes

Summary

• Plan for Maintenance

• Apply At Regular Intervals

• Create and Maintain an IT Inventory

• Automate Your Maintenance Testing and Install

Questions?

THANK YOU!

Notices and DisclaimersCopyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced ortransmitted in any form without written permission from IBM.

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract withIBM.

Information in these presentations (including information relating to products that have not yet been announced by IBM) has beenreviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBMshall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY,EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OFTHIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFITOR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of theagreements under which they are provided.

Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal withoutnotice.

Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples arepresented as illustrations of how those customers have used IBM products and the results they may have achieved. Actualperformance, cost, savings or other results in other operating environments may vary.

References in this document to IBM products, programs, or services does not imply that IBM intends to make such products,programs or services available in all countries in which IBM operates or does business.

Workshops, sessions and associated materials may have been prepared by independent session speakers, and do notnecessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neitherintended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.

It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legalcounsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’sbusiness and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice orrepresent or warrant that its services or products will ensure that the customer is in compliance with any law.

Notices and Disclaimers (con’t)

Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products in connection with thispublication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.IBM does not warrant the quality of any third-party products, or the ability of any such third-party products tointeroperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED,INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE.

The provision of the information contained herein is not intended to, and does not, grant any right or license under anyIBM patents, copyrights, trademarks or other intellectual property right.

• IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise DocumentManagement System™, Global Business Services ®, Global Technology Services ®, Information on Demand,ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™,PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®,pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®,urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks ofInternational Business Machines Corporation, registered in many jurisdictions worldwide. Other product andservice names might be trademarks of IBM or other companies. A current list of IBM trademarks is available onthe Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

Thank YouYour Feedback is

Important!

Access the InterConnect 2015Conference CONNECT AttendeePortal to complete your sessionsurveys from your smartphone,

laptop or conference kiosk.

Additional Information

• IBM Installation Manager V1.8.1 Information Centerhttp://www-01.ibm.com/support/knowledgecenter/SSDV2W_1.8.1/com.ibm.cic.agent.ui.doc/helpindex_imic.html

• developerWorks –

Create custom installation repositories for WebSphere Application Server withthe IBM Packaging Utility

http://www.ibm.com/developerworks/websphere/library/techarticles/1201_seelemann/1201_seelemann.html

Create and service WebSphere Application Server master images with IBMInstallation Manager

http://www.ibm.com/developerworks/websphere/techjournal/1301_seelemann/1301_seelemann.html

Shameless Self Promotion

IBM WebSphere Deployment andAdvanced ConfigurationBy Roland Barcia, Bill Hines,Tom Alcott and Keys Botzum

AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise

Software

Transcript of AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise