Migrating from ColdFusion 5 to CF MX Sandra Clark Shayna Productions [email protected].
ColdFusion MX 7 Server Administration
-
Upload
steven-erat -
Category
Technology
-
view
1.072 -
download
11
description
Transcript of ColdFusion MX 7 Server Administration
2006 Adobe Systems Incorporated. All Rights Reserved.1
ColdFusion MX 7Server Administration
Steven Erat
Quality Assurance Engineer
Adobe [email protected]
2006 Adobe Systems Incorporated. All Rights Reserved.2
World's Top Companies Use ColdFusion MX
In use at 75 of the Fortune 100 companies and at more than 10,000 other companies
worldwide, ColdFusion MX is one of the most widely adopted web technologies in the
industry. Here's a partial list of customers (with links to case studies) who rely on
ColdFusion for its signature server-scripting environment.
More than 125,000 ColdFusion servers deployed
Estimated base of over 300,000 developers
Purchased by more than 10,000 organizations
Used by nearly all major branches and agencies of the U.S. federal
government
Global network of more than 360 user groups
Thousands of third-party components and add-on
http://www.adobe.com/products/coldfusion/proven/
2006 Adobe Systems Incorporated. All Rights Reserved.3
ColdFusion MX Administration Means Understanding: which ColdFusion server edition is needed
which ColdFusion server configuration is needed
how to install the ColdFusion server
how to connect the ColdFusion server to a web server
the installed ColdFusion directory structure
which ColdFusion services and processes are used
log file locations and purposes
how to configure datasources
how to tune ColdFusion server settings
how to install ColdFusion updates and hotfixes
how jvm memory management works
how ColdFusion templates are processed
how to monitor ColdFusion server activity
how to scale ColdFusion servers
2006 Adobe Systems Incorporated. All Rights Reserved.4
Configurations, Editions, and Platforms
Configurations Server Configuration
Multi-server Configuration
J2EE Configuration
Editions Trial / Development, Standard, and Enterprise
Platforms
Windows 2000, 2003, XP
Solaris 8, 9, 10 on SPARC processors
Red Hat Enterprise Linux 3, 4 – SuSE Enterprise Linux 8, 9
Mac OS X 10.4 on PPC
http://www.adobe.com/products/coldfusion/productinfo/systemreqs/
2006 Adobe Systems Incorporated. All Rights Reserved.5
ColdFusion MX 7 Edition Comparison Overview
2006 Adobe Systems Incorporated. All Rights Reserved.6
ColdFusion MX Server Configuration Options
Configurations Server Configuration
easiest configuration
familiar to “pre-MX” users
Multi-server Configuration
installs full Jrun J2EE
Permits multiple instances
Permits clustering
J2EE Configuration
Tomcat
WebSphere
WebLogic
2006 Adobe Systems Incorporated. All Rights Reserved.7
ColdFusion MX Server Architecture
OPERATING SYSTEM
Java Virtual Machine
J2EE SERVER ( JRun, WebSphere, Tomcat )
ColdFusion MX Application Server
Java App 1(JSP, Servlet, EJB)
App 1 App 2
Java App 2(JSTL, EL, Servlets)
CFMXODBCService
CFMXSearchService
( Verity K2 )
2006 Adobe Systems Incorporated. All Rights Reserved.8
ColdFusion Server Configuration Directory Structure
bin/
lib/
logs/
runtime/bin/
runtime/lib/
runtime/logs/
runtime/servers/
wwwroot/
2006 Adobe Systems Incorporated. All Rights Reserved.9
Server Config vs Multi-Server Config Directory Structure
Server Configuration Multi-Server Configuration with JRun
102006 Adobe Systems Incorporated. All Rights Reserved.
Jrun Server Instance “coldfusion”
ColdFusion MX Server always runs as a J2EE web application, even when
in Server Configuration. In Server Configuration the Jrun J2EE Server is
the default J2EE container, but Jrun is installed in a less obvious way.
112006 Adobe Systems Incorporated. All Rights Reserved.
ColdFusion Logs
ColdFusion logs – application.log useful for development and coding errors
JRun logs – useful for J2EE server problems such as system start up, crash, memory
Hot fix for System Error and System Out log file rotation http://www.adobe.com/go/8698aeb8
2006 Adobe Systems Incorporated. All Rights Reserved.12
ColdFusion Configuration Files
ColdFusion server stores
configuration settings in xml
files
ColdFusion-specific xml config
files are in {cf_root}/lib
Jrun-specific config files are in
{cf_root}/runtime/lib and {cf_root}/runtime/servers/{server}/SERVE
R-INF
132006 Adobe Systems Incorporated. All Rights Reserved.
ColdFusion Windows Services
ColdFusion Server Configuration installs 4 Windows Services
ODBC Services not available on Unix, Linux, Mac (JDBC Only)
2006 Adobe Systems Incorporated. All Rights Reserved.14
ColdFusion Processes
jrunsvc.exe – a 'parent process'
that watches the actual server
process and will restart it if crash
jrun.exe – the Jrun server that
provides the J2EE container which
hosts the ColdFusion server 'inside'
k2admin.exe, k2index.exe,
k2server.exe – these provide the
ColdFusion Search Service, better
known as the Verity text based
search service
2006 Adobe Systems Incorporated. All Rights Reserved.15
Connection Between ColdFusion and Web Server
A JRun Connector Stub is a small program that runs inside the Web Server
The connector filters incoming HTTP requests and matches ColdFusion extensions like .cfm or .cfc
Matching requests are proxied from the Web Server to ColdFusion's request pool
The connector communicates with ColdFusion over the Jrun Proxy Port as shown in jrun.xml
ColdFusion MX Server
External Web Server
ConnectorStub
Client to Web ServerHTTP Connection
Connector to JRunTCP Connection
JRun Proxy Port 51010
162006 Adobe Systems Incorporated. All Rights Reserved.
Locating tools to configure external web servers
Wsconfig (Web Server Configuration) tool can be run in GUI mode, CLI
(command line) mode, or as Windows .bat file (or *nix .sh script)
2006 Adobe Systems Incorporated. All Rights Reserved.17
Web Server Configuration - wsconfig.exe
182006 Adobe Systems Incorporated. All Rights Reserved.
Web Server Configuration – IIS_connector.bat
%CFUSION_HOME%\runtime\bin\wsconfig -server coldfusion -ws IIS -site 0 -coldfusion -cfwebroot
192006 Adobe Systems Incorporated. All Rights Reserved.
IIS Configuration
ColdFusion will install several IIS Virtual Directories
CFIDE and cfdocs virtual dirs can be skipped if -cfwebroot is not used
2006 Adobe Systems Incorporated. All Rights Reserved.20
Extension Mappings in IIS
2006 Adobe Systems Incorporated. All Rights Reserved.21
ISAPI Filter for Jrun Connector
As a client request from a
browser reaches the IIS Web
Server, the ISAPI filters will
first examine the URL for
patterns. If an request URL
contains an extension such
as .cfm or .cfc then Jrun
connector will divert the
request away from IIS for
processing by ColdFusion
2006 Adobe Systems Incorporated. All Rights Reserved.22
wsconfig.properties
232006 Adobe Systems Incorporated. All Rights Reserved.
jrun.ini settings
The Jrun webserver connector can be traced and logged when
verbose is true (and webserver is restarted).
242006 Adobe Systems Incorporated. All Rights Reserved.
Jrun Proxy Service – External Web Server Request Pool Settings
JrunProxyService (jrpp) section of jrun.xml – settings related to the connector and the ColdFusion request pool.
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jrun.xml
252006 Adobe Systems Incorporated. All Rights Reserved.
Relevant Ports
Netstat is available on Windows, Unix, Linux, and is useful to observe
active ports used on the system, and the applications to which they
belong
262006 Adobe Systems Incorporated. All Rights Reserved.
Built-in Jrun Web Server (JWS) Settings
Built-in Web Server Settings (Jrun Web Server or JWS)
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jrun.xml
2006 Adobe Systems Incorporated. All Rights Reserved.27
Understanding Wsconfig
The wsconfig utility does the following:
Scans the port range 2900 – 3000 to find active ports (typical Jrun JNDI port
range)
Attempts to make TCP connection to each active port found
If active port is a Jrun server, the Jrun server opens a new random port, then
instructs wsconfig to reconnect to that new port (RMI Port).
Wsconfig provides web server config parameters to Jrun via RMI over TCP
Each Jrun server has configuration setting for JNDI Port and RMI Port
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\
jndi.properties
java.naming.provider.url=localhost:2920 <-- JNDI
jrun.naming.rmi.port=0 <------ RMI ( 0 means random)
2006 Adobe Systems Incorporated. All Rights Reserved.28
Common Problems When Using wsconfig
ERROR: Could not connect to any Jrun/ColdFusion servers on host.
Server not running
-Start JRun4 or ColdFusion MX server
Server running
-JNDI listen port in jndi.properties blocked by TCP/IP filtering or firewall on server
-host restriction in security.properties blocking communications with server
A local firewall may block JNDI port (29NN) & the random RMI
port
1) define specific RMI port (i. e. jrun.naming.rmi.port=6543)
2) add firewall rules to permit JNDI and RMI connections on localhost
Ensure other non-JRun programs do not use port 2900-3000
Correct any HOSTNAME resolution problems
2006 Adobe Systems Incorporated. All Rights Reserved.29
Connector Ports Recap
Wsconfig uses the JNDI and RMI ports when installing a
connector
JNDI - 2901, 2910, 2920, etc
RMI – default is 0 (random), but can choose your own
The connector uses only the Jrun Proxy Port
JRPP - 51010, 51011, etc... depending on version and number of instance
2006 Adobe Systems Incorporated. All Rights Reserved.30
Basic ColdFusion MX Administration
The ColdFusion MX Administrator provides a browser-based interface for managing your ColdFusion
environment. You can configure many settings to provide optimal levels of security and
functionality.http://livedocs.macromedia.com/coldfusion/7/htmldocs/00001699.htm
http://www.macromedia.com/go/livedocs_cfmx7docs_configadmin
2006 Adobe Systems Incorporated. All Rights Reserved.31
Queued Request Pool
Running Request Pool
Listener
Browser Request
HTTPResponse
HTTPRequest
Web Server
ColdFusionServer
Page Request Flow
Running Request Pool is Full
Request Pool has empty slot
A slot has opened inRequest Pool
Page Request has been processed
connstub
TCP 51010Jrun Proxy Port
2006 Adobe Systems Incorporated. All Rights Reserved.32
Running Request Pool
ColdFusionServer
Page Processing Flow
is Trusted Cache
on ?
Is page in TemplateCache ?
Save Class Files ?
source file time stamp changed ?
Compile cfm toJava
bytecode
Process Request
N
Y
Y
Y
NN
Write class to
disk
332006 Adobe Systems Incorporated. All Rights Reserved.
CF Administrator – Server Settings
Simultaneous Request Setting – One of the most important settings. Controls size
of Running Request Pool, or how many requests can actively be operated on by
the CPU at any moment. 3-5/CPU is a rule of thumb, but depends on nature of
application code and underlying hardware
2006 Adobe Systems Incorporated. All Rights Reserved.34
Server Settings > Caching
Set Max Cached Templates greater than total number of application templates (*)
When application hosted in production, enable Trusted Cache to boost performance
Compilation of CFM > Java byte code very fast. Turn off Save Class Files
2006 Adobe Systems Incorporated. All Rights Reserved.35
Configuring the JVM for ColdFusion
Min Heap size (Xms), Max Heap size (Xmx)
JVM Arguments – Add custom JVM args here
ColdFusion Class Path
Settings stored in C:\CFusionMX7\runtime\bin\jvm.config (can edit manually, back up this
file!)
ColdFusion MX 7 Supported for use with Sun JVM 1.4_NN, but not 1.5 or 1.6
2006 Adobe Systems Incorporated. All Rights Reserved.36
Adding Datasources
2006 Adobe Systems Incorporated. All Rights Reserved.37
Add Datasource – Basic Settings
2006 Adobe Systems Incorporated. All Rights Reserved.38
“Advanced” Datasource Options
2006 Adobe Systems Incorporated. All Rights Reserved.39
“Advanced” Datasource Options
Connection String
Specify additional arguments as name-value pairs: sendStringAsUnicode=true;foo=bar;
Limit Connections
Limit total number of connections allowed to database for this datasource
Maintain Connections
When not checked, every connection will require new connection and will degrade
performance. When checked, connection pooling will be used; When request is
finished the connection will be checked into the pool to be reused by another
request.
Timeout (min) – How long should a datasource connection be idle before it is
closed ?
Interval (min) – How often should CF check for idle connections to be removed ?
Login Timeout – How long should CF wait when establishing a new connection ?
2006 Adobe Systems Incorporated. All Rights Reserved.40
ColdFusion MX - Databases Supported
2006 Adobe Systems Incorporated. All Rights Reserved.41
ColdFusion JDBC Driver Upgrades
2006 Adobe Systems Incorporated. All Rights Reserved.42
Using “Third Party” or Other JDBC Drivers
2006 Adobe Systems Incorporated. All Rights Reserved.43
Using “Third Party” or Other JDBC Drivers
Configuring the Oracle 10g Database Driver for ColdFusion MX as OTHERhttp://www.talkingtree.com/blog/index.cfm/2005/11/14/Oracle10gJDBCHowTo
2006 Adobe Systems Incorporated. All Rights Reserved.44
Create Datasource – Where did it go?
Datasource settings stored in xml configfile, {cf_root}/lib/neo-query.xml
Backup this file periodically
2006 Adobe Systems Incorporated. All Rights Reserved.45
Request Timeout - Warning
Databases are one of the most common reasons leading to server
queuing
After a ColdFusion request has sent the SQL to the RDMBS, the request will continue to
wait for the database to respond fully and finish sending all data
ColdFusion WILL NOT TIMEOUT a request that is waiting for the database
However, some JDBC drivers support a driver timeout including Oracle, SQL Server
Use <CFQUERY timeout=”NNN” . . . > for those drivers
If most or all active requests are waiting for a database, ColdFusion
throughput will decrease and new requests will begin to queue
When a Java stack trace is viewed a request can be observed as waiting"jrpp-749" prio=5 tid=0x010ba3b0 nid=0x24b3 runnable
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at macromedia.jdbc.oracle.net8.OracleDataProvider.ProcessPacketStartFromSocket
2006 Adobe Systems Incorporated. All Rights Reserved.46
Monitoring Open Connections on Oracle
2006 Adobe Systems Incorporated. All Rights Reserved.47
Monitoring Open Connections on Oracle
2006 Adobe Systems Incorporated. All Rights Reserved.48
Debug Output Settings
Use only during development, not in production
Enable setting for Database Activity
2006 Adobe Systems Incorporated. All Rights Reserved.49
IP Address Restriction for Debug Output
Debug output is only displayed to IP addresses registered in CF Admin
Debug output is generated for every request if enabled
Causes performance decline when ever enabled, even if not displayed
2006 Adobe Systems Incorporated. All Rights Reserved.50
Debug Settings: Enable Robust Exception Information
Security hazard - Shows detailed error information TO ALL requests including datasource name, query information, table information, etc.
2006 Adobe Systems Incorporated. All Rights Reserved.51
Debug Settings: Enable Debugging
Allowed IP addresses see the following: Actual SQL generated in CFQUERY tags
JDBC Statements and their parameter values, or Stored Procedure parameters
Query Execution Time and Records returned
2006 Adobe Systems Incorporated. All Rights Reserved.52
Securing the ColdFusion Administrator: Password
Choose a strong password during installation or when updating password
Up to 50 characters – alphanumeric + punctuation characters – no spaces
2006 Adobe Systems Incorporated. All Rights Reserved.53
Securing the CF Admin: Restrict access to /CFIDE/administrator/
2006 Adobe Systems Incorporated. All Rights Reserved.54
Securing the CF Admin: Enable Private Intranet Access via JWS
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jrun.xml
Enable built-in Jrun Web Server (JWS)
Change interface setting from * to a private intranet address or localhost
127.0.0.1 or 192.168.*
Copy or Move CFIDE/administrator directory to CFusionMX7/wwwroot/
Access /CFIDE/administrator/ via private IP: http://192.168.10.1:8500/CFIDE/administrator/index.cfm
2006 Adobe Systems Incorporated. All Rights Reserved.55
Sandbox Security – Create directory based sandbox
2006 Adobe Systems Incorporated. All Rights Reserved.56
Sandbox Security: Data Source Permissions
Restrict ALL DATASOURCES for a given web application
Enable specific datasources as needed for specific web applications
2006 Adobe Systems Incorporated. All Rights Reserved.57
Sandbox Security: DatasourcePermission – denied access
Company1.com template attempted to use datasource company2.com
Sandbox controlled access to datasource – company1 cannot use company2's dsn
Useful in ISP hosting to prevent snooping by other hosted customers
2006 Adobe Systems Incorporated. All Rights Reserved.58
Ten Tips for securing your ColdFusion Application
http://www.adobe.com/devnet/security/articles/topten_tips.html
2006 Adobe Systems Incorporated. All Rights Reserved.59
Configuring ColdFusion MX 7 Server Security
http://www.adobe.com/devnet/coldfusion/articles/cf7_security.html
2006 Adobe Systems Incorporated. All Rights Reserved.60
ColdFusion Security Bulletins
http://www.adobe.com/support/security/
2006 Adobe Systems Incorporated. All Rights Reserved.61
ColdFusion Application Security
http://stevenerat.breezecentral.com/p39473424/
2006 Adobe Systems Incorporated. All Rights Reserved.62
Install ColdFusion Updates When Released
http://www.adobe.com/support/coldfusion/downloads_updates.html
2006 Adobe Systems Incorporated. All Rights Reserved.63
Easy Installation of ColdFusion Updates
In CFMX 7 Administrator's System Information page, select the updater jar location in the Update File field, Submit, then restart CF. The updater file is copied to {cf_root}/lib/updates/
2006 Adobe Systems Incorporated. All Rights Reserved.64
Server Settings > Java and JVM
A subset of JVM parameters are available through CF Administrator
2006 Adobe Systems Incorporated. All Rights Reserved.65
The jvm.config file
2006 Adobe Systems Incorporated. All Rights Reserved.66
The jvm.config file
Located in {cf_root}/runtime/bin/ in Server Configuration
Located in {Jrun_root}/bin/ in Multi-server Configuration
JVM settings can be modified through CF Administrator or by manually editing this file
MAKE A BACKUP OF THE ORIGINAL FILE
MAKE NEW BACKUPS EVERYTIME YOU EDIT THE FILE
Server will not start if improperly edited
java.home and java.args are the most commonly changed settings
2006 Adobe Systems Incorporated. All Rights Reserved.67
Changing the JVM Version
ColdFusion MX 7.02 defaults to use built-in Sun JVM 1.4.2_05
Can install newer Sun JVM 1.4.2 (not supported with Java 5 or Java 6)
Edit java.home setting to point to the new JRE: C:/CFusionMX7/runtime/jre
Use forward slashes “/” or double backslashes “\\” to delimit path
Restart ColdFusion to use new JVM
2006 Adobe Systems Incorporated. All Rights Reserved.68
Commonly Modified JVM Arguments
The -server arg must always appear in first position
-Xmx512m – The max heap size, default at 512 MB
-XX:MaxPermSize – The max Permanent Generation size (optional args use -XX: )
-XX:+UseParallelGC – Garbage Collection behavior (this is a Throughput collector)
2006 Adobe Systems Incorporated. All Rights Reserved.69
The JVM Heap Spaces
New objects (ColdFusion variables, etc) go into the young generation “Eden”
GC removes unreferenced objects and moves referenced objects towards “Tenured”
JVM Heap = Eden + Survivor + Tenured. Permanent Generation is external to heap
PermGen holds ColdFusion Templates and other long lived objects
(source: http://java.sun.com/docs/hotspot/gc1.4.2/)
2006 Adobe Systems Incorporated. All Rights Reserved.70
Using Visual GC Memory Monitoring Tool from Sun
(source: http://www.petefreitag.com/item/141.cfm )
2006 Adobe Systems Incorporated. All Rights Reserved.71
JVM Tuning Resources
JVM Tuning – ColdFusion Developer's Journal – July 2006 http://cfdj.sys-con.com/read/264729_p.htm
Visual Garbage Collection – Pete Freitag's ColdFusion blog
http://www.petefreitag.com/item/141.cfm
Tuning Garbage Collection in JVM 1.4.2 – Sun.com
http://java.sun.com/docs/hotspot/gc1.4.2/
Garbage Collection, Frequently Asked Questions – Sun.com
http://java.sun.com/docs/hotspot/gc1.4.2/faq.html
Performance Under The Covers in ColdFusion MX – Jim Schley
http://www.adobe.com/devnet/coldfusion/articles/performance_61.html
2006 Adobe Systems Incorporated. All Rights Reserved.72
Using Multiple J2EE Server Instances with
ColdFusion
Advantages for Using Multiple Instances of ColdFusion in Multi-Server or Jrun Config
http://www.adobe.com/devnet/coldfusion/j2ee/articles/multiple.html
2006 Adobe Systems Incorporated. All Rights Reserved.73
Clustering Jrun Server Instances for use with
ColdFusion
Clustering ColdFusion MX for J2EE on Jrun
http://www.adobe.com/devnet/coldfusion/j2ee/articles/endtoend.html
HardwareLoad
Balancer
2006 Adobe Systems Incorporated. All Rights Reserved.74
What's Going On Inside ColdFusion Server ?
How many requests are running ?
How many requests are queued ?
How many database hits are occurring ?
What templates are running ?
What are the slowest templates ?
What are the slowest queries ?
?Request Response
2006 Adobe Systems Incorporated. All Rights Reserved.75
Tools to Monitor ColdFusion Server Internals
CFSTAT – a command line utility in {cf_root}/bin/
Jrun Metrics – Enable in jrun.xml, logs session count and
memory usage http://www.adobe.com/go/tn_19120
2006 Adobe Systems Incorporated. All Rights Reserved.76
Tools to Monitor ColdFusion Server Internals
Thread dumps View all Java threads running in the JVM
See which .cfm / .cfc requests are executing to the line (and underlying Java methods)
Requires starting ColdFusion in a command prompt instead of Windows Service
Requires manual intervention to hit a keystroke combination (CTRL+BRK)
Requires manually reviewing thread dumps ( not easily learned )
Technote on Debugging ColdFusion server problems using Thread Dumps
http://www.adobe.com/go/tn_18339
2006 Adobe Systems Incorporated. All Rights Reserved.77
Third Party Tools - SeeFusion.com
2006 Adobe Systems Incorporated. All Rights Reserved.78
Third Party Tools - Fusion-Reactor.com
2006 Adobe Systems Incorporated. All Rights Reserved.79
Coming 2007 – ColdFusion 8 “Scorpio” Server Monitor
2006 Adobe Systems Incorporated. All Rights Reserved.80
Coming 2007 – ColdFusion 8 “Scorpio” Server Monitor
2006 Adobe Systems Incorporated. All Rights Reserved.81
Coming 2007 - ColdFusion MX 8 (Scorpio) Server Monitor
Unlocking the ColdFusion Blackbox
Sneak Peek: Scorpio Server Monitoring – Online Presentation by Ashwin
Matthew
“Just for all you folks who couldn’t make it out to MAX - here’s a peek at what Scorpio
may be offering up for server monitoring. This is the presentation I gave at MAX, with voice
over, but missing, alas, the live demos. It may take a little time to load because of all the
audio, so do be patient.”
http://blogs.sanmathi.org/ashwin/downloads/max2006preso/
2006 Adobe Systems Incorporated. All Rights Reserved.82
More About ColdFusion 8 “Scorpio” on Adobe Labs
http://labs.adobe.com/wiki/index.php/Scorpio:FAQ
2006 Adobe Systems Incorporated. All Rights Reserved.83
ColdFusion MX Hosting Providers / ISP
http://www.adobe.com/devnet/coldfusion/articles/select_isp.html
HostMySite, CrystalTech, MediaTemple, CFDynamics
Concerns: Sandbox Security? How many websites to a single CF Server? RDS? Debugging?
2006 Adobe Systems Incorporated. All Rights Reserved.84