REAL TIME ISSUES IN WAS

 
       REAL TIME ISSUES IN WAS

   
forgot web-sphere admin console password

---->  When you enable the security on WebSphere Application Server [WAS], it will prompt you for authentication when you access admin console, stop server and wsadmin prompt.

----> All the security related settings are stored in config file under Profile_root/config/cells/cell_name.  File name is security.xml. The workaround when the administrator forgot the password is to change the security settings by manually modifying the security.xml file

STEP  1 : Locate the security.xml file and take a backup of it

STEP 2 : open security.xml file for editing and search for enabled=”true”

STEP 3 : modify it to enabled=”false” [you need to do this only for the very first occurrence of enabled=”true” ]

STEP 4 : Restart the servers

Application already exists in the configuration repository

• Deploying an application and it already exists
• Re-Deploying an application whose deployment failed before for some reason
• undeployment failed but there is no reference of the application in admin console

For example, you are deploying a large application using wsadmin and got a soap timeout or out of memory before application is saved. Then you change the timeout/heap and try to deploy your applciation… in this case above error can come.

Solution:

• Stop the target JVM
• Delete all the contents of temp and wstempfolder.
• Go to WAS_INSTALL_DIR\profiles\<profileName>\config\cells\<cellName>\nodes\<nodeName>\
• Edit the file serverindex.xml for an entry for our application within the tag<deployedApplications>xxx.ear</deployedApplications> (delete this line)
• Do a search for your ear file in the file system and delete all the occurrences of the XXX.earfolder
• Restart WAS
• deploy the application

PLUG-IN PARAMETERS

   PLUG-IN PARAMETERS   

PLUG-IN Parameters are

a. Maximum Web container threads, set on the Web container  : maximum size of 
the thread pool is set to 50 

----> Minimum Thread Pool Size is 10



b. ConnectionIOTimeout, set on the HttpTransport  : The default value is 5 seconds



c. ConnectionKeepAliveTimeout, set on the HttpTransport : This is the maximum time to wait for the next request on a KeepAlive connection. 

-----> The default value is 5 seconds. 

----> If the next request on this KeepAlive connection is not received within this time, the connection will be closed.



d. MaxConnectBacklog, set on the HttpTransport : The MaxConnectBacklog setting controls the number of such requests that get queued up before the plug-in is refused more connection requests. 

----> If this number is exceeded, the requests from the plug-in will not be able to connect to 
the HttpTransport port. 

----> If not specified by the user,  the default value of this parameter is 512.  

-----> Example: If a Web container is configured for a maximum of 50 concurrent 
threads and 512 requests in the backlog, we can have 512 + 50 = 562 concurrent 
requests from the plug-in to port 9080. Fifty of these are in the application server 
and the rest are waiting in the backlog’s FIFO queue in the OS kernel. If the 563
rd request from the plug-in comes into port 9080, it will be rejected and the plug-in 
will get an ETIMEDOUT error in http_plugin.log. 



e. MaxKeepAliveConnections, set on the HttpTransport : This parameter has been provided in the HttpTransport to improve performance by enabling reuse of HTTP connections  that have already  been established between the plug-in and the  application server’s HttpTranport. 

-----> It provides a performance boost because it prevents each new HTTP request from creating a 
new connection (new connection creation has an overhead on the plug-in and 
the HttpTransport). This is analogous to a JDBC connection pool, where a single 
JDBC connection is used by many different requests. 

----> The maximum number of concurrent KeepAlive connections across all the HTTP 
transports in a Web container should be less than the maximum number of 
concurrent threads allowed in that Web container



f. MaxKeepAliveRequests, set on the HttpTransport : This parameter specifies the maximum number of requests which can be processed on a single KeepAlive connection. This is an integer value which defaults to 100 if not specified by the user. Setting this property to a high value 
provides better performance. Setting this property to a low value can help prevent denial of service attacks if a client tries to hold on to a KeepAlive connection indefinitely. This custom property is ignored if MaxKeepAliveConnections is equal to zero.

  
  Parameters on the Web server side 

 a. OS parameter: TCP/IP timeout :  When a TCP/IP client is not able to communicate with a TCP/IP server in the time specified by the TCP/IP timeout, that request is aborted. This is one of the ways in which a request from the plug-in  (TCP/IP client) to the HttpTransport 
(TCP/IP server) fails, thus marking that the application server down. 

----> Once this setting is changed, it not only affects the plug-in, but also every other 
TCP/IP client application running on that node.

 b.  Plugin-cfg.xml parameter ConnectTimeout : The ConnectTimeout attribute of a Server element allows the plug-in to perform non-blocking connections with the application server. Non-blocking connections are beneficial when the plug-in is unable to contact the destination to determine if the port is available or unavailable. If no ConnectTimeout value is specified, the 
plug-in performs a blocking connect in which the plug-in sits until an operating 
system times out and allows the plug-in to mark the server unavailable. 

---> A value of 0 causes the plug-in to perform  a blocking connect. 

---> A value greater than 0 specifies the number of seconds you want the plug-in to wait for a successful connection. 

----> If a connection does not occur after that time interval, the plug-in marks the server unavailable and fails over to one of the other servers defined in the server group.

 
c.  Plugin-cfg.xml parameter RetryInterval : This attribute is added to ServerCluster tag in the plugin-cfg.xml file. 

----> If the server or clone is marked down by the plug-in, the value of this parameter will 
specify when the plug-in will retry that application server. If not specified by the 
user, the default value is 60 seconds.  

----> A higher value will cause an application server to be offline for a longer period of 
time (in case it’s already recovered). A smaller value will cause new requests to 
receive a delayed response more frequently if the application server is still down. 

COGNIZANT INTERVIEW QUESTIONS

         COGNIZANT INTERVIEW QUESTIONS 


1)  Tell me about Yourself ?

2) What is JDBC ? How you can configure JDBC ?

3) What is SSL    ?  How you can configure SSL ?

4) What is Cell  ?  How many cells we can use ? Can we use multiple cells ?

5) What is Node ? 

6) What is Node Agent ?

7) Hierarchy of NETWORK DEPLOYMENT ?

8) How we can copy Multiple files in UNIX ?

9) In LINUX I dont know my port number ? How we can achieve and get that port no ? Display all port no's ?

10) Which UNIX version you are using ?

11) How to check UNIX version ?

12) How to see the Heap Memory in the System ? Whether it is full or not ?

13) How to create a file ?

14) How to move the file ?

15) Difference between WEBSERVER AND WEB CONTAINER ? 

16) What is AppServer ?

17) What is WebServer ?

18) What is Clustering ? How many types are there ? Which will effective in Real time  ?

19) How can we achieve FAILOVER ?

DESCRIPTION OF KILL COMMAND

        DESCRIPTION OF KILL COMMAND



Definition of KILL COMMAND :  Kill command is use to send signal to a process or to kill a process. We typically use kill -SIGNAL PID, where you know the PID of the process.



----->  There are other ways to effectively kill a process  



A) killing a process by name

B)  killing a process by specifying part of the name

C)  killing a process by pointing out the process with cursor etc.


There are 4 ways to kill a Process 



1. Kill Command – Kill the process by specifying its PID 



----->  All the below kill conventions will send the TERM signal to the specified process. For the signals, either the signal name or signal number can be used. You need to lookup the pid for the process and give it as an argument to kill.



Ex 1 : $ kill -TERM pid

Ex 2 : $ kill -SIGTERM pid

EX 3 : $ kill -15 pid

Ex 4 : Kill the firefox process



$ ps -ef | grep firefox 1125  ? s1 11:22  /usr/lib/firefox-3.5.3/firefox

$ kill -9 1125 

2. Killall Command – Kill processes by name



----> Instead of specifying a process by its PID, you can specify the name of the process. If more than one process runs with that name, all of them will be killed.

Example: Kill all the firefox processes

$ killall -9 firefox

3. Pkill Command – Send signal to the process based on its name

-----> You can send signal to any process by specifying the full name or partial name. So there is no need for you to find out the PID of the process to send the signal.

Example: Send SIGTERM to all the process which has sample in its name.

$ pkill sample

Pkill Example:  Before sending signal, you can verify which are all the process is matching the criteria using “pgrep -l”  which displays the process ID and process name of the matching processes.

----> In this example, all the processes are designed to log the signal to signal-log, along with its PID.

$ pgrep -l sample
12406 sample-server.p
12425 sample-server.p
12430 sample-garbagec

$ pkill -USR1 sample

$ cat signal-log
Name: ./sample-server.pl Pid: 12406 Signal Received: USR1
Name: ./sample-server.pl Pid: 12425 Signal Received: USR1
Name: ./sample-garbagecollector.pl Pid: 12430 Signal Received: USR1

Note: The part of name which you specify should be in the character within the first 15 character of the process name.

4. Xkill Command – kill a client by X resource

---> xkill is the simplest way to kill a malfunctioning program. When you want to kill a process, initiate xkill which will offer an cross-hair cursor. Click on the window with left cursor which will kill that process.




EX : $ xkill
Select the window whose client you wish to kill with button 1
xkill:  killing creator of resource 0x1200003
Note: Actually, xkill instructs XServer to terminate the client.

DMZ (DEMILITARIZED ZONE)

         DMZ (DEMILITARIZED ZONE)  

Definition of DMZ  :   DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. 



------>  It prevents outside users from getting direct access to a server that has company data.

                                                     
                                                          (or)

----->  A computer or small sub network that sits between a trusted internal network, such as a corporate private LAN, (LOCAL AREA NETWORK) and an untrusted external network, such as the public Internet.




----->  Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP ) servers, FTP(FILE TRANSFER PROTOCOL) servers, SMTP (e-mail) servers and DNS (DOMAIN NAME SERVICE) servers. SMTP (SIMPLE MAIL FILE TRANSFER PROTOCOL)




----->    A demilitarized zone (DMZ) configuration involves multiple firewalls that add layers of security between the Internet and critical data and business logic.



----->  The main purpose of a DMZ configuration is to protect the business logic and data in the environment from unauthorized access. A typical DMZ configuration includes




1)   An outer firewall between the public Internet and the Web server or servers processing the requests originating on the company Web site.



2) An inner firewall between the Web server and the Application Servers to which it is forwarding requests. Company data also resides behind the inner firewall.




----->  WebSphere Application Server offers many configuration choices for accomplishing this goal.


A)    Works with product security : WebSphere Application Server security protects applications and their components, by enforcing authorization and authentication policies



B)  Avoids critical business data in the DMZ  :   A DMZ configuration protects application logic and data, by creating a buffer between the public Internet Web site and the internal intranet, where Application Servers and the data tier reside.




C)  Supports Network Address Translation (NAT) :A firewall product that runs NAT receives packets for one IP address, and translates the headers of the packet to send the packet to a second IP address. In environments with firewalls employing NAT, avoid configurations involving complex protocols in which IP addresses are embedded in the body of the IP packet, such as Java Remote Method Invocation (RMI) or Internet Inter-Orb Protocol (IIOP). These IP addresses are not translated, making the packet useless.



D)  Avoids the DMZ protocol switch : The Web server sends HTTP requests to Application Servers behind firewalls. It is simplest to open an HTTP port in the firewall to let the requests through. Configurations that require switching to another protocol, such as IIOP, and opening firewall ports corresponding to the protocol, are less desirable. They are often more complex to set up, and the protocol switching overhead can impact performance.



E)  Allows an encrypted link between Web server and Application Server  :Configurations that support encryption of communication between the Web server and application server reduce the risk that attackers are able to obtain secure information by sniffing packets sent between the Web server and Application Server. A performance penalty usually accompanies such encryption.




Definition of Sniffing Packets  :   A Packet Sniffer is a program that can record all network packets that travel past a given network interface, on a given computer, on a network. It can be used to troubleshoot network problems, as well as to extract sensitive information

                             (or)




--->  Packet Sniffer is the act of capturing packets of data flowing across a 
computer network. The software or device used to do this is called a packet sniffer.




----> However, it is also widely used by hackers and crackers to gather information illegally about networks they intend to break into. Using a packet sniffer it is possible to capture data like passwords, IP addresses, protocols being used on the network and other information that will help the attacker 



F)  Avoids a single point of failure  :   A point of failure exists when one process or machine depends on another process or machine. A single point of failure is especially undesirable because if the point fails, the whole system becomes unavailable. When comparing DMZ solutions, a single point of failure refers to a single point of failure between the Web server and Application Server. Various failover configurations can minimize downtime and possibly even prevent a failure. However, these configurations usually require additional hardware and administrative resources.



G)  Minimizes the number of firewall holes  : Configurations that minimize the number of firewall ports are desirable because each additional firewall port leaves the firewall more vulnerable to attackers.

ABBREVIATIONS IN WAS

     ABBREVIATIONS IN WAS  




1)   WAS  (WEB SPHERE APPLICATION SERVER)

2) JDBC (JAVA DATA BASE CONNECTIVITY)

3) JMS  (JAVA MESSAGING SERVICE)

4) JNDI (JAVA NAMING AND DIRECTORY INTERFACE)

5) PMR (PROBLEM MANAGMENT REPORT/RECORD)

6) PMI (PERFORMANCE MONITORTING INFRASTRUCTURE)

7) APAR (AUTHORIZED PROGRAM ANALYSIS REPORT)

8) LTPA (LIGHT WEIGHT THIRD PARTY AUTHENTICATION MECHANISM)

9) LDAP (LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL)

10) RMI (REMOTE METHOD INVOCATION)

11) SWAM (SIMPLE WEB SPHERE AUTHENTICATION MECHANISM)

12) SSO (SINGLE SIGN ON)

13) SSL (SECURED SOCKET LAYER)

14) JTA (JAVA TRANSACTION API)

15) FFDC (FIRST FAILURE DATA CAPTURE)

16) HTTP (HYPER TEXT TRANSFER PROTOCOL)

17) SOAP (SIMPLE OBJECT ACCESS PROTOCOL)

18) TCP/IP (TRANSMISSION CONTROL PROTOCOL / INTERNET PROTOCOL)

19) UDP (USER DATAGRAM PROTOCOL)

20) MQ (MESSAGING QUEUE)

21) EJB (ENTERPRISE JAVA BEANS)

22) JAR (JAVA ARCHIVE)

23) WAR (WEB ARCHIVE)

24) EAR (ENTERPRISE ARCHIVE)

25) JSP (JAVA SERVER PAGES)

26) HTML (HYPER TEXT MARKUP LANGUAGE)

27) DMZ (DEMATERIALIZED ZONE)

28) SIB (SERVICE INTEGRATION BUS)

29) JCA (JAVA CONNECTOR ARCHITECTURE)

30) J2C (JAVA 2 CONNECTOR)

31) JDK (JAVA DEVELOPMENT KIT)

32) IHS (IBM HTTP SERVER)

33) TPV (TIVOLI PERFORMANCE VIEWER)

34) DD  (DEPLOYMENT DESCRIPTOR)

35) TAM (TIVOLI ACCESS MANAGER)

36) CORBA (COMMON OBJECT REQUEST BROKER ARCHITECTURE)

37) ARM (APPLICATION RESPONSE MEASUREMENT)

38) ESB (ENTERPRISE SERVICE BUS)

39) VMSTAT (VIRTUAL MEMORY STATISTICS)

40) NIC (NETWORK INTERFACE CARD)

41) SSH (SECURE SHELL) 

42) ISA (IBM SUPPORT ASSIATANT)

43) XML (EXTENSIBLE MARKUP LANGUAGE)

44) CSR (CERTIFICATE SIGNING REQUEST)

45) WLM (WORKLOAD MANAGEMENT)

46) API (APPLICATION PROGRAMMING INTERFACE)

47) URL (UNIFORM RESOURCE LOCATOR)

48) DMGR  (DEPLOYMENT MANAGER)

49) TAI (TRUST ASSOCIATION INTERCEPTOR)

50) GUI (GRAPHICAL USER INTERFACE)

51) CA  (CERTIFICATE AUTHORITY)

52) USD (UNICENTRE SERVICE DESK)

53) DNS (DOMAIN NAMING SYSTEM)

54) SIP (SESSION INITIATION PROTOCOL)

55) RAD (RAPID APPLICATION DEVELOPMENT)

56) SPOF (SINGLE POINT OF FAILURE)

57) DRS (DATA REPLICATION SERVICE)

58) JAAS (JAVA AUTHENTICATION AND AUTHORIZATION SERVICE)

59) SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

60) CSR (CERTIFICATE SIGNING REQUEST)

61) JKS (JAVA KEY STORE)


62) SLA (SERVICE LEVEL AGREEMENT)

63) FTP(FILE TRANSFER PROTOCOL)

64)  Network Address Translation (NAT)

65)  IIOP (Internet Inter-Orb Protocol )

66) SAN (STORAGE AREA NETWORK)

WAS INTERVIEW PART-4 QUESTIONS AND ANSWERS

       WAS INTERVIEW PART-4 QUESTIONS AND ANSWERS 


1)  What are logs in IHS (IBM HTTP SERVER)  ?

A)  Access.log  ,  Error.log




2)  What are Configuration files in IPlanet Web Server  ?

A)  Magnus.conf  ,   Obj.conf


3)  Prerequisite of SyncNode Command  ?



A)  The NodeAgent must be in stopped state when this command is executed.




4)  If we got a problem before creating a log's Directory at a time of Installation at that time where you can check Status of Installation?



A)  tmp/log.txt


5)  If NodeAgent stops what will Impact for end Users  ?



A) Their is no Impact for end USer



6)  What is the Impact for Federated profile Servers If the DMGR is down  ?



A)  No Impact on Servers and Applications


7)  What is the Configuration file (or) Heart of IHS  ?

A)  httpd.conf file


8)  If Application is giving Very Slow Response then how will improve  ?



A)  ----->  Check Connection Pool Settings.

      ----->  Change Accordingly if required.

     ------>  JVM Memory Settings

    ------>  Change Accordingly if required

   ------>  Check Database if it is giving Slow Response.

   ------>  Check any Connection are waiting or not Closing.

   ----->   Check CPU Utilization  ,  JVM Utilization




9)  If You got Internal Error then what is the solution for it  ?



A)  ----->   Check IHS is running or not.

     ----->    If it is running check the AppServer is running or not.

     ----->   This is basically due to request is reaching to IHS and not able to reach Application.


10)  If you are trying to start WAS and you are getting "Class not found "  exception then how to solve this issue  ?



A)  ------>   Check Web Sphere classpath and set it properly if not set.

      ----->    Check Systemout and Systemerr logs for any specific errors or warning to identify which class is not found when Starting the Server.



11)  What are AppServer Components   ?

A)  1)  Admin Server

     2)  Web Container

     3)  EJB Container

     4)  J2C Service (JAVA 2 CONNECTOR )

     5)  Messaging Engine

     6)  Security Server.




12)  What is Server  ?

A)  ----> Server provides runtime Environment for your Web Applications or Enterprise Applications. 

     -----> Server receives user request ,  process that request and response will generated to End Users.




13)  Can you know other Connection Pool in WAS other than JDBC Connection Pool  ?

A)  1)  J2C Connection Pool  (JAVA 2 CONNECTOR POOL )

      2) MQ Connection Pool (Messaging Queue)

      3)  Thread Pool


14)   Different Types of Session TimeOut can be set  ?

A)  1)   Application level
  
      2)  Web Module level

      3)   Server level


15)  How do you verify that you are using Horizontal clusters not a vertical cluster?

A)  ----->  if u have all the servers in same machine(Host) ,than its vertical ,if cluster servers are installed in different machine than its horizontal.

                                         -OR-

  -----> Go to WAS console => select Nodes in left side => in the right side of the console you can see how many nodes make's your CELL, and also the host-name of the boxes in which the node exists.

------> if you see all the nodes from different host-names then its Horizontal clustering if you see same host-name here then its Vertical clustering

16) What kind of security mode you are using or JDBC connection?

A)  J2C AUTHENTICATION.


17)    Can u configure multpile apache webservers?

A)  we can configure in httpd.conf file.




18)  How do you apply a FIX PACK  ?


A)  - Stop all the JVM/Node/DMGR on which you are going to apply fixpack
     - first check and update the update installer
    - Place the .pak files in maintenance folder of updateinstaller directory
    - create the response files
   - run ./update.sh -silent -options”path-to-responsefile”
   - check the versioninfo from the WAS bin directory



19)  If nodeagent is stopped, can you perform the sync  ?

A)  ---->  In adminconsole Answer is No
     ------> if we are doing syncnode by command mode then Nodeagent should be stopped.



20)  one of the cluster member (jvm) is having issues. To troubleshoot the issue, you decided to take it out of the cluster. How do you do that?

A)  Make its runtime weight to 0



21)  In a complex environment, there are 10 machines. Machine A is having 8GB RAM and machine B having 2GB of RAM. The administrator decided to send twice as many request as machineB to machineA. How can he achive it?

A) give machineA twice the weight as machineB


22)  After making some changes on a cluster, it is required to recycle/restart all the cluster JVMs. The lead admin told you to make sure that there should not be any downtime during this recycle. Which option do you use to achieve it?

A)  Ripple start


23)  A large application which has 5web modules has been deployed on to a cluster. After some months, the developer asked you to update on of the 5web modules. How do you do it?

A)  RollOut



24)  can you change the cluster name, once it was created

A)  No

25)  WHEN APPLICATION IS DOWN WHAT U WILL DO?

A)  ---->  First look at the logs for errors. If you find the error, save the logs and start your application. Then start trouble shoot.

   ----->  If no error found, run a trace and look for FFDC etc.

26)  I HAVE 16GB RAM,WHAT IS THE MINIMUM & MAXIMUM HEAPSIZE ?

A)  No relation. Heap settings should be made depends on application



27)  What is the most important step to do, if you change your user repository.

A)  recycle all the JVMs. otherwise the key tokens will not be updated for the new repository

28)   When can you enable global security?

A)  ---->  While Installing

     -----> After Installation also

29)  What is the default user registry, if you enable Global Security at the time of installation

A)  Its federated repositories actually it is a file

30)  can we use different SSL for nodes and plugin ?

A)  Yes.

31)  What is the command to start and stop the httpserver?

A)  ./apachectl -k stop/start


32) What is a keystore?

A)  A keystore is a database that contains private keys with their associated certificates. The keystore will be used for encrypting/signing some thing with your private key

33)  What is root certificate?

A)  ----> Root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority (CA). 

-----> Digital certificates are verified using a chain of trust. The trust anchor for the digital certificate is the Root Certificate Authority (CA).

----->  A root certificate is the top-most certificate of the tree, the private key of which is used to "sign" other certificates. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate.

----> Intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a certificate chain that begins at the trusted root CA, through the intermediate and ending with the SSL certificate issued to you. Such certificates are called chained root certificates

----> Creating certificates directly from the CA root certificate increases the risk of root certificate compromise, and if the CA root certificate is compromised, the entire trust infrastructure built by the SSL provider will fail. The usage of intermediate certificates for issuing SSL certificates to end entities, therefore, provides an added level of security.

34)  What is the Default Server in WAS for Application Server profile ?

A)  Server1