Portal administration and performance

Automatic Application of Portal Tuning Parameters

AlexLang Tags: tuning performance portal ‎ 2 Comments ‎ 8,871 Views

Whenever you deploy a new WebSphere Portal instance you must tune the Portal in a manner appropriate to the environment. For example, out of the box, Portal is NOT tuned for production.

The IBM Portal Performance team has produced several documents that contain the tuning that should be done after installation and before deploying a Portal to production. This is the document for V7, the one for V8 and this one for V8.5. This document should be considered a prerequisite for the beginning of performance testing and certainly a prerequiste for production.

There are several components that should be tuned. These include the Portal itself, the LDAP, the database, the OS and the web server.

Mike White and I have written a ConfigEngine script that will apply the tunings for the Portal automatically. The script is included in Portal V7.0.0.2 CF22+, Portal V8 CF05+ and all levels of 8.5. Use of this script will improve the accuracy of applying the tuning changes as well as reduce the time needed to do the task.

The changes are driven by a properties file (tuning.properties) along with several resource environment providers files. Since the tuning.properties file assume you are a WCM rendering server that is only a subscriber (and NOT a syndicator), you may need to adjust some of the setting to match your environment. You can easily do this by copying the read-only tuning.properties to a local directory, updating the name/value pairs that need updating and point to the new copy when you run the task.

Note for zOS users: This task does run on zOS. Note however, that there were significant fixes put into the code to resolve zOS issues in March, 2014. These fixes wil be included in 8001, CF10 as well as the initial release of V8.5. If you are on zOS and not running at least 8001 CF10 level, please download the linked code immediately following.

The latest README file is linked here. It provides the details on using this new task. I have also included the (current) latest version of the code here. The latest version can be untarred in the PortalServer/installer/wp.config/config subdirectory as is. Note that the default the subdirectory just mentioned does NOT have write permission. The permission must be changed before trying to untar this file. As a best practice, download the latest from the provided link regardless of your level of Portal. The latest version works on all levels.

Please Note: These defaults in the tuning.properties file assume the server being tuned is a WCM rendering server that is NOT subscriber only. It will also set the WCM advanced cache. If you are running this on an authoring server, you should consider turning off WCM advanced caching.

Modified on by AlexLang

Theme development questions and answers

Thomas_Hurek ‎ 1 Comment ‎ 3,653 Views

In today's blog post we will look at some some of the questions I received from customers in regards to developing a Portal 8 or 8.5 theme.

1. How to find out which dojo classes are included in which of the modules that we define Out of the Box?

The modularized theme architecture enables you by specifying modules in the profile to combine resource requests for javascript, css stylesheets and other static resources. The theme defines a set of modules Out of the Box that you can include in your theme profile. When using dojo you know that your portlets or theme code uses certain dojo classes but the question is which of the predefined modules includes the class you need. The answer can be found in the file build-report.txt in the directory PortalServer\theme\wp.theme.dojo\installedApps\dojo.ear\dojo.war\<version>.

2. I made a change to theme_en.html or another html file in my static theme war file but why does it not become visible?

You need to hit Ctrl + F5. This will cause the correct cache headers to flow to the server and the files will be updated. The exception is for layout.html files. For the layout files you need to restart the Portal server for the change to become visible if creating an ear based theme.

3. Why are request parameters getting lost between dynamic content spot JSP's?

Portal provides an isolation between dynamic content spots - request parameters are hidden between the dynamic content spots. Parameters set in Default.jsp will be visible though throughout the different dynamic content spots. If you create a map object as a request parameter in the Default.jsp you can store and retrieve parameters in that map between the dynamic content spots.

The same holds true for externally passed in request parameters that come in e.g. as query parameters. They can be retrieved inside Default.jsp and be made available to the dynamic content spots but not be retrieved directly from within the dynamic content spots.

4. Is there a limit of how many CSS rules in a single file can be interpreted by the older versions of Microsoft Internet Explorer?

Yes - as documented here: http://support.microsoft.com/kb/262161

If you are using the theme resource aggregation Portal combines the css files for you and that can lead to larger CSS files than Microsoft Internet Explorer can handle you can influence how large the CSS files become for a single request by setting the following property in WP ConfigService:

resourceaggregation.split.css=150

5. Issues with caching of ra:collection URLs?

My colleague Stephan has recently written a great article on how to debug cachability issues with the static resource requests:

https://developer.ibm.com/digexp/docs/docs/customization-administration/debugging-cachability-issues-theme-resource-aggregator-requests/

6. Is there a quick way to get to an ear based theme?

There are a few step by step documents that document the process but for 8.5 a faster way is to leverage the sample ear based theme that is shipped in form of a paa file (Portal Application Archive) here:

http://www.openntf.org/main.nsf/project.xsp?r=project/5C8D7A764AB38B1386257CE0004AB90E

Unzip the paa file (a paa file can simply be renamed to a zip file) and browse to the WARTheme85 directory:

- in the installableApps\ear directory you will find the WARTheme85.ear file - this can be imported into Rational Application Developer or Eclipse or your J2EE development environment of choice

- in the content\xmlaccess\install directory you will find the xmlaccess script that can be used to install the theme

You can then adjust the theme as needed - e.g. define your own context root for the theme or modify the functionality.

Currently the theme paa is based upon 8.5 CF0 - if you want to use the new functionality provided with later CFs you will need to reapply those changes to your theme.

7. How can I add CTC functionality to my ear based theme?

When installing CTC (Content Templating Catalog) the webdav store is updated with various files needed for CTC. If you have a custom theme you need to redo those changes in your theme. That means copying the new files into your static war file:

- CTC folder

- ctc.json into the contributions folder

- a bunch of profiles going into the profiles directory

- CtcLayouts.json and CtcStyles.json in the system directory

For webdav themes the metadata.properties file is being updated with the following entries:

ibm.portal.shelf.style.json.ctcstyles=system/CtcStyles.json
ibm.portal.shelf.layout.json.ctclayouts=system/CtcLayouts.json

For ear based themes the metadata.properties file is not used and those properties need to be defined via XMLAccess for the theme - e.g.:

<parameter name="ibm.portal.shelf.layout.json.ctclayouts" type="string" update="set">
<![CDATA[war:MyStaticContextRoot/themes/MyTheme/system/CtcLayouts.json]]>
</parameter>
<parameter name="ibm.portal.shelf.style.json.ctcstyles" type="string" update="set">
<![CDATA[war:MyStaticContextRoot/themes/MyTheme/system/CtcStyles.json]]>
</parameter>

Modified on by Thomas_Hurek

WebSphere Portal and Web Content Manager Administration Tips and Tricks

Thomas_Hurek ‎ 3,103 Views

In today's blog post I will explain a few tips and tricks I like to use and that will hopefully help you as well.

1. Drag and Drop Deployment
With WebSphere Application Server 8 and above you can can deploy ear,war, jar and other artifacts by putting them into a monitored folder in your file system.
When updating an ear file it will automatically be deployed for you. If you remove the file the according WebSphere artifact is removed as well. You can choose the location of the folder, you can also configure additional deployment properties if you want to. If you want to deploy portlets this way you would need to leverage the predeployed portlet option since the drag and drop deployment bypasses XMLAccess. Then you would still need to register the portlets in Portal via XMLAccess but subsequent deployments that do not add portlets inside your war / ear file would not need that step.
For details please have a look at:
Pre-deployed portlets: http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM+WebSphere+Portal+8+Product+Documentation#action=openDocument&res_title=Registering_predeployed_portlets_wp8&content=pdcontent&sa=true
Drag and Drop deployment: http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftrun_app_install_dragdrop.html

2. Faster Portal server startup
We offer two configuration tasks for improving the startup performance of your Portal server JVM. For production usage we recommend the light mode , while for development systems you can use the developer mode. The tasks are available starting with WebSphere Portal 6.1. Both tasks disable the majority of the portlets we ship out of the box and start them when you first use them.
For details please have a look at:
Developer Mode: http://www-10.lotus.com/ldd/portalwiki.nsf/dx/Setting_up_a_development_server_wp8
Portal Light Mode: http://www-10.lotus.com/ldd/portalwiki.nsf/dx/Enabling_and_disabling_portal_light_mode_wp8

Still not fast enough?
Disable Services in WebSphere Application Server that you are not using - e.g. the Internationalization Service.
Take a look at the Portal tuning guide for details: http://www-10.lotus.com/ldd/portalwiki.nsf/dx/IBM_WebSphere_Portal_V_8.0_Performance_Tuning_Guide

3. How to clone the user registry configuration between systems
If using federated security there is a shortcut to running all the different security tasks to get security enabled against the right user repositories. Since the configuration is stored within the VMM (Virtual Member Manager) configuration files and WebSphere Security itself only points to VMM, one can copy the configuration between systems if both are supposed to use the same configuration.
The relevant files are within the <Profile>/config/cells/<Cellname>/wim directory. If you are within a cluster stop all java processes, then copy the files to each node including the Deployment Manager and restart.
A few notes:
- this will only work if the admin user and group stay the same (e.g. wpsadmin and wpsadmins in the file repository)
- this does not cover running member fixer or any other adjustments typically needed after changing the security configuration
- as always you want to take backups before trying this ;)

4. Limit memory cache size
So you increased the WCM or your custom cache sizes and suddenly get memory issues? While the WebSphere configuration in the past exposed a configurable parameter for the number of entries in the cache it was possible to have huge entries that would use up so much memory that your JVM would be in trouble (Out of Memory or high garbage collection processing).
Starting with WebSphere Application Server 8 you can now also configure a maximum size limit for the used memory of the cache. This can be done in the WebSphere Application Server Admin Console in the same area you can increase the number of cache entries.

5. Figuring out who might be calling this method
Everybody was supposed to stop using this method but some code is still calling it and you can not find out which code is doing it? Or you see some System out messages but it is unclear who is printing it but it is severe enough to slow down the system?
The IBM JVM has a "trace engine" built in, which can be used to track Java methods and trigger different actions when certain method(s) execute. One of the actions is creating a javacore - that holds the stack traces. For example to trigger a javacore when MyClass.myMethod is called one would add the following JVM parameter:
-Xtrace:trigger=method{my/package/MyClass.myMethod,javadump}
For details please have a look at:
http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/index.jsp?topic=/com.ibm.java.doc.diagnostics.60/diag/tools/trace_options_trigger.html
http://wasdynacache.blogspot.com/2011/12/jvm-xdump-options-for-scenario-based.html

6. Live profiling of your system with Health Center
The IBM Monitoring and Diagnostic Tools for Java - Health Center is a lightweight tool that monitors active IBM Virtual Machines for Java with minimal performance overhead.
The Health Center suggests live tuning recommendations for Garbage Collection, profiles methods including call stacks, and highlights contended locks. This information can help
you optimize performance, improve stability and optimize system resource usage.
The tool is free and very useful - since it has a low overhead I have used it with a production JVM to see which methods are most often executed and therefore potentially need
For details please have a look at:
http://www.ibm.com/developerworks/java/jdk/tools/healthcenter/

Modified on by Thomas_Hurek

WebSphere Portal version 9, Web Content Manager version 9, Digital Experience version 9

Thomas_Hurek ‎ 3 Comments ‎ 3,804 Views

At the end of last year we released version 9 of our Digital Experience, WebSphere Portal, Web Content Manager software. Among other features version 9 supports WebSphere Application Server version 9 and integration with Watson Content Hub. If you are on version 8.5 it is a very simple procedure to move to version 9 and you can even stay on WebSphere Application Server 8.5 if required.

If you are currently considering migration from a previous release like version 7 or 8.0 we recommend to consider version 9 as target to start off with the latest supported version. Note that when using the automated migration and not manual migration one would migrate to version 8.5 and then apply version 9 via the Installation Manager.

Below I have collected a set of links to get you started with version 9:

Official announcement: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&supplier=897&letternum=ENUS216-550

InfoCenter (installation and configuration of v9): http://www.ibm.com/support/knowledgecenter/en/SSHRKX_9.0.0

InfoCenter for regular operation and configuration leverages the v8.5 InfoCenter: http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/welcome/wp_welcome.html

Software Support Lifecycle for Portal: http://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?psynkey=I682946E87648C32&synkey=B754819J28579H68&from=spf

System requirements: http://www-01.ibm.com/support/docview.wss?rs=1070&uid=swg27007791

Tuning Guide (for now use Portal 8.5 tuning guide until updated): https://www-10.lotus.com/ldd/portalwiki.nsf/dx/IBM_WebSphere_Portal_V_8.5_Performance_Tuning_Guide

Recommended fixes (link will be used for 8.5 and 9.0): http://www-01.ibm.com/support/docview.wss?uid=swg24037802

Using WebAphere Application Edition Management (AEM) with WebSphere Portal

AlexLang Tags: "version aem ‎ 1,696 Views

Introduction

What is WebAphere Application Edition Management (AEM)?

From the WebSphere InfoCenter: Application edition management enables management of interruption-free production application deployments. Using this feature, you can validate a new edition of an application in your production environment without affecting users, and upgrade your applications without incurring user outages. You can also run multiple editions of a single application concurrently, directing different users to different editions, as the ODR maintains not only traditional application state (for example, HTTP session) affinity, but also application version affinity. The ability to queue requests is also employed with the Intelligent Management application edition function if an “atomic” application update that allows pre-provisioning of a new application version, and an “atomic” update of all users from the old application version to the new application version, is desired.

WebSphere Portal only takes advantage of application (portlet) versioning. Since the Portal servlet aggregates portlet markup, the use of ODR will not facilitate routing of certain users to particular versions of a portlet as happens with applications (e.g. servlets) in WebSphere Application Server. The main use of this function in a portal context would be the ability to quickly “roll back” from a current version of a portlet to a previous version in case errors are found or to “roll forward” when a new version is ready to deploy.

Support (or Lack There-of)

The use of AEM is officially “unsupported” in a Portal context. This is mainly due to three reasons. First is the list of caveats which immediately follow. Second is that the Portal UI screens do not have appropriate fields to support AEM versioning. Lastly is the lack of testing of this WebSphere feature.

If a problem does arise with the use of AEM, the IBM Portal support team cannot and will not accept problem reports (PMRs) that arise from arise from the use of AEM in portlets that are being deployed and managed as outlined below in this paper.

However, AEM does work in a limited fashion with WebSphere Portal. This paper shows how to use AEM along with some of the important considerations to consider before employing AEM.

Caveats

There are several caveats that must be considered when using AEM in a Portal context. Some of these include (but may not be limited to):

1) Portlet Preferences: if a new “edition” of a portlet is created, and the "new" edition adds or removes a portlet preferences, problems will arise. This is due to the way that portlet preferences are stored in the internal Portal database. Don't add or remove portlet preferences in versions of a portlet under AEM control. In other words, the external API of the portlet that is versioned should remain precisely the same.

2) WSRP: WSRP has not been fully tested and the results of changing the “producer” edition is not clear. It is suppected that this would work fine as long as the external API of the producer portlet does not change.

3) Theme module contribution: if the versioned portlet is using module contribution support, to contribute to the theme, the theme cache will have the old contribution unless you clear the theme cache when you also switch the portlet edition via AEM in WAS.

4) Portlet Cache: if the portlet cache is enabled and the AEM portlet is configured to portlet cache, you would have to manually clear out the portlet cache everytime you switch in WAS or accept that the cached version of the HTML markup might be wrong until the portlet cache times out.

5) Legal Requirements: With AEM, it may NOT be known what portlet was in use at a given point in time. Many customers have legal processes in place that require that customer to be able to clearly document what was on the site on a particular point in time. The is no provision in AEM to handle this. However, SystemOut.log files can show when a portlet version was changed. So archiving of logs can aid in this problem.

6) Portlet Eventing: if the portlet is using the JSR286 eventing API, existing page wires can break if different versions change the wiring/eventing model. Again, don't change the external API of the version(s).

7) Portlet Installation: To use AEM, you must use the “pre-deployed portlet EAR” method for installing portlets. And, just like with regular pre-deployed portlets, you cannot switch back to using the Portal GUI to deploy WAR files once a portlet is deployed as an EAR and registered to Portal using XMLAccess. If you do switch installation methods for an already registed portlet, you in an indeterminent state from which recovery might be impossible.

8) “In Use” Portlets: Just as with regular portlet deployments, updating (or changing the version of a portlet) can affect users that are currently using that portlet; particularly if that portlet was “stateful”. The “drain” feature of AEM can help with this. If the drain period is long enough, the probability that users might still be on the portlet decreases.

9) Other caveats: There might be other issues not specifically documented here. The use of AEM in a Portal context should be tested to insure it meets your needs.

Steps to Use AEM In a Portal Context

I have created a portlet call “AEMTest”. It is extremely simple and merely prints the version of itself on the browser screen. Here is the “3rd” version's HTML output:

I created this portlet in RAD. I deployed the initial version (version 1) in WebSphere Application Server as an EAR with this application.xml file:

<?xml version="1.0" encoding="UTF-8"?>

<application-name>AEMTest</application-name>

<display-name>AEMTest</display-name>

<web>

<web-uri>AEMTest.war</web-uri>

<context-root>/wps/PA_AEMTest</context-root>

</web>

</module>

</application>

The initial version was installed on a deployment manager to a static cluster with no version specified. In the image immediately following is a screen shot from that installation:

Notice that the “Application edition” field is blank. At this point, I “started” the application from the deployment manager console. The portlet was then registered to Portal via the following XMLAccess script:

<web-app action="update" uid="AEM.test.alexlang.webap" active="true" predeployed="true"> <url>file:/opt/IBM/WebSphere85/wp_profile/installedApps/aclaix85Cell/AEMTest.ear/AEMTest.war</url>

<context-root>/wps/PA_AEMTest</context-root>

<display-name>AEMTest</display-name>

<portlet-app action="update" active="true" name="com.ibm.aemtest.AEMTestPortlet.47ae6c3a35" uid="AEM.test.alexlang.portlet-app">

</portlet-app>

</web-app>

</portal>

</request>

At this point, I verified the original version worked as expected.

Then, two additional editions of this application were installed. The additional versions merely change the displayed version number in the browser. However, this time the Application edition was noted as in the attached screen shot. This was for “version 2”. Similarly, “version 3” was installed.

Switching Between Versions

With multiple versions (editions) of the same portlet deployed on WebSphere, one can now switch between the “active” version of the edition using the “Edition Control Center” on the Deployment Manager. Using the “Rollout” button on the screen for the “AEMTest” application, allows one to activate and start the desired version on the cluster with one action.

In the following screen, one can see that the “version 3” of the AEMTest portlet is the active version.

Modified on by AlexLang

New Administration Tips and Tricks

Thomas_Hurek Tags: jdk7.1 sessiontimeoutfilter multipleclusters odr healthmanagement ‎ 2,275 Views

In this blog I will lay out some new Administration Tips and Tricks around Digital Experience, WebSphere Portal and Web Content Manager:

IBM JDK 7.1 was shipped and can be used with version 8.5

With version 8.5 of Digital Experience during install WebSphere Application Server 8.5.5.x and JDK 7.0.0.x are deployed as prerequisites for Digital Experience.

Starting with WebSphere Application Server 8.5.5.2 Java 7.1.0.x was provided with the Application Server fix pack.

We have functionally tested 7.1.0.x and also performance tested it and saw a very slight improvement.

Version 7.1.0.x can be installed via the Installation Manager. After installing the JDK the command managesdk can be leveraged to switch the JDK used with the Digital Experience profile to 7.1.

Should multiple Digital Experience Clusters per cell be used or rather Multiple Cells be defined?

My recommendation is to not use multiple Digital Experience clusters in a single cell. While the main saving is to have a single Deployment Manager for all clusters in the cell the disadvantages far outweigh this single advantage in my eyes:
- cell wide configuration settings like for instance security configuration limit flexibility
- dynacache replication in the cell can impact performance
- challenge to administer since even scoped setting changes need to be done in the right scope
- All portal clusters must be at the same maintenance levels

Health Management with Digital Experience on WebSphere Application Server 8.5.5.x

Starting with WebSphere Application Server 8.5 new Health Monitoring features were introduced - the health monitor and health policies.

The health monitor uses health policies. A health policy is a combination of health conditions and actions. Health conditions define triggers from which the system can protect itself, for example, a memory leak. Health actions are the specific steps that the system takes when a health condition is triggered. For example, with a memory leak condition, the health action can be to restart the associated servers . A number of predefined health conditions are installed with the product. You can use the predefined health conditions to create default health policies. In addition to these broad default health policies, you can define specific policies that apply for your environment.

The health monitoring happens at the Java Virtual Machine level and can be used with Digital Experience JVMs as well.

For more details pertaining to Health Management see:

https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/cwve_odhealth.html?lang=en

Intelligent Routing:

Starting with WebSphere Application Server 8.5 in addition to the classic web server plugin and the On Demand Router a new feature was introduced - Intelligent Routing.

In the WebSphere Console you can turn on the Intelligent Routing feature for the web server plugin and from then on the Intelligent features will be enabled.

Among others the Intelligent Routing provides:

- Routing information based on events in WebSphere like stopping a server or starting an application

- Weighted Least Outstanding Requests (WLOR) load balancing

- Honoring health management features like not routing requests to a server that is in maintenance mode

For more details pertaining to Intelligent Routing see:

https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/cwve_implugin.html

SessionTimeoutFilter handling:

The SessionTimeoutFilter in Portal is only called for authenticated users. When using anonymous sessions and requiring cleanup code a J2EE session listener needs to be implemented.

For information regarding SessionTimeoutFilters see: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/admin-system/adauthflt.dita?lang=en

Modified on by AlexLang

Administering IBM WebSphere Portal 8.5 workshop available

Thomas_Hurek ‎ 2,130 Views

The workshop on WebSphere Portal 8.5 Administration was just published and is now available:
https://developer.ibm.com/digexp/docs/docs/customization-administration/administering-ibm-websphere-portal-8-5/

It offers a lot of hands-on exercises to get to know WebSphere Portal 8.5 Administration better.

Disabling WCM Advanced Caching for certain WCM rendering portlets

Thomas_Hurek Tags: wcm advanced caching ‎ 9 Comments ‎ 11,279 Views

Web Content Manager performance can be improved by enabling caching. In fact we recommend to enable caching for WCM for production sites. There are multiple caching options with WCM.

Fragment caching allows to cache data for a single user or across all users for a WCM rendering portlet.

WCM Advanced caching caches WCM data at the WCM core level - below the WCM portlets. It is flexible - 5 different cache configurations are possible. The most common used option typically is Secured caching in which the cache key is computed based on the group membership of the user.

The downside of WCM Advanced caching is that you can not control that for certain WCM rendering portlets no cache is being used since the caching happens below the portlets. The reason why you might want to disable Advanced caching for certain WCM rendering portlets could be that some data in them has to be immediately visible or that the portlet displays WCM content that uses PZN rules (PZN rule results would be cached and the rule not executed any more).

Using fragment caching in the WCM portlets can be an alternative to Advanced caching but it does not allow to use Secured caching or the other caching options of WCM Advanced caching - it only allows to have a shared cache across all users or a personal cache for each user.

I have implemented a preprocessor that can be configured per WCM rendering portlet to disable the WCM data in this portlet from being cached in the Advanced cache. The attachment below points to a zip file containing a war file. To use the preprocessor deploy the war file with an arbitrary context root via the WebSphere Application Server Admin Console and start the Application. The source code is attached in the war and can be modified. Then edit the WCM rendering portlet configuration and select the now visible preprocessor "NoCachePreProcessor" - save the portlet.

Attachment: WCM No Cache Preprocessor

See the usual DISCLAIMER OF WARRANTIES:
The enclosed code is sample code created by IBM Corporation.
This sample code is provided to you solely for the purpose of assisting you in the development of your applications. The code is provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample code, even if they have been advised of the possibility of such damages.

Stay tuned for another blog entry about how to customize the cache key of the Advanced WCM Cache.

WebSphere Portal VMWare Virtualization Best Practices

AlexLang Tags: vmware portal best practice lpar esx ‎ 6,653 Views

More and more customer are taking advantage of virtualization to deploy their Portal infrastructures. While AIX LPARs and zLinux are are fairly mature virtualization platforms for Portal, VMware is relatively immature but usage is accelerating rapidly.

The principles that that guide best practice on VMware are not that different than the same rules on stand-alone OSes. However, because the emphasis on a virtualized platform is resource sharing, the principles get overlooked.

There are 2 critical rules:

1. The memory used by Portal can never be swapped; either at the guest or at the hypervisor level.

2. CPUs must be allocated to the guest based on peak utilization needs; not based on average utilization.

Memory

One characteristic of a JVM is the garbage collection of the Java heap. This involves two phases known as "mark" and "sweep". These two phases are generally required to touch the memory top to bottom. However, if any portion of that memory is ever swapped out, severe performance problems will arise. Therefore, you must assign sufficient physical memory to the guest and insure that VMware never swaps it or shares it with other guests.

CPUs

In a VMWare (or any virtual hosted environment), there is a belief that by sharing resources like CPUs and memory, you get better financial returns. However, because Portals are generally operating under committed SLAs (Service Level Agreements) that guarantee peak response time and load metrics, you have to size the guest resources assuming that they are dedicated. VMWare administrators will typically look at coarse grained usages statistics which average out these peak demands and under-size the dedicated CPU requirements. In VMWare, you need to allocate dedicated, non-sharable CPUs and physical memory to each Portal guest. Note that this also dictates that a running Portal should never be allowed to "vMotion" to another server; vMotion implies both CPU and memory movement which is strictly contrary to performance goals.

Note that in AIX dynamic LPARs, you can relax the CPU constraint. AIX allows you to specify a min (also known as an "entitled") amount of CPU to the guest along with a maximum number of CPUs taken from a shared pool. As long as the max CPU matches the peak needs of the guest and as long as the Portals are the highest priority LPAR in the shared CPU region, this is OK. In AIX, memory still need to be dedicated to the LPAR. On the mainframe, z/VM z/Linux guests can share both memory and CPUs as z's hypervisor is very sophisticated at managing both these resources. Please note, however, that adding CPUs to an LPAR does take some time and could impact short term performance.

Important Rules:

1. Set the Javaheap MinHeap equal to the MaxHeap. When you do this, you force the guest and the hypervisor to fully allocate all the memory. There are inefficiencies in setting the minHeap < maxHeap because malloc() calls can suffer latencies in a virtual environment that are much worse than in a non-virtual environment. In the past, there was heap fragmentation concerns when setting the minHeap = maxHeap. However, in the Java 6 world with "gencon" as the GC policy, the concerns are no longer valid.
2. Prefer only 1 cluster member per Node (i.e. VMWare guest OS). Because of both virtual context switching in the guest along with real context switching in the hypervisor, there are efficiencies in only having 1 active JVM in a VMWare guest.

Traditionally in a 32bit JVM, vertical clustering was a common technique to get more working set memory in the system. In 64bit environment, vertical clustering is much less relevant for managing memory issues. So, "clustering" becomes much more about capacity. Horizontal clustering (one cluster per guest OS) manages both CPU and memory resources in VMWare better.
3. Two virtual CPUs on a production VMWare guest serving any sizeable load is likely insufficient. Because of multi-threaded garbage collection along with multi-threaded workers in Java (a.k.a. "WebContainer" threads), two CPU are generally insufficient to meet most production load requirements. In practice, we've found that a minimum of 4 CPUs per guest with a single cluster member in the guest a requirement.

Modified on by AlexLang

Web Content Manager Questions and Answers

Thomas_Hurek ‎ 1,092 Views

In today's blog post I will cover some Web Content Manager Questions and Answers.

How to pass in the current project into an AJAX component call for previewing a project?

It is a common pattern to load menu's or other WCM components directly via AJAX to display some data. In case of a project based preview in an authoring scenario though the hard coded URL to the component is missing the project the author selected and so changes to items loaded by the component will be missing. The URL for a component with a project has the projectid parameter appended - e.g. it could be:

http://host:port/wps/wcm/myconnect/Web+Content/Articles/?srv=cmpnt&source=library&cmpntid=516b0001-ec4b-4506-bb6f-558c43c13ec4&projectid=5196dd01-687d-4b34-9c93-b57379de8a23

No out of the box plugin allows to generate the projectid parameter for a component so I implemented a rendering plugin one can reference within WCM to get the projectID - the parameter could then be attached to a static URL for a component or multiple components. The war file can be downloaded here including the source: Download.

Is it possible to use syndication between servers that are in different time zones?

Syndication is fairly sensitive to time differences between the syndicator and subscriber. It operates across time zones though so will be able to handle servers in different time zones as long as the time is synchronized (e.g. 9 am EST, 6 am PST).

What is the best way to have syndication triggered only on demand?

One option is to disable the syndicator or subscriber or both and turn them on when needed.

The other option is to leverage manual syndication. A challenge with manual syndication is that when the subscriber is restarted it can lead to syndication still happening. With the setting connect.moduleconfig.syndication.update.subscribers.on.start=false in WCM WCMConfigService this can be avoided.

How to clean the cache on secondary nodes in a cluster if the library was deleted and re-syndicated?

If the subscriber is a cluster of more than one JVM and in a scenario where a library is deleted on the subscriber and then re-syndicated from the syndicator an issue can arise where on secondary nodes cached content is being served. To solve the issue for this case stop the JVM, clean the JCR file cache in the directory <wp_profile>\PortalServer\jcr\binaryValues\cache\PortalContent\1 (in case of issues in virtual Portals delete the other folders in the directory PortalContent). After restarting the problem should be solved.

How to deal with the use case of multiple sorting patterns for a list of items served by a Menu?

Possible solutions are:

1. Retrieve all items in form of JSON and allow sorting on the client via javascript. This option works well if not a large amount of results exists.

2. Implement more than one Menu with different sorting patterns and call them on demand. This can work well in case a very limited amount of sorting options exists and a larger amount of data exists.

3. Leverage the QueryService API on the server and sort based on an input parameter. Be careful with large result sets to avoid performance issues.

Modified on by Thomas_Hurek

Adding Portal 9 to a 8.5 Portal installation

Thomas_Hurek ‎ 1,058 Views

It is easy to add Portal 9 to an existing Portal 8.5 installation. In this blog article we will talk about the steps to do this.

Prerequisites:

- Download WebSphere Portal 9 package (Server, Enable, Extend or other offering depending on what is currently being installed with version 8.5).

- Stop the Portal process.

- Ensure that you have the Portal and WebSphere Application Server password.

Installation with Installation Manager User Interface:

1. Start the IBM Installation Manager.

2. Add the v9 repositories - e.g. in my case Portal Server and Enable:

3. In the main view select Install and select the Portal 9 packages:

4. Validate the license, the to be selected packages and enter the WebSphere Application Server and Portal administrative userid and password.

5. Select Install.

6. Once the installation is complete a screen like the following will be displayed:

Installation via command line:

A response file can be used to trigger the install of version 9. A sample file for installing Portal Server and Enable 9 could look like the following:

<?xml version='1.0' encoding='UTF-8'?>
<agent-input>
    <server>
        <repository location='/opt/IBM/install/WP90_Portal'/>
       <repository location='/opt/IBM/install/WP90_Enable'/>
    </server>

Tags to be adjusted are the repository location, the installLocation and the Portal and Websphere Application Server password (note that the password needs to be encrypted via the command <InstallationManager>/eclipse/tools/imutilsc encryptString mypassword).

The installation can be triggered via:

<InstallationManager>/eclipse/IBMIM -silent -nosplash -acceptLicense -keyring /root/iim.keyring -input /opt/IBM/install/server-enable9-install.xml -ShowVerboseProgress

server-enable9-install.xml is the response file displayed above.

After a successful install a message like this will be shown in the command line:

Installed com.ibm.websphere.PORTAL.SERVER.v90_9.0.0.20161208_1437 to the /opt/IBM/WebSphere/PortalServer directory.
Installed com.ibm.websphere.PORTAL.ENABLE.v90_9.0.0.20161208_1438 to the /opt/IBM/WebSphere/PortalServer directory.

Cluster considerations:

As with cumulative fixes, Portal install would first be performed on the primary and then on the secondary node(s). If the Deployment Manager is remote then it would need to be running during the Portal install.

Post Steps:

- The underlying WebSphere Application Server will stay at version 8.5.5.x and can later on be updated to version 9. This is optional though. For details check: http://www.ibm.com/support/knowledgecenter/SSHRKX_9.0.0/mp/was/ug_instwas.html

- The Watson Content Hub integration can be enabled via a configuration task - for details check: http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/integrate/cfg_dch.html

Modified on by Thomas_Hurek

Find Missing Portal Roles and/or Permissions

AlexLang Tags: acl "access control" role pac ‎ 1,386 Views

Introduction

During my current SEAL engagement, my customer has a large number of team members who help maintain a large and complex Portal site. Each of the team members manages a subset of the larger site.

A reoccurring problem with this arrangement is making sure that each team member has the correct role to adequately manage their "sub-site". I've had to take a "Portal Access Control" (PAC) trace each time and figure out what role that person in question was missing that kept them from the task at hand.

The problem was happened enough now that I have automated the process and want to pass it along here.

Initial Problem

You know that you have a problem because on the browser window and likely in the SystemOut.log there is a message about not being able to complete an action due to a missing permission. The exact format of the message may vary from screen to screen, but generally the message only provides the name of the resource but not the actual role that was missing.

The goal is to find the role that user was missing for the action the user was attempting.

For example, to change the page layout on a particular page, a user needs both roles of "Editor" as well as "Markup_Editor" on that page. If the user has the role of "Editor" but not "Markup_Editor" and if this user tries to change the layout of the page, they are presented with an error dialog with the page ID and a cryptic message regarding the lack of permissions. The trick now is to figure out which role that user is missing.

Note also, that for Portal 8.5, this Portal InfoCenter page has all the required roles for various operations. In "Table 3" it shows that to change a page layout you need both Editor and Markup_Editor. However, this table is complex and hard to consume. This situation leads to a missing role that needs to be determined.

Process to Find Missing Role

We start by enabling the correct PAC trace. This trace shows all requests into PAC to find roles for a resource and whether or not a user or the groups that user is a member of have the required role for the intended operation. If PAC finds a match, it returns "true". Otherwise, it returns false.

Here is the trace that you need to set:

com.ibm.wps.ac.impl.ChildEntitlementsEngine=all: com.ibm.wps.ac.impl.FullEntitlementsEngine=all

These 2 traces record all requests to PAC for Portal and WCM articifacts to see if an appropriate role exists for the operation requested.

Here is a sample line we are interested in:

[5/16/16 13:22:36:948 MST] 00000116 FullEntitleme > com.ibm.wps.ac.impl.FullEntitlementsEngine checkExplicitPermission ENTRY ACPrincipalPumaImpl: Name: CN=1062775,OU=PEOPLE,O=aCompany,C=US, OID:[ExtIDImpl 'Z9eAe3IJQJO06MHCEJRK6CPJALU0A5QJ056L8CPJQ31T95AISK3H53AFAL91', USER, CN=1062775,OU=PEOPLE,O=aCompany,C=US, [Domain: rel]] [ObjectIDImpl 'Z6_CGAH47L00GOIB0A5TIKBAN00I6', CONTENT_NODE, VP: 0, [Domain: rel], DB: 0000-0CAA484E050062B9802A5DD2A52E00D2] 8 (ActionSet)Edit, (-1) (/ActionSet)

This line is complex, but there a couple of things that interest us. The first is the resource. In this case it's a "Page" which Portal calls a "Content_Node". It's name is "Z6_CGAH47L00GOIB0A5TIKBAN00I6". The second thing of interest is the actual user for which a role is examined. In this case it is a user whose CN is "1062775". In this particular example, PAC is looking to see if the user in question has an explicit role assignment on the resource. PAC might also check the groups of which this user is a member.

Finally, the actual roles are found between the "(ActionSet)" and "(/ActionSet)" characters. In this case, we were checking to see if the "Edit" role was present.

Notice this line has the word "ENTRY". For each "ENTRY", there will be a "RETURN" with either "true" or "false" depending on whether or not the principle (user) in question has the required role. Unfortunately, they are not on the same line. Therefore we have to use some complex Unix scripting to get what we need.

Removing Requests For Roles That Exist

Let's start by removing all the requests that resulted in a "RETURN true" which means that the user had the required role.

Let's examine this command in detail. Note that we are assuming only one active thread is doing work in this Portal. Otherwise, we also need an additional "grep" to isolate the correct thread.

1) grep checkExplicitPermission trace.log: Find all lines in the current trace that have the class "checkExplicitPermission" as noted in the line above.

2) grep -A1 Z6_CGAH47L00GOIB0A5TIKBAN00I6: Find all lines and the next line afterwards that contain the resource in question. In this case it's the page called "Z6_CGAH47L00GOIB0A5TIKBAN00I6". By getting the next line, we get the "RETURN" that includes whether the role was present or not.

3) grep -B1 "RETURN true": Only get the line and the one immediately above it where the required role was found.

4) grep "(ActionSet)": Get rid of the "RETURN" statements since we now only have "RETURN true" instances.

5) cut -d ' ' -f29-31: Only return the portion of the line with the ActionSet.

6) uniq: Only show unique role requests.

At this point we know for a particular resource what roles the interesting user had. Now we find the roles they need but don't have!

Finding the Missing Roles

Now we do a similar exercise as before but we remove all the roles that were found to exist. Here is the general command we use:

grep checkExplicitPermission trace.log | grep -A1 Z6_CGAH47L00GOIB0A5TIKBAN00I6 | sed '/(ActionSet)Edit, (-1) (\/ActionSet)/,+1 d'

1) grep checkExplicitPermission trace.log: Find all lines in the current trace that have the class "checkExplicitPermission".

3) sed '/(ActionSet)Edit, (-1) (\/ActionSet)/,+1 d': For each line that contains a role that the user already has, delete that line and the next one (which is the "RETURN" line). Not the escape of the "/" character.

4) If multiple roles already exist, pipe into a new "sed" stanza that looks like "3". So you might have a command that looks like this:

grep checkExplicitPermission trace.log | grep -A1 Z6_CGAH47L00GOIB0A5TIKBAN00I6 | sed '/(ActionSet)Edit, (-1) (\/ActionSet)/,+1 d' | sed '/(ActionSet)View, (-1) (\/ActionSet)/,+1 d'

At this point you be left with the exact statement(s) in the trace that show the ActionSet of the missing roles.

Portal 8.x Theme Performance Best Practises

Thomas_Hurek ‎ 2 Comments ‎ 2,026 Views

In this blog entry I will outline best practices to achieve a good performance with Portal 8.x (modular) themes.

In case an older theme is used check out the article here: https://www-10.lotus.com/ldd/portalwiki.nsf/dx/Optimizing_Portal_7_Page_Builder_Theme_for_performance

General:

The performance of the page rendering is affected both by the execution on the server as well as downloading the resources referenced by the theme and their cachability. The Portal tuning guide outlines which parameters to configure to achieve good cache headers so that the browser will not keep on downloading the same static resource and also how to enable http caching to prevent Portal from having to deliver the static resources.

The amount of javascript being parsed and executed as well as the amount of css rules that the browser has to process impact the rendering time too.

Server side processing:

- Disable JSP reloading for the theme.

- If the Default.jsp was adjusted to have a constant reload of the theme.html files via the parameter <r:param name="max-age" value="2"/> remove it for Production and Performance Test environments.

- Limit the amount of dynamic content spots. Remove default content spots that are not needed. If including JSP fragments or initialization logic note that each JSP will execute that logic if including it.

- Check how long the dynamic content spots (JSPs) take via adding timer code and try to optimize the slowest dynamic content spots by adding caching via Dynacache or local Maps.

- Try to avoid anonymous sessions in the theme.

- Disable cache propagation of theme events via adding the following parameters to the WP CacheManagerService:

In the WebSphere Integrated Solutions Console Resources → Resource Environment → Resource Environment Providers → WP CacheManagerService → Custom properties
Name:cacheinstance.com.ibm.wps.resolver.data.cache.DataSourceCache.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.resolver.service.PortalPocBootstrapService.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.spa.parser.theme.ThemeParserCache.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.spa.parser.skin.SkinParserCache.enableRemoteInvalidation
Value: false

Name:cacheinstance.com.ibm.wps.spa.parser.locale.LocalizationParserCache.enableRemoteInvalidation

- If calling WCM try to ensure WCM caching is enabled.

- Investigate if the Navigation can be cached across users.

Client Side Processing:

- Like any other web page on the client browser side the number of files referenced by the html as well as their size impacts the performance.

- Implement the classic web server tuning - compression, cache headers, http caching.

- Limit the resources referenced by the theme that are not aggregated (meaning not part of the profile).

- Limit the amount of different profiles as well as themes on the site since that will require a completely new download of all aggregated resources -> The only use case I see for having multiple theme profiles is if there is a major difference in the javascript frameworks being used between pages and so having all of these in one profile would slow down all pages.

- Leverage either the profile_deferred or profile_lightweight profiles as a starting point for your profiles. Try to avoid adding a vast set of files to the modules referenced by your profile. Remove sample or default modules where possible.

- If using a larger amount of images try to sprite them.

- Avoid using old versions of javascript frameworks like for instance version 1.4 of dojo.

- Try to move javascript execution from the head to the end of the rendering - by specifying a contribution as config versus head the execution is automatically moved to the end of the html processing of the page.

Modified on by Thomas_Hurek

Access Logging at WebSphere level for Digital Experience requests

Thomas_Hurek ‎ 2,561 Views

Starting at WebSphere Application Server version 8.0.0.2 NCSA logging can be used to log requests and their attributes like cookies, source IP as well as duration. The log format can be customized to log only the required data. This is similar to the access logging in the HTTP server. In case a network issue or problem with incoming request header is suspected it can be very helpful to see the incoming requests - especially if it is not clear what kind of logging would be needed inside the component.

More details on how to enable this can be found here (look for accessLogFormat): https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/rrun_chain_httpcustom.html

The log file size, number of historic files and location can be configured as well.

A sample log file entry with the format %h %u %t "%r" %s %b %D "%{Referer}i" "%{User-agent}i" %{JSESSIONID}C for a Digital Experience request would be:

9.27.111.45 - [02/Nov/2015:13:32:26 -0500] "GET /wps/myportal/ctcdemo/About/Overview/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8zigw0MTJycDB0N3J0MDA08LQ393PxMfQ29XA31w_EpMAky04-iQD9IAUi_AQ7gaADUH0VISUFuaIRBuqIiAIexxbY!/dz/d5/L2dBISEvZ0FBIS9nQSEh/ HTTP/1.1" 200 - 7344000 "http://thomas85cf6.rtp.raleigh.ibm.com:10039/wps/myportal/ctcdemo/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8zigw0MTJycDB0N3J0MDA08LQ393PxMfQ1Ngsz0wwkpiAJKG-AAjgZA_VGElBTkRhikOyoqAgDTiNm7/dz/d5/L2dBISEvZ0FBIS9nQSEh/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" JSESSIONID:0000x6jZQu2dq2v_I6WLQdqjpty:-1

It includes the requesting IP, time stamp, request URL as well as response code and duration. The duration in this case was 7344000 microseconds what is 7.3 seconds for a request from a Firefox 41 browser.

Modified on by Thomas_Hurek

Web Content Manager content maintenance

Thomas_Hurek ‎ 5 Comments ‎ 2,939 Views

Over time the amount of Web Content Manager items will grow and it is important to clean up from time to time old items that are no longer needed to guarantee a good performance and make it easier for the content authors to do their daily work. This is especially important when migrating from an earlier release.

What kind of items accumulate over time that are no longer needed and can be cleaned up?

- Drafts

- Versions

- Expired Content

- Published Projects

- References to users and groups that no longer exist

- Item history

- Deleted items

- Unused items

The following chapters outline how to deal with each of those items.

As always the following limitations apply:

DISCLAIMER OF WARRANTIES:                                                 
-------------------------                                                 
The code is provided "AS IS", without warranty of any kind. IBM shall   
not be liable for any damages arising out of your use of the sample code, even if they have been advised of the possibility of such damages.

1. Drafts

Draft items that are not published can accumulate over time. The sample jsp below can be used to cleanup drafts that are no longer needed. The jsp can be adjusted to go against different libraries and to have a last changed check.

Download the file wcm_maintenance.zip here: wcm_maintenance.zip

The sample JSP in question is purgeDrafts.jsp inside the zip.

2. Versions

The clear versions tool can be used to eliminate versions. See the following link for details: http://www-01.ibm.com/support/knowledgecenter/SSYJ99_8.5.0/wcm/wcm_admin_clear_versions.html?lang=en

The tool allows you to specify how many versions you want to keep or the timestamp from which date on you want to delete versions.

I also recommend to change the default policy in WCMConfigService to not create versions automatically but to set it to manual to let the user decide which versions to keep.

3. Expired Content

When content expires as part of a workflow an additional action in the workflow can trigger a deletion of the content as well. If that was not done and a lot of expired content exists it can accumulate. The sample jsp below can be used to delete expired items that are no longer needed. The jsp can be adjusted to go against different libraries and to have a last changed check.

Download the file wcm_maintenance.zip here: wcm_maintenance.zip

The sample JSP in question is purgeDrafts.jsp inside the zip.

4. Published Projects

While there is not an out of box tool to delete those, the WCM API allow to delete published projects. In the WCM Authoring portlet Project View All Published projects can be displayed and deleted.

Update: Starting with 8.5 CF10 we provide a new utility that can be configured to run in the background to delete published projects - for details check: http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_clean_tasks.html?lang=en

5. References to users and groups that no longer exist

Users and groups are referenced in IBM Web Content Manager items to ensure that only authorized users can access the items. It is common for user names or group names to change over time.

Example 1: A user name can change due to a change in their marital status.
Example 2: A user can move from one department to another within the organization say from HR to Finance which would change the fully qualified distinguished name from CN=<firstname lastname>,OU=HR,O=<companyname> to CN=<firstname lastname>,OU=Finance,O=<companyname>

In such cases, it is necessary to change the user or group references made in an item refer to the new user or group.

Administrators can also use the member fixer task to check whether any users or groups referenced in the IBM Web Content Manager items have been renamed or deleted and fix these references.
The member fixer task checks all of the items in a specified library for references to users and groups that no longer exist in the current user repository. When run in report mode, it will report all the references to members. When run in fix mode, these references can be fixed, either by replacing them with references to members that exist, or by removing the references.

For details see: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_admin_member-fixer.dita?lang=en

6. Item history

Administrators can use the clear history tool to clear the history of an item.

For details see: http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Redbooks%3A+Building+a+Sample+Website+Using+IBM+Web+Content+Manager+7.0#action=openDocument&res_title=5.3.4_Clear_history_tool&content=pdcontent

7. Deleted Items

When items are deleted they are not completely removed to give users the chance to undo a deletion. These "deleted" items will grow over time. To finally delete an item WCM offers the Purge command. The Purge can be triggered via the user interface or via the API.

The sample jsp below can be used to purge deleted items that are no longer needed. The jsp can be adjusted to go against different libraries and to have a last changed check.

Download the file wcm_maintenance.zip here: wcm_maintenance.zip

The sample JSP in question is purgeContent.jsp inside the zip.

Update: Starting with 8.5 CF10 we provide a new utility that can be configured to run in the background to purge deleted items - for details check: http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_clean_tasks.html?lang=en

8. Unused items

Content that is no longer used but is still around can also accumulate over time and cleaning it up will save space and improve performance and ease syndication or other staging activities. The WCM API allows you to query and delete and purge content and other WCM items.

Thanks to Chet Tuttle for all his help.

Modified on by Thomas_Hurek

WAB dynamic display and linking

Thomas_Hurek ‎ 2,083 Views

The web application bridge (WAB) uses reverse proxy technology to integrate web-based content providers, such as the Microsoft SharePoint server, with IBM® WebSphere® Portal.

By configuring WAB Web Dock portlet applications are created and can be added to a page. Those applications point to certain areas in the content provider as e.g. the Home page or a certain other URL inside the content-provider.

Often though the use case is to link to a certain page being served by a content-provider - e.g. a certain form or search URL.

WAB provides capabilities for inter-portlet communication via server side events or client side events - those are documented here: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/help/panel_help/h_wab_ipc.dita?lang=en

In case of existing portlets that cannot be modified to send the server side events like the WCM rendering portlet and if the portlets are not on the same page the existing eventing mechanisms fall short.

I will outline below a possible high level solution for such requirements.

Solution Outline:

A theme module will call the javascript event for the Web Dock portlet application on a page based on the target URL being passed as URL parameter. This allows to generate arbitrary URLs for content-providers.

E.g. the URL /wps/myportal/wabpage?targetURL=/form1/myform.asp would trigger the page wabpage to be opened, the javascript in the theme would trigger the targetURL to be passed to the Web Dock application portlet that then renders the according backend URL.

Solution Details:

1. Configure WAB for your content-provider as usual.

2. Create a Web Dock application and choose a good start URL - e.g. /forms.

3. Configure the client side eventing for the Web Dock application by setting "Subscribe to client side event" to "Yes" and choosing a name for the "Subscribe to event on topic" - e.g. target.

4. Add the Web Dock application to a page.

Try to see if the eventing works by calling the following javascript from the browser console:
OpenAjax.hub.publish("com.ibm.vwat.event.target","http://portalurl/backendURL");

You will need to replace the portalurl with your server url and the backendURL with the according backend context root - e.g. /form1/myform.asp.

5. Modify your theme code to read the url parameter and trigger the eventing code. Sample javascript code is below:

window.onload=function(){

var queryParam=getQueryVariable("url");

//TBD: validate query param to prevent security issue
//e.g. if contains http or host name do not send the event - only allow relative URLs for the current server
if(queryParam!=false &&typeof OpenAjax != 'undefined' && queryParam.substring(0,1)=='/')
{
OpenAjax.hub.publish("com.ibm.vwat.event.test","http://portalurl"+queryParam);
}

};

</script>

6. Test a URL addressed to the page and add the url query parameter as relative URL.

Additional considerations:

To prevent the end user from first noticing one URL loading and then the actual backend URL loading I recommend to hide the WAB portlet and unhide it with javascript in the function in the theme module.

Test the code across the browsers that need to be supported.

Modified on by Thomas_Hurek

WAB Tips and Tricks

AlexLang Tags: wab content provider webdock ‎ 2,741 Views

Introduction

The purpose of this entry in the blog is to relate all the tips and tricks learned about using WAB.

The main purpose of WAB (Web Application Bridge) is to “proxy” web sites behind the Portal so that users that do not have to access to those sites (e.g. due to Firewall) can still use them. The only requirement is that the Portal server has access to those sites. The user browsers don't require firewall access to sites and don't require an internet proxy to get to the sites. As far as the client browser is concerned, it is only accessing the Portal URL and only needs access to that system.

If one looks at the page source for a Portal page containing a WAB portlet, one sees that the WAB portlet is an iFrame that is sourced at the Portal plus a “context root”. So, in the case of the Apache Lucene Core site, located at “http://lucene.apache.org/core”, the iFrame would have a “src=/core”. This is a relative URL back to the Portal which accesses the “/core” context root.

Context Root of the WAB Servlet

The context root of the of the WAB servlet which is set in the WAS console only serves http "GET" requests from the IHS plugin to the WAB servlet. The iframe HTML in the portal page has a relative reference to the context root of the destination site.

The easiest way to do this is just put “/” for the context root of the servlet. This ends up being a default routing; e.g. any context root not actually used by Portal itself gets sent to the WAB servlet. By making the context root “/”, the plugin-cfg.xml file generated and propagated by the Deployment Manager to the IHS node(s) is automatic.

However, using “/” has 2 negative effects:

1) No content can be served from the IHS server since all context roots will go to Portal

2) It's considered less secure to have the plugin route “/” traffic to Portal.

Therefore, if you want to serve content from IHS as well as Portal or if you want to increase security, one should manually edit the plugin-cfg.xml file to replace the “/” with all the actual context roots for WAB back-end sites. In this case, you replace the line in the plugin-cfg.xml that reads

to be

Multiple WAB Portlet on a Page

This is supported and I will explain what to consider:

Technically, the iFrame for the WAB portlets will be replaced with an absolute URL with an alias to the Portal which embodies the target site of the back-end site. The main reason for this is so that when a link on the iFrame is clicked, Portal can deduce the correct routing.

Making multiple WAB portlets on a page work, requires an augmented setup for the back-end sites. Once completed, the back-end sites which use this augmented setup can either be on a page alone or along with other WAB portlets.

Here is an example of getting Apache Lucene “core” and ESPN “nfl” on the same page.

The Lucene core site is “http://lucene.apache.org/core”. The ESPN NFL site is “http://espn.go.com/nfl”.

What must be done:

1) A Resource Environment Provider “host alias mapping” must be done for each and every site that MAY appear on a page with another WAB portlet. The REP is “WP Virtual Web Application Manager Config”. The “Custom Property” called “host_alias_mapping” has to be augmented with a value of “espn=http://espn.go.com, lucene=http://lucene.apache.org”. Make sure the “name” (espn, lucene) is lower case.

2) Create the “Content Providers” in the Portal Admin “Virtual Web Application Manager” portlet as normal.

Here is the ESPN Content Provider:

Here is the Lucene Content Provider:

Notice in both cases I have used lower case for the content provider.

3) Create the WebDock portlets.

Here is the ESPN NFL WebDock:

Here is the Lucene Core WebDock:

4) Finally, create aliases in DNS for the sites. However, in my case I can't update the IBM DNS servers so I just updated my /etc/hosts file on my client. Notice this is for the CLIENTs and not the actual portal servers. This is because the iFrames that will reference the sites are from the client browser. Since the sites are “proxied” thru portal, these DNS addresses are to IP address that clients use to get to the Portal. This is likely the address of the load balancer sitting in front of the Portal IHS servers for the cluster. Here is my (redacted) /etc/hosts file:

9.37.243.131 lucene.portalserver1.rtp.raleigh.ibm.com

9.37.243.131 espn.portalserver1.rtp.raleigh.ibm.com

In this case, the IP address of “portalserver1.rtp.raleigh.ibm.com” is “9.37.243.131”. The DNS address is the WAS Resource Environment Provider name prepended to the server name.

5) Restart Portal to pick up the changes to the Resource Environment Provider.

6) You can now place the portlets on the appropriate Portal pages.

Modified on by AlexLang

More Administration Tips and Tricks

Thomas_Hurek ‎ 2,390 Views

In today's blog I will discuss some additional Administration Tips and Tricks with IBM Digital Experience.

1. Speed up deployments

a) Seeing a constantly growing JCR database and deployments taking a long time in 8.0 or 8.5?

The reason could be the versioning and storage of page changes in WCM due to Managed Pages. With Managed Pages every page change is versioned into the JCR database. If deployments are performed frequently the amount of data can grow in the db and the storage of pages can take time.

There are multiple options to solve this:

- if managed pages are not required, the Managed Pages feature can be disabled. See the following for details: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_mngpages_disable.dita?cp=SSHRKX_8.5.0%2F0-4-5-4-1&lang=en

- if Managed Pages are required, versioning of pages can be disabled by setting the following configuration:

In WAS AdminConsole Resources->Resource Environment->Resource Environment Providers->WCM WCMConfigService->Custom properties
versioningStrategy.PortalPage=manual

Existing versions can be removed with the Version Cleaner. See the following for details: https://www.ibm.com/developerworks/community/blogs/portalops/entry/cleanup_of_wcm_versions?lang=en

b) Cluster Deployments

If in a cluster the deployment of portlets requires a distribution among the cluster nodes and the actual processing happening on the Deployment Manager. Ensure that the Deployment Manager has at least 2 GB of max heap and node agents having at least 500 MB of heap to speed up the deployment.

If a script is used to activate portlets in a cluster ensure to not activate the default portlets but just the ones that were really deployed.

2. Parallel Portlet Rendering in version 8.5

While Parallel Portlet Rendering has been deprecated in version 8.5 it is still supported and can be used. To enable a portlet to render in parallel the option cannot be set any more in the user interface of the manage portlets portlet but needs to be configured with XMLAccess. The parallel=true option needs to be added to the portlet. Sample below:

3. Fragment caching of WCM portlets across anonymous and authenticated users

When using the same page that has some WCM portlets on it for authenticated and anonymous users and configuring fragment caching with the content shared across users this means that the authenticated and anonymous users will share the same cache entry. That can be an issue in case there are references to static resources in WCM as those would be addressed via the /wcm/myconnect authenticated URL that the anonymous user cannot access.

Options for solving this issue:

- having different pages for authenticated and anonymous users

- cloning the WCM portlet and having one portlet for authenticated users and one for anonymous users on the same page (using access control to let all authenticated see one and anonymous users the other)

- encoding URLs to the static resources via the /wcm/connect anonymous URL since it will work for all users

4. Avoid mixing cachable and non-cachable resources

For best performance the cachable part of the request should be kept separate from the non-cachable one. This holds true e.g. for page caching when the whole page should be cached at the browser but a small part - e.g. the user name is not cachable. Another sample is having a WCM portlet that loads content that is the same across users but also loads the ID of the user.

AJAX requests are a good way to solve the dilemma - so the parts of the resource that can be cached should be loaded and the non cachable part can be fetched and integrated via an AJAX call.

When designing a site think about which parts of the use case provide the same data across users and plan for caching of those.

5. Addressing WCM artifacts from the browser

When addressing a WCM item - either content or a component like a menu from the browser the following documentation explains how to build the URL:

http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/wcm_config_delivery_servlet.dita?lang=en

Alternatively it is also possible to use the preview option in the Authoring UI - note that the cache parameters should be removed to use the default caching.

A new way was provided with 8.5 CF5 - the Content as a Service page concept allows you to address content with different mime types.

See the following for details: http://www-01.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/wcm/cntnt_serv_pgs.dita?lang=en

6. Cache Viewer portlet for WebSphere Portal 7.x and WebSphere Portal 6.1.x on WAS 7.x

While the Cache Viewer portlet for version 8.0 and 8.5 is available on the Portal Catalog the link below has the portlet for version 7 and version 6.1.x on WAS 7.x.:

https://www.ibm.com/developerworks/community/blogs/portalops/resource/CacheViewer_was7.zip

As always the following limitations apply:

DISCLAIMER OF WARRANTIES:                                                 
-------------------------                                                 
The portlet is provided "AS IS", without warranty of any kind. IBM shall   
not be liable for any damages arising out of your use of the sample portlet, even if they have been advised of the possibility of such damages.

Thanks to Martin Presler-Marshall for making this portlet available.

Modified on by Thomas_Hurek

Best Practice for WCM Preview Server Topology - Revisited

AlexLang ‎ 1 Comment ‎ 2,347 Views

Introduction

In the previous blog article on this topic, I showed the topology for creating a WCM preview server. In that article I also showed how to automatically move content from the "draft" stage to the "publish" stage so that the content could be viewed "in context" on the preview server. The automatic movement was done via a JMS listener attached to the subscription event.

However, there is now a better and "out of the box" way to achieve that automatic movement without writing a JMS listener. It involves the creation of a new workflow stage and disabling that stage in the proper places.

Details

This new method will rely on a new 4 stage workflow to achieve "in context" preview. The topology pictures in the previous article is still correct; there will be an authoring server, a preview server and the production rendering server. There might be other servers as well, but they are not relevant to the discussion here.

The standard content work flow will have at least 4 stages:

1. Draft

2. Preview - Publish (with a corresponding publish action called "previewPublish")

3. Production - Publish (with a corresponding publish action called "productionPublish")

4. Expire

The trick is that on the authoring system the publish action for the second stage, "Preview - Publish", is disabled. I will describe below how that is done. That action is enabled on the preview sever. It doesn't actually matter how the production server is set (since it only gets live items); but if you are paranoid you can disable the "previewPublish" action on production as well.

All draft content is syndicated to the preview server (as opposed to only "live" items). Only "live" items are syndicated to the production rendering server. So, on the preview server, content will automatically execute the "publish" action from stage 2. Since the publish action for stage 2 is disabled on the authoring server, the content will not publish on the authoring server until it is moved to stage 3 (Production - Publish). The content cannot, therefore, be syndicated to the production rendering servers until it reaches stage 3.

If issues or defects are found on the preview server with the new content, it can reverted back to the draft stage on authoring. If no issues are found, the new content can be moved along to the next stage (Production - Publish) and the reviewer wishes for content to be rendered in production.

Disabling the "previewPublish" Action

Disabling the previewPublish action is accomplished by going into the WAS Administrator console. That would be a Deployment Manager in a cluster or the WAS Admin console if standalone.

In the "WCM_WCMConfigService" Resource Environment Provider, create a new name "disableWorkflowAction" with a value of the action name; in this case "previewPublish". Restart the server. That action is now disabled. Moving an item to that stage is effectively a "no-op".

Limitations

Due to a soon to be released CF in V8.5, both V8.5.x and V8.0.x should both have a time offset in the workflow action on all of the relevant scheduled move actions. You should edit each workflow action in 8.0.x and set the offset to 1 minute after the specified date. Consult this IC page for details. You need to create the work flow action with a "Date entered stage" plus an offset of 1 minute.

If you don't, you can get in a situation whereby the actions on the draft item are executed such that the content to be pushed immediately goes to the published stage. During the syndication process, this occurs within memory as a performance optimization on the subscriber. And when the item is finally ready to be committed to the database, it is already in a published state and will clash with the existing published item. This causes an unexpected deletion of the item due to an objectID clash.

Credits

Credit for this new method goes to Chet Tuttle for the idea and Kevin DeKorte for testing it with me.

Modified on by AlexLang

Creating a simple WCM search component

Thomas_Hurek ‎ 4 Comments ‎ 6,260 Views

If you want to search over a subset of content - e.g. content in a site area or site area hierarchy the WCM search component can be pretty helpful.

We will go over all the steps required to create a very simple WCM search component:

a) Ensure that a search service is currently configured. Create a new search collection and inside the collection create a new content source.
In the content source choose a URL like the following - pointing to your server and port and the site area you want to search:
http://someserver.com:10039/wps/seedlist/myserver?SeedlistId=Web%20Content/Articles&Source=com.ibm.workplace.wcm.plugins.seedlist.retriever.WCMRetrieverFactory&Action=GetDocuments
Note that spaces in the path to your content need to be denoted with %20

b) Test the new content source by triggering search manually and checking the results to see if the content was indexed. Setup a regular search interval so that new
content can be found.

c) Create a Search component in the WCM Authoring Portlet. Select the Search Collection that you just created as source for the search component.
For the presentation markup as a sample will show a simple table with the name of the content as link to the content and the publish date:
Header:
<div class="searchHeader">
<div>Title</div><div>Publish Date</div>
</div>

Result Design:
<div class="resultsList">
<div>[Placeholder tag="namelink"]</div>
<div>[Property context="autofill" type="content" field="publishdate"]</div>
</div>

Footer:
<div class="searchFooter"></div>

Separator:
<div class="searchSeparator"></div>

No result design:
<div>No results</div>

d) Create a simple Authoring Template - it does not need fields. If you want the Authoring Template to be generic you could have a field for the search component to be used.

e) Create a simple Presentation Template for the Authoring Template just created. As markup we want to have the search form as well as the result list.
The form action has to point to the content and the result is displayed by the search component we created earlier.
A sample is below:
<div class="searchCompHeader">Search All News</div>

<form action='[PathCmpnt type="prefix"]/MyLibrary/Search/Simple Fast News Search'
method="post">
<table>
     <tr><div class="searchField">
         <input type="text" name="search_query"/>
     </td></tr>
     <tr><div class="subBtnContainer" align="center">
         <input class="subBtn" type="submit" value="Search"/>
     </td></tr>
</table>
</form>

<div>Results:</div>
[Component id="992efffb-3b8c-442f-bd98-9da396be5fb5:NC90aGUgaHViIGRlc2lnbi9uZXdzIHNlYXJjaA==" name="Design Library/news search" resultsPerPage="" startPage=""]

f) Create a piece of content using the authoring template and presentation template, add a WCM portlet to a page of your choice and point to the content just created.

g) Test your search - it could look like this:

Of course you will want to style the result for a nice display.

Feed for Blog Entries Feed for Blog Comments

▼ Similar Blogs

▼ Similar Ideation Blogs

▼ Archive

▼ Links

▼ Blog Authors

Portal administration and performance

Introduction

Support (or Lack There-of)

Caveats

Steps to Use AEM In a Portal Context

Switching Between Versions

Introduction

Details

Disabling the "previewPublish" Action

Limitations

Credits