AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise

© 2015 IBM Corporation
WebSphere Application Server Installation
and Maintenance in the Enterprise
Tom Alcott STSM

Acknowledgements
• Special Thanks to Yee-Kang Chang, WebSphere Application
Server Installation Architect for his comments and suggestions
1

Agenda
• WebSphere Installation and Update
• WebSphere Maintenance Overview
• Why Apply Maintenance
• Planning for Maintenance
• Recommendations (aka “Best Practices”)

Manual Install and Update Process
1. Full install of GA: Select features and provide other
install-time input
2. Install fix packs (if needed)
3. Apply JDK Maintenance
4. Install one or more interim fixes (if needed)
5. Create and configure App Servers and other artifacts
6. Deploy applications
Installing and configuring WAS usually requires many steps:
Typically need to iterate over these steps to
achieve desired end result – not a pure linear
process!
V7.0
V7.0.0.17
iFix “A” and “B”
A
B
JDK 1.6 SR9 FP1
wsadmin script
J2EE app

Install Factory - Creating a Custom Install Package (CIP)
Command Line
Invocation Tool
Automated,
customized
WAS install
package
Processing
Engine
V7.0
V7.0.0.17
JDK 1.6 SR9 FP1
Build Definition
XML
iFix “A” & “B”
A
B
Single package containing
V7.0
V7.0.0.17
J2EE Applications
Configuration archive
JDK 1.6 SR9 FP1
iFix “A” and “B”
3rd-party Scripts
J2EE Applications
Configuration Archive
3rd-party Scripts
C:>ifcli
Composition
Tool (GUI)
Create

Using a CIP for New Scratch Install or Update
System Level After CIP Installation
V7.0.0.17
JDK 1.6 SR9 FP1
iFix “A” and “B”
V7.0
V7.0.0.7
V7.0.0.13
V7.0.0.15
iFix “A”
+
JDK 1.6.0 SR3
V7.0
+
New
Scratch
Install
Update Existing
InstallationsExisting WAS Installations
Install CIP
Final System Level
Single package containing
V7.0
V7.0.0.17
JDK 1.6.0 SR3
iFix “A” and “B”
…
Install…
Automated,
customized
WAS install
package

IBM Installation Manager – WAS v8.0 and Above
 Full product lifecycle management
– Install
– Update (fix packs and fixes)
– Modification
– Rollback
– Uninstall
 No need for separate programs to
do install and maintenance
– Formerly ISMP and UPDI
 Consistent user experience across platforms and products
–Able to install multiple products in one pass
– No need for multiple steps to install GA level of software first, and then update
to certain fix pack and fixes.
–Able to install exactly the level of product desired

IBM Installation Manager: User Interfaces
• Graphical User Interface
• For getting started and where GUI is suitable
• To record a (template) response file
• “Silent” Interfaces
• Command Line (IMCL)
– Run commands directly from command prompt
– Suitable for scripting and automation
• Response File
– Drive operations via XML-based response files
– Suitable for silent operations and automation
• Console Mode
• Interactive text-based user interface
– Similar to the GUI but text-based
• For getting started and where GUI is unavailable

IBM Installation Manager: Modes
• “How IM is deployed on your system”
• Administrator Mode
• For administrators or root user only
• Only 1 administrator instance of IM per system
• Non-administrator (User) Mode
• Per-user isolation
– Each user has own instance of IM to manage own set of products
• Only 1 instance of IM per user
• Group Mode
• Shared IM instance between multiple users to co-manage a set of
products
– Not available on Windows and IBM i
– Check product documentation for group mode support
Note: Regardless of modes, IM does not support concurrent operations.

IBM Installation Manager: Modes
• “Install Kit”
• A deployment option or “mode” without IM installed on the system
– Use the IM installer or “install kit” directly
– Command line or response file operations only
• Suitable for enterprise deployment
– Allows for control and flexibility but more responsibilities on the users
• More details shortly!
• Consider and decide on which mode to use before you deploy
IM
• Consider how your installs will be managed
• Consider your security requirements
• Consider if automation or integration with existing (automated)
deployment solutions is needed
• Switching between modes is not supported – No safe way to do so
after the fact so plan carefully

IM Shared Installer – aka “Installation Kits”
Unzipped
IM Kit
Binary Payload
Mount drive with IM
• An approach for reducing IM footprint:
• Separate binaries
1. Unzip install kits
for the target hosts.
Eg. If you have Linux and AIX
targets, unzip both install kits.
2. Record or create a response file
for the install or service activity
3. From the host where the product
install will be located, mount the shared
drive with the Install Kit, and execute the
install.
Install Kit Technote for Rational http://www-01.ibm.com/support/docview.wss?uid=swg27017738 Can Be
Adapted for WebSphere Application Server
Note: You can never use an older Install Kit with a product install that has been serviced by a newer Kit.
IM App Data
IM App Data
IM App Data
R/O Binaries

IM - Packaging Utility Overview
 Description:
• Packaging tool that creates and manages software package repositories in the correct format
for IBM Installation Manager.
• GUI and Command Line modes that are consistent with Installation Manager “Look and Feel”
Packaging Utility can perform the following tasks:
• Packaging Utility essentially copies from Source Repositories into a Target or Enterprise
Repository.
• It is intelligent about the artifacts it copies, eliminating duplication..
• A repository created by Packaging Utility can be used as a Source Repository for another
Target Repository.
• Copy multiple versions of a product to one repository. Users point to the same repository to
update installed products.
• List available fixes in a repository
• Delete packages that are no longer needed
• In Packaging Utility 1.5.2 and above, copy just the artifacts for your platforms!
– Note: Platform Option is Only available in Command Line.
– PUCL copy packageID_version -repositories source_repository -platform os=os,arch=arch -
target destination_repository -acceptLicense

IM - Packaging Utility
Enterprise
Repository
RAD v8
WAS v8
IIM
IIM
IIM
IIM
IBM
Packaging Utility Media for
RAD v8
Live Repository
for WAS 8

WAS-ND Centralized Installation Manager
Faster time to value & lower operational costs through new install & maintenance tech.
 CIM V8 is available from Job Manager & DManager
– Job Manager based solution spans the boundaries
of the cell
– Install targets are specified in agentless fashion
– Install and config job scheduling is supported
 CIM V8 is able to remotely install WebSphere
Application Server, IBM HTTP Server, Application
Clients, DMZ Security Proxy Server, and Web Server
Plug-ins
 Better than V7 CIM scalability due to more distributed
architecture
– CIM V7” function is still available with Deployment
Manager along with new “CIM V8” function
 Distributed & z/OS scenarios supported
Centralized
Installation
Manager
IIM Install Kit:
• Response File
• Install jobs
IIM
Repository
IIM
Inventory info
Binary
payload
Target
Separation between Job Manager,
Target Hosts and IIM repositories

Automated Provisioning with SCO
On-premises BYO h/w
(Distributed and z)
Dispenses WAS
topology
Smart Cloud
Orchestrator
(SCO)

A Few Words on Liberty Profile (1 of 3)
• Archive and IM install options
• Simple command line archive install
java –jar wlp-nd-runtime-8.5.5.2.jar
• IM as the managed install option for full product lifecycle
management
• Servicing Liberty
• Archive install
– Install new level side-by-side and “swing” over user files and server
configuration data
– Note Liberty’s “zero migration” design principle
– Fixes are archive installs too
• IBM Installation Manager
– In-place update of current level to new service (fix pack) level
– Fixes are managed through IM

• Server package for continuous delivery pipeline
• A compressed archive of a configured Liberty server type along
with its applications via the server package command
• Package only what you need to minimize the footprint of a
packaged server via the –include=minify option
• Facilitates deployment of Liberty Profile servers across
environments for continuous delivery (DevOps)
• Enterprise Deployment
• Create, manage and deploy server packages to spin up and down
many instances of Liberty in a cloud-like manner
– Some users use IM to create and manage “master images” and then
create server packages from them for deployment
• Check out Liberty Collectives and Admin Center for large scale
deployment

• IBM WebSphere Liberty Repository
• An online repository to deliver Liberty platform extensions
– Enables fine-grained access to runtime capabilities and early access to
new content for Dev and Ops team(s)
– Content includes individual features, admin scripts, config snippets,
samples, tools and more
 Integrated with Liberty command line, Installation Manager
offerings and WebSphere Developer Tools
• “On-premise” with Liberty Asset Repository Service
– Available on GitHub at https://github.com/WASdev/tool.lars
• For more information
• http://WASdev.net/downloads
• AAI-2358: Getting Rapid, Right-Sized and Recent with the Liberty
Repository

Maintenance Overview
• iFixes for WebSphere (distributed platforms only)
• Single fix to address one specific problem
• Intended to be a temporary / emergency bridge to availability in a fix pack.
• Tested at a functional level only
• ++APAR for zOS
• Custom fix package for a specific customer
• Intended to be a temporary bridge to availability in a fix pack.
• Fix Packs
• Vehicle for delivery of preventive maintenance -- fixes for known reported
problems, including:
– Security vulnerabilities (SEC/INT) APARs
– High impact / pervasive (HIPER) APARs
• Undergo regression testing
– Build, functional, system and performance testing
– Customer persona testing, IBM stack product testing, mixed pack levels
• Update strategy documentation on IBM Support web site
• V7
• http://www-01.ibm.com/support/docview.wss?uid=swg27012749
• V8
• V8.5

Fix Pack Quality
• Primary quality focus for fix packs is elimination of regressions
• More details in following charts
• APAR fixes that could change application behavior are now
controlled via custom properties
• Default is the previous behavior, unless the change is for a
security vulnerability
• Analysis and Actions for every PE / ZE (regression) APAR
• APAR certification for select components
• Extra level of review if components show any patterns of
regression

• There are four main aspects
of Fix Pack testing
Fix Pack | Test Overview
Regression
Testing
(FVT/SVT/Performance)
APAR
Verification
Install
Testing
Product
Integration
Testing

Fix Pack | Test Overview
• Install Test
 Description – A core set of installation test cases which are run against a matrix of supported
platforms and editions
 Timing – Fully executed within a Fix Pack release
• APAR Verification
 Description – All developers are responsible for specifically verifying their APARs fix the intended
failing test case prior to shipping a Fix Pack
 Timing – All APARs individually tested within a Fix Pack release
• Regression Testing
 BVT (Build Verification Testing)
 Description – Automated tests which verify that a driver installs and meets some
elementary requirements
 Timing – Run on each new driver released
 FVT (Function Verification Testing)
 Description – Automated test buckets which cover all major product function
 SVT (System Verification Testing)
 Description – Automated test buckets (including long runs) which cover more complex
scenarios
 Performance Testing
 Description – High load test cases to ensure the robustness and response of the product
• Stacked Product Testing
 Description – Testing to show that dependent products are not negatively impacted with a new Fix
Pack

WebSphere Service Stream Continuous Test
• Dedicated team
• System test coverage on service stream Fix Packs
• Cover all service streams
o Feature Packs
o Java SDK updates
• Test each Fix Pack on a variety of hardware
• Rolling upgrades with continuous availability
• Mixed Fix Pack versions
• Long Runs
• Continuous 7-days under load in ND client based environment
o 80+% CPU utilization,
o 500+ clients
o 150+ transactions/sec
• Various application workloads rotated across Fix Pack test cycles
• Example: System Management Continuous Deployments
o Stresses administration via continually deploying / redeploying
applications
o Run in conjunction with a transactional intensive application

Supporting Software Upgrade Support
• Testing and “certification” is done on a finite set of supporting software
versions.
• Our Supported Product list states the minimum required versions of
dependent products, and IBM has tested with each of these levels.
• Because other products frequently ship fixes, updates, and new releases, we
cannot test every possible configuration. In general, you can install and run
with updates to supported products if those updates are forward compatible.
• New levels/releases are tested at various intervals, both with a new release
and between release cycles and are then added to the supported list.
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27006921

Why Apply Maintenance
• Are You Proactive or Reactive?
• Applying Maintenance Proactively Can Reduce Outages
• What’s the cost of an unplanned outage?
• How does an outage impact revenue, profit, productivity? .
• Manufacturing has long practiced Preventive Maintenance
• Same principles apply to software

What about “If It’s Not Broken, Don’t Fix It?”
• Lets Examine the Differences Between WAS V8.0.0.7 and
8.0.0.8
• This single fixpack delivered fixes for over 301 unique
WebSphere Application Server defects that existed between
these two versions
• If You’re Never Changing Anything And Everything Is
Running OK
• Then I might agree with you
• What Happens When Critical Security Fix Needs to be Applied ?
o And It Breaks The System!!

Selected V8.0.0.8 APARs
• General
• Heap size increases by 6 MB after PM79693
• Web 2.0 web messaging exceeds TCP connection limit
• 100% CPU Use
• Transactions rolled back silently when coordinated by the UOWManager
• Issues with messaging engine not starting up during server start
• Unexpected results of transaction recovery service in relation to HA mgr.
• EJB Container
• Deadlock in appserver process during startup.

• Adminconsole
• Cross-site request forgery in administrative console
• Nodesync command might fail when hotRestartSync JVM argument
is in use
• Scripting
• Nested curly braces are not working
• Messaging Engine
• Messages stuck in pending acknowledgement state in WebSphere
Application Server service integrations bus destination

• Security
• Standalone LDAP failover settings not used for admin authorization
modifications
• During console keystore creation, validation failed: both password
and verify password were not supplied.
• Provide an option to skip canonical lookup for a specific HostName
during SPNEGO Single signon
• JNDI connection pooling does not work for SSL connection.
• CSIv2 session cache not taking GlobalSecurity and SecurityDomain
into account.
• Potential Cross-site scripting vulnerability
• Single Sign On might not work when multiple security domain is
enabled.

A Slight Digression on Migration
• Updates to a New Release, aka “Migration”
• Migration Could Be Considered a Major Maintenance Update
• Required to Maintain Currency
o Especially After End Of Service (EOS)
• Need an ROI for Migration ?
o What’s the Cost of Extended Support?
o What’s the Cost of an Unplanned Outage ?
• After EOS or End of Extended Support
o Do You Still Drive a 20 Year Old Car?
• If So, Can You Still Get Parts?

Develop and Maintain an Inventory of IT Infrastructure
• An accurate IT inventory can help assess risk
• Quickly access their risk to a problem and urgency
• Develop and maintain an up-to-date hardware and
software inventory of the entire IT infrastructure that
includes:
• Production systems
• IP addresses
• Patch status
• Patch level
• Vulnerabilities
• Physical location of the patch
• Custodian of the patch
• Function of the patch.

Assess Impact of Problems (1 of 2)
• Perform an initial assessment to “triage” patches.
• Decide which systems are to be patched
• Which patches are installed first.
• Use your asset inventory
• Not every enterprise needs to install every patch.
• Factors to consider
o Type and delivery of attack (security)
o Severity of the problem
o Criticality of the system.

Assess Impact of Problems (2 of 2)
• Focus on the most critical updates first.
• For some problems there are alternatives that can be employed short term
o Server restart for memory leaks, threading issues, etc.
o Critical Patches should be installed with “all due haste”
• With a “day zero” attack, 48 hours is too long
• Some Patches May Warrant 7/24 Effort Until Patched
o E.g. an Equity Trading System subject to a DOS attack
• Document
o Which patches are installed
o The reason for not installing
o Priorities for patching systems in the future.
• Many customers balance the need to maintain currency, thus
minimizing exposures, with the effort involved in updating by only
scheduling regular production system updates 2-3 times per year.

Testing Patches
• Patch management process should include a methodology for
testing and safely installing patches.
• Evaluate its impact on the particular computing environment
• Ensure that one problem (or more) is not created while fixing another.
• Create a detailed implementation plan
• Patch should be tested appropriately in a representative environment.
o This could take a few hours to a few days
• A back-out plan should also be developed
• If the patch adversely affects a production system, it can be quickly
reversed and the system restored to its original state.

Fall-back scenario
• Plan for a fallback should the upgrade go badly
• Test the plan
• Ideal characteristics for a fall-back:
• No uninstall/install necessary
o Takes too long, potential for errors
• No server startup
o We’d like to avoid this if we can due to startup times.
• Obviously Maintenance Requires Stop & Start
• Mitigate Operational Impact
• Multiple Cells then “Turn a switch”
o Entry in an IP sprayer
o Entry in a plugin-cfg.xml file
o Entry in cell persistent namespace (for EJB clients)
• Separate (full) Installs for each Fixpack
o Symbolic link from configuration to binaries
o Warning – Maintenance Sometimes Changes Configuration !

Single cell vs. Multiple Cells
• Multiple cells
• Less vulnerable to cell specific failure scenarios
• Independent, less risky WAS upgrades
• May require more hardware
o Each cell running on it’s own set of nodes
• Additional Administrative Effort
o Non-Issue with Scripting
• Application roll-out tends to be simpler
• IP sprayer can provides routing at the HTTP server tier
o Good to have, but not required.
• Single cell
• Vulnerable to single cell failures
• Unified administration
• More difficult administration of application roll-out
• Need session affinity at the Web container tier
• Above is applicable to WAS-ND and all “stack” products (WVE, Portal, etc)

Other Options
• Full Installations for each Fixpack (also known as “Swinging
Profiles”
• Not Officially Supported (Testing Planned)
• I’ve seen in work in practice (this isn’t an endorsement)
• Creating Service Images

“ Swinging Profiles “ (note not officially supported)
• Basic Procedure
• .Install WAS 800x
• Create a profile on WAS 800x using
o <WASHOME_800x>WASsym_n/bin/manageprofiles.sh -create -profileName profile_n -profilePath
profile_path> -templatePath WASsym_n/profileTemplates/default
where WASsym_n --> WASHOME_800x. Note, you should use the sym link in two places above: to
reference the manageprofiles.sh script and to reference the profile template, to ensure consistency.
• In setupCmdLine.sh, the WAS_HOME variable automatically gets set to the path used in
the templatePath argument: WASsym_n
• .Install WAS 800x+k
• Stop profile_n
• .Change WASsym_n --> WAS_HOME_800x+k
• .Restart profile_n
o It uses the postinstaller to align profile_n with WAS_HOME_800x+k
• In case of a problem with WAS_HOME_800x+k, stop profile_n and change the symlink
back
• For multiple profiles, each profile has its own WASsym_n_unique symlink. Each profile is
always created with its symlink initially pointing to the same WAS_HOME from which
manageprofiles was called.

Service Images with IIM (1 of 2)
• Create Master command line (you could also use a response file):
• imcl com.ibm.websphere.ND.v85 -repositories
https://www.ibm.com/software/repositorymanager/com.ibm.websphere.ND.v85 -
installationDirectory <install_home>/AppServer -dataLocation <install_home>/iim_appData -
sharedResourcesDirectory <install_home>iim_shared -preferences
com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false –acceptLicense
-showProgress
• This results in folders like:
o <install_home>/AppServer
o /iim_data
o /iim_shared
• This creates the Agent Data Location and Shared Resources Directory as peer folders of
the product installation.
• Keeping these folders co-located with the product installation will enable you to apply
maintenance to this install image in the future.
• You can now package up all directories in this master image and copy it to your production
systems.
• The operating system and architecture, and directory structures in your production systems
must exactly match those in the environment used to create the master image

Service Images with IIM (2 of 2)
• Applying maintenance to your install image
• At some time in the future, you might need to apply a fix pack or ifix directly to
your deployed product image.
• To do this, you simply need to use an Installation Manager installer and specify
the same –dataLocation and –sharedResourcesDirectory that is associated with
your product installation.
• The installer must always be at the same or higher level than was previously
used.
o If you performed the initial install with Installation Manager 1.5.3 and then did an update
with 1.6.0, you can never go back to an installer older than 1.6.0.
o Doing so can result in corruption of the Installation Manager metadata.
• One way to guard against this is to package up the installer with the product
image, like this:
• <install_home>/AppServer
• /iim_data
• /iim_shared
• /iim_installer_160

The Best “Best Practice”
• Rigorous Software Engineering Practices
• Application architecture
• Detailed Design
• Application Development
• Testing
• Utilize a set of well-designed and dedicated environments
• Production Like
o Hardware/OS
o Software Levels
• Application Development
• Application Test
• Prior to production deployment.
• Problems can be identified prior to production,
• Reduces the risk and cost associated with problem resolution in
production.

Development Stages and Test Environments
Development Environment
Development
(WebSphere Studio)
Development
(WebSphere Studio)
Development
(WebSphere Studio)
SCM
Integration Workstation
(WebSphere Studio)
Development Integration
Runtime Environment
HTTP/WAS
Performance Test
Environment
System Test Environment
Pre-Production Environment
HTTP HTTP
WAS WASWAS WAS
Router
Production Environment
HTTP HTTP
WAS WASWAS WAS
Router
HTTP
WAS WASWAS
HTTP
WASWAS
HTTP/WAS
Stage – a place where an
activity occurs
Environment – a set of
hardware and software
that supports the stage
E.g., during the system
test stage, I perform tests
in the system test
environment

High Availability for IIM (1/2)
• Binaries
• Employ Shared Drive for Binaries (and create Installation Kit)
• Install Data
• "Agent Data Location" (sometimes also known as the app Data
location)
– Contains metadata that includes the history and state of all installs
being managed by Installation Manager.
– This directory is critical to the healthy functioning of Installation
Manager. Once the directory is created, it cannot be moved and
should not be touched. If the Agent Data Location becomes corrupt,
then all product installations that are tracked by that Agent Data
Location will become unserviceable and will need to be reinstalled if
service is needed.
– Given the critical nature of this directory on the file system, it should
be backed up periodically and/or remotely mounted on a highly
available shared file system.
46

High Availability for IIM (2/2)
• Install Data
• Shared Resources Directory
– This is where IM saves files needed for currently installed products and
also files for rollback
– 1 shared resources directory per IM instance and set upon installation
of the first product
– Can opt to not save files for rollback but may not be empty even if you
have chosen to not save files for rollback
– Another important directory for IM so advisable to backup the shared
resources directory alongside the agent data location besides the
product installs too
– The agent data location and the shared resources directory go hand-in-
hand for each IM instance so backup and restore together

Some IM Tips & Tricks
• Do not save files for rollback to conserve disk space
• GUI
– Uncheck “Save files for rollback” under the Files for Rollback tab of IM’s
Preferences menu
– Click “Delete Saved Files” to remove currently saved files
• IMCL or Response File’s Preference
– com.ibm.cic.common.core.preferences.preserveDownloadedArtif
acts=false
– Currently saved files will be removed on the next IM operation with the
preference set
• Copy by platforms when using IBM Packaging Utility
• Copy only artifacts for the platforms that you need
• Conserve disk space and optimize download time
• This is the -platform option for PUCL

• Use IMCL updateAll -installationDirectory
<installLocation> to update all product offerings installed at a
particular location
• A shorthand to update everything installed at a particular location
• IM will search all specified repositories for updates and update all
installed product offerings
• Suitable when you have full knowledge of and control over the
content in the repositories you are using e.g. your own custom or
enterprise repositories
– Otherwise, do not use this and specify the exact offering(s) and
version(s) and fixes to apply in your command or response file
• Caution: updateAll without the –installationDirectory option
will update everything managed by the particular IM! Use with care!
Note: Same shorthand exists for the uninstallAll command.

• imcl listInstalledPackages –verbose will show what you
have installed in a human readable or friendly manner
• Can scope the output to a particular install location via the -
installationDirectory option
• Use the -showProgress (-sP) or the –showVerboseProgress (-
sVP) option for more “feedback” when you work with IMCL
directly

Simplify your life
• Minimize the number of different releases and configurations
supported
• Conversely Multiple Cells May Simply Maintenance
• Document the architecture and topology
• Keep it current
• Know what runs where
• Know who is responsible for each piece
• Document version and fix levels
• Keep it current
• Expect to spend much more time than you think

Automate your processes
• Automate as much as possible (and document the remainder in
detail)
• Product installation
• Application deployment
• Maintenance
• Regression test bucket
– Run regression testing under a sustained load that is equal to, or greater
than, the maximum production load expected
• Use Jython, rather than JACL
o JACL stabilized, beginning in release 6.1
• Conversion utility available with about 80% coverage

Apply maintenance regularly
• Plan to apply maintenance to each system two or three times/year or
about every four to six months
• Establish and publish a regular cycle for doing this
• Plan carefully
• Evaluate pre-req’s and co-req’s for ALL products involved
• Open PMR’s as necessary for products higher in the stack (i.e. Portal)

Maintenance for WAS
• Periodic application of new Fix Packs on a periodic basis
• Proactively apply preventive maintenance (SEC / INT, HIPER, CVE and
other APARs)
• Upgrade schedule varies according to your operations
• Most customers plan an upgrade at least twice a year
• Not necessary or feasible to upgrade to every Fix Pack
– That is why iFixes are provided
• Minimize iFixes applied
• Difficult to track as the number increases, and the number of systems
increases
• Not tested to the extent of Fix Packs
• Increasingly complex to build and apply as the number increases, and
as more code changes are made
• Moving up to newer Fix Packs regularly is the key to easily applying
future iFixes
• Large topologies require deliberate, controlled management
• Including periodic preventive maintenance
• http://www.ibm.com/developerworks/websphere/techjournal/0711_polozoff/0711_polozoff.ht
ml

Maintenance Strategy Example – WAS Fix Packs
• Scenario
• Apply fixpack maintenance every 4-6 months (2-3 times/year)
– Select maintenance windows based on business demand
• Avoid Peak Season(s)
– Rollout cycle takes 6 weeks across environments
– Maintain identical code levels across each system within an
environment
Shared Development
Integration Sandboxes
Application Function
Test and System Level
Test Environments
Test Environments
Test Environments
WAS 8.0.0.1 GA Sept 26,
2011
Maintenance Window
Starts Oct 3, 2011
Apply to Development
Starting Oct 5, 2011
Two weeks stability in
development
Roll out to next stage
Apply to test environments
starting Oct, 19, 2011
Two Weeks Stability in Test
Apply to Pre-Production
starting Nov 2 2011
Two Weeks Stability in Pre
Production
Regression Test Complete
Apply to Production
starting Nov 16 2011
WAS 8.0.0.3 GA April 16 2012
Maintenance Window
Starts April 30, 2012
Apply to Development
Starting May 1, 2012
Two weeks stability in
development
Apply to test environments
starting May 15 2012
Two Weeks Stability in Test
Apply to Pre-Production
starting May 29, 2012
Two Weeks Stability in Pre
Production
Regression Test Complete
Apply to Production
starting June 12, 2012
Development Test Pre Production Production

Stay Up To Date
http://www-947.ibm.com/support/entry/portal/Overview/Software/WebSphere/WebSphere_Application_Server

Fix Pack Schedule
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Monitor and review
• Review all logs on a regular basis
• Check IBM site for news flashes
• www.ibm.com/software/support
• www.ibm.com/software/websphere/support
• Check Common Vulnerability and Exposure Site
• http://cve.mitre.org/
• Watch carefully for any alerts
• Recent Java real number vulnerability is a DoS attack.
– For many applications this isn’t as critical as a it's not as bad as a data
modification vulnerability, but for a trading platform, it is huge.
• Monitor especially for Security Alerts for ALL software, including base
OS and ISV code
• Be prepared to roll out quickly
• Check code for deprecated methods when Java level changes

Summary
• Plan for Maintenance
• Apply At Regular Intervals
• Create and Maintain an IT Inventory
• Automate Your Maintenance Testing and Install

Notices and Disclaimers
Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or
transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with
IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been
reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM
shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY,
EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF
THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT
OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the
agreements under which they are provided.
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without
notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are
presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual
performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products,
programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not
necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither
intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal
counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s
business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or
represent or warrant that its services or products will ensure that the customer is in compliance with any law.

Notices and Disclaimers (con’t)
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products in connection with this
publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to
interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any
IBM patents, copyrights, trademarks or other intellectual property right.
• IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document
Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand,
ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™,
PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®,
pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®,
urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of
International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on
the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

Thank You
Your Feedback is
Important!
Access the InterConnect 2015
Conference CONNECT Attendee
Portal to complete your session
surveys from your smartphone,
laptop or conference kiosk.

Additional Information
• IBM Installation Manager V1.8.1 Information Center
http://www-
01.ibm.com/support/knowledgecenter/SSDV2W_1.8.1/com.ibm.cic.agent.ui.doc/helpindex_imic.html
• developerWorks –
Create custom installation repositories for WebSphere Application Server with
the IBM Packaging Utility
http://www.ibm.com/developerworks/websphere/library/techarticles/1201_seelemann/
1201_seelemann.html
Create and service WebSphere Application Server master images with IBM
Installation Manager
http://www.ibm.com/developerworks/websphere/techjournal/1301_seelemann/1301_
seelemann.html

Shameless Self Promotion
IBM WebSphere Deployment and
Advanced Configuration
By Roland Barcia, Bill Hines,
Tom Alcott and Keys Botzum

AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise

Semelhante a AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise (20)

Mais de WASdev Community

Mais de WASdev Community (9)

Último

Último (20)

AAI-2016 WebSphere Application Server Installation and Maintenance in the Enterprise