Oracle9i Application Server Best Practices -- Contents

Audience

Structure

Related Documentation

Conventions

Documentation Accessibility

Availabilty Overview

Key Practices

Measuring Availability

Hardware Availability

Software Availability

Data Availability and Reliability of Operational Procedures

Users' View of Application Availability

Hardware Redundancy and Load Balancers

Firewalls

Clustering

Application Server Cluster

Web Cache Cluster

Firewall Clusters

Commercial Balancers

HA-HW-1: Hardware Components

HA-HW-2: Load Balancers

HA-HW-3: Configure mod_jserv

HA-HW-4: Independent Servers

Software Design Principles

HA-SW-1: Java Synchronization

HA-SW-2: Resource Use

HA-SW-3: Session State

HA-SW-4: Catch-All Exceptions

HA-SW-5: Finally Clause

HA-SW-6: Retry Transactions Once

HA-SW-7: Database Update

Periodic Operations Procedures

HA-OP-1: Backup Schedule

HA-OP-2: Server Restarts

HA-OP-3: Mid-Tier File Synchronization

HA-OP-4: Document Procedures

Performance and Scalability Overview

Performance Tradeoffs

Servlets and JavaServer Pages: A Case Study

User Information

Use of Hashtables

endRequest() Called Manually

Servlets and JavaServer Pages: Design and Implementation

PERF-1: Storing State Information

PERF-2: Connection Pooling and Caching

PERF-3: Statement Caching

PERF-4: Mid-Tier Caching

PERF-5: Database Connections

PERF-6: Database and SQL Tuning

PERF-7: Memory Leaks

PERF-8: Spawning Threads

PERF-9: SingleThreadModel in Servlets

PERF-10: Servlets Startup Operations

PERF-11: Separate JSPs

PERF-12: Static or Dynamic Include in JSPs

PERF-13: Thread-Safe JSPs

PERF-14: Sessions in JSPs

PERF-15: Use Forward in JSPs

PERF-16: JSP Buffer

Servlets and JavaServer Pages: Deployment

PERF-17: Multiple JServs

PERF-18: Java Heap Size

PERF-19: JServ autoreload.classes

PERF-20: Preload Servlets

PERF-21: Pre-translate JSPs

PERF-22: JSP debug flag and developer_mode

PERF-23: Dynamic Monitoring Service

Java Performance

PERF-24: Synchronization

PERF-25: Hashtable and Vector

PERF-26: Reuse Objects

PERF-27: Unused Objects and Operations

PERF-28: StringBuffer

Oracle HTTP Server Tuning

PERF-29: TCP/IP Parameters

PERF-30: KeepAlive

PERF-31: MaxClients

PERF-32: DNS Lookup

PERF-33: Access Logging

PERF-34: SSLSessionCacheTimeout

PERF-35: FollowSymLinks

PERF-36: AllowOverride

PERF-37: DMS and Apache Server Status

Performance Testing

PERF-38: Performance Methodology

PERF-39: Performance Goals

PERF-40: Performance Evaluation

PERF-41: Performance Testing

PERF-42: Test Driver

PERF-43: Testing Personnel

Dynamic Monitoring Service (DMS)

Code Example

References and Resources

Oracle Documentation

Pooling Overview

Pooling Example

Pooling versus Sharing

Pools in Oracle9iAS

Apache Demons

POOL-1: Client-Request Processes

JDBC Connections

POOL-2: JDBC Connection Cache

POOL-3: Connection Authentication

Servlets and Connection Cache

POOL-4: Database Updates

POOL-5: Linked Servlets

Holding Connections Across Calls

POOL-6: min and max Parameters

POOL-7: Cache Usage

Multiple Applications in the Same Java VM

Note for Multithreaded Servlets

POOL-8: SQLJ

POOL-9: JDBC Statement Cache.

JDBC OCI Connection Pools

BC4J Application Modules

POOL-10: Application Module Pools

Servlets and Jserv threads

POOL-11: Servlet Attributes

JavaServer Pages (JSPs)

POOL-12: ConnBeans

POOL-13: Single-Threaded JSPs

Perl

POOL-14: Perl Programs

Portal or PL/SQL

Database Shared Servers

POOL-15: Shared Server Mode

Pooling Your Own Resources

Security Overview

Firewall Architecture

SEC-1: Server Placement

SEC-2: Restrict Traffic Through Exterior Firewall

SEC-3: Restrict Traffic Through Interior Firewall

SEC-4: Proxies on the DMZ

SEC-5: Safeguard Information of Record

SEC-6: Restrict Traffic to Approved Types

Process Development and Deployment

SEC-7: Privileges and Modules

SEC-8: Buffer Overflow

SEC-9: Cross-Site Scripting Attacks

SEC-10: Exported Products

SEC-11: Passwords and Accounts

SEC-12: Security Patches

SEC-13: Unused Services

SEC-14: Root Privileges

SEC-15: "r" Commands

Global Server ID Certificates and 128-Bit Encryption

SEC-16: Fail Weak Encryption

Performance Issues

SEC-17: Performance Testing

SEC-18: Sequential HTTPS Transfers

SEC-19: Separate Virtual Servers

Client Certificates

SEC-20: Organization Identity

SEC-21: User Identity

SEC-22: Expiring Certificates

SEC-23: Certificate Reissues

SEC-24: Certificate Revocations

EXPORT versus DOMESTIC Encryption Issues

Export Law Changes

Oracle9iAS Web Cache Overview

Integration with Third-Party Application Servers

Web-site Configuration

Cacheability Rules and Expiration Rules

BEA WebLogic 6.0 Java Applications

WebLogic SnoopServlet

WebLogic SessionServlet

IBM WebSphere 3.5.2 Java Applications

WebSphere Snoop Servlet

WebSphere SessionSample

Microsoft IIS 5.0 ASP Applications

ServerVariables_Jscript ASP

Cookie_Jscript ASP

Contents

Title and Copyright Information

Send Us Your Comments

Preface

1 Availability of Java Applications

2 Performance and Scalability

3 Pooling

4 HTTP Security

5 Using Oracle9iAS Web Cache with Third-Party Servers

Glossary

Index