Skip Headers

Oracle® Application Server 10g Best Practices
10g (9.0.4)
Part No. B12223-01
  Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Index
Index
Next  

Contents

Title and Copyright Information

Send Us Your Comments

Preface

Documentation Accessibility
Related Documents
Conventions

1 Deployment

1.1 Deployment Considerations
1.1.1 Security Requirements for Deployment
1.2 Infrastructure Deployment considerations
1.2.1 Infrastructure Data Tier Components
1.2.2 Infrastructure Midtier or Identity Management Server
1.3 Middle Tier Deployment Considerations
1.4 Use Remote Caching with Remote OracleAS Portal Instances

2 Management and Monitoring

2.1 Oracle Enterprise Manager Best Practices
2.1.1 Select the Framework Options That Best Suit Your Needs
2.1.2 Monitor and Diagnose Performance Bottlenecks and Availability Problems
2.1.3 Monitor Application Performance During Application Development or Test Cycles
2.1.4 Monitor Rate and Aggregated Performance Metrics
2.1.5 Diagnose Web Application Problems in OC4J
2.1.6 Monitor End-User Response Times of Web Pages
2.1.7 Monitor the Availability of a Web Application
2.1.8 Proactively Monitor Web Application Transactions
2.1.9 Tune Application SQL
2.1.10 Use the Host Home Page to Help Diagnose Performance Issues
2.1.11 Use Alerts and Notifications to Proactively Monitor System Availability
2.1.12 Change Configurations
2.1.13 Use Clusters for Application Deployment and Configuration Management
2.1.14 Use the Deployment Wizard to Deploy Applications
2.1.15 Use Job System to Schedule a Deployment
2.1.16 Use Job System to Periodically Back Up Your Configuration
2.1.17 Managing Both Oracle Application Server and the Oracle Database
2.2 Oracle Process Manager and Notification Server Best Practices
2.2.1 Starting and Stopping OPMN Server
2.2.2 Never Start or Stop OPMN Managed Components Manually
2.2.3 Review stdout and stderr Logs If A Component Does Not Start
2.2.4 Increase Timeout For Components That Take A Long Time To Start or Stop
2.2.5 Set Retry to High Values For Components Running on an Overloaded System
2.2.6 Leverage Additional Logging to Aid in Debugging
2.2.7 Start Order Dependencies
2.2.8 Event Scripts
2.2.9 Using OPMN to Manage External Components
2.3 Distributed Configuration Management Best Practices
2.3.1 Use Distributed Configuration Management Archiving
2.3.2 Specify a Single Instance in a Cluster as the Management Point
2.3.3 Do not Perform Concurrent Administration Operations
2.3.4 Do not Run updateConfig Concurrently with any Other Configuration Operation
2.3.5 Restart Application Server Control after Joining or Leaving a Farm or Cluster in a File Based Repository
2.3.6 Use High Availability Features for Infrastructure Repository
2.3.7 dcmctl Usage
2.4 Dynamic Monitoring Services Best Practices
2.4.1 Monitor Your System Regularly
2.4.2 Take Regular Dumps of Metrics
2.4.3 Instrument Applications with DMS
2.4.4 Isolate Expensive Intervals Using PhaseEvent Metrics
2.4.5 Organize Performance Data
2.4.6 DMS Naming Conventions
2.4.7 DMS Coding Recommendations
2.4.8 Validate New Metrics

3 Platform Security and Identity Management

3.1 General Best Practices
3.1.1 Best Practices for HTTPS Use
3.1.2 Assign Lowest Level Privileges Adequate for the Task
3.1.3 Best Practices for Cookie Security
3.1.4 Best Practices in Systems Setup
3.1.5 Best Practices for Certificates Use
3.1.6 Review Code and Content Against Already Known Attack
3.1.7 Follow Common Sense Firewall Practices
3.1.8 Leverage Declarative Security
3.1.9 Use Switched Connections in DMZ
3.1.10 Place Application Server in the DMZ
3.1.11 Secure Sockets Layer
3.1.12 Tune the SSL SessionCacheTimeout Directive
3.1.13 Plan Out The Final Topology Before Installing Oracle Application Server Security Components
3.2 JAAS Best Practices
3.3 J2EE Security Best Practices
3.3.1 Avoid Writing Custom User Managers
3.3.2 Authentication Mechanism with the JAAS Provider
3.3.3 Use Fine-Grained Access Control
3.3.4 Use Oracle Internet Directory as the Central Repository
3.3.5 Develop Appropriate Logout Functionality for J2EE Applications
3.4 OracleAS Single Sign-On Best Practices
3.4.1 Configure for High Availability
3.4.2 Leverage Oracle Application Server Single Sign-On
3.4.3 Use an Enterprise-Wide Directory in Place
3.4.4 Use OracleAS Single Sign-On Instead of Writing Custom Authentication Logic
3.4.5 Always Use SSL with Oracle Application Server
3.4.6 Username and Password Only on Login Screen
3.4.7 Log Out So Cookies Do Not Remain Active
3.5 Oracle Internet Directory Deployment Best Practices
3.5.1 Use bulkload.sh Utility
3.5.2 Replicate for High Availability
3.5.3 Use SSL Binding
3.5.4 Use Backup and Restore Utilities
3.5.5 Monitoring and Auditing Oracle Internet Directory
3.5.6 Assign Oracle Internet Directory Privileges
3.5.7 Change Access Control Policies
3.5.8 Best Practice for Directory Integration Platform
3.5.8.1 Use Identity Management Realms
3.5.8.2 Configuring DIP Synchronization Service
3.5.8.3 Oracle HR Synchronization
3.5.9 Recommendations for Migrating Oracle9iAS Applications to an Existing Oracle Internet Directory
3.5.10 Configuration of the Self-Service Console
3.5.11 Use opmnctl instead of oidmon and oidctl
3.5.12 Configure Active Directory Synchronization
3.5.13 Use User Attributes and Password Hints for Resets

4 High Availability

4.1 Distribute Identity Management Components
4.2 Use OPMN for Crash Handling and Monitoring
4.3 Analyze High Availability using iHAT or Topology Viewer
4.4 Use Metric Based Load Balancing to Tune High Availability

5 Performance and Scalability

5.1 OracleAS Web Cache Best Practices
5.1.1 Improve Performance, Scalability, and Availability
5.1.2 Planning and Deployment
5.1.2.1 Use Two CPUs and Consider Deploying on Dedicated Hardware
5.1.2.2 Cluster Cache Instances for Better Availability, Scalability, and Performance
5.1.2.3 Use a Network Load Balancer in Front of OracleAS Web Cache
5.1.2.4 Use OracleAS Web Cache Built-In Load Balancing for Availability and Scalability of Origin Servers
5.1.2.5 Deploy Caches in Remote Offices for Faster Response Times and Reduced WAN Traffic
5.1.2.6 Use the Latest Version
5.1.2.7 Test Application Upgrades and Patches to Ensure Existing Cache and Session Rules Still Function Correctly
5.1.3 OracleAS Web Cache Security
5.1.3.1 Route All HTTP and HTTPS Traffic Through OracleAS Web Cache
5.1.3.2 Secure Administration, Invalidation, and Statistics Monitoring Using HTTPS
5.1.3.3 Use Web Caching to Help Defend Against Denial-of-Service Attacks
5.1.3.4 Change Passwords Frequently
5.1.4 Configuring OracleAS Web Cache
5.1.4.1 Use the OracleAS Web Cache Manager to Avoid Configuration Problems
5.1.4.2 Configure Enough Memory
5.1.4.3 Allocate Sufficient Network Bandwidth
5.1.4.4 Set a Reasonable Number of Network Connections
5.1.4.5 Create Custom Error Pages
5.1.5 Increasing Cache Hits
5.1.5.1 Use Cookies and URL Parameters to Increase Cache Hit Ratios
5.1.5.2 Use Redirection to Cache Entry Pages
5.1.5.3 Use Surrogate-Control Headers Instead of Caching Rules
5.1.5.4 Use Partial Page Caching Where Possible
5.1.5.5 Use ESI Variables for Improved Cache Hit Ratio for Personalized Pages
5.1.5.6 Use the <esi:environment> Tag for Authentication or Authorization Callbacks
5.1.5.7 Use esi:inline and esi:include Tags Appropriately
5.1.5.8 Leverage JESI Over Hand-Generating the ESI Tags
5.1.6 Invalidation and Expiration
5.1.6.1 Use Basic Invalidation for Single Objects
5.1.6.2 Use Substring Matching for Multiple Objects in Advanced Invalidations
5.1.6.3 Build Programmatic Invalidation Into Application Logic
5.1.6.4 Combine Invalidation and Expiration Policies
5.1.6.5 Use Invalidation Propagation in Clusters and Hierarchies
5.1.6.6 Tune Invalidation Performance Using Indexes
5.1.7 Optimizing Response Times
5.1.7.1 Optimize Response Time By Tuning Origin Server and OracleAS Web Cache Settings
5.1.7.2 Improve Response Times and Reduce Network Bandwidth With Compression
5.1.7.3 Use Only Warning or Notification Logging Levels to Conserve Resources

6 Oracle HTTP Server

6.1 Configure Appropriately For Modem Connections
6.2 Tune TCP/IP Parameters
6.3 Tune KeepAlive Directives
6.4 Tune MaxClients Directive
6.5 Avoid any DNS Lookup
6.6 Turn Off Access Logging
6.7 Use FollowSymLinks and Not SymLinkIfOwnerMatch
6.8 Set AllowOverride To None
6.9 Use mod_rewrite to Hide URL Changes for End Users
6.10 Sticky Routing at Load Balancer is not Required

7 J2EE Applications

7.1 Java Server Pages Best Practices
7.1.1 Pre-Translate JSPs Before Deployment
7.1.2 Separate Presentation Markup From Java
7.1.3 Use JSP Template Mechanism
7.1.4 Set Sessions=False If Not Using Sessions
7.1.5 Always Invalidate Sessions When No Longer Used
7.1.6 Set Main_Mode Attribute To "justrun"
7.1.7 Use Available JSP Tags In Tag Library
7.1.8 Minimize Context Switching Between Servlets and EJBs
7.1.9 Package JSP Files In EAR File For Deployment Rather Than Standalone
7.1.10 Use Compile-Time Object Introspection
7.1.11 Choose Static Versus Dynamic Includes Appropriately
7.1.12 Disable JSP Page Buffer If Not Used
7.1.13 Use Forwards Instead of Redirects
7.1.14 Use JSP Tagged Cache
7.1.15 Use well_known_taglib_loc To Share Tag Libraries
7.1.16 Use JSP-Timeout for Efficient Memory Utilization
7.1.17 Workarounds for the 64K Size Limit for the Generated Java Method
7.1.18 Workarounds for the Size Limit
7.1.19 Hiding JSP Pages
7.2 Sessions Best Practices
7.2.1 Persist Session State if Appropriate
7.2.2 Replicate Sessions if Persisting is Not an Option
7.2.3 Do Not Store Shared Resources in Sessions
7.2.4 Set Session Timeout Appropriately
7.2.5 Monitor Session Memory Usage
7.2.6 Always Use Islands, But Keep Island Size Small
7.2.7 Use a Mix of Cookie and Sessions
7.2.8 Use Coarse Objects Inside HTTP Sessions
7.2.9 Use Transient Data in Sessions Whenever Appropriate
7.2.10 Invalidate Sessions
7.2.11 Miscellaneous Guidelines
7.3 Enterprise Java Bean Best Practices
7.3.1 Local, Remote, and Message Driven EJBs
7.3.2 Use EJB Judiciously
7.3.3 Use Service Locator Pattern
7.3.4 Cluster Your EJBs
7.3.5 Index Secondary Finder Methods
7.3.6 Understand EJB Lifecycle
7.3.7 Use Deferred Database Constraints
7.3.8 Create a Cache with Read Only EJBs
7.3.9 Pick an Appropriate Locking Strategy
7.3.10 Understand and Leverage Patterns
7.3.11 When Using Entity Beans, Use Container Managed Aged Persistence Whenever Possible
7.3.12 Entity Beans using Local interfaces Only
7.3.13 Use a Session Bean Facade for Entity Beans
7.3.14 Enforce Primary Key Constraints at the Database Level
7.3.15 Use Foreign Key for 1-1 and 1-M Relationships
7.3.16 Avoid findAll Method on Entities Based on Large Tables
7.3.17 Set prefetch-size to Reduce Round Trips to Database
7.3.18 Use lazy-loading with Caution
7.3.19 Avoid Performing O-R Mapping Manually
7.4 Data Access Best Practices
7.4.1 Datasources Connections Caching and Handling
7.4.1.1 DataSource Connection Caching Strategies
7.4.2 Datasource Initialization
7.4.3 Disable Escape Processing for Better Performance
7.4.4 Defining Column Types
7.4.5 Prefetching Rows Improves Performance
7.4.6 Update Batching Improves Performance
7.4.6.1 Oracle Update Batching
7.4.6.2 Standard Update Batching
7.4.7 Use Emulated and Non-Emulated Data Sources Appropriately
7.4.8 Use the EJB-Aware Location Specified in Emulated Data Sources
7.4.9 Set the Maximum Open Connections in Data Sources
7.4.10 Set the Minimum Open Connections in Data Sources
7.4.11 Setting the Cache Connection Inactivity Timeout in Data Sources
7.4.12 Set the Wait for Free Connection Timeout in Data Sources
7.4.13 Set the Connection Retry Interval in Data Sources
7.4.14 Set the Maximum Number of Connection Attempts in Data Sources
7.4.15 Use JDBC Connection Pooling and Connection Caching
7.4.16 Use JDBC Statement Caching
7.4.17 Avoid Using More Than One Database Connection Simultaneously in the Same Request
7.4.18 Tune the Database and SQL Statements
7.4.18.1 JDBC Tuning
7.4.18.2 JDBC Connection Caching
7.4.18.3 JDBC Statement Caching
7.4.18.4 JDBC Cached Rowsets
7.5 J2EE Class Loading Best Practices
7.5.1 Avoid Duplicating Libraries
7.5.2 Load Resources Appropriately
7.5.3 Setting Class Loading Search Order within Web Modules
7.5.4 Declare and Group Dependencies
7.5.5 Minimize Visibility
7.5.6 Keep Configurations Portable
7.5.7 Do not Use the lib Directory for Container Wide Shared Libraries
7.6 Oracle Application Server TopLink Best Practices
7.6.1 OracleAS TopLink Mapping
7.6.2 Team Development
7.6.2.1 Team Working with Metadata
7.6.2.2 Large and/or Geographically Diverse Project Development
7.6.3 Caching
7.6.3.1 OracleAS TopLink Cache Refreshing Policies
7.6.3.2 Avoiding Stale Cache Content
7.6.3.3 Cache Synchronization
7.6.4 Sequencing
7.6.5 Performance Options
7.6.5.1 Performance Diagnostics
7.6.5.2 Tuning
7.7 Oracle Application Server XML Developer's Kit Best Practices
7.7.1 Choosing XML Parsers
7.7.2 High-Performance XSLT Transformations
7.7.3 Streaming XML Schema Validations
7.8 Java Message Service Best Practices
7.8.1 Set the Correct time_to_live Value
7.8.2 Do Not Grant Execute Privilege of the AQ PL/SQL Package to a User or Role
7.8.3 Close JMS Resources No Longer Needed
7.8.4 Reuse JMS Resources Whenever Possible
7.8.5 Use Debug Tracing to Track Down Problems
7.8.6 Understand Handle/Interpret JMS Thrown Exceptions
7.8.7 Ensure You Can Connect to the Server and Database From the Client Computer
7.8.8 Tune Your Database Based on Load
7.8.9 OJMS
7.8.10 OracleAS JMS Best Practices

8 Oracle Application Server Portal

8.1 Installation, Configuration, Administration, and Troubleshooting Best Practices
8.1.1 Use OracleAS RepCA
8.1.2 Use the Dependency Settings File and Tool
8.1.3 Configure the Diagnostic Log File for Improved Diagnostics
8.1.4 Review the Oracle Application Server Portal Configuration Guide for Installation and Configuration Troubleshooting Advice
8.2 OracleAS Portal Performance
8.2.1 Use Appropriate Caching Strategy
8.2.2 Use Web and Database Providers Judiciously
8.2.3 Improve Availability and Scalability
8.2.4 Scale OracleAS Portal by Tuning
8.2.5 mod_plsql Tuning Impacts Performance
8.2.6 Leverage Web Provider Session Caching
8.2.7 Increase Execution Speed of Slow Portlet
8.2.8 Reduce Page Complexity to Improve Cachability
8.2.9 Measure Tuning Effectiveness to Improve Performance
8.3 Performance Features for OracleAS Portal
8.3.1 Managed Portlet Execution per Page
8.3.2 Content Pruning
8.3.3 Search Key Invalidation
8.4 Content Management and Publishing
8.4.1 Use a Single Page Group for Delegating Administration
8.4.2 Research Your Taxonomy Before Building Up a Page Hierarchy
8.4.3 Use Page Templates for Consistency
8.4.4 Use Navigation Pages to Manage Template Content
8.4.5 Categories, Perspectives, and Custom Attributes
8.4.6 Understand how Multilingual Content is Managed
8.4.7 Use Unstructured User Interface Templates
8.4.8 Use Content Management APIs to Migrate Existing Content
8.4.9 Use WebDAV Capabilities to Support Desktop Application Centric Users
8.5 Export and Import Best Practices
8.5.1 Review Supported Use Cases Before Performing an Export or Import
8.5.2 Follow the Guidelines for Export and Import of Portal Objects

9 Oracle Application Server Wireless

9.1 Deploying Multiple Tiers for High-Volume Environments
9.2 Firewall Settings
9.3 Deploying Content Sources
9.4 Choice of Voice Gateway
9.5 Deploying Messaging Applications

10 Business Intelligence

10.1 Oracle Reports
10.1.1 Differences Between Paper and Web Reporting
10.1.2 Dynamic Environment Switching to Consolidate Reports Servers
10.2 Oracle Application Server Discoverer Best Practices

Index

  Next
Oracle Logo
Copyright © 2004, Oracle. All rights reserved.
  Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Index
Index