Skip to main content

Posts

Showing posts from 2015

WebSphere Application Server Performance Tuning...

Here are some tips for WebSphere Application Server Performance Tuning: 1. Turn verbose garbage collection on, either by using WAS console (Servers => Application servers => server_name => Process definition => Java Virtual Machine) or by modifying command line parameters. Then, restart JVM.  2. Run your test harness and peruse the log file native_stderr.log. This will give you an idea whether your JVM has got optimal heap size allocated: you'll want to find that garbage collection does not occur more often than every 10-15 seconds and it does not take longer than 1 to 2 seconds to complete.  3. If the above is not true, change the JVM heap size, restart JVM and repeat step 2.  4. Use WAS console to check the size of Web Container's thread pool. the maximum size of 60-80 is usually a good default value.  5. Use WAS console to make sure the JDBC Connection Pool has its Maximum Connections set up to a value lower than Web Container's...

Security Hardening of WebSphere Application Server Installations:

It is a known fact that an out of the box WAS installation with security enabled is not entirely secure. There is a number of steps that has to be taken in order to "harden" the installation. Most of the steps are documented in the WebSphere hardening guide , which should be closely studied and followed by any WAS administrator or developer. The hardening guide, however, is a little light on the specifics regarding how to secure WAS at the OS level. For example, hardening should normally include changing file and directory permissions to restrict access to sensitive configuration files. Why bother hardening the installation at the OS level? This helps defend against external threats, i.e., a server hosting the installation is compromised and against internal threats, i.e., an unauthorized access from inside. Here are some of the things you can do to secure your installation on a Unix/Linux platform: 1) If you installed WAS as a non-root account, make sure that th...

SSL certificate installation on IHS (IBM HTTP Server):

Hi, folks... Today I am going to explain how to install an SSL certificate on IHS (IBM HTTP Server). Let's go through the below steps: *Notes: 1) Create a .sh script for creating the db, for importing certificates and for receiving the signed key.  2) gsk7cmd command supports -Xms1024m -Xmx2048m options for adding extra heap memory to java. This is very usefull because some times you end up with OutOfMemory errors. 3) After creating the request you can see the request by list request certificates in the keystore, after receiving the signed certificate the certificate request is removed. Don't worry, this is normal. 4) SL0208E: SSL Handshake Failed, Certificate validation error.  This error is related to the Root Class-3 certificate. Don't forget to import it to the keystore. Step 1 : Configure your environment variables (Using command line): export JAVA_HOME=/java/jre export PATH=/java/jre/bin:$PATH Step 2 : Create a new key store database: ...