2844 Introducing Application Optimization in WebSphere DataPower SOA Appliances Adolfo Rodriguez, PhD, STSM, DataPower Architect
Agenda DataPower: A Brief History Application, DMZ, and ESB Trends What is Application Optimization (AO)? Application Optimization (AO) is about leveraging application knowledge in the network to better optimize application behavior, conformance, and performance Dynamic Configuration Intelligent Load Distribution Session Affinity Application Versioning Self-Balancing and HA in Local Multi-Appliance Scenarios Summary 1
DataPower SOA Appliances Product Family Low Latency Appliance XM70 High volume, low latency messaging Enhanced QoS and performance Simplified, configuration-driven approach to LLM Publish/subscribe messaging High Availability B2B Appliance XB60 B2B Messaging (AS2/AS3) Trading Partner Profile Management B2B Transaction Viewer Unparalleled performance Simplified management and config Integration Appliance XI50 Hardware ESB Any-to-Any Conversion at wire-speed with WS-TX Bridges multiple protocols Integrated message-level security XML Security Gateway XS40 Enhanced Security Capabilities Centralized Policy Enforcement Fine-grained authorization Rich authentication 2
Typical DataPower Use Cases Monitoring and control Example: centralized ingress management for all Web Services using ITCAM SOA Deep-content routing and data aggregation Example: XPath (content) routing on Web Service parameters Functional acceleration Example: XSLT, WS Security Application-layer security and threat protection Example: XML Denial-of-Service protection, WS Security Protocol and message bridging Example: Convert to WS to legacy Cobol/MQ In-the-clear SOAP/HTTP SOAP In-the-clear SOAP/HTTP Encrypted and Signed SOAP/HTTP SOAP SOAP Clients Malicious SOAP/HTTP Cobol/MQ Cobol/ MQ Appl Service Providers 3
Why an Appliance for SOA? Integrated Many functions integrated into a single device Addresses the divergent needs of different groups (architects, operators, developers) Integrates well with other IBM SWG and standards-based products Hardware reliability Dual power supplies, no spinning media, self-healing capability, failover support Security Higher levels of security assurance certifications require hardware (HSM, government criteria) Inline application-aware security filtering and intrusion protection Higher performance with hardware acceleration Wire-speed application-aware parsing and processing Ability to perform costly XML security operations without slow downs Consumability Simplified deployment and management: up in minutes, not hours Reduces need for in-house SOA skills & accelerates time to SOA benefits 4
The DataPower Secret Sauce Specialized compiler technology creates optimized executable object code from transformations (eg. XSLT) that execute natively on hardware Everything is viewed as a transformation that is extensible via DataPower custom extension functions High-performing throughput-optimized engine yields wirespeed capabilities Purpose-built hardware to execute SOA workloads and transformations 5
Today s DMZ Internet DMZ [Appliances ONLY] intranet [Software + appliances] 6 users clouds threats DataPower XS40 WebSeal Packet Filter ISS monitoring application-aware XDoS transformations protection Security identity policy federation enforcement SSL extensible rules offload Fine grain Access control WAN and connection optimization intrusion prevention traffic shaping caching load balancing intrusion detection Appliance Hygiene WebSphere VE (XD) Packet Filter NEPs QoS policy enforcement load balancing traffic caching shaping Increased processing requirements in the DMZ ESB internal user data center IHS plugin, Proxy Server, Edge Server XI50, WESB, data WMB center WS J2EE Web REST
Today s DMZ Internet DMZ [Appliances ONLY] intranet [Software + appliances] internal user users clouds Packet Filter SOA/XML Web Application Packet Filter SOA/XML Web Application IP/TCP (packets/conns) ESB data center WS J2EE Web REST threats IP/TCP (packets/conns) data center 7
Deployment Trends Internet users clouds Packet Filter DMZ [Appliances ONLY] SOA Support XML Intelligence XML Security DMZ Convergence SOA Optimization Packet Filter intranet [Software + appliances] SOA Integration SOA Support XML Intelligence ESB Convergence internal user data center threats Web 2.0 Support Application Intelligence Application Security Application Optimization Application Integration Web 2.0 Support Application Intelligence data center 8
Application Optimization Clearly Defined Internet DMZ [Appliances ONLY] intranet [Software + appliances] users clouds Packet Filter Application Optimization (AO) is about leveraging application knowledge in the network to better optimize application behavior, conformance, and performance Packet Filter internal user data center threats SOA and Application Optimization in the DMZ SOA and Application Optimization in the ESB data center 9
Dynamic Configuration (3.8.0, AO Option) Dynamic Middleware Information Clients DataPower learns of deployed back-end applications WebSphere (or other) Service Providers 10
Static vs Dynamic Configuration Static / Persisted Configuration LBGroup configuration saved in non-volatile storage Entered by an administrator or through SOMA Initial Runtime Configuration Static configuration is immediately available after a change is applied and before any dynamic population takes place. Dynamic Configuration Runtime only. (Does not show up on configuration panels) Overrides the static configuration when new information is retrieved Members added / disabled Member weights changed Session Affinity tables changed Shows up via the Load Balancer Group Status provider 11
Usability Model Create a static LBGroup configuration to verify connectivity, service configuration, and data flow. Install the ODCInfo Application on the DM of the WebSphere Cell. Verify the ODCInfo Installation ODCInfo verification script Browser: http://dm_host_name:9060/odcinfo/odcinfo?c=cluster_name Create WebSphere Cell object (points to ODCInfo app) Retrieves the WebSphere Cell information One WebSphere Cell object can support multiple clusters 12
Configure the WebSphere Cell Object 13
Intelligent Load Distribution (3.8.0, AO Option) Weight Information Clients DataPower performs dynamic back-side routing and load distribution (leveraging dynamic information from back-ends) WebSphere (or other) Service Providers 14
Load Balancer Group New Config Questions 15
Load Balancer Group Status Provider 16
Weighted Least Connections Algorithm Imposes weight infrastructure on top of Least Connections. The larger the weight, the larger the percentage of connections that will go to a given server. The smaller the number of connections, the more likely that a server will receive the next connection. member_wlc = constant * (member_connections / member_weight); The member with the lowest member_wlc receives the next connection attempt. Reference Count used to track number of connections on each member 17
Session Affinity - Overview Cookies the basis for persistent client state Session Affinity - uses cookies to more efficiently provide the persistent (session) information to an Application by forwarding every request within a session to the same server. Required for efficient Session Management in application servers. A Session ID contains a name and a value Session information (Ignored by DataPower) Routing information (Clone ID, Partition ID, or a hash value) With Session Affinity enabled If DataPower recognizes the session ID format and can resolve the routing information, it uses the routing information to forward the request. If no session ID, or the routing information cannot be resolved, the request is load balanced. 18
Session Affinity Passive Only available though WLM (ODCInfo) feedback Least aggressive Only applies to WebSphere servers (must understand cookie format) DataPower monitors and forwards the requests based on Partition ID or Clone ID contained in the Session ID. Active-Conditional Applies to any back-end server Set-Cookie monitored on Reply. If present, DataPower inserts its own Set- Cookie (e.g. DPJSESSIONID) DataPower routes any subsequent request based on the DPJSESSIONID. Active Applies to any back-end server Most Aggressive Private Cookie (DPJSESSIONID) monitored on Request. If present, Request is routed to the corresponding server If not present, a Set-Cookie with the private cookie value (DPJSESSIONID) is inserted into the Reply The first request is load balanced. All subsequent requests are forwarded to the same server as the first request. 19
Passive Session Affinity Flow PID/CID Table P_A.1 cid3 P_A.2 cid8 Version23 CID/Host:Port Table cid3 aocserver1:8080 cid8 aocserver2:8080 aoccluster aocserver1 drouter_xi50 PID/CID Table Client Version25 drouter_xi50 aocserver2 Req (JSESSIONID=PAKZZ:P_A.1) Req (JSESSIONID=PAKZZ:P_A.1, WS_HAPRT_WLMVERSION=Version23) Reply (WS_HAPRT_WLMVERSION=Version25, $WSPT=PID:CID;) Reply() 20
Active-Conditional Session Affinity Flow xyzcluster ServerLeft Client drouter_xi50 ServerRight Req () Req () Reply(SetCookie: JSESSIONID= ) Reply (SetCookie: JSESSIONID= ; SetCookie: DPJSESSIONID=PBC5YS:-2342213232;) 21
Active Session Affinity Flow xyzcluster ServerLeft Client drouter_xi50 ServerRight Req () Req () Reply() Reply (SetCookie: DPJSESSIONID=PBC5YS:-2342213232;) 22
Session Affinity Configuration Enable Switch Insertion Cookie Information Use for non-webshere backends 23
Application Version Routing (3.8.1) Application version information Version 1 Clients Version 2 DataPower performs back-side application version routing *and* load ramping WebSphere Service Providers 24
Enabling Application Version Routing 25
Self Balancing and HA of Co-located Appliances Front-end IP load balancers not needed for AO workloads Active/Passive failover of distributor using standby control Clients Service Provider Self balancing (IP spraying) Failure of target appliances are masked by appropriate weighted distribution 26
Enabling Self Balancing
Scaling Self-Balancing 14000 Self Balancing DataPower Appliances LVS with Round strict Robin round robin 12000 Transactions per Second 10000 8000 6000 4000 2000 0 Cluster TPS TPS per Host Direct to 1 DP 2 DP Appliances 3 DP Appliances
Distribution and High Availability Options Fronting IP Sprayer Under development Sysplex Distributor IP Sprayer z/os z/linux DataPower Self Balancing DataPower load distribution Any service provider on p, x, or z Clients DataPower Tier DataPower ILD (ODC) Tier 1 distribution options Tier 2 distribution options WebSphere on p, x, or z Red = Connection distribution; White = Request distribution 29
Quiesce Support (3.8.1) Clients Service Provider Operational maintenance of DataPower appliances due to Upgrade firmware Promote configuration packages Apply dynamic configuration changes Design goals Ensure all existing transactions complete without error Indicate administrator quiesced state Various levels of granularity FSPH (configuration changes) Service object (configuration changes) Application domain (configuration promotion) Entire appliance (firmware upgrades and proactive recycles) Usage model Prevent new connections from arriving at an appliance through external load balancer configuration Special hooks automatically remove quiesced targets from self-balanced sets 30
We Value Your Feedback! Please complete the session survey for this session by: Accessing the SmartSite on your smart phone or computer at: http://imp2010.confnav.com Surveys / My Session Evaluations Visiting any onsite event kiosk Surveys / My Session Evaluations Each completed survey increases your chance to win an Apple ipod Touch with daily drawing sponsored by Alliance Tech 31
Copyright and Trademarks IBM Corporation 2009. All rights reserved. IBM, the IBM logo, ibm.com and the globe design are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. Other company, product, or service names may be trademarks or service marks of others. 32