Tuesday, May 31, 2011

SoftwareAG ProcessWorld 2011 Day1

I see conferences like ProcessWorld as a class-room training. You can get a lot of (high level) info from the whole software stack in just 2 days. Unfortunatly, like training, there are less interresting parts that you have to sit through. But you as a blog reader, can dive right into the good stuff:

- Process roundtrip
I saw some process roundtripping, but I still have to make it to the boot of Process Transformation to see if it goes round all the way. The integration with ARIS seems nice, when you change the model in Designer, you can notify the analyst to verify the changes.

-Mobile Technolgy
I had a interesting discussion with someone from Matismo, the company bought by SAG to complement their stack with mobile-apps. Apparantly they can generate not only mobile apps for the major platforms (Android, IPhone iOS, Blackberry), they can also generate Flash and HTML5. We won't see see anything from it in the near near future, simply because the aquisition is that recent.
For me personaly I don't see the purpose for the app, I would choose to create a mobile webApp. Most of the gui's from SAG are web-based, so that would be more consistent. However the guys from Apple didn't like Flash, so their you might have a problem (BPM, Mashup)... maybe will have to wait until HTML5 is the defacto standard.

-TerraCotta/Cloud
Terracotta will leverage the abilty to scale easily. This will be the backbone of their cloud offerings, however I don't have any specifics on that (yet). When talking whith the guy at the Terracotta boot, he was all praise for the technology. So I asked him why we didn't see the technology everywhere. Apparently it is used in a lot of code and it is even used on IS's. So if anyone has experience with it, I'm interested to hear about it.

-Deployment 8.2
They are working hard on changing the deployment cycle. With version 8.2 you now have the option of deploying from builds. Builds can be created from scripts (ant), which gets the assets from a VCS, file-system or other location. The assets itself are defined through ADL's (asset discription language). This way they can keep dependencies between different assets: ex. a process uses several services.
So you have a setup where the developer checks in its code, and the script runs nightly/weekly/... builds of the latest version and puts them into a repository, most of the cases a filesystem (not yet in centrasite as this will be for a future release). That repo than acts as a source for deployer.

-Complex Event Processing
This looks very interresting, they have the engine that runs in the same osgi container as the IS. They are not the same process, you could theoretically run the engine seperatly, but most of the time you would need the IS for connection to other systems. The engine itself is JMS in/ JMS out, it works with broker documents as events. These are processed by rules which are defined in SQL. You can then monitor events through Aris Mashup (which looks like a nice and powerfull tool - unfortunally on flash).

Hopefully the next day will be as interresting as the first.
Auf wiedersehen.

Author: Stefan De Wandeleir

Monday, May 23, 2011

Azure Service Bus: next step with enhanced Messaging

Microsoft has the vision to make a complete Service Bus available in the Azure cloud.  One basic and essential component of an integration solution is Messaging.  At TechEd 2011, a session was dedicated to this Messaging part.

A screenshot from the presentation.   Also interesting to see the other pieces of the service bus that are on their way: Service Management and Integration.







The queuing solution has support for
and all the other goodies when using a Messagnig solution: reliable communication, asynchronous, variable timing, throttling and more.

In this pre-release (Community Technology Preview), the max. message size is 256 kB and queue size of max. 1 GB. This is too small for quite some B2B transactions.  From that we derive that the focus of the Messaging and thus Service Bus is (currently) more focused on use by Azure applications and not for B2B communication between partners (yet).

Author: Guy

Wednesday, May 18, 2011

JVM performance tuning - part 1

Many integration solution are based on the Java Virtual Machine.  Having a good understanding of the underlying machinery is essential for a well functioning integration platform.  Tuning of the Java Virtual Machine is an essntial part of that.  In a series of blog posting, we are going to focus on the tuning of the JMV.  Let's get started with part 1.

The importance of tuning the Java Virtual Machine (JVM) is based on a few characteristics of the virtal machine:
  • The virual machine layer makes abstraction of the underlying operation system and thus increases the overhead
  • This overhead can cause Java applications to run slower than equivalent programs written in a low level language
  • Java's advantages like memory management, exception handling, multithreading, ... add costs
In order to understand the ways in which the JVM can be tuned, several aspects needs to be cleared  out first.

Java process memory
The JVM runs as a process called java on an operating system. It runs as a single process, meaning it doesn't share memory with other processes. The size of this process is determined by 2 major blocks:
  • The java heap space (often the largest part)
  • Other memory
    • The permanent generation: contains metadata: data about classes and methods, statics, ... If too many classes are loaded a “java.lang.OutOfMemoryError: Permgen space” error may occur. The size of the permgen can be configured using the -XX:PermSize=value (initial value) and -XX:MaxPermSize=value (max value)
    • Code generation: the translation of byte code into native cod
    • Socket buffers: for TCP connections. Each connection has a send and a receive buffer
    • Thread stacks: every thread has a stack. The size of the stack can be configured using the -Xss option. The default size of a thread stack is determined by the combination JVM/OS (320k for java 1.6 on windows 32-bit and 1M for java 1.6 on windows 64-bit). The larger the number of threads, the larger the total thread stack size will be. Two possible memory errors associated with the thread stack size are “java.lang.OutOfMemoryError: unable to create new native thread”. This means the JVM wants to associate a stack with a new thread, but the java process size on operating system level can't be expanded. A “java.lang.StackoverflowError” occurs when the thread stack size is too small or when recursive code is called too often.
    • Direct memory space: the JVM allows to address memory directly outside the java heap.
    • JNI code and JNI allocated memory: for JNI programs
    • Garbage collection: introduces additional overhead
The java heap space is divided in two generations. Each generation contains objects of a different age. The java heap space generations are:
  • The young generation: new objects are created in the young generation. The object clean upof the young generation is called a minor garbage collection (minor GC). The younggeneration has two spaces:
    • Eden space: new object are created in this space. New objects that are too large to fit in here are created in the tenured space of the old generation.
    • Survivor space: divided in a “to” and a “from” survivor space. Contains objects that survived at least one minor collection. It gives objects an additional chance to “die”before being moved to the tenured space. One survivor space contains such objects,while the other is empty.
  • Old generation: has one space: the tenured space. Contains objects that survived severalminor collections. Object clean up of the old generation is called a full or major garbage collection (full GC).
The permanent generation resides outside the java heap space and contains metadata, statics and
objects responsible for a good working of the jvm garbage collector.

Author: Dimitri

Friday, May 6, 2011

Why Software AG My webMethods Server doesn’t show Microsoft Active Directory group members from trusted domains

Today we ran into the following problem at a customer of ours: a couple of security groups had been setup in Microsoft Active Directory (AD), containing users from a trusted domain. Unfortunately, these users were not visible for our My webMethods Server (MWS) that is linked to AD using an LDAP Directory Service. When we checked the Group Members for the group in the MWS User Management Groups portlet, the group members were not visible.

When looking a bit deeper into this problem, we discovered a number of possible causes for this problem.


First of all we discovered that the members of these groups, being users of the trusted domain, were located in a branch of the directory that was not located under the base DN that we configured for the corresponding Directory Service in MWS. AD places the LDAP entries for these users in a top level container called ‘ForeignSecurityPrincipals’. The AD documentation on MSDN teaches us that in AD DS, each domain naming context (NC) contains a well-known Foreign Security Principals container. This container holds objects of class foreignSecurityPrincipal. These objects represent security principals from trusted domains external to the forest, and allow foreign security principals to become members of groups within the domain. This might already explain why MWS doesn’t show the group members, but there is more.

Even after correcting the base DN for the MWS Directory Service, the group members are still not visible in MWS. This is because the LDAP objects for these users in AD are based on different object classes than the standard user objects, more precisely the class 'foreignSecurityPrincipal'. We configured our MWS to identify LDAP users based on the 'person' object class, which contains attributes such as sAMAcountName (User ID), sn (Last Name), givenName (First Name), ... that are not present on the foreignSecurityPrincipal class by the way. Therefore of course, MWS will not recognize these objects as users which explains why we can’t see these group members in MWS. If you would like to troubleshoot the values of an LDAP object’s class or other attributes, a free LDAP browser client such as JXplorer can be of great help by the way.

So the conclusion is that MWS doesn’t support AD users from trusted domains through the LDAP Directory Service. 



Author: Kristof Lievens