Latest News from Weblogic Journal

Yahoo! SVP Shelton Shugar to Discuss Innovation at Cloud Computing Expo

Mon, 02 Nov 2009 15:00:00 EST

Yahoo! aims to be one of the 800-pound gorillas--along with Google, Amazon, and several major technology companies--in the upcoming battles for hosting dominance in the Cloud Computing space. Yahoo aims to be one of the 800-pound gorrillas--along with Google, Amazon, and several major technology companies--in the upcoming battles for hosting dominance in the Cloud Computing space. As Shugar noted in the days before his presentation, the company "is developing and utilizing Internet-scale cloud computing services to improve the consumer experience, speed innovation, simplify operating environments, and reduce costs. Yahoo! Cloud Services are in production today supporting web-serving properties and data processing environments."

How the Delivery of Virtualization is Being Transformed

Mon, 26 Oct 2009 13:30:00 EDT

As virtualization becomes more widely deployed, and enterprises look for new ways to leverage this revolutionary technology, the consumption and delivery of this technology is changing. At the Cloud Computing Conference and Expo, Simon Crosby will talk about how it is no longer one-size-fits-all and confined to a specific area of the data center, but instead is proliferating within the data center and out to the user via the desktop and applications.

The Economics of Cloud Computing Analyzed

Mon, 26 Oct 2009 02:00:00 EDT

The President’s budget for fiscal year 2010 (FY10) includes $75.8B in information technology (IT) spending, which is a 7-percent increase from FY09. Of this, at least $20B will be spent on IT infrastructure investments. The FY11 budget for IT is projected to be nearly $88B. The government is actively seeking ways to reduce IT costs, and the FY10 budget request highlights opportunities for the federal government to achieve significant long-term cost savings through the adoption of cloud computing technologies.

IBM’s Mainframe Monopoly Threatened by BMC Founder’s Shop

Sun, 25 Oct 2009 11:45:00 EDT

There’s another burr under IBM’s mainframe saddle besides the Justice Department’s investigation into its practices with the European Commission passing the DOJ notes – a Neon burr. Neon Enterprise Software is a Sugar Land, Texas, mainframe tools company 100% owned by John Moores, the “M” in BMC, who has reportedly poured a pretty penny into the place.

Mike Rowe From Dirty Jobs Could Use This Technology

Sun, 25 Oct 2009 09:30:00 EDT

Voice-Insight (http://www.voice-insight.com ) was at the show and was demonstrating and talking about some of its technology and some of their R&D projects. Voice-Insight is not necessarily focusing on SOA or services; most of their appeal comes from integration to other technologies.Voice-Insight built its own voice language (VQLTM) that attempts to bridge voice with GIS, maintenance, quality control, vehicle navigation and e-Government applications. This is real; they have applications running in most West-European languages as well as Japanese and Chinese (Mandarin). Their approach is to try to make user dialogues are close to natural language as possible and minimize user .”Voice training is not required.” Voice-Insight was at the show because they are a big Oracle partner. They also have partnerships with Motorola Inc, IBM, Thales, Magellan Navigation , IBM , ESRI Inc., Acteos (France), Incas (Italy & Spain), Working Machines (USA), ClearOrbit (USA), Patech (UK), MDS (Greece), CAPINFO (China), NBT (Bulgaria), Geodan (The Netherlands), BASF IT (Germany), GTS (RSA) etc.

Oracle in Leader's Quadrant for Enterprise Application Servers

Mon, 12 Oct 2009 16:00:00 EDT

Gartner's Magic Quadrant for Enterprise Application Servers (EAS) positions Oracle in the leader's quadrant. (1) Oracle's EAS technology includes Oracle WebLogic Server, which is available together with related Oracle application grid technology as part of Oracle WebLogic Suite. The Gartner Magic Quadrant positions vendors within a particular market segment based on their completeness of vision and their ability to execute on that vision.

Oracle Fusion Middleware Delivers World Record Single-Node Result

Mon, 12 Oct 2009 11:11:00 EDT

Today, Oracle announced that Oracle® WebLogic Server, a component of Oracle Fusion Middleware, together with Oracle Database 11g running on an HP ProLiant DL785 G6 server, achieved a world record single-node result with the SPECjAppServer2004 industry standard benchmark(1).

Working with WLS 10.3.1 SQLAuthenticator Password Algorithms - Part 1

Mon, 05 Oct 2009 15:00:00 EDT

WebLogic Server 10.3.1 supports loading user credentials and roles from a number of different sources, such as LDAP or a database, through the concept of "Security Providers". In order to work with a database table structure a "SQL Authenticator" provider is required.

Edwin Biemond has a good example of setting up both the database table structures and configuring the WLS SQL Authenticator against these tables. To keep the example simple, for the password field in the JHS_USERS table Edwin's has set the SQL Authenticator to write raw plain text passwords to the table. This makes it really easy for demonstration purposes to see what's written to the database.

To extend Edwin's post, a common requirement will be that:

a) The password value is written in an encrypted form to the database
b) Other non-WLS applications can generate the same encrypted result such that the encrypted passwords can be compared

The need for point "a" is obvious, unencrypted password in the database is a security weakness. But what about "b", why would you want this?

For many organisations the list of users and roles will be stored in database tables, and that information will be sourced by many different subsystems implemented in different technologies. It's not uncommon for sites to have Oracle Forms, .Net, JEE (and ADF of course!) applications all relying on the database user tables for their authentication and authorisation information.

Each of these subsystems would require users to login. The subsystem would then encrypt the password, retrieve the corresponding password from the database for the identified user, and compare the results. If they compare, we have a valid user; if the encrypted passwords are different, ring the alarm bells, we have an imposter (or at least make them login again ;-)

All things would be well with this solution, until you throw in the fact that each subsystem may support different encryption algorithms that would produce different results, effectively failing the encrypted password comparison each time. It becomes essential therefore that WLS's SQL Authenticator supports different encryption algorithms in order to provide as much flexibility as possible.

Password Settings

On configuring a SQL Authenticator as per Edwin's example, on accessing the Provider Specific information (from the WLS console select Security Realms -> myrealm -> Providers tab -> your named SQL Authenticator -> Configuration tab -> Provider Specific tab), you'll note the following options that influence the generation of encrypted passwords:

* Plaintext Passwords Enabled – true/false – relates how passwords are read from the database table. If true when WLS retrieves the password from the database, and it encounters a non encrypted password, it will undertake a non encrypted comparison between the user's password who is attempting to login against the database retrieved password. If false, WLS will enforce the database password must be encrypted for it to undertake an encrypted password comparison.

The question arises, how does WLS know the database password is encrypted? The answer is derived from the next detailed property Password Style Retained, where WLS when writing a new encrypted password to the database prefixes the encrypted password with the encryption algorithm that was used to encrypt the password. If it's missing, WLS assumes a plaintext password.

If the Plaintext Passwords Enabled property is false, one other side effect is if you attempt to set the Password Style property to PLAINTEXT, then update a user's password in the database, WLS will throw an error stating it doesn't support PLAINTEXT passwords:

[Security:099063]Plaintext password usage was rejected.

Thanks to Ming at Oracle Support for clarifying this property.

* Password Style Retained – true/false – the following properties unlike the Plaintext Passwords Enabled property deal with when updating existing user passwords in the database table, not when the password is read. When WLS writes a password to the table's password field, along with the encrypted text, it prefixes the password with the password algorithm used wrapped in ellipses. For example if the SHA-1 algorithm is used, the password would look like:

{SHA-1}W6PH5MM5PZ8GGIULBPGZG37MJ9G=

If the Password Style Retained property is set to true, and the existing password has a different encryption algorithm to that specified in the Password Algorithm field, WLS will use the latter to update the password. If Password Style Retained is set to false, regardless, WLS will overwrite the password with that specified in the Password Algorithm field.

* Password Algorithm – text field – default SHA-1 – as per the WLS documentation this can be any Java Cryptography Extension (JCE). Questionably what are the allowable values derived from the JCE? These are listed in the JSE 6.0 Java Cryptography Architecture Standard Algorithm Name Documentation.

For password generation we want a hash (aka. message digest or 1-way encryption) algorithm. From the documentation we find that our options are limited to SHA-1 (the default Password Algorithm value), MD2 and MD5.

Note that the JSE documentation states the bit size of the produced message digest (SHA-1 = 160-bit, MD2 = 128-bit, MD5 = 128-bit), which will influence the size of your password field to store the encrypted database value.

The Password Algorithm can be ignored if the Password Style is PLAINTEXT, or, the Password Style Retained is set to true and the password to be updated does not match the current Password Algorithm's specified function.

* Password Style – PLAINTEXT, HASHED, SALTEDHASHED – as guessed the PLAINTEXT option will write the unencrypted password to the database. A value of HASHED implies the Password Algorithm will be used. SALTEDHASHED also produces encrypted passwords though different from HASHED. I'm currently unsure of the difference between HASHED and SALTEDHASHED, the WLS documentation doesn't differentiate between them, though it does result in a different encrypted value.

Testing

Assuming you've configured your SQL Authenticator correctly as per Edwin's post, let's test what the different settings of the properties do.

For our testing let's assume there's always an existing user ALPHA whose password we want to update, as well as new users BETA, CHARLIE and DELTA (and so on) who we want to create with a new password.

First test

Plaintext Passwords Enabled = true
Password Style Retained = true
Password Algorithm = SHA-1
Password Style = HASHED

For the existing user ALPHA the encrypted password doesn't include the algorithm prefix (ie. {SHA-1}), in fact it was created by some other system that doesn't include the prefix. The ALPHA's password will be updated to "password".

For a new user BETA the password will be set to "password".

First result

Updated user ALPHA password = "password"

For the ALPHA users this result occurs because WLS encounters the Plaintext Passwords Enabled set to true, and the original password stored for the ALPHA user is unencrypted (ie. it's missing the algorithm prefix). WLS therefore decides an update to the password must be a plaintext password update.

New user BETA password = {SHA-1}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

In this case the BETA user makes use of the SHA-1 algorithm.

Second test

Plaintext Passwords Enabled = true
Password Style Retained = false
Password Algorithm = SHA-1
Password Style = HASHED

Same as the last test, for the existing ALPHA user the encrypted password doesn't include the algorithm prefix (ie. {SHA-1}), in fact it was created by some other system that doesn't include the prefix. The ALPHA's password will be updated to "password".

For a new user CHARLIE the password will be set to "password".

Second result

Updated user ALPHA password = {SHA-1}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

New user CHARLIE password = {SHA-1}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

In this case the Password Style Retained has overwritten the updated user ALPHA's password style with the new SHA-1 algorithm equivalent as the Password Style Retained = false setting removes the original plaintext algorithm – in other words the SHA-1 algorithm takes precedence. As expected the CHARLIE user's passwords uses the SHA-1 algorithm by default.

Third test

In this test we'll use the existing SHA-1 user ALPHA SHA-1 password, while switching to the MD2 algorithm, while not retaining passwords styles:

Plaintext Passwords Enabled = true
Password Style Retained = false
Password Algorithm = MD2
Password Style = HASHED

Existing ALPHA password = {SHA-1}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

For a new user DELTA the password will be set to "password".

Third result

Existing ALPHA password = {MD2}8DiBqIxuORNfDsxg79YJuQ==

New user DELTA password = {MD2}8DiBqIxuORNfDsxg79YJuQ==

As can be seen WLS switches to the MD2 algorithm in both cases as the Password Style Retained = false property enforces this.

Fourth test

In the last test we'll switch back to the SHA-1 algorithm, and attempt to update the ALPHA user's MD2 password to the SHA-1 equivalent asking WLS not to retain the existing password style:

Plaintext Passwords Enabled = true
Password Style Retained = false
Password Algorithm = SHA-1
Password Style = HASHED

Existing ALPHA password = {MD2}8DiBqIxuORNfDsxg79YJuQ==

Fourth result

Existing ALPHA password = {SHA-1}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

As expected the ALPHA user's password is changed from the MD2 to SHA-1 encrypted password, again as the Password Style Retained = false property takes affect.

Conclusion

At this point we've seen how WLS can generate encrypted passwords using different algorithms down to the database. From here it's important to check the encrypted results in the database are actually "standard". In other words if a competing technology uses the SHA-1 algorithm to encrypt a password for example, will it see the same encrypted result WLS produced. This will be addressed in a following post.

Hosted Solutions Named as “Top Ten” Best Managed Hosting Service

Mon, 21 Sep 2009 14:39:11 EDT

Hosted Solutions, a provider of IT infrastructure as a service (IaaS), announced today its selection as a "Top 10" Best Managed Hosting Service by the editors of HostReview.com. In the last several months, Hosted Solutions has taken a number of bold steps, solidifying its leadership position in the industry. Last week, the company introduced its applications hosting offering, including support for a specific range of leading business applications, including Microsoft SQL Server, Oracle, WebSphere, WebLogic and JBoss. One leading industry analyst called it "management of the middleware, providing a service layer for its customers' application layer for middleware that can otherwise become expensive to manage in house."

Separation of Duties in Virtualized Environments

Wed, 16 Sep 2009 10:00:00 EDT

Virtualization has brought us another step closer to the world of Star Trek. Think back to episodes of The Next Generation where Geordi was able to control the functions of the entire ship through a single touch-screen interface. He was able to reconfigure electrical, mechanical and propulsion systems without needing anyone else or additional authorization. The only thing to prevent him from doing something risky or damaging was the computer system itself.

Citrix Aims To Cripple VMware’s Cloud Designs

Sat, 12 Sep 2009 15:30:00 EDT

Citrix is going to try to bar VMware from getting its hooks deep in the cloud by developing the open source Xen hypervisor, already used by public clouds like Amazon, into a full-blown, cheaper, non-proprietary Xen Cloud Platform (XCP). It intends to surround the Xen hypervisor with a complete runtime virtual infrastructure platform that virtualizes storage, server and network resources. It’s supposed to be agnostic about virtual machines and run VMware’s, which currently run only on its own infrastructure.

SYS-CON White Paper: JBoss Migration Guide

Fri, 11 Sep 2009 17:45:00 EDT

IT organizations are constantly faced with the challenge to produce high-quality solutions with a lower total cost of ownership. With the growing recognition that open source software provides quality, stable solutions, migrations of existing enterprise applications to products such as JBoss Enterprise Application Platform have become increasingly popular.

Cloud Computing Adoption - Part 2 of 5

Sat, 05 Sep 2009 13:00:00 EDT

Historically, when we take something complex and make it simple, we open up all sorts of opportunities for value. Think about the changes that happened once the Web made it simpler to buy goods and services. Consider how mobile phones and text messaging have empowered us to communicate faster and more frequently. And consider what the word processor, e-mail and spreadsheets have done for individual productivity.

One-Way SSL with JAX-WS Using JDeveloper 11gR1 and WLS 10.3.1

Wed, 02 Sep 2009 11:00:00 EDT

A while back Gerard Davison blogged some simple examples of using WS-Security Policies. Gerard's specific example dealt with the WLS policy Wssp1.2-2007-Wss1.1-UsernameToken-Plain-X509-Basic256.xml. As Gerard notes the said policy (further documented in the WLS 10.3.1 doco here) implements user name tokens, encryption of the tokens and signing of the whole SOAP payload.

The following post strips back Gerard's example to instead to consider the steps in setting up and testing One-Way SSL for a JAX-WS web service generated via JDeveloper 11gR1 and installed in WLS 10.3.1, using the WLS policy Wssp1.2-2007-Https.xml.

Assumptions

This article assumes the reader has the following basic knowledge:

* HTTPS/SSL
* Digital certificates and trusted/certificate authorities (CAs)
* Oracle's WebLogic Server, WLS managed servers and the WLS console

One-Way SSL vs Two-Way SSL

For those not familiar with either, Oracle's WLS documentation has a good explanation of the implementation of and differences between One-Way SSL and Two-Way SSL in the Understanding Security for Oracle WebLogic Server manual.

Steps

To implement a One-Way SSL example we'll run through the following steps:

1) Create a basic JAX-WS web service with JDeveloper 11gR1
2) Generate the digital certificates required for the WLS server
3) Modify the web service to use the Wssp1.2-2007-Https.xml WLS policy
4) Deploy the running web service to WLS
5) Test the running web service via JDeveloper's HTTP Analyzer
6) Test the running web service via SoapUI
7) Test the running web service via a JAX-WS client
8) Inspect the web service packets on the wire to verify the traffic is indeed encrypted

1) Create a basic JAX-WS web service with JDeveloper 11gR1

This step is documented in a previous blog post Creating JAX-WS web services via a WSDL in JDev 11g. There are also a number of viewlet demonstrations available from Oracle's OTN which show how to construct the WSDL in a drag'n'drop fashion.

The resulting web service we'll demonstrate here is a very simple one. It is comprised of the following solutions:

OneWaySSLExample.xsd


            targetNamespace="http://www.sagecomputing.com.au" elementFormDefault="qualified">

The inputElement and the outputElement will constitute the incoming and outgoing payloads of a simple HelloWorld web service.

OneWaySSLExample.wsdl


             xmlns:tns="urn:OneWaySSLExample.wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
             xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
             xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsca="http://www.sagecomputing.com.au">

The overall web service comprises of a single operation accepting the inputElement and outputElement strings as specified in the XSD.

OneWaySSLPortTypeImpl.java

package au.com.sagecomputing.ws;

import javax.jws.WebService;

import javax.xml.ws.BindingType;
import javax.xml.ws.soap.SOAPBinding;

@WebService(serviceName = "OneWaySSLService",
            targetNamespace = "urn:OneWaySSLExample.wsdl",
            portName = "OneWaySSLPortTypePort",
            endpointInterface = "au.com.sagecomputing.ws.OneWaySSLPortType",
            wsdlLocation = "/WEB-INF/wsdl/OneWaySSLExample.wsdl")
@BindingType(SOAPBinding.SOAP12HTTP_BINDING)
public class OneWaySSLPortTypeImpl {

  public String oneWaySSLOperation(String part) {
    return "Hello " + part;
  }
}

A very basic JAX-WS web service accepting the inputElement String and returning the outputElement String prefixed with "Hello ".

Example request SOAP payload


   
   
      Chris

Example response SOAP payload



   
      Hello Chris

The overall application/project structure will look as follows in JDeveloper's Application Navigator:

2) Generate the digital certificates required for the WLS server

In order for a client to undertake a SSL connection with our web service on the WLS server, the WLS server must be configured with a valid digital certificate.

Again note from the Oracle documentation how One-Way SSL works at runtime:

With one-way SSL authentication, the target (the server) is required to present a digital certificate to the initiator (the client) to prove its identity. The client performs two checks to validate the digital certificate:

1. The client verifies that the certificate is trusted (meaning, it was issued by the client's trusted CA), is valid (not expired), and satisfies the other certificate constraints.
2. The client checks that the certificate Subject's common name (CN) field value matches the host name of the server to which the client is trying to connect

If both of the above checks return true, the SSL connection is established.

In this section we consider the digital certificates required for the WLS server.

WLS is an interesting application server in that it keeps two separate Java keystores, 1 for storing the digital certificates for such actions as SSL, and another which is typically used for storing CA digital certificates. The former is referred to as the identity keystore, the later the trust keystore.

The WLS manual Securing Oracle WebLogic Server section 11 Configuring Identity and Trust has a detailed explanation of this setup.

By default WLS comes with demonstration identity and trust keystores containing demonstration digital certificates. As the WLS documentation takes great pains to explain these are for development purposes only and should never be used in a production environment. For the purposes of this blog post if you're testing One-Way SSL in a development environment you can in fact skip this entire step as the demonstration WLS keystores will suffice.

To check that the demonstration keystores are currently installed login to your WLS console, select your server, and under the Configurations -> Keystores tab you'll see the following entries:

Your entries for the file locations of the keystore will be different from my example here dependent on where you installed WLS.

However using the demonstration keystores avoids the whole learning exercise of configuring your own custom digital certificates in WLS which is an important lesson. The following describes those steps in detail, as based off Gerard's original post.

To install our own digital certificate we followed these general steps:

a) Open a command prompt and set the WLS environment
b) Generate our own trusted certificate authority digital certificate
c) Store the private key and digital certificate and import into the identity keystore
d) Store the same digital certificate into the trust keystore.
e) Configure the new keystores in WLS's identity and trust keystore

The following describes those steps in detail. In order to do this we've used WLS utilities to do as much of the work as possible.

a) Open a command prompt and set the WLS environment

Under Windows open a command prompt on the same machine as where WLS is installed, create a temporary directory in your favourite place and cd to that directory, and run your WLS server's setDomainEnv.cmd command. Something like:

"C:\\setDomainEnv.cmd"

Once run ensure you're still in your new directory.

b) Generate our own trusted certificate authority digital certificate

java utils.CertGen -certfile ServerCACert -keyfile ServerCAKey -keyfilepass ServerCAKey -selfsigned -e somebody@xxxx.com.au -ou FOR-DEVELOPMENT-ONLY -o XXXX -l PERTH -s WA -c AU

This generates 4 files: ServerCACert.der, ServerCACert.pem, ServerCAKey.der, ServerCAKey.pem

The utils.CertGen utility is useful for development purposes, but as per the WLS documentation, should not be used for production purposes. Alternatively OpenSSL could be used instead.

Note the use of selfsigned flag. This implies this digital certificate will be used both as the CA in the trust keystore and the served digital certificate in the identity keystore. This is not what we'd do for a production environment using commercial Certificate Authorities, but is sufficient for demonstration purposes in this post.

More information on:

* the WLS CertGen utility can be found here.
* .der vs .pem files can be found here and here.
* WLS provides two utilities der2pem and pem2der can be used to convert between the two file types.

Under Windows you can double click on the ServerCACert.der file to show its contents:

If you have access to the openSSL command line tool you can use it to query the certificate we just created:

openssl x509 -text -inform der -in ServerCACert.der

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:a9:d1:4a:0f:0b:b2:61:13:90:89:f5:40:4d:4f:e2
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=AU, ST=WA, L=PERTH, O=SAGECOMPUTING, OU=FOR-DEVELOPMENT-ONLY, CN=/emailAddress=somebody@sagecomputing.com.au
        Validity
            Not Before: Jul  9 07:06:49 2009 GMT
            Not After : Jul 10 07:06:49 2029 GMT
        Subject: C=AU, ST=WA, L=PERTH, O=SAGECOMPUTING, OU=FOR-DEVELOPMENT-ONLY, CN=/emailAddress=somebody@sagecomputing.com.au
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:df:cb:6c:ed:86:75:4c:5b:66:cd:aa:3d:34:8f:
                    
                    73:f6:9c:b5:ed:82:9c:c3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:1
    Signature Algorithm: md5WithRSAEncryption
        b7:fa:1b:8f:c4:ee:af:6b:1d:f0:dc:f4:cf:35:20:f1:df:eb:
        
        0c:fe
-----BEGIN CERTIFICATE-----
MIIC8zCCAlygAwIBAgIQDanRSg8LsmETkIn1QE1P4jANBgkqhkiG9w0BAQQFADCB

i7Pd63d03mWkI85tvsr5Q+40yitOL5JnLsbyHSrM+1aK8kkY7Qz+
-----END CERTIFICATE-----

This identifies information that maybe useful later if we make a mistake, such as the encryption algorithm used (RSA), the size of the keys (1024bit), the serial number of the certificate (a hex number).

c) Store the private key and the digital certificate in the identity keystore

java utils.ImportPrivateKey -certfile ServerCACert.der -keyfile ServerCAKey.der -keyfilepass ServerCAKey -keystore ServerIdentity.jks -storepass ServerCAKey -alias identity -keypass ServerCAKey

d) Store the same digital certificate into the trust keystore
Import the certificate generated in step b into a trust keystore.

keytool -import -v -trustcacerts -alias identity -file ServerCACert.der -keystore ServerTrust.jks -storepass ServerTrustStorePass

e) Configure the new keystores in WLS's identity and trust keystore

To configure the keystores in WLS enter the WLS console, select the managed server you're interested in, then make the following changes under the following tabs:

Configuration tab -> General subtab

SSL Listed Port Enabled = checkbox
SSL Listen Port = 7102 (and different from the Listen Port)

Configuration tab -> Keystores subtab

Keystores = Custom Identity and Custom Trust
Custom Identity Keystore = \ServerIdentity.jks, such as c:\temp\ServerIdentity.jks
Custom Identity Keystore Type = jks
Custom Identity Keystore Passphrase = ServerCAKey
Confirm Custom Identity Keystore Passphrase = ServerCAKey

Custom Trust Keystore = \ServerTrust.jks, such as c:\temp\ServerTrust.jks
Custom Trust Keystore Type = jks
Custom Trust Keystore Passphrase = ServerTrustStorePass
Confirm Custom Trust Keystore Passphrase = ServerTrustStorePass

Configuration tab -> SSL subtab

Identify and Trust Locations = Keystores
Private key alias = identity
Private Key Passphrase = ServerCAKey
Confirm Private Key Passphrase = ServerCAKey

Then save.

After this restart your WLS server and you should see similar messages to the following in the WLS logs:

Alternatively is you see the following messages you have made a mistake in your configuration:

10/07/2009 4:08:30 PM WST>     
<10/07/2009 4:08:30 PM WST>     
<10/07/2009 4:08:30 PM WST>

3) Modify the web service to use the Wssp1.2-2007-Https.xml WLS policy

This can be done in a number of ways in JDeveloper, the easiest of which for this blog post at least is just to insert the @Policy annotation into the JAX-WS endpoint as follows:

(Note if you're using earlier versions of JDeveloper or Eclipse, this mechanism wont work, you must manually add the policies to the WSDL).

package au.com.sagecomputing.ws;

import javax.jws.WebService;

import javax.xml.ws.BindingType;
import javax.xml.ws.soap.SOAPBinding;

import weblogic.jws.Policy;

@WebService(serviceName = "OneWaySSLService",
            targetNamespace = "urn:OneWaySSLExample.wsdl",
            portName = "OneWaySSLPortTypePort",
            endpointInterface = "au.com.sagecomputing.ws.OneWaySSLPortType",
            wsdlLocation = "/WEB-INF/wsdl/OneWaySSLExample.wsdl")
@BindingType(SOAPBinding.SOAP12HTTP_BINDING)
@Policy(uri = "policy:Wssp1.2-2007-Https.xml") 
public class OneWaySSLPortTypeImpl {

  public String oneWaySSLOperation(String part) {
    return "Hello " + part;
  }
}

4) Deploy the running web service to WLS

Within JDeveloper to deploy and run from the integrated WLS, it's simply a case of right clicking on the JAX-WS file and selecting Run.

If you click on the hyperlink provided in the log window, this will open the HTTP Analyzer. From the HTTP Analyzer you can open the WSDL at the top of the window:

Note on deployment to WLS you can see that the Wssp1.2-2007-Https.xml policy has been added to the binding to enforce One-Way SSL, and in addition the service address now runs from HTTPS, not HTTP, on the now enabled SSL port.

5) Test the running web service via JDeveloper's HTTP Analyzer

JDeveloper out of the box includes HTTP Analyzer for testing your web services. It's particularly useful as you don't have to leave the confines of your IDE to test your web services.

In order to run the HTTP Analyzer with SSL'ed web service traffic, you need to make some changes to the configuration of JDeveloper. Selecting the Tools->Preferences menu option, followed by Https and Truststore Settings, you can configure the Client and Server keystores HTTP Analyzer needs to run with SSL.

If you followed my exact instructions on setting up a selfsigned CA into the WLS identity and trust keystores, you need to enter the following options in the Preferences Https and Trusting Settings page:

Client Trusted Certificate Keystore: c:\temp\ServerTrust.jks
Client Trusted Keystore Password: ServerTrustStorePass

Server Keystore: c:\temp\ServerIdentity.jks
Server Keystore Password: ServerCAKey
Server Private Key Password: ServerCAKey

When you run your web service you can access the HTTP Analyzer by clicking on the URL of your served web service in the JDev IDE log window, among other methods.

This presents the following HTTP Analyzer screens:

In the top of the screen you'll see the HTTP Analyzer has formed a dummy request for you to send out based on the web service's WSDL. In my example picture I've filled out the part field and pressed Send Request, of which you can see the reply from the web service on the right hand side.

At the bottom of the screen you can the individual request/responses that were generated in order to service the request.

6) Test the running web service via SoapUI

SoapUI is a popular web service testing tool. I wanted to show how to configure it here to show similar results to the HTTP Analyzer. The following steps were built with SoapUI v3.0.

a) Create a new Project via File -> New soapUI Project
b) In the New SoapUI Project dialog, enter a custom project name, then your WSDL, leave the rest of the fields as default.

c) In the Project list expand your new project to the last Request 1 node, and double click it.
d) This will open the Request 1 window, showing on the left handside the outgoing request payload, where you can modify the inputElement XML element with your name.
e) Pressing the green arrow executes the request against the webservice, you'll now hopefully see the SOAP response on the right handside of the window.
f) Note at the bottom right of the right handside of the window you have the text SSL Info. Clicking on this shows another sub-window with the SSL certificate information that was swapped with the WLS server to undertake the SSL communications.

7) Test the running web service via a JAX-WS client

Assuming under JDeveloper you know how to create a Java Proxy for the deployed web service, you'll end up with the following code:

import clientexamples.SSLUtilities;

import javax.xml.ws.WebServiceRef;

public class OneWaySSLPortTypePortClient
{
  @WebServiceRef
  private static OneWaySSLService oneWaySSLService;

  public static void main(String [] args)
  {
    oneWaySSLService = new OneWaySSLService();
    OneWaySSLPortType oneWaySSLPortType = oneWaySSLService.getOneWaySSLPortTypePort();

    SSLUtilities.trustAllHttpsCertificates(); 

    System.out.println(oneWaySSLPortType.oneWaySSLOperation("Chris"));
  }
}

Note SSLUtilities is a handy class written by Srgjan Srepfler that includes a number of methods for handling and modifying the default SSL behaviour. In our case in writing a simple test client we're not overly concerned about trusting the server's CA, so we can use SSUtilities.trustAllHttpsCertificates to stop the required checking.

8) Inspect the web service packets on the wire to verify the traffic is indeed encrypted

What neither JDeveloper's HTTP Analyzer nor SoapUI can do is actually confirm for you that the traffic on the network was actually encrypted. To check this we can use a wire sniffing tool called WireShark.

Warning: at some sites using wire sniffing tools like WireShark can be a dismissible offence because you can see private data on the network. Be careful to check your organisation policies before doing this.

Note if you're running the JAX-WS web services via the integrated WLS on the same localhost as SoapUI, you're most likely running through the localhost address. For various technical reasons WireShark cannot sniff packets through localhost or the MS loopback adapter in Windows. Instead we must separate our WLS and SoapUI installations, and place them on different hosts. Let's call them Box1 and Box2, with WLS and SoapUI installed respectively

Once you have both up and running, determine the IP address of Box2. Let's say that IP address was: 101.102.103.104

a) Start WireShark. In the filter box top left enter: ip.addr == 101.102.103.104
b) Select the filter Apply button.
c) Select the Capture -> Interfaces
d) Select the Start button for your ethernet card
e) WireShark is now sitting listening for traffic from the other ip.address of Box2.

f) Now in SoapUI execute the request.
g)In WireShark you should see the incoming requests:

As WireShark works at the network level it sees the individual packets, several of which will comprise the request/response between SoapUI and WLS, effectively an incredible amount of detail. You can select each packet and look at the data contained within in the bottom window of the display. This window shows the data in both hex and raw text, so you'll need to carefully look to see the data contained within. Obviously if the traffic is encrypted you wont see much meaning at all which is what we want! To see the unencrypted traffic, remove the policy from your web service, redeploy it and run the same scenario again.

Thanks

I must aim my very strong thanks to Gerard Davison from Oracle UK with assistance with this article, Gerard's help has been invaluable. Any mistakes in this post are of course mine however, of which I'm sure there will be a few in such a long post.

Virtual Desktop Infrastructure Comparison Kit

Sat, 22 Aug 2009 23:15:00 EDT

Get the real scoop on how XenDesktop outperforms the competition – including VMware View. Download the “VDI Comparison Kit” today. It includes expert reviews and industry insights into what you should consider when choosing a VDI solution, plus a point-by-point comparison showing how XenDesktop delivers superior performance, proactive IT visibility, and lowest TCO.

Avoid Network Outages within SaaS and Cloud

Sat, 22 Aug 2009 22:45:00 EDT

A primary element of SaaS and cloud computing is the virtual datacenter or Virtual Platform Infrastructure (VPI). VPI refers to virtual machines and virtual platforms that rely on many additional physical and virtual infrastructure elements. Over the past few years, new infrastructure platforms such as virtual machines, virtual management, virtual switching/routing, virtual storage, and virtual system management have come together to help drive cloud computing.

SoftLayer Extends API to Manage Cloud Services

Tue, 18 Aug 2009 22:00:00 EDT

SoftLayer has extended its Application Programming Interface (API) to enable control of the company’s CloudLayer™ Computing and CloudLayer Storage services. The API is an interface that allows customers to give their systems automatic, remote access and control of SoftLayer services. It integrates with third-party and custom software, providing seamless provisioning, management, monitoring, and information retrieval from SoftLayer systems including accounting, inventory, DNS management, and many others.

Java Memory Problems

Thu, 13 Aug 2009 22:00:00 EDT

Memory Leaks and other memory related problems are among the most prominent performance and scalability problems in Java. Reason enough to discuss this topic in more detail. The Java memory model- or more specifically the garbage collector – has solved many memory problems. At the same time new ones have been created. Especially in J EE [...] Related posts:

SharePoint: Identifying memory problems introduced by custom code SharePoint is a great platform that makes it easy to...
Performance Analysis: How to identify “bad” methods messing up the GC Whenever the Garbage Collector kicks in to free up memory...
.NET Performance Analysis: A .NET Garbage Collection Mystery Memory Management in .NET is a broad topic with a...

Google Scores Against Microsoft in New Zealand

Mon, 27 Jul 2009 22:00:00 EDT

New Zealand’s Postal Services Group (PSG), a business inside New Zealand Post Group that connects businesses and the community through mail and online services, is moving from Microsoft to Google Apps, security, compliance and web filtering. PSG has signed a three-year agreement with Fronde, a Google enterprise partner in New Zealand, that will see Google Apps rolled out to 2,100 Postal Services Group workers.

Japanese Government Gets into the Cloud

Mon, 27 Jul 2009 21:30:00 EDT

Over the last week I've been away at my cottage on vacation so I'm trying to catch up on my massive backlog of emails (about 5k worth). One of the more interesting was one sent earlier in the week from Masayuki Hyugaji in Japan. (I have a call with Hyugaji later this week, so I should be able to provide more details afterward)

According to Hyugaji, the Ministry of Internal Affairs and Communications of Japan has embarked in a series of new research and development activities including launching a Global Inter-Cloud Technology Forum. For those who don't speak Japanese (my wife does) the primary focus of the Global Inter-Cloud Technology Forum is on Cloud Federation and currently includes several large Japanese companies. The aim of the forum is to promote standardization of network protocols and the interfaces through which cloud systems "interwork" with each other, and to enable the provisioning of more reliable cloud services.

Main activities and goals

- Promote the development and standardization of technologies to build or use cloud systems;
- Propose standard interfaces that allow cloud systems to interwork with each other;
- Collect and disseminate proposals and requests regarding organization of technical exchange meetings and training courses;
- Establish liaison with counterparts in the U.S. and Europe, and promote exchange with relevant R&D teams.

Global Inter-Cloud Technology Forum Aims

The Global Inter-Cloud Technology Forum website sheds some light on the initiative.

"Cloud systems have not yet reached the level that would allow their application to mission-critical fields, such as e-government, medical care and finance, in terms of reliability, ability to respond quickly, data quality and security. To achieve reliability and quality high enough to meet the requirements in these fields, it is necessary to interconnect multiple cloud systems via a broadband network and provide a mechanism that would allow them to interwork with, and complement, each other.

"In light of the fact that each provider is currently building cloud systems based on its proprietary specifications, we propose the establishment of the “Global Inter-Cloud Technology Forum” to promote standardization of network protocols and the interfaces through which cloud systems interwork with each other, to promote international interworking of cloud systems, to enable global provision of highly reliable, secure and high-quality cloud services, and to contribute to the development Japan’s ICT industry and to the strengthening of its international competitiveness."

Learn more at http://www.gictf.jp

Parallels Chases Asia-Pacific Cloud Market

Fri, 24 Jul 2009 08:00:00 EDT

Parallels said Thursday that it will pushing further into the Asia-Pacific cloud market with its virtualization solutions, promising that its followers will be able to compete with Google, Microsoft and Amazon. It’s chasing what IDC says will be a $42 billion worldwide cloud services market by 2012, gambling that Asia-Pacific will show greater acceptance and rapid uptake.

Twittergate Reveals E-Mail is Bigger Security Risk than Twitter

Wed, 22 Jul 2009 21:30:00 EDT

First, everyone needs to calm down. Twitter.com itself was not breached. According to Evan Williams as quoted in a TechCrunch article, the attack did not breach Twitter.com or its administrative functions, nor were user accounts affected in any way. So everyone can just stop with the “Twitter needs to revamp its security!” and “Twitter isn’t secure” headlines and articles because it’s not only blatantly wrong, it’s diverting attention that should be devoted to the real problem: e-mail and account self-service.

Security Cloud Assumptions

Fri, 17 Jul 2009 11:00:00 EDT

After pushing my latest post, Securing the Cloud: Shared Hardware and the Data Plane, Hoff posted a series of excellent questions and responses to the post via Twitter. I thought responding via another blog post, so that his questions could be addressed alongside my last post, was the way to go. I’ve trimmed some of [...]

Will Ulitzer Dominate News Content on The Web? -Gartner

Mon, 13 Jul 2009 12:30:00 EDT

'Will Ulitzer and SocialYell Dominate News Content on The Web (Eventually)?' is the blog title of Gartner's Anthony Bradley. In his blog entry, Bradley writes: "Hype around Ulitzer.com (the social-journalism news magazine site) is climbing. At one point they were offering authors 200% of their Google AdSense revenue... I am convinced that the only way to change the world is through collectively determining how we spend our money and our votes. Will Ulitzer be this vehicle?"

Another SaaS Migration Success For WaveMaker

Thu, 09 Jul 2009 20:45:00 EDT

In addition to growing sales by a whopping 80% last quarter (worthy of another blog post on its own no doubt), WaveMaker also brought on a number of impressive new customers.

Yesterday we announced that the ECN Group subsidiary of New Zealand Post has adopted WaveMaker as their platform for delivery the next generation of their Round Trip Logistics application. ECN has over 3,000 customers and sells their SaaS logistics application throughout New Zealand, Australia and Asian markets.

WaveMaker makes SaaS simple both for SaaS vendors and their customers:

SaaS migration: like many ISVs, ECN already has a good deal of application business logic written in Java. WaveMaker allows ECN to create a new SaaS application that leverages the work they have already done.
SaaS development: just like we did with KANA 10, WaveMaker's drag and drop development platform can cut the time to develop a new SaaS application by at least 50%
SaaS end-user customization: WaveMaker's unique strength is in enabling SaaS vendors to deliver applications that can be easily customized by end users. In KANA's case, this meant enabling business managers to react to changing business conditions by customizing workflows in minutes that would otherwise take months of expert IT resources.

WaveMaker's SaaS development platform shows ISVs how to build a SaaS application using an incremental approach that delivers the highest bang for the buck. Other solutions like Force.com require that ISVs completely redevelop their application - a more costly and risky approah.

Oracle Cracks Open a Piggybank To Pay for Sun

Mon, 06 Jul 2009 16:15:00 EDT

Oracle sold $4.5 billion worth of debt last week, intending to use at least some of the money for its acquisition of Sun. It'll be laying out roughly $7.4 billion in cash to buy all of Sun's outstanding shares but with what Sun will have left in the bank after its debts are paid the purchase is expected to cost Oracle only about $5.6 billion. What it doesn't use for Sun is earmarked for other acquisitions and general corporate purposes, Oracle said.

Oracle Unveils Oracle WebLogic Suite 11g

Wed, 01 Jul 2009 10:32:00 EDT

As part of the Oracle Fusion Middleware 11g launch, Oracle has announced the release of Oracle WebLogic Suite 11g, which includes Oracle WebLogic Server, the world's highest performance application server, as well as Oracle Coherence, Oracle JRockit, Oracle JDeveloper and Oracle Enterprise Manager.

SYS-CON White Paper: Application Performance Management by Tidal Software

Mon, 27 Apr 2009 14:45:00 EDT

As the complexity, immediacy, and scope of enterprise processes increase, so does the risk of failure. Comprehensive, proactive management of next-generation information processes and services is critical. Traditional application management tools are inadequate to manage next-generation cross-application and, eventually, cross-enterprise business processes and services because they are static, invasive, and unaware of changing application context.

rPath Tackles the “Last Mile” of IT Process Automation

Mon, 27 Apr 2009 12:13:00 EDT

In today's challenging economic climate, the most pressing IT mandate is cost reduction and finding ways to “do more with less.” Central to this is dealing with the explosion of application deployment and systems management complexity, which has brought today's manual processes to the brink.

Evaluating Performance Management Solutions for Java and .NET Applications

Thu, 23 Apr 2009 13:45:00 EDT

Web Applications are now woven into the way that many enterprises operate, and the monitoring and management of these applications become extremely important to businesses that require nimble datacenters. The risks of failure rise with enterprise application complexity, immediacy, and scope. To mitigate those risks it is imperative to deploy a comprehensive, proactive approach to managing next-generation applications and services.

The Value of Inter-Domain Infrastructure Technology for SOA

Fri, 20 Feb 2009 22:15:00 EST

As SOA moves from the project level to the enterprise, SOA architects and practitioners quickly realize the need to consider common services and data management issues. Today we seek the right approaches and the proper enabling technology and standards to provide our enterprises with a common scalable and secure mechanism that ensures all instances of SOAs within the enterprise have the technology-independent infrastructure they need in support of the business.

Finding Trends in Internet Security

Mon, 29 Dec 2008 11:45:00 EST

As a new year approaches we must prepare for new Internet security threats. Every year, new and innovative ways of attacking computer users emerge and continue to increase in volume and severity. To know where we are going it is helpful to look at where we have been. Finding trends in Internet security has become a valuable, if not necessary, action for companies developing software to protect computer users.

Weak Economy Makes the Move to the Cloud Inevitable

Mon, 08 Dec 2008 02:45:00 EST

Enterprises normally move slowly to new technologies but when the price advantage is close to 10x, enterprise decision makers can and will move more quickly. The weak economy provides yet a stronger push. It won’t happen at once and it won’t happen instantly but I’m convinced that in 7 years, the vast majority of enterprises will be using utility computing for some part of their enterprise IT infrastructure.

WSO2 Named "Silver Sponsor" of SYS-CON's SOA World Conference & Expo

Mon, 27 Oct 2008 21:00:00 EDT

SYS-CON Events announced today that the leading global SOA technology provider WSO2 named "Silver Sponsor" of SYS-CON's upcoming SOA World Conference & Expo 2008 West, which will take place November 19-21, 2008, at the Fairmont Hotel in the heart of Silicon Valley, in San Jose, California.

QuantumXML Named "Silver Sponsor" of SYS-CON's SOA World and Virtualization Conference & Expo

Sun, 26 Oct 2008 21:30:00 EDT

Can high-performance XML be sexy? QuantumXML, the world’s fastest XML software, speeds through typical SOA transactions 10x to 100x faster than any other existing technology. You’re right, that doesn’t sound sexy. But, think of your Data Center running at a fraction of its current power and cooling costs. Imagine the possibilities; surplus processing power, a healthy bump up in the bottom line, and doing your part to save the environment. Sounding more attractive? Kick it up another notch by monetizing your web services. Visit us at the 2008 SOA World Conference and take our test drive challenge. www.quantumxml.com.

3Tera Named "Silver Sponsor" of SYS-CON's Cloud Computing Conference & Expo

Fri, 24 Oct 2008 22:15:00 EDT

3Tera's Cloudware incorporates the fundamental building blocks used in developing today's most popular applications; storage and computing, software catalog, definition and control, plus how they all relate to each other. More importantly, the architecture is vendor agnostic so that third party vendors, not just 3tera, can participate in the system. The Cloudware architecture supports the most popular operating systems - Linux, Solaris and Windows - and is targeted toward clients who want to explore the extreme scale and flexibility of cloud computing infrastructures quickly and easily.

VMware ESX Validated by Microsoft

Tue, 16 Sep 2008 09:30:00 EDT

VMware announced it has qualified its VMware ESX hypervisor under the Microsoft Server Virtualization Validation Program (SVVP). VMware ESX 3.5 update 2 (ESX 3.5u2) is a hypervisor to be listed under the program, providing VMware customers who run Windows Server and Microsoft applications with access to cooperative support from Microsoft and VMware.

Amazone Chooses Ericom's Virtualization Solution

Mon, 18 Aug 2008 10:15:00 EDT

Ericom announced that Amazone has replaced its Citrix infrastructure with Ericom's PowerTerm WebConnect RemoteView software. PowerTerm WebConnect RemoteView provides Amazone's employees with secure and centrally managed access to applications running on Windows Terminal Servers (WTS), including their Sage Bäurer Industry ERP system.

The ESB - SOA Hullaballoo

Mon, 28 Jul 2008 08:15:00 EDT

With multiple ESB platforms, you are still providing a very good way to bring underlying business applications and transaction systems to bear with an integration and messaging framework, sometimes with business process management as well. Yes they are different systems, but they can be pulled together effectively as long as the validation is there, and as long as the multiple teams have a means to virtualize their dependencies and continue developing and testing new functionality.

JMSL Numerical Library for Java Applications

Sat, 26 Jul 2008 10:15:00 EDT

The JMSL Numerical Library is the broadest collection of mathematical, statistical, financial, data mining and charting classes in 100% Java. It is the only Java programming solution that combines integrated charting with the reliable mathematical and statistical functionality of the industry-leading IMSL Numerical Library algorithms. Organizations can gain insight into valuable data and share analysis results across the enterprise quickly.

SCO - Linux' Worst Nightmare Is Back

Fri, 18 Jul 2008 20:15:00 EDT

The court also said Novell couldn't run interference for Linux and stop SCO from seeking royalty payments for alleged UnixWare and OpenServer infringement by Linux users under its infamous SCOsource licensing program. , it's merely a matter of time before SCO starts seeking those payments.

Move Over Dot.Com

Wed, 09 Jul 2008 05:30:00 EDT

Brace yourself for a new era of creative web addresses. ICANN, the non-profit Internet Corporation for Assigned Names and Numbers, has opened up top-level domains, the little .com, .org, .gov, .edu, .net suffixes or country abbreviation at the end of a web address, to any styling the human mind can conceive - and in scripts other than Roman - provided the creator coughs up $100,000.

SOA World: WSO2 Boosts Scalability, Availability and SOA Governance with v 1.7 of Open Source ESB

Tue, 24 Jun 2008 08:15:00 EDT

WSO2 has today announced the availability of the open source WSO2 Enterprise Service Bus (ESB), Version 1.7 to support enterprises' heterogeneous, high-volume service-oriented architecture (SOA) demands. The WSO2 ESB 1.7 offers new enhancements to stability and availability - resulting in scalability and error-free connections for high-volume SOA environments, even on standard hardware.

Fujitsu Named "Gold Sponsor" of SYS-CON's SOA World Conference & Expo

Thu, 19 Jun 2008 11:15:00 EDT

Ranked by Gartner as a leader in the Application Infrastructure Software market, Fujitsu helps companies build SOA-enabled BPM applications that can be shared across the enterprise to lower operating costs, accelerate business processes, and react quickly to changing market requirements. Fujitsu's BPM Suite, Interstage Business Process Manager, brings business and IT professionals together to design, simulate, automate, analyze, and optimize business processes. Together with CentraSite, Fujitsu's standards-based SOA registry and repository, Fujitsu helps companies take a process-driven approach to SOA. This top-down approach allows for collaboration on translating real business models into optimized, executable business processes while letting an organization reuse their existing Visio process maps, IT infrastructure and other SOA assets to reduce operational costs and maximize business efficiencies.

Ceedo Named "Gold Sponsor" of SYS-CON's Virtualization Conference & Expo

Thu, 19 Jun 2008 10:30:00 EDT

Ceedo Technologies has developed patent-pending virtualization technology that takes a suite of standard off-the-shelf Windows applications, and virtualizes them in real-time, creating a portable virtual desktop, which launches on any Windows host PC with no need to pre-install any software, drivers or agents. Ceedo's portable virtual desktop runs on top of and leverages the exiting Windows OS on the host PC, thus eliminating the licensing costs, footprint and performance penalty of a full virtualized OS, and works fully in user mode, enabling operation on locked-down PCs. Ceedo's technology enables the most cost-effective solutions for many enterprise scenarios such as remote access, disaster recovery, and creating a managed enterprise 'island' on employee-owned and subcontractor-owned PCs. Ceedo provides the Enterprise IT with tools to fully customize the user interface, remotely deploy new applications, and update existing applications.

Transforming the Enterprise: Where Virtualization Meets Automation

Thu, 19 Jun 2008 08:30:00 EDT

Virtualization is the future of IT management, but what exactly does that mean to your organization? CIOs around the world recognize that virtualization could be the answer to combating skyrocketing costs associated with managing their IT infrastructure; however, many are still left wondering how to implement a long-term, sustainable virtualization strategy. In this session, BMC Software CTO, Tom Bishop, will explain how IT organizations can realize the full value of virtualization through aligning IT with business priorities and automating IT processes.

Service Oriented Unified Process

Wed, 18 Jun 2008 13:45:00 EDT

Service orientation is one of the most popular trends of these recent years, but there are not any metrics on it. Hence you can not consume SOA in a project with a specific measuring. On the other side, Unified Process (especially RUP) has powerful abilities on such developments. In our discussion Chris Shayan is going to demonstrate that we can combine SOA and RUP with each other and finally make a Service Oriented Unified Process.

Is This the Birth Of Web 3.0?

Fri, 13 Jun 2008 07:30:00 EDT

Is Web 3.0 yet another buzzword, or is it a real turnaround in our industry? Web 1.0 was the good old web of the 1990s. In those times, all client-side changes were the result of a server round-trip. The Internet was ramping up in popularity. Web 2.0 has been a little more than just a technological evolution.

98% of Enterprises Implementing Virtualization Are Using Multiple Platforms

Thu, 12 Jun 2008 04:00:00 EDT

ComScore has upped Google's US search share. It was 59.8% in March and now for April it's 61.6%. It gave Yahoo 20.4% and Microsoft 9.1%. HP and Foxconn International, a unit of Taiwan-based Hon Hai Precision Industry, the big contract manufacturer, are building a $50 million factory outside St Petersburg where they will produce a half-million PCs a year for the Russian market starting next year. It could become a hub for the Baltic states and Scandinavia. Hon Hai, meanwhile, is going to start making laptops.

White Paper: "OpenAjax Alliance on Mobile AJAX and Recent Browser Advances"

Wed, 11 Jun 2008 00:15:00 EDT

The OpenAjax Alliance has recently published two new white papers, one on Mobile AJAX and one on recent browser advances. The first white paper, Introduction to Mobile AJAX for Developers, provides an overview of AJAX application development for mobile devices. The second white paper, Good News for AJAX - The Browser Wars Are Back, highlights the major changes in the browser world that are manifesting themselves in this year's browser releases (i.e., IE8, Firefox3, Safari 3.1, Opera 9.x).