Application Servers

An application server is a software framework that provides both facilities to create applications and a server environment to run them. Most application server frameworks contain a comprehensive service layer model, acting as a set of components accessible to the software developer through an API defined by the platform itself. For Web applications, these components are usually performed in the same running environment as their web server(s), and their main job is to support the construction of dynamic pages. However, many application servers target much more than just Web page generation: they implement services like clustering, fail-over, and load-balancing.

Share tech news, updates, or what's on your mind.

Sign up to Post

Weblogic / apps support colleagues face challenges in implementing all
hardening recommendations of Weblogic 12.1.3 adapted from Oracle.

Need assistance here to assess if there are alternative mitigations &
how risky if we don't implement some of it: refer to attached.

Appreciated comments on the risks of not implementing & any
mitigating factors
WLSharden_challenges_alternateMitig.docx
0
Learn Ruby Fundamentals
LVL 13
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Hi Team,

Iam new to JBOSS . Iam facing an error with JBOSS when I try to connect to it using cli . Any help is really appreciated.
below is the error
[sam@samserver jboss]$ cd $JBOSS_HOME/bin
[sams@samserver bin]$ sh ./jboss-cli.sh --connect controller=samserver

org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
        at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:299)
        at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:277)
        at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.jboss.modules.Module.run(Module.java:312)
        at org.jboss.modules.Main.main(Main.java:473)
Caused by: org.jboss.as.cli.CommandLineException: The controller is not available at samserver:9999
        at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1057)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:887)
        at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:863)
        at …
0
Within the same major version of Weblogic ie  12.1.x vs 12.2.x,
are the hardenings the same?   Have seen hardening docs from
Oracle for 11.x.y & 12.1.x  but I can't locate a doc that's for 12.2.x
so can I assume the hardening options for 12.1.x (specifically we
are on 12.1.3 & going to move to 12.2.x) are the same as for
12.2.x?
OraWLversions.jpg
Securing_Hardening_Oracle_Weblogic1.docx
0
The web application in my organizations uses Apache web server that load balance across Application servers (Tomcat instance). There are two Apache (Web server) instances that route the traffic to 4 Application server instance.

The HTTPS traffic coming to the application terminates at the Web server layer, and then communication between Web server and App server is over HTTP. My assumption is that Web server and App-server communicates over HTTP and not over HTTPS.

However lately in a discussion with my IS team I came to know that Web server communication to App server over HTTP is not considered secure, and Web server should instead communicate to App server over HTTPS.

I would like to know your views on how generally this works in your organization?
0
HI All

I am looking for the settings for the JBOSS 6.4 SSL settings for management console and servers.

I have
* 1 dc x 2 slave nodes
* three server groups, one server for each server group
* full profile

SSL settings for:
* Admin management console
* application on servers, at the moment the apllication is accessiable from HTTP only (8080)

Thanks
0
I have a Java servlet installed on an IBMi.  OS is at 7.3.  I am using the integrated application server.
My servlet needs an external jar file.  On Tomcat on Windows, I put the jar in the /bin directory.  
Where to I put it in the 400?
0
Hello,
I have XenApp 6.5 under windows server 2008.
XenApp 6.5 - initializing Citrix data store failed if TLS1.0 is disabled,
In fact, When I disabled the TLS1.0 on the server and after we are running Citrix AppCenter We obtained an error message (attached error.png) :
Errors occurred when using ServerDB1 in the discovery process.

Please can you advise me what is the solution ?

Best regards,
0
Hello all
I have an application server and and a database.
The application runs a report by reading the data from the SQL DB server.
The report to be completely generated is taking around 20 mins.
We doubled the hardware  resources on both servers. But the process is still taking the same exact amount to finish.
The network utilization between the two servers is not fully utilized during the process.

1- that means the bottleneck for this is not HW over utilization.
2- what else could it be? Any ideas where to look?
0
I need to force a reboot of all our domain joined workstations to apply an update to our Trend AV. Asking everyone to do it via email has not done the trick. What is the best way to do that unattended?
0
Hi Team,

Iam going to work on clustering  application servers for our application.  Iam new to this , any help on below topics really appreciated

1. Introduction to cluster concepts
2. Load Balancing
3. How  to create an application cluster
0
C++ 11 Fundamentals
LVL 13
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

hi guys

The environment I'm working in has around 150+ servers. Our team have to apply patches and keep these servers updated on a regular basis which they haven't done as yet. Now, the issue we have is that these servers are not just owned by the infrastructure and security teams, as that would be easy to manage. But the business analysts, business intelligence and applications teams own a good percentage of these too.

I need to put strategies in place so that my team, infrastructure&security, ensures that when these updates are applied that the impact is minimised and that we don't suddenly have updates which affect the applications sitting on those servers and firefighting errors.

One of my ideas was to ensure that there is a testing environment. But if I did, would I then liaise with the development teams to replicate everything that is on the production environment onto their testing too and regularly? So that when they make changes to development, they do the same onto testing?

What is the approach you have found works best?

Thanks for helping
Yash
0
Migrate an application from Server 2003 to Server 2012R2

I have a 32bit 2003 Server running an application.
I need to roll everything up and transfer it to the new server (Server 2012r2)

1. What all needs to be collected for transfer?
2. What is the best method for collection?
3. What roles need to be added to the new server?
4. Best tool to add the application to the new server?
0
Audit has raised to harden middlewares & CIS doesn't have many (other than Tomcat)
while we have the following (refer to attached Excel for details) :
Jas service
WSO2 AM
WSO2 IS
WSO2 ESB
Front-end
Redis
RabbitMQ
Marathon
etcd

Can point me to among the better sites for hardenings of above & ideally scripts that could be readily run.

Also, whereabout can we obtain patches for the above opensource middlewares?
ContainerMiddlewares.xlsx
0
Dont see such a benchmark guide at CIS site.
Anyone can share/point me to one?
0
Hi,

I am trying startup jboss-cli.sh, however, i keep getting the following errors.

the domain controller service is up without issues, I can login http://<dc_ip>:9990

JBOSS: EAP 6.4 update 21

======================================
[jboss@domainController bin]$ ./jboss-cli.sh
Exception in thread "Thread-2" java.lang.RuntimeException: broken pipe
      at org.jboss.aesh.console.reader.ConsoleInputSession$2.run(ConsoleInputSession.java:95)
You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
[disconnected /]
[jboss@domainController bin]$
====================================

anyone can help? much appreciated
0
Dear Experts

We have application servers hosted on-premise, the servers are behind the firewall.  users who access the application server from external network have to pass though the VPN network. I am looking for the network monitoring tool and also vulnerable scanning tool for web application server. I found following New Relic network monitoring tool and Qualys Security solution but these are cloud based. Please suggest for on premise deployment and suggestions please.
Thanks in advance.
2
My colleague got the attached error last month back when trying
to download Sparc Solaris 10 patchset : what's the reason?

Didn't try to download the patch for Solaris x86.  Does the support
contract we have with Oracle makes any difference if it's Sparc or x86?
Or the patch is simply old & has been superseded with a new one?
cantdwnldSolarisPatch.png
0
Experts,
 We have 2013 sharepoint farm. We are planning to implement SSL (http to https) to our web application. We have 4 front end servers , 6 Application servers. We would like to know what is the advantage and  dis advantage to implement SSL on back end server or Load balance? Also we are planning to migrate our Sharepoint 2013 to Office 365 so what is the common practice to implement (server or load balance)?
0
HI EE

I'd like to create the following Jboss topology environment.

Jboss EAP 6.4

2 x Domain controller failover
2 x slave node hosting 3 servers

I know how to configure 1 domain with 2 slave node, but for 2nd DC for failover, anyone can give me some guide?

Thanks
0
OWASP: Avoiding Hacker Tricks
LVL 13
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Hi EE

I'd like to configure SSL for JBoss EAP 6.4 in domain mode.

1 domain controller (three server groups), 1 slave node (with three servers)

I need to configure SSL for all services
** domain Admin console access via https
** each server access via https.

Thanks
0
Hello - I am running SharePoint 2016 and I've been task to setup a way to have external access to SharePoint.

Front-End Servers = 2 Servers
Distributed Cache Servers = 2 Servers
Application Servers = 2 Servers
SQL Servers = 1

What I have read is that the best practice is to leave our SharePoint farm entirely within the Intranet and use a reverse proxy in the DMZ, like WAP + ADFS. We’ll need to open far too many ports between SharePoint and Domain Controllers which will reduce the security of the environment. A reverse proxy is a single port -- tcp/443.

I am looking for a step-by-step guide on how I can set this up for SharePoint. I truly appreciate your help!
0
https://www.michalsons.com/blog/what-is-a-national-critical-information-infrastructure/17701
https://publicwiki-01.fraunhofer.de/CIPedia/index.php/Critical_Information_Infrastructure

I have to draft a guideline for systems that interface with a CII system & need inputs:
currently, the interfaces concerned are limited to 3 types only:

1. files transfer
============
I can only think that the generally practices ie:
 a) encryption of data in transit (eg: using sftp instead of ftp/mapping a drive or NFS)
 b) encryption of data at rest if it's sensitive (tampered with)

2. API
=====
how do we secure these (in particular APIs using microServices)??
I've heard of API needs to be certified so before requesting for it, need to be certain
else applications developers may question its relevance/usefulness

3. DBLink
========
Those sqlconnect  esp Oracle links to extract / update data.
Will need to define if the non-CII system is
   a) updating into CII, will have to be extra stringent but how?
   b) extracting from CII, just encrypting the sql calls
 

Oracle databases, weblogic are involved in the critical systems
while the less-critical systems may be Windows, Linux on
various apps (including mobile apps).

Editing thread to add Oracle as it relates to DBLink.
0
Greetings EE'ers,

Does anyone have any experience based recommendations on a good open source video camera solution?
0
Hi EE,

We have an application that dependent on a user session being one of our Windows 2003 servers. If we log out or even minimize the session multiple interfaces (msg queues) of the application shutdown, could anyone give me some insight as what is going on here and how to resolve.

An odd issue any assistance in welcome.

Thank you.
0
please advise the clear steps..
How to make log rotation by file size in apache-tomcat
0

Application Servers

An application server is a software framework that provides both facilities to create applications and a server environment to run them. Most application server frameworks contain a comprehensive service layer model, acting as a set of components accessible to the software developer through an API defined by the platform itself. For Web applications, these components are usually performed in the same running environment as their web server(s), and their main job is to support the construction of dynamic pages. However, many application servers target much more than just Web page generation: they implement services like clustering, fail-over, and load-balancing.

Top Experts In
Application Servers
<
Monthly
>