Wednesday, September 30, 2009

Behavior of Sun Directory Server 5.2 with Solaris Patch 119213-19

For those interested after reading my previous post, the following behavior is observed:

If Patch Solaris Patch 119213-19 is applied before Sun Directory Server 5.2 is installed, you will observe that the Administration Server was successfully installed. 

But in actual fact, when you look at the installed directory, the "admin-serv" sub-directory is not created. The "start-admin" script is also not created. 

In short, the Administration Server was not successfully installed as opposed to what was reflected by the installer. 

I did some debugging and found out that prior to the installation of the Administration Server, the Configuration LDAP "slapd-config" was first created. When the installation of the Administration Server run, it tried to contact the Configuration LDAP. 

But, of course, it hit the "Invalid Credential" issue (caused by the NSS 3.1.2). Thus the Administration Server never get installed at all.


Tuesday, September 29, 2009

Problem with Sun Directory Server 5.2 caused by Solaris Patch 119213-19

Sun recently released a patch 119213-19. It is a NSS/JSS related patch.

My customer has a pair of Solaris 10 running 1 instance of Sun Directory Server 5.2 Patch 6 and 1 instance of Sun Directory Server 6.3.1 on each node. The 5.2 instance replicates one-way to the 6.3.1 instance.

The moment patch 119213-19 is applied, we encountered something weird with the 5.2 instances: 
  1. Replication ceases to work
  2. ldapsearch with administrative/user accounts always return "Invalid Credential" error even though the passwords are 100% valid

I find it very strange. 
  1. Why is this happening to the 5.2 instances only? 
  2. How come the same is not happening on the 6.3.1 instances?

So I read the patch release note in detail. I realized there is a Special Install Instructions section right at the bottom of the page:

** This version of NSS is known to be incompatible with certain versions of Sun Directory Server version 5.2. **
** Installing it without corrective action will result in directory service stopped. **
** Newer versions of Directory Server are not affected by this incompatibility issue. **
** Please see for detailed information on this issue, including the availability
of a related Directory Server version 5.2 patch.**

The workaround is mentioned in Sun Directory Server 5.2 release notes:

Installation Information for Network Security Services 3.12

Network Security Services (NSS) release 3.12 (as of release 3.12.3) introduces a compatibility issue that prevents Directory Server 5.2 from restarting.


For Sun Java System Directory Server Enterprise Edition, only version 6.3.1 (and later versions) is compliant with this requirement. No release of Directory Server 5.2 complies, including its initial release through the 5.2 Patch 6 releases.

Otherwise, to disable the requirement, Directory Server 5.2 administrators who applied NSS 3.12.3 patch must set the following environment variable:


After the NSS_STRICT_NOFORK=DISABLED environment variable is set, the Directory Server, Admin Server, and Console can be restarted.

Directory Server 5.2 administrators must also set symbolic links to the new libraries delivered in NSS 3.12.3 patch as shown here. Note that the default value of the SERVER_ROOT pathname is /var/opt/mps/serverroot.

cd /lib
cd /var/opt/mps/serverroot/lib
ln -s /usr/lib/mps/secv1/
ln -s /usr/lib/mps/secv1/
ln -s /usr/lib/mps/secv1/

cd /var/opt/mps/serverroot/lib/sparcv9
ln -s /usr/lib/mps/secv1/sparcv9/
ln -s /usr/lib/mps/secv1/sparcv9/
ln -s /usr/lib/mps/secv1/sparcv9/

This was a painful experience for not reading the fine print before the patch is applied. We lost 2 working weeks reinstalling many copies of Sun Directory Server 5.2 and retesting each time.

PS: Read here in Sun forum regarding the Replication Error Issue.

Monday, September 28, 2009

What is EMS?

The company that I work for offers EMS ("Enterprise Messaging System") with OpenMail.SG branding. 

OpenMail.SG is a corporate mail hosting provider. It offers an affordable hosted solution in a secured environment.

Dell, in recent years, acquired MessageOne. Coincidentally, they offer EMS as well. But it stands for Email Management Services.  

Sunday, September 27, 2009

Push Gmail Support

I can't stop admiring at the wonderful work from Gmail. The engineers behind Gmail keeps pushing out new features weeks in weeks out. 

Recently, they announced that you can now get your Gmail messages pushed directly to your phone. Read here.

If a company is cash rich, it can really do wonders! Well, provided you get the Right People, of course! 

Saturday, September 26, 2009

MS SQL 2008 or Oracle 11g - Part III

Since the topic on Microsoft SQL/Oracle is  still hot, I read further and I'm amused Microsoft has the following comparison chart on their website:

Looks really good on Microsoft's capability. :)

Well ... one has to evaluate whether or not the product chosen is the right one for his environment. 

Environment includes:
1. The amount of data that you're going to have now
2. The growth rate of the data
3. The performance you're expecting
4. The budget that you're given
5. The ease of use (during developing and during operational)
6. The People that you have

I'm definitely not jumping into the conclusion on who is better. 

Friday, September 25, 2009

MS SQL 2008 or Oracle 11g - Part II

I want to elaborate on what I touched on in my previous post - MS SQL 2008 vs Oracle 11g

I mentioned why the manager of a listed Australian company decided to switch from Oracle to the latest release of Microsoft SQL:

1. Oracle refuses to cut down their price
2. Microsoft SQL is slowing catching up with the release of version 2008
3. We can accept the lower performance as long as the business users do not complain when they access the web applications
4. I save a lot of money by not having to send my developers to learn Oracle database

These days, CIOs train their technical managers real well. They have slowly imparted the notion of cost-vs-performance into the brains of the technical managers. 

Thus, if performance is not greatly impacted, it is OK to go for a lower-end product. The key point is - not greatly impacted. Otherwise, all heads will be chopped including that of the CIOs'.  :)

The next cost-saving lesson that is imparted to the technical managers is to cut down the cost spent on Product Training. We are not saying that Product Training should be avoided at all. However, if there is a choice, a Product should be chosen based on ease of use

Lastly, everyone knows that most fresh graduates these days are not familiar with Unix stuff. They are also not strong in highly-available/scalable concept.  (OK, at least in Singapore context. We are also lucky in Azimuth - our fresh graduates are good in their Unix)

Thus when a Product is chosen, we need to look at the team we have. I believe if an appropriate tool is given to the right people, they are then able to produce great output. Otherwise, they will be spending too much time trying to learn the product, rather than to spend the time on design and coding.

That will bring me back to what I always preach - keep things simple! Especially in coding, I always share with my team that when we code, we code with the next person taking over in mind. 

That next person will always be your junior - with lesser experience. We do not want to spend a lot of time going over the codes line by line during handing over.

Thursday, September 24, 2009

Sun Directory Server 5.2 Replication over WAN

The Philippines customer that I talked about in my previous post has 2 different version of Sun Java System Directory Server running in their 3 sites - 5.1 and 5.2. The key point is it is a replication over the WAN which makes the configuration challenging.

I made a verification and found that over LAN, replication between 5.1 and 5.2 is supported.

However, do note the following if replication is over the WAN:

Multi-master replication (MMR) over Wide Area Networks (WAN) is a new feature of Sun ONE Directory Server 5.2 that will allow for MMR configurations across geographical boundaries in international, multiple data-center deployments.

Due to differences in protocol, multi-master replication over WAN is not backward compatible with previous releases of Directory Server. As a result, in a multi-master replication over WAN configuration, all Directory Server instances separated by a WAN must be 5.2 instances.

Imagine what will happen if I did not conduct the feasibility study ... I'll be banging my heads when I fly in on-site only to discover that I have under-quoted the effort ... Ha!

Wednesday, September 23, 2009

Sun Directory Server End-Of-Life (EOL) Information

One of our customers in the Philippines recently requested for a multi-master replication over the WAN for their Sun Java System Directory Server deployment. 

This is a government tax-collecting agency. We have been supporting them for a long time. 

I did a feasibility study and found that they have real old version of Directory Server 5.1 installed. I did a due diligence to make sure that Directory Server 5.1 is still supported. Otherwise, this MMR exercise should include an upgrade to the latest release of Sun Java Directory Server prior to MMR configuration.

They are lucky. Directory Server 5.1 is still under limited support until 2011.

More information here

Tuesday, September 22, 2009

Highly Available Microsoft SQL Server 2008

Of late, I must admit Microsoft has improved its suite of products in terms of performance and scalability, not to mention its ease of use during installation. 

With the release of Windows Server 2008, clustering of Microsoft SQL Server has never been easier.

Connecting from the Windows server to the Storage server can be via Fibre Cable (FC) or iSCSI.

What is good is the iSCSI Initiator is already included in the OS in Windows Server 2008. This makes setting up of the Windows Cluster easier.

Sunday, September 20, 2009

MS SQL 2008 or Oracle 11g

I was invited by an associate to attend a RFI (Request for Information) meeting. It is for a tender which is to be awarded soon.

One of the customer's requirement is for a scalable, highly-available database. At the same time, it has to be a cost-effective solution.

To be on the safe side, most bidders will usually opt for Oracle 11g. This is especially so if the customer is from the defense industry.

However, I'm not very keen to quickly jump into a conclusion. I wanted to find out more ...

I know that Microsoft SQL Server 2008 has improved over the years and it's really worth giving it a chance.

Important selection questions:
1. Performance
2. Data Size (especially historical data)
3. High-Availability
4. Scalability (concurrent access)
5. Data Warehousing Requirement

I proceeded to show them the diagram below - "Cost vs Performance".

I then asked - 

"Are you willing to accept a lower performance in return for a less costly solution?"

The key is that the performance must be at least acceptable. We should not compromise on this just for a cheaper solution. 

Personally, I know of a listed Australian logistical company that is in the process of migrating their backend databases from Oracle to Microsoft SQL Server 2008. 

I know the decision maker and I was curious to know why. His reply:

1. Oracle refuses to cut down their price
2. Microsoft SQL is slowing catching up with the release of version 2008
3. We can accept the lower performance as long as the business users do not complain when they access the web applications
4. I save a lot of money by not having to send my developers to learn Oracle database

Surprisingly the customer that I talked to kept nodding her head when I mentioned the last point. Her developers are junior (mostly fresh graduates) and they are not comfortable with advanced technology. 

So the point is when you adopt a technology, put aside cost/performance, ask yourself whether or not the people you have is able to fully utilize that new technology. 

Otherwise, it's pointless to waste so much money on expensive product only to realize that your developers do not know how to utilize it.

Saturday, September 19, 2009

Horizontal Scalability of Address Book Server

We are in the midst of setting a new set of servers for our OpenMail.SG hosting. By the way, OpenMail is a corporate mail hosting service based on Sun Java Communications Suite.

One of the components of Sun Java Messaging Server is the Address Book Server. 

The Address Book Server is nothing but a tree in the same LDAP server which the Communications Suite uses.
So I was discussing with my colleague how to to scale the Address Book Server when the mail accounts increase.

It is pretty simple if we take a look at a sample user entry as shown below:

# entry-id: 3858
dn: uid=abc, ou=People,,o=isp
uid: abc
userPassword: {SSHA}xHb17CklmBxtaqa517+9P4rqAmS9KzMw9W3iAg==
initials: SA
inetUserStatus: active
mailUserStatus: active
mailQuota: -1
mailMsgQuota: -1
psRoot: ldap://,,o=Pi

There is this ldap attribute "psRoot". This indicates where the Address Book Server is for this particular user account.

So to scale horizontally, it is as simple as:
1. setting up a new LDAP server 
2. migrating the o=PiServerDB tree
3. changing the user entry to point to the new LDAP server

Read more here and here.

Friday, September 18, 2009

Oracle Virtual Directory

I do not have time to read up on Oracle Virtual Directory until recently. 

Oracle Virtual Directory provides Internet and industry-standard LDAP and XML views of existing enterprise identity information, without synchronizing or moving data from its native locations. This accelerates the deployment of applications and reduces costs by eliminating the need to constantly adapt those applications to a changing identity landscape as user populations are added, changed, or removed.

We know LDAP. We know databases. We know Windows Domains/AD. 

So, what is a Virtual Directory?

A Virtual Directory provides a "proxy view" to your actual sources (LDAP, databases, AD).

Sun has a similar product - Sun Directory Proxy Server. However, it is only able to "proxy" to LDAP sources only. It is not able to "proxy" to database sources like what Oracle Virtual Directory does.

Updated on 25th Sep 2009:

I was wrong in pointing out that Sun Directory Proxy Server is not able to "proxy" to database sources 

See here for more information. 

Thursday, September 17, 2009

Sun High Performance Computing

Sun is gearing up big on High Performance Computing (HPC) from my own observation on the ground. 

It now offers Business Ready HPC:

Industry solutions optimized for maximum application performance, efficiency, and scale with reliability built-in. Shorten your product development cycles. Enable you to make better decisions, faster. Boost your ROI, giving you a major competitive advantage.

The solution is compelling. It has readily-deployable solution for the industries that require high-performance and great reliability. Read more here

Besides storage, the central piece of Sun HPC solution its software - Sun HPC Software, Linux Edition.

Sun HPC Software, Linux Edition is an integrated, open-source software solution for Sun HPC clusters. It simplifies the deployment of HPC clusters by providing a ready-made framework of software components to use to turn a bare-metal system into a running HPC cluster. It provides software to provision, manage, and operate large scale Linux HPC clusters and serves as a foundation for optional add-ons such as schedulers, like Sun's Sun Grid Engine, and other components not included with the solution.

As usual, the Linux Edition is open-source and thus FOC. If you do not feel comfortable without support, you can run Solaris Cluster (formerly known as Sun Cluster). 

Wednesday, September 16, 2009

Cloudmark MobileAuthority Solution

Cloudmark solutions are not as widely adopted here in S'pore (as far as I know from my experience on the ground). I think mainly due to its pricing. I also think Cloudmark is targeting only the large deployment segment. Otherwise, it can't survive this long. :)

Anyway, I do know of a large deployment here for the Asia Pacific branch of a very big global network company. This deployment caters for the Japanese market, but the infrastructure is all here in S'pore.

Cloudmark has this solution for the mobile operators - MobileAuthority:

MobileAuthority provides mobile operators with three vital components to combat against messaging abuse and threats: actionable data, advanced content filtering, and messaging security expertise. These components work in tandem to ensure that mobile operators receive the most comprehensive and up-to-date messaging security protection for network optimization.

Pretty cool product. What caught my attention was this diagram:

Using a handphone can be so unsecured! There are some many potential "holes" to hack into.

Tuesday, September 15, 2009

Sun Cluster Hardening

For those in the defense industry, you might be required to harden your Sun Cluster after deployment. 

Do take note of the following:

Sun "supports" Sun Cluster hardening via the Solaris Security Toolkit (aka JASS) only. The reason is that we test it and fix bugs in either product as required. There are many subtle issues when hardening  clusters.

Of particular note, a service which is expected to be up, should be up and observable. Otherwise it is indistinguishable from being down and can lead to cluster reconfiguration.

You should also point this blueprint article out for your customer which explains some of the issues (though it is slightly aged).

Solaris Security Toolkit ( formerly known as JumpStart Architecture and Security Scripts [JASS] ) can be downloaded from here.

Monday, September 14, 2009

GateIn Portal

Red Hat recently announced GateIn Portal. The business model is aka Sun's GlassFish Web Space Server

Sun : GlassFish Web Space Server (Sun Java Portal Server + LifeRay Portal Server)
Red Hat : GateIn Portal (JBoss Portal + eXo Portal)

On one hand JBoss is specialist in middleware and was able to deliver a scalable portal with enterprise integration needs in mind, on the other end eXo was able to produce a full fledge solution on top of their portal. Read more here.

I would take "full fledge solution" as being more features-rich (especially those of social networking / collaboration  context).

Sun Portal Server was highly scalable. We see it for ourselves as we were part of the Sun Professional Service team that deploy the Portal solution for the Malaysia's largest telecom 3 years ago. 

However, in my own opinion, it is not slick. There is no "wow" factor to buy into a product like Sun Portal Server.

With the launch of GlassFish Web Space Server, the game play is different. When you talk to customers now, it's easier to pursue them into buying.  

I hope the same goes to GateIn Portal. I'll be downloading a copy for evaluation internally.

Sunday, September 13, 2009

[SunDS] How to change administrative account passwords - Part II

There is another administrative account to manage Sun Directory Server 5.x instances - "cn=Directory Manager".

How do we change password for "cn=Directory Manager"?

Fairly easy. 

bash-3.00# cd /ds/slapd-ds
bash-3.00# ./stop-slapd

bash-3.00# ./getpwenc SSHA Password1

bash-3.00# cd config/
bash-3.00# vi dse.ldif
dn: cn=config
nsslapd-rootpw: {SSHA}tDrGzk+F6zpkye+nYQL/Zb7NxtOpX68QeRZVPA==
nsslapd-rootpw: {SSHA}dCgq27we0IytFRiHKyae//IkTuPxPzV/MgvfHQ==

bash-3.00# ./start-slapd


Saturday, September 12, 2009

[SunDS] How to change administrative account passwords - Part I

There are 2 administrative accounts to manage Sun Directory Server 5.x - "admin" and "cn=Directory Manager".

I'll touch on how to change the password for "admin" in this post.

bash-3.00# cd /ds
bash-3.00# ./stop-admin
bash-3.00# cd /slapd-config
bash-3.00# ./stop-slapd 

bash-3.00# ./saveconfig 
saving configuration ...
ldiffile: /ds/slapd-config/confbak/2009_09_07_191328.ldif
[07/Sep/2009:19:13:29 +0800] - export NetscapeRoot: Processed 120 entries (100%).

bash-3.00# ./getpwenc SSHA adminPass1
bash-3.00# ./getpwenc SHA adminPass1

bash-3.00# vi /ds/slapd-config/confbak/2009_09_07_191328.ldif
dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
userPassword: {SSHA}PFP09Ls49aN6edvgOMPa+4TjYVpML6tABEtEHQ==
userPassword: {SSHA}IDZHlTdMHPFWxVcuuAMzIC3By95HcSxpSWFqBQ==

dn: cn=admin-serv-ds, cn=Administration Server, cn=Server Group,, ou=sg.sun, o=NetscapeRoot
userPassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
userPassword: {SHA}2etSUqeqj1KEtprvH1hIR9psfYM=

bash-3.00# ./restoreconfig 
Restoring /ds/slapd-config/confbak/2009_09_07_191328.ldif
[07/Sep/2009:19:31:59 +0800] - import NetscapeRoot: Index buffering enabled with bucket size 16
[07/Sep/2009:19:32:03 +0800] - import NetscapeRoot: Import complete.  Processed 120 entries in 3 seconds. (40.00 entries/sec)

bash-3.00# cd /ds
bash-3.00# cd admin-serv/config
bash-3.00# vi adm.conf   (yes, in plain text. I do not know why this is so)
siepid:   password
siepid:   adminPass1

bash-3.00# vi admpw
bash-3.00# cd /ds
bash-3.00# slapd-config/start-slapd 
bash-3.00# ./start-admin 
SunONE-WebServer-Enterprise/6.0SP3 B05/19/2004 05:32
[LS ls1], port 391 ready to accept requests
startup: server started successfully

PS: I found the section highlighted in BLUE is redundant. Whatever change you made to admpw does not kick into effect. My test environment is Sun Directory Server 5.2 Patch 6.

Friday, September 11, 2009

Configuring the Global Password Policy in Sun Directory Server 5.2

I spent the whole week trying to debug a Global Password Policy issue with Sun Directory Server 5.2 deployment in one of the local defense agency. 

Using the GUI support via Sun Java System Server Console is convenient. However, one does not have such luxury in a tightly-controlled environment. 

How do you proceed then? Well, ldapsearch/ldapmodify CLI is your friend.

bash-3.00# ldapsearch -p 389 -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" objectclass=*
Enter bind password: 
version: 1
dn: cn=Password Policy,cn=config
objectClass: top
objectClass: passwordPolicy
cn: Password Policy
passwordInHistory: 0
passwordStorageScheme: SSHA
passwordUnlock: on
passwordMustChange: off
passwordNonRootMayResetUserpwd: off
passwordWarning: 86400
passwordExpireWithoutWarning: on
passwordLockout: off
passwordMinLength: 6
passwordMaxFailure: 3
passwordMaxAge: 8640000
passwordResetFailureCount: 600
passwordisglobalpolicy: off
passwordChange: on
passwordExp: off
passwordLockoutDuration: 3600
passwordCheckSyntax: off
passwordMinAge: 0
passwordRootdnMayBypassModsChecks: off

Note: The global password policy applies to all users in the directory who do not have an individual policy defined. However, the global password policy does not apply to the Directory Manager. Read more here.

Thursday, September 10, 2009

Sun Java Enterprise System - FOC for <100 employees

I doubt many know that Sun Java Enterprise System is offered FREE for companies with fewer than 100 employees. Read here

I myself do not even know when this offer started. I do not even know when it will end. :)

Do take note of the qualifying criteria:

  • Available to companies with 1-99 full time employees
  • Not available for Affiliated Companies (e.g., Subsidiaries)
  • Not available for government agencies
  • Not available for internet service providers or application hosting, or outsourcing use
  • Not available for educational institutions
  • Company must agree that Sun may provide Company contact information, including name, email address, job function, and organization, to third party companies to analyze the information for Sun, and to Sun authorized resellers who may contact Company to offer additional services.

Wednesday, September 9, 2009

Dell EMS Email Continuity

I chanced upon this site from Dell - Dell EMS Email Continuity. Hmm... I think this is an OEM from MessageLabs Email Continuity. 

What do you say?

Email Continuity

MessageLabs has this interesting offering - Email Continuity Service

This service provides on-demand email failover system that you activate when an outage occurs, enabling email users to continue sending and receiving messages through Outlook, Lotus Notes, web browser, or BlackBerry devices – without interruption.

MessageLabs Email Continuity Service supports Microsoft Exchange and Lotus Domino mail servers and also offers Blackberry integration.

Interesting solution. But seriously, how many takers will there be? 

The probability of activating this service is pretty low, unless your infrastructure has no high-availability and failover capabilities.

Tuesday, September 8, 2009

Sun Directory Server Patch Listing

Sun Directory Server Patch Listing can be found here

This page can be really helpful at times.

Monday, September 7, 2009

Sun Directory Server Download Page

In my previous posting on Sun Directory Server EE, I forget to mention the download link. Here you go .... Download from  here

You can download version as old as 5.2. However, this version 5.2 is already in Patch Level 6.

I was trying to simulate a problem with my customer's directory server which is of Patch Level 4. I tried many places and finally found out the direct link to DS 5.2 p4. Here you go, download here

Sunday, September 6, 2009

Sun Enterprise Messaging Reference Architecture

As I have mentioned before and we have also explicitly highlighted on OpenMail.SG web page:

OpenMail.SG is probably the only Singapore's corporate mail hosting company using Sun Java Communications Suite.

Now, what makes us confident about using Sun Java Communications Suite? 

Well, our team has deployed numerous Sun Messaging solutions in the south-east asia region. Some are for telecos/ISPs; some are for the banks; while others are for government agencies. The minimum mailbox size is of the thousands. 

It's stable and scalable.

Customers might also be wondering whether or not the entire suite is constructed based on best practices.
Besides being experienced on-the-ground, we constantly update ourselves with the latest Sun product roadmaps and new technologies.

We follow the Sun Enterprise Messaging Reference Architecture closely.

We know what we are doing. :) Customers have their peace of mind. 

PS: An old copy of the Reference Architecture in PDF can be found here.

Saturday, September 5, 2009

What is Sun Convergence?

In my post OpenMail.SG - rebrand, I talked about what our customers really want for their webmail access. 

Along the years, we gave them SquirrelMail. Then we tried Horde. Last year, when we ported over to Sun Java Communications Suite, we offered 2 types of webmail to them - Communications Express and Sun Convergence. 

There's no turning back since. 

So what is Sun Convergence? I have been receiving queries on this. 

Sun Convergence is an AJAX based communications web client. Convergence provides a user access to Mail, Calendar, Address Book, and Instant Messaging services.
Still dun understand? Ok, in layman term, AJAX is something that you can drag and drop over the web browser like what you would do using a email client like Thunderbird or Outlook Express. And more ... of course.

More screenshots can be found here

If your organization requires a mail hosting solution, talk to us. We have an experienced team well-versed with Sun Messaging technology. I'm reachable at cheechong @ or you can contact our OpenMail.SG staff directly at info @ OpenMail.SG.

Friday, September 4, 2009

How to Boot a Cluster Node in Noncluster Mode for x86 platform

I was conducting a UAT for a local defense organization. They are running Sun Cluster 3.2 on Solaris 10 x86 platform.

One question the engineer asked after I demostrated how to shut down all nodes in the cluster by just issuing "shutdown -g0 -y":

Now that the nodes are shutdown and the system displays "Press any key to continue", how can we bring one of the node up while we perform maintenance activity on the other?

Hmm... good question. If it's for Sparc, I have a ready answer ("$ boot -xs") since most of our implementations are for Sparc platform. Now that they are using x86, I was kind of stumbled.

For quick turnaround, I called my colleague instead. He has the answer for me instanteously!

a. In the GRUB menu, use the arrow keys to select the appropriate Solaris entry and type e to edit its commands.

b. In the boot parameters screen, use the arrow keys to select the kernel entry and type e to edit the entry.

c. Add -x to the command to specify that the system boot into noncluster mode.

He saved my day! Thank you very much!

PS: Detailed reading here.

Thursday, September 3, 2009

How to patch Sun Portal Server in Application Server Cluster - Part II

I forgot to mention how to verify whether or not the Sun Portal patch has been applied successfully in my last post

Verify patch level prior to patchadd

    root@portal # /opt/SUNWportal/bin/psadmin --version --adminuser amadmin
        Fri Aug 10 11:15:27 PDT 2007 Sun Java(tm) System Portal Server 7.1

Verify patch level after patchadd

    root@portal # /opt/SUNWportal/bin/psadmin --version --adminuser amadmin
        Wed Mar 11 13:08:16 PST 2009 Sun Java(tm) System Portal Server 7.1

You can also use showrev -p to verify at Solaris system level. Read here. Look out for this patch number for x86 platform -- 124302-13.

Wednesday, September 2, 2009

How to patch Sun Portal Server in Application Server Cluster

We were tasked to apply the latest patch for Sun Portal Server 7.1 last week. The challenge is the Sun Portal Servers were deployed in a Sun Application Server Cluster as illustrated below:

We need to be a little careful. Otherwise, rolling back will be a nightmare!

So we get started with a single-box patch. All went fine - very simple. 

root@portal # patchadd /var/spool/patch/124302-13
root@portal # cacaoadm stop; cacaoadm start
root@portal # /opt/SUNWportal/bin/psupdate -a

Not forgetting to start JavaDB if you have not started it. (Even if you do not use it, you need to start it before psupdate. Otherwise, it will complain!)

 root@portal # java -cp /opt/SUNWjavadb/lib/derby.jar:/opt/SUNWjavadb/lib/derbytools.jar:/opt/SUNWjavadb/lib/derbynet.jar 
-Dderby.system.home=/var/opt/SUNWportal/derby org.apache.derby.drda.NetworkServerControl start

Great! Confidence gained... so we pushed on for application-cluster-aware patch.

Now, a little deeper understanding of how psupdate and web-app deploy work are required. 

  1. psupdate actually attempt to deploy Portal codes as web-applications.
  2. Deploying of web-applications in a Sun Application Cluster requires deployment from DAS (Domain Administration Server) and it should be done once for all nodes in the cluster
So we need to conduct the patch in the following sequence:
1. Directory Data Backup
2. File-level Backup on node 1 and node 2
3. Run patchadd on node 1
4. Run patchadd on node 2
5. Using DAS, modify from -XX:MaxPermSize=192M to -XX:MaxPermSize=300M. Restart cluster 
6. Restart CACAO on node 1
7. Restart CACAO on node 2
8. Start JavaDB on node 1 
9. Start JavaDB on node 2 
10. Run psupdate only on node 1
11. Stop JavaDB on node 1  (since we do not use it)
12. Stop JavaDB on node 2  (since we do not use it)
13. Using DAS, stop cluster
14. Restart CACAO on node 1
15. Restart CACAO on node 2
16. Using DAS, start cluster

Done! Not too difficult if you get the concept right.

If your organization requires a Portal solution, talk to us. We have an experienced team well-versed with Sun Portal technology. Not forgetting, LifeRay Portal technology. I'm reachable at cheechong @

Tuesday, September 1, 2009

TrendMicro PortalProtect for Microsoft SharePoint

I received an marketing email. It led me to TrendMicro PortalProtect for Microsoft SharePoint. Read more here.

Wow! So many bad points about SharePoint:
  1. It's vulnerable to attack
  2. It's riskier than ever
  3. Your data is not secure

When a company needs to push out a product, it can really think of many bad points on others. :)

I would think any Portal solution out there are equally vulnerable - Sun Web Space Server, LifeRay and so on ... It's just that there is no AV/AS company interested enough to customize a solution for them.