- I've been experimenting with Microsoft Application Virtualization via "App-V". (Apps over RDP) The implementation is impressive; I'm even running outlook full time without having it installed on my PC. There are some key limitations that prevent enterprise class adoption however: Load balancing options are limited, (this is being worked on) it doesn't operate quite correctly on the desktop side with the Aero interface, and there are at this point no ways to control the "branching" behavior of the app in question. For example, if you get an e-mail with an http: link there is no way to control where that link is opened. At this point all links, etc. default to opening within your RDP session on the server and a new virtualized app is created to facilitate that. Obviously there are few scenarios where you want to virtualize IE at this point in time due to the rendering requirements.
- Quick point; WAS 6.1 is a major improvement over WAS 6.0 in terms of manageability. I am eager to work in depth with 7.0. I have figured out how to run Websphere Application Servers on the Windows platform without administrative privileges for the service account associated with the process. I was very disappointed to find that IBM didn't know this information, so I had to "go it alone". The very limited guidance their tier 3 support was able to offer was inaccurate, and I got the feeling that their expertise level on the Windows platform is somewhat limited. I suppose I should be surprised by that... anyhow the details are a little lengthy to type out at this time, so if interested shoot me an e-mail and I'll help you out. Also quickly re: WAS, be aware of this issue if using WAS with IIS 6.0/certificate authentication : http://blogs.msdn.com/jiruss/archive/2007/04/13/http-413-request-entity-too-large-can-t-upload-large-files-using-iis6.aspx (look how much more interesting that guy's blog is than mine. Must be focus.)
- My kid is the cutest kid ever, but I may be slightly biased. Not sure.
- My friend turned me on to a band that is absolutely amazing; I haven't enjoyed the collective works (only 3 albums mind you) of one band as much as this in quite some time. If you like progressive rock please give 'em a shot: http://www.amplifiertheband.com/
- Tech PSA: If you're on the Google Wave preview program, please sign on. I have about 20 friends on there and not one of them has signed on in the last week. It's awkward sending all these waves back and forth to myself. ;-D
Thursday, December 3, 2009
App-V, WAS 6.1 is the final 6.0, We have a child!
Just moved + baby + 80 hr workweeks=not much spare time. I don't have any time to type out valuable information, but in the interest of making it look like I still care here are some very brief updates:
Friday, February 13, 2009
TVersity/Websphere Security
Working on my basement & trying to get the XBOX 360 as a usable media viewing platform for my wife. My goal is to have it be the central point of her living room, as I'm moving my main HTPC downstairs with me. :D I have my 500 movie collection ripped to a couple TB drives and encoded in various different formats. Since I don't want to re-rip them all to supported 360 formats (UGH! http://blogs.msdn.com/xboxteam/default.aspx) I've been looking into TVersity. (www.tversity.com) I'm trying to get it up and running on my dedicated server. Here are a couple tech notes that pertain to getting this to work:
-As they state, disable SSDP and UPNP services inherent to Win2k8. The software has it's own UPNP code.
-If you have a multi homed box, make sure you use whatever interface your machine likes to dish out in ARP communications. This one is kinda odd.... I haven't figured out all the details yet, but my server makes ARP requests and dishes out the IP of it's secondary interface to communicate. I had to bind the TVersity server service to that IP specifically to get clients to connect reliably. Had to use wireshark to figure this one out.
-Your server needs a soundcard to build the graph to transcode videos. I believe this to be a OS limitation, as it uses the native windows codec priority to build graphs, and you can't build a transcoding graph without an audio out pin. This is disappointing, as the only sound card I have lying around is a creative card and I REALLY don't want to install a creative labs sound card on a server due to YEARS OLD DRIVER ISSUES CREATIVE IS HORRIBLE GAH WHY DO I STILL BUY THEIR PRODUCTS SOMETHING IS WRONG WITH MY BRAIN.... sorry that just spilled out.
Enough of that. From a more professional perspective, I've been trying to get real keystores working throughout an implementation of Websphere 6.0.2.x ND Application Server(s). After much trial and error, let me make the following recommendations as to how to pursue this:
1. Do Not: make a new repitoire. This is unfortunate, but IBM's implementation of repitoire management is lacking at best, horrible and unworkable at worst. Even if you go through the trouble to change all web container referance points to the new keys, you will still have to scour other config files manually (mainly server.xml files) to replace references. This is obviously prone to error. I reccomend instead replacing the default keystores and truststores (under websphere\appserver\profiles\\etc\dummy*.jks with your real keys.
2. Do: change the password on the default keystore after you update it. This won't cause issues with two exceptions... you will have to update the passwords in \websphere\appserver\profiles\\properties\sas.client.props and soap.client.props with the new passwords. Make sure to encrypt the files after you do so using IBM's encryption script.
3. Do: delete ALL "dummy" keys and expired certs from all stores. No reason to keep them, it's just a security risk.
4. Do: update the plugin keystore if you use a web server front-end. You just need to make sure that the keystore/truststore (this one should be shared) has your issuing CA chain. Note that this keystore is in CMS format and you'll need to use the GSK7 version of ikeyman to update it. If it doesn't launch properly make sure you have JAVA_HOME set to \websphere\appserver\java\ .
Anyhow, I'm going to try to update this more regularly (and my failure to do so will be for all to see...) to have a repository for "gotcha" info I haven't been able to find anywhere else on the internet. This will serve two purposes: 1. We go through so much I can't seem to remember this stuff later, so I'll have documentation of it... 2. Hopefully others will stumble across this info and find it useful since I haven't found it anywhere else.
On the music font, Coheed and Cambria is amazing. I can't stop listening to their 2k5 album release.
-As they state, disable SSDP and UPNP services inherent to Win2k8. The software has it's own UPNP code.
-If you have a multi homed box, make sure you use whatever interface your machine likes to dish out in ARP communications. This one is kinda odd.... I haven't figured out all the details yet, but my server makes ARP requests and dishes out the IP of it's secondary interface to communicate. I had to bind the TVersity server service to that IP specifically to get clients to connect reliably. Had to use wireshark to figure this one out.
-Your server needs a soundcard to build the graph to transcode videos. I believe this to be a OS limitation, as it uses the native windows codec priority to build graphs, and you can't build a transcoding graph without an audio out pin. This is disappointing, as the only sound card I have lying around is a creative card and I REALLY don't want to install a creative labs sound card on a server due to YEARS OLD DRIVER ISSUES CREATIVE IS HORRIBLE GAH WHY DO I STILL BUY THEIR PRODUCTS SOMETHING IS WRONG WITH MY BRAIN.... sorry that just spilled out.
Enough of that. From a more professional perspective, I've been trying to get real keystores working throughout an implementation of Websphere 6.0.2.x ND Application Server(s). After much trial and error, let me make the following recommendations as to how to pursue this:
1. Do Not: make a new repitoire. This is unfortunate, but IBM's implementation of repitoire management is lacking at best, horrible and unworkable at worst. Even if you go through the trouble to change all web container referance points to the new keys, you will still have to scour other config files manually (mainly server.xml files) to replace references. This is obviously prone to error. I reccomend instead replacing the default keystores and truststores (under websphere\appserver\profiles\
2. Do: change the password on the default keystore after you update it. This won't cause issues with two exceptions... you will have to update the passwords in \websphere\appserver\profiles\
3. Do: delete ALL "dummy" keys and expired certs from all stores. No reason to keep them, it's just a security risk.
4. Do: update the plugin keystore if you use a web server front-end. You just need to make sure that the keystore/truststore (this one should be shared) has your issuing CA chain. Note that this keystore is in CMS format and you'll need to use the GSK7 version of ikeyman to update it. If it doesn't launch properly make sure you have JAVA_HOME set to \websphere\appserver\java\ .
Anyhow, I'm going to try to update this more regularly (and my failure to do so will be for all to see...) to have a repository for "gotcha" info I haven't been able to find anywhere else on the internet. This will serve two purposes: 1. We go through so much I can't seem to remember this stuff later, so I'll have documentation of it... 2. Hopefully others will stumble across this info and find it useful since I haven't found it anywhere else.
On the music font, Coheed and Cambria is amazing. I can't stop listening to their 2k5 album release.
Subscribe to:
Posts (Atom)