by Peter Lorenzen

JRockit Real Time

Peter Lorenzen
30/04-2013

Since JRockit is dead this post might not be interesting, but anyway …

I have never used JRockit Real Time (JRRT). At a customer site I could see that JRRT was installed and the custom said that they used it.

But there was also installed a newer regular JRockit and that was what they were actually using.

So what was going on?

In the past there were several different JRockit distributions. JRockit Mission Control (JRMC), JRRT, ..?

Now there is only one. So when you download the latest JRockit version it contains JRMC and JRRT. There is no separate JRRT executable.

The only difference between a JRockit and JRRT is that JRRT supports deterministic garbage collection

You enable deterministic garbage collection via the Xgc command line option:
-Xgc:deterministic

Or the deprecated
-Xgcprio:deterministic

The customer did not use either of them, so they did not use JRRT

Protect the Apache HTTP Server against CRIME SSL/TLS attacks

Peter Lorenzen
30/04-2013

It is now possible to protect Apache on both Windows and Red Hat servers against CRIME SSL/TLS attacks.

I have updated my Hardening the Apache HTTP Server post accordingly.

Using the Apache HTTP Server as a forward proxy to the Internet

Peter Lorenzen
23/04-2013

Often you do not want servers in your internal network segments to be able to access the Internet directly.
One way to get controlled access to the Internet is to place an Apache HTTP Server in a DMZ network segment. Internal servers can then use the Apache server as a forward proxy to the Internet.

It is easy to configure mod_proxy for this purpose. Here is an example.

##########################################################################
## Internet proxy
##########################################################################
Listen 10.10.10.1:8080

<VirtualHost 10.10.10.1:8080>
  ProxyRequests On
  SSLProxyEngine On

  ProxyPass        /revoke https://myca.com/revoke
  ProxyPassReverse /revoke https://myca.com/revoke

  <Location />
    Order Deny,Allow
    Deny from all
    Allow from 10.20.30.0/29
  </Location>
</VirtualHost>

Only “ProxyRequests On” is needed for a proxy to work.

Applications that know how to communicate with a proxy can be configured to use 10.10.10.1 on port 8080.

You can for example configure a browser to use the proxy.

Not all applications know how to use a proxy. In some project they could not get the BEA AquaLogic Service Bus to use a proxy. I am not a developer so I don’t know the details and if it is still a problem with the OSB. To get around this you can use ProxyPass and ProxyPassReverse to proxy to specific sites.

Here it is possible to use http://10.10.10.1:8080/revoke/getRevokeList to get a certificate revocation list from a CA.

If you need to access sites via HTTPS you need “SSLProxyEngine On”. SSL will be terminated at the proxy and the communication from the internal network segment to the proxy is HTTP.

If anybody gets access to the proxy they will be able to access any site on the Internet masqueraded as you. If the wrong people get access, your site might end up being black listed because of their mischievous deeds. So it is important to limit the access to the proxy.

Here only servers in the PROD (10.20.30.0/29) network segment can use the proxy. Servers in the DMZ segment does not have access.

I assume that the firewall between the PROD and DMZ segments will only allow certain PROD servers to access the proxy.

Notice that you can also use the <Proxy> directive to configure your proxy.

Two-way SSL

It is also possible to get two-way SSL to work through a forward proxy. The certificates must be PEM-encoded and encrypted private keys is not supported. So it might take a bit of messing around to get it working.

Here is an example.

<VirtualHost 10.10.10.2:8080>
   SSLProxyEngine On
   SSLProxyVerify require
   SSLProxyVerifyDepth 10

   SSLProxyMachineCertificateFile /etc/httpd/conf/certs/my-machine-proxy.pem
   SSLProxyCACertificateFile /etc/httpd/conf/certs/ca.pem

   ProxyPass        / https://someapp.com/
   ProxyPassReverse / https://someapp.com/
</VirtualHost>

Using the Apache HTTP Server (mod_proxy) as a reverse proxy to a WebLogic Server

Peter Lorenzen
23/04-2013

If you are using a WebLogic Cluster you need a proxy in front of the cluster to provide load balancing. You need either a hardware load balancer or a Web Server with the Oracle Web server plug-in.

Even if you are not using a Cluster it makes sense to place a proxy in front of your WebLogic server to provide an extra layer of security. You can use the Apache HTTP Server with the mod_proxy module to configure a reverse proxy.

You can of cause also use the Oracle Web server plug-in but it is a proprietary module that you have to manually download and install. mod_proxy is open source and since I mostly work with Red Hat servers it is available in the standard Red Hat channel. Red Hat provide security updates so “all” you have to do is run yum update once in a while to get the latest updates. If you use the Oracle Web server plug-in you have to manually check for updates.

I often you use a solution where an Apache HTTP Server is placed in a DMZ network segment. SSL is terminated at the Apache server and mod_proxy is used to proxy requests to an WebLogic Server in the production network segment.

In this example we have an Internet domain called theheat.dk. The public IP 217.116.232.220 is NATed to 10.10.10.1 on winterfell.

Apache has already been installed on winterfell, the mod_proxy module loaded, SSL configured and WebLogic is running on wintermute.

In your VirtualHost in the ssl.conf (httpd-ssl.conf on Windows) file you can add something like this:

ProxyPass        / http://10.10.10.10:8001/
ProxyPassReverse / http://10.10.10.10:8001/

The ProxyPass and ProxyPassReverse directives are used to forward all requests to the WebLogic Server running on 10.10.10.10.

Another example:

ProxyPass        /service/ws1 http://10.10.10.10:8001/ws1_v101
ProxyPassReverse /service/ws1 http://10.10.10.10:8001/ws1_v101

ProxyPass        /service/ws2 http://10.10.10.10:8001/ws2_v300
ProxyPassReverse /service/ws2 http://10.10.10.10:8001/ws2_v300

Here only requests matching two specific paths are forwarded to two Web Services.

If you need more control over what is proxied you can use the ProxyPassMatch directive.

If you want to prevent a path from being proxied you can use the ! directive.

Configure the WebLogic Server to use a proxy

The above will proxy the requests to the WebLogic Server.

In some situations it will not work though. The WebLogic Server does not know that there is a proxy in front of it and sometimes it will return URLs to the end-user that contains the server name. In this example it will return URLs that contain wintermute. Since wintermute is not known on the Internet it will fail.

I have experienced this when an ADF application session timeout and asks the user to log in again. The URL returned to the user is wrong.

Another example is the WSDL for a Web Service. The location of the end-point and references to XML schemas will use the host name.

To remedy this you can configure WebLogic so I knows that there is a proxy in front of it. WebLogic will use this information and dynamically change the references, so they uses the proxy information.

First you must enable the WebLogic Plug-In. We are not using the WebLogic Plug-In but we still need to enable it here.

Domain Structure > Environment > Servers > managed01 > Configuration General > Advanced:

Next you must insert the proxy and port.

Domain Structure > Environment > Servers > managed01 > Protocols > HTTP:

The little yellow triangles with the exclamation mark tell us that we need to restart the WebLogic server for the changes to take effect.

But it will still not work. We have told WebLogic what the frontend HTTPS host and port is, but we have terminated SSL at the Apache proxy and uses HTTP between Apache and WebLogic.
We need to tell WebLogic that the proxy was originally called with HTTPS.

We do this by inserting an tag in the HTTP header in the Apache configuration:

RequestHeader set WL-Proxy-SSL true
ProxyPass        / http://10.10.10.10:8001/
ProxyPassReverse / http://10.10.10.10:8001/

Now everything should be working.

If you are using a cluster you should set Frontend Host and Frontend HTTPS Port for the cluster not the individual Managed Server. For more information:
http://goo.gl/k0jUe

ProxyPreserveHost

In some situations you need to access your application from both the Internet and from an internal network segment using the internal server names.

To accomplish this you need to change the Apache configuration:

ProxyPreserveHost On
RequestHeader set WL-Proxy-SSL true
ProxyPass        / http://10.10.10.10:8001/
ProxyPassReverse / http://10.10.10.10:8001/

Setting “ProxyPreserveHost On” will tell Apache to pass the host used in the request to the WebLogic Server.

You also need to remove the Frontend HTTPS Host from you WebLogic Server or Cluster.

Now I can access a Web Service via both:
https://theheat.dk/service/ws1?WSDL
And:
https://winterfell/service/ws1?WSDL

The WSDL will either contain reference to theheat.dk or winterfell depending of which URL I use to access the WSDL with.

Work Managers in WebLogic Server

Peter Lorenzen
20/03-2013

I found a brilliant Work Manager demo video by James Bayer. There also is a accompanying slide show.

James also has an older post where you can download the source and the war file. It is great when you can get your hands on the source of demos so you can try it yourself.

I am a big fan of Oracle Learning Library. I just noticed that they send Twitter updates when they add new stuff and post weekly digests on Facebook. Nice!

James uses Apache JMeter in his demo. I have never used JMeter so I deployed his war file and tried to set JMeter up to match the demo.

I configured JMeter like this:

Right click on Test Plan select Add Threads (Users) > Thread Group

Set Number of Threads (users) to 10.

Right click on Thread Group and select Add > Sampler > HTTP Request

Fill in Name, Server Name or IP, port and path.

Right click on normal.jsp and select Add > Listener > View Result in Table

Right click on Thread Group and select Add > Sampler > HTTP Request and Fill in Name, Server Name or IP, port and path.

Right click on veryslow.jsp and select Add > Listener > View Result in Table

Now it should look like this.

Save the Test Plan and run it.

No Apache httpd Windows binaries from the Apache Software Foundation

Peter Lorenzen
19/03-2013

I have only used the Apache HTTP Server on Windows for a couple of years since I mostly use Linux.

Until now I have downloaded the binaries from the Apache Software Foundation or one of its mirrors.

I have been missing the latest releases (2.2.23 and 2.2.24). First I thought that the reason they were not available was because the CVE was not relevant for Windows

After checking up on this I found that the Apache Software Foundation (ASF) has never supplied binaries for Windows.

The binaries was provide by a third-party. I do not know who, but they have stopped supplying them.

ASF has some mail lists and there it was suggested to get the binaries from http://www.apachelounge.com.
I have checked the site out and it looks safe. It have existed in years and have forums with thousands of users. Google did not reports any problems with them.

I have downloaded version 2.2.24 and installed it on a couple of servers. It works fine and https://www.ssllabs.com/ssltest does not report the servers as vulnerable to the CRIME attack anymore and they get an A rating

You can switched from “ASF” binaries to apachelounge via:

Backup the current installation.
Uninstall httpd and delete the Apache directory.
Unzip httpd-2.2.24-win32-ssl_0.9.8.zip and copy the content of the Apache2 directory to the location of the old installation.
Delete the conf directory and replace it with your old conf. Since we have placed it the same place you do not have to change anything else.
Install the Windows service via httpd.exe -k install.

The apachelounge.com looks to be mostly a one man show. There is no warranty for anything so if this is a concern you should probably compile httpd yourself.

They do provide PGP signatures and SHA1-SHA512 checksums so you can validate the downloads.

New releases are announced via Twitter @ApacheLounge.

This is an independent site so remember to make a donation if you like their service.

{ 1 comment }

Silent installation of the OSB on Red Hat 6

Peter Lorenzen
12/03-2013

In this post I will describe how to do a silent installation and configuration of the OSB.

I go through the same steps as I did in my Installing the Oracle OSB on Red Hat 6 post, but now everything is executed via scripts. I will only focus on the steps that are done differently.

I use Oracle OSB 11.1.1.6 and Red Hat 6 (64-bit).

Install the WebLogic Server 10.3.6

Check the documentation.

As always I use a soft link to the Java installation.

export PRODUCT="/u01/app/oracle/product"
export SOFTWARE="/u01/software"
export WLS_JAR="wls1036_generic.jar"

$PRODUCT/java_current/bin/java -Djava.io.tmpdir=/u01/temp
 -jar $SOFTWARE/$WLS_JAR -mode=silent
 -silent_xml=/u01/software/scripts/silent-wls10.3.6.xml
 -log=$SOFTWARE/wls_install.log
echo $?
grep -i error wls_install.log

Here is the silent-wls10.3.6.xml file.

Install the OSB

Check the documentation.

First we must create the Oracle inventory. As root run.

cd /u01/software/ofm_osb_generic_11.1.1.6.0_disk1_1of1/Disk1/stage/Response
./createCentralInventory.sh /u01/app/oracle/oraInventory oinstall

Install the OSB.

cd /u01/software/ofm_osb_generic_11.1.1.6.0_disk1_1of1/Disk1
./runInstaller -silent
 -responseFile /u01/software/scripts/custom_installtype_osb11.1.1.6.rsp
 -jreLoc /u01/app/oracle/product/java_current/jre

Here is the custom_installtype_osb11.1.1.6.rsp file.

Create database schemas via the RCU

Check the documentation.

cd ofm_rcu_linux_11.1.1.6.0_disk1_1of1/rcuHome/bin
./rcu -silent -createRepository -databaseType ORACLE -dbUser sys
 -connectString winterfell:1521:THEIMP  -dbRole SYSDBA
 -useSamePasswordForAllSchemaUsers -schemaPrefix DEV -component SOAINFRA
 -component MDS -component ORASDPM -tablespace OSB_REPO -tempTablespace TEMP
 -f < passwordfile.txt

This will create 3 schema’s: DEV_SOAINFRA, DEV_MDS, DEV_ORASDPM.

Since the MDS and ORASDPM components are dependencies of SOAINFRA I would have expected that I could use the “-selectDependentsForComponents” parameter alone with the SOAINFRA component but I could not get this to work. The rcu startsup fine but stops after outputting:

Repository Creation Utility – Checking Prerequisites
Checking Component Prerequisites

If you do not use a file to input the passwords the rcu will slowly clear the screen and wait for you to input the sys password. It does not prompt you to input it. It will then proceed and after a while it will clear the screen again and you have to input the password for the new schema’s. Again without prompting for it.

To drop the repositories you can use:

cd ofm_rcu_linux_11.1.1.6.0_disk1_1of1/rcuHome/bin
./rcu -silent -dropRepository -databaseType ORACLE -dbUser sys
 -connectString winterfell:1521:THEIMP  -dbRole SYSDBA
 -schemaPrefix DEV -component SOAINFRA -component MDS -component ORASDPM

Notices that this will also drop the tablespace(s). The rcu stores information in the data dictionary so if you manually drops the schema’s you will not get rid of everything.

select comp_name, owner, version from schema_version_registry;

COMP_NAME                   OWNER        VERSION
--------------------------- ------------ ----------
Metadata Services           DEV_MDS      11.1.1.6.0
SDP Messaging               DEV_ORASDPM  11.1.1.6.0
SOA Infrastructure Services DEV_SOAINFRA 11.1.1.6.0

Configure the OSB

I am using WLST offline to create domains. Check the documentation.

You create domains from a domain template and then extend the domains via extension templates.

An extension template can consists of multiple template JAR files and have dependencies to WebLogic Server resources or other templates. Read more here.

For this example I will use these templates.

Basic WebLogic domain without sample application – WL_HOME/common/templates/domains/wls.jar
OSB (Cluster and Managed Server Topologies) – OSB_HOME/common/templates/applications/wlsb.jar
OSB OWSM Extension – OSB_HOME/common/templates/applications/wlsb_owsm.jar
EM – ORACLE_COMMON/common/templates/applications/oracle.em_11_1_1_0_0_template.jar

Example of WLST for creating an OSB domain.

#!/usr/bin/python
import os, sys

ADMIN_SERVER='AdminServer'
ADMIN_SERVER_PORT=7001
DATABASE='winterfell:1521:THEIMP'
DOMAIN_HOME='/u01/app/oracle/domains/OSB01'
DOMAIN='OSB01'
LISTEN_ADDRESS='wintermute'
MACHINE='Machine1'
MANAGED_SERVER='osb_server1'
MANAGED_SERVER_PORT=8001
MDS_USER='DEV_MDS'
MDS_PASSWORD='welcome1'
MW_HOME='/u01/app/oracle/product/fmw'
NODE_MANAGER='nodemgr'
NODE_MANAGER_LISTEN_ADDRESS='localhost'
NODE_MANAGER_PASSWORD='welcome2'
NODE_MANAGER_PORT=5556
OSB_HOME='/u01/app/oracle/product/fmw/osb'
SOAINFRA_USER='DEV_SOAINFRA'
SOAINFRA_PASSWORD='welcome1'
WEBLOGIC_PASSWORD='welcome1'
WL_HOME='/u01/app/oracle/product/fmw/wlserver_10.3'

###############################################################################
# Create the domain
###############################################################################

readTemplate(WL_HOME + '/common/templates/domains/wls.jar')
cd('/Security/base_domain/User/weblogic')
cmo.setPassword(WEBLOGIC_PASSWORD)
writeDomain(DOMAIN_HOME)
closeTemplate()

###############################################################################
# Open the domain for editing
###############################################################################

readDomain(DOMAIN_HOME)

###############################################################################
# Extend the domain with the OSB
###############################################################################

addTemplate(OSB_HOME + '/common/templates/applications/wlsb.jar')

###############################################################################
# Extend the domain with OWSM
###############################################################################

addTemplate(OSB_HOME + '/common/templates/applications/wlsb_owsm.jar')

###############################################################################
# Extend the domain with the EM
###############################################################################

addTemplate(MW_HOME + '/oracle_common/common/templates/applications/oracle.em_11_1_1_0_0_template.jar')

###############################################################################
# wlsbjmsrpDataSource
###############################################################################

cd('/')
delete('wlsbjmsrpDataSource','JDBCSystemResource')

create('wlsbjmsrpDataSource', 'JDBCSystemResource')
cd('/JDBCSystemResource/wlsbjmsrpDataSource')
set('DescriptorFileName','jdbc/wlsbjmsrpDataSource-jdbc.xml')
set('Target',ADMIN_SERVER +  ',' + MANAGED_SERVER)
cd('/JDBCSystemResource/wlsbjmsrpDataSource/JdbcResource/wlsbjmsrpDataSource')
cmo.setName('wlsbjmsrpDataSource')

cd('/JDBCSystemResource/wlsbjmsrpDataSource/JdbcResource/wlsbjmsrpDataSource')
create('myJdbcDataSourceParams','JDBCDataSourceParams')
cd('JDBCDataSourceParams/NO_NAME_0')
set('JNDIName', java.lang.String('wlsbjmsrpDataSource'))
set('GlobalTransactionsProtocol', java.lang.String('None'))

cd('/JDBCSystemResource/wlsbjmsrpDataSource/JdbcResource/wlsbjmsrpDataSource')
create('myJdbcDriverParams','JDBCDriverParams')
cd('JDBCDriverParams/NO_NAME_0')
set('DriverName','oracle.jdbc.OracleDriver')
set('URL','jdbc:oracle:thin:@' + DATABASE)
set('PasswordEncrypted', SOAINFRA_PASSWORD)
set('UseXADataSourceInterface', 'false')

create('myProperties','Properties')
cd('Properties/NO_NAME_0')
create('user','Property')
cd('Property')
cd('user')
set('Value', SOAINFRA_USER)

cd('/JDBCSystemResource/wlsbjmsrpDataSource/JdbcResource/wlsbjmsrpDataSource')
create('myJdbcConnectionPoolParams','JDBCConnectionPoolParams')
cd('JDBCConnectionPoolParams/NO_NAME_0')
set('CapacityIncrement',1)
set('InitialCapacity',5)
set('MaxCapacity',25)
set('TestTableName','SQL SELECT 1 FROM DUAL')

###############################################################################
# mds-owsm
###############################################################################

cd('/')
delete('mds-owsm','JDBCSystemResource')

create('mds-owsm', 'JDBCSystemResource')
cd('/JDBCSystemResource/mds-owsm')
set('DescriptorFileName','jdbc/mds-owsm-jdbc.xml')
set('Target',ADMIN_SERVER +  ',' + MANAGED_SERVER)
cd('/JDBCSystemResource/mds-owsm/JdbcResource/mds-owsm')
cmo.setName('mds-owsm')

cd('/JDBCSystemResource/mds-owsm/JdbcResource/mds-owsm')
create('myJdbcDataSourceParams','JDBCDataSourceParams')
cd('JDBCDataSourceParams/NO_NAME_0')
set('JNDIName', java.lang.String('jdbc/mds/owsm'))
set('GlobalTransactionsProtocol', java.lang.String('None'))

cd('/JDBCSystemResource/mds-owsm/JdbcResource/mds-owsm')
create('myJdbcDriverParams','JDBCDriverParams')
cd('JDBCDriverParams/NO_NAME_0')
set('DriverName','oracle.jdbc.OracleDriver')
set('URL','jdbc:oracle:thin:@' + DATABASE)
set('PasswordEncrypted', MDS_PASSWORD)
set('UseXADataSourceInterface', 'false')

create('myProperties','Properties')
cd('Properties/NO_NAME_0')
create('user','Property')
cd('Property')
cd('user')
set('Value', MDS_USER)

cd('/JDBCSystemResource/mds-owsm/JdbcResource/mds-owsm')
create('myJdbcConnectionPoolParams','JDBCConnectionPoolParams')
cd('JDBCConnectionPoolParams/NO_NAME_0')
set('CapacityIncrement',1)
set('InitialCapacity',5)
set('MaxCapacity',25)
set('TestTableName','SQL SELECT 1 FROM DUAL')

###############################################################################
# Misc domain settings
###############################################################################

cd ('/')
cmo.setConfigBackupEnabled(True)
cmo.setArchiveConfigurationCount(25)

cd('/Server/' + ADMIN_SERVER)
cmo.setListenAddress(LISTEN_ADDRESS)
cmo.setListenPort(ADMIN_SERVER_PORT)

cd('/Server/' + MANAGED_SERVER)
cmo.setListenAddress(LISTEN_ADDRESS)
cmo.setListenPort(MANAGED_SERVER_PORT)

cd ('/SecurityConfiguration/' + DOMAIN)
cmo.setNodeManagerUsername(NODE_MANAGER)
cmo.setNodeManagerPasswordEncrypted(NODE_MANAGER_PASSWORD)

###############################################################################
# Create machines
###############################################################################

cd ('/')
create(MACHINE, 'UnixMachine')
cd('/Machines/' + MACHINE)
create(MACHINE, 'NodeManager')
cd('NodeManager/' + MACHINE)
set('NMType', 'Plain')
set('ListenAddress', NODE_MANAGER_LISTEN_ADDRESS)
set('ListenPort', NODE_MANAGER_PORT)

cd('/Server/' + ADMIN_SERVER)
set('Machine',MACHINE)

cd('/Server/' + MANAGED_SERVER)
set('Machine',MACHINE)

###############################################################################
# Update, Close and Exit
###############################################################################

updateDomain()
closeDomain()
exit()

The two data sources are default created with the PointBase database, so they are deleted and created again with an Oracle database.

{ 3 comments }

Getting the size of the HTTP Session State in WebLogic

Peter Lorenzen
07/03-2013

I recently had to find the size of the data stored in the HTTP Session State. On MOS I found this note:
“Session Replication Fails Due To Non-Serializable Object: JSP Test Page [ID 1073386.1]“.
It contains a JSP test page that will show you if your session data is serializable or not. It will also calculate the size of the data. It’s very simple you just download the JSP file and deploy it with your application. Nice!

Here is an example of the output.

Installing the Oracle OSB on Red Hat 6

Peter Lorenzen
05/03-2013

Here is my experiences with installing OSB 11.1.1.6 on Red Hat 6 (64-bit) using Java 7.

By the way you might also be interested in my post about Silent installation of the OSB on Red Hat 6.

First have a look at the documentation:
Oracle Fusion Middleware Download, Installation, and Configuration ReadMe
Oracle Fusion Middleware Installation Planning Guide
Oracle Fusion Middleware Installation Guide for Oracle Service Bus

Overview

Download the software
Prepare the OS
Install Java
Install the latest Java SE CPU
Install the WebLogic Server 10.3.6
Install the latest WebLogic Server CPU/PSU
Install the OSB
Patch the OSB
Create database schemas via the RCU
Configure the OSB
Homes overview
Starting the servers
Java parameters
Configuring the Node Manager
Configure automatic start of the servers
Java 7
Warnings in log files
Miscellaneous
Configure OCM

Download the software

Please notice

Before using the direkt download links to http://download.oracle.com you need to login in to the site and accept a License Agreement.
The RCU only exists as a 32-bit download

Prepare the OS

I am using Red Hat 6 64-bit. Check the “System Requirements for UNIX Operating Systems”.
Also check “Special Startup Requirements for Linux x86 or Linux x86-64 Operating Systems” in the same document.

This should install the needed packages:

yum install binutils-2*.x86_64
yum install compat-libcap1-1*
yum install compat-libstdc++-33*.i686
yum install compat-libstdc++-33*.x86_64
yum install gcc-4*.x86_64
yum install gcc-c++-4*.x86_64
yum install glibc-2*.x86_64
yum install glibc-2*.i686
yum install glibc-devel-2*.i686
yum install libaio-0.*.x86_64
yum install libaio-devel-0.*.x86_64
yum install libgcc-4.*.x86_64
yum install libstdc++-4.*.x86_64
yum install libstdc++-4.*.x86_64
yum install libstdc++-devel-4.*.x86_64
yum install libXext.i686
yum install libXtst.i686
yum install sysstat-9.*.x86_64

Change the open file limits in /etc/security/limits.conf

* soft nofile 4096
* hard nofile 4096

Enabling Unicode Support in the .bash_profile for the oracle user.

export LANG="en_US.UTF-8"

Boot the server.

Create user, group and directories.

groupadd oinstall
useradd -g oinstall -G oinstall oracle
passwd oracle

mkdir -p /u01/app/oracle/product
mkdir -p /u01/tmp

chown -R oracle:oinstall /u01
chmod -R 750 /u01

Install Java

Unzip and untar the downloaded file:

gunzip jdk-7u15-linux-x64.tar.gz
tar xvf jdk-7u15-linux-x64.tar
mv jdk1.7.0_15 /u01/app/oracle/product/.

After I install Java I always create a softlink to the installation directory and reference it everywhere. This makes it is easier later when you have to upgrade.

ln -s /u01/app/oracle/product/jdk1.7.0_15 /u01/app/oracle/product/java_current

I could not get the WebLogic Installer to work with Java 7. The Installer start without any problems but in some of the screens you cannot select options with the mouse or input text. I have reproduced this with Oracle Linux 6 and with the WebLogic Server 12c Installer. I have the problem on both physical and virtual servers.

As a workaround I use Java 6 during the installation and later switch to Java 7. This works fine.

Install the latest Java SE CPU

Check the Java SE Critical Patch Update (CPU) to see if you need to patch the Java you have installed.
The latest Java SE CPU is from February 2013. It patches update 13 and earlier. I use update 15 so there is no need to patch it.

Install the WebLogic Server 10.3.6

Take care when downloading the wls1036_generic.jar file since some browsers will rename it to wls1036_generic.zip.


/u01/app/oracle/product/java_current/bin/java
-Djava.io.tmpdir=/u01/tmp -jar wls1036_generic.jar -log=wls_install.log

-Djava.io.tmpdir is only needed if there is not enough tmp space.

Below I have ignored the screens where you can sign up for security updates etc.

wls1
wls2
wls3
wls4
wls5

Here my Java soft link is ignored so we have to fix this later.

wls6
wls7
wls8

The Java soft link was ignored so we have to fix this:

cd /u01/app/oracle/product/osb
grep -R jdk1.6.0_39 *
find . -type f -exec sed -i "s/\/u01\/app\/oracle\/product\/jdk1.6.0_39/\/u01\
/app\/oracle\/product\/java_current/g" {} \;

Install the latest WebLogic Server CPU/PSU

I always install the PSU instead of the CPU. You can read more about PSU updates in the MOS note:
“Announcing Oracle WebLogic Server PSUs (Patch Set Updates) [ID 1306505.1]”

WebLogic 10.3.6 January 2013 PSU patch 14736139. (p14736139_1036_Generic.zip)

Make sure all WebLogic servers are stopped and remove any previously applied Patch Set Update and associated overlay patches.

mkdir /u01/app/oracle/product/osb/utils/bsu/cache_dir
cp HYKC.jar /u01/app/oracle/product/osb/utils/bsu/cache_dir/.
cp patch-catalog_18682.xml /u01/app/oracle/product/osb/utils/bsu/
cache_dir/patch-catalog.xml

Make sure that the patch-catalog_18682.xml is renamed to patch-catalog.xml!

cd /u01/app/oracle/product/osb/utils/bsu/
./bsu.sh -prod_dir=/u01/app/oracle/product/osb/wlserver_10.3
 -patchlist=HYKC -verbose -install

Verify that the patch is installed.

./bsu.sh -prod_dir=/u01/app/oracle/product/osb/wlserver_10.3
 -status=applied -verbose -view

Alternative use.

. /u01/app/oracle/product/osb/wlserver_10.3/server/bin/setWLSEnv.sh
java weblogic.version

For example.

[oracle@wintermute ~]$ java weblogic.version

WebLogic Server 10.3.6.0.3 PSU Patch for BUG14736139 Fri Nov 23 10:16:54 IST 2012
WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050

Install the OSB

Red Hat 6 is certified with the 11.1.1.6 OSB but because the OSB was shipped before it was certified you need the -ignoreSysPrereqs parameter.

The documentation does not reflect this yet but this MOS note does:
“OSB 11.1.1.6 Installation Fails on Red Hat Enterprise Linux (EL) 6 [ID 1530125.1]”

cd /u01/software/ofm_osb_generic_11.1.1.6.0_disk1_1of1/Disk1
./runInstaller -ignoreSysPrereqs -jreLoc
 /u01/app/oracle/product/java_current/jre

Below I have ignored the screens where you can sign up for security updates etc.

osb1a
osb1b
osb1c
osb2
osb3
osb4
osb5
osb6
osb7
osb8
osb9

Patch the OSB

To find out if there exists any patches that you should install check the “Information Center: Oracle Service Bus (OSB) [ID 1293368.2]” on MOS.

Currently they have listed two patches, one for the WebLogic Server and one for the OSB.

WebLogic Patch
Check “Performance Impact in WLS 10.3.6 / Oracle Service Bus 11.1.1.6 if Using Work Manager or Dispatch Policy for OSB JMS Services [ID 1388057.1]”

Patch 13573621 (p13573621_103603_Generic.zip).

cp DYCA.jar /u01/app/oracle/product/osb/utils/bsu/cache_dir/.
cp patch-catalog_19101.xml /u01/app/oracle/product/osb/utils/bsu/
cache_dir/patch-catalog.xml

Make sure that the patch-catalog_19101.xml is renamed to patch-catalog.xml!

cd /u01/app/oracle/product/osb/utils/bsu/
./bsu.sh -prod_dir=/u01/app/oracle/product/osb/wlserver_10.3
 -patchlist=DYCA -verbose -install

Verify that the patch is installed.

./bsu.sh -prod_dir=/u01/app/oracle/product/osb/wlserver_10.3
 -status=applied -verbose -view

Alternative use.

. /u01/app/oracle/product/osb/wlserver_10.3/server/bin/setWLSEnv.sh
java weblogic.version

OSB Patch
OSB patches are not applied via the BSU but uses the well-known Oracle OPatch tool.

Always download and install the latest OPatch version from MOS!

export ORACLE_HOME=/u01/app/oracle/product/osb/Oracle_OSB1
cd /u01/app/oracle/product/osb/Oracle_OSB1/OPatch
./opatch | grep version

unzip p6880880_111000_Linux-x86-64.zip -d /u01/app/oracle/product/osb/Oracle_OSB1

cd /u01/app/oracle/product/osb/Oracle_OSB1/OPatch
./opatch | grep version

The OSB patch is “14389126: PS5 Bundle Patch 1 (11.1.1.6.1)”. (p14389126_111160_Generic.zip)

Check “OSB 11g: Bundle Patch Reference [ID 1499170.1]”

export ORACLE_HOME=/u01/app/oracle/product/osb/Oracle_OSB1
cd p14389126_111160_Generic/14389126
/u01/app/oracle/product/osb/Oracle_OSB1/OPatch/opatch apply
 -jdk /u01/app/oracle/product/java_current
 -jre /u01/app/oracle/product/java_current/jre

To validate that it has been installed:

cd /u01/app/oracle/product/osb/Oracle_OSB1/OPatch
./opatch lsinventory

You should see one product and one interim patch.

Create database schemas via the RCU

You most likely do not need a database with your OSB. It is only required if you want to use the OSB Reporting features or the OWSM. Talk to your developers to check if they are using Report actions or OWSM policies.

You can see how to deal with a couple of issues if you are not using a database here.

For this installation I will use a database.

First have a look at the documentation:
Oracle Fusion Middleware Repository Creation Utility User’s Guide

Check the database requirements and notice:

AL32UTF8 character set
If you use a database that does not use the AL32UTF8 character set the RCU will complain. As long as you are not using Oracle WebCenter or Oracle Identity Management you can ignore this.
For more information see the RCU MOS FAQ: “Oracle Fusion Middleware 11g Repository Creation Utility (RCU) – FAQ [ID 1304790.1]”

NLS_LENGTH_SEMANTICS
Only Byte length semantics is supported so if you use CHAR you probably need to use another database.
See “RCU 11g Fails When Creating Index on MDS_COMPONENTS – ORA-01450: maximum key length (6398) exceeded [ID 987906.1]”

SID != Service Name
RCU uses the Service Name when connecting to a database, not the SID. The SID and the Service Name can contain different values.
You can find the Service Name in the database via:

SQL> show parameter service_names

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
service_names                        string      xdb.egf

Which schema’s are required?
To support OSB Reporting you need to select the SOA Infrastructure component in the RCU. I cannot find any documentation that states this though. You can get information about other FMW products here but the OSB is not mentioned.

Does anybody know where this information can be found?

Tablespaces
You can create tablespaces via the RCU but I prefer to create them myself.
A database will often have a default tablespace called USERS. It often ends up being a mess with all kind of different objects that nobody really knows why are there
You should create separate tablespaces and use them after the kind of data that goes in them: Object size, growth rate, object type (Tables, LOBs, etc.)

create smallfile tablespace OSB_REPO datafile'/u01/app/oracle/oradata/osb/osb_repo01.dbf'
 size 150m autoextend on next 100m maxsize 1g extent management local autoallocate;

Start the RCU
cd ofm_rcu_linux_11.1.1.6.0_disk1_1of1/rcuHome/bin
./rcu

RCU 1
RCU 2
RCU 3
RCU 4
RCU 5
RCU 6
RCU 7
RCU 8
RCU 9
RCU 10
RCU 11

Configure the OSB

The CONFIG_JVM_ARGS is set to speed things up if the system is low on entropy.

export CONFIG_JVM_ARGS=”-Djava.security.egd=file:/dev/./urandom”
cd /u01/app/oracle/product/osb/oracle_common/common/bin
./config.sh

Below I have ignored the screens where you can sign up for security updates etc.

Domain1
Domain2
Domain3
Domain4
Domain5
Domain6a
Domain6b
Domain7
Domain8
Domain9
Domain10
Domain11
Domain12
Domain13
Domain14
Domain15

Homes overview

There are many homes:

Application Home – /u01/app/oracle/applications/osb
Domain Home – /u01/app/oracle/domains/osb
Middleware Home – /u01/app/oracle/product/osb
Oracle Common Home – /u01/app/oracle/product/osb/oracle_common
Oracle OSB Home – /u01/app/oracle/product/osb/Oracle_OSB1
WebLogic Server Home – /u01/app/oracle/product/osb/wlserver_10.3

For more information check the Oracle Fusion Middleware Installation Planning Guide.

Starting the servers

Start the Admin Server:

cd /u01/app/oracle/domains/osb
./startWebLogic.sh

Waite till you see:

<Server started in RUNNING mode>

Now you should be able to access the Admin Console:

http://wintermute:7001/console

Start the Managed Server in another terminal:

cd /u01/app/oracle/domains/osb/bin
./startManagedWebLogic.sh osb_server1

When it reaches the Running state check that all the deployments has state Active.

Java parameters
You can set Java memory parameters in several ways. Here I use setDomainEnv.sh in /u01/app/oracle/domains/osb/bin.
I place the below just after all the comments in the top of the file:

“Development Mode”

# *************************************************************************
# lorenzen Begin
# *************************************************************************
if [ "${SERVER_NAME}" = "" ] ; then
        SERVER_NAME="AdminServer"
        export SERVER_NAME
fi
if [ "${SERVER_NAME}" = "AdminServer" ] ; then
  USER_MEM_ARGS="-Xms256m -Xmx768m -XX:MaxPermSize=350m -Djava.security.egd=file:/dev/./urandom"
elif [ "${SERVER_NAME}" = "osb_server1" ] ; then
  USER_MEM_ARGS="-Xms768m -Xmx1024m -XX:MaxPermSize=350m -Djava.security.egd=file:/dev/./urandom"
fi
# *************************************************************************
# lorenzen End
# *************************************************************************

Production Mode

# *************************************************************************
# lorenzen Begin
# *************************************************************************
if [ "${SERVER_NAME}" = "" ] ; then
        SERVER_NAME="AdminServer"
        export SERVER_NAME
fi
if [ "${SERVER_NAME}" = "AdminServer" ] ; then
  USER_MEM_ARGS="-Xms256m -Xmx768m -XX:MaxPermSize=350m"
elif [ "${SERVER_NAME}" = "osb_server1" ] ; then
  USER_MEM_ARGS="-Xms768m -Xmx1024m -XX:MaxPermSize=350m"
fi
# *************************************************************************
# lorenzen End
# *************************************************************************

In “Development Mode” I have added a parameter to take care of any entropy problems.

If you are not running in Production Mode I always set debugFlag and ALSB_DEBUG_FLAG to false.
If you do not do this you can get errors like the below, becuase several servers are trying to use the same port:

ERROR: transport error 202: bind failed: Address already in use
ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510)
JDWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized

So add this:

debugFlag="false"
ALSB_DEBUG_FLAG="false"

This should do it:

sed -i 's/debugFlag="true"/debugFlag="false"/g' setDomainEnv.sh
sed -i 's/ALSB_DEBUG_FLAG="true"/ALSB_DEBUG_FLAG="false"/g' setDomainEnv.sh

If your developers need the debug ports, make sure each server uses unique ports.

Configuring the Node Manager

I always use the Node Manager (NM) to start and stop WebLogic servers.

1. Set NM user name and password

Use the Admin Console and navigate to the domain. Select Security and then Advanced. Set “NodeManager Username” and “NodeManager Password”:
nm1

2. Set the NM type to plain

The NM default uses SSL. I normally do not use SSL for the NM and if you do you should use valid SSL certificates not the default demo certificates.
Navigate to Environment => Machines => Machine_1 => Node Manager.
Change Type to Plain.
nm2

3. Stop the Admin Server and the Managed Server

Stop them via the Admin Console or just ctrl+c in the two terminals.

4. Start the NM

cd /u01/app/oracle/product/osb/wlserver_10.3/server/bin
./startNodeManager.sh

When you see:

INFO: Secure socket listener started on port 5556

Stop NM again with ctrl+c. The NM has now create it’s setup files and we need to make a couple of changes in nodemanager.properties in:
/u01/app/oracle/product/osb/wlserver_10.3/common/nodemanager

Change these lines:

javaHome=/u01/app/oracle/product/java_current
JavaHome=/u01/app/oracle/product/java_current/jre
SecureListener=false
CrashRecoveryEnabled=true
StartScriptEnabled=true

This should do it.

sed -i 's/SecureListener=true/SecureListener=false/g' nodemanager.properties
sed -i 's/CrashRecoveryEnabled=false/CrashRecoveryEnabled=true/g' nodemanager.properties
sed -i 's/StartScriptEnabled=false/StartScriptEnabled=true/g' nodemanager.properties
sed -i 's/javaHome=.*/javaHome=\/u01\/app\/oracle\/product\/java_current/g' nodemanager.properties
sed -i 's/JavaHome=.*/javaHome=\/u01\/app\/oracle\/product\/java_current\/jre/g' nodemanager.properties

Start the NM again. Wait until you see:

INFO: Plain socket listener started on port 5556

In another terminal start the Admin Server:

. /u01/app/oracle/product/osb/wlserver_10.3/server/bin/setWLSEnv.sh
java weblogic.WLST
nmConnect(username='nodemgr', password='manager2', domainName='osb', domainDir='/u01/app/oracle/domains/osb', nmType='plain')
nmStart('AdminServer')

When the Admin Server is Running start the Managed Server via the Admin Console.

Notice that things are a bit different if you use Production Mode.

Configure automatic start of the servers

Now everything is running but of cause the NM should not be started manually but automatically when the server boots.

Here is a very simple boot script:
/etc/init.d/osbNodeManager

cd /etc/init.d
chmod 755 osbNodeManager
chkconfig --add osbNodeManager
chkconfig --list osbNodeManager
./osbNodeManager start

Java 7

Before switching to Java 7 you should read “Using WebLogic Server with JDK 7“.

mkdir /u01/app/oracle/product/jdk1.7.0_15/jre/lib/endorsed
cd /u01/app/oracle/product/osb/modules
cp javax.annotation_* /u01/app/oracle/product/jdk1.7.0_15/jre/lib/endorsed
cp javax.xml.bind_* /u01/app/oracle/product/jdk1.7.0_15/jre/lib/endorsed
cp javax.xml.ws_* /u01/app/oracle/product/jdk1.7.0_15/jre/lib/endorsed
ls /u01/app/oracle/product/jdk1.7.0_15/jre/lib/endorsed

The java_current soft link still points to Java 6 so we should change this:

rm -f /u01/app/oracle/product/java_current
ln -s /u01/app/oracle/product/jdk1.7.0_15 /u01/app/oracle/product/java_current
ls -l /u01/app/oracle/product/java_current

Warnings in log files

When you start the OSB you will see a lot of warnings in the log files. Since they are warnings they can be ignored. But it is nice to know what they mean. Some of them you can get rid of if you want to.

<BEA-381917> <MQ Transport could not be registered due to : Missing MQ Library>

You are missing some MQ libraries. If you are not using MQ transport you can untarget the “MQ Transport Provider” application.
See “BEA-000000 & BEA-381917 Warning Messages During OSB Cluster Domain Admin Server Startup [ID 1074857.1]”

<BEA-387042> <There is no user password credential mapper provider configured in your security realm

If you are not using the provider it can be ignored. See “Why Do We Get BEA-387042 Alert at Server Start-up? [ID 1267945.1]”

Metric table “oracle_oim:overall” has no key column. It will not be collected

There is nothing you can do about these messages. See “After migration to FMW 11.1.1.6 and WLS 10.3.6, Warning Messages In Stdout When Weblogic Starts [ID 1434193.1]”

UnicastUdpSocket failed to set send buffer size
UnicastUdpSocket failed to set receive buffer size
PreferredUnicastUdpSocket failed
MulticastUdpSocket failed

Coherence is complaining because the OS socket buffers are to small. You can increase them in /etc/sysctl.conf:

net.core.rmem_max=4192608
net.core.wmem_max=4192608

Run /sbin/sysctl -p

Oracle Coherence 3.7.1.1 (member=n/a): Local address “127.0.0.1″ is a loopback address; this cluster node will not

If you don’t use Coherence you can disable it via the SBConsole. Operations => Global settings. Remove the check mark from “Enable Result Caching”.

No test table set up for pool “wlsbjmsrpDataSource”. Connections will not be tested

You should change the Connection Pool for the Data Source to have “SQL SELECT 1 FROM DUAL” in “Test Table Name”.

Miscellaneous

You should audit the Logging settings for the domain and the servers to make sure log rotation is configured.
Notice that .out log files cannot be rotated by WebLogic. The are only rotated when the servers are restarted.
On Windows this is a problem on Linux not so much
But make sure you developers know that:

System.out.println("This is forbidden! Use Java Logging or Log4j");

You should configure “Configuration Archiving” for the domain. Domain => Configuration => General => Advanced. Set “Configuration Archive Enabled” and “Archive Configuration Count”.
When you change the configuration a backup of config.xml will be save so you can revert to an old version if you get in trouble.

Configure OCM

If your servers has access to the Internet OCM will automatically download the latest version. If not you should download it yourself and install it manually.

. /u01/app/oracle/domains/osb/bin/setDomainEnv.sh
export ORACLE_HOME=/u01/app/oracle/product/osb/utils
export JAVA_HOME=/u01/app/oracle/product/java_current
cd $ORACLE_HOME/ccr/bin
./setupCCR -s 12345678 nobody@cgi.com DK

Verify that it is working:

cd $ORACLE_HOME/ccr/bin
./emCCR start
./emCCR status
./emCCR -register test
./emCCR -verbose test
./emCCR register
./emCCR collect
./emCCR upload
./emCCR disable_target

{ 1 comment }

February 22, 2013

Creating a Data Source via WLST Offline

I have been messing around with silent install of FMW and creating domains via WLST. I was initially trying to get as much as possible done via offline WLST and therefore wanted to create a Data Source. I could not find any examples online which was a bit puzzling since there are lots of online [...]

February 19, 2013

SSL Server Certificates – Lessons learned

It is not difficult to create an SSL/TLS certificate and configure an Apache HTTP Server to use it. But I found that there are some things you need to know that does not necessarily make much sense. Here are some lessons learned and a couple of tips. Intermediate and Root certificates A browser contains a [...]

February 14, 2013

3 Comments

Hardening the Apache HTTP Server

After having been through security audits over the years I now have a short list of things I always change after having installed an Apache HTTP Server. It is not much, but it always moves the focus from the Apache server to the applications and thereby off my desk Before moving to the configuration I [...]

February 12, 2013

Enterprise Manager will not start after ADF upgrade

I recently had to upgrade a WebLogic Server with ADF for a customer. It was WebLogic 10.3.4 to 10.3.6 and ADF 11.1.1.4 to 11.1.2.3. They also used Enterprise Manager. Everything went fine except for the Enterprise Manager which ended up with status Failed. I installed both patch 14582286 and 14582309, as described in the MOS [...]

February 10, 2013

Auditing users in WebLogic Server

If you do a default installation of the WebLogic Server user activity is not audited. WebLogic has a build in Auditing Provider but it has to be enabled. The Audit Provider can log these events. To enable it via the Admin Console got to Security Realms => myrealm => Providers => Auditing. Press New, select [...]

February 5, 2013

5 Comments

Is your WebLogic Server slooow? Might be because of low entropy

On Linux low entropy can cause certain operations to be very slow. SSL operations need entropy to ensure randomness. Entropy is generated by the OS when you use the keyboard, the mouse or the disk. If an SSL operation is missing entropy it will wait until enough is generated. If your server is running with [...]

December 22, 2012

Configuring outbound SSL for the SOA Suite

A customer had a situation where they had to call a remote Web Service from the SOA Suite via https. (One-way TLS/SSL). The developers had deployed the SOA Application so I had to configure the SOA Suite to trust the key used for SSL. For unknown reasons the normal Weblogic keystores are not used in [...]

August 2, 2012

Adding an extra IP to a Windows 2008 server (Source IP problem)

An Apache http server does not support more than one SSL virtual host on the same IP address and port. So if you want to host two Internet domains on the same server and they both use SSL on port 443 then you must use two IP-addresses. You can read more about this here. Because [...]

August 1, 2012

2 Comments

Installing Oracle Forms/Reports 11.1.1.6 on Red Hat 6 (64-bit) using JDK 7

Here is my experiences with installing Forms and Reports 11.1.1.6 on Red Hat 6 (64-bit) using JDK 7. Forms/Reports currently exists in two flavors 11.1.1.6 and 11.1.2.0. 11.1.1.6 is the main Fusion Middleware release. As far as I can tell 11.1.2.0 is an offspring used to fast track certain technologies into the product. Even though [...]

July 18, 2012

Downloading older versions of Oracle Database and OAS software

Oracle has recently removed the download links to a lot of older versions of the database and OAS software from OTN. The software is not on eDelivery either. The way you are meant to get the software is by opening a “Contact Us” Service Request and then they will give you a download link. This [...]

October 4, 2011

Red Hat firewall for dummies

Sometimes I need to open for communication on a port in the local firewall on a Linux box. Until now I have relied on the lokkit command or if a GUI is available system-config-securitylevel. I recently had some situations where lokkit was not working, so I decided to dig a little deeper. I think configuring [...]

September 25, 2011

Installing Wireshark and sniffing http communication on Red Hat

We had a situation where we were calling an external Web service that required custom http headers. When our request reached the Web service the customer http headers had disappeared. We did not know if the problem was with the OSB, our Internet proxy or the programmer To find out what was going on I [...]

September 19, 2011

Searching inside files on Windows 2008 R2

Searching after content inside files on Windows 2008 R2 does not work. I am sure that it is possible to get it working by starting/configuring an indexing service or something like that. But when I get access to a Windows server at a customer or at hosting service I don’t really want to mess to [...]

August 30, 2011

21 Comments

Installing Oracle Forms/Reports 11.1.1.4 on Red Hat 5 (64-bit)

My first installation of Forms/Reports services on a Weblogic server was not as easy as I would have expected so I thought I would share the steps. First have a look at the Installation Guide for Oracle Portal, Forms, Reports and Discoverer Overview Download the software Prepare the OS Install JRockit Install Weblogic server 10.3.4 [...]

August 7, 2011

Tool to backup and restore Putty sessions

When you access servers at a customer site or in a hosting center you often have to use a Remote Desktop (RDP). These jump servers are often locked down so you cannot install programs or access the Registry via Regedit. This is frustrating if you use Putty and have a lot of servers. I currently [...]

July 11, 2011