Q: When using your Apache & Tomcat bundled software, do you provide any additional security patches above and beyond what the Apache & Tomcat communities provide ?
A: Red Hat has a dedicated Security Response Team who’s role is to track alerts and security vulnerabilities in the community which may affect users of Red Hat products and services. They work with Open Source communities to identify, classify, diagnose and coordinate fixes. If Red Hat discovered a vulnerability in any Open Source project we would work with the community to coordinate a fix, we wouldn’t keep it secret.Where we might differ from the upstream project is in how we communicate the presence of vulnerabilities and deliver fixes to our customers.
Q: can you guys point out to any benchmarks on jboss as in comparison to the other j2ee containers available (ideally updated every once in a while) online for the people who look into jboss AS evaluation to come and compare it easily with the other AS and
We don’t currently have any public benchmarks comparing JBoss to other vendors. All proprietary vendors have specific restrictions in their EULA forbidding use in benchmarks, so the only viable way to provide a comparison is by comparing vendors submissions for some thing like SPECjAppServer2004. JBoss has long argued that SPECjAppServer2004 does not represent contemporary use of modern app. servers (a position that IBM now agree with) as such we’ve never paid much attention to SPECjAppServer2004 and we’ve never made a public submission. JBoss has been working with SPEC on a new benchmark which we think does better represent modern application server usage and we will, in time, provide our own public submissions.
Meanwhile, many customers who have moved large deployments from our proprietary competitors to JBoss typically cite overall cost saving as the main reason. Performance and overall cost are tightly linked.
Q: what is the official release date of EWP ?
A: Right now the best date I can give you is that it will be released sometime in this Calendar Quarter.
Q: why isn’t seam part of the web toolkit ?
A. That’s the long-term goal. ie. to separate the frameworks from the run-tmes as they typically evolve at different rates. We also want all the frameworks to be certified on all the run-times. This is a form of Pace Layering and I think it provides the greatest flexibility / agility.
Q: What is the level of support you give spring as part of the web toolkit ?
A. With the first version of the Web Framework Kit – Spring is a Technical Preview and not recommended for production use. The intention is to promote Spring to fully supported in the next minor release.
Q: why do you think glassfish managed to have jee5 server so soon ?
A. Because Sun is the spec. lead for Java EE – they have to deliver the Spec., the Reference Implementation and the TCK. It’s impractical for anyone to deliver an implementation before Sun. Just as it is impractical for anyone to deliver an implementation of Java CDI before Red Hat (the spec. lead).
Q: Are these versions (EWS, EWP, EAP) available in the community version, or only the enterprise version ?
A : The community version for EWS is Tomcat, mod_jk and Apache HTTP – you can see the exact versions included in EWS here. JBoss EWP only exists as a ‘profile’ in AS 5.1. You can see the exact component versions for the platforms on their respective web pages, eg. component page for JBoss EAP.
Q: When will EAP 5.0 be Java EE 6 certified ?
A. There is no plan to certify EAP 5.0 with the EE 6 TCK. EAP 5.0 supports Java EE 5, though it does include some features of Java EE 6 – specifically JAX-RS (RestEasy) and the Web Profile. If you want to see ho were progressing with Java EE 6 then take a look at JBoss AS 6.
Q: I would like easier upgrade path in RH Jboss vs jboss.org when you have your customized apps.. or is this a no problem ?
A : As long as you’re using the same base versions – portability should not be a problem. You can use this page to see what version level of components are included in EAP.
Q: What type of improvements are you looking at in order to support Cloud environments ?
A. Here are some of my thoughts :
- Larger managed domains, possibly shared across BUs, requiring delegated administration and isolation.
- More automated – everything needs to be easily automated or autonomous by design
- Automation is just as likely driven by pre-defined policy as by a human sys. admin.
- Better support for virtualized environments
- Lower resource utilization
- More dynamic – eg. to deal with elasticity – grow and shrink environments depending on pre-defined policies
Bob McWhirter and Marek Goldmann have been experimenting and prototyping some of these areas as part of the StormGrind project – take a look.
Q: Would web application developed in Jboss work on tomcat ?
A: JBoss EWP / EAP is a superset of Tomcat – as long as you limit your app. to use just the Web Container (ie. Servlet, JSP) – your app. will be portable. The web-container in JBoss EWP / EAP is based on Tomcat 6.0.18 so obviously supports the same versions of the Servlet (2.5) and JSP (2.1) specs. Tomcat 6.0.18 is also what we include in JBoss EWS.
Q: are there any limitations in the number or requests handled by using mod_jk ?
A. Good one – let me find out. Check this space for an update.
A. I checked with Jean-Frederic Clere, his response is :
“Apart from the OS limitations and httpd limitations (configuration in
httpd.conf, MaxClients for example) there aren’t any limits in the
number of requests mod_jk could handle.”
Q. where can I get the slides ?A. At some point they’ll appear along with the recorded sessions here.