Immortality of Code / Life beyond Snoracle

One of the benefits we talk about with Open Source is that the license and collaborative nature can offer some protection for users should the main supporter disappear. Rarely has this been put to test but here’s an example that came across in my feeds today. OpenSSO was a Sun project that Oracle seemingly killed last week as part of their assimilation / refactoring process. In less than a week, it seems there’s already a commercial organization twilling support the code-base. From ForgeRock’s web page :

ForgeRock OpenAM is the market leading open source Authentication, Authorization, Entitlement and Federation product. ForgeRock is providing the community with a new home for Sun Microsystems’ OpenSSO product.

Good luck to ForgeRock – I recognize quite a few of the names as fellow Sun / iPlanet / Netscape Alumni. It will be interesting to see how this plays out – it got ugly the last time something like this happened.

Oracle and the Java Opportunity

I guess there’s a chance that we’ll know more tomorrow but regarding the future of Java under Oracle’s control – I’m still neutral to optimistic and sticking to what I said 6 months ago :

DZone: With Oracle’s acquisition of Sun, are you concerned at all about some of the potential changes that will come as a result, to the governance and licensing options to the OpenJDK?

Rich: I’m really not that concerned. There are all sorts of scenarios that people are suggesting. I still believe Oracle will do the right thing. They have far too much to lose, by either accidently or purposely sabotaging OpenJDK. They have a very healthy business based around Java. Creating unrest, creating any kind of distrust or fragmentation of the Java community really isn’t going to help Oracle. So I think they’ll do the right thing. I also think they probably have the ability to invest in Java more than Sun had over the last five years at least. Sun kind of had some fairly pressing financial issues. I think that, above all else, probably hindered some of the progress of Java over the last five years.

So overall, I’m coming in neutral to slightly optimistic. If things do go awry, I’m sure Red Hat the rest of the Java community will step up and help Oracle to get back on track. So, yeah, I’m pretty comfortable with it.

My only real concerns is that Oracle understands products and monetization much better than they understand community and collaboration so I think a misstep or two are more likely to occur than Oracle purposefully sabotaging Java. Harming Java will devalue their investment and their chances of getting a decent return.

On the positive side – I think there’s still huge growth potential for the Java platform – I see no reason why it can’t become the dominant standard for the enterprise – I personally think we’re at the start of the decline of Microsoft and Java is the only viable alternative to Microsoft’s enterprise foothold. Microsoft’s enterprise presence is not insignificant but neither is it guaranteed – it’s largely based on an historically well adopted OS and Microsoft’s missteps in that area are pretty well known by now .

Java needs some strong leadership, investment and a open, vibrant and growing community.

I raising my mug of tea to The Next Decade of Java !

JBoss Application Platform Q&A

Yesterday we started a series of Web Casts covering JBoss Application Platforms (Recording, Slides). We didn’t manage to cover all the questions in the Q&A so as promised here they are :

Q: When using your Apache & Tomcat bundled software, do you provide any additional security patches above and beyond what the Apache & Tomcat communities provide ?

A: Red Hat has a dedicated Security Response Team who’s role is to track alerts and security vulnerabilities in the community which may affect users of Red Hat products and services. They work with Open Source communities to identify, classify, diagnose and coordinate fixes. If Red Hat discovered a vulnerability in any Open Source project we would work with the community to coordinate a fix, we wouldn’t keep it secret.Where we might differ from the upstream project is in how we communicate the presence of vulnerabilities and deliver fixes to our customers.

Q: can you guys point out to any benchmarks on jboss as in comparison to the other j2ee containers available (ideally updated every once in a while) online for the people who look into jboss AS evaluation to come and compare it easily with the other AS and

We don’t currently have any public benchmarks comparing JBoss to other vendors. All proprietary vendors have specific restrictions in their EULA forbidding use in benchmarks, so the only viable way to provide a comparison is by comparing vendors submissions for some thing like SPECjAppServer2004. JBoss has long argued that SPECjAppServer2004 does not represent contemporary use of modern app. servers (a position that IBM now agree with) as such we’ve never paid much attention to SPECjAppServer2004 and we’ve never made a public submission. JBoss has been working with SPEC on a new benchmark which we think does better represent modern application server usage and we will, in time, provide our own public submissions.

Meanwhile, many customers who have moved large deployments from our proprietary competitors to JBoss typically cite overall cost saving as the main reason. Performance and overall cost are tightly linked.

Q: what is the official release date of EWP ?

A: Right now the best date I can give you is that it will be released sometime in this Calendar Quarter.

Q: why isn’t seam part of the web toolkit ?

A. That’s the long-term goal. ie. to separate the frameworks from the run-tmes as they typically evolve at different rates. We also want all the frameworks to be certified on all the run-times. This is a form of Pace Layering and I think it provides the greatest flexibility / agility.

Q: What is the level of support you give spring as part of the web toolkit ?

A. With the first version of the Web Framework Kit – Spring is a Technical Preview and not recommended for production use. The intention is to promote Spring to fully supported in the next minor release.

Q: why do you think glassfish managed to have jee5 server so soon ?

A. Because Sun is the spec. lead for Java EE – they have to deliver the Spec., the Reference Implementation and the TCK. It’s impractical for anyone to deliver an implementation before Sun. Just as it is impractical for anyone to deliver an implementation of Java CDI before Red Hat (the spec. lead).

Q: Are these versions (EWS, EWP, EAP) available in the community version, or only the enterprise version ?

A : The community version for EWS is Tomcat, mod_jk and Apache HTTP – you can see the exact versions included in EWS here. JBoss EWP only exists as a ‘profile’ in AS 5.1. You can see the exact component versions for the platforms on their respective web pages, eg. component page for JBoss EAP.

Q: When will EAP 5.0 be Java EE 6 certified ?

A. There is no plan to certify EAP 5.0 with the EE 6 TCK. EAP 5.0 supports Java EE 5, though it does include some features of Java EE 6 – specifically JAX-RS (RestEasy) and the Web Profile. If you want to see ho were progressing with Java EE 6 then take a look at JBoss AS 6.

Q: I would like easier upgrade path in RH Jboss vs when you have your customized apps.. or is this a no problem ?

A : As long as you’re using the same base versions – portability should not be a problem. You can use this page to see what version level of components are included in EAP.

Q: What type of improvements are you looking at in order to support Cloud environments ?

A. Here are some of my thoughts :

  • Larger managed domains, possibly shared across BUs, requiring delegated administration and isolation.
  • More automated – everything needs to be easily automated or autonomous by design
  • Automation is just as likely driven by pre-defined policy as by a human sys. admin.
  • Better support for virtualized environments
  • Lower resource utilization
  • More dynamic – eg. to deal with elasticity – grow and shrink environments depending on pre-defined policies

Bob McWhirter and Marek Goldmann have been experimenting and prototyping some of these areas as part of the StormGrind project – take a look.

Q: Would web application developed in Jboss work on tomcat ?

A: JBoss EWP / EAP is a superset of Tomcat – as long as you limit your app. to use just the Web Container (ie. Servlet, JSP) – your app. will be portable. The web-container in JBoss EWP / EAP is based on Tomcat 6.0.18 so obviously supports the same versions of the Servlet (2.5) and JSP (2.1) specs. Tomcat 6.0.18 is also what we include in JBoss EWS.

Q: are there any limitations in the number or requests handled by using mod_jk ?

A. Good one – let me find out. Check this space for an update.
A. I checked with Jean-Frederic Clere, his response is :
“Apart from the OS limitations and httpd limitations (configuration in
httpd.conf, MaxClients for example) there aren’t any limits in the
number of requests mod_jk could handle.”

Q. where can I get the slides ?A. At some point they’ll appear along with the recorded sessions here.

5 Reasons to submit a paper for JBoss World 2010

Screen shot 2010-01-13 at 3.56.35 PM.png

There are only 9 days left to submit your talks for JBoss World 2010, in case you need them, here are some good reasons :

  1. It’s in Boston, In June. It’s a great city and the snow and ice will probably be mostly gone by June.
  2. You get a free conference pass, good for all Red Hat Summit / JBoss World sessions, keynotes, events, meals and parties
  3. You get one free night accommodation (in a hotel)
  4. It’s very likely IMHO that there won’t be a Java One this year – if you are looking for an opportunity to talk about what you’re doing with JBoss technology then this is *the* best place to do it.
  5. If you want to get into the weeds with highly technical content – then there’s a new track for that.

Call for Papers end in just 9 days !

The Evolution of Enterprise Java


Zallinger’s “March of Progress” from wikipedia.

I’ve been part of the Java ecosystem for long enough to see and be part of every Java EE / J2EE release to date. I still have a Forte SynerJ box-set somewhere – we claimed it as the first fully integrated J2EE 1.2 App Server and IDE – that was around 1999 and I was part of Sun for every subsequent release up to Java EE 5.

With the final votes in for Java EE 6 and with the year and decade coming to an end – it seems a fitting time to look back and see how far the Java EE platform has evolved :

  • J2EE 1.2 (1999) – announced just short of 10 years ago was the first attempt to create an umberalla specification to cover some existing web-tier, messaging and data access technologies (JDBC, Servlets, JTA, etc.) as well as the new middle tier technology – EJBs.
  • J2EE 1.3 (2001) – was from my recollection the first broadly adopted and deployed version, it added Connectors (a standard way to connect to back-end ‘legacy’ systems), some rudimentary support for XML Web Services and a pluggable security layer. EJBs got a major overhaul.
  • J2EE 1.4 (2003) – added JMX, a gaggle of specs. to support Web Services (JAXR, JAX-RPC). I think around this time – everyone had written their first App. using EJB’s and had learned that combined with CMP (Container Managed Persistence) they weren’t exactly getting the productivity boost they were hoping for. I think J2EE 1.4 was the “Vista” of Enterprise Java – over-engineered and ultimately underwhelming.
  • Java EE 5 (2006) – A name change and some new hope – mandatory XML deployment descriptors gave way to annotations, persistence took a lesson from the de-facto ORM solution – Hibernate. There was an alternative to, ahem, RPC-style Web Services with the inclusion of JAX-WS.
  • Java EE 6 (2009) – It’s been a while in the making and had a bad start but after ten years I think we now really see the start of a cohesive platform with a common programming model via CDI (JSR-299) and many of the criticisms leveled at the platform have been answered.

Java EE 6 also defines the new Web Profile – this is essentially a slimmed-down EE focussed on web applications. I think it’s much more than that – I think it’s an opportunity to really redefine the Enterprise Java platform and shed some of the legacy APIs. While the backward compatibility that EE dictates has been good – it’s also contributed to some bloat in the platform.

It’s interesting to see how the size of the Java EE spec. has changed over the years (assuming size of the spec. is a reasonable indicator of complexity)

  • J2EE 1.2 weighed in at just 140 pages;
  • J2EE 1.3 added about another 25% (174 pages);
  • J2EE 1.4 increased it by almost 40% (246 pages)
  • Java EE 5 actually bought the page count down by 10%;
  • and the last draft of the Java EE 6 spec. I read only added about 6% (236 pages) – despite some pretty major enhancements.

Despite several rounds of consolidation and various acquisitions – vendor support has remained impressive. There were 18 J2EE 1.2 certified servers, and even seven years later there were still 13 (for Java EE 5). I’d be surprised if there weren’t at least 10 vendors supporting Java EE 6 at some point – even after Oracle has assimilated BEA and Sun.

Despite its huge adoption, Java EE and the process by which it is defined (the JCP) has drawn a lot of criticism. Releases have often fallen short of expectations, been perceived as overly complex or taken too long to deliver; but despite the criticisms nobody can deny that Java EE has been a huge success. Java EE is not just a specification – its grown into an entire category of the software industry. I can think of no other technology that has bought so many competing vendors together to define such a broad and widely use platform.

I’m sure the JCP isn’t perfect and I’m sure vendor politics gets in the way of progress from time to time and Sun’s stewardship of Java hasn’t been flawless but step back and try to imagine what our industry would be like without an open and collaborative Java ecosystem. It will be interesting to see whether Oracle take a different approach (as they’ve suggested in the past) when they become the new stewards of Java. Let’s hope hey continue to encourage collaboration and diversity.

The various expert groups that define the Java platform is not, as many suggest, completely controlled by big vendors. My own company Red Hat is not an industry behemoth, there are divisions and offices within companies like IBM and Oracle that are bigger than Red Hat and JBoss, the middleware business unit of Red Hat is only a part of the entire company. Despite that – Red Hat has demonstrated yet again it’s willingness to punch way above it’s weight and has had an influence on Java EE disproportionate to it’s size. Congratulations to Gavin King, Pete Muir, Sacha Labourey. Emmanuel Bernard, etc for tirelessly pushing for simplicity in the EE platform.

JBoss AS 6 Milestone 1 is out and includes some of the key Java EE 6 features. Releases seem to be coming pretty frequently so you’ll see more EE 6 feature appearing over time.

JBoss : Vision and Execution

Another nice score card from Gartner puts JBoss Enterprise App. Platform in the leader’s quadrant of the Gartner Magic Quadrant for Enterprise Application Servers. That’s the fourth year in a row, in case you were wondering. Unscientific as it is – comparing with last year I’d say the leaders are widening the gap (cumulative advantage ?) and JBoss specifically has inched up on the Ability to Execute axis.

Interestingly, were joined by a couple of other PaaS vendors in the MQ this year – it will be interesting to see if there really is a new wave of infrastructure bearing down on the established platforms. The contemporary PaaS offerings I see today under-achieve as general purpose developer platforms and that leaves them competing with IAAS based on more traditional / established technology (Java, .NET) on cost and convenience terms. It will be good to see “Cloud” get beyond the current over-hyped phase so we can see how this will play out.

More Red Hat commentary here.

Releases / Lifecycles and other Product Management Miscellany


This week we GA’d JBoss EAP 5.0. As you’d expect from a new release there’s a long list of new features, capabilities and APIs and at some point I’ll talk about those some more. But the intention of this post is to give you an idea of some of the other less visible things that have happened with this release. EAP 5.0 marks a key milestone in the evolution of JBoss and demonstrates where we’re heading with the JBoss Platforms.


We set some pretty aggressive performance targets for this release. By comparison to JBoss EAP 4.3 we see an increase in peak throughput of about 20%, faster response times and more scalable HTTP connection handling. Performance is an ongoing activity and we’re continuing our investment in improving it in future releases. Performance at any cost is interesting to few outside of Formula 1 and Rocket Science and it isn’t a goal – we’re specifically interested in price / performance using a broad range of typical, real-life workloads.


Popular Open Source technologies (like JBoss AS – on which EAP is based) have always had the benefit of a large community who actively poke and prod. and push the software in different ways; who peer into the design and code and offer improvements.The result is some pretty decent, efficient and well polished code. But with the JBoss platforms we go one (or several steps) further. For EAP we had a long and active Early Access Program. It started back in April and is only now winding down as FCS customers complete their work. The diagram Below illustrates how we connect the AS and EAP lifecycle, the upstream (AS) GA essentially starts our EAP Early access program. This allows enterprise customers to start using a stable (though incomplete) release with the full backing of Red Hat Global Support.

Screen shot 2009-11-06 at 9.50.09 AM.png

Obviously the diagram is a massive oversimplification – EAP is more than AS – it is the integration point for Seam, RESTEasy, the installer, mod_cluster and the Apache Native components.

With every release we also enhance our QE coverage; in the case of this release there was a bigger focus on Performance, Stress and Longevity testing using larger and more complex topologies and a broader range of workloads.


We’ve also refreshed and restated our product update and support policy for all JBoss platforms – the hope is that it’s more clear, better aligned with other products from Red Hat and puts even more distance between us and our Open Source competitors.

Screen shot 2009-11-06 at 9.54.11 AM.png

Ease of Use

A while back we kicked of an Internal initiative called “Andiamo” – I talked a little about it at JBoss World, and Mark wrote about it recently. While much of what we have planned around Operational and Development Ease of Use is planned for release beyond EAP 5.0, EAP 5.0 does lay the foundation for some of the things we need to achieve. The new Microcontainer provides us a very flexible and powerful toolbox that will allow us to build the middleware platform for the next decade. Specifically around ease of use, and as a taste of things to come we did provide a first cut of the new embedded console (it replaces the old JMX and Web Consoles). It has pretty limited functionality right now but I think it achieves the goal of making simple tasks simple to do.

What’s Next ?

The EAP Springtime Release (nominally EAP 5.1) is well underway and we’ll be pushing for even greater performance gains as well as defining the target platform for an upcoming Common Citeria (EAL 4+) certification.

We’re also underway with the EAP Lancer Release (nominally EAP 6.0) which will be the first major output of the Andiamo work as well as supporting the new Java EE 6 platform.

Onwards and Upwards.

Tab Sweep : JBoss World 2009

JBoss World 2009

JBoss World 2009 is just under 3 weeks away and it’s still not too late to register. GEICO CIO Jess Reed will be one of the keynotes this year underlining that JBoss World is a great place to come and learn how other organizations just like you have saved money and improved performance and stability by moving to JBoss and Red Hat.

“GEICO is the 3rd largest passenger auto-insurer in the US and provides coverage for 9 million policyholders.”

“Reed will highlight GEICO’s deployment of Red Hat’s JBoss Enterprise Middleware and their use of open source middleware software for mission critical platforms”

You can even save money ($400) on saving money by registering before the event.

I’ll be at Red Hat Summit / JBoss World all week and have a couple of sessions talking about JBoss Enterprise App. Platform both present and future. If you’re around and want to chat – get in touch.

JBoss EAP 4.3 Achieves Security Certification


A few weeks back JBoss Enterprise App. Platform 4.3 achieved Common Criteria Certification at Evaluation Assurance Level (EAL) 2+ – here’s the press release and here’s the evaluators updated page.

Common Criteria Evaluation is an internationally recognized standard that defines a  framework for computer systems users to specify security requirements; for vendors to implement them and for third-party evaluators to test them. The Evaluation process ensures that this is all carried out in a consistent, formalized and standard way.

The Evaluation Assurance Level (EAL) describes the “depth and rigour” of the evaluation not necessarily the security hardness. Though products certified at Level 7 (the highest) are likely to be deployed more demanding and secure environments than a product certified at Level 1 (the lowest). EAL 2+ means the products have been evaluated in collaboration with the vendor (eg. to provide development, design and test documentation).

What this means is that customers who care about security (who doesn’t ?) can be assured that JBoss Enterprise App. Platform 4.3 will meet commonly accepted, best practice security requirements. Even outside military and government use, who use Common Criteria as a benchmark, this evaluation should demonstrate Red Hat’s commitment to security. It’s a long and fairly involved process and the costs aren’t insignificant.

This is the first successful evaluation for a JBoss product but the JBoss Data Services Platform is currently in process and we’re already planning for a more stringent evaluation (higher EAL) for JBoss EAP 5.x.