IBM WebSphere Application Server

WebSphere Application Server (WAS) is a software product that performs the role of a web application server. More specifically, it is a software framework and middleware that hosts Java-based web applications. It is the flagship product within IBM's WebSphere software suite. It was initially created by Donald F. Ferguson, who later became CTO of Software for Dell. The first version was launched in 1998. This project was an offshoot from IBM HTTP Server team starting with the Domino Go web server.

Architecture
WebSphere Application Server (WAS) is built using open standards such as Java EE, XML, and Web Services. It runs on the following platforms: Windows, AIX, Linux, Solaris, IBM i and z/OS. Beginning with Version 6.1 and now into Version 9.0, the open standard specifications are aligned and common across all the platforms. Platform exploitation, to the extent it takes place, is done below the open standard specification line.

It works with a number of Web servers including Apache HTTP Server, Netscape Enterprise Server, Microsoft Internet Information Services (IIS), IBM HTTP Server for i5/OS, IBM HTTP Server for z/OS, and IBM HTTP Server for AIX/Linux/Microsoft Windows/Solaris. It uses port 9060 for connection as the default administration port and port 9080 as the default website publication port.

The "traditional" (as opposed to the Liberty variant) WebSphere Application Server platform is architected as a distributed computing platform that could be installed on multiple operating system instances, collectively referred to as a WebSphere cell. Management of all the instances could be done from a management node – called the Deployment Manager – within the cell, and deployment of applications – including the ability to perform rolling updates – could be pushed out to a subset of the cell nodes. The configuration information for the entire cell (how many nodes there are, what applications are deployed to each, how the applications are configured, session management and details of other resources, etc) are tracked in XML configuration files that are distributed throughout the cell to every node. Over the product lifetime, the implementation of these configuration details went from files, to database-based (around v3.5), and back again to files (around v5).

Given the distributed install, and given also that management of the entire cell required management of local effects (such as deployment, logging configuration, etc), the overall effect was that WAS security could often override local security if not configured properly. For example, in earlier versions of the management console, there was an option that was available to specify the location of a log file on a remote node. This could be used to read/write to an arbitrary file on that remote node. For this reason, it was not advisable to run the application server / node agent processes with root privileges, and starting with v6, security configuration defaulted out of the box to a secure state (even if this meant that enabling desired functions required manual changing of the defaults). Originally, all nodes of the cell were in a single domain for management as well as application security. However, starting with v6.1, there can be multiple security domains and administrative and application security can be separate.

Many IBM products (such as IBM InfoSphere DataStage) use WebSphere Application Server as the base platform for their infrastructure.

Version history
IBM has shipped several versions and editions of WebSphere Application Server.

In the first beta versions, WebSphere had been called Servlet Express.

Although the versioning scheme x.1 and x.5 would usually indicate a minor release in the software industry, WebSphere v6.1 and v5.1 are major releases, just like WebSphere v8.5 and v3.5.

WebSphere Liberty Versions
WebSphere Liberty was introduced into WebSphere Application Server V8.5, originally referred to as the WebSphere Liberty Profile, with the same version numbering scheme as the rest of WAS. In 2016 IBM introduced a new fix pack numbering scheme for Liberty to reflect a move to continuous delivery of Liberty in a single support stream – after V8.5.5.9, the Liberty numbering scheme was rebased starting at 16.0.0.2 to reflect Year and Quarter of the Liberty fixpack release. A common level of WebSphere Liberty is distributed as part of the both Version 8.5 and Version 9.0 of WebSphere Application Server. The Liberty continuous delivery model was introduced to allow new capabilities and features to be delivered on a more frequent basis.

Version 9.0
WebSphere Application Server V9.0 adds Java EE 7 and Java SE 8. This brought WAS Application Server traditional up to the same level of Java EE as WebSphere Liberty had offered since 2015. This was the first release of WAS to be made simultaneously available as both an on-premises offering and through WebSphere as a Service on IBM Cloud.

WebSphere Liberty is increasingly the focus for new cloud native applications, with Liberty 16.0.0.2 being the version of Liberty included with WAS Version 9.0.0.0. Liberty 16.0.0.3 adds support for the new MicroProfile programming model that simplifies cloud native application development using standard Java EE technologies. Flexible access to WebSphere Liberty is provided through additional distributions as a docker image and Cloud Foundry buildpack. In September 2017 IBM moved ongoing development of Liberty into a new Open Source project called Open Liberty. Open Liberty is the source for the Liberty runtime in WebSphere Application Server. Distributions of Open Liberty are supported by the OpenLiberty.io community; IBM provides commercial support for Liberty through WebSphere Application Server.

Version 8.5.5
WebSphere Application Server V8.5.5 includes significant enhancements to the Liberty profile including support for Java SE 8, full Java EE 7 compliance since V8.5.5.6, and WebSphere's intelligent management capabilities. WebSphere Liberty's support for Java EE is enabled through the configuration of sets of features, with different sets of Library features available in each edition of WAS. The WAS Liberty Core edition includes the Liberty features required for Java EE WebProfile; all other editions of WAS add Liberty features for full Java EE 7. The WAS Network Deployment Edition adds Liberty features for intelligent management. Beyond this the WAS z/OS edition adds Liberty features to enable z/OS platform capabilities.

Version 8.5.0
WebSphere Application Server V8.5 offers the same Java EE 6 and Java SE 6 (by default) as V8.0 and also provides – and can be configured to run on – Java SE 7. The primary new capabilities in V8.5 are the Liberty profile of WebSphere Application Server and the intelligent management features.

The Liberty profile of WebSphere Application Server is included with all the commercial editions of the server, providing a lightweight profile of the server for web, mobile and OSGi applications. In this release it is a functional subset of the full profile of WebSphere Application Server, for both development and production use, with an install size of under 50 MB, a startup time of around 3 seconds and a new XML-based server configuration which can be treated as a development artifact to aid developer productivity. Server capabilities are engaged through the set of features defined in the server configuration; features are added and removed dynamically through internal use of OSGi services. A new model is provided for moving applications through the pipeline from development to production as a packaged server; this is a complete archive of the server, server configuration and application for unzip deploy. A centralized managed install is optionally available through the Job Manager component of WebSphere Application Server Network Deployment edition.

Intelligent management capability is added in the Network Deployment and z/OS editions of WebSphere Application server. This integrates operational features that were previously available in the separate WebSphere Virtual Enterprise (WVE) offering: application editioning, server health management, dynamic clustering and intelligent routing.

Compute Grid is also included in the Network Deployment and z/OS editions of WebSphere Application server. Previously this was the separately priced WebSphere XD Compute Grid feature for scheduling and managing Java batch workloads.

Version 7.0
This version was released on September 9, 2008. It is a Java EE 5 compliant application server.

Following are the flagship features introduced by WebSphere Application Server Version 7:
 * Flexible Management facilitates administration of a large number of WebSphere Application Server base edition and Network Deployment topologies that might be geographically distributed

Between the general availability of WebSphere Application Server V7 and WebSphere Application Server V8 (in 2011), a number of additional capabilities were made available for V7 in the form of feature packs which are optionally added to a V7 install. Feature Pack content has the same quality and support as main release content – the purpose of a feature pack is to deliver new innovation before the next major release. The following feature packs were provided for WebSphere Application Server V7:
 * Business-Level Application is used for managing application artifacts independent of packaging or programming models
 * Property Based Configuration feature simplifies the experience of automating administration: an administrator can update the WebSphere Application Server Version 7 configuration using a simple property file
 * Feature Pack for Modern Batch
 * Feature Pack for OSGi Applications and JPA 2.0
 * Feature Pack for SCA
 * Feature Pack for Web 2.0 and Mobile
 * Feature Pack for XML
 * Feature Pack for Communication Enabled Applications

Version 6.1
This version was released on June 30, 2006. On September 11, 2012, IBM extended the end of service for V6.1 by a full year, to September 30, 2013, and announced new version-to-version migration incentives and assistance. It is a Java EE 1.4 compliant application server and includes the following function:
 * Support for Java Standard Edition 1.5
 * Support for running JSR 168 Portlets in the application server
 * Session Initiation Protocol (SIP) Servlets
 * Enhancements to the WebSphere Install Factory
 * IBM Support Assistant
 * IBM JSF Widget Library
 * Simplified Administration
 * Improved Certificate and Key Management
 * Security Enhancements
 * Administration of IBM HTTP Server from WebSphere Admin Console
 * Support for (pre-OASIS) WS-Security 1.0
 * Support for Web Services Resource Framework and WS-BusinessActivity (WS-BA)
 * Support for JSR160 JMX Remote Connections (From IBM Agents Only)
 * Administrative Console Jython Command Assistance
 * Enhanced scripting. This version started the deprecation process for the Jacl syntax.
 * 64-bit servants and a new Apache-based IBM HTTP Server for z/OS

Support for the EJB 3.0 technology and support for some webservices standards were provided by the EJB feature pack and the webservices feature packs, respectively. These function in these feature packs has been folded into the main product in version 7. Functions in the webservices feature pack include:


 * Asynchronous programming model (Limited functional support)
 * Multiple Payload structures
 * StAX (Streaming API for XML)
 * WS-RM (Limited functional support)
 * Support for (OASIS specified) WS-Security 1.0.
 * WS-Addressing (Limited functional support)
 * JAX-B support
 * Policy Set (Limited functional support)
 * Secured thin client (Limited functional support)
 * SOAP (protocol) Message Transmission Optimization Mechanism (MTOM)
 * Supports CGI and CORBA

Version 6.0

 * This version was released on December 31, 2004. It is a Java EE 1.4 compliant application server. Security enhancements include support for JACC 1.0 and (pre-OASIS) WS-Security 1.0.
 * Support for Java Standard Edition 1.4
 * Many programming model extensions previously found in WebSphere Application Server V5.0 Enterprise Edition were moved out of enterprise and into Express and Base. These APIs included application profile, startup beans, the scheduler, and async beans.
 * The JMS engine, now called "WebSphere Platform Messaging," was rewritten in 100% Java and its functionality greatly enhanced. (WebSphere MQ is still supported as the JMS provider and is interoperable with WebSphere Platform Messaging.)
 * The clustering was rewritten to use the high availability manager. This manages all singletons in the WebSphere environment and can provide hot recovery for those singletons.
 * WebSphere was modified so that a shared file system can be used to store transaction logs and this meant that any cluster member with that shared file system mounted can hot recover in-doubt XA transactions with no external HA software.
 * The Deployment Manager's role was eliminated from all clustering runtime operations. It's only required for centralized JMX admin and config changes.
 * Now supports running mixed version cells (V5 to V6) in production.
 * WebSphere Application Server for z/OS
 * Provides the same core functionality as Network Deployment, since it shares a common programming model, but still contains the platform advantages such as:
 * z/OS Workload Manager for prioritized management of mixed workloads
 * Resource Recovery Services (added transactional integrity for complex, critical transactions)
 * Support for security mainframe products such a RACF
 * Advanced vertical scaling for application server by featuring a unique control region (integrated control area) server region (where workloads are completed) separation which enables the control region to open and close server regions as needed by the volume of incoming requests
 * Parallel Sysplex support for full participation in the Sysplex, enabling advanced failover support and a geographically dispersed environment that seamlessly acts as one with a centralized logging and management facility
 * WAS XD as it is known increases the functionality of the application server in two main areas – Manageability and Performance. It also allows makes possible new configurations, such as dynamic virtualization between pools of application servers.
 * Under the performance header the ObjectGrid component was added, which is a standalone distributed cache that can be used with any application server (any version with a 1.4 JDK) or with any J2SE 1.4 runtime, including zLinux and z/OS support.
 * Community Edition
 * Code based on Apache Geronimo project

With Version 6, some of the functionality previously found in WebSphere Business Integration Server Foundation (WBISF) moved into the new IBM WebSphere Process Server. Other function moved into the other editions (Express and above).

Version 5.1
This version was released on January 16, 2004. It is a J2EE 1.4 compliant application server.
 * Express
 * Base
 * Network Deployment
 * WebSphere Application Server for z/OS
 * Version 5.1 for z/OS is the first to support zAAP engines.
 * WebSphere Business Integration Server Foundation V5.1
 * This is the follow on product to WebSphere Application Server Enterprise Edition V5.0. The workflow engine was updated to support BPEL rather than the proprietary FDML format used in V5.0. The product was also repriced and available on all IBM platforms from the Intel environments to the mainframe.
 * WebSphere eXtended Deployment (XD)

Version 5.0
The version released on November 19, 2002. This was a J2EE 1.3 certified application server. It was a major rewrite of the V3/V4 codebase and was the first time WebSphere Application Server was coded from a common codebase. Now WAS across all deployment platforms, from Intel x86 to the mainframe, are substantially the same code. The database-based configuration repository was replaced with a replication XML file-based configuration repository. A service called the Deployment Manager had the master copy of the cell configuration, and nodes had the file(s) they needed copied from this master server whenever they changed. V5 also included a miniature version of MQ 5.3 called the embedded Java Message Service (JMS) server.
 * Express Edition replaces the Standard Edition. Express now becomes the term to indicate SME-oriented offerings from IBM, across all its software brands.
 * Base
 * Network Deployment. This version supports deployment of a cell configuration with cluster and J2EE failover support. It now also includes Edge Components, previously known as Edge Server. This provides a proxy server, load balancing, and content-based routing.
 * Enterprise Edition. This version added a workflow engine, called the Process Choreographer, for the first time but predates the BPEL standard. It also added the first fully supported application threading model called WebSphere Asynchronous Beans.
 * WebSphere Application Server for z/OS. This version is essentially the same as the Network Deployment product but is optimized to take full advantage of z/OS features, such as Workload Manager, to leverage the key technologies that make the mainframe indispensable for mission-critical, scalable, and secure workloads.

Version 4.0
This was a J2EE 1.2 certified application server. It inherited the database-based configuration model from V3.x for all but the single-server edition, which already used an XML datastore.
 * AE (Advanced Edition)
 * AEs (Advanced Edition single). Single-server edition that was not able to run in a cluster configuration.
 * AEd (Developer Edition). Functionally equivalent to AEs, but intended only for non-production development use.
 * EE (Enterprise Edition)

Version 3.5 (and 3.0)
WebSphere 3.5 is the first widely used version of WebSphere. Shown below is WAS v3.5 startup in a terminal on IBM AIX RS6000 system:



As shown in the figure, at the root of the processes is the main WAS bootstrap process: a Java JVM machine by itself, that is started first then followed by multiple JVM processes that are spawned underneath it, each of which represents an enterprise application with its own classloader. Since classes are loaded from multiple JVMs, then WAS provides configuration flags to manage the visibility of the loaded classes. In addition, the administrator or programmer needs to be aware of the hierarchy (the position of the .ear or .war and what goes in the MANIFEST) to manage the visibility of the classes. The following figure shows the class loading hierarchy in a concentric ring. The visibility of the classes is important, otherwise colliding classes may cause type casting error during runtime of the application server.

Version 2.0
IBM adds JavaBean, CORBA and Linux support. Comes in two editions: Standard Edition (SE) and Advanced Edition (AE).

Version 1.0
Initial release in June 1998. Was primarily a Java Servlet engine.

Security
The WebSphere Application Server security model is based on the services provided in the operating system and the Java EE security model. WebSphere Application Server provides implementations of user authentication and authorization mechanisms providing support for various user registries: The authentication mechanisms supported by WebSphere are:
 * Local operating system user registry
 * LDAP user registry
 * Federated user registry (as of version 6.1)
 * Custom user registry
 * Lightweight Third Party Authentication (LTPA)