Mission-critical Web-based applications customer self-service, distribution channel and supply chain management, online trading and banking must be deployed on a cluster of servers in order to provide scalability and high availability. Scalability means that servers can be dynamically added or removed as needed to meet user demand, and that the overall load of requests is distributed among the servers so that resources remain fully utilized. High availability means that there is no "single point of failure" in either the system or the application, and that requests automatically failover from nonworking components to working components. Ideally, clustering should be transparent to applications: externally, the cluster should present a "single-system image." In addition to simplifying the task of application development, this allows off-the-shelf components to be deployed without modification.
The Java Enterprise APIs are rapidly becoming the primary programming model for Web-based applications. These APIs present two particularly challenging aspects for a clustering solution. First, they require integration with front-end Web servers, a fixed technology that is external to the cluster. Second, they require back-end management of objects, which by their nature have internal state. In contrast, conventional middleware such as TP monitors generally support only stateless RPC-based services. The hard part about managing state is that excessive communication between servers to replicate objects for availability, for example can interfere with scalability.
The BEA WebLogic Server provides an integrated implementation of the Java Enterprise APIs. A BEA WebLogic Cluster is a group of WebLogic servers that coordinate their actions to provide scalable, highly available services in a transparent manner. Since the WebLogic Server is written entirely in Java, WebLogic clusters are independent from the underlying hardware and operating system.
Thus a WebLogic cluster can be composed of, say, uniprocessor Intel machines running Microsoft NT, large-scale Sun multiprocessors running Solaris, and IBM AS/400s. In contrast, platform-specific clustering solutions require that every node run the same operating system. Of course, this allows them to use proprietary hardware, such as shared disks, multitailed disks and high-speed interconnects, for communication between servers. As an alternative, WebLogic uses highly optimized protocols based on new commodity technologies such as IP multicast.
This JDJ feature article presents an overview of BEA WebLogic Clusters.
Architecture of a BEA WebLogic Cluster
Figure 1 shows a high-level view of the architecture of a WebLogic cluster. BEA WebLogic Server provides software-based clustering to ensure scalability and high availability for Web and Java deployments. WebLogic clustering uniquely supports transparent replication, load balancing and failover for Web page generation (presentation logic) and Enterprise JavaBeans components (business logic).
The Web server front end supports dynamic construction of HTML pages using Java Servlets, Java HTML and Java Server Pages (JSP). The application-logic back end hosts objects and components using Java Remote Method Invocation (RMI), Enterprise Java-Beans (EJB) and the Java Naming and Directory Interface (JNDI). Other back-end Java Enterprise APIs, such as JDBC and JMS, are clustered using RMI, EJB and JNDI in much the same way as applications. The front and back ends are made up of rather different components that are clustered independently.
The Web Server Front End
A WebLogic cluster may be positioned behind standard Web servers such as Netscape Enterprise Server or Microsoft Internet Information Server (IIS). HTTP requests from Web clients, such as browsers, may be handled by these Web servers or the WebLogic front end. Requests for dynamically generated pages are proxied from the Web servers to WebLogic Servlet/JHTML/JSP engines in the front end. This is accomplished using Web server proxy plug-ins, e.g., defined according to the Netscape API (NSAPI) or the Microsoft Internet Server API (ISAPI).
The first line of clustering uses "DNS Round Robin" between the Web clients and the Web servers. DNS, the Internet's Domain Name Service, resolves a Web site's name to a list of IP addresses for the site's Web servers. Each time it gets a lookup request, DNS shuffles the list of addresses it returns. A Web client generally contacts the first server on the list provided by DNS. After some timeout period, or if this server fails, the client makes another DNS request and continues with a new server. This provides a simple form of load balancing and failover. It is possible to install more sophisticated IP-level load balancing and failover schemes that, for example, take into account Web server load, remove failed servers from the list returned by DNS and/or ensure that a client session is always handled by the same Web server (modulo failures).
The second line of clustering is for dynamically generated pages and goes between the Web servers and Servlet/JHTML/JSP engines in the front end of the cluster. The Web server proxy plug-ins perform load balancing and failover between the Servlet/JHTML/JSP engines. They use a session-level round-robin algorithm that is weighted by information about server load, which is piggybacked onto HTTP responses. If the WebLogic front end is configured to handle all HTTP requests, so that the standard Web servers are missing, then the situation looks even brighter.
Since the load balancing and failover algorithm is part of the server, it uses information about server load that is shared across the cluster as a matter of course. More important, this algorithm prefers the local Servlet/JHTML/JSP engine, unless the load is very unevenly distributed, so the request never has to leave the address space of the JVM.
When a Web client first contacts a cluster of Web servers, a session is created that lasts until some idle timeout expires. The Java standards include the notion of Servlet Session State, which is automatically retained on the servers during the session. As an example, Servlet Session State might be used to retain the contents of a shopping cart in a retail application. WebLogic clusters provide for highly available Servlet Session State using disk-based or in-memory replication (as described in more detail later).
The Application-Logic Back End
In the back end, a user- or system-level service is clustered by making an instance of an object (RMI) or component (EJB) that provides the service available on several different servers. An unclustered service is invoked by calling methods of a stub, which marshals the arguments and passes them to a particular remote object. A clustered service is invoked by calling methods of a smart stub, which can find the possible instances of the service and switch between them as needed for load balancing and failover. A variety of load balancing and failover algorithms are provided. It is possible to specify the particular algorithm to use with a given service at the time that service is deployed.
The default is a transaction-level round-robin algorithm that attempts to colocate all services invoked within the same transaction. This algorithm takes server load into account only if the stub appears on a server, since load information is expensive to obtain on a client.
When the Servlet/JHTML/JSP engine invokes a clustered back-end service, server-side load balancing occurs. A programmed client may invoke a clustered service directly, resulting in client-side load balancing, or it may have the service invoked on its behalf within the cluster.
There are two forms of clustered back-end services: stateless, which are instance-neutral; and stateful, which are instance-specific. These forms are treated quite differently within the cluster.
A stateless service may not maintain state on behalf of an application, rather like a conventional RPC. It may of course access application state, but only by loading it temporarily into memory from a database, file system or other external medium. The EJB component model provides a natural way of implementing stateless services, namely, stateless session beans. Stateless services can also be implemented as RMI objects, but then it is up to the programmer to abide by this restriction.
The stateless service model has been widely advocated because it promotes scalability. There are two reasons for this. First, it obviates the need to back up state in the interests of availability, e.g., by replicating it within the cluster. Second, it allows load balancing to occur on every invocation of the service. This is because the service is "instance-neutral," that is, it doesn't matter which instance of the service is invoked.
When a stateless service is deployed in a WebLogic cluster, an instance of the service is created on each server that hosts it. A smart stub obtains references to these instances from the clusterwide naming service and switches between them as needed for load balancing and failover. Retries occur only if it can be guaranteed that a failed operation did not have side effects, e.g., because it never got started, it was transactional and an abort clearly occurred, or it was declared to be idempotent. If such cases do not apply, application code may contain explicit retries, perhaps after undoing side effects. Other than this, clustering is completely transparent to the application.
WebLogic clusters support an important special case of stateless services: service factories that create unclustered stateful service objects. The factory itself is stateless, so its stub can do load balancing and failover in the usual way. The service objects created by the factory are not clustered, however, and may therefore maintain state on behalf of an application. Since this state is not backed up, it will be lost if the object fails. Application code must therefore contain an explicit retry loop that creates a new instance of the object. EJB stateful session beans fit naturally into this model, since they are not persistent. This model may also be used with RMI objects.
A stateful service may maintain state on behalf of an application. Such a service is "instance-specific" in the sense that each request is intended for a particular instance of the service. In a cluster, the state must be backed up in the interests of availability and can migrate in the interests of load balancing or availability. The cluster must therefore provide some kind of internal activation service that finds or creates service instances. If an instance can be concurrently used by several clients, as is the case for persistent components such as EJB entity beans that are accessed by a global key, then this service must ensure that conflicts do not arise.
One approach to state maintenance is to keep the state in a database or other persistent store. This is particularly suitable for persistent components, but may also be applied to transient objects. This approach scales like stateless services, and in fact differs only in that the latter requires explicit disk reads/writes. The activation service can avoid concurrency conflicts here simply by relying on underlying database locking. In a WebLogic cluster, EJB entity beans always use this approach (see Figure 2).
A related approach is to maintain a write-through cache, which keeps a current copy of the state in memory to avoid subsequent reads. This makes it considerably harder to avoid concurrency conflicts, and doing so can interfere with scalability. Databases are very good at caching objects in memory and doing the minimal disk I/O necessary to provide transactional protection. Application servers may not do much better for persistent components, and so such caching may be best applied to transient objects that are used by a single client.
A third approach is to keep a secondary copy in memory on another machine. This is of course more susceptible to failures and isn't suitable for persistent components. The hard part here is determining when and how the state of an object has changed. (Persistent components are generally just written out on transaction boundaries.) If the application programmer is made responsible, presumably through some proprietary API, then the feature becomes harder to use. If the system is made responsible, then the feature may be less efficient since unnecessarily large updates may be performed more often than necessary.
In a WebLogic cluster, stateful session beans and RMI objects can be configured to use in-memory replication. The replication system relies on the programmer to determine when and how the state of an object has changed. It then takes care of transporting an update delta from the primary copy to the secondary copy. Scalability comes from distributing the primaries and secondaries across the cluster. This is in contrast to replication systems that keep all of the objects on (1) a fixed-size subset of the servers or (2) all of the servers.
The Naming Service
Access to clustered services is obtained through a JNDI-compliant naming service, which is itself replicated across the cluster so there is no single point of failure. To offer an instance of a clustered service, a server advertises a provider at a particular node in the replicated naming tree. Each server in the cluster adds a stub for this provider to a service pool stored at the node in its copy of the tree. When a client looks up the service, it obtains a smart stub that knows about the pool at this node. When the stub needs to find a provider for load balancing or failover, it chooses from a list obtained from this pool.
The BEA WebLogic Server had evolved to meet the demands for scalability and high availability for mission-critical Web-based applications. BEA WebLogic Clusters provide scalable, highly available services in a transparent manner. The challenges of software-only clustering have been met by a combination of careful state management and highly optimized protocols based on new commodity technologies such as IP multicast. Initial measurements show that WebLogic clusters are both high performance and highly scalable. As an example, RMI benchmarks have shown that the throughput of a WebLogic cluster servicing 10,000 active clients scales linearly up to 10 servers, providing a maximum of 7,942 round-trip method invocations per second. In this benchmark, each server was on single-processor running Microsoft NT 4.0 with the JavaSoft JVM and the Symantec JIT. Similarly, tests at IBM have shown linear scaling up to 12 AS/400 processors. In general, experience with the BEA WebLogic Server has shown that Java and EJB do not pose limitations on performance as previously believed, and in fact can deliver the levels of performance, scalability and high availability required for mission-critical Web-based applications.
About the Author
Dean Jacobs is an architect at WebXpress, a BEA company, where he is responsible for the WebLogic Server core and WebLogic clusters. He received his Ph.D. in computer science from Cornell University in 1985. He can be reached at