Professional Documents
Culture Documents
Migration To WebSphere Liberty
Migration To WebSphere Liberty
Migration To WebSphere Liberty
Introduction/Overview
Introduction/Overview: What, Why and IBM Strategy Alignment
What?
• Migrate traditional WAS to Liberty
Why?
• Align with IBM product strategy
• Benefits of Liberty and cloud native
IBM will provide standard support for WebSphere Application Server versions 8.5.5 and 9.0.5, with IBM JDK 8,
through at least 2030. For WAS 8.5.5 and WAS 9.0.5 - WAS ND, WAS (Base) and WAS Family Edition.
Concerns About Ramp Up and Adoption
Concerns About Ramp Up and Adoption
Technical details shown in this presentation are to show some of the underlying mechanisms
OpenShift Administrators will need more in-depth knowledge (Administration is not covered in this deck)
Do developers have to go through a big learning curve and ramp up on Docker, OpenShift, etc?
• See slides for deployment and config mgmt using docker and OpenShift, automation insulates developers
• Eventually, they'll need to ramp up, but they can be immediately productive on a team b/c of the automation
• Adoption pays off: workflow is arguably easier and better (e.g. faster turn-around for debugging) than traditional workflows
• TA's knowledge base (tWAS Liberty issues + fixes) regularly updated with what SMEs find on each of IBM's migration engagements
WAS Family + Why Choose Liberty - Benefits of Liberty and Cloud-Native
App runtime, scaling, & load balancing independent from other apps
Liberty
• Deployed in Container (via Liberty Image) or on VMs / Bare Metal
• Different server than WAS Profile
• IBM's strategic direction
• Composable via adding features in server.xml
• For container deploy, image is either 'full' or 'kernel' & add features to kernel to achieve
'Liberty Base', etc.
WebSphere Family of Products - Packaging, Licensing
Packaging/Licensing
• WebSphere Hybrid Edition
• Suite of WAS Family Products + tools
• CP4A is no longer sold (replaced by WHE)
but it's supported
Liberty
traditional WebSphere
Cloud-Native
Stability
Containers/Kubernetes
O/S, Database Currency Modernization
Lightweight/Efficient
Security Currency
Latest Technologies
Java 8 support till at least 2030
Demo
Modernization Goals and Benefits
15
Modernization Benefits
Architectural Runtime Operational
Modernization Modernization Modernization
16
Modernizing Java Application Estate
Progressive modernization
Application
Estate
Traditional
Traditional WebSphere Liberty
Application ‘base’
Server
in VMs
Containers VMs/Containers Containers
Transformation Advisor ?
✅ ?
✅ ?
Modernizatio
n Tools App Migration Toolkit ✅ ✅
Mono2Micro ?
✅
Modernization Tools
18
App Modernization Tools
accelerate the planning, sizing and execution of the modernization journey
Lowering costs – Reducing development and 1. TA finds each migration issue (e.g. code change,
management cost compatibility issues) and the fix required.
2. Determining code changes and each specific change
Transform and innovate needed are time consuming and require SMEs. TA do this
Agile delivery automatically.
Monolith
Modernize Modernize Modernize Integration
Operations Runtime Architecture
⎼ App Connect
Enterprise (IIB)
Optimum modernization depends on workload needs!
http://ibm.biz/cloudta 22
How IBM Cloud Transformation Advisor works
RHOCP or Desktop
1. Install Transformation Advisor from the IBM Catalogue
Transformation on RHOCP, or use TA Local on your desktop and access
Advisor
the UI from your browser.
Migration 2. Download and run the Data Collector (or the
Artifacts
latest Binary Scanner) on your on-premise servers,
where your applications are already deployed.
Liberty Container
3. Data Collector sends results back to TA or are uploaded
through the browser.
On-premise 4. Transformation Advisor’s analysis provides
TA Data app-specific insights, guidance and developer effort
Collector
sizings based on practitioners’ experience to move your
application to the cloud.
5. Use the customized migration artifacts created by TA
allow you to easily configure the runtime, containerize and
deploy the application.
IBM Transformation Advisor (TA) includes
Simple:
No code changes
required
Moderate:
Some
well-understood
remediation needed
Complex:
May need to rearchitect
or continue as-is
25
Distribution of 3800+ customer applications
16%
83%
1%
Simple Moderate Complex
26
Application Dev Cost
+
700
Applied Results in
against a list of
Application issues
Expertise gained in
modernization services
engagements
Application’s
Dev cost to Dev cost to Dev cost to Dev cost to
Dev Cost
remediate remediate remediate remediate
issue 1 issue 2 issue 3 issue X
27
Individual Application Recommendations
28
TA’s Enterprise-wide Modernization View
Jar2 Jar3
Jar4
➤ Remediating common code in a JAR one time Jar1
speeds modernization of all applications
that depend on it
http://ibm.biz/wamtdownloads 33
WebSphere Migration Toolkit - Binary Scanner
– Commandline tool that can be incorporated
smoothly into DevOps Pipeline
– Binary analysis
– WebLogic, JBoss,
Tomcat to Liberty
– WebSphere
version-to-version – Core analysis within Transformation Advisor data collector
35
Migration from WebSphere to Liberty in OpenShift And Developer 'Cloud Native' Workflow
• Changes needed
Migration Decision: • Time estimate for
Automated analysis IBM Transformation changes
App on tWAS • Compatible
of app for migration Advisor (TA)
runtimes
decision IBM Knowledge
Base (TA)
Decision Tree
Liberty Benefits
Note: IBM WebSphere Migration Toolkit (MT) is for Eclipse. If you're using another
IDE, just keep Transformation Advisor (same analysis) open next to your IDE
Without TA or MT, determining code changes and each specific change needed are time consuming and
require SMEs. TA and MT do this automatically.
TA's Knowledge Base is regularly updated with what SMEs find on each of IBM's migration engagements
If your app doesn't use any tWAS-only features, then no changes will be needed
Application Migration - Determine target runtime compatibility issues and find fixes for each issue
Application Migration - Determine target runtime compatibility issues and find fixes for each issue
Transformation Advisor and WebSphere Migration Toolkit automate this
• WebSphere to Liberty
WebSphere Migration Toolkit (MT)
is integrated into Eclipse to make • WebLogic, JBoss,
this easier Tomcat to Liberty
• WebSphere
version-to-version
Note: IBM WebSphere Migration Toolkit (MT) is for Eclipse. If you're using another IDE, just keep
Transformation Advisor (same analysis) open next to your IDE
Application Migration - Generate Java project w/ dependencies, Create Containerization Artifacts
Application Migration - Generate Java project w/ dependencies, Create Containerization Artifacts
Transformation Advisor generates these artifacts for us
TA analyzes app and This flow is for both the initial migration and
Liberty for ongoing developer build / test / deploy
generates the app's features
Developers do NOT have to know what workflows
required Liberty needed by app
features features to add for their 'just what's needed'
Liberty server. Nor do they need to know
anything about creating this file.
server.xml
IBM Transformation
Advisor (TA)
App's maven
TA analyzes build; build
app and dependencies
provides all of pom.xml is standard maven, but
the app's adding the correct build
dependencies : dependencies (jar files) is needed.
(shared tWAS
pom.xml
libs and other
jars used by
the app /
- App build properties: for ci/cd template-driven build/deploy automation; insulates developers from
knowing any of the build, openshift, etc. commands and mechanisms.
Build Runtime - App runtime env properties that will change (independent of any mechanism such as ConfigMaps)
props env props
Template-
driven CI/CD
Developer Pipeline
Emphasis: Developers Insulated from Containerization and Other Mechanisms For deployment and config management
Emphasis: Developers Insulated from Containerization and Other Mechanisms For deployment and config management
Notice that there are no Dockerfiles, OpenShift artifacts, no docker or OpenShift commands, etc.
server.xml • Developers do not need to know this for deployment and ACM. It will be fully automated.
• Eventually, they'll need to ramp up, but they can be immediately productive on a team for the
main app activities of Deployment, Load Balancing, Scaling and Config Management
• Developer focuses on app; OpenShift, Docker, etc handled by pipeline
/
Application
(If cloud is
used)
These can be used as-is, but require knowledge of some commands for docker & OpenShift (& how to add additional config to Operator's YAML Resource file
Instead, app teams don't need these; these will be used once for guiding creation of the Templates used to generate Dockerfile, OCP Deployment and OCP
Service resource files via the CI/CD Pipeline
T
Use the TA-generated Dockerfile as a guide when
creating the Dockerfile template (with properties
that will be replaced during the CI/CD Pipeline run
with app-specific build values)
Commands to build app
image using Liberty base
image (kernel) + features.xml
IBM Transformation
Advisor (TA)
T T
Use the TA-generated Resource File as a guide when
creating the OpenShift Resource file Templates (with
properties that will be replaced during the CI/CD Pipeline
Resource file for Open run with app-specific build values)
Liberty Operator
Template-
driven CI/CD
Pipeline
CI/CD Automation Pipeline for Deploying to OpenShift - Slide 1 of 2
Dev runs the pipeline (or, when available, uses the Application Configurations Tool )
Image registry
Automation of Docker and OpenShift:
• Image built and loaded into registry OpenShift
• App deployed in OpenShift (Deployment, PODs, Service, Route)
• ConfigMap in OpenShift App (image)
Pipeline will automate Developers don't need to know the OpenShift mechanisms for
setting up autoscaling for + Autoscaling. Instead, they'll provide property values for
the app metric thresholds and # of app instances
CI/CD Automation Pipeline for Deploying to OpenShift - Slide 2 of 2
Compliance Gate
AGILE Security
Code Requirement
Cloud Workbench Delivery Generation
Self Service Portal
Curated Authoring Write Local Test Code
AD group Build
IAM roles
Base Environment Code and Debug Continuous Code Unit Vulnerability Push to
Images Quality Docker
Ref. Architecture Integration Build Test Scan Repo
Scan Container
Target Environment Docker
Platform Type Code
CodeRepo
Repo
Image Repo
Microservices
CI/CD Pipeline
DEV Pipeline
Enterprise QoS Auto Report Performance Functional Auto Integration Deploy Continuous Deployment
Deploy Deploy
Change Compliance Test Test Container Change Test in Container
Container Cluster
Record Evidence Record
Continuous Release
Security and
Compliance
Center
MZRs
Local unit
Pipeline
Day 2 Deploy to Create PROD Report “facts” Performance Functional Deploy to Deploy to
change tests before Dev deploy to controlled
Operations PROD change ticket for audits Test Test QA
ticket code commit environments
Additional Details - CI/CD Automation Pipeline for Deploying to OpenShift - Slide 1 of 2
Build Runtime /
props env props
Application
pom.xml server.xml
Build Runtime
(2) Use app's build props env props
app-specific (template prop vals repaced)
and env props to
create app-specific
containerization T T T Generate app's
containerization
artifacts from artifacts from
templates templates
Build
(4) Build app's props Image registry
image and push it
to a registry + + EAR, WAR,
or JAR
Docker / OCI
Image for app
Route App (image)
server.xml App (image)
Note: Docker is used to refer to the container engine. In reality, it's any OCI-compliant container engine. Note that both Kubernetes and OpenShift
have switched to using CRI-O instead of docker in their installation. Images created with docker CLI are fully compatible with CRI-O.
Additional Details
Additional Details
Application Migration Planning
Application Migration
Planning Example
Application Migration Planning
Low (1) Medium (3) High (5) Low (1) Medium (5) High (10) Total Score
1 1 2
3 1 4
1 5 6
5 1 6
3 5 8
5 5 10
1 10 11
3 10 13
5 10 15
Mission
Complexity Critical
<feature>jsf-2.3</feature>
<feature>servlet-4.0</feature>
jsp-2.3 jsf-2.3
Java EE
servlet-4.0
http-2.0 appmgr
Kernel
55
21.0.0.3
Liberty – The open composable Enterprise Java Runtime
batchSMFLogging-1.0 zosLocalAdapters-1.0 zosTransaction-1.0
56
Simple config Simple to version control for DevOps
<server>
<featureManager>
<feature>jsp-2.3</feature>
</featureManager>
<applicationManager autoExpand="true"/>
</server>
server.xml
https://openliberty.io/docs/latest/reference/config/server-configuration-overview.html
57
Customizable <server>
<featureManager>
<feature>jsp-2.3</feature>
</featureManager>
<applicationManager autoExpand="true"/>
er </server>
server.xml
rd
O
ng
si
com.ibm.ws.logging.console.log.level=AUDIT
es
bootstrap.properties
-Xmx1g
-Dsystem.prop=value Configure JVM
jvm.options
JAVA_HOME=/opt/ibm/java
WLP_OUTOUT_DIR=/usr/wlp-out/ Configure server script
server.env
https://openliberty.io/docs/latest/reference/config/server-configuration-overview.html 58
Overridable
• ‘configDropins/overrides’ allows overriding of existing server configuration
• Use it to override development configuration with production configuration
overrides
overrides
overrides
server/feature defaults
59
Templatizable & Sharable
<server>
<httpEndpoint id=“defaultHttpEndpoint” host=“${host}”
httpPort=“${http}”
httpsPort=“${https}”/>
</server>
common-http.xml
<server>
<include location=“common-http.xml”/>
<include location="https://myHost/ports.xml”/>
<variable name=“host” value=“${my.host}”/>
<variable name=“http” value=“${my.host.http}”/>
<variable name=“https” value=“${my.host.https}”/>
</server>
server.xml
60
Dynamic
• Applications monitored for updates
• dropins folder for simple install of apps
• Configuration files monitored for updates
• configDropins overrides and defaults for config composition
running server
61
Container friendly
Kubernetes ConfigMaps and Secrets can be mapped to:
• Environment variables
• Files – e.g. bootstrap.properties, configDropins/overrides/prod.xml (e.g. role bindings)
configDrops/overrides/
prod.xml
prod.xml
Secret
Environment variables
db-name db-name
db-user db-user
db-pwd db-pwd
Secret Container
Kubernetes
62
Build and DevOps
maven
<plugin>
<groupId>io.openliberty.tools</groupId>
<artifactId>liberty-maven-plugin</artifactId>
<version>3.2</version>
</plugin>
Internal Repository
gradle
dependencies {
classpath 'io.openliberty.tools:liberty-gradle-plugin:3.0’
}
63
Containers and DevOps
FROM icr.io/appcafe/websphere-liberty:kernel-slim-java11-openj9-ubi
FROM docker.io/ibmcom/websphere-liberty:kernel-slim-java11-openj9-ubi
Docker Hub
(docker.io)
Automatically
mirror
install only release
required features build
Internal Registry
64
Liberty in Containers
IBM Cloud Kubernetes Service
app and config Azure Kubernetes Service
+ Hosted
Google Kubernetes Engine
Cloud
Amazon Elastic Kubernetes Service
liberty and java =
+
os config portable Red Hat Open Shift Container Platform
+ container
Private
Cloud Pivotal Kubernetes Service
66
Open Liberty & traditional WAS security (2)
Feature / Capability Liberty traditional WAS
Local OS registry ✔ z/OS SAF only ✔
Kerberos native support ✔ w/ SPNEGO only ✔
Kerberos for database connections ✔ ✔
Fine-grained roles Admin/Reader ✔
Kerberos for LDAP connections ✔ ✔
TLS 1.3 support ✔ ✔ w/ IBM JDK 8
MicroProfile JWT (mpJWT 1.2) ✔ ✘
Jakarta EE 9 Security 2.0 Beta (21.0.0.3) ✘
LetsEncrypt (ACME CA) support ✔ ✘
JWE (JSON Web Encryption for JWTs) ✔ w/ mpJWT 1.2 No (pending)
DISA Security Technical Impl Guide (STIG) Pending ✔
OpenShift OAuth Token support ✔ ✘
OpenShift Operator security integration ✔ ✘
67
Certified Liberty images
IBM Semeru
Runtimes
68
Certified traditional WAS base image
Operational Modernization
Base
Runtime Modernization
ND Liberty
Config
Dockerfile
Certified image libs
71
Embracing Operators
• Extends Kubernetes functionality
• Makes use of Custom Resource Definitions (CRDs)
• Holds the knowledge of how an application needs to be packaged, deployed and managed
72
Without an Operator
Persistent
Namespace ConfigMap Secret
Volume Claim
Service Binding
Application Service Monitor Certificate
Request
73
With an Operator
• Enables:
auto-synchronization of runtime resources
OpenLibertyApplication
• Improves:
usage, maintenance, consistency
74
Input: Application image or ImageStream
BuildConfig
S2I
buildah
CNB
Multi-stage
Application code Application Image or ImageStream
…
Runtime + App
75
Open Liberty Operator
app-deploy.yaml
76
Open Liberty Operator
OperatorHub: Maturity level 5
https://github.com/OpenLiberty/open-liberty-operator
https://operatorhub.io/operator/open-liberty
Operator Hub:
https://operatorhub.io/operator/open-liberty
Certified on 01/11/2020
78
OperatorHub
200+
operators
79
Operations
app
Trace Gathering
OpenShift UI Open Liberty Operator
JVM Dump
Persisted Volume
80
Logging, Tracing and Additional Enabling Technologies
• Cloud Native involves not only containers but also enabling technologies
• We've seen one key pair of technologies : Centralized Logging and Correlated Tracing
• Caching
• For performance and fallbacks
• Different solutions can be used provided as a cloud managed service, non-container service, containerized service
• OpenShift provides DataGrid
• WebSphere provides it (DynaCache) & need to provide alternative solution: e.g. Redis, OpenShift's DataGrid, Hazelcast
• Application Configuration
• Want Immutable Images = code and image don't change based on different property values for different environments
• One solution in OpenShift: App properties overridden by env variables whose values are populated from OpenShift ConfigMaps
• Other Solutions: Spring Config
• Messaging/Kafka:
• Kafka can be installed in OpenShift or outside of it
• Different patterns: Streaming, using Messaging for Events and Commands
License
IBM Cloud Transformation Advisor License
• Use TA_Local for 90 days for free - after that they need entitlement (e.g. CP4A or CP4I)
• License https://www.ibm.com/docs/en/cta?topic=started-license-information
IBM WebSphere Liberty License
Liberty entitlement is included with each WebSphere product with the exception of WebSphere Automation. A wide range
of pricing options exist to address the multitude of customer implementations of IBM® WebSphere®, including perpetual
PVU and monthly VPCs for licensing a server environment.
Questions