Documente Academic
Documente Profesional
Documente Cultură
Systems Engineer
Sun Microsystems, Inc.
Agenda
• Sun ONE™ Overview
• Java vs .NET 1
The IT Advantage for ROA
Do More with Less
A New Role for IT
• Transform the business
• Optimize the value chain
• Move closer to customers
Platform
Operating System, Hardware, Storage, Network
Sun ONE Standards
Service Creation, Assembly and Deployment
UML, BPSS, WSDL, NetBeans
Identity and Policy: Liberty, LDAP, vLIP, SP-DAN, DSML, UDDI, Italic = Emerging/
ebXML,
Future Standard
SASL, SAML, XACML, X.509, PKCS, PKIX, OCSP, CM, CIM-SOAP, WBEM,
Kerberos,
IKE, JAAS, J2SE Policy/Perms, JCA/JCE, P3P, XKMS, XML DSIG, XML Encrypt
Platform: POSIX, NFS, FTP, Bind, Sendmail, DHCP, TCP, IPv6,
Mobile IPv4, IPSec, GSS-API, PPP, Fibre Channel, SCSI, Infiniband
Evolution of Networked Computing
1
Scope of Sun ONE
1
Services on Demand
Services
on Demand
Services on Demand is an umbrella concept for delivering services
any time, anywhere, on any kind of client device. The concept
comprises:
– Internet Web Application delivery platform today
– Emerging infrastructure for basic Web Services
– A roadmap for enhancing Web Services for Federated
Commerce with identity services and contextual awareness
– Specifications for access by current and future deployment
environments: J2EE, J2ME, Jini, JXTA, Grid Computing, etc. 1
Sun ONE Architecture:
Integrated, Integratable
Integrated Stack Integratable Stack
Service Creation, Assembly, and Deployment
Service Creation, Assembly, and Deployment
Applications/
Service Container Core Web Services
1
Sun ONE Studio 4
SOS EE
SOS CE
SOS ME(new)
www.sun.com/software/sundev/jde
1
Sun ONE Studio today
April 2002
• Quantitative feedback 4/ 5 Stars
– Over 1,977,000 downloads
4/ 5 Stars
– Over 4.1 million distributions
March 2001
– Rave reviews and awards (JavaWorld, PC Magazine,
Software Development Online, InfoWorld)
– "We evaluated every Java IDE available and none offered the
Fortefor
flexibility and freedom of the Forte for Java product.”
Java
Tim Ferrell, IT Director McGee Corporation h
Oracle
JDeveloper
1
www.gentleware.com
1
www.gentleware.com
www.refactorit.com
1
Developer Ressources Portal
http://forte.sun.com
● Product Support
– FAQs, Knowledge Base,
Newsgroups, Bug Fixes,
Docs, Fee Based Support,
Web Based Training
● Community Participation
– Newsgroups, Early Access
Program, Chats, Contribute
Content, Advisory Council,
Newsletter
● Java programming support
● Submit and review bugs
● Download patches and modules
1
JSP Debugging - HTTP Monitor
1
Sun ONE Application Framework
1
S1AF – Key Features
Pure J2EE JAVA
•
code) 1
S1Af Architecture
1
S1AF – Architecture
• VIEWS – Provides developers a client agnostic, hierarchical
representation of the model data. Enabling multiple rendering
specifications to reuse common presentation logic, ensuring great
structure and flexibility.
1
Sun ONE Studio and S1AF
1
Useful URLs
• Www.sun.com/software/sundev
• www.netbeans.org
• forte.sun.com
• java.sun.com
• wireless.java.sun.com
• wwws.sun.com
1
Sun ONE Portal Server
1
Portal Computing Is the Solution
Data No Matter Securely Aggregated Targeted
Where It Resides and Personalized Communities
Employee
Enterprise, Legacy, &
Business Intelligence
3rd Party Data and
Information Feeds Supplier
Communication &
Collaboration
Customer
1
Identity Enabled Portal Platform
Data No Matter Securely Aggregated Targeted Any Device
Where It Resides and Personalized Communities
Supplier
Communication &
Collaboration
Process Automation
Servcies Authentication
Mechanism
Identity Identity
Attributes Functions Customer
1
Sun ONE Portal Server
& Identity Management
Sun ONE Personalization Increases Security
Portal Server ● Central control decreases
Portal inconsistencies
● Finer-grained policy
enforcement
Reduces Costs
● Less duplication; common
Sun ONE Identity Server
infrastructure
Delegated Administration ● Integrated, one product
Directory ● IT efficiencies
Web Single
Identity Sign-On Flexible Usage &
Credentials Deployment
Roles & Groups ● Single sign-on
Preferences ● Delegated administration
Policies & Profiles ● Portal installation includes
Identity Server
Centralized ● Multiple portals and
Access Control applications leverage common1
infrastructure
Sun ONE Portal Server Product Line
ce ss c ess
teAc le Ac Q2CY03
o Secure Access to: bi Any Device Access
e
m
Re Intranet File Servers, Legacy Apps Mo
ur Groupware Connectivity
Sec Internal Web Apps VoiceXML, WAP 2.0/WAP Push
User Desktops J2ME Device & Sync Support
Installer
Use of Multi-Roles and Groups
AXA Financial – BtoC and BtoB Portals
Challenge
● Improve customer and partner
interactions while gaining
efficiencies and cost savings
Solution
● Sun ONE Portal Server
(Business to Business and
Consumer Portals)
Benefits
● Platform reusability reduces
time-to-market, lowers
deployment costs
● Lower transaction costs
1
A Single Portal Infrastructure
Serving Multiple Communities
State of New Jersey -- Government Portal
Challenge
● Address the demands of citizens,
employees, other government
agencies and NJ-based
businesses
Solution
● Create multiple portals using
Sun ONE Portal Server as
common infrastructure
Benefits
● The State of NJ realizes
efficiences and cost savings
while creating happy portal users
enabling them to live and work 1
better in the state of New Jersey
Aggregation & Presentation
Delivers integrated
content, applications,
and services through
customizable portlets.
Aggregated
content &
services
1
Personalization
● Tab-based grouping of
content specified by portal
users
● User defined
personalization and
preferences capability
● User Context and
personalization via
Standards-Based Identity
for unified profiles and
policy management
● Administrators control the
customization options,
down to
portlet-level 1
Security
● Support for multiple Authentication Methods
authentication types Windows NT domains
UNIX log-n
● Single Sign On X.509 certificates
LDAP
Sun ONE Portal Server
● Access control RADIUS
SafeWord
● Policy CrytoCard
Java Card
enforcement SmartCard
● Identity
management
1
Secure Web-Based Access
VPN-on-Demand
Secure B2B and B2E
Web-based access solution
Integrated identity
management
Same
authentication Leverage existing
and authorization corporate resources
as on the Intranet via the portal
● Universal access
– Delivers on the promise of the Internet for anytime, anywhere access to key
applications and services 1
How Does It Work?
Gateway
● Delivers encrypted access to data, applications and files securely using
the policy-based authentication and access control mechanism of the
Sun ONE Portal Server
Netfile
● File access
client provides access to most popular file
systems, NT and Unix
Rewriter
● Enables intranet access to HTML, XML,
WML, Javascript and CSS content to remote
client devices (i.e., similar to a Proxy Server) 1
Sun ONE Identity Server
1
Sun ONE Identity Server
● Provides consistent
security policies
Customers Suppliers Employees Partners
across the network
● Supports centralized
Identity
authentication and Management
authorization
● Provides complete
identity lifecycle Communication E-business Enterprise Vertical
management Applications Applications Applications Applications
Solution: Identity Management
Sun ONE Identity Management
Framework
Directory Server Identity Server
Meta Directory
Synchronization, Consolidation
Join, Identity Provisioning
Identity Management Framework Deployment
HR/Database/NOS
Firewall Firewall
www.projectliberty.org 1
Liberty Specification
● 1.0 (July 15, 2002)
Identity Federation / Federation Termination
Name Registration – way to implement Federation that may
speed performance (2 way index)
Single Sign-On
Single Sign-Off (Global Logout)
1
The purpose of this debate
Question: Why are we having this
debate?
1
Sun's purpose
z We want to help you build open systems
z We want to demonstrate how the JavaTM
Community and J2EETM technology give you
choice
z We want to show you how to build services
deployable today on any server platform,
available from any client or device
1
Opposing Strategies
z Sun's strategy: Define open standards for JavaTM,
XML, and Internet protocols with community, then
compete on implementation
● Maximizes your choice in development tools and
deployment environments
● Choice reduces your technical and business risk
z Microsoft's strategy: Corrupt standards with
proprietary .NET lock-ins, bombard the market
with tools supporting their lock-ins, then call .NET
“open” because some (but not all) of its
components are based upon standards
1
Microsoft's Notion of Choice
Which version of
Windows and
Internet Explorer
will you choose?
1
What is the Java™ Platform?
z The Java Platform includes:
● Java Virtual Machine, core APIs, and related
technologies defined by the Java Community in
J2EETM, J2SETM, and J2METM specs.
● Related API and technology specifications defined via
the Java Community Process (JCP)
z Focus on JavaTM APIs as well as
implementations and tools from Sun, partners,
and the Java Community
1
TM
What is the Java Community?
z More than 650 individuals and companies from
● Java in universities:
● 78% teach Java, 50% require it (source: TMC)
1
TM TM
The Java Community: J2EE &
TM
J2SE Executive Committee
● Apache (ASF)
● Apple ● IBM
● BEA Systems ● IONA Technologies
● Borland ● Doug Lea
● Caldera Systems ● Macromedia
● Cisco Systems ● Nokia
● Fujitsu Limited ● Oracle
● Sun Microsystems
● Hewlett Packard
1
The Java™ Platform Enables
Choice, and Choice is Good!
z If Sun™ ONE products meet your needs, great.
z If not, mix and match our products with others'
J2EETM implementations as needed
● We even link to others' implementations (see:
http://java.sun.com/j2ee/licensees.html)
z If your needs change, change the bits to meet
them!
z Learn more:
http://java.sun.com/j2ee
http://www.sun.com/sunone
1
Sun™ ONE and Standards
• The SunTM ONE stack is based upon open
standards at every level:
● Programming model: The Java™ Platform
(J2EE™, J2SE™, J2ME™)
● Business class Web services: Enabled via
ebXML
● Simple Web services: WSDL/UDDI/SOAP
● Unix operating system and Internet networking
technologies
● Project Liberty network identity and SSO
1
The Microsoft .NET Trap
"Microsoft's offering, for example, in each they
said 'When you pick this product, you also have
to pick our operating system.'"
1
Sun's Focus is on Business Web
Services
TM
● J2EE
● Service implementation platform standard
● ebXML and UBL
● Business web services standards
● More than 16 vendors and several open source
projects support ebXML
● ex) Australian gas industry uses ebXML NOW!
● Liberty Project
● Identity system standard 1
Our Approach to Web Services
Standards
● We believe any standard should be
developed
● Through open and inclusive process
● And must be
● Royalty-Free (RF) license
● Agree on Standards and compete in
Implementation
● This is what JCP is all about
1
The Security Problem
Exponential growth of the Internet has lead to
exponential increase in security incidents (now
thousands yearly)
zAttacks by worms and viruses cost $17.1 billion
USD worldwide in 2000
zCode Red, a Windows IIS worm, caused $2.62
1
Sun Security in Practice:
Designed in from the Beginning
• Sun holds secure computing as a core
competency
• We design for security in depth, from
hardware to OS to container to client
● Trusted Solaris, Solaris at EAL3 since 1995 and
EAL4 as of Solaris 8 in 2000, fundamental Java
security baked in
• Sun security resources:
http://www.sun.com/security http://java.sun.com/security
1
Microsoft: 24 Years to Realize
Security is Important
1
"Microsoft" and "Security",
in the same sentence?
• Security is about consistent behavior
• .NET hasn't been around long enough to have
a record in the real world (internal
development does not count), but so far things
don't look good
• Microsoft's security record (or lack thereof)
speaks for itself: Why expect anything
different from .NET?
1
Microsoft: Breaking Your
Software to Fix Their Mistakes
"We're going to tell people that even if
(it) means we're going to break some of
your apps, we're going to make these
things more secure. You're just going to
have to go back and fix it."
Craig Mundie, Chief Technical Officer, Senior Vice
President, and head of Microsoft's “Trusted Computing”
initiative, on why Microsoft's years of ignoring security
issues in their products are your problem, 13 November 2002
http://www.wired.com/news/technology/0,1282,56381,00.html 1
"Microsoft" and "Security",
in the same sentence?
"I can't tell if the Gates memo represents a real
change in Microsoft, or just another marketing
tactic. Microsoft has made so many empty
claims about their security processes – and the
security of their processes – that when I hear
another one I can't help believing it's more of
the same flim-flam."
Bruce Schneier, Founder and CTO of Counterpane
Internet Security, world reknowned security expert, and
author of the best selling "Applied Cryptography" ,
commenting on Bill Gates' infamous January 2002 memo
http://www.counterpane.com/crypto-gram-0202.html#1
1
Palladium: DRM By Any Other
Name...
"Large media corporations, together with
computer companies such as Microsoft and
Intel, are planning to make your computer
obey them instead of you,” he wrote.
“Proprietary programs have included
malicious features before, but this plan would
make it universal."
Richard Stallman, founder of FSF and co-founder of the
GNU project, on Microsoft's plans for Trusted Computing
and Palladium, which he refers to as “treacherous computing”
http://news.com.com/2102-1001-964628.html 1
.NET Wireless Strategy:
Everywhere Windows
z Microsoft doesn't understand heterogeneity:
"The strategy behind the compact framework is to
deliver XML-based Web Services to next-generation,
'smart' mobile devices running on... Microsoft's
Pocket PC and the upcoming Smartphone 2002."
1
Cost to Deploy
● Choose OS and Hardware
● Solaris, Linux, Windows
● Infrastructure costs falling
● Oracle9i Application Server
● Sun ONE Application Server
● JBoss is significant
1
Cost to Maintain
● Portable language and platform.
● http://developer.java.sun.com/developer/technicalArticles/J2EE/deployathon3
1
Cost – Risk
● .NET is fully shipping when?
● What bugs will happen in CLR?
● Security?
● J2EETM is stable proven and mature
● JDK: 1.1, 1.2, 1.3,1.4,1.4.1
● J2EE: 1.2, 1.3, 1.4
● IBM WebSphere: 3.0, 3.5, 3.51, 4.0
● BEA: 3.0,4.0,5.x,6.x,7.x
1
.NET : Deploy/Maintain
● Hidden costs
● Microsoft funding lots (most) activity in
enterprise so it is hard to tell what
development costs are so far.
● Server sprawl 1 app one server=>lots of
machines to manage
● Support contracts are very often
independently negotiated
1
Deploy : Hidden Costs
1
Coolest Thing
True innovation !
(from SmartCard to Mainframe and beyond)
1
Innovation
● JavaCard
● Secure Identity
● Ubiquitous network access
● Smart Card configures the “service” on behalf of
the user
● 260+ Million cards already shipped
● Smart Card is 5 years old
1
Innovation:Networking
● JiniTM
● Spontaneous Networking
● Network Plug and Work
● Services on Demand
● Self Healing Networks
● JXTATM
● Collaboration
● Messaging on steroids!
1
Innovation: Participation!
● Anyone can learn JavaTM/J2EETM
● Anyone can :
● Examine Java/J2EE
● Influence Java/J2EE
● Implement Java/J2EE
● Make money from Java/J2EE
● Millions have learned Java
● Google keyword java = 33,400,000 hits
● Google keyword J2EE = 945,000 hits
1
Innovation: Participation!
● With JavaTM/J2EETM you can:
● Program smartcards to supercomputers
● Copy and share with minimal restriction
1
Freedom: Right to innovate
JavaTM/J2EETM allows companies other than
Microsoft the right and the ability to innovate!
Quick examples:
● Apache Software Foundation
● JBoss
● BEA
1
Truth about Mixed Language
Environment of .NET
• You have to use Microsoft specific extensions or
cannot use certain features of the language in order
to run it in .NET
● It is not ANSI standard C++, COBOL, for example
• Mixed code could be hard to maintain
• Mixed code could be hard to share and
communicate best practices
• Steep learning curve from VB to VB.NET and C#:
Why not try Java programming language instead?
1
Java PetStore the real story!
● Sun creates Java Pet Store as an example of
Multi-tier java/J2EETM design
● MicroSoft creates a brand new application
Stored procedures => SQL Sever only
Built from ground up (no portability here)
Designed for a purpose.
● Oracle tinkers with SQL in Java Pet Store and
runs much faster than the MicroSoft client
server app
1
Java PetStore the real story!
Examples of the 21 things Oracle changed in
Java Pet Store 1.1.2 to blow away M$'s client-
server app.
●InventoryEJB modified to eliminate
unnecessary ejbStore() operations
●InventoryEJB modified to eliminate
unnecessary calls to dao.load()
● CatalogDAOImpl.java
● Some debugging in String handling
1
J2EE scales 400%better than .NET
1
The latest chapter in the fairy tale
1
Spot the problems
● TMC have apologized for a flawed exercise.
http://www.middlewarecompany.com/j2eedotnetbench/message.shtml
● Testing or marketing ?
● JPS is not a benchmark!
● No run rules
● No peer review
● Hard to see any customer benefit
●Very little disclosure (compare with
SPECjAppServer)
●No expert tuning for J2EE but
1
Mi ft i it
Spot the problems
Some more technical insights:
● LOC comparison just wrong, worse it is misleading
http://www.ejbsig.de/docs/PetShopArchitecture.html
●.NET code not even object oriented!
●Pricing is wrong and extremely limited
●JDK version ?
1
Java PetStore : conclusion
● Use industry standard benchmarks
● Beware Microsoft will use lots of influence to
slow down the rate of adoption of Java and
J2EE or anything else they don't like.
1
Jeff Bounds
jeff.bounds@sun.com
Systems Engineer
Sun Microsystems, Inc.