sun

Migrating from SunDSEE to OpenDJ

Ludo4 Comments

Sun DSEE 7.0 DVDAs the legacy Sun product has reached its end of life, many companies are looking at migrating from Sun Directory Server Enterprise Edition [SunDSEE] to ForgeRock Directory Services, built on the OpenDJ project.

Several of our existing customers have already done this migration, whether in house or with the help of partners. Some even did the migration in 2 weeks. In every case, the migration was smooth and easy. Regularly, I’m asked if we have a detailed migration guide and if we can recommend tools to keep the 2 services running side by side, synchronized, until all apps are moved to the ForgeRock Directory Services deployment.

My colleague Wajih, long time directory expert, has just published an article on ForgeRock.org wikis that described in details how to do DSEE to OpenDJ system to system synchronization using ForgeRock Identity Management product.

If you are planning a migration, check it out. It is that simple !

 

Updates:

  • Update on June 8th to add link to A Global Bank case study.

Another nice ForgeRock event

LudoLeave a comment

Yesterday, on the side of the JavaOne and OOW conferences, we had an executive round table with selected partners, customers and future customers. The event started with a 30 minutes speech by Scott McNealy, Sun founder and former CEO, also active supporter of ForgeRock.

Scott touched on the values and benefits of open source software, gave a top 12 reasons why you know your Identity and Access Management solution is not open source and talked briefly about his new company Wayin.

Mike Wilson, VP and CISO at McKesson, presented how McKesson has started to use ForgeRock Open Identity Stack for several projects and the benefits of our solution.

Thanks Scott, Mike and all for your participation.

Meeting ForgeRock during JavaOne / OOW

LudoLeave a comment

If you want to meet ForgeRock and you’re in the San Francisco bay during JavaOne and Oracle Open World, there will be several opportunities to meet some of us: our CEO, our Sales team, some of our developers or myself.

Sunday September 30th:

I will be participating in the JUG Leaders meetings and discussions as well as the GlassFish ones (when schedule allows). Later, you can find me at the GlassFish and Friends Party from 8pm to 10pm at The Thirsty Bear.

Monday October 1st:

JavaOne attendees should be able to see me during the conference. I will be part of a panel discussion on Open Source Identity and Access Management solutions, from 5:30pm to 6:15pm.


Following that, some ForgeRock employees and I will be at the 2nd Annual Solaris Family reunion from 7:00pm to 11:00pm. The event, part of the ZFS Day, is free, but please register here.

 

Tuesday October 2nd:

ForgeRock logoCome and meet the developers and other members of the open source projects supported by ForgeRock. We’re having a Beer Burst party from 5:00pm until 8:30pm at The House of Shields. Please register through eventbrite so that we know how many to expect.

Rest of the week…

Otherwise, throughout the week, I will be most of the time at the JavaOne conference or in the ForgeRock San Francisco offices with the local team. Please send me an email or message me on Twitter (@LudoMP) to arrange a meeting.  I will be leaving California for New York on Monday, October 8th.

I hope to see a large number of people from the OpenDJ, OpenAM or OpenIDM community, other open source projects, ex-coworkers, future customers, and friends during my stay.

About OpenDJ and Hotspot JVM G1

Ludo7 Comments
Duke on a bike
curtesy of Charly Hunt

Understanding and tuning the JVM is quite important to get the best performances out of OpenDJ. We do provide some high level guidance in our documentation and I’ve been talking about Java performances in the last few years at various Java User Groups in France and Switzerland (you can find presentations in French here or here) as well as at a major conference in Brazil : FISL in 2009. On this later occasion, I was asked to cover the presentation for 2 prestigious names in the Sun Hotspot JVM team : Charly Hunt and Tony Printezis. I’ve spent a few hours with them and have learnt a great deal about the internals of the Hotspot JVM and memory management, and all magic parameters, in order to deliver that presentation. At that time, our directory team was interacting a lot with the Hotspot team as we were testing a new and promising garbage collector: Garbage First aka G1. OpenDS was even wrapped and used in one of the largest collection of tests for the Sun JVM.

During the acquisition of Sun by Oracle, the future of G1 and the Hotspot JVM were unsure and our interactions with the Hotspot team diminished seriously.

At ForgeRock, we continued to pay attention to Garbage First and for a long time, we noticed that it wasn’t moving along. Most of the issues that were raised after tests with OpenDS and that were addressed in some development version of the JVM were not integrated in official JVM releases. It only with the Oracle JVM 1.7 update 2 that we noticed the large list of issues fixed with G1. We’ve then resumed testing OpenDJ with G1 to see that while the promise of no full GC seems to be addressed, the performance impact of G1 is still significantly high. With our limited tests of JVM under 4GB of heap size, we noticed a 10% performance degradation over CMS, corresponding with an approximate 10% increase of CPU load (on a quad core machine with hyperthreading on), but with better overall response times for OpenDJ as the maximum response time decreased from 200ms to 80ms, as illustrated below.

LDAP Modrate with Garbage First
-------------------------------------------------------------------------------
 Throughput     Response Time 
 (ops/second)   (milliseconds) 
recent average  recent average 99.9% 99.99% 99.999% err/sec Entries/Srch
-------------------------------------------------------------------------------
16196.7 16374.1  1.972 1.951  18.886 28.129 66.933  0.0
16468.8 16374.9  1.941 1.951  18.883 28.087 66.521  0.0

LDAP Modrate with CMS
-------------------------------------------------------------------------------
 Throughput     Response Time 
 (ops/second)   (milliseconds) 
recent average  recent average 99.9% 99.99% 99.999% err/sec Entries/Srch
-------------------------------------------------------------------------------
17937.1 17487.7  1.780 1.827  18.175 30.521 116.990 0.0
17783.7 17494.3  1.796 1.826  18.145 30.320 117.017 0.0

We need to run more tests with OpenDJ and G1, especially with very large heaps (from 4 to 32GB), but we’re not sure whether G1 will be able to deliver the performances it promised.

And today I noticed on LinkedIn that both Charly Hunt and Tony Printezis, the 2 main engineers behind the HotSpot JVM and Garbage First, had left Oracle for new adventures. Charly’s gone to  SalesForce and Tony to Adobe. This is certainly a good move for both of them, but it leaves me worried about the future of the Hotspot JVM and its ability to deliver innovation in GCs.

[Update on May 6th]

It appears that more engineers of the Sun JVM team have actually left in the last couple of months : John Pampuch, Igor Veresov, Paul Hohensee..

A timeline of LDAP directory services…

Ludo1 Comment

Bill Nelson,  has published the “The Most Complete History of Directory Services You Will Ever Find” (until the next one comes along), a detailed history of LDAP based directory services and products. Expect a few updates as people find about this and ask for adding new data points. But this is the most complete summary I’m aware of. I had a timeline of Sun directory products a few years ago, but Bill’s has more details.

His post includes a visual timeline of the directory service products and their heritage, linked here under, for your convenience.

Click on the picture for a full size image.

Personally, I’ve been involved with the Sun and derived lines since 1996, and now drive the ForgeRock one: OpenDJ !

blogs.sun.com/Ludo : 404 !

Ludo1 Comment

It looks like Oracle has put another dent in Sun blogging platform. First, when they moved blogs.sun.com content to Oracle’s platform, they got rid of my blog design, breaking some of the layout, but more importantly removing the Creative Common license notice that I had explicitly used.

A few days ago, someone asked me if Oracle thought that my 6 years of blogging at Sun were not worth the storage, as he hit a 404 while trying to access my blog at blogs.sun.com/Ludo/. I checked, and it appears Oracle has made some changes and the redirection is broken. The blog and posts are still on Oracle platform, and you may search for them.

But when I moved out of Oracle, I had archived and restored all of my posts here at ludpoitou.wordpress.com. You can search through it, or use the Calendar to go back in time and retrieve those old posts (some of which still have value for anyone who has some interest in LDAP).

Time to update the old bookmarks ?!

OpenAM – The Book

Ludo2 Comments

For many years, I’ve been working in collaboration with the Sun access management product team,  as it started working on the Directory Server Access Management Edition (DSAME) product that years later became Sun Access Manager and OpenSSO. And now that I’m at ForgeRock, I have the pleasure to keep working with some members of that team, on OpenAM, the continuation of the OpenSSO open source project.

My knowledge of the product is rather shallow as I’ve worked on several case studies or issues related to customers and LDAP directory servers, but I never had a chance to deploy a service for production use or even extensive testing.

So when I learnt that Packt Publishing was releasing a book on “OpenAM”, writen by Indira Thangasamy, an ex-colleague of mine and manager of the Quality Assurance team, I asked if I could get a copy for review, which Packt kindly agreed to.

I haven’t finished the book yet, as it’s over 250 pages of content, covering all aspects of the OpenAM software, from its history, its components and services, to its integration with Google Apps or SalesForce… But from what I’ve read (about 2/3 of the book), I can say that the book is easy to read and well organized. It helps a beginner to grasp the concepts and starts using the product, thanks to the detailed explanations and diagrams. As the chapters advance and dive into specific technical areas, Indira uses real-world examples and simple code or commands, followed by detailed description to illustrate what OpenAM does or does not, giving a comprehensive picture of the fully featured product.

Some of the features of OpenAM are not covered in the book, like Federation or the most recent Entitlement Services or Secure Token Services. I hope they will be covered in a revised edition or may be another book, as these features are becoming more used and important to enterprise security and access management.

In summary, if you’re about to, or have just started to engage on a project with OpenAM, this book will help you understand the technology and ease your ramping up. But even for the more experienced users of OpenAM, the book contains full of details, tips and example that will save you time and make you more efficient.

You can find the book on Pack-Publishing web site or Amazon.

A year after sunset…

Ludo1 Comment

My ex-colleague Eduardo Pelegri has been collecting and posting interesting data about the ex-Sun people and the Sun initiated open source projects, a year after the Sun-set. I find interesting to see how the Sun heritage is disseminating and creating a larger ecosystem of new companies.

 

An unexpected gift!

Ludo3 Comments

Yesterday, there was a package in my mailbox, the size of letter, thick with a bump protuding.

Nearly 4 months after my last day at Oracle, I’ve received my 15 Years @ Sun pin and plate (the anniversary date was July 17th). Somehow, receiving this feels weird. First because technically Sun was no more (in France) on July 17th. Then the plate holds the signature of Jonathan Schwartz who was long gone by then. Finally, the date was almost 6 months ago; since I’ve packed and moved on ! But I’m thankful to Oracle for following up and sending them to me, instead of trashing them.

I still haven’t received the gift I ordered before I left, though: a silver made Caran D’Ache ballpen. May be it’s also on its way ! I’d hoped to receive it in time to sign in ForgeRock France new employees’ contract !

A nice gesture from FISL organizers

LudoLeave a comment

I’ve just received a “certificate of attendance as a Speaker” from the FISL organizers. This is a very nice gesture and adds to the amazing experience that is FISL. Big thanks to the organizers and more specifically Fernanda Weiden who had to cope with the egos of over 320 speakers.

FISL Certificate

Technorati Tags: , , , ,

FISL 10 Trip report

LudoLeave a comment

I’ve just spent a wonderful week in Porto Alegre, Brazil where I’ve landed to talk about OpenDS at the FISL 10 conference.

This is my first visit in Brazil and I must say that I didn’t get any good impression of the country in the first two days. As a matter of fact, I didn’t get any impression at all. I arrived on Monday evening around 9pm, it was all dark. After more than 16 hours of traveling, I just wanted to hit a bed.

On the Tuesday morning, thanks to the jet lag, I got up quite early, checked email and went for breakfast by 7am, noticing a rainy day and still pretty dark. I was just done with the breakfast when Bruno Souza arrived and took me to the location of the Javali meeting, an ancillary event of FISL, sponsored by Sun and organized by SOU Java and RS JUG.

We spent the whole day in the conference room, watching from time to time through the windows the heavy rain and wind. The Javali talks ended with pizzas and guarana and by then the night was already dark.

While I didn’t get to see how Porto Alegre looks like in the first days of my visit, I did enjoyed the friendliness of Brazilians. At Javali, trying to follow the presentations in Portuguese was though but I think I got probably 50% of the technical parts thanks to the mix of english words and to my understanding of Spanish. And when it was necessary, Bruno or Mauricio Leal would do some translation for us.

I didn’t get to talk at Javali, the agenda was pretty full and I hadn’t told Bruno I would be coming as I wasn’t sure I could make it. But Pat Patterson presented Securing RESTful Web Services with OpenSSO (and OAuth) and mentioned a few times OpenDS.

LP0_1036

LP0_1039Wednesday was the first day of FISL and all the Sun participants went quite early to help setting up the booth in the Exhibition Hall. Sun’s booth was very well located and its main attraction was the thousands of small soccer balls that were given to attendees that registered to the OSUM program. I think that throughout the whole event, the Sun’s booth was the most vibrant and busy one, with Roger Brinkley making demos with his toys, Angel Camacho, Brian Leonard, Kirthankar Das and others helping with installs of OpenSolaris on attendees’ laptops.

LP0_1167LP0_1181

Arun Gupta fired the event on Wednesday morning with his presentation demonstrating the combined power of GlassFish, MySQL and NetBeans to build web applications.

Arun Gupta, inauguring FISL conf with the 1st talk

Friday was the busiest day for me as I was scheduled for 2 presentations. But before that, I was invited to participate in Simon Phipps talk show, describing in 5 minutes, what was OpenDS, what were the benefits for the Brazilian open source users and developers.

Fisl10 Simontalk

Immediately after, and in the same room, I did my presentation for OpenDS with the theme of "Scaling the Identity Store with OpenDS". The sessions talked about the 3 models we have in OpenDS for deployment :

  • Embedded in Java applications,
  • Standalone replicated servers,
  • LDAP Front-end access to MySQL Cluster’s network DB.

While FISL is mostly attended by students, my session had a majority of System Administrators, interested by simplifying and reducing the cost of their data-centers.

Ludo speaking

Later in the afternoon, I was presenting again, repeating JavaOne’s presentation from Tony Printezis and Charlie Hunt GC Tuning In the HotSpot Java Virtual Machine. Charlie was meant to attend the event, but the week before found out he could not make it. As they recalled I was in the room at JavaOne and I’m quite familiar with the subject as we’re spending a lot of time trying the different options to tune the JVM to get the best performances out of OpenDS, they asked me to cover the talk. I think I’ve done a reasonable job, despite the density of information in the slides, and the simultaneous translation in Portuguese for the largest part of the crowd not so familiar with English.

Still on Friday, part of the exhibition floor was closed to the public as the Brazilian President, Lula Da Silva, was schedule to visit the event. Sun booth was very well positioned, on the border on the closed area and the crowd started to gather by the booth as President Lula arrived. The excitement was amazing. When the President reached by the OpenSolaris Brazil user group, he received an OpenSolaris cap and T-shirt from Vitorio Sassi, Sun employee and one of the leaders of the Brazilian OpenSolaris community.

Brazilian Presidente Lula with OpenSolaris community
Photo taken by Ludovic Poitou, June 26 2009.

Somerights20

.

On Saturday and last day of the FISL conference, I got to share a little bit more of the stage by answering a performance related question from the attendance on Bruno Souza’s session about the future of Java,with the exceptional presence of Javali, the mascote for the Javali user group.

Bruno Souza with Duke and Javali

Overall FISL has been an amazing experience. It is definitely the biggest open source I’ve participated to. Over 8200 registered visitors, from 27 different countries, more than 320 speakers for 354 presentations and a presidential visit. More than that, Brazilians are extremely nice, generous and happy to live. They made our stay in Porto Alegre something that I’ll remember for a long time. A special thanks to the main organizers: Bruno Souza and Eduardo Lima (here below with Simon Phipps)

LP0_1127

.

I’ll definitely participate to the Call For Presentation next year, if evangelism of the OpenDS project is still one of my tasks for next year.

You can find all photos for the event in the FISL 10 picasa album.

Technorati Tags: , , , , , , , ,

Sun Directory Masters 2009 in Grenoble. Day 1.

LudoLeave a comment

Gecday1It’s been a busy day in the Grenoble Engineer Center with Directory Masters gathering from all over Europe and even Japan for two days of training on the coming releases of Sun Directory Server Enterprise Edition and Sun OpenDS Standard Edition.

For those two days, we’re hosting 30 sales, presales, architects, consultants from Sun and partner companies, immersed within the developers, architects, managers of the Directory Engineering team. This is a very good way for our guest to understand where the product is going and how to better sell it to customers, and for engineers to learn more about the real customers needs and problems to solve.

Today we’ve touched mostly the Directory landscape, our product roadmap, DSEE, deployments, performances, virtual directory features. Tomorrow will have more of an OpenDS flavor…

PS: To my Japanese friends, Moryia is not on the picture, but he’s in Grenoble 😉

Technorati Tags: , , , , , ,