Re: Questions about Orion
Hi Bill, ok,ok it was subjective 100-timesbut: i'm using Orion-1.5.2 and Borland's ias 4.5.1 on a 1.3GHz Athlon with 512MB and Sun's jdk1.3.1 for one of our applications (.ear) was build with using 'ant' in 14sec. (size of the ear-file is 1.8MB) additional step for ias (java2iiop) takes 4:15min (ear-file is 3.1MB) fresh deploy on orion takes 25sec. fresh deploy on ias takes 8min. new start of orion with the installed application 20sec. new start of ias with the installed application 3:30min. HotDeploy does not work all times (depends on the .ear(?)) on orion _and_ ias. usually our developers using a local installed orion - no cost! our Testserver is a 2-CPU (800MHz) Machine with 1GB where are installed 10 apps and where 2-3 developers (hot)deploy their applications some times the day or restart the orion some times the day. i think if we use ias in this environment, the machine will spent the whole day with HotSwap or restarting ;) (and also we have not tons money to order ias-licenses for our n-CPU servers) Next time check and make sure your not in Kansas before making these statments. i spent this morning to check this and i'm definitly not in Kansas :) but if i be there next time, we will drink some cups of coffee during deploying of some apps in ias ;))) klaus Am Sonntag, 23. September 2001 22:21 schrieben Sie: Klaus, A hundred times faster? BullFeathers! That is not possible since one of Borland AppServer's best features is HotSwap technology for supporting nonstop deployment and nonstop updating and maintenance of EJBs. Next time check and make sure your not in Kansas before making these statments. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Klaus Thiele Sent: Saturday, September 22, 2001 8:04 AM To: Orion-Interest Subject: Re: Questions about Orion I know about Orion _and_ Borland's AppSrv and WebLogic and i'm glad to use Orion because the development and turnaround/deploytimes are more than hundred times faster. Orion runs for us in a production-environment on some Linux 1/2/4-CPU- Machines very fast and stable. klaus - Original Message - From: Bill G [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Friday, September 21, 2001 9:15 PM Subject: RE: Questions about Orion Don't know about Orion but I am using MS/SQL Server 2000 with JSQLConnect JDBC drivers with both Borland and WebLogic Appservers. And, it is working very well. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The elephantwalker Sent: Thursday, September 20, 2001 10:08 PM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message
RE: Questions about Orion
Cool! BG... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Klaus Thiele Sent: Monday, September 24, 2001 2:43 AM To: Orion-Interest Subject: Re: Questions about Orion Hi Bill, ok,ok it was subjective 100-timesbut: i'm using Orion-1.5.2 and Borland's ias 4.5.1 on a 1.3GHz Athlon with 512MB and Sun's jdk1.3.1 for one of our applications (.ear) was build with using 'ant' in 14sec. (size of the ear-file is 1.8MB) additional step for ias (java2iiop) takes 4:15min (ear-file is 3.1MB) fresh deploy on orion takes 25sec. fresh deploy on ias takes 8min. new start of orion with the installed application 20sec. new start of ias with the installed application 3:30min. HotDeploy does not work all times (depends on the .ear(?)) on orion _and_ ias. usually our developers using a local installed orion - no cost! our Testserver is a 2-CPU (800MHz) Machine with 1GB where are installed 10 apps and where 2-3 developers (hot)deploy their applications some times the day or restart the orion some times the day. i think if we use ias in this environment, the machine will spent the whole day with HotSwap or restarting ;) (and also we have not tons money to order ias-licenses for our n-CPU servers) Next time check and make sure your not in Kansas before making these statments. i spent this morning to check this and i'm definitly not in Kansas :) but if i be there next time, we will drink some cups of coffee during deploying of some apps in ias ;))) klaus Am Sonntag, 23. September 2001 22:21 schrieben Sie: Klaus, A hundred times faster? BullFeathers! That is not possible since one of Borland AppServer's best features is HotSwap technology for supporting nonstop deployment and nonstop updating and maintenance of EJBs. Next time check and make sure your not in Kansas before making these statments. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Klaus Thiele Sent: Saturday, September 22, 2001 8:04 AM To: Orion-Interest Subject: Re: Questions about Orion I know about Orion _and_ Borland's AppSrv and WebLogic and i'm glad to use Orion because the development and turnaround/deploytimes are more than hundred times faster. Orion runs for us in a production-environment on some Linux 1/2/4-CPU- Machines very fast and stable. klaus - Original Message - From: Bill G [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Friday, September 21, 2001 9:15 PM Subject: RE: Questions about Orion Don't know about Orion but I am using MS/SQL Server 2000 with JSQLConnect JDBC drivers with both Borland and WebLogic Appservers. And, it is working very well. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The elephantwalker Sent: Thursday, September 20, 2001 10:08 PM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up
RE: Questions about Orion
Klaus, A hundred times faster? BullFeathers! That is not possible since one of Borland AppServer's best features is HotSwap technology for supporting nonstop deployment and nonstop updating and maintenance of EJBs. Next time check and make sure your not in Kansas before making these statments. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Klaus Thiele Sent: Saturday, September 22, 2001 8:04 AM To: Orion-Interest Subject: Re: Questions about Orion I know about Orion _and_ Borland's AppSrv and WebLogic and i'm glad to use Orion because the development and turnaround/deploytimes are more than hundred times faster. Orion runs for us in a production-environment on some Linux 1/2/4-CPU- Machines very fast and stable. klaus - Original Message - From: Bill G [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Friday, September 21, 2001 9:15 PM Subject: RE: Questions about Orion Don't know about Orion but I am using MS/SQL Server 2000 with JSQLConnect JDBC drivers with both Borland and WebLogic Appservers. And, it is working very well. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The elephantwalker Sent: Thursday, September 20, 2001 10:08 PM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? 3. What VM is best to use to run Orion server? 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? 5. What security context does it run in? 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad
Re: Questions about Orion
I know about Orion _and_ Borland's AppSrv and WebLogic and i'm glad to use Orion because the development and turnaround/deploytimes are more than hundred times faster. Orion runs for us in a production-environment on some Linux 1/2/4-CPU- Machines very fast and stable. klaus - Original Message - From: Bill G [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Friday, September 21, 2001 9:15 PM Subject: RE: Questions about Orion Don't know about Orion but I am using MS/SQL Server 2000 with JSQLConnect JDBC drivers with both Borland and WebLogic Appservers. And, it is working very well. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The elephantwalker Sent: Thursday, September 20, 2001 10:08 PM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? 3. What VM is best to use to run Orion server? 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? 5. What security context does it run in? 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad
RE: Questions about Orion
I'd like to find out more about the performance test you mentioned. Could you give me some pointers? Since you mentioned admin account, I assume that you must have an interactive logon session to start Orion and it will run as part of it. Is this a correct statement? What happens when it dies and needs to be restarted? For Win32 services you can set up a failure action which will bring them right back up. I appreciate your help. Regards, Vlad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of The elephantwalker Sent: Friday, September 21, 2001 12:53 PM To: Orion-Interest Subject: RE: Questions about Orion Vlad, see comments... regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Friday, September 21, 2001 7:08 AM To: Orion-Interest Subject: RE: Questions about Orion Thanks for your response. Few follow-up questions. By the way, Orion by itself can out do IIS by six to one!... In what scenario? elephantwalker Orion serving up jsp pages compared to asp pages from IIS. /elephantwalker ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. What about resource/connection pooling? elephantwalker Orion uses connection pooling for its ejbs, and you can specify connection pooling for your jdbc connections in orion with a DataSource configuration. /elephantwalker Like anything, if you run it on Windows, it will be compromised. I was asking more about known Orion vulnerabilities? elephantwalker AFAIK, there are none if you take the following steps: 1. Run orion as a non administor user. 2. Do not use any of the script based servlets, such as php. 3. User jdbc drivers that support encrypted network traffic. Oracle does this...I don't know about m$ sql server. However, Windows is known to have many security issues, and if your operating system security is compromised, the hackers will have access to the orion, and any other resources you have. I would recommend staying away from any windows system for any internet application because the windows record on security is so BAD. You should see my internet logs the last few days ;(...filled with requests for silly things on the c drive, something the frequently patched IIS is vulnerable to, but which orion justs sends back a 404. In the past two years, I have seen no similar failure of Orion, nor any complaints on the list. /elephantwalker Thanks, Vlad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of The elephantwalker Sent: Friday, September 21, 2001 1:08 AM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL
RE: Questions about Orion
Thanks for your response. Few follow-up questions. By the way, Orion by itself can out do IIS by six to one!... In what scenario? ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. What about resource/connection pooling? Like anything, if you run it on Windows, it will be compromised. I was asking more about known Orion vulnerabilities? Thanks, Vlad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of The elephantwalker Sent: Friday, September 21, 2001 1:08 AM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? 3. What VM is best to use to run Orion server? 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? 5. What security context does it run in? 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad
RE: Questions about Orion
Vlad, see comments... regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Friday, September 21, 2001 7:08 AM To: Orion-Interest Subject: RE: Questions about Orion Thanks for your response. Few follow-up questions. By the way, Orion by itself can out do IIS by six to one!... In what scenario? elephantwalker Orion serving up jsp pages compared to asp pages from IIS. /elephantwalker ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. What about resource/connection pooling? elephantwalker Orion uses connection pooling for its ejbs, and you can specify connection pooling for your jdbc connections in orion with a DataSource configuration. /elephantwalker Like anything, if you run it on Windows, it will be compromised. I was asking more about known Orion vulnerabilities? elephantwalker AFAIK, there are none if you take the following steps: 1. Run orion as a non administor user. 2. Do not use any of the script based servlets, such as php. 3. User jdbc drivers that support encrypted network traffic. Oracle does this...I don't know about m$ sql server. However, Windows is known to have many security issues, and if your operating system security is compromised, the hackers will have access to the orion, and any other resources you have. I would recommend staying away from any windows system for any internet application because the windows record on security is so BAD. You should see my internet logs the last few days ;(...filled with requests for silly things on the c drive, something the frequently patched IIS is vulnerable to, but which orion justs sends back a 404. In the past two years, I have seen no similar failure of Orion, nor any complaints on the list. /elephantwalker Thanks, Vlad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of The elephantwalker Sent: Friday, September 21, 2001 1:08 AM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going
RE: Questions about Orion
all inline -Original Message- From: Vlad Vinogradsky [mailto:[EMAIL PROTECTED]] Sent: Jueves, 20 de Septiembre de 2001 23:22 To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. I'm using W2k. Runs neat. SQL Server 2000, I used I-Net's drivers and everything worked fast and smooth. However I haven't used it intensly. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? As with any W2k, use the lastest SP and hotfixes. The maximun number of _true_ threads W2k manages is 250 (1 uP, 1 GB RAM); about 75 are used by services, and if you'll have IIS there, you can't have more than 75-100 threads running without severe problems. Of course, If you'd ever have 100 concurrent users on a single orion, you'd be using a cluster(won't ya?). 3. What VM is best to use to run Orion server? For W2k, Sun's latest is the fastest. Have proof (and an NDA, so I can't reveal it). You can test, the results are almost humanly measurable. It's amazing how much Sun's VM has changed since 1.2.2. 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? There are some utilities that allow you to run orion(or any java app) as a service. Search the list archives. 5. What security context does it run in? I think the elephantwalker covered that. You can implement your own UserManager; if you're thinking of auth against the PDC, yes, it can be done. You'd have to write your own UserManager, and then use JNI or J-Integra to call upon ADSI objects. 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? There were fixed bugs. Also, dropped connections on long-execution pages do not kill the webserver thread, so there may be DOS vulnerabilities. even so, it's a whole lot better than IIS. And bugs don't have the same amount of press. 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad HT, JP
RE: Questions about Orion
Don't know about Orion but I am using MS/SQL Server 2000 with JSQLConnect JDBC drivers with both Borland and WebLogic Appservers. And, it is working very well. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The elephantwalker Sent: Thursday, September 20, 2001 10:08 PM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? 3. What VM is best to use to run Orion server? 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? 5. What security context does it run in? 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad
RE: Questions about Orion
Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? 3. What VM is best to use to run Orion server? 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? 5. What security context does it run in? 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad
