JBoss Prerequisites

Heap and PermGen Settings

For Oracle Java 7 and Java 8, configure the heap settings for your application servers. For Oracle Java 7, you also need to configure PermGen settings.

To configure Heap and PermGen settings for a multinode setup, follow these steps:

• Configure the Min -Xms2048m / Max - Xmx4096m heap settings in the file: { Server directory }/domain/configuration/host.xml
• Configure the Min -Xms2048m / Max - Xmx4096m heap settings in the file: { Server directory }/domain/configuration/domain.xml
• permgen settings : -XX:PermSize=1024m -XX:MaxPermSize=2048m

For a single node setup, configure the settings in the following file: {Install directory}/jboss/standalone/configuration/standalone.xml

NOTE: From V8 SP4 FP1 HF1 onwards, Java 11 is supported for bundled Tomcat and JBoss servers.

Configuration of Database Driver Module

1. Extract the  com.zip file.
   The unzipped folder structure will be com\mysql\main.
2. Stop the JBoss Application Server.
3. For the standalone mode, copy the extracted com.zip folder and place it in the  {JBOSS_HOME}/modules/ path.
   For the domain mode, place the unzipped com.zip folder (com\mysql\main\) in the {JBOSS_HOME}/modules/ path for each of the master/slave machines.
4. Open and edit the appropriate configuration file based on the configured JBoss mode.
   
   For example, domain.xml in the domain mode and standalone-full.xml in the standalone mode. These files are available at {JBOSS_HOME}/domain/configuration and {JBOSS_HOME}/standalone/configuration folders respectively.
5. Search for the <subsystem xmlns="urn:jboss:domain:ee:4.0"> tag and add the appropriate global module based on the database selected.
   For example, add the following code for the domain mode:

   <global-modules>
   <module name="com.mysql" slot="main"/>
   </global-modules>

6. Save the changes, and then start the JBoss Server.

Configure the Standalone Existing JBoss

To install Quantum Fabric on an existing standalone JBoss, follow the steps to configure the standalone JBoss:

1. Open the standalone.xml from the <JBoss_Home>/standalone/configuration.
2. Configure Hostname/IP in the standalone.xml file for JBoss, as below:

   <interfaces>
   	<interface name="management">
   		<inet-address value="127.0.0.1"/>
   	</interface>
   	<interface name="public">
   		<inet-address value="<myHostName>"/>
   	</interface>
   </interfaces>

3. Configure JBoss to listen for remote management requests as below:
   • Add <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/> under the <socket-binding-group>
   • Add following section under the <management-interfaces>

     <native-interface security-realm="ManagementRealm">
     <socket-binding native="management-native"/>
     </native-interface>

4. For Engagement Services to work, remove the following subsystem:

   <subsystem xmlns="urn:jboss:domain:jpa:1.1">
   <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>|
   </subsystem>

5. In case of installing all the Quantum Fabric components, follow these steps to increase heap size by setting the JAVA_OPTS in the <JBOSS_DIR>\standalone\bin\standalone.sh/bat:
   • standalone.bat:

     set "JAVA_OPTS= -server -Xms2048m -Xmx2048m"

   • standalone.sh:

     JAVA_OPTS="-server -Xms1024M -Xmx1024M"

Configure the existing Domain mode JBoss

To install Quantum Fabric on an existing domain mode JBoss, follow these steps to configure the domain mode JBoss:

1. From the <JBoss_Home>/domain/configuration folder, open the domain.xml file.
2. Configure Hostname/IP in the domain.xml file for JBoss, as specified in the following code snippet:

   <interfaces>
   	<interface name="management"/>
   	<interface name="private">
   		<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
   	</interface>
   	<interface name="public"/>
   	<interface name="unsecure">
   		<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
   	</interface>
   </interfaces>
   

3. In case you are installing all the Quantum Fabric components, you must increase the heap size by changing the values under jvms in the host-master.xml file:

   <jvms>
   <jvm name="default">
   	<heap size="2048m" max-size="2048m"/>
   	<jvm-options>
   		<option value="-server"/>
   		<option value="-XX:MetaspaceSize=2048m"/>
   		<option value="-XX:MaxMetaspaceSize=2048m"/>
   	</jvm-options>
   </jvm>
   </jvms>
   

Configure the Log Locations - JBoss

To specify the log location where the logs for all Quantum Fabric components will be generated, you must add the following parameter in the JVM arguments present in standalone.bat/domain.bat( for Windows) or standalone.sh/domain.sh(for Unix):

-Duser.home="<log location>"

Configure the Standalone Existing JBoss with Self-Signed Certificate (JBoss 7.1)

If you need to use existing JBoss with self-signed certificate, follow these steps:

1. Add an Existing SSL Certificate to Cacerts. For more details, click How to Add an Existing Secure Sockets Layer (SSL) Certificate.

2. Copy the keystore file to <JBoss_Home>/standalone/configuration folder.

3. Modify the standalone.xml by adding the following security-realm in the security-realms section.

   <security-realm name="WebSocketRealm">
   	<server-identities>
   		<ssl>
   			<keystore path="<Keystore_file_name>" relative-to="jboss.server.config.dir" keystore password="<Keystore_password>"/>
   		</ssl>
   	</server-identities>
   </security-realm>                            
   

   Here <Keystore_file_name> is the name of the keystore file (for example, keystore.jks) and <Keystore_password> is the password of keystore file.

4. In the standalone.xml file, add the following https-listener tag for default-server in the Subsystem urn:jboss:domain:undertow:3.1.

   
   
   <https-listener name="https" max-post-size="262144000" security-realm="WebSocketRealm" socket-binding="https"/>
   

Configure Port Settings for Multinode Loadbalancer Setups

Before installing Quantum Fabric on an application server, for the application server to communicate with a Web Server properly, you must open the port 80.

How to Disable Weak Ciphers in JBoss

To disable weak ciphers, replace the https-listener under JBoss subsystem/undertow, for example, <subsystem xmlns="urn:jboss:domain:undertow:3.1">

For example, the following is a sample for https connector tag:

<https-listener name="https" socket-binding="connect" security-realm="ApplicationRealm" verify-client="REQUIRED"/>

For example, the following is a sample modified https connector tag:

<https-listener name="https" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2" enabled-cipher-suites="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_AES_256_CBC_SHA" verify-client="REQUIRED" security-realm="ApplicationRealm" socket-binding="connect"/>