Collective architecture
The set of Liberty servers in a single management domain is called a "collective." A collective consists of at least one server with the collectiveController-1.0 feature enabled called a "collective controller." Optionally, a collective can have many servers with the collectiveMember-1.0 feature enabled called "collective members" and a collective can be configured to have many collective controllers.
The collectiveController-1.0 feature and its capabilities are available only in WebSphere Application Server Liberty Network Deployment and WebSphere Application Server Liberty for z/OS .
The feature is not available in WebSphere Application Server Liberty, WebSphere Application Server Liberty - Express, or WebSphere Application Server Liberty Core.
If we have a WebSphere Application Server Liberty Network Deployment installation, we can use its collectiveController-1.0 feature to work with collective members from WebSphere Application Server Liberty, WebSphere Application Server Liberty - Express, or WebSphere Application Server Liberty Core installations.
The collective controller provides for a centralized administrative control point to perform operations such as MBean routing, file transfer, and cluster management. A core role of collective controllers is to receive information, such as MBean attributes and operational state, from the members within the collective so the data can be retrieved readily without having to invoke an operation on each individual member.
A set of collective controllers is called a "replica set." There is only one replica set per collective, and all controllers must be part of the replica set. When there are more than one collective controller, each collective controller will replicate its data to the other collective controllers in the replica set to allow for high availability and data protection. The replica set is logically present even when only one controller is in use. The controllers in the replica set communicate with each other using a collaboration scheme to ensure that data is replicated across the set of controllers no matter which controller in the set receives an operation to store data. Each controller has a dedicated port for use by the replication protocol. Communication between the controllers in the replica set is always authenticated and protected with SSL.
A collective member can be configured with multiple collective controller endpoints. A collective member only communicates with one collective controller at a time; however, a configuration with more than one collective controller endpoint provides failover and workload balancing. Member-to-controller communication is always in the form of MBean operations performed over the IBM JMX Rest Connector. Communication between controllers and members is always authenticated and protected with SSL.
See Set up collectives for more information.
Administrative domain security configuration:
The administrative domain security configuration is made up of two parts:
- User domain
This domain relies on Java role-based security that defines the Administrator role. This can be mapped to users within the configured user registry.
- Server domain
This domain relies on SSL certificate-based authentication.
For more on collective security, see Collective security.
Concepts:
Collective security
File transfer
Liberty collective troubleshooting
Tasks:
Set the default host name of a Liberty server
Configure a Liberty collective
Register host computers with a Liberty collective
Set the JAVA_HOME variable for Liberty collective members
Configure Liberty collective replica sets
Reference:
List of provided MBeans
Overriding Liberty server host information