3 Replies Latest reply on May 30, 2014 6:31 AM by ctomc

    Wildfly/AS versus EAP on a production. server. Patching and stability.

    j4zz

      Good morning all,

       

      my Uni is considering their options with deploying a JBoss server. This production server would handle some sensitive data therefore we are conscious about stability and security.


      I searched the web quite a bit and read some Red Hat materials comparing both solutions: JBoss AS ( now Wildfly ) and their enterprise version of it JBoss EAP. Few things are still not clear for me and I would like to avoid sales speak from Red Hat representative for now.


      The things which concern me are obviously stability and security of AS / Wildfly platform.

       

      Do they have a timely releases of security / functionality patches ? If yes are they delayed in comparison to EAP ?  Or you need to wait for a new version of AS / Wildfly to get a necessary fix. How does it work ? Are there any security concerns I should be aware of before we commit ourselves to AS / Wildfly or we should consider EAP after all ?


      I have seen in the release notes for Wildfly 8:WildFly 8 Final is released! · WildFly that the developers are introducing:

       

      "Patching

      The infrastructure to support the application of patches to an existing install has been implemented. This capability allows for a remote client to install and rollback new static modules and binary files using the WildFly management protocol."


      This confused things even more. Does it mean before Wildfly8 there was no patches releases ? Someone mentioned in an interview those patches should be available at Downloads · WildFly but so far there are no patches available in that section, which is a bit worrying considering the release of the last Final version was in February 2014.


      What's your opinion / experience on using Wildfly8 on a production server which would handle sensitive data ?

       

      Thank you for your time

        • 1. Re: Wildfly/AS versus EAP on a production. server. Patching and stability.
          wdfink

          If you use the community version it's on you to integrate the latest fixes if you need it until there is a new release.

          Fixes and Security patches are here applied to upstream development only.

          If you use that you might get changes and new features and you need to adapt your application/configuration.

           

          If you use an EAP versions you will get Security Fixes and patches according to the update and support policy.

          Which mean you can download fixes for your exact server version without.

           

          Now the new patch feature come into play.

          Until EAP 6.1 patches are provided as a "full" download which mean you get a complete new server version.

          Since EAP6.2 this patch feature provide a delta and you can install it with a command on top of your server installation,

          also you can easy rollback it if there is an issue (with or without the related configuration)

          For EAP 6.2 patches will have a schedule of about 6weeks, security fixes might happen if necessary.

           

          For WildFly there is no such schedule, it might be possible that a new minor version is provided as download and additional as 'patch'.

          1 of 1 people found this helpful
          • 2. Re: Wildfly/AS versus EAP on a production. server. Patching and stability.
            j4zz

            Thank you for shedding some light on this !

             

            "If you use the community version it's on you to integrate the latest fixes if you need it until there is a new release.

            Fixes and Security patches are here applied to upstream development only"

             

            Does it mean source code of such patches is publicly available or you need to literally identify reported vulnerabilities by yourself and attempt to create your own patch ?

            • 3. Re: Wildfly/AS versus EAP on a production. server. Patching and stability.
              ctomc

              Source is always available see wildfly/wildfly · GitHub

               

              we have a rule that fixes are first applied to upstream (WildFly) and later backported downstream (EAP).

               

              But difference is how this fixes are available in "binary form". In WildFly you get it as part of next release, for EAP they are available as Wolf described.