Starting this year, customers that come on board with our support services also have access to commercial OpenJDK support included, thanks to the partnership between Payara Services and Azul Systems' Enterprise Support! If you are interested in Payara Enterprise or our Migration & Project Support but are hesitating and have some doubts about what value this service brings to your organization and environment, this article may help dispel them and give you much needed decision-making clarity.
How to Keep OpenJDK 8 with Support & Security Updates Through 2024
join live webinar with Fabio Turizo - Dec 12, 2018, 3pm GMT - register here
Java and OpenJDK
The Payara Platform is an ecosystem built on top of the Java Virtual Machine (JVM), which means that in order to run and provision any of our products you will need to get and install a JDK (Java Development Kit) into the multiple environments that you will be using across any infrastructure in your organization. Production and Staging Servers and Developer Machines, each one of them will require a JDK installation in order to work. When provisioning these environments there were two common options to choose:
- The Oracle JDK which was the "de facto" choice of many developers which had a commercial support offering but was available for free use on both production and development environments with some restrictions.
- OpenJDK which is an open source implementation of the Java SE standard maintained by the community itself, which is free to use in environment and has no restrictions on its distribution. Other companies aside from Oracle have implemented forks of the OpenJDK project and have offered commercial support as well, also contributing to the project when the need arises.
Traditionally this meant that when provisioning any type of environment, a user downloaded the needed JDK from the Oracle website and relied on free public updates to prevent any security breaches or critical errors that were patched by Oracle engineers. There was no specific worry since the license model was very flexible and there was almost no risk to incur licensing violations when using the core JDK.
However, after Java 9 was released, multiple changes were introduced by Oracle that will affect how these developers and their organizations can continue using and licensing their JDK implementations. Covering all of these changes would require a series of articles to explain them all, but here is a summary of them:
- Starting from Java 9, Oracle will release a new version of the JDK every 6 months (twice a year) in the months of March and September.
- Each version will be supported for the six months after it was released, barring Long Term Support (LTS) releases.
- Every six releases made, that release will be treated as a LTS release. This means that both Oracle and contributors to the OpenJDK project agree to maintain them for a longer period of time.
- Oracle will provide two builds of the JDK: Its proprietary Oracle JDK that will be commercially supported and can only be used for personal purposes (no production usage) for free, and OpenJDK builds that will be completely free of use for production usages but will not be supported commercially.
- Oracle will align both builds and make them almost indistinguishable.
- Until Java 8, Oracle provided updates for the Oracle JDK for about three years of support after each version was released. Each JDK release could be used commercially free of charge and anyone willing to extend the support lifetime of their provisioned environment could pay Oracle for it. For the lifetime of each release, incremental updates were made in order to patch security vulnerabilities and apply fixes to the JDK, but these were not supported for free.
- Now, with the faster release cadence made by Oracle, updates to each JDK release will only be provided for six months. Oracle will provide new updates only to paid support customers that are using Oracle JDK.
- Users can continue to use any binary of the JDK (either Oracle JDK or OpenJDK) indefinitely. They will not, however, continue to get updates to the JDK once public updates end.
- Oracle branded JDK version 8 as a LTS release and will provide public free updates until January 2019. Afterwards, users that want to receive subsequent updates to their JDK installations will have to pay Oracle for support.
- The next LTS release at the time of writing is JDK 11 (made public in September 2018).
- Vendors and contributors to the OpenJDK can offer their own support plans for updates to JDK 8 and every new release made afterwards. Usually, support will be maintained in a similar vein to that of Oracle's: LTS releases will receive a longer lifetime of updates.
Considering all of this, the following considerations have to be taken into mind in order to keep working with any JDK:
- The JDK still remains completely free for use: If you need to use the JDK in a production environment for free you will have to switch to a new release (probably a LTS one) using the OpenJDK builds.
- The OpenJDK binaries will only have public security patch and bug fix updates for six months, until the release of the next version.
- There is no free LTS release of the JDK from Oracle. In order to get production support you will have to acquire commercial support by Oracle or any other JDK vendor.
- Current users who want to receive JDK 8 updates or subsequent LTS releases after the public updates have ended will have the following three options:
- Purchase a commercial support contract from Oracle.
- Use a different binary distribution of the OpenJDK, which has security patches and bug fixes backported to it, possibly under a commercial support contract too. Azul Systems' Zulu support covers this.
- Build their own binary distribution using the OpenJDK source code and backport updates themselves, under a considerable risk pretense.
Having said all of this, it is extremely important that users of the JDK decide what to do next and how to manage the updates needed to prevent security breaches and critical failures on their production environments from now on. Users will have to stay more engaged or defer their worries to Oracle or other JDK vendors (like Azul) by relying on public releases and updates or buying supports from them.
What is Zulu JDK?
Zulu JDK is a fully certified and 100% open source Java Development Kit for all manner of Java development and production workloads. Zulu binaries are based on source code from the OpenJDK project. Similar to Payara Server, Azul Systems provides a consistent release cycle of maintenance updates comprised of bug fixes (including bugs not detected or fixed by the OpenJDK community) and security fixes as well. Azul Systems offers two types of build:
- Enterprise Builds: Also known as Zulu Enterprise, these are binary distributions which include security updates and backported fixes to older releases (6, 7, 8, 9 and 10). Zulu Enterprise Builds will continue to be updated even after their equivalent OpenJDK build has stopped receiving updates.Zulu Enterprise Builds can be acquired by customers of a Zulu support paid contract, which also gives them access to a 24 x 7 live support provided by engineers and QA testers (like the support we offer at Payara Services!)
- Community Builds: Publicly available to the community and potential customers builds that can be downloaded from Azul's website. These builds correspond to their respective OpenJDK versions but receive no security updates and backport fixes, and once the OpenJDK version project stops receiving updates this builds will do so as well.
The Zulu JDK provides the same experience as using the Oracle JDK (also known as
HotSpot), since there is virtually no difference in performance between the two. Azul Systems follows the schedule of OpenJDK releases by providing quarterly scheduled updates to any of its LTS releases and will also provide special patched releases by applying critical security updates released by Oracle or any of the other contributors to the OpenJDK project. Additionally, the engineers at Azul regularly check the Common Vulnerabilities and Exposures (CVE) database in order to identify potential new vulnerabilities that could affect the Zulu JDK in order to provide additional security updates as well.
What are the Benefits of Payara OpenJDK Support?
As mentioned earlier JDK support is included for Payara Services support customers thanks to a partnership with Azul systems. Customers of our support services will receive the following benefits:
1 - Access to the Enterprise builds of the Zulu JDK for versions 7, 8 and 11+ free of charge. Customers can download these binaries and use them in any development, testing and production environment with no restriction. This is extremely important because at the time of this writing, the Payara Platform is not ready to be used with JDK 11, which means that customers that are running any of the platform products using Java 7 or 8 can make the switch without problems to the respective Zulu JDK release seamlessly. When the Payara Platform is ready to be used with JDK 11, customer can choose to stay using a release that is compatible with the JDK of their preference.
2 - Customers that use both JDK 7 or 8 can be at ease since their respective Zulu JDK builds will continue to receive security updates.
3 - Customer will be able to raise issues related to low-level JVM issues, like requesting detailed Garbage Collections tuning recommendations or fixing or adding JMX MBeans for example. We encourage all of our customers to raise any concerns related to the workings of the JVM and we will provide guidance and in the case any defects or malfunctions are detected we will proceed to work towards fixing them depending on their priority, thanks to the collaboration we have with Azul's tech support.
4 - Request the backport of any bug fixes or security fixes that have been already implemented in a new release to an older release (either JDK 7, 8 or JDK 11+ release which is a LTS release). Again, this is extremely important because when a customer can't afford to make the move to a new JDK release, they can simply request to backport the fixes that have already been implemented in a newer release to their JDK version and continue using it without problems.
The Fine Print
As usual with any support offerings there are some details that need to be clarified in order to prevent any confusion pertaining the scope of our support services:
- JDK support can only be given when a Zulu JDK build is used with any of the products that comprise the Payara Platform. Customer can download the Zulu JDK binaries and use them with Payara Server, Payara Micro, Payara Embedded distributions, and any of our ecosystem tools (Maven plugins and artifacts, Arquillian Connectors, JCA Cloud Connectors Suite and Docker Images). Customers can download the Zulu binaries to use with other Java required products and tools, but won't be able to raise any issues requesting fixes or advice in any form.
- Although Azul systems offers binaries for JDK 6, we won't make these binaries available for customers since the Payara Platform is compatible from JDK 7 onwards.
- Azul systems offers support for MacOS environment, but this is out of the scope our partnership. This means that no Zulu JDK binaries are offered for MacOS systems, and no support will be given if a customer decides to use the Payara Platform as such.
JDK Support with Your Payara Services Support Contract
In summary there are multiple advantages for acquiring a Payara Services support contract when it comes to JDK support. Deciding how to prepare when support for Oracle JDK 8 is dropped is important since you'll have to factor the following:
- OpenJDK will not receive LTS releases, which means that if you are depending on it you will have to prepare consistent migrations every 6 months as the new release cadence dictates or risk on staying on an older release/
- Staying on Oracle JDK 8 can be risky since you won't be able receive new updates once free commercial support is ended in 2019, if you are not willing to pay for the new license model.
- Even if you decide to pay for the licensing of Oracle JDK 8 updates, they will only be extended until 2020. Afterwards no more updates will be received and the risk will be higher.
It's extremely important that you decide how to tackle this challenge in your organization: Either purchase commercial support for the Oracle JDK or switch to a different provider that can offer you continuity in JDK 8 by providing security and backported fixes.
The main advantage of getting a support contract from Payara Services is that you don't have to worry about this at all, since you will get access to commercial OpenJDK support provided by Zulu without having to pay any extra cost! Zulu's support options are similar to our own: Any user can download and use the JDK community builds free of charge and when the need for support arises, purchase a support contract and switch to the enterprise builds and get assistance in solving critical issues and getting security updates with no extra effort, which means that by joining our customer base you will be saving the extra cost of licensing updates for the JVM environment you will be using. This is a cohesive solution since the full environment is completely covered leaving no gaps at all!
How to Keep OpenJDK 8 with Support & Security Updates Through 2024
join live webinar with Fabio Turizo, Dec 12, 2018, 3pm GMT - register here