Oracle® Application Server High Availability Guide
10g Release 2 (10.1.2) B14003-03 |
|
Previous |
Next |
While many Oracle customers deploy multiple identity management components, others choose to deploy only Oracle Internet Directory as a highly available identity repository. This chapter describes the availability and failover features of Oracle Internet Directory, and provides guidelines for exploiting these features in a typical directory deployment. It contains these topics:
Section 10.1, "About High Availability and Failover for Oracle Internet Directory"
Section 10.2, "Oracle Internet Directory and the Oracle Technology Stack"
Section 10.4, "Failover Options in the Public Network Infrastructure"
Section 10.5, "High Availability and Failover Capabilities in Oracle Internet Directory"
Section 10.6, "Failover Options in the Private Network Infrastructure"
Oracle Internet Directory provides the high degree of system availability that mission-critical applications require. It does this by enabling:
All components in the system to facilitate redundancy
All interfaces to facilitate failure recognition and recovery, called failover
Integration of application-independent network failover capabilities in the overall deployment
Oracle products are commonly targeted for high availability environments and hence necessary capabilities are built into all layers of the Oracle technology stack. Typically, it is not necessary to employ every failover capability in every component.
Figure 10-1 gives an overview of the various components of the Oracle Internet Directory stack. Stack communication between separate computers occurs by passing information from one node to the other through several layers of code. Information descends through layers on the client side. It is then packaged for transport across a network medium. The information then proceeds up the stack on the server side where it is translated and understood by the corresponding layers.
Figure 10-1 Oracle Internet Directory/Oracle Technology Stack
You can build sufficient fault tolerance mechanisms into each layer to ensure maximum availability of the product. The following sections describe some of the high availability options in each of these layers.
Incorporating enough intelligence in the clients so that they can failover to alternate Oracle directory servers in case the primary Oracle directory server fails is a good option in some cases. This requires the clients to cache alternate server information and use it upon recognizing connectivity loss. This method of guaranteeing availability is viable only for deployments in which one has full control over the type of clients accessing the directory.
This section contains these topics:
The clients can be designed to obtain the list of alternate Oracle directory servers from user input so that the clients can automatically failover in the event of a failure of the primary server. However, as the number of clients increases, this option does not scale very well in terms of administration of client installations.
Oracle Internet Directory supports a DSE root attribute called AltServer
. This is an LDAP Version 3 standard attribute and is to be maintained by the directory administrator. It points to other Oracle directory servers in the system with the same set of naming contexts as that of the local server. When connectivity to the local server is lost, clients have the option of accessing one of the servers listed in this attribute. This option requires explicit administrative action to maintain this attribute.
Clients should cache the information in the alternate server list for use in the event that the primary server becomes unavailable.
To set the alternate server list:
In the navigator pane, expand Oracle Internet Directory Servers, then select a server instance. System operational attributes appear in the right pane.
In the Alternate Server field, enter the name or names of alternate servers.
Choose OK.
See Also:
|
The network used to access Oracle Internet Directory services is called the Public Network Infrastructure. Providing network level load balancing and failover measures (connection re-direction) in the Public Network Infrastructure are highly recommended because these measures provide a high degree of flexibility and transparency to application clients.
If the Oracle Internet Directory services are accessed from the Internet, this would include a couple of high speed links (T1 to T3) and an intelligent TCP/IP level load balancer. If the Oracle Internet Directory services are accessed from an Intranet, this would include high speed LAN connections to the server computers running the Oracle directory server and an intelligent TCP/IP level load balancer. In both cases, there would be more than one computer serving LDAP requests so that failure of one Oracle directory server computer would not affect availability.
Figure 10-2 illustrates a typical Internet deployment of Oracle Internet Directory with network-level failover enabled.
In Figure 10-2, the Oracle directory servers (LDAP servers) can be connected to either the same back-end database or different back-end databases. In this deployment, network-level load balancing can be accomplished by both hardware and software solutions.
This section contains these topics:
Hardware-based load balancing technology is available from several vendors. These redirection devices connect directly to the Internet and can route requests among several server computers. They can also detect computer failures and stop routing requests to the failed computer. This feature guarantees that new connections from clients will not be routed to a failed computer. When a computer comes back, the device detects it and starts routing new requests to it. These devices also perform some load balancing, which makes sure that client requests are uniformly distributed.
Some of the vendors providing hardware based re-direction technologies are:
Accelar Server Switches from Nortel Networks
Local Director from Cisco
BIG/ip from F5 Labs Inc.
Hydra from HydraWEB Technologies
Equalizer from Coyote Point Systems
Multimaster replication makes it possible for the directory system to be available for both access and updates at all times, as long as at least one of the nodes in the system is available. When a node comes back online after a period of unavailability, replication from the existing nodes will resume automatically and cause its contents to be synchronized transparently.
Any directory system with high availability requirements should always employ a network of replicated nodes in multimaster configuration. A replica node is recommended for each region that is separated from others by a relatively low speed or low bandwidth network segment. Such a configuration, while allowing speedy directory access to the clients in the same region, also serves as a failover arrangement during regional failures elsewhere.
The Private Network Infrastructure is the network used by Oracle Internet Directory and its back-end components to communicate with each other. In cases where Oracle Internet Directory is deployed on the Internet, Oracle Corporation recommends that this network be physically different from the network used to serve client requests. In cases where Oracle Internet Directory is deployed over an Intranet, the same LAN may be used, but Oracle Internet Directory components should have dedicated bandwidth with the help of a network switch. Because Oracle Internet Directory depends on the Private Network Infrastructure for its communications, you must take adequate precautions to guarantee availability in the event of failures in the Private Network. Some of the options available in this area are:
IP address takeover feature is available on many commercial clusters. This feature protects an installation against failures of the Network Interface Cards (NICs). To make this mechanism work, installations must have two NICs for each IP address assigned to a server. Both the NICs must be connected to the same physical network. One NIC is always active while the other is in a standby mode. The moment the system detects a problem with the main adapter, it immediately fails over to the standby NIC. Ongoing TCP/IP connections are not disturbed and as a result clients do not notice any downtime on the server.
Since all networks (with the exception of wireless networks) are comprised of wires going from one location to the other, there is a distinct possibility that someone might unintentionally disconnect a wire that is used to link a client computer to a server computer. If you want to take such precautions, use NICs and hubs/switches that come with the capability to use redundant links in case of a link level failure.
In Figure 10-3, both the database and Oracle directory server (LDAP server) reside on the same computer. Changes on one directory server instance are reflected on the second directory server instance through multimaster replication. When a failure of the directory server or database server on a particular node occurs, it is elevated to a computer failure so that the load balancer will stop handing off connections to the computer on which there was a failure.
Figure 10-3 Deployment Example (Two Oracle Internet Directory Nodes in Replication)
As Figure 10-4 illustrates, each region can be set up with two Oracle Internet Directory nodes replicating between each other. This configuration is typical of global directory networks deployed by large enterprises where each of the regions could potentially represent a continent or a country.