Skip Headers
Oracle® Application Server High Availability Guide
10g Release 2 (10.1.2)
B14003-03
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

9 OracleAS Infrastructure: High Availability Topologies

This chapter describes the high availability topologies for OracleAS Infrastructure. These topologies are composed of configurations described in previous chapters.

9.1 Summary of OracleAS Infrastructure High Availability Topologies

Table 9-1 lists the OracleAS Infrastructure topologies, and the configurations that they use.

Table 9-1 High Availability Topologies for OracleAS Infrastructure, and the Configurations Used by Each Topology

Topology OracleAS Metadata Repository
Oracle Identity Management

OracleAS Cold Failover Cluster (Infrastructure)Topology


New database installed by installer (using "Identity Management and OracleAS Metadata Repository" installation type): active-passive configuration

n/a (Oracle Identity Management components are installed with the OracleAS Metadata Repository)

Distributed OracleAS Cold Failover Cluster (Infrastructure)Topology


New database installed by installer (using "Identity Management and OracleAS Metadata Repository" installation type): active-passive configuration

OracleAS Single Sign-On and Oracle Delegated Administration Services: active-active or active-passive configuration

Oracle Internet Directory and Oracle Directory Integration and Provisioning: installed with OracleAS Metadata Repository in active-passive configuration

OracleAS Cold Failover Cluster (Identity Management) Topology


Existing database

Active-passive configuration

DistributedOracleAS Cold Failover Cluster (Identity Management) Topology


Existing database

Oracle Internet Directory and Oracle Directory Integration and Provisioning: active-passive configuration

OracleAS Single Sign-On and Oracle Delegated Administration Services: active-active configuration

OracleAS Cluster (Identity Management) Topology


Existing database

Active-active configuration

DistributedOracleAS Cluster (Identity Management) Topology


Existing database

Oracle Internet Directory and Oracle Directory Integration and Provisioning: active-active configuration

OracleAS Single Sign-On and Oracle Delegated Administration Services: active-active configuration


9.2 OracleAS Cold Failover Cluster (Infrastructure) Topology

Figure 9-1 shows an OracleAS Cold Failover Cluster (Infrastructure). It consists of:

The OracleAS Cold Failover Cluster (Infrastructure) topology provides the following capabilities:

Figure 9-1 OracleAS Cold Failover Cluster (Infrastructure): Normal Operation

Description of Figure 9-1  follows
Description of "Figure 9-1 OracleAS Cold Failover Cluster (Infrastructure): Normal Operation"

9.2.1 OracleAS Cold Failover Cluster (Infrastructure) on Microsoft Windows

On Microsoft Windows, the OracleAS Cold Failover Cluster (Infrastructure) topology has the characteristics described in the previous section, but it also has these unique features:

  • The nodes in the hardware cluster need to have Microsoft Cluster Server software for managing high availability for the cluster.

  • You need to install Oracle Fail Safe on the local storage of each node. Oracle Fail Safe works with Microsoft Cluster Server to manage the following:

    • virtual hostname and IP address

    • OracleAS Metadata Repository database

    • OPMN

    • Application Server Control Console

The integration of Oracle Fail Safe and Microsoft Cluster Server provides an easy-to-manage environment and automatic failover functionality in the OracleAS Cold Failover Cluster topology. The OracleAS Metadata Repository database, its TNS listener, and OPMN run as Windows services and are monitored by Oracle Fail Safe and Microsoft Cluster Server. If any of these services fails, Microsoft Cluster Server tries to restart the service three times (the default setting) before failing the group to the standby node. Additionally, OPMN monitors, starts, and restarts the Oracle Internet Directory, OC4J, and Oracle HTTP Server components.

Resource Groups

Central to the Windows OracleAS Cold Failover Cluster topology is the concept of resource groups. A group is a collection of resources that you set up in Oracle Fail Safe. During failover from the active node to the standby node, the group and the resources in it fail over as a unit. When you install an OracleAS Cold Failover Cluster configuration, you create a group for the configuration. This group consists of the following:

  • virtual hostname and virtual IP address for the cluster

  • shared storage

  • OracleAS Metadata Repository database

  • TNS listener for the database

  • OPMN

  • Application Server Control Console

In Figure 9-2, the virtual hostname cfcinfra.mydomain.com and virtual IP 144.25.245.1 are used. When a failover occurs from node 1 to node 2, the virtual hostname and IP are moved to the standby node, which becomes the active node. The failure of the active node is transparent to the middle-tier components.


Note:

Only static IP addresses can be used in the OracleAS Cold Failover Cluster (Infrastructure) topology for Windows.

Figure 9-2 OracleAS Cold Failover Cluster (Infrastructure) on Microsoft Windows

Description of Figure 9-2  follows
Description of "Figure 9-2 OracleAS Cold Failover Cluster (Infrastructure) on Microsoft Windows"

9.2.2 Installation Highlights

The Oracle Application Server Installation Guide has details on installing this topology. Some highlights:

  • On Windows, you install Oracle Fail Safe on the local storage of each of the OracleAS Cold Failover Cluster (Infrastructure) nodes.

  • You run the installer on one of the nodes in the cluster and install the Oracle home on the shared storage. The Oracle home includes both OracleAS Metadata Repository and Oracle Identity Management.

  • During installation, you enter the virtual hostname for the hardware cluster. This virtual hostname is associated with the virtual IP of the hardware cluster. Clients use this virtual hostname to access the active node of the OracleAS Cold Failover Cluster.

9.2.3 Runtime

This section uses the sample values shown in Figure 9-1:

Table 9-2 Sample Values for OracleAS Cold Failover Cluster (Infrastructure)

Item Sample Value

Physical nodes

Node 1 and Node 2

Virtual hostname

cfcinfra.mydomain.com

Virtual IP address

144.25.245.1


The virtual hostname, cfcinfra.mydomain.com, is mapped to the virtual IP address, and the middle tier associates the OracleAS Infrastructure with cfcinfra.mydomain.com.

In normal operating mode, the hardware cluster's software enables the virtual IP address on Node 1 and starts all OracleAS Infrastructure processes (database, database listener, Oracle Enterprise Manager 10g, and OPMN) on that node. OPMN then starts, monitors, and restarts, if necessary, the following OracleAS Infrastructure processes: Oracle Internet Directory, OC4J instances, and Oracle HTTP Server.

9.2.4 Failover

If the primary node fails, the virtual IP address is manually enabled on the secondary node (Figure 9-3). All the OracleAS Infrastructure processes are then started on the secondary node. Middle tiers accessing the OracleAS Infrastructure will see a temporary loss of service as the virtual IP and the shared storage are moved over to Node2, and the database, database listener, and all other OracleAS Infrastructure processes are started. Once the processes are up, middle-tier processes that were retrying during this time are reconnected. New connections are not aware that a failover has occurred.

If you plan to use the Automatic Storage Management (ASM) feature of Oracle Database 10g for the OracleAS Metadata Repository, the Cluster Synchronization Services (CSS) daemon must be configured on the standby node. The CSS daemon synchronizes ASM instances with the database instances that use the ASM instances for database file storage. Specific instructions are provided in the OracleAS Cold Failover Cluster chapter in the Oracle Application Server Installation Guide.

Figure 9-3 OracleAS Cold Failover Cluster (Infrastructure): After Failover

Description of Figure 9-3  follows
Description of "Figure 9-3 OracleAS Cold Failover Cluster (Infrastructure): After Failover"

While the hardware cluster framework can start, monitor, detect, restart, or failover OracleAS Infrastructure processes, these actions are not automatic and involve some scripting or simple programming.

9.2.4.1 Failover on Solaris Systems

The following shows the steps to fail over from the active node to the standby node for Solaris systems with a Veritas Volume Manager.

Steps to Perform on the Failed Node

  1. If necessary, stop or kill all processes belonging to the OracleAS Cold Failover Cluster (Infrastructure) instance on this node.

  2. As root, stop the Oracle Cluster Synchronization Services (CSS) daemon, ocssd, if it is running. Use the following command:

    # /etc/init.d/init.cssd stop
    
    
  3. Follow the steps in "Steps to Perform on the Failed Node" (in Section 8.6.2, "Manual Steps for Failover on Solaris Systems").

Steps to Perform on the New Active Node

  1. Follow the steps in "Steps to Perform on the New Active Node" (in Section 8.6.2, "Manual Steps for Failover on Solaris Systems").

  2. If the Oracle Cluster Synchronization Services (CSS) daemon, ocssd, is required, run the following command as the user which installed the Oracle home:

    > /etc/init.d/init.cssd start
    
    
  3. Start Oracle Application Server processes on this new active node. In this case, you need to start up the OracleAS Metadata Repository and the Oracle Identity Management processes:

    1. Start the OracleAS Metadata Repository database:

      > ORACLE_HOME/bin/sqlplus /nolog
      SQL> connect SYS as SYSDBA
      SQL> startup
      
      
    2. Start the OracleAS Metadata Repository database listener.

      > ORACLE_HOME/bin/lsnrctl start
      
      
    3. Start Oracle Identity Management processes on this new active node.

      > ORACLE_HOME/opmn/bin/opmnctl startall
      
      

9.2.4.2 Failover on Windows Systems

The steps are described in Section 8.6.3, "Manual Steps for Failover on Windows Systems".

9.2.4.3 Failover on Linux Systems

The following shows the steps to failover from the active node to the standby node on Linux systems.

Steps to Perform on the Failed Node

  1. Make sure all processes belonging to the OracleAS Cold Failover Cluster (Infrastructure) instance on the failed node are down.

  2. Login as root.

  3. Use the following command to stop the Oracle Cluster Synchronization Services (CSS) daemon, ocssd, if it is running:

    # /etc/init.d/init.cssd stop
    
    
  4. Follow the steps in "Steps to Perform on the Failed Node" (in Section 8.6.4, "Manual Steps for Failover on Linux Systems").

On the new active node:

Steps to Perform on the New Active Node

  1. Follow the steps in "Steps to Perform on the New Active Node" (in Section 8.6.4, "Manual Steps for Failover on Linux Systems").

  2. If the Oracle Cluster Synchronization Services (CSS) daemon, ocssd, is required, run the following command as the user that installed the Oracle home:

    > /etc/init.d/init.cssd start
    
    
  3. Start all OracleAS Infrastructure processes on this new active node with the following commands:

    1. Set the ORACLE_HOME environment variable to the OracleAS Infrastructure's Oracle home.

    2. Set the ORACLE_SID environment variable to the OracleAS Metadata Repository's system identifier.

    3. Start the OracleAS Metadata Repository database:

      > ORACLE_HOME/bin/sqlplus /nolog
      SQL> connect SYS as SYSDBA
      SQL> startup
      
      
    4. Start the OracleAS Infrastructure database listener.

      > ORACLE_HOME/bin/lsnrctl start
      
      
    5. Start OPMN and all OPMN-managed processes using the following command:

      > ORACLE_HOME/opmn/bin/opmnctl startall
      
      
    6. Start the Application Server Control Console:

      > ORACLE_HOME/bin/emctl start iasconsole
      

9.2.5 Startup Procedure

Use the following steps to start up the OracleAS Infrastructure components in an OracleAS Cold Failover Cluster (Infrastructure):

  1. As root, enable volume management software and mount the file system if necessary.

  2. Enable the virtual IP address on the current node.

  3. Set the ORACLE_HOME environment variable to the OracleAS Infrastructure's Oracle home.

  4. Set the ORACLE_SID environment variable to the OracleAS Metadata Repository database's system identifier.

  5. Set the PATH environment variable to include the OracleAS Infrastructure's ORACLE_HOME/bin directory.

    On Windows, you can use the following command to set the PATH:

    set PATH=%ORACLE_HOME%\bin;%PATH%
    

    Note:

    Specify the path of the Oracle home as the first entry in the PATH environment variable if you have several Oracle homes installed on the computer. Also, ensure that the full paths of the executables you use are specified.

  6. Start the OracleAS Metadata Repository database listener.

    > ORACLE_HOME/bin/lsnrctl start
    
    
  7. Start the OracleAS Metadata Repository database:

    On UNIX systems:

    > $ORACLE_HOME/bin/sqlplus /nolog
    SQL> connect SYS as SYSDBA
    SQL> startup
    
    

    On Windows systems:

    > %ORACLE_HOME%\bin\sqlplus /nolog
    SQL> connect SYS as SYSDBA
    SQL> startup
    
    
  8. Start OPMN and all OPMN-managed processes.

    > ORACLE_HOME/opmn/bin/opmnctl startall
    
    
  9. Start the Application Server Control Console:

    > ORACLE_HOME/bin/emctl start iasconsole
    
    

9.2.6 Stop Procedure

Use the following steps to stop the OracleAS Infrastructure in an OracleAS Cold Failover Cluster:

  1. Set the ORACLE_HOME environment variable to the Infrastructure's Oracle home.

  2. Set the ORACLE_SID environment variable to the metadata repository's system identifier.

  3. Stop the Application Server Control Console.

    > ORACLE_HOME/bin/emctl stop iasconsole
    
    
  4. Stop OPMN and all OPMN-managed processes for each OracleAS instance locally.

    To shut down the OPMN daemon and all OPMN-managed processes:

    > ORACLE_HOME/opmn/bin/opmnctl stopall
    
    
  5. Stop the OracleAS Metadata Repository database:

    On UNIX systems:

    > $ORACLE_HOME/bin/sqlplus /nolog
    SQL> connect SYS as SYSDBA
    SQL> shutdown
    
    

    On Windows systems:

    > %ORACLE_HOME%\bin\sqlplus /nolog
    SQL> connect SYS as SYSDBA
    SQL> shutdown
    
    
  6. Stop the OracleAS Infrastructure database listener.

    > ORACLE_HOME/bin/lsnrctl stop
    
    

The next two steps are required only if you are stopping on the current node to fail over to the other node. Otherwise it is not a mandatory part of the stop process.

  1. As root, disable volume management software and unmount the file system (if necessary).

  2. Disable the virtual IP address from the current node.

9.2.7 Use of Application Server Control Console

You can use the Application Server Control Console to manage OracleAS Cold Failover Cluster (Infrastructure). Figure 9-4 shows a sample screen.

In the URL for the Application Server Control Console, you use the virtual hostname instead of the physical hostname.

Figure 9-4 Application Server Control Console with OracleAS Cold Failover Cluster (Infrastructure)

Description of Figure 9-4  follows
Description of "Figure 9-4 Application Server Control Console with OracleAS Cold Failover Cluster (Infrastructure)"

9.2.8 Changing Configuration

In an OracleAS Cold Failover Cluster (Infrastructure), OracleAS Metadata Repository and Oracle Identity Management are installed together in the same Oracle home on the shared storage. To change the configuration for OracleAS Cold Failover Cluster (Infrastructure), you use the standard OracleAS Infrastructure administration techniques described in the Oracle Application Server Administrator's Guide.

9.2.9 Configuring Virtual IPs

The Oracle Application Server Installation Guide for your platform cover the instructions for configuring the virtual IPs for a OracleAS Cold Failover Cluster (Infrastructure):

  • If you are running UNIX platforms, see section 11.2.2, "Map the Virtual Hostname and Virtual IP Address" in the Oracle Application Server Installation Guide for your platform

  • If you are running on Microsoft Windows, see section 11.2.2, "Get a Virtual Address for the Cluster" in the Oracle Application Server Installation Guide for Microsoft Windows

9.2.10 Backup and Recovery Procedure

For backing up OracleAS Cold Failover Cluster environments and recovering these backups during failures, use the backup and recovery procedures provided in the Oracle Application Server Administrator's Guide.

Additionally, the following considerations should be noted:

Backup considerations:

  • Oracle recommends that you place archive logs for the OracleAS Metadata Repository on the shared disk. This ensures that, when failing over from one cluster node to another in the case of media recovery, the archive logs are also failed over and available.

  • You can generate archive logs to a local file system; however, the same path must be available during runtime on whichever node is hosting the OracleAS Infrastructure instance.

  • Proper capacity planning is required in order to ensure adequate space is available to store the desired number of archive logs.

Recovery considerations:

  • If archive logs are stored on a local file system, in the case of media recovery, all archive logs must be made available to the application server instance performing the recovery. Recovery can be performed on either node of the cluster.

9.3 Distributed OracleAS Cold Failover Cluster (Infrastructure) Topology

In a distributed OracleAS Cold Failover Cluster (Infrastructure) (see Figure 9-5), you distribute the Oracle Identity Management components to create a more secure environment. You deploy OracleAS Single Sign-On and Oracle Delegated Administration Services separately from the other OracleAS Infrastructure components.

Typically, you run OracleAS Single Sign-On and Oracle Delegated Administration Services between two firewalls (in a DMZ), and Oracle Internet Directory and OracleAS Metadata Repository behind the inner firewall, as shown in Figure 9-5. The figure also shows Oracle Application Server middle tiers running on the same nodes as OracleAS Single Sign-On and Oracle Delegated Administration Services.

Clients from outside the first firewall can access OracleAS Single Sign-On and Oracle Delegated Administration Services. The second firewall prevents clients from accessing the OracleAS Metadata Repository and Oracle Internet Directory directly.

To access Oracle Internet Directory in the other tier, OracleAS Single Sign-On and Oracle Delegated Administration Services use the virtual hostname (oidmr.mydomain.com in Figure 9-5).

Figure 9-5 Distributed OracleAS Cold Failover Cluster (Infrastructure)

Description of Figure 9-5  follows
Description of "Figure 9-5 Distributed OracleAS Cold Failover Cluster (Infrastructure)"

9.3.1 Tiers in this Topology

Table 9-3 lists the tiers in this topology:

Table 9-3 Tiers in a Distributed OracleAS Cold Failover Cluster (Infrastructure)

Tier Configuration For Information on Managing This Tier, See:

OracleAS Metadata Repository + all Oracle Identity Management components except OracleAS Single Sign-On and Oracle Delegated Administration Services

Active-Passive

Section 9.3.4, "Runtime for the OracleAS Metadata Repository / Oracle Internet Directory Tier"


OracleAS Single Sign-On and Oracle Delegated Administration Services

Active-active or active-passive

Section 8.9, "OracleAS Single Sign-On and Oracle Delegated Administration Services in Active-Active Configurations"

- or -

Section 8.10, "OracleAS Single Sign-On and Oracle Delegated Administration Services in Active-Passive Configurations"


9.3.2 External Load Balancer Requirements

In this topology, you can run OracleAS Single Sign-On and Oracle Delegated Administration Services in an active-active configuration or active-passive configuration. If you run them in an active-active configuration, you need an external load balancer with the following features:

  • virtual server name and port configuration

  • death detection

  • persistence configuration for HTTP URLs

See Section 2.2.4.2, "External Load Balancers" for details on these features.

9.3.3 Installation Highlights

The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:

  • You need to configure the virtual server name on the load balancer before you run the installer.

  • On Windows, you have to install Oracle Fail Safe on the local storage of each of the OracleAS Cold Failover Cluster (Infrastructure) nodes, that is, the nodes that are running OracleAS Metadata Repository and Oracle Internet Directory.

  • You install the components in the following order:

    1. Install OracleAS Metadata Repository, Oracle Internet Directory, and Oracle Directory Integration and Provisioning on the shared disk. During installation, you need to enter the virtual hostname configured for the hardware cluster.

    2. Install OracleAS Single Sign-On and Oracle Delegated Administration Services. You can install and run these components in an active-active or active-passive configuration. The installation procedure depends on the configuration that you want.

9.3.4 Runtime for the OracleAS Metadata Repository / Oracle Internet Directory Tier

You deploy the following OracleAS Infrastructure components in an OracleAS Cold Failover Cluster:

  • OracleAS Metadata Repository

  • Oracle Internet Directory

  • Oracle Directory Integration and Provisioning

In an OracleAS Cold Failover Cluster, you have one active node and one passive node ("active-passive" configuration), and a virtual hostname and virtual IP address for the cluster.

Only one node of the hardware cluster is active at any time. The virtual hostname (oidmr.mydomain.com) points to the active node. The shared storage is mounted only on the active node.

To access the components running in this tier, clients use the virtual hostname. For example, to access the OracleAS Metadata Repository or Oracle Internet Directory, you use the virtual hostname (oidmr.mydomain.com).

OPMN runs on this tier to manage the Oracle Internet Directory processes.

9.3.5 Failover for the OracleAS Metadata Repository / Oracle Internet Directory Tier

If the active tier fails, the clusterware fails over the OracleAS Metadata Repository, Oracle Internet Directory, Application Server Control, and OPMN processes to the standby node.

The clusterware also mounts the shared storage on the new active node and associates the virtual hostname and virtual IP address with the new active node.

Failover from the active node to the passive node occurs at the node level. All the components running on the active node (Oracle Internet Directory, Oracle Directory Integration and Provisioning, and OracleAS Metadata Repository) fail over together to the passive node.

On Windows, Oracle Fail Safe performs the failover.

9.3.6 Startup Procedure

To start up the processes on the different tiers, you have to start them up in the following order:

  1. On the active node in the OracleAS Metadata Repository and Oracle Internet Directory tier:

    1. Start up the OracleAS Metadata Repository.

    2. Start up the Oracle Internet Directory and other processes.

    3. Start up Application Server Control.

  2. Start up the OracleAS Single Sign-On and Oracle Delegated Administration Services components on each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier. Section 8.9.4, "Starting OracleAS Single Sign-On / Oracle Delegated Administration Services" lists the start commands.

9.3.7 Stop Procedure

To stop the processes on the different tiers, you stop them in the following order:

  1. Stop the processes on each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier. Section 8.9.5, "Stopping OracleAS Single Sign-On / Oracle Delegated Administration Services" lists the stop commands.

  2. On the active node in the OracleAS Metadata Repository and Oracle Internet Directory tier:

    1. Stop Oracle Internet Directory and other processes.

    2. Stop the OracleAS Metadata Repository.

    3. Stop Application Server Control.

9.3.8 Use of Application Server Control

You can use Application Server Control to manage the components in a distributed OracleAS Cold Failover Cluster (Infrastructure).

For the OracleAS Metadata Repository and Oracle Internet Directory nodes, you use the virtual hostname in the Application Server Control URL, for example: http://oidmr.mydomain.com:1156 (assuming Application Server Control is running on port 1156).

For the OracleAS Single Sign-On and Oracle Delegated Administration Services nodes, you use the physical hostname of either node in the Application Server Control URL, for example, http://sso1.mydomain.com:1156 or http://sso2.mydomain.com:1156.

9.3.9 Monitoring Procedure

Typically, OPMN monitors Oracle Application Server processes for you, so you do not have to monitor them yourself. However, if you want to monitor them manually, you can use Application Server Control or commands to monitor the status of OracleAS Infrastructure components running on all the nodes.

See Section 7.4, "Checking the Status of OracleAS Metadata Repository" and Section 8.11, "Checking the Status of Oracle Identity Management Components" for a list of commands that you can run. Make sure you run the commands on the appropriate node. For example, to check on Oracle Internet Directory, run the command on the OracleAS Metadata Repository and Oracle Internet Directory node.

9.3.10 Backup and Recovery Procedure

See Section 9.2.10, "Backup and Recovery Procedure" for some backup and recovery guidelines.

9.4 OracleAS Cold Failover Cluster (Identity Management) Topology

In an OracleAS Cold Failover Cluster (Identity Management) (see Figure 9-6), you install and run the Oracle Identity Management components in an OracleAS Cold Failover Cluster. For the OracleAS Metadata Repository, you install it in an existing database using the OracleAS Metadata Repository Creation Assistant. This database should be a high availability database, such as a Real Application Clusters database or a cold failover cluster database. Figure 9-6 shows a cold failover cluster database in the topology.

You need a virtual hostname and virtual IP address for the nodes running the Oracle Identity Management components. Clients, including middle tiers, use the virtual hostname to access the Oracle Identity Management components.

If You Are Using a Cold Failover Cluster Database

If you are using a cold failover cluster database, you can install and run Oracle Identity Management on the same nodes as the database. You can also make each node an active node: one node can be the active node for the Oracle Identity Management components, and the other node can be the active node for the database. For example, in Figure 9-6, Node 1 is the active node for Oracle Identity Management, but Node 2 is the active node for the database containing the OracleAS Metadata Repository. This enables you to use both nodes at the same time. If one node fails, then processes running on that node are failed over to the other node, and that node runs all the processes (database and Oracle Identity Management).

To do this, you need to set up separate virtual hostnames and virtual IP addresses for Oracle Identity Management and the database because they point to different active nodes. In Figure 9-6, the virtual hostname for Oracle Identity Management, im.mydomain.com, points to Node 1, but the virtual hostname for the database, mr.mydomain.com, points to Node 2.

Figure 9-6 OracleAS Cold Failover Cluster (Identity Management)

Description of Figure 9-6  follows
Description of "Figure 9-6 OracleAS Cold Failover Cluster (Identity Management)"

9.4.1 Tiers in this Topology

Table 9-4 lists the tiers in this topology:

Table 9-4 Tiers in an OracleAS Cold Failover Cluster (Identity Management)

Tier Configuration For Information on Managing This Tier, See:

OracleAS Metadata Repository


Installed in an existing database

Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository"


Oracle Identity Management components

Active-Passive

Section 8.6, "All Oracle Identity Management Components in Active-Passive Configurations"



9.4.2 Installation Highlights

The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:

  • On Windows, you have to install Oracle Fail Safe on the local storage of each node running Oracle Identity Management.

  • You install the components in the following order:

    1. Install OracleAS Metadata Repository in your existing high availability database using OracleAS Metadata Repository Creation Assistant.

    2. Install Oracle Identity Management on the shared disk. During installation, you enter the virtual hostname configured for the Oracle Identity Management components.

9.4.3 Runtime for the Oracle Identity Management Components

Middle-tier components and applications access Oracle Identity Management services by making LDAP requests to Oracle Internet Directory, and HTTP/HTTPS requests to OracleAS Single Sign-On or Oracle Delegated Administration Services.

Clients can perform single sign-on by making direct HTTP/HTTPS requests to OracleAS Single Sign-On server using the single sign-on URL. This URL uses the virtual hostname configured for Oracle Identity Management.

OracleAS Single Sign-On establishes connection pools to access the OracleAS Metadata Repository database. A connection in the pool uses Oracle Net to communicate with the active database instance(s). Oracle Net is also used by middle-tier components and Oracle Internet Directory to connect to the database.

9.4.4 Failover for the Oracle Identity Management Components

If the node on which the Oracle Identity Management components are running fails, the components fail over to the other node. The virtual hostname and IP also switch to point to the new active node.

If You Are Running a Cold Failover Cluster Database

If you are running a cold failover cluster database and are using one node as the active node for the database and the other node as the active node for Oracle Identity Management (for example, Node 1 is the active node for Oracle Identity Management, and Node 2 is the active node for the database), then the newly active node now runs all the processes. Both virtual hostnames now point to the new active node.

9.4.5 Startup Procedure

To start up the processes, you have to start them up in the following order:

  1. Start up the OracleAS Metadata Repository database.

  2. Start up the Oracle Identity Management components.

  3. Start up Application Server Control.

9.4.6 Stop Procedure

To stop the processes, you stop them in the following order:

  1. Stop the Oracle Identity Management components.

  2. Stop Application Server Control.

  3. Stop the OracleAS Metadata Repository database.

9.4.7 Use of Application Server Control

You can use Application Server Control to manage the Oracle Identity Management components in an OracleAS Cold Failover Cluster (Identity Management).

For the Application Server Control URL, you use the virtual hostname, for example: http://im.mydomain.com:1156 (assuming Application Server Control is running on port 1156).

9.5 Distributed OracleAS Cold Failover Cluster (Identity Management) Topology

This topology is similar to the one described in Section 9.4, "OracleAS Cold Failover Cluster (Identity Management) Topology" except that you install and run OracleAS Single Sign-On and Oracle Delegated Administration Services on one set of nodes, and Oracle Internet Directory on another set of nodes.

You run the OracleAS Single Sign-On and Oracle Delegated Administration Services nodes in an active-active configuration, which means that you place a load balancer in front of these nodes. The load balancer directs requests to these nodes.

For the Oracle Internet Directory nodes, you run them in an active-passive configuration. If you have an existing cold failover cluster database, you can install Oracle Internet Directory on the same nodes as the database.

For the OracleAS Metadata Repository, you can install it, using OracleAS Metadata Repository Creation Assistant, in an existing Real Application Clusters database for active-active availability or in a cold failover cluster database for active-passive availability.

You might choose this topology to create a more secure configuration. This topology enables you to run OracleAS Single Sign-On and Oracle Delegated Administration Services in the DMZ, and Oracle Internet Directory and the OracleAS Metadata Repository database in your intranet behind the DMZ.

Figure 9-7 shows a distributed OracleAS Cold Failover Cluster (Identity Management). The OracleAS Metadata Repository is installed in an existing cold failover cluster database. Oracle Internet Directory is installed on the same nodes as the cold failover cluster database.

If you install Oracle Internet Directory on the same cluster as the cold failover database, you need separate virtual hostnames and virtual IP addresses for the database and for Oracle Internet Directory.

Figure 9-7 Distributed OracleAS Cold Failover Cluster (Identity Management)

Description of Figure 9-7  follows
Description of "Figure 9-7 Distributed OracleAS Cold Failover Cluster (Identity Management)"

9.5.1 Tiers in this Topology

Table 9-5 lists the tiers in this topology:

Table 9-5 Tiers in a Distributed OracleAS Cold Failover Cluster (Identity Management)

Tier Configuration For Information on Managing This Tier, See:

OracleAS Metadata Repository


Installed in an existing database

Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository"


Oracle Internet Directory and Oracle Directory Integration and Provisioning components

Active-Passive

Section 8.8, "Oracle Internet Directory and Oracle Directory Integration and Provisioning in Active-Passive Configurations"


OracleAS Single Sign-On and Oracle Delegated Administration Services components

Active-Active

Section 8.9, "OracleAS Single Sign-On and Oracle Delegated Administration Services in Active-Active Configurations"



9.5.2 External Load Balancer Requirements

The OracleAS Single Sign-On and Oracle Delegated Administration Services tier uses an external load balancer. This external load balancer should have the following features:

  • virtual server name and port configuration

  • death detection

  • persistence configuration for HTTP URLs

If you are using the same external load balancer for middle tiers, you may need additional features depending on which middle tier components you are running.

See Section 2.2.4.2, "External Load Balancers" for details on these features.

9.5.3 Installation Highlights

The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:

  • On Windows, you also have to install Oracle Fail Safe on the local storage of each node running Oracle Internet Directory.

  • You install the components in the following order:

    1. Install OracleAS Metadata Repository in your existing database using OracleAS Metadata Repository Creation Assistant.

    2. Install Oracle Internet Directory on the shared disk. During installation, you need to enter the virtual hostname configured for Oracle Internet Directory.

    3. Install OracleAS Single Sign-On and Oracle Delegated Administration Services on the local disk of each node. During installation, you need to enter the virtual server name configured on the load balancer for HTTP traffic.

9.5.4 Runtime and Failover for the OracleAS Single Sign-On and Oracle Delegated Administration Services Tier

See Section 8.9, "OracleAS Single Sign-On and Oracle Delegated Administration Services in Active-Active Configurations".

9.5.5 Runtime and Failover for the Oracle Internet Directory and Oracle Directory Integration and Provisioning Tier

See Section 8.8, "Oracle Internet Directory and Oracle Directory Integration and Provisioning in Active-Passive Configurations".

If You Are Running a Cold Failover Cluster Database

If you are running a cold failover cluster database and are using one node as the active node for the database and the other node as the active node for Oracle Internet Directory (for example, Node 1 is the active node for Oracle Internet Directory, and Node 1 is the active node for the database), then the newly active node now runs all the processes. Both virtual hostnames now point to the new active node.

9.5.6 Startup Procedure

You start the processes in the following order:

  1. Start up the OracleAS Metadata Repository database.

  2. On the active node for Oracle Internet Directory:

    1. Start up Oracle Internet Directory.

    2. Start up Application Server Control.

  3. On each node running OracleAS Single Sign-On and Oracle Delegated Administration Services:

    1. Start up OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.

    2. Start up Application Server Control.

9.5.7 Stop Procedure

You stop the processes in the following order:

  1. On each node running OracleAS Single Sign-On and Oracle Delegated Administration Services:

    1. Stop OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.

    2. Stop Application Server Control.

  2. On the active node for Oracle Internet Directory:

    1. Stop Oracle Internet Directory.

    2. Stop Application Server Control.

  3. Stop the OracleAS Metadata Repository database.

9.5.8 Use of Application Server Control

For Oracle Internet Directory, you can use Application Server Control to manage it. For the Application Server Control URL, you use the virtual hostname, for example: http://oid.mydomain.com:1156 (assuming Application Server Control is running on port 1156).

You can also use Application Server Control to manage OracleAS Single Sign-On and Oracle Delegated Administration Services. In this case, use the physical hostname for the Application Server Control URL.

9.6 OracleAS Cluster (Identity Management) Topology

In an OracleAS Cluster (Identity Management) (see Figure 9-8), you run Oracle Identity Management components (Oracle Internet Directory, OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle Directory Integration and Provisioning) on two or more nodes. Each node runs all of the Oracle Identity Management components mentioned above. A load balancer manages traffic to these nodes.

OracleAS Certificate Authority Not Supported

OracleAS Certificate Authority is not supported in an OracleAS Cluster (Identity Management). You can install and run OracleAS Certificate Authority separately.

Figure 9-8 OracleAS Cluster (Identity Management)

Description of Figure 9-8  follows
Description of "Figure 9-8 OracleAS Cluster (Identity Management)"

The nodes running the Oracle Identity Management components should be functionally equivalent.

These nodes provide active-active availability for Oracle Identity Management services. OracleAS Single Sign-On and Oracle Delegated Administration Services run on a single OC4J_SECURITY instance in each Oracle home. Oracle Internet Directory also runs on each node.

You configure the load balancer with three virtual server names, as shown in Figure 9-8:

OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle Internet Directory access the OracleAS Metadata Repository database instances through Oracle Net load balancing. Note that OracleAS Single Sign-On establishes connection pools to access the database. A connection in the pool can be to any of the database instances in the Real Application Clusters.

9.6.1 Additional Considerations

The following list includes important guidelines for managing an OracleAS Cluster (Identity Management) environment:

9.6.2 Tiers in this Topology

Table 9-6 lists the tiers in this topology:

Table 9-6 Tiers in an OracleAS Cluster (Identity Management)

Tier Configuration For Information on Managing This Tier, See:

OracleAS Metadata Repository


Installed in an existing database

Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository"


Oracle Identity Management components

Active-Active

Section 8.5, "All Oracle Identity Management Components in Active-Active Configurations"



9.6.3 External Load Balancer Requirements

The Oracle Identity Management tier uses an external load balancer. This external load balancer should have the following features:

  • virtual server name and port configuration

  • death detection

  • persistence configuration for HTTP URLs

If you are using the same external load balancer for middle tiers, you may need additional features depending on which middle tier components you are running.

See Section 2.2.4.2, "External Load Balancers" for details on these features.

9.6.4 Installation Highlights

The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:

  • You need to configure the virtual server name on the load balancer before you run the installer.

  • You install the components in the following order:

    1. Install OracleAS Metadata Repository on an existing database. This database should be a high availability database, such as a Real Application Clusters database or a cold failover cluster database.

    2. Install Oracle Internet Directory, Oracle Directory Integration and Provisioning, OracleAS Single Sign-On, and Oracle Delegated Administration Services on each node. During installation, you enter the virtual server name configured on the external load balancer.

9.6.5 Runtime for the OracleAS Metadata Repository Nodes

The nodes on this tier run an Oracle database configured for high availability (such as a Real Application Clusters database or a cold failover cluster database). You manage this database as you would any other Oracle database.

9.6.6 Runtime for the OracleAS Cluster (Identity Management) Nodes

All the nodes on this tier are active. An external load balancer directs requests to these nodes. To access the components running on these nodes, clients use the appropriate virtual server name configured on the load balancer. For example, clients trying to access OracleAS Single Sign-On or Oracle Delegated Administration Services use the virtual server name for the HTTP protocol, while clients trying to access Oracle Internet Directory use the virtual server name for the LDAP protocol.

OPMN also runs on each node in this tier. If an OPMN-managed component fails, OPMN tries to restart it.

9.6.7 Failover on the OracleAS Cluster (Identity Management) Nodes

OPMN runs on each node to provide process management, monitoring, and notification services for the OC4J_SECURITY instances, Oracle HTTP Server, and oidmon processes. If any of these processes fails, OPMN detects the failure and attempts to restart it. If the restart is unsuccessful, the load balancer detects the failure (usually through a non-response timeout) and directs requests to an active process running on another node in the OracleAS Cluster (Identity Management).

oidmon monitors the oidldapd, oidrepld, and odisrv Oracle Internet Directory processes, while OPMN monitors oidmon. If oidldapd, oidrepld, or odisrv fails, oidmon attempts to restart it locally. Similarly, if oidmon fails, OPMN tries to restart it locally. Only one odisrv process and one oidrepld process can be active at any time in an OracleAS Cluster (Identity Management) while multiple oidldapd processes can run in the same cluster. See the Oracle Internet Directory Administrator's Guide for details.

If a node fails, the load balancer detects the failure and redirects requests to a remaining active node. Because each node provides identical services as the others, all requests can be fulfilled by the remaining nodes.

For information on Oracle Internet Directory in OracleAS Cluster (Identity Management) and how directory replication can provide high availability, see Chapter 12, "Deploying Identity Management with Multimaster Replication".

9.6.8 Failover on the OracleAS Metadata Repository Tier

If you installed the OracleAS Metadata Repository in an existing Real Application Clusters database, node failures are managed by Oracle Net and Real Application Clusters. Oracle Net redirects requests to remaining active database instances if any of the other database instances fail.

If you installed the OracleAS Metadata Repository in a cold failover cluster database, node failure is performed by switching the virtual hostname and IP to the standby node and starting the database processes on that node. Section 7.1.5, "Failing Over a Cold Failover Cluster Database" provides instructions on how to accomplish these tasks.

9.6.9 Startup Procedure

To start up the processes on the different tiers, you have to start them up in the following order:

  1. Start up the OracleAS Metadata Repository database.

  2. On each node in the OracleAS Cluster (Identity Management), start up the Oracle Identity Management components.

  3. Start up Application Server Control.

9.6.10 Stop Procedure

To stop the processes on the different tiers, you have to stop them in the following order:

  1. On each node in the OracleAS Cluster (Identity Management), stop the Oracle Identity Management components.

  2. Stop the OracleAS Metadata Repository database.

  3. Stop Application Server Control.

9.6.11 Use of Application Server Control

You can use Application Server Control to manage the Oracle Identity Management components in an OracleAS Cluster (Identity Management). For the OracleAS Metadata Repository, you manage the database using database management tools, such as Enterprise Manager.

For the OracleAS Cluster (Identity Management) nodes, you use the physical hostname in the Application Server Control URL, for example: http://im1.mydomain.com:1156 (assuming Application Server Control is running on port 1156).

9.7 Distributed OracleAS Cluster (Identity Management) Topology

This is a variation of the OracleAS Cluster (Identity Management) Topology. Instead of running all the Oracle Identity Management components on each of the OracleAS Cluster (Identity Management) nodes, you separate out OracleAS Single Sign-On and Oracle Delegated Administration Services to run on another set of OracleAS Cluster (Identity Management) nodes. See Figure 9-9.

The advantage of this topology is that you can deploy the nodes running OracleAS Single Sign-On and Oracle Delegated Administration Services in the DMZ, and deploy Oracle Internet Directory inside your intranet, protected by the firewalls (as shown in Figure 9-9).

This topology provides flexibility in placing your components. In this topology:

OracleAS Certificate Authority Not Supported

OracleAS Certificate Authority is not supported in an OracleAS Cluster (Identity Management). You can install and run OracleAS Certificate Authority separately.

Figure 9-9 Distributed OracleAS Cluster (Identity Management)

Description of Figure 9-9  follows
Description of "Figure 9-9 Distributed OracleAS Cluster (Identity Management)"

9.7.1 Tiers in this Topology

Table 9-7 lists the tiers in this topology:

Table 9-7 Tiers in an OracleAS Cluster (Identity Management)

Tier Configuration For Information on Managing This Tier, See:

OracleAS Metadata Repository


Installed in an existing database

Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository"


Oracle Internet Directory and Oracle Directory Integration and Provisioning

Active-Active

Section 8.7, "Oracle Internet Directory and Oracle Directory Integration and Provisioning in Active-Active Configurations"


OracleAS Single Sign-On and Oracle Delegated Administration Services

Active-Active

Section 8.9, "OracleAS Single Sign-On and Oracle Delegated Administration Services in Active-Active Configurations"



9.7.2 External Load Balancer Requirements

The Oracle Identity Management tier uses an external load balancer. This external load balancer should have the following features:

  • virtual server name and port configuration

  • death detection

  • persistence configuration for HTTP URLs

If you are using the same external load balancer for middle tiers, you may need additional features depending on which middle tier components you are running.

See Section 2.2.4.2, "External Load Balancers" for details on these features.

9.7.3 Installation Highlights

The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:

  • You need to configure the virtual server name on the load balancer before you run the installer.

  • You install the components in the following order:

    1. Install OracleAS Metadata Repository on an existing database. This database should be a high availability database, such as a Real Application Clusters database or a cold failover cluster database.

    2. Install Oracle Internet Directory and Oracle Directory Integration and Provisioning on each node separately. During installation, you enter the virtual server name configured on the load balancer.

    3. Install OracleAS Single Sign-On and Oracle Delegated Administration Services on each node separately. During installation, you enter the virtual server name configured on the load balancer.

9.7.4 Runtime for the OracleAS Metadata Repository Nodes

The nodes on this tier run an Oracle database configured for high availability (such as a Real Application Clusters database or a cold failover cluster database). You manage this database as you would any other Oracle database.

9.7.5 Runtime for the Oracle Internet Directory and Oracle Directory Integration and Provisioning Nodes

All the nodes on this tier are active. A load balancer directs requests to these nodes. To access Oracle Internet Directory, clients use the virtual server name for the LDAP protocol.

OPMN also runs on each node in this tier to monitor the oidmon process, which in turn monitors the Oracle Internet Directory processes. If oidmon fails, OPMN tries to restart it. If an Oracle Internet Directory process fails, oidmon tries to start it up.

9.7.6 Runtime for the OracleAS Single Sign-On and Oracle Delegated Administration Services Nodes

All the nodes on this tier are active. A load balancer directs traffic to these nodes. Clients send requests to OracleAS Single Sign-On and Oracle Delegated Administration Services using the load balancer's HTTP virtual server name (sso.mydomain.com in Figure 9-9).

OracleAS Single Sign-On and Oracle Delegated Administration Services run in the OC4J_SECURITY instance on each node.

OPMN runs on each nodes to monitor Oracle HTTP Server and OC4J processes, including OC4J_SECURITY. If these processes go down, OPMN tries to restart them. If restart fails, the load balancer detects that the instance is not running on a node and directs requests to instances running on other nodes.

9.7.7 Failover on the OracleAS Cluster (Identity Management) Nodes

OPMN runs on each node to provide process management, monitoring, and notification services for the OC4J_SECURITY instances, Oracle HTTP Server, and oidmon processes. If any of these processes fails, OPMN detects the failure and attempts to restart it. If the restart is unsuccessful, the load balancer detects the failure (usually through a non-response timeout) and directs requests to an active process running on another node in the OracleAS Cluster (Identity Management).

If a node fails, the load balancer detects the failure and redirects requests to a remaining active node. Because each node provides identical services as the others, all requests can be fulfilled by the remaining nodes.

For information on Oracle Internet Directory in OracleAS Cluster (Identity Management) and how directory replication can provide high availability, see Chapter 12, "Deploying Identity Management with Multimaster Replication".

9.7.8 Failover on the OracleAS Metadata Repository Tier

If you installed the OracleAS Metadata Repository in an existing Real Application Clusters database, node failures are managed by Oracle Net and Real Application Clusters. Oracle Net redirects requests to remaining active database instances if any of the other database instances fail.

If you installed the OracleAS Metadata Repository in a cold failover cluster database, node failure is performed by switching the virtual hostname and IP to the standby node and starting the database processes on that node. Section 7.1.5, "Failing Over a Cold Failover Cluster Database" provides instructions on how to accomplish these tasks.

9.7.9 Startup Procedure

Start up the processes on the different tiers in the following order:

  1. Start up the OracleAS Metadata Repository database.

  2. On each node in the Oracle Internet Directory tier:

    1. Start up Oracle Internet Directory.

    2. Start up Application Server Control.

  3. On each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier:

    1. Start up OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.

    2. Start up Application Server Control.

9.7.10 Stop Procedure

Stop the processes on the different tiers in the following order:

  1. On each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier:

    1. Stop OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.

    2. Stop Application Server Control.

  2. On each node in the Oracle Internet Directory tier:

    1. Stop Oracle Internet Directory.

    2. Stop Application Server Control.

  3. Stop the OracleAS Metadata Repository database.

9.7.11 Use of Application Server Control

You can use Application Server Control to manage the Oracle Identity Management components in a distributed OracleAS Cluster (Identity Management). For the OracleAS Metadata Repository, you manage the database using database management tools, such as Enterprise Manager.

For the OracleAS Single Sign-On/Oracle Delegated Administration Services nodes, you use the physical hostname in the Application Server Control URL, for example: http://sso1.mydomain.com:1156 (assuming Application Server Control is running on port 1156).

9.8 OracleAS Cold Failover Cluster (Infrastructure) and OracleAS Cold Failover Cluster (Middle-Tier) on the Same Nodes

In this topology, a middle tier runs in a cold failover configuration on the same nodes as the OracleAS Cold Failover Cluster (Infrastructure). The middle tier is in an OracleAS Cold Failover Cluster (Middle-Tier) configuration.

The OracleAS Cold Failover Cluster (Infrastructure) and OracleAS Cold Failover Cluster (Middle-Tier) have separate virtual hostnames mapping to separate virtual IPs. This enables the OracleAS Infrastructure and middle tier to fail over independently of each other.

In Figure 9-10, the OracleAS Infrastructure is active on Node 1, while the middle tier is active on Node 2. If Node 2 fails, the middle tier fails over to Node 1. If Node 1 fails, the OracleAS Infrastructure fails over to Node 2. By having the OracleAS Infrastructure active on one node and the middle tier active on the other node during normal operation, you are using resources efficiently as both nodes are performing work and no node is idle. This topology also provides high performance isolation because the middle tier and the OracleAS Infrastructure services run on separate environments.

See the Oracle Application Server Installation Guide for instructions on installing such a topology.

Figure 9-10 OracleAS Cold Failover Cluster (Middle-Tier) on the Same Nodes as OracleAS Cold Failover Cluster (Infrastructure)

Description of Figure 9-10  follows
Description of "Figure 9-10 OracleAS Cold Failover Cluster (Middle-Tier) on the Same Nodes as OracleAS Cold Failover Cluster (Infrastructure)"