Oracle® Application Server High Availability Guide
10g Release 2 (10.1.2) B14003-03 |
|
Previous |
Next |
This chapter describes the high availability topologies for OracleAS Infrastructure. These topologies are composed of configurations described in previous chapters.
Section 9.1, "Summary of OracleAS Infrastructure High Availability Topologies"
Section 9.2, "OracleAS Cold Failover Cluster (Infrastructure)Topology"
Section 9.3, "Distributed OracleAS Cold Failover Cluster (Infrastructure)Topology"
Section 9.4, "OracleAS Cold Failover Cluster (Identity Management) Topology"
Section 9.5, "DistributedOracleAS Cold Failover Cluster (Identity Management) Topology"
Section 9.6, "OracleAS Cluster (Identity Management) Topology"
Section 9.7, "DistributedOracleAS Cluster (Identity Management) Topology"
Table 9-1 lists the OracleAS Infrastructure topologies, and the configurations that they use.
Table 9-1 High Availability Topologies for OracleAS Infrastructure, and the Configurations Used by Each Topology
Topology | OracleAS Metadata Repository
|
Oracle Identity Management
|
---|---|---|
OracleAS Cold Failover Cluster (Infrastructure)Topology |
New database installed by installer (using "Identity Management and OracleAS Metadata Repository" installation type): active-passive configuration |
n/a (Oracle Identity Management components are installed with the OracleAS Metadata Repository) |
Distributed OracleAS Cold Failover Cluster (Infrastructure)Topology |
New database installed by installer (using "Identity Management and OracleAS Metadata Repository" installation type): active-passive configuration |
OracleAS Single Sign-On and Oracle Delegated Administration Services: active-active or active-passive configuration Oracle Internet Directory and Oracle Directory Integration and Provisioning: installed with OracleAS Metadata Repository in active-passive configuration |
OracleAS Cold Failover Cluster (Identity Management) Topology |
Existing database |
Active-passive configuration |
DistributedOracleAS Cold Failover Cluster (Identity Management) Topology |
Existing database |
Oracle Internet Directory and Oracle Directory Integration and Provisioning: active-passive configuration OracleAS Single Sign-On and Oracle Delegated Administration Services: active-active configuration |
OracleAS Cluster (Identity Management) Topology |
Existing database |
Active-active configuration |
DistributedOracleAS Cluster (Identity Management) Topology |
Existing database |
Oracle Internet Directory and Oracle Directory Integration and Provisioning: active-active configuration OracleAS Single Sign-On and Oracle Delegated Administration Services: active-active configuration |
Figure 9-1 shows an OracleAS Cold Failover Cluster (Infrastructure). It consists of:
two nodes in a hardware cluster. One of the nodes is the active node, and the other node is the passive node. The active node runs all the components and responds to all requests. If the active node goes down for any reason, the passive node takes over: it runs the components and handles all the requests.
shared storage that can be mounted by both nodes. The shared storage contains the single Oracle home where you install the Oracle Identity Management and OracleAS Metadata Repository. Only one node, the active node, is mounted to the shared storage at any time.
virtual hostname and virtual IP address. The virtual hostname and virtual IP address point to the active node. Because clients use this virtual hostname, instead of the node's physical hostname, to access the OracleAS Infrastructure, clients do not need to know which node in the cluster is running the OracleAS Infrastructure components.
The OracleAS Cold Failover Cluster (Infrastructure) topology provides the following capabilities:
Node failure protection - hardware cluster and the failover procedure protect the nodes from planned or unplanned node outage.
Process failure protection - OPMN and hardware cluster software detect and restart failed OracleAS Infrastructure processes.
Figure 9-1 OracleAS Cold Failover Cluster (Infrastructure): Normal Operation
On Microsoft Windows, the OracleAS Cold Failover Cluster (Infrastructure) topology has the characteristics described in the previous section, but it also has these unique features:
The nodes in the hardware cluster need to have Microsoft Cluster Server software for managing high availability for the cluster.
You need to install Oracle Fail Safe on the local storage of each node. Oracle Fail Safe works with Microsoft Cluster Server to manage the following:
The integration of Oracle Fail Safe and Microsoft Cluster Server provides an easy-to-manage environment and automatic failover functionality in the OracleAS Cold Failover Cluster topology. The OracleAS Metadata Repository database, its TNS listener, and OPMN run as Windows services and are monitored by Oracle Fail Safe and Microsoft Cluster Server. If any of these services fails, Microsoft Cluster Server tries to restart the service three times (the default setting) before failing the group to the standby node. Additionally, OPMN monitors, starts, and restarts the Oracle Internet Directory, OC4J, and Oracle HTTP Server components.
Resource Groups
Central to the Windows OracleAS Cold Failover Cluster topology is the concept of resource groups. A group is a collection of resources that you set up in Oracle Fail Safe. During failover from the active node to the standby node, the group and the resources in it fail over as a unit. When you install an OracleAS Cold Failover Cluster configuration, you create a group for the configuration. This group consists of the following:
OracleAS Metadata Repository database
OPMN
Application Server Control Console
In Figure 9-2, the virtual hostname cfcinfra.mydomain.com
and virtual IP 144.25.245.1 are used. When a failover occurs from node 1 to node 2, the virtual hostname and IP are moved to the standby node, which becomes the active node. The failure of the active node is transparent to the middle-tier components.
Note: Only static IP addresses can be used in the OracleAS Cold Failover Cluster (Infrastructure) topology for Windows. |
Figure 9-2 OracleAS Cold Failover Cluster (Infrastructure) on Microsoft Windows
The Oracle Application Server Installation Guide has details on installing this topology. Some highlights:
On Windows, you install Oracle Fail Safe on the local storage of each of the OracleAS Cold Failover Cluster (Infrastructure) nodes.
You run the installer on one of the nodes in the cluster and install the Oracle home on the shared storage. The Oracle home includes both OracleAS Metadata Repository and Oracle Identity Management.
During installation, you enter the virtual hostname for the hardware cluster. This virtual hostname is associated with the virtual IP of the hardware cluster. Clients use this virtual hostname to access the active node of the OracleAS Cold Failover Cluster.
This section uses the sample values shown in Figure 9-1:
Table 9-2 Sample Values for OracleAS Cold Failover Cluster (Infrastructure)
Item | Sample Value |
---|---|
Physical nodes |
Node 1 and Node 2 |
Virtual hostname |
cfcinfra.mydomain.com |
Virtual IP address |
144.25.245.1 |
The virtual hostname, cfcinfra.mydomain.com
, is mapped to the virtual IP address, and the middle tier associates the OracleAS Infrastructure with cfcinfra.mydomain.com
.
In normal operating mode, the hardware cluster's software enables the virtual IP address on Node 1 and starts all OracleAS Infrastructure processes (database, database listener, Oracle Enterprise Manager 10g, and OPMN) on that node. OPMN then starts, monitors, and restarts, if necessary, the following OracleAS Infrastructure processes: Oracle Internet Directory, OC4J instances, and Oracle HTTP Server.
If the primary node fails, the virtual IP address is manually enabled on the secondary node (Figure 9-3). All the OracleAS Infrastructure processes are then started on the secondary node. Middle tiers accessing the OracleAS Infrastructure will see a temporary loss of service as the virtual IP and the shared storage are moved over to Node2, and the database, database listener, and all other OracleAS Infrastructure processes are started. Once the processes are up, middle-tier processes that were retrying during this time are reconnected. New connections are not aware that a failover has occurred.
If you plan to use the Automatic Storage Management (ASM) feature of Oracle Database 10g for the OracleAS Metadata Repository, the Cluster Synchronization Services (CSS) daemon must be configured on the standby node. The CSS daemon synchronizes ASM instances with the database instances that use the ASM instances for database file storage. Specific instructions are provided in the OracleAS Cold Failover Cluster chapter in the Oracle Application Server Installation Guide.
Figure 9-3 OracleAS Cold Failover Cluster (Infrastructure): After Failover
While the hardware cluster framework can start, monitor, detect, restart, or failover OracleAS Infrastructure processes, these actions are not automatic and involve some scripting or simple programming.
The following shows the steps to fail over from the active node to the standby node for Solaris systems with a Veritas Volume Manager.
Steps to Perform on the Failed Node
If necessary, stop or kill all processes belonging to the OracleAS Cold Failover Cluster (Infrastructure) instance on this node.
As root, stop the Oracle Cluster Synchronization Services (CSS) daemon, ocssd
, if it is running. Use the following command:
# /etc/init.d/init.cssd stop
Follow the steps in "Steps to Perform on the Failed Node" (in Section 8.6.2, "Manual Steps for Failover on Solaris Systems").
Steps to Perform on the New Active Node
Follow the steps in "Steps to Perform on the New Active Node" (in Section 8.6.2, "Manual Steps for Failover on Solaris Systems").
If the Oracle Cluster Synchronization Services (CSS) daemon, ocssd
, is required, run the following command as the user which installed the Oracle home:
> /etc/init.d/init.cssd start
Start Oracle Application Server processes on this new active node. In this case, you need to start up the OracleAS Metadata Repository and the Oracle Identity Management processes:
Start the OracleAS Metadata Repository database:
> ORACLE_HOME/bin/sqlplus /nolog SQL> connect SYS as SYSDBA SQL> startup
Start the OracleAS Metadata Repository database listener.
> ORACLE_HOME/bin/lsnrctl start
Start Oracle Identity Management processes on this new active node.
> ORACLE_HOME/opmn/bin/opmnctl startall
The steps are described in Section 8.6.3, "Manual Steps for Failover on Windows Systems".
The following shows the steps to failover from the active node to the standby node on Linux systems.
Steps to Perform on the Failed Node
Make sure all processes belonging to the OracleAS Cold Failover Cluster (Infrastructure) instance on the failed node are down.
Login as root.
Use the following command to stop the Oracle Cluster Synchronization Services (CSS) daemon, ocssd
, if it is running:
# /etc/init.d/init.cssd stop
Follow the steps in "Steps to Perform on the Failed Node" (in Section 8.6.4, "Manual Steps for Failover on Linux Systems").
On the new active node:
Steps to Perform on the New Active Node
Follow the steps in "Steps to Perform on the New Active Node" (in Section 8.6.4, "Manual Steps for Failover on Linux Systems").
If the Oracle Cluster Synchronization Services (CSS) daemon, ocssd
, is required, run the following command as the user that installed the Oracle home:
> /etc/init.d/init.cssd start
Start all OracleAS Infrastructure processes on this new active node with the following commands:
Set the ORACLE_HOME
environment variable to the OracleAS Infrastructure's Oracle home.
Set the ORACLE_SID
environment variable to the OracleAS Metadata Repository's system identifier.
Start the OracleAS Metadata Repository database:
> ORACLE_HOME/bin/sqlplus /nolog SQL> connect SYS as SYSDBA SQL> startup
Start the OracleAS Infrastructure database listener.
> ORACLE_HOME/bin/lsnrctl start
Start OPMN and all OPMN-managed processes using the following command:
> ORACLE_HOME/opmn/bin/opmnctl startall
Start the Application Server Control Console:
> ORACLE_HOME/bin/emctl start iasconsole
Use the following steps to start up the OracleAS Infrastructure components in an OracleAS Cold Failover Cluster (Infrastructure):
As root, enable volume management software and mount the file system if necessary.
Set the ORACLE_HOME
environment variable to the OracleAS Infrastructure's Oracle home.
Set the ORACLE_SID
environment variable to the OracleAS Metadata Repository database's system identifier.
Set the PATH
environment variable to include the OracleAS Infrastructure's ORACLE_HOME/bin
directory.
On Windows, you can use the following command to set the PATH
:
set PATH=%ORACLE_HOME%\bin;%PATH%
Note: Specify the path of the Oracle home as the first entry in thePATH environment variable if you have several Oracle homes installed on the computer. Also, ensure that the full paths of the executables you use are specified.
|
Start the OracleAS Metadata Repository database listener.
> ORACLE_HOME/bin/lsnrctl start
Start the OracleAS Metadata Repository database:
On UNIX systems:
> $ORACLE_HOME/bin/sqlplus /nolog SQL> connect SYS as SYSDBA SQL> startup
On Windows systems:
> %ORACLE_HOME%\bin\sqlplus /nolog SQL> connect SYS as SYSDBA SQL> startup
Start OPMN and all OPMN-managed processes.
> ORACLE_HOME/opmn/bin/opmnctl startall
Start the Application Server Control Console:
> ORACLE_HOME/bin/emctl start iasconsole
Use the following steps to stop the OracleAS Infrastructure in an OracleAS Cold Failover Cluster:
Set the ORACLE_HOME
environment variable to the Infrastructure's Oracle home.
Set the ORACLE_SID
environment variable to the metadata repository's system identifier.
Stop the Application Server Control Console.
> ORACLE_HOME/bin/emctl stop iasconsole
Stop OPMN and all OPMN-managed processes for each OracleAS instance locally.
To shut down the OPMN daemon and all OPMN-managed processes:
> ORACLE_HOME/opmn/bin/opmnctl stopall
Stop the OracleAS Metadata Repository database:
On UNIX systems:
> $ORACLE_HOME/bin/sqlplus /nolog SQL> connect SYS as SYSDBA SQL> shutdown
On Windows systems:
> %ORACLE_HOME%\bin\sqlplus /nolog SQL> connect SYS as SYSDBA SQL> shutdown
Stop the OracleAS Infrastructure database listener.
> ORACLE_HOME/bin/lsnrctl stop
The next two steps are required only if you are stopping on the current node to fail over to the other node. Otherwise it is not a mandatory part of the stop process.
You can use the Application Server Control Console to manage OracleAS Cold Failover Cluster (Infrastructure). Figure 9-4 shows a sample screen.
In the URL for the Application Server Control Console, you use the virtual hostname instead of the physical hostname.
Figure 9-4 Application Server Control Console with OracleAS Cold Failover Cluster (Infrastructure)
In an OracleAS Cold Failover Cluster (Infrastructure), OracleAS Metadata Repository and Oracle Identity Management are installed together in the same Oracle home on the shared storage. To change the configuration for OracleAS Cold Failover Cluster (Infrastructure), you use the standard OracleAS Infrastructure administration techniques described in the Oracle Application Server Administrator's Guide.
The Oracle Application Server Installation Guide for your platform cover the instructions for configuring the virtual IPs for a OracleAS Cold Failover Cluster (Infrastructure):
If you are running UNIX platforms, see section 11.2.2, "Map the Virtual Hostname and Virtual IP Address" in the Oracle Application Server Installation Guide for your platform
If you are running on Microsoft Windows, see section 11.2.2, "Get a Virtual Address for the Cluster" in the Oracle Application Server Installation Guide for Microsoft Windows
For backing up OracleAS Cold Failover Cluster environments and recovering these backups during failures, use the backup and recovery procedures provided in the Oracle Application Server Administrator's Guide.
Additionally, the following considerations should be noted:
Backup considerations:
Oracle recommends that you place archive logs for the OracleAS Metadata Repository on the shared disk. This ensures that, when failing over from one cluster node to another in the case of media recovery, the archive logs are also failed over and available.
You can generate archive logs to a local file system; however, the same path must be available during runtime on whichever node is hosting the OracleAS Infrastructure instance.
Proper capacity planning is required in order to ensure adequate space is available to store the desired number of archive logs.
Recovery considerations:
If archive logs are stored on a local file system, in the case of media recovery, all archive logs must be made available to the application server instance performing the recovery. Recovery can be performed on either node of the cluster.
In a distributed OracleAS Cold Failover Cluster (Infrastructure) (see Figure 9-5), you distribute the Oracle Identity Management components to create a more secure environment. You deploy OracleAS Single Sign-On and Oracle Delegated Administration Services separately from the other OracleAS Infrastructure components.
Typically, you run OracleAS Single Sign-On and Oracle Delegated Administration Services between two firewalls (in a DMZ), and Oracle Internet Directory and OracleAS Metadata Repository behind the inner firewall, as shown in Figure 9-5. The figure also shows Oracle Application Server middle tiers running on the same nodes as OracleAS Single Sign-On and Oracle Delegated Administration Services.
Clients from outside the first firewall can access OracleAS Single Sign-On and Oracle Delegated Administration Services. The second firewall prevents clients from accessing the OracleAS Metadata Repository and Oracle Internet Directory directly.
To access Oracle Internet Directory in the other tier, OracleAS Single Sign-On and Oracle Delegated Administration Services use the virtual hostname (oidmr.mydomain.com
in Figure 9-5).
Figure 9-5 Distributed OracleAS Cold Failover Cluster (Infrastructure)
Table 9-3 lists the tiers in this topology:
Table 9-3 Tiers in a Distributed OracleAS Cold Failover Cluster (Infrastructure)
Tier | Configuration | For Information on Managing This Tier, See: |
---|---|---|
OracleAS Metadata Repository + all Oracle Identity Management components except OracleAS Single Sign-On and Oracle Delegated Administration Services |
Active-Passive |
Section 9.3.4, "Runtime for the OracleAS Metadata Repository / Oracle Internet Directory Tier" |
OracleAS Single Sign-On and Oracle Delegated Administration Services |
Active-active or active-passive |
- or - |
In this topology, you can run OracleAS Single Sign-On and Oracle Delegated Administration Services in an active-active configuration or active-passive configuration. If you run them in an active-active configuration, you need an external load balancer with the following features:
virtual server name and port configuration
death detection
persistence configuration for HTTP URLs
See Section 2.2.4.2, "External Load Balancers" for details on these features.
The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:
You need to configure the virtual server name on the load balancer before you run the installer.
On Windows, you have to install Oracle Fail Safe on the local storage of each of the OracleAS Cold Failover Cluster (Infrastructure) nodes, that is, the nodes that are running OracleAS Metadata Repository and Oracle Internet Directory.
You install the components in the following order:
Install OracleAS Metadata Repository, Oracle Internet Directory, and Oracle Directory Integration and Provisioning on the shared disk. During installation, you need to enter the virtual hostname configured for the hardware cluster.
Install OracleAS Single Sign-On and Oracle Delegated Administration Services. You can install and run these components in an active-active or active-passive configuration. The installation procedure depends on the configuration that you want.
You deploy the following OracleAS Infrastructure components in an OracleAS Cold Failover Cluster:
OracleAS Metadata Repository
Oracle Internet Directory
Oracle Directory Integration and Provisioning
In an OracleAS Cold Failover Cluster, you have one active node and one passive node ("active-passive" configuration), and a virtual hostname and virtual IP address for the cluster.
Only one node of the hardware cluster is active at any time. The virtual hostname (oidmr.mydomain.com
) points to the active node. The shared storage is mounted only on the active node.
To access the components running in this tier, clients use the virtual hostname. For example, to access the OracleAS Metadata Repository or Oracle Internet Directory, you use the virtual hostname (oidmr.mydomain.com
).
OPMN runs on this tier to manage the Oracle Internet Directory processes.
If the active tier fails, the clusterware fails over the OracleAS Metadata Repository, Oracle Internet Directory, Application Server Control, and OPMN processes to the standby node.
The clusterware also mounts the shared storage on the new active node and associates the virtual hostname and virtual IP address with the new active node.
Failover from the active node to the passive node occurs at the node level. All the components running on the active node (Oracle Internet Directory, Oracle Directory Integration and Provisioning, and OracleAS Metadata Repository) fail over together to the passive node.
On Windows, Oracle Fail Safe performs the failover.
To start up the processes on the different tiers, you have to start them up in the following order:
On the active node in the OracleAS Metadata Repository and Oracle Internet Directory tier:
Start up the OracleAS Metadata Repository.
Start up the Oracle Internet Directory and other processes.
Start up Application Server Control.
Start up the OracleAS Single Sign-On and Oracle Delegated Administration Services components on each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier. Section 8.9.4, "Starting OracleAS Single Sign-On / Oracle Delegated Administration Services" lists the start commands.
To stop the processes on the different tiers, you stop them in the following order:
Stop the processes on each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier. Section 8.9.5, "Stopping OracleAS Single Sign-On / Oracle Delegated Administration Services" lists the stop commands.
On the active node in the OracleAS Metadata Repository and Oracle Internet Directory tier:
Stop Oracle Internet Directory and other processes.
Stop the OracleAS Metadata Repository.
Stop Application Server Control.
You can use Application Server Control to manage the components in a distributed OracleAS Cold Failover Cluster (Infrastructure).
For the OracleAS Metadata Repository and Oracle Internet Directory nodes, you use the virtual hostname in the Application Server Control URL, for example: http://oidmr.mydomain.com:1156
(assuming Application Server Control is running on port 1156).
For the OracleAS Single Sign-On and Oracle Delegated Administration Services nodes, you use the physical hostname of either node in the Application Server Control URL, for example, http://sso1.mydomain.com:1156
or http://sso2.mydomain.com:1156
.
Typically, OPMN monitors Oracle Application Server processes for you, so you do not have to monitor them yourself. However, if you want to monitor them manually, you can use Application Server Control or commands to monitor the status of OracleAS Infrastructure components running on all the nodes.
See Section 7.4, "Checking the Status of OracleAS Metadata Repository" and Section 8.11, "Checking the Status of Oracle Identity Management Components" for a list of commands that you can run. Make sure you run the commands on the appropriate node. For example, to check on Oracle Internet Directory, run the command on the OracleAS Metadata Repository and Oracle Internet Directory node.
See Section 9.2.10, "Backup and Recovery Procedure" for some backup and recovery guidelines.
In an OracleAS Cold Failover Cluster (Identity Management) (see Figure 9-6), you install and run the Oracle Identity Management components in an OracleAS Cold Failover Cluster. For the OracleAS Metadata Repository, you install it in an existing database using the OracleAS Metadata Repository Creation Assistant. This database should be a high availability database, such as a Real Application Clusters database or a cold failover cluster database. Figure 9-6 shows a cold failover cluster database in the topology.
You need a virtual hostname and virtual IP address for the nodes running the Oracle Identity Management components. Clients, including middle tiers, use the virtual hostname to access the Oracle Identity Management components.
If You Are Using a Cold Failover Cluster Database
If you are using a cold failover cluster database, you can install and run Oracle Identity Management on the same nodes as the database. You can also make each node an active node: one node can be the active node for the Oracle Identity Management components, and the other node can be the active node for the database. For example, in Figure 9-6, Node 1 is the active node for Oracle Identity Management, but Node 2 is the active node for the database containing the OracleAS Metadata Repository. This enables you to use both nodes at the same time. If one node fails, then processes running on that node are failed over to the other node, and that node runs all the processes (database and Oracle Identity Management).
To do this, you need to set up separate virtual hostnames and virtual IP addresses for Oracle Identity Management and the database because they point to different active nodes. In Figure 9-6, the virtual hostname for Oracle Identity Management, im.mydomain.com
, points to Node 1, but the virtual hostname for the database, mr.mydomain.com
, points to Node 2.
Figure 9-6 OracleAS Cold Failover Cluster (Identity Management)
Table 9-4 lists the tiers in this topology:
Table 9-4 Tiers in an OracleAS Cold Failover Cluster (Identity Management)
Tier | Configuration | For Information on Managing This Tier, See: |
---|---|---|
OracleAS Metadata Repository |
Installed in an existing database |
Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository" |
Oracle Identity Management components |
Active-Passive |
Section 8.6, "All Oracle Identity Management Components in Active-Passive Configurations" |
The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:
On Windows, you have to install Oracle Fail Safe on the local storage of each node running Oracle Identity Management.
You install the components in the following order:
Install OracleAS Metadata Repository in your existing high availability database using OracleAS Metadata Repository Creation Assistant.
Install Oracle Identity Management on the shared disk. During installation, you enter the virtual hostname configured for the Oracle Identity Management components.
Middle-tier components and applications access Oracle Identity Management services by making LDAP requests to Oracle Internet Directory, and HTTP/HTTPS requests to OracleAS Single Sign-On or Oracle Delegated Administration Services.
Clients can perform single sign-on by making direct HTTP/HTTPS requests to OracleAS Single Sign-On server using the single sign-on URL. This URL uses the virtual hostname configured for Oracle Identity Management.
OracleAS Single Sign-On establishes connection pools to access the OracleAS Metadata Repository database. A connection in the pool uses Oracle Net to communicate with the active database instance(s). Oracle Net is also used by middle-tier components and Oracle Internet Directory to connect to the database.
If the node on which the Oracle Identity Management components are running fails, the components fail over to the other node. The virtual hostname and IP also switch to point to the new active node.
If You Are Running a Cold Failover Cluster Database
If you are running a cold failover cluster database and are using one node as the active node for the database and the other node as the active node for Oracle Identity Management (for example, Node 1 is the active node for Oracle Identity Management, and Node 2 is the active node for the database), then the newly active node now runs all the processes. Both virtual hostnames now point to the new active node.
To start up the processes, you have to start them up in the following order:
Start up the OracleAS Metadata Repository database.
Start up the Oracle Identity Management components.
Start up Application Server Control.
To stop the processes, you stop them in the following order:
Stop the Oracle Identity Management components.
Stop Application Server Control.
Stop the OracleAS Metadata Repository database.
You can use Application Server Control to manage the Oracle Identity Management components in an OracleAS Cold Failover Cluster (Identity Management).
For the Application Server Control URL, you use the virtual hostname, for example: http://im.mydomain.com:1156
(assuming Application Server Control is running on port 1156).
This topology is similar to the one described in Section 9.4, "OracleAS Cold Failover Cluster (Identity Management) Topology" except that you install and run OracleAS Single Sign-On and Oracle Delegated Administration Services on one set of nodes, and Oracle Internet Directory on another set of nodes.
You run the OracleAS Single Sign-On and Oracle Delegated Administration Services nodes in an active-active configuration, which means that you place a load balancer in front of these nodes. The load balancer directs requests to these nodes.
For the Oracle Internet Directory nodes, you run them in an active-passive configuration. If you have an existing cold failover cluster database, you can install Oracle Internet Directory on the same nodes as the database.
For the OracleAS Metadata Repository, you can install it, using OracleAS Metadata Repository Creation Assistant, in an existing Real Application Clusters database for active-active availability or in a cold failover cluster database for active-passive availability.
You might choose this topology to create a more secure configuration. This topology enables you to run OracleAS Single Sign-On and Oracle Delegated Administration Services in the DMZ, and Oracle Internet Directory and the OracleAS Metadata Repository database in your intranet behind the DMZ.
Figure 9-7 shows a distributed OracleAS Cold Failover Cluster (Identity Management). The OracleAS Metadata Repository is installed in an existing cold failover cluster database. Oracle Internet Directory is installed on the same nodes as the cold failover cluster database.
If you install Oracle Internet Directory on the same cluster as the cold failover database, you need separate virtual hostnames and virtual IP addresses for the database and for Oracle Internet Directory.
Figure 9-7 Distributed OracleAS Cold Failover Cluster (Identity Management)
Table 9-5 lists the tiers in this topology:
Table 9-5 Tiers in a Distributed OracleAS Cold Failover Cluster (Identity Management)
Tier | Configuration | For Information on Managing This Tier, See: |
---|---|---|
OracleAS Metadata Repository |
Installed in an existing database |
Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository" |
Oracle Internet Directory and Oracle Directory Integration and Provisioning components |
Active-Passive |
|
OracleAS Single Sign-On and Oracle Delegated Administration Services components |
Active-Active |
|
The OracleAS Single Sign-On and Oracle Delegated Administration Services tier uses an external load balancer. This external load balancer should have the following features:
virtual server name and port configuration
death detection
persistence configuration for HTTP URLs
If you are using the same external load balancer for middle tiers, you may need additional features depending on which middle tier components you are running.
See Section 2.2.4.2, "External Load Balancers" for details on these features.
The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:
On Windows, you also have to install Oracle Fail Safe on the local storage of each node running Oracle Internet Directory.
You install the components in the following order:
Install OracleAS Metadata Repository in your existing database using OracleAS Metadata Repository Creation Assistant.
Install Oracle Internet Directory on the shared disk. During installation, you need to enter the virtual hostname configured for Oracle Internet Directory.
Install OracleAS Single Sign-On and Oracle Delegated Administration Services on the local disk of each node. During installation, you need to enter the virtual server name configured on the load balancer for HTTP traffic.
If You Are Running a Cold Failover Cluster Database
If you are running a cold failover cluster database and are using one node as the active node for the database and the other node as the active node for Oracle Internet Directory (for example, Node 1 is the active node for Oracle Internet Directory, and Node 1 is the active node for the database), then the newly active node now runs all the processes. Both virtual hostnames now point to the new active node.
You start the processes in the following order:
Start up the OracleAS Metadata Repository database.
On the active node for Oracle Internet Directory:
Start up Oracle Internet Directory.
Start up Application Server Control.
On each node running OracleAS Single Sign-On and Oracle Delegated Administration Services:
Start up OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.
Start up Application Server Control.
You stop the processes in the following order:
On each node running OracleAS Single Sign-On and Oracle Delegated Administration Services:
Stop OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.
Stop Application Server Control.
On the active node for Oracle Internet Directory:
Stop Oracle Internet Directory.
Stop Application Server Control.
Stop the OracleAS Metadata Repository database.
For Oracle Internet Directory, you can use Application Server Control to manage it. For the Application Server Control URL, you use the virtual hostname, for example: http://oid.mydomain.com:1156
(assuming Application Server Control is running on port 1156).
You can also use Application Server Control to manage OracleAS Single Sign-On and Oracle Delegated Administration Services. In this case, use the physical hostname for the Application Server Control URL.
In an OracleAS Cluster (Identity Management) (see Figure 9-8), you run Oracle Identity Management components (Oracle Internet Directory, OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle Directory Integration and Provisioning) on two or more nodes. Each node runs all of the Oracle Identity Management components mentioned above. A load balancer manages traffic to these nodes.
OracleAS Certificate Authority Not Supported
OracleAS Certificate Authority is not supported in an OracleAS Cluster (Identity Management). You can install and run OracleAS Certificate Authority separately.
Figure 9-8 OracleAS Cluster (Identity Management)
The nodes running the Oracle Identity Management components should be functionally equivalent.
These nodes provide active-active availability for Oracle Identity Management services. OracleAS Single Sign-On and Oracle Delegated Administration Services run on a single OC4J_SECURITY
instance in each Oracle home. Oracle Internet Directory also runs on each node.
You configure the load balancer with three virtual server names, as shown in Figure 9-8:
one for OracleAS Single Sign-On. Clients use this virtual server name to access OracleAS Single Sign-On.
one for Oracle Internet Directory. LDAP and JNDI requests from middle tiers and OracleAS Single Sign-On use this virtual server name to access Oracle Internet Directory.
one for the middle tiers. Clients use this virtual server name to access the middle tiers.
OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle Internet Directory access the OracleAS Metadata Repository database instances through Oracle Net load balancing. Note that OracleAS Single Sign-On establishes connection pools to access the database. A connection in the pool can be to any of the database instances in the Real Application Clusters.
The following list includes important guidelines for managing an OracleAS Cluster (Identity Management) environment:
The port number used by the directory servers must be the same on all the nodes. Use of staticports feature to enforce this is strongly recommended. Even the LDAP ports configured in the LDAP virtual server on the load balancer should be the same as the LDAP ports configured on all the physical Oracle Internet Directory nodes.
The time value on all nodes should be synchronized using Greenwich Mean Time so that there is a discrepancy of no more than 250 seconds between them.
If you change the password to the Oracle Internet Directory-designated database, then you must update each of the other nodes in the OracleAS Cluster (Identity Management) environment.
In a Windows environment, make sure that Microsoft Cluster service is running.
For information on Oracle Internet Directory in OracleAS Cluster (Identity Management) environment, see these sections:
Table 9-6 lists the tiers in this topology:
Table 9-6 Tiers in an OracleAS Cluster (Identity Management)
Tier | Configuration | For Information on Managing This Tier, See: |
---|---|---|
OracleAS Metadata Repository |
Installed in an existing database |
Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository" |
Oracle Identity Management components |
Active-Active |
Section 8.5, "All Oracle Identity Management Components in Active-Active Configurations" |
The Oracle Identity Management tier uses an external load balancer. This external load balancer should have the following features:
virtual server name and port configuration
death detection
persistence configuration for HTTP URLs
If you are using the same external load balancer for middle tiers, you may need additional features depending on which middle tier components you are running.
See Section 2.2.4.2, "External Load Balancers" for details on these features.
The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:
You need to configure the virtual server name on the load balancer before you run the installer.
You install the components in the following order:
Install OracleAS Metadata Repository on an existing database. This database should be a high availability database, such as a Real Application Clusters database or a cold failover cluster database.
Install Oracle Internet Directory, Oracle Directory Integration and Provisioning, OracleAS Single Sign-On, and Oracle Delegated Administration Services on each node. During installation, you enter the virtual server name configured on the external load balancer.
The nodes on this tier run an Oracle database configured for high availability (such as a Real Application Clusters database or a cold failover cluster database). You manage this database as you would any other Oracle database.
All the nodes on this tier are active. An external load balancer directs requests to these nodes. To access the components running on these nodes, clients use the appropriate virtual server name configured on the load balancer. For example, clients trying to access OracleAS Single Sign-On or Oracle Delegated Administration Services use the virtual server name for the HTTP protocol, while clients trying to access Oracle Internet Directory use the virtual server name for the LDAP protocol.
OPMN also runs on each node in this tier. If an OPMN-managed component fails, OPMN tries to restart it.
OPMN runs on each node to provide process management, monitoring, and notification services for the OC4J_SECURITY
instances, Oracle HTTP Server, and oidmon
processes. If any of these processes fails, OPMN detects the failure and attempts to restart it. If the restart is unsuccessful, the load balancer detects the failure (usually through a non-response timeout) and directs requests to an active process running on another node in the OracleAS Cluster (Identity Management).
oidmon
monitors the oidldapd
, oidrepld
, and odisrv
Oracle Internet Directory processes, while OPMN monitors oidmon
. If oidldapd
, oidrepld
, or odisrv
fails, oidmon
attempts to restart it locally. Similarly, if oidmon
fails, OPMN tries to restart it locally. Only one odisrv
process and one oidrepld
process can be active at any time in an OracleAS Cluster (Identity Management) while multiple oidldapd
processes can run in the same cluster. See the Oracle Internet Directory Administrator's Guide for details.
If a node fails, the load balancer detects the failure and redirects requests to a remaining active node. Because each node provides identical services as the others, all requests can be fulfilled by the remaining nodes.
For information on Oracle Internet Directory in OracleAS Cluster (Identity Management) and how directory replication can provide high availability, see Chapter 12, "Deploying Identity Management with Multimaster Replication".
If you installed the OracleAS Metadata Repository in an existing Real Application Clusters database, node failures are managed by Oracle Net and Real Application Clusters. Oracle Net redirects requests to remaining active database instances if any of the other database instances fail.
If you installed the OracleAS Metadata Repository in a cold failover cluster database, node failure is performed by switching the virtual hostname and IP to the standby node and starting the database processes on that node. Section 7.1.5, "Failing Over a Cold Failover Cluster Database" provides instructions on how to accomplish these tasks.
To start up the processes on the different tiers, you have to start them up in the following order:
Start up the OracleAS Metadata Repository database.
On each node in the OracleAS Cluster (Identity Management), start up the Oracle Identity Management components.
Start up Application Server Control.
To stop the processes on the different tiers, you have to stop them in the following order:
On each node in the OracleAS Cluster (Identity Management), stop the Oracle Identity Management components.
Stop the OracleAS Metadata Repository database.
Stop Application Server Control.
You can use Application Server Control to manage the Oracle Identity Management components in an OracleAS Cluster (Identity Management). For the OracleAS Metadata Repository, you manage the database using database management tools, such as Enterprise Manager.
For the OracleAS Cluster (Identity Management) nodes, you use the physical hostname in the Application Server Control URL, for example: http://im1.mydomain.com:1156
(assuming Application Server Control is running on port 1156).
This is a variation of the OracleAS Cluster (Identity Management) Topology. Instead of running all the Oracle Identity Management components on each of the OracleAS Cluster (Identity Management) nodes, you separate out OracleAS Single Sign-On and Oracle Delegated Administration Services to run on another set of OracleAS Cluster (Identity Management) nodes. See Figure 9-9.
The advantage of this topology is that you can deploy the nodes running OracleAS Single Sign-On and Oracle Delegated Administration Services in the DMZ, and deploy Oracle Internet Directory inside your intranet, protected by the firewalls (as shown in Figure 9-9).
This topology provides flexibility in placing your components. In this topology:
You install the OracleAS Metadata Repository in an existing database.
Oracle Internet Directory runs on active-active nodes. Typically these nodes are in the same tier as the database.
OracleAS Single Sign-On and Oracle Delegated Administration Services are in an OracleAS Cluster (Identity Management). This means that they are configured identically on all nodes. For example, if you have two nodes, all OracleAS Single Sign-On instances running on both nodes have the same configuration, and all Oracle Delegated Administration Services instances have the same configuration.
The nodes running OracleAS Single Sign-On and Oracle Delegated Administration Services are active-active nodes. These nodes are placed in the DMZ.
These nodes are fronted by a load balancer that directs requests to them. Oracle Application Server middle tier and clients access OracleAS Single Sign-On and Oracle Delegated Administration Services using the virtual server name configured on this load balancer.
You can also install Oracle Application Server middle tiers on the OracleAS Single Sign-On and Oracle Delegated Administration Services nodes, if you like.
OracleAS Certificate Authority Not Supported
OracleAS Certificate Authority is not supported in an OracleAS Cluster (Identity Management). You can install and run OracleAS Certificate Authority separately.
Figure 9-9 Distributed OracleAS Cluster (Identity Management)
Table 9-7 lists the tiers in this topology:
Table 9-7 Tiers in an OracleAS Cluster (Identity Management)
Tier | Configuration | For Information on Managing This Tier, See: |
---|---|---|
OracleAS Metadata Repository |
Installed in an existing database |
Chapter 7, "OracleAS Infrastructure: High Availability for OracleAS Metadata Repository" |
Oracle Internet Directory and Oracle Directory Integration and Provisioning |
Active-Active |
|
OracleAS Single Sign-On and Oracle Delegated Administration Services |
Active-Active |
|
The Oracle Identity Management tier uses an external load balancer. This external load balancer should have the following features:
virtual server name and port configuration
death detection
persistence configuration for HTTP URLs
If you are using the same external load balancer for middle tiers, you may need additional features depending on which middle tier components you are running.
See Section 2.2.4.2, "External Load Balancers" for details on these features.
The Oracle Application Server Installation Guide contains details on how to install this topology. Some highlights:
You need to configure the virtual server name on the load balancer before you run the installer.
You install the components in the following order:
Install OracleAS Metadata Repository on an existing database. This database should be a high availability database, such as a Real Application Clusters database or a cold failover cluster database.
Install Oracle Internet Directory and Oracle Directory Integration and Provisioning on each node separately. During installation, you enter the virtual server name configured on the load balancer.
Install OracleAS Single Sign-On and Oracle Delegated Administration Services on each node separately. During installation, you enter the virtual server name configured on the load balancer.
The nodes on this tier run an Oracle database configured for high availability (such as a Real Application Clusters database or a cold failover cluster database). You manage this database as you would any other Oracle database.
All the nodes on this tier are active. A load balancer directs requests to these nodes. To access Oracle Internet Directory, clients use the virtual server name for the LDAP protocol.
OPMN also runs on each node in this tier to monitor the oidmon process, which in turn monitors the Oracle Internet Directory processes. If oidmon fails, OPMN tries to restart it. If an Oracle Internet Directory process fails, oidmon tries to start it up.
All the nodes on this tier are active. A load balancer directs traffic to these nodes. Clients send requests to OracleAS Single Sign-On and Oracle Delegated Administration Services using the load balancer's HTTP virtual server name (sso.mydomain.com
in Figure 9-9).
OracleAS Single Sign-On and Oracle Delegated Administration Services run in the OC4J_SECURITY instance on each node.
OPMN runs on each nodes to monitor Oracle HTTP Server and OC4J processes, including OC4J_SECURITY. If these processes go down, OPMN tries to restart them. If restart fails, the load balancer detects that the instance is not running on a node and directs requests to instances running on other nodes.
OPMN runs on each node to provide process management, monitoring, and notification services for the OC4J_SECURITY
instances, Oracle HTTP Server, and oidmon
processes. If any of these processes fails, OPMN detects the failure and attempts to restart it. If the restart is unsuccessful, the load balancer detects the failure (usually through a non-response timeout) and directs requests to an active process running on another node in the OracleAS Cluster (Identity Management).
If a node fails, the load balancer detects the failure and redirects requests to a remaining active node. Because each node provides identical services as the others, all requests can be fulfilled by the remaining nodes.
For information on Oracle Internet Directory in OracleAS Cluster (Identity Management) and how directory replication can provide high availability, see Chapter 12, "Deploying Identity Management with Multimaster Replication".
If you installed the OracleAS Metadata Repository in an existing Real Application Clusters database, node failures are managed by Oracle Net and Real Application Clusters. Oracle Net redirects requests to remaining active database instances if any of the other database instances fail.
If you installed the OracleAS Metadata Repository in a cold failover cluster database, node failure is performed by switching the virtual hostname and IP to the standby node and starting the database processes on that node. Section 7.1.5, "Failing Over a Cold Failover Cluster Database" provides instructions on how to accomplish these tasks.
Start up the processes on the different tiers in the following order:
Start up the OracleAS Metadata Repository database.
On each node in the Oracle Internet Directory tier:
Start up Oracle Internet Directory.
Start up Application Server Control.
On each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier:
Start up OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.
Start up Application Server Control.
Stop the processes on the different tiers in the following order:
On each node in the OracleAS Single Sign-On and Oracle Delegated Administration Services tier:
Stop OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle HTTP Server.
Stop Application Server Control.
On each node in the Oracle Internet Directory tier:
Stop Oracle Internet Directory.
Stop Application Server Control.
Stop the OracleAS Metadata Repository database.
You can use Application Server Control to manage the Oracle Identity Management components in a distributed OracleAS Cluster (Identity Management). For the OracleAS Metadata Repository, you manage the database using database management tools, such as Enterprise Manager.
For the OracleAS Single Sign-On/Oracle Delegated Administration Services nodes, you use the physical hostname in the Application Server Control URL, for example: http://sso1.mydomain.com:1156
(assuming Application Server Control is running on port 1156).
In this topology, a middle tier runs in a cold failover configuration on the same nodes as the OracleAS Cold Failover Cluster (Infrastructure). The middle tier is in an OracleAS Cold Failover Cluster (Middle-Tier) configuration.
The OracleAS Cold Failover Cluster (Infrastructure) and OracleAS Cold Failover Cluster (Middle-Tier) have separate virtual hostnames mapping to separate virtual IPs. This enables the OracleAS Infrastructure and middle tier to fail over independently of each other.
In Figure 9-10, the OracleAS Infrastructure is active on Node 1, while the middle tier is active on Node 2. If Node 2 fails, the middle tier fails over to Node 1. If Node 1 fails, the OracleAS Infrastructure fails over to Node 2. By having the OracleAS Infrastructure active on one node and the middle tier active on the other node during normal operation, you are using resources efficiently as both nodes are performing work and no node is idle. This topology also provides high performance isolation because the middle tier and the OracleAS Infrastructure services run on separate environments.
See the Oracle Application Server Installation Guide for instructions on installing such a topology.
Figure 9-10 OracleAS Cold Failover Cluster (Middle-Tier) on the Same Nodes as OracleAS Cold Failover Cluster (Infrastructure)