| Oracle® Collaboration Suite Deployment Guide 10g Release 1 (10.1.2) Part Number B25492-04 |
|
|
View PDF |
| Oracle® Collaboration Suite Deployment Guide 10g Release 1 (10.1.2) Part Number B25492-04 |
|
|
View PDF |
This chapter provides an overview of the Oracle Collaboration Suite architecture in the following topics:
The Oracle Collaboration Suite Deployment Guide provides an understanding of the Oracle Collaboration Suite architecture, deployment planning issues, and deployment configuration examples. It also provides deployment information for individual Oracle Collaboration Suite applications. The information in this guide helps you to evaluate the network of your organization and architectural requirements based on considerations—such as traffic size, reliability, scalability, and security—and to optimally deploy Oracle Collaboration Suite. For this reason, Oracle encourages you to read this guide before installing and administering Oracle Collaboration Suite.
The Oracle Collaboration Suite architecture is built on Oracle Collaboration Suite Infrastructure and Oracle Collaboration Suite Applications. Oracle Collaboration Suite Infrastructure is deployed on the Infrastructure tier and Oracle Collaboration Suite Applications is deployed on the Applications tier. The following figure provides an overview of the Oracle Collaboration Suite architecture:
Figure 1-1 Oracle Collaboration Suite Architecture
|
Note: You can deploy the Identity Management binaries and schemas on different homes if required. |
Since the Infrastructure tier is the base tier for Oracle Collaboration Suite, it must be deployed before the Applications tier. The Infrastructure tier consists of the components that provide services for the Applications tier, such as identity management and metadata storage. Components of the Infrastructure tier include Oracle Collaboration Suite Database and Oracle Internet Directory.
The Oracle Collaboration Suite database is an Oracle10g Relational Database Management System (RDBMS) that serves as the repository for the Oracle Collaboration Suite component schema information and Oracle Application Server Release 10.1.2.0.2 metadata repository. When the RDBMS is installed, its default version is 10.1.0.5. It is also possible to create an Oracle 10g Database and then install the Oracle Collaboration Suite component schema and Oracle Application Server Metadata Repository in this database. The processes in this tier are the database instance processes and the database listener.
Oracle Internet Directory is a general purpose directory service that stores security and management information for Oracle Application Server and Oracle Collaboration Suite instances, components, and Infrastructure. It provides authentication and a centralized user model, which enables the creation and management of users on an enterprise scale. It also enables fast retrieval and centralized management of information about dispersed users and network resources.
Oracle Internet Directory is a combination of Lightweight Directory Access Protocol Version 3 (LDAP v3) and Oracle 10g Database technology. As a result, it offers the extensibility and lightweight quality of LDAP v3 along with the high performance, security, scalability, robustness, and availability features of Oracle 10g Database.
Oracle Internet Directory Architecture
Oracle Internet Directory runs as an application on the Oracle Database 10g, which may be running on a different operating system. Oracle Internet Directory communicates with the database using Oracle Net Services, an operating system-independent database connectivity solution offered by Oracle.
Figure 1-2 Oracle Internet Directory Architecture
Oracle Internet Directory Components
Oracle Internet Directory comprises the following components:
Oracle directory server, which responds to client requests for information about people and resources using a multiple-tiered architecture directly over TCP/IP.
Oracle directory replication server, which replicates LDAP data on Oracle directory servers.
Directory administration tools are as follows:
Oracle Directory Manager, which simplifies directory administration through a Java-based graphical user interface.
A variety of command-line administration and data management tools that can be called by LDAP clients.
Directory server management tools within Oracle Enterprise Manager Application Server Control. These tools enable you to:
Monitor real-time events and statistics using a browser.
Collate statistical data in a new repository.
Oracle Internet Directory Software Developer Kit (SDK).
Oracle Internet Directory Benefits
Oracle Internet Directory provides scalability, high availability, security, and tight integration with the Oracle environment. These benefits are described in the following sections:
Oracle Internet Directory uses the Oracle 10g database to support large amounts of directory information. Oracle Internet Directory uses shared LDAP servers and database connection pooling to support thousands of concurrent clients in subsequent search response times.
Oracle Internet Directory also provides data management tools, such as Oracle Directory Manager, and a variety of command-line tools to manipulate large volumes of LDAP data.
Oracle Internet Directory takes advantage of the high availability of the Oracle 10g Database. The Oracle 10g Database securely stores directory information, fully employing the Database's backup capabilities. The Oracle 10g Database supports large datastores, heavy loads, and RAC, and can quickly recover from system failures.
Oracle Internet Directory offers secure and flexible access control. An administrator can grant or restrict access to a specific directory object or to an entire list of subdirectories. Moreover, Oracle Internet Directory implements three levels of user authentication—anonymous, password-based, and certificate-based—using Secure Socket Layer (SSL) Version 3 for authenticated access and data privacy.
By using the Oracle Directory Integration and Provisioning platform, Oracle Internet Directory provides a single point of integration among the following:
Oracle environment and other directories, such as Network Operating System (NOS) directories
Third party enterprise directories
Application-specific user repositories
Oracle Application Server Single Sign-On (OracleAS Single Sign-On) enables you to use a single user name and password to access all features, applications, and accounts of Oracle Collaboration Suite as well as those of other Web applications. By using the OracleAS Single Sign-On feature, you can access all Web applications for which you are authorized without having to re-enter a user name and password for each application.OracleAS Single Sign-On retrieves user information from Oracle Internet Directory.
Figure 1-3 Role of OracleAS Single Sign-On During User Authentication
OracleAS Single Sign-On Components
Oracle Application Server Single Sign-On server: The OracleAS Single Sign-On server enables you to log on securely to applications. It works with Oracle Application Server Database, Oracle HTTP Server, and OC4J server.
Partner applications: Following authentication by Oracle Application Server Single Sign-On, a partner application determines user application privileges within the application itself. Examples of partner applications include Oracle Application Server Portal, Oracle Application Server Discoverer, and the OracleAS Single Sign-On server itself.
External applications: External applications do not delegate authentication to the OracleAS Single Sign-On server. Instead, they display HTML login forms that prompt for application user names and passwords. Each external application may require a unique user name and password. Yahoo Mail is an example of an external application that uses HTML login forms.
mod_osso: This is an Oracle HTTP Server module that provides authentication to Oracle Application Server applications. It is an alternative to the OracleAS Single Sign-On SDK, used to integrate partner applications in earlier releases of OracleAS Single Sign-On. Located on the application server, mod_osso simplifies the authentication process by serving as the sole partner application to the OracleAS Single Sign-On server. In this way, mod_osso renders authentication transparent to Oracle Application Server applications. Also, the administrator for these applications is spared the burden of integrating them with the SDK.
In addition to the preceding components, Oracle Application Server Single Sign-On interacts with the following components for successful authentication of user credentials:
Oracle Internet Directory: This is the repository for all OracleAS Single Sign-On user accounts and passwords, administrative and non-administrative. The OracleAS Single Sign-On server authenticates users against their entry in the directory, while simultaneously retrieving user attributes from the directory that enables applications to validate the user.
Oracle Identity Management Infrastructure: Oracle Application Server Single Sign-On is just one link in an integrated infrastructure that also includes Oracle Internet Directory, Oracle Directory Integration and Provisioning, Oracle Delegated Administration Services, and Oracle Application Server Certificate Authority. Together, these components compose the Oracle Identity Management Infrastructure, which manages the security life cycle of users and other network entities in an efficient, cost-effective way.
For information about Delegated Administration Services (DAS), see "Identity Management Components" in Chapter 2 of Oracle Collaboration Suite Concepts Guide .
For information about Directory Integrated Provisioning (DIP), see "Identity Management Components" in Chapter 2 of Oracle Collaboration Suite Concepts Guide .
The Applications tier relies on the Infrastructure tier and includes the following applications:
Oracle Calendar
Oracle Content Services
Oracle Discussions
Oracle Mail
Oracle Mobile Collaboration
Oracle Real-Time Collaboration
Oracle Collaboration Suite Search
Oracle Voicemail & Fax
Oracle Workspaces
Users can access these services using a variety of methods including the Web, fax, voice, or phones, and PDAs over wireless networks.
The Applications tier provides the following services and protocols:
E-mail protocols
Simple Mail Transfer Protocol (SMTP). This protocol is used for transmitting e-mail across the Internet.
Post Office Protocol, version 3 (POP3). This protocol is used for the retrieval of e-mails. When you use POP3, all e-mail messages are downloaded onto your computer from the server and can be subsequently accessed offline. Once the e-mail messages are downloaded, they can only be accessed from the computer on which they are stored.
Internet Message Access Protocol, version 4 (IMAP4). This protocol is used to access e-mails from the mail server. By using IMAP, you can retrieve e-mails as well as manipulate e-mails on the server itself. Because the e-mails are on the server, they can be accessed from any computer.
File protocols
File Transfer Protocol (FTP). This protocol is used for transferring files from one computer to another. FTP is the most widely used protocol for uploading or downloading files to and from the Internet.
FTP Over SSL (FTPS). In addition to FTP, FTPS is supported. You can access Oracle Content Services using either implicit or explicit FTPS. Because FTPS does not send unencrypted passwords over the network, an FTP password is not necessary.
Hyptertext Transfer Protocol (HTTP). The Hypertext Transfer Protocol is used for Web browser-based access.
Web-based Distributed Authoring and Versioning (WebDAV). Comprising a set of extensions to Hypertext Transfer Protocol (HTTP), this protocol defines a standard for all authoring operations—such as editing and managing files—on a remote server.
Web protocols
Hypertext Transfer Protocol (HTTP). This protocol defines a set of rules for exchanging files across the Internet.
HTTP-Secure (HTTPS). HTTPS is the HTTP protocol implemented over a Secure Socket layer (SSL) or Transport Layer Security (TLS).
E-mail services, including Oracle Mail Web components/HTTP. Oracle Mail Web components enables users to access e-mail messages from any Web browser.
File services, including Oracle Files/HTTP. Oracle Content Services is designed as an enterprise file server replacement, with added content management features that enable users to collaborate more efficiently. (Oracle Files is the predecessor of Oracle Content Services.)
Calendar services
SyncML/HTTP. SyncML is the standard language that is used to enable synchronization of remote data and personal information between various devices and networks.
Oracle Calendar Access Protocol (OCAP). OCAP is the access protocol through which Oracle Calendar Application System (OCAS) sessions communicate with the Oracle Calendar server (OCAL) and through which desktop clients communicate with OCAL. OCAP connections must be fixed, persistent, and cannot be load balanced.
Wireless services, including Wireless/HTTP. Using wireless services, employees can access their e-mail and voicemail, manage their appointments, search the corporate directory, browse and fax shared online files from any mobile device with a browser, through speech from any telephone, or instantly by SMS.
Portal services, including Oracle10g Application Server Portal/HTTP. Oracle10g Application Server Portal enables companies to quickly build, administer, and deploy enterprise portals that are standards-driven, scalable, secure, and dynamic.
Oracle Collaboration Suite Search services, including Oracle UltraSearch and Oracle Collaboration Suite Content Search. Oracle Collaboration Suite Search offers a highly-configurable, all-in-one search solution across Oracle Mail, Oracle Calendar, and Oracle Content Services. Oracle Collaboration Suite Search can also search across HMTL pages that are accessible by Oracle UltraSearch. Oracle UltraSearch enables users to search a variety of content, including text and multimedia, across heterogeneous sources. Ultra Search includes a web interface, web crawling, and search administration facilities, as well as a programmable Java API, to provide a unified interface for enterprise and vertical portal search applications.
Web Cache. Web Cache monitors requests from a client and stores information that it retrieves from the server. On subsequent requests for the same information, the Web cache delivers the content from its memory rather than passing on the request to the server, improving access time and efficiency, and reducing traffic.
This section provides an overview of the different types of Oracle Collaboration Suite deployment configurations. Subsequent chapters provide more detailed guidelines. Deployment should always begin by configuring the Infrastructure tier. Once this process is complete, you can then configure the required applications on one or more Applications tiers.
The single-computer deployment is the simplest Oracle Collaboration Suite deployment configuration. It is generally used by small organizations, for testing and demonstration purposes, or pilot programs. Single-computer deployments may be cost effective for small organizations, however they provide no allowance for high availability since all components are stored on the same machine. Figure 1-3 illustrates the Oracle Collaboration Suite single box deployment.
In this figure, the Infrastructure tier and Applications tier components are all stored on the same computer. The Oracle 10g Database contains all of the Infrastructure tier components and acts as the mail server and file server. It also stores the identity management components including Oracle Internet Directory, Oracle Application Server Single Sign-On, and Delegated Administration Services. Applications include Oracle Calendar, Oracle Content Services, Oracle Discussions, Oracle Mail, Oracle Mobile Collaboration, Oracle Real-Time Collaboration, Oracle Collaboration Suite Search, and Oracle Workspaces.
The Infrastructure tier and Applications tier can be deployed on separate computers. This provides greater ease for maintenance and scalability but still places the infrastructure and applications components in a single point of failure. Figure 1-5 illustrates the Infrastructure tier and Applications tier deployed on separate computers.
Figure 1-5 Deployment with Infrastructure tier and Application Tier on Separate computers
Figure 1-5 illustrates the Infrastructure tier and Applications tier deployed on separate computers. The Infrastructure tier is on one computer that contains the Oracle Collaboration Suite database with Infrastructure tier components including the Oracle Collaboration Suite schemas, Identity Management binaries, and Oracle Application Server Metadata schemas.
The Applications tier is on another computer that contains Oracle Calendar, Oracle Content Services, Oracle Discussions, Oracle Mail, Oracle Mobile Collaboration, Oracle Real-Time Collaboration, Oracle Collaboration Suite Search, and Oracle Workspaces.
You can deploy the Infrastructure tier over several computers in which applications such as Oracle Calendar, Oracle Content Services, Oracle Mail, Oracle Real-Time Collaboration, and Oracle Workspaces each have their own dedicated database. This configuration improves performance and simplifies maintenance and administration. In this configuration, at least one computer must include the Oracle Collaboration Suite Database.
Figure 1-6 Deployment with Multiple Infrastructure Tier Computers
The preceding figure illustrates the Applications tier deployed on one computer and the Infrastructure tier deployed across six computers. In this figure, the Calendar database, Content Services database, Mail store, Oracle Collaboration Suite database with Infrastructure tier components, Real-Time Collaboration database, and Workspaces repository are each deployed on an individual computer on the Infrastructure tier.
All applications on the Applications tier run on the same computer and each communicates with the relevant repository on the Infrastructure tier and with the Oracle Collaboration Suite database accordingly:
Calendar database. Oracle Calendar, Oracle Mobile Collaboration, Oracle Collaboration Suite Search, and Oracle Workspaces access the Calendar database.
Content Services database. Oracle Content Services, Oracle Collaboration Suite Search, and Oracle Workspaces access the Content Services database.
Mail Store. Oracle Calendar, Oracle Discussions, Oracle Mail, Oracle Mobile Collaboration, Oracle Collaboration Suite Search, and Oracle Workspaces access the Mail store.
Oracle Collaboration Suite database. All applications access the Oracle Collaboration Suite Database.
Real-Time Collaboration repository. Oracle Real-Time Collaboration accesses the Real-Time Collaboration repository.
Workspaces repository. Oracle Workspaces access the Workspaces repository
You can deploy Oracle Collaboration Suite across multiple Applications tier computers using one of the options described in this section.
In a dedicated Applications tiers deployment, individual Oracle Collaboration Suite applications are each deployed on a dedicated computer.
Figure 1-7 Dedicated Application Tiers Deployment
The dedicated Applications tiers deployment provides greater flexibility for tuning specific server functions and enables you to scale by component. This is the preferred configuration if you wish to implement components in a phased approach, and your organization's budget permits a more resource-intensive deployment.
In a duplicated Applications tiers deployment, all Oracle Collaboration Suite applications are deployed together on a single machine that is duplicated as many times as required.
Figure 1-8 Duplicated Applications Tiers Deployment
The duplicated Applications tiers deployment simplifies Applications tier management by providing a uniform process for managing each computer. This deployment configuration also makes better use of Applications tier resources since all Applications tier computers can respond to changes in application demand that may occur throughout the day. For example, peak e-mail usage generally takes place at the start of the day while peak file usage is distributed throughout the latter parts of the day.
You can deploy both the Infrastructure tier and Applications tier across multiple computers. In addition to improving performance, ease of maintenance and administration, this configuration reduces the possibility that a single failure will take down all of Oracle Collaboration Suite. With this configuration, a failure on either tier may take down an application while the rest of Oracle Collaboration Suite remains operational. This should not be confused, however, with a high availability solution.
Figure 1-9 Deployment with Multiple Infrastructure Tier and Multiple Application Tier Computers
Figure 1-9 illustrates the Applications tier deployed on two computers and the Infrastructure tier deployed across six computers. In this figure, Oracle Calendar, Oracle Content Services, Oracle Discussions, and Oracle Mail run on one Applications tier computer while Oracle Mobile Collaboration, Oracle Real-Time Collaboration, Oracle Collaboration Suite Search, and Oracle Workspaces run on another Applications tier computer. The Calendar database, Content Services database, Mail store, Oracle Collaboration Suite database, Real-Time Collaboration database, and Workspaces repository are each deployed on an individual computer on the Infrastructure tier.
All applications on the Applications tier communicate with the relevant repository on the Infrastructure tier and with the Oracle Collaboration Suite database accordingly:
Calendar database. Oracle Calendar, Oracle Mobile Collaboration, Oracle Collaboration Suite Search, and Oracle Workspaces access the Calendar database.
Content Services database. Oracle Content Services, Oracle Collaboration Suite Search, and Oracle Workspaces access the Content Services database.
Mail Store. Oracle Calendar, Oracle Discussions, Oracle Mail, Oracle Mobile Collaboration, Oracle Collaboration Suite Search, and Oracle Workspaces access the Mail store.
Oracle Collaboration Suite database with Infrastructure tier components. All applications access the Oracle Collaboration Suite Database for identity management and metadata repository services.
Real-Time Collaboration repository. Oracle Real-Time Collaboration accesses the Real-Time Collaboration repository.
Workspaces repository. Oracle Workspaces access the Workspaces repository
The availability of a system or any component in that system is defined by the percentage of time that it works normally. For example, a system that works normally for twelve hours each day is 50% available. A system that has 99% availability is down 3.65 days each year on average. Critical systems may need to meet exceptionally high availability standards, and experience as little as four to five minutes of downtime each year. There are different strategies for making a system highly available, such as clustering. Figure 1-10 provides an example of a high availability deployment for Oracle Collaboration Suite hardware components.
Figure 1-10 High Availability Deployment Example
In this example, two tiers—including network services servers—are all duplicated. Load balancers are used to distribute HTTP and HTTPS traffic. NAT is used to tunnel Web Conferencing to the Applications tier. Network services run on servers residing in the DMZ, including the Postfix mail relay on port 25 and Apache 2.0 Reverse Proxy on ports 80 (HTTP) and 443 (HTTPS). Although it is not shown, a BIND DNS server runs on port 53.
The use of a second, internal DNS server enables internal users to connect directly to the internal servers. External users connect to the Oracle Collaboration Suite domain on routable 12.x.x.x IP addresses, and are served content by the proxy server, which communicates with Oracle Collaboration Suite through a firewall.
The interior network provides open access for its users, while the exterior network (the Internet) has access to HTTPS, SMTP and Web Conferencing traffic. Web Conferencing and Files traffic are still being determined, and require appropriate increases in bandwidth where necessary.
For a user base of 1,000 to 1,500 users, four moderately sized servers—each with two CPUs—can be used. For larger user bases, increase sizing as needed. For instance, for 4,000 users, servers with four to eight CPUs and large amounts of RAM are recommended.
Clients may reside on the internal network or on a separate neighboring network, which could theoretically be in a separate physical location.
