10 Changing from a Test to a Production Environment

This chapter provides use cases for changing from a test to a production environment. You can develop and test applications in a test environment, and then eventually roll out the test applications and, optionally, test data to your production environment. You can also use this approach for testing and rolling out upgrades.

It contains the following topics:

• Understanding the Options for Creating a Production Middle Tier

• Scenarios with a 10.1.2 Middle Tier

• Scenarios with a 10.1.3 Middle Tier

See Also: Section 4.3, "Reassociation" in the Oracle Identity Federation Administrator's Guide for further information about moving data in an environment with an Oracle Identity Federation instance

10.1 Understanding the Options for Creating a Production Middle Tier

Many of the scenarios presented in this chapter describe creating a production middle-tier instance in a configuration that already includes a test middle-tier instance for application development. For these scenarios, you have the choice of three options. You can:

• For 10g Release 2 (10.1.2) middle-tier environments, clone the test middle-tier instance.

  Use this option to preserve configuration settings.

• Point the 10g Release 2 (10.1.2) or 10g Release 3 (10.1.3) test middle-tier instance to the production Oracle Identity Management.

  Use this option if you want to repurpose the test middle-tier instance as the production middle-tier instance.

• Install a 10g Release 2 (10.1.2) or 10g Release 3 (10.1.3) middle-tier instance into the production environment, and then redeploy applications.

  Use this option when you are creating the production middle-tier instance in a different operating system than the test middle-tier instance.

10.2 Scenarios with a 10.1.2 Middle Tier

Table 10-1 provides guidance on how to find the scenario that applies to your application and configuration environment.

Table 10-1 Test-to-Production Use Cases

Type of Application	Configuration Assumptions	Refer To This Use Case Scenario:
J2EE
Scenario 1	Test Environment Includes: Middle-tier instance and Oracle Identity Management already exists. Production Environment: The production environment does not exist. You want to create a middle-tier instance and Oracle Identity Management.	See Also: Section 10.2.1, "Scenario 1: Moving J2EE Applications from a Test Middle Tier with Oracle Identity Management to a New Production Environment"
Non-J2EE
Scenario 2	Test Environment: The test environment does not exist. You want to create a middle-tier instance and Oracle Identity Management. Production Environment: Oracle Identity Management already exists. You want to create a middle-tier instance.	See Also: Section 10.2.2, "Scenario 2: Moving Applications from a Test Middle Tier with Identity Management to a Production Environment with a Preexisting Identity Management"
Scenario 3	Test Environment: The test environment does not exist. You want to create a middle-tier instance, Oracle Identity Management, and a Metadata Repository for product metadata. Production Environment: Oracle Identity Management already exists. You want to create a middle-tier instance, and a Metadata Repository for product metadata.	See Also: Section 10.2.3, "Scenario 3: Moving Applications from a Test Middle Tier with Identity Management and a Product Metadata Repository to an Existing Production Environment with Identity Management"

This section contains the following topics:

• Scenario 1: Moving J2EE Applications from a Test Middle Tier with Oracle Identity Management to a New Production Environment

• Scenario 2: Moving Applications from a Test Middle Tier with Identity Management to a Production Environment with a Preexisting Identity Management

• Scenario 3: Moving Applications from a Test Middle Tier with Identity Management and a Product Metadata Repository to an Existing Production Environment with Identity Management

• Related Procedures

10.2.1 Scenario 1: Moving J2EE Applications from a Test Middle Tier with Oracle Identity Management to a New Production Environment

In this scenario, you have a J2EE application on a test middle-tier instance with Oracle Identity Management. You want to create a new production environment that includes a 10g Release 2 (10.1.2) middle-tier instance with the J2EE application and a 10g (10.1.4.0.1) Oracle Identity Management with a Metadata Repository. Figure 10-1 shows this scenario.

Figure 10-1 Moving a J2EE Application from a Test Middle Tier with Oracle Identity Management

Description of "Figure 10-1 Moving a J2EE Application from a Test Middle Tier with Oracle Identity Management"

10.2.1.1 Preexisting Configuration Assumptions

This scenario assumes the following configuration:

• The test environment includes a 10g Release 2 (10.1.2) middle-tier instance with a J2EE application and a 10g (10.1.4.0.1) Oracle Identity Management with a Metadata Repository.

• The production middle-tier instance does not the exist, and the production Oracle Identity Management may exist.

10.2.1.2 Procedure

For this scenario, you create the production environment by following these tasks:

1. If the production Oracle Identity Management and Metadata Repository does not exist, install and configure it:

   1. Install Oracle Application Server 10g (10.1.4.0.1) using Oracle Universal Installer.

   2. From the Select a Product to Install screen, choose Oracle Application Server Infrastructure 10g.

   3. From the Select Installation Type screen, choose Identity Management and Metadata Repository.

   4. From the Select Configuration Options screen, choose Oracle Internet Directory.

2. Install the 10g Release 2 (10.1.2) production middle-tier instance.

   1. Install Oracle Application Server using Oracle Universal Installer.

   2. From the Select a Product to Install screen, choose the appropriate middle tier type for your environment.

3. Redeploy J2EE application EAR files to the new middle tier. You can use one of the following mechanisms:

   • Use the DCM redeployApplication command.

   • Navigate to the OC4J Home page -> Applications tab in Oracle Enterprise Manager 10g Application Server Control Console and click Deploy EAR file.

   
   

   See Also: Oracle Application Server Containers for J2EE User's Guide for more information about redeploying application EAR files "Deploying a New OC4J Application" in Enterprise Manager Online Help for instructions

   
   

10.2.2 Scenario 2: Moving Applications from a Test Middle Tier with Identity Management to a Production Environment with a Preexisting Identity Management

In this scenario, you have an existing production environment that includes a 10g (10.1.4.0.1) Oracle Identity Management installation with a Metadata Repository. You would like to create a test environment for developing and testing applications. You would then like to roll out these applications to the production environment.

For this scenario, you create a test environment by installing and setting up a replica of the production Oracle Identity Management. The Oracle Identity Management has its own Metadata Repository. The Oracle Internet Directory in the test Oracle Identity Management is an LDAP-based replica of the production Oracle Internet Directory. Replication takes place constantly from the production Oracle Internet Directory to the test Oracle Internet Directory. This replica has its own Metadata Repository. You then install a test middle-tier instance to use the test Oracle Identity Management.

After developing and testing your applications, you create a production middle-tier instance by either cloning the test middle-tier instance, or installing a middle tier into the production environment, and then redeploying the applications.

Figure 10-2 shows an example of this scenario.

Figure 10-2 Moving an Application from a Test Middle Tier with Oracle Identity Management to a New Production Environment

Description of "Figure 10-2 Moving an Application from a Test Middle Tier with Oracle Identity Management to a New Production Environment"

10.2.2.1 Preexisting Configuration Assumptions

This scenario assumes the following configuration:

• The test environment does not exist.

• The production environment includes only a 10g (10.1.4.0.1) Oracle Identity Management with a Metadata Repository.

10.2.2.2 Procedure

This procedure contains the following tasks:

• Task 1: Configure the Test Oracle Identity Management and Metadata Repository

• Task 2: Set Up the Test Middle-Tier Instance

• Task 3: Set Up the Production Middle-Tier Instance

Task 1: Configure the Test Oracle Identity Management and Metadata Repository

To configure the test Oracle Identity Management and Metadata Repository, set up Oracle Identity Management 10g (10.1.4.0.1) in the test environment. Use these subtasks to perform this configuration:

1. Perform procedure "Install and Set Up the Test Oracle Identity Management and Metadata Repository".

2. Perform procedure "Identify the Test Oracle Internet Directory as a Pilot".

Task 2: Set Up the Test Middle-Tier Instance

To configure the 10g Release 2 (10.1.2) test middle-tier instance, install the middle-tier instance and develop and test applications. Use these subtasks to perform this configuration:

1. Perform procedure "Install Test Middle-Tier Instance".

2. Perform procedure "Develop and Test Your Applications".

Task 3: Set Up the Production Middle-Tier Instance

To create the 10g Release 2 (10.1.2) production middle-tier instance, you can either clone the test middle-tier instance or perform a middle-tier installation. If you do not want to create a separate production middle-tier instance, you can choose to point the test middle-tier instance to the production Oracle Identity Management.

When you clone a test middle-tier instance, you must also migrate data from the test Oracle Identity Management to the production Oracle Identity Management, and associate the production middle-tier instance with the production Oracle Identity Management. Perform the following procedures to clone the test middle-tier instance:

1. Perform procedure "Clean Up Test Oracle Internet Directory".

2. Perform procedure "Quiesce the Distributed Directory Environment".

3. Perform procedure "End Pilot Mode on the Test Oracle Internet Directory".

4. Perform procedure "Migrate Oracle Internet Directory Data to Production".

5. Perform tasks in the procedure in Section 10.4, "Cloning Oracle Application Server Instances," in the Oracle Application Server Administrator's Guide 10g Release 2 (10.1.2).

6. Perform procedure "Change Middle-Tier Instance to the Production Oracle Identity Management".

To point the test middle-tier instance to the production Oracle Identity Management, perform the same tasks for cloning, except for Task 5.

To install the production middle-tier instance:

1. Install the production middle-tier instance.

   1. Install Oracle Application Server using Oracle Universal Installer.

   2. From the Select a Product to Install screen, choose the appropriate middle tier type for your environment.

2. Redeploy J2EE application EAR files to the new middle tier. You can use one of the following mechanisms:

   • Use the DCM redeployApplication command.

   • Navigate to the OC4J Home page -> Applications tab in Oracle Enterprise Manager 10g Application Server Control Console and click Deploy EAR file.

   
   

   See Also: Oracle Application Server Containers for J2EE User's Guide for more information about redeploying application EAR files "Deploying a New OC4J Application" in Enterprise Manager Online Help for instructions

   
   

   When you install, data in the test Oracle Identity Management is not migrated to the production environment.

10.2.2.3 Creating a Second Middle-Tier Instance in the Production Environment

If you want to deploy a test application to another 10g Release 2 (10.1.2) middle-tier instance in the production environment, perform these tasks to create a second middle-tier instance:

1. Perform step 2 in "Task 1: Configure the Test Oracle Identity Management and Metadata Repository".

2. Perform procedure "Task 2: Set Up the Test Middle-Tier Instance".

3. Perform procedure "Task 3: Set Up the Production Middle-Tier Instance".

10.2.3 Scenario 3: Moving Applications from a Test Middle Tier with Identity Management and a Product Metadata Repository to an Existing Production Environment with Identity Management

This scenario is similar to Section 10.2.2, "Scenario 2: Moving Applications from a Test Middle Tier with Identity Management to a Production Environment with a Preexisting Identity Management", except the test middle-tier instance has an additional Metadata Repository for product metadata. With this scenario, you develop and test one application or a set of related applications against the same Oracle Identity Management. You then roll out these applications at the same time to the production environment. After deploying the first set of applications, you can develop, test, and deploy a second set of applications. In this manner, this scenario works like an assembly line.

You start by creating a test environment with a replica of the production Oracle Identity Management. You then install a test middle-tier instance to use the test Oracle Identity Management and a separate Metadata Repository for the product metadata.

You then configure the production environment. You move the test product Metadata Repository to the production environment. You then create a production middle-tier instance by either cloning the test middle-tier instance, or installing a middle tier into the production environment, and then redeploying the applications.

Figure 10-3 shows an example of this scenario.

Figure 10-3 Moving an Application from a Test Middle Tier with Oracle Identity Management and Product Metadata Repository to an Existing Production Environment with Oracle Identity Management

Description of "Figure 10-3 Moving an Application from a Test Middle Tier with Oracle Identity Management and Product Metadata Repository to an Existing Production Environment with Oracle Identity Management"

10.2.3.1 Preexisting Configuration Assumptions

This scenario assumes the following configuration:

• The test environment does not exist.

• The production environment includes only a 10g (10.1.4.0.1) Oracle Identity Management with a Metadata Repository.

10.2.3.2 Procedure

This procedure contains the following tasks:

• Task 1: Configure the Test Oracle Identity Management and Metadata Repository

• Task 2: Create the Test Product Metadata Repository

• Task 3: Set Up the Test Middle-Tier Instance

• Task 4: Move Test Product Metadata Repository to Production Environment

• Task 5: Set Up the Production Middle-Tier Instance

Task 1: Configure the Test Oracle Identity Management and Metadata Repository

To configure the test Oracle Identity Management and Metadata Repository, set up 10g (10.1.4.0.1) Oracle Identity Management in the test environment. Use these subtasks to perform this configuration:

1. Perform procedure "Install and Set Up the Test Oracle Identity Management and Metadata Repository".

2. Perform procedure "Identify the Test Oracle Internet Directory as a Pilot".

Task 2: Create the Test Product Metadata Repository

To configure the test product Metadata Repository, follow the procedure "Install and Populate Test Product Metadata Repository".

Task 3: Set Up the Test Middle-Tier Instance

To configure the 10g Release 2 (10.1.2) test middle-tier instance, install the middle-tier instance and develop and test applications. Follow these procedures to perform this configuration:

1. Perform procedure "Install Test Middle-Tier Instance".

2. Perform procedure "Develop and Test Your Applications".

Task 4: Move Test Product Metadata Repository to Production Environment

To configure the 10g (10.1.4.0.1) production product Metadata Repository, follow the procedure "Move the Test Product Metadata Repository to Production".

Task 5: Set Up the Production Middle-Tier Instance

To create the 10g Release 2 (10.1.2) production middle-tier instance, you can either clone the test middle-tier instance or perform a middle-tier installation. If you do not want to create a separate production middle-tier instance, you can choose to point the test middle-tier instance to the production Oracle Identity Management.

When you clone a test middle-tier instance, you must also migrate data from the test Oracle Identity Management to the production Oracle Identity Management, and associate the production middle-tier instance with the production Oracle Identity Management. Perform these procedures to clone the test middle-tier instance:

1. Perform procedure "Clean Up Test Oracle Internet Directory".

2. Perform procedure "Quiesce the Distributed Directory Environment".

3. Perform procedure "End Pilot Mode on the Test Oracle Internet Directory".

4. Perform procedure "Migrate Oracle Internet Directory Data to Production".

5. Perform tasks in the procedure in Section 10.4, "Cloning Oracle Application Server Instances," in the Oracle Application Server Administrator's Guide 10g Release 2 (10.1.2).

6. Perform procedure "Change Middle-Tier Instance to the Production Oracle Identity Management".

To point the test middle-tier instance to the production Oracle Identity Management, perform the same tasks for cloning, except for Task 5.

To install the production middle-tier instance:

1. Install the production middle-tier instance.

2. Redeploy J2EE application EAR files to the new middle tier. You can use one of the following mechanisms:

   • Use the DCM redeployApplication command.

   • Navigate to the OC4J Home page -> Applications tab in Oracle Enterprise Manager 10g Application Server Control Console and click Deploy EAR file.

   
   

   See Also: Oracle Application Server Containers for J2EE User's Guide for more information about redeploying application EAR files "Deploying a New OC4J Application" in Enterprise Manager Online Help for instructions

   
   

   When you install, data in the test Oracle Identity Management is not migrated to the production environment.

10.2.3.3 Creating a Second Middle-Tier Instance in the Production Environment

If you want to deploy a test application to another 10g Release 2 (10.1.2) middle-tier instance in the production environment, perform these tasks to create a second middle-tier instance:

1. Perform subtask 2 in "Task 1: Configure the Test Oracle Identity Management and Metadata Repository".

2. Perform procedure "Task 2: Set Up the Test Middle-Tier Instance".

3. Perform procedure "Task 3: Set Up the Production Middle-Tier Instance".

10.2.4 Related Procedures

Related procedures for scenarios 2 and 3 include:

• Install and Set Up the Test Oracle Identity Management and Metadata Repository

• Identify the Test Oracle Internet Directory as a Pilot

• Install and Populate Test Product Metadata Repository

• Install Test Middle-Tier Instance

• Develop and Test Your Applications

• Clean Up Test Oracle Internet Directory

• Quiesce the Distributed Directory Environment

• End Pilot Mode on the Test Oracle Internet Directory

• Move the Test Product Metadata Repository to Production

• Migrate Oracle Internet Directory Data to Production

• Change Middle-Tier Instance to the Production Oracle Identity Management

Install and Set Up the Test Oracle Identity Management and Metadata Repository

In this procedure, you install and set up the test Oracle Identity Management and its associated Metadata Repository. The test Oracle Identity Management is an LDAP-based replica of the original Oracle Identity Management.

1. Read Section H.1, "About LDAP-Based Replicas" to learn about LDAP-based Replicas and how they are used for this procedure.

2. Follow the procedure in Section H.2, "Installing and Setting Up an LDAP-Based Replica" to install and set up the test Oracle Identity Management and Metadata Repository.

Identify the Test Oracle Internet Directory as a Pilot

Run the following command from the Oracle home of the test Oracle Internet Directory:

remtool -pilotreplica begin -bind test_oid_host:test_oid_port/test_replication_dn_passwd

In the syntax:

test_oid_host is the host name of the test directory server.

test_oid_port is the LDAP port of the test directory server.

test_replication_dn_passwd is the password of the replication DN of the test directory server. By default, it is the same as the superuser DN (cn=orcladmin) password.

See Also: Appendix H for more information about LDAP replication Oracle Identity Management User Reference for more information about remtool and directory replication

Install and Populate Test Product Metadata Repository

Create a new database and populate it with the OracleAS Metadata Repository.

1. Install Oracle Application Server 10g (10.1.4.0.1) using Oracle Universal Installer.

2. From the Select a Product to Install screen, choose Oracle Application Server Infrastructure 10g.

3. From the Select Installation Type screen, choose Metadata Repository.

Install Test Middle-Tier Instance

Install your test middle-tier instances and configure them to use the test Oracle Identity Management according to what you want to test:

1. Install Oracle Application Server using Oracle Universal Installer.

2. From the Select a Product to Install screen, choose the appropriate middle tier type for your environment.

Develop and Test Your Applications

Develop and test applications in your test environment.

Clean Up Test Oracle Internet Directory

You can clean up (delete) the data that is modified or added on the test Oracle Internet Directory so that it is not migrated to the production Oracle Internet Directory. This might be a requirement of a middle-tier component or might be desired by the administrator who maintains Oracle Internet Directory consistency in the production Oracle Internet Directory.

To clean up the data, use the ldapdelete command-line utility and delete entries that should not be migrated.

See Also: Oracle Identity Management User Reference for more information about the ldapdelete command

Quiesce the Distributed Directory Environment

It is very important to quiesce the distributed directory environment while the data migration from the test to the production takes place. This ensures that there are no conflicting updates, and therefore no data loss or corruption.

To quiesce the distributed directory environment:

1. Make sure both the test and production Oracle Internet Directories are up and running.

2. Change the directory server on the test node to read-only mode.

   On the test host, create an LDIF file named readonly.ldif that contains the following lines:

   dn:
   
   changetype:modify
   
   replace:orclservermode
   
   orclservermode:r
   
   

   Run the following command:

   TEST_HOME/bin/ldapmodify -p test_oid_port -D cn=orcladmin
   
    -w test_orcladmin_passwd -v -f readonly.ldif
   
   

   In the syntax:

   test_oid_port is the LDAP port of the test directory server.

   test_orcladmin_password is the password of the superuser DN (cn=orcladmin).

3. Wait until all the pending changes are applied to both nodes and the nodes are completely in sync. There is no tool to automatically detect this, but you can monitor the replication log files and make sure there are no new changes being processed by any node in the directory replication group, which ensures that the directory replication group is in a quiesced state.

End Pilot Mode on the Test Oracle Internet Directory

Run the following command from the Oracle home of the test Oracle Internet Directory:

remtool -pilotreplica end -bind test_oid_host:test_oid_port/test_replication_dn_passwd [-bkup fname]

In the syntax:

test_oid_host is the host name of the test directory server.

test_oid_port is the LDAP port of the test directory server.

test_replication_dn_passwd is the password of the replication DN of the test directory server. By default, it is the same as the superuser DN (cn=orcladmin) password.

fname specifies the backup file in which to store entries that were modified after pilot mode was started. The entries are in LDIF format. You will use this file in procedure "Migrate Oracle Internet Directory Data to Production".

See Also: Appendix H for more information about LDAP replication Oracle Identity Management User Reference for more information about remtool and directory replication

Move the Test Product Metadata Repository to Production

You have several options for moving your test product Metadata Repository to your production environment:

• You can continue to use the test Metadata Repository in your production environment, thereby deeming it to be a production Metadata Repository.

  In this case, no further action is required.

• You can copy the Metadata Repository to a production host and change your middle-tier instances to use it.

  Follow the procedure in Section 9.5, "Changing the Metadata Repository Used by a Middle-Tier Instance".

• If you do not want to retain the test data in the Metadata Repository, you can install a new Metadata Repository in the production environment, and change the middle-tier instances to use that.

  Install an Infrastructure using Oracle Universal Installer. Select the Metadata Repository only option. Register the Metadata Repository with the production Oracle Identity Management.

  Change each of the former test middle-tier instances to use the new Metadata Repository. On each middle-tier instance:

  1. Using the Application Server Control Console, navigate to the Instance Home Page for the middle-tier instance.

  2. Click Infrastructure.

  3. On the Infrastructure Page, in the Metadata Repository section, click Change.

  4. Follow the tasks in the wizard for supplying the new Metadata Repository information.

  5. When the wizard is finished, navigate to the Instance Home Page and start your instance by clicking Start All.

Migrate Oracle Internet Directory Data to Production

This procedure describes how to migrate Oracle Internet Directory data from a test Oracle Identity Management to the production Oracle Identity Management.

Note: Make sure the ORACLE_HOME and ORACLE_SID environment variables are set before you begin. This applies to all operating systems.

1. Migrate test Oracle Internet Directory data to the production environment by running the following command.

   PRODUCTION_HOME/bin/ldapaddmt -h production_oid_host
   
   -p production_oid_port -D "cn=orcladmin" 
   
   -w production_orcladmin_passwd -r -f fname
   
   

   Make sure you specify the -r argument to migrate data and resolve conflicts. Also, ensure you specify the LDIF file you obtained in procedure "End Pilot Mode on the Test Oracle Internet Directory" for the -f argument.

   In the syntax:

   production_oid_host is the host of the production directory server.

   production_oid_port is the LDAP port of the production directory server.

   production_orcladmin_password is the password of the superuser DN (cn=orcladmin).

   fname specifies the LDIF file you specified in procedure "End Pilot Mode on the Test Oracle Internet Directory".

2. Validation step. Verify that the migration of Oracle Internet Directory data succeeded.

   Verify that ldapaddmt reported success. You can check the add.log file for errors, which is created in the directory from which you ran the ldapaddmt command.

   • If add.log is empty, the command succeeded.

   • If add.log contains errors such as Additional Info: Parent entry not found in the directory, then the entries in the LDIF file are not in the correct order—the child entry is before the parent entry. Run ldapaddmt again and this will take care of adding the child entries.

     
     

     See Also: Oracle Internet Directory Administrator's Guide for information on interpreting messages in log files

     
     

   If necessary, repeat Step 1.

3. Migrate OracleAS Single Sign-On and Oracle Directory Integration Platform data from the test Metadata Repository to the production Metadata Repository.

   To migrate the OracleAS Single Sign-On data:

   1. Obtain the ORASSO schema password on the test Metadata Repository:

      TEST_HOME/bin/ldapsearch -h test_oid_host -p test_oid_port 
      
      -D "cn=orcladmin" -w test_orcladmin_passwd 
      
      -b "orclresourcename=orasso, orclreferencename=test_oid_global_db_name,
      
       cn=ias infrastructure databases, cn=ias, cn=products, cn=oraclecontext" -s
      
       base "objectclass=*" orclpasswordattribute
      
      

      In the syntax:

      test_oid_host is the host of the test directory server.

      test_oid_port is the LDAP port of the test directory server.

      test_orcladmin_password is the password of the superuser DN (cn=orcladmin).

      test_oid_global_dbname is the global database name of the test Metadata Repository.

      This command prints the ORASSO password in a line like the following:

      orclpasswordattribute=LAetjdQ5
      
      

   2. Export the OracleAS Single Sign-On data from the test environment, ensuring that the ORACLE_HOME environment variable is set before you run this command:

      TEST_HOME/sso/bin/ssomig -export -s orasso -p test_orasso_passwd 
      
      -c test_net_service_name -log_d $TEST_HOME/sso/log
      
      

      In the syntax:

      test_orasso_passwd is the ORASSO password obtained in the previous step.

      test_net_service_name is the database name of the test Metadata Repository.

   3. Copy the ssomig.dmp and ssoconf.log files from the test to the production directory server, preserving the exact full path for each file:

      cp TEST_HOME/sso/log/ssomig.dmp PRODUCTION_HOME/sso/log/ssomig.dmp
      
      cp TEST_HOME/sso/log/ssoconf.log PRODUCTION_HOME/sso/log/ssoconf.log
      
      

   4. Obtain the ORASSO schema password on the production Metadata Repository:

      PRODUCTION_HOME/bin/ldapsearch -h production_oid_host -D "cn=orcladmin"  -p production_oid_port
      
      -w production_orcladmin_password -b "orclresourcename=orasso,
      
       orclreferencename=production_global_db_name, cn=ias infrastructure
      
       databases, cn=ias, cn=products, cn=oraclecontext" 
      
      -s base "objectclass=*" orclpasswordattribute
      
      

      In the syntax:

      production_oid_host is the host of the production directory server.

      production_oid_port is the LDAP port of the production directory server.

      production_orcladmin_password is the password of the superuser DN (cn=orcladmin).

      production_oid_global_dbname is the global database name of the production Metadata Repository.

   5. Import the OracleAS Single Sign-On data to the production Metadata Repository:

      PRODUCTION_HOME/sso/bin/ssomig -import -overwrite -s orasso 
      
      -p production_orasso_passwd -c production_net_service_name 
      
      -log_d $PRODUCTION_HOME/sso/log -discoforce
      
      

      In the syntax:

      production_orasso_passwd is the ORASSO password obtained in the previous step.

      production_net_service_name is the database name of the production Metadata Repository.

   6. Validation step: Verify that the export and import of OracleAS Single Sign-On succeeded.

      Verify that the OracleAS Single Sign-On migration tool reported success. You can also check the following log files for errors:

      TEST_HOME/sso/log/ssomig.log
      
      PRODUCTION_HOME/sso/log/ssomig.log
      

      
      

      See Also: Oracle Application Server Single Sign-On Administrator's Guide for information on interpreting messages in the log files

      
      

   To migrate the Oracle Directory Integration Platform data:

   Run the Oracle Directory Integration Platform configuration assistant command to migrate the profile data and restart the Oracle Directory Integration Platform instance on the new host (the production host). For example, on UNIX, the command takes the following format:

   PRODUCTION_HOME/bin/oidca mode=DIP
   
     -silent
   
     oidhost=production_oid_host connstr=production_oid_db_connect_string
   
     sslport=production_oid_ssl_port
   
     sudn=production_oid_user_dn
   
     supwd=production_oid_user_password
   
     iaspwd=production_ias_admin_password
   
     odspwd=oid_db_schema_password
   
     iasinstance=1014_iasinstance_name -ldapreadonly
   
     masteroidhost=test_oid_host
   
     masteroidport=test_oid_ssl_or_nonssl_port [-ssl]
   
     mastersudn=test_user_dn 
   
     mastersupwd=test_user_password
   
   

   In the example:

   • production_oid_host is the hostname of the production Oracle Internet Directory.

   • production_oid_db_connect_string is the short name of database connection string. For example, if the connection string is orcl.mydomain.com, the value of this parameter is orcl.

   • production_oid_ssl_port is the SSL port number of the production Oracle Internet Directory.

   • production_oid_user_dn is the DN of the production Oracle Internet Directory user needed to bind to the directory (for example, cn=orcladmin).

   • production_oid_user_password is the user password needed to bind to the production directory.

   • production_iasadmin_password is the password for the ias_admin user.

   • oid_db_schema_password is the password for the Oracle Internet Directory schema.

   • 1014_iasinstance_name is the name for the new instance.

   • test_oid_host is the hostname of the test Oracle Internet Directory.

   • test_oid_ssl_or_nonssl_port is the SSL or non-SSL port number of the test Oracle Internet Directory.

   • test_user_dn is the DN of the test Oracle Internet Directory user needed to bind to the directory (for example, cn=orcladmin).

   • test_user_password is the user password needed to bind to the test directory.

4. (Optional) Perform post-migration cleanup tasks.

   Some middle-tier components might have special cleanup requirements after you have changed to the production environment. You can perform these cleanup tasks to the test environment after the middle-tier instances have been changed to the production node.

Change Middle-Tier Instance to the Production Oracle Identity Management

In each production middle-tier instance, run the Change Identity Management wizard and restart the instance:

1. Using the Application Server Control Console, navigate to the Instance Home Page for the middle-tier instance.

2. Click Infrastructure.

3. On the Infrastructure Page, in the Identity Management section, click Change.

4. Follow the tasks in the wizard for supplying the production Oracle Identity Management information.

5. When the wizard is finished, navigate to the Instance Home Page and start your instance by clicking Start All.

10.3 Scenarios with a 10.1.3 Middle Tier

Table 10-1 provides guidance on how to find the scenario that applies to your application and configuration environment.

Table 10-2 Test-to-Production Scenarios

Scenario	Configuration Assumptions	Refer To This Scenario:
Scenario 1	Test Environment: Middle-tier instance and Oracle Identity Management already exists. Production Environment: The production environment does not exist. You want to create a middle-tier instance and Oracle Identity Management.	Section 10.3.1, "Scenario 1: Moving J2EE Applications from a Test Middle Tier with Oracle Identity Management to a New Production Environment"
Scenario 2	Test Environment: The test environment does not exist. You want to create a middle-tier instance and Oracle Identity Management. Production Environment: Oracle Identity Management already exists. You want to either create a middle-tier instance or configure the test middle-tier instance to point to the production Oracle Identity Management.	Section 10.3.2, "Scenario 2: Creating a Test Environment for Development and Rolling Out J2EE Applications to a Production Environment with a Preexisting Oracle Identity Management"

This section contains the following topics:

• Scenario 1: Moving J2EE Applications from a Test Middle Tier with Oracle Identity Management to a New Production Environment

• Scenario 2: Creating a Test Environment for Development and Rolling Out J2EE Applications to a Production Environment with a Preexisting Oracle Identity Management

• Related Procedures

10.3.1 Scenario 1: Moving J2EE Applications from a Test Middle Tier with Oracle Identity Management to a New Production Environment

In this scenario, you have a J2EE application on a test middle-tier instance with Oracle Identity Management. You want to create a new production environment that includes a 10g Release 3 (10.1.3) middle-tier instance with the J2EE application and a 10g (10.1.4.0.1) Oracle Identity Management with a Metadata Repository. Figure 10-1 shows this scenario.

Figure 10-4 Moving a J2EE Application from a Test Middle Tier with Oracle Identity Management

Description of "Figure 10-4 Moving a J2EE Application from a Test Middle Tier with Oracle Identity Management"

10.3.1.1 Preexisting Configuration Assumptions

This scenario assumes the following configuration:

• The test environment includes a middle-tier instance with a J2EE application and a 10g (10.1.4.0.1) Oracle Identity Management installation with a Metadata Repository.

• The production middle-tier instance does not the exist, and the production Oracle Identity Management may exist.

10.3.1.2 Procedure

For this scenario, you create the production environment by following these tasks:

1. If the production Oracle Identity Management and Metadata Repository does not exist, install and configure it:

   1. Install Oracle Application Server 10g (10.1.4.0.1) using Oracle Universal Installer.

   2. From the Select a Product to Install screen, choose Oracle Application Server Infrastructure 10g.

   3. From the Select Installation Type screen, choose Identity Management and Metadata Repository.

   4. From the Select Configuration Options screen, choose Oracle Internet Directory.

2. Install a 10g Release 3 (10.1.3) production middle-tier instance.

   1. Install Oracle Application Server using Oracle Universal Installer.

   2. From Oracle Application Server 10g 10.1.3 Installation screen, follow the prompts to install the middle tier.

3. Deploy J2EE application EAR files to the new middle tier. You can use one of the following mechanisms:

   • Use the admin_client.jar utility with the -deploy command.

   • Navigate to the OC4J Home page -> Applications tab in Oracle Enterprise Manager 10g Application Server Control Console, select the application, and click Deploy.

   
   

   See Also: Oracle Containers for J2EE Configuration and Administration Guide for more information about the admin_client.jar utility "Deploying an Application" in Enterprise Manager Online Help

   
   

   Perform these substeps for application usage:

   1. Point the production middle-tier instance to the production Oracle Identity Management, as described in "Task 3: Change Middle-Tier Instances to the New Identity Management".

   2. Use Delegated Administration Services to create any users needed for the redeployed J2EE applications, and grant the necessary permission for the applications.

      
      

      See Also: Oracle Identity Management Guide to Delegated Administration

      
      

   3. Test the applications in the production environment.

10.3.2 Scenario 2: Creating a Test Environment for Development and Rolling Out J2EE Applications to a Production Environment with a Preexisting Oracle Identity Management

In this scenario, you have an existing production environment that includes an Oracle Identity Management installation with a Metadata Repository. You would like to create a test environment for developing and testing applications. You would then like to roll out these applications to the production environment.

For this scenario, you create a test environment by installing and setting up a replica of production Oracle Identity Management. The 10g (10.1.4.0.1) Oracle Identity Management has its own Metadata Repository. The Oracle Internet Directory in the test Oracle Identity Management is an LDAP-based replica of the production Oracle Internet Directory. Replication takes place constantly from the production Oracle Internet Directory to the test Oracle Internet Directory. This replica has its own Metadata Repository. You then install a 10g Release 3 (10.1.3) test middle-tier instance to test Oracle Identity Management.

Figure 10-2 shows an example of this scenario in which you install a new 10g Release 3 (10.1.3) production middle-tier instance.

Figure 10-5 Example 1: Moving an Application from a Test Middle Tier with Oracle Identity Management to a New Production Environment

Description of "Figure 10-5 Example 1: Moving an Application from a Test Middle Tier with Oracle Identity Management to a New Production Environment"

10.3.2.1 Preexisting Configuration Assumptions

This scenario assumes the following configuration:

• The test environment does not exist.

• The production environment includes only a 10g (10.1.4.0.1) Oracle Identity Management with a Metadata Repository.

10.3.2.2 Procedure

This procedure contains the following tasks:

• Task 1: Configure the Test Oracle Identity Management and Metadata Repository

• Task 2: Set Up the Test Middle-Tier Instance

• Task 3: Set Up the Production Middle-Tier Instance

• Task 4: Deploy Applications

Task 1: Configure the Test Oracle Identity Management and Metadata Repository

To configure the test Oracle Identity Management and Metadata Repository, set up Oracle Identity Management 10g (10.1.4.0.1) in the test environment. Use these subtasks to perform this configuration:

1. Perform the procedure "Install and Set Up the Test Oracle Identity Management and Metadata Repository".

2. Perform the procedure "Identify the Test Oracle Internet Directory as a Pilot".

Task 2: Set Up the Test Middle-Tier Instance

To configure the test middle-tier instance, install the 10g Release 3 (10.1.3) middle-tier instance and develop and test applications. Use these subtasks to perform this configuration:

1. Perform the procedure "Install Test Middle-Tier Instance".

2. Associate the test Oracle Internet Directory with the test middle-tier instance.

   
   

   See Also: Oracle Containers for J2EE Security Guide

   
   

3. Perform the procedure "Develop and Test Your Applications".

Task 3: Set Up the Production Middle-Tier Instance

To create a production middle-tier instance, you perform a middle-tier installation. If you do not want to create a separate production middle-tier instance, you can choose to point the test middle-tier instance to the production Oracle Identity Management.

To install the 10g Release 3 (10.1.3) production middle-tier instance:

1. Install the production middle-tier instance.

   1. Install Oracle Application Server using Oracle Universal Installer.

   2. From Oracle Application Server 10g 10.1.3 Installation screen, follow the prompts to install the middle tier.

When you install, data in the test Oracle Identity Management is not migrated from to the production environment. You can choose instead to point the test middle-tier instance to the production Oracle Identity Management.

When you point the test middle-tier instance to the production Oracle Identity Management, you must also migrate data from the test Oracle Identity Management to the production Oracle Identity Management, and associate the production middle-tier instance with the production Oracle Identity Management.

To point the test middle-tier instance to the production Oracle Identity Management:

1. Perform the procedure "Clean Up Test Oracle Internet Directory".

2. Perform the procedure "Quiesce the Distributed Directory Environment".

3. Perform the procedure "End Pilot Mode on the Test Oracle Internet Directory".

4. Perform the procedure "Migrate Oracle Internet Directory Data to Production".

5. Perform the procedure "Task 3: Change Middle-Tier Instances to the New Identity Management".

Task 4: Deploy Applications

To deploy applications:

1. Deploy J2EE application EAR files to the new middle tier. You can use one of the following mechanisms:

   • Use the admin_client.jar utility with the -deploy command.

   • Navigate to the OC4J Home page -> Applications tab in Oracle Enterprise Manager 10g Application Server Control Console, select the application, and click Deploy.

   
   

   See Also: Oracle Containers for J2EE Configuration and Administration Guide for more information about the admin_client.jar utility "Deploying an Application" in Enterprise Manager Online Help

   
   

2. Point the production middle-tier instance to the production Oracle Identity Management, as described in "Task 3: Change Middle-Tier Instances to the New Identity Management".

3. Use Delegated Administration Services to create any users needed for the redeployed J2EE applications, and grant the necessary permission for the applications.

   
   

   See Also: Oracle Identity Management Guide to Delegated Administration

   
   

4. Test the applications in the production environment.

After developing and testing your applications, create a production middle-tier instance or use the existing test middle-tier instance.

10.3.3 Related Procedures

Related procedures for Scenario 2 include:

• Install and Set Up the Test Oracle Identity Management and Metadata Repository

• Identify the Test Oracle Internet Directory as a Pilot

• Install and Populate Test Product Metadata Repository

• Install Test Middle-Tier Instance

• Develop and Test Your Applications

• Clean Up Test Oracle Internet Directory

• Quiesce the Distributed Directory Environment

• End Pilot Mode on the Test Oracle Internet Directory

• Migrate Oracle Internet Directory Data to Production

Install and Set Up the Test Oracle Identity Management and Metadata Repository

In this procedure, you install and set up a 10g (10.1.4.0.1) of the test Oracle Identity Management and its associated Metadata Repository. The test Oracle Identity Management is an LDAP-based replica of the original Oracle Identity Management.

1. Read Section H.1, "About LDAP-Based Replicas" to learn about LDAP-based Replicas and how they are used for this procedure.

2. Follow the procedure in Section H.2, "Installing and Setting Up an LDAP-Based Replica" to install and set up the test Oracle Identity Management and Metadata Repository.

Identify the Test Oracle Internet Directory as a Pilot

Run the following command from the Oracle home of the test Oracle Internet Directory:

remtool -pilotreplica begin -bind test_oid_host:test_oid_port/test_replication_dn_passwd

In the syntax:

test_oid_host is the host name of the test directory server.

test_oid_port is the LDAP port of the test directory server.

test_replication_dn_passwd is the password of the replication DN of the test directory server. By default, it is the same as the superuser DN (cn=orcladmin) password.

See Also: Appendix H for more information about LDAP replication Oracle Identity Management User Reference for more information about remtool and directory replication

Install and Populate Test Product Metadata Repository

Create a new database and populate it with the OracleAS Metadata Repository.

1. Install Oracle Application Server using Oracle Universal Installer.

2. From the Select a Product to Install screen, select OracleAS Infrastructure.

3. From the Select Installation Type screen, select Metadata Repository.

Install Test Middle-Tier Instance

Install the 10g Release 3 (10.1.3) test middle-tier instances and configure them to use the test Oracle Identity Management according to what you want to test:

1. Install Oracle Application Server using Oracle Universal Installer.

2. From Oracle Application Server 10g 10.1.3 Installation screen, follow the prompts to install the middle tier.

Develop and Test Your Applications

Develop and test applications in your test environment.

Clean Up Test Oracle Internet Directory

You can clean up (delete) the data that is modified or added on the test Oracle Internet Directory so that it is not migrated to the production Oracle Internet Directory. This might be a requirement of a middle-tier component or might be desired by the administrator who maintains Oracle Internet Directory consistency in the production Oracle Internet Directory.

To clean up the data, use the ldapdelete command-line utility and delete entries that should not be migrated.

See Also: Oracle Identity Management User Reference for more information about the ldapdelete command

Quiesce the Distributed Directory Environment

It is very important to quiesce the distributed directory environment while the data migration from the test to the production takes place. This ensures that there are no conflicting updates, and therefore no data loss or corruption.

To quiesce the distributed directory environment:

1. Make sure both the test and production Oracle Internet Directories are up and running.

2. Change the directory server on the test node to read-only mode.

   On the test host, create an LDIF file named readonly.ldif that contains the following lines:

   dn:
   
   changetype:modify
   
   replace:orclservermode
   
   orclservermode:r
   
   

   Run the following command:

   TEST_HOME/bin/ldapmodify -p test_oid_port -D cn=orcladmin
   
    -w test_orcladmin_passwd -v -f readonly.ldif
   
   

   In the syntax:

   test_oid_port is the LDAP port of the test directory server.

   test_orcladmin_password is the password of the superuser DN (cn=orcladmin).

3. Wait until all the pending changes are applied to both nodes and the nodes are completely in sync. There is no tool to automatically detect this, but you can monitor the replication log files and make sure there are no new changes being processed by any node in the directory replication group, which ensures that the directory replication group is in a quiesced state.

End Pilot Mode on the Test Oracle Internet Directory

Run the following command from the Oracle home of the test Oracle Internet Directory:

remtool -pilotreplica end -bind test_oid_host:test_oid_port/test_replication_dn_passwd [-bkup fname]

In the syntax:

test_oid_host is the host name of the test directory server.

test_oid_port is the LDAP port of the test directory server.

test_replication_dn_passwd is the password of the replication DN of the test directory server. By default, it is the same as the superuser DN (cn=orcladmin) password.

fname specifies the backup file in which to store entries that were modified after pilot mode was started. The entries are in LDIF format. You will use this file in procedure "Migrate Oracle Internet Directory Data to Production".

See Also: Appendix H for more information about LDAP replication Oracle Identity Management User Reference for more information about remtool and directory replication

Migrate Oracle Internet Directory Data to Production

This procedure describes how to migrate Oracle Internet Directory data from a test Oracle Identity Management to the production Oracle Identity Management.

Note: Make sure the ORACLE_HOME and ORACLE_SID environment variables are set before you begin. This applies to all operating systems.

1. Migrate test Oracle Internet Directory data to the production environment by running the following command.

   PRODUCTION_HOME/bin/ldapaddmt -h production_oid_host
   
   -p production_oid_port -D "cn=orcladmin" 
   
   -w production_orcladmin_passwd -r -f fname
   
   

   Make sure you specify the -r argument to migrate data and resolve conflicts. Also, ensure you specify the LDIF file you obtained in procedure "End Pilot Mode on the Test Oracle Internet Directory" for the -f argument.

   In the syntax:

   production_oid_host is the host of the production directory server.

   production_oid_port is the LDAP port of the production directory server.

   production_orcladmin_password is the password of the superuser DN (cn=orcladmin).

   fname specifies the LDIF file you specified in procedure "End Pilot Mode on the Test Oracle Internet Directory".

2. Validation step. Verify that the migration of Oracle Internet Directory data succeeded.

   Verify that ldapaddmt reported success. You can check the add.log file for errors, which is created in the directory from which you ran the ldapaddmt command.

   • If add.log is empty, the command succeeded.

   • If add.log contains errors such as Additional Info: Parent entry not found in the directory, then the entries in the LDIF file are not in the correct order—the child entry is before the parent entry. Run ldapaddmt again and this will take care of adding the child entries.

     
     

     See Also: Oracle Internet Directory Administrator's Guide for information on interpreting messages in log files

     
     

   If necessary, repeat Step 1.

3. Migrate OracleAS Single Sign-On and Oracle Directory Integration Platform data from the test Metadata Repository to the production Metadata Repository.

   To migrate the OracleAS Single Sign-On data:

   1. Obtain the ORASSO schema password on the test Metadata Repository:

      TEST_HOME/bin/ldapsearch -h test_oid_host -p test_oid_port 
      
      -D "cn=orcladmin" -w test_orcladmin_passwd 
      
      -b "orclresourcename=orasso, orclreferencename=test_oid_global_db_name,
      
       cn=ias infrastructure databases, cn=ias, cn=products, cn=oraclecontext" -s
      
       base "objectclass=*" orclpasswordattribute
      
      

      In the syntax:

      test_oid_host is the host of the test directory server.

      test_oid_port is the LDAP port of the test directory server.

      test_orcladmin_password is the password of the superuser DN (cn=orcladmin).

      test_oid_global_dbname is the global database name of the test Metadata Repository.

      This command prints the ORASSO password in a line like the following:

      orclpasswordattribute=LAetjdQ5
      
      

   2. Export the OracleAS Single Sign-On data from the test environment, ensuring that the ORACLE_HOME environment variable is set before you run this command:

      TEST_HOME/sso/bin/ssomig -export -s orasso -p test_orasso_passwd 
      
      -c test_net_service_name -log_d $TEST_HOME/sso/log
      
      

      In the syntax:

      test_orasso_passwd is the ORASSO password obtained in the previous step.

      test_net_service_name is the database name of the test Metadata Repository.

   3. Copy the ssomig.dmp and ssoconf.log files from the test to the production directory server, preserving the exact full path for each file:

      cp TEST_HOME/sso/log/ssomig.dmp PRODUCTION_HOME/sso/log/ssomig.dmp
      
      cp TEST_HOME/sso/log/ssoconf.log PRODUCTION_HOME/sso/log/ssoconf.log
      
      

   4. Obtain the ORASSO schema password on the production Metadata Repository:

      PRODUCTION_HOME/bin/ldapsearch -h production_oid_host -D "cn=orcladmin"  -p production_oid_port
      
      -w production_orcladmin_password -b "orclresourcename=orasso,
      
       orclreferencename=production_global_db_name, cn=ias infrastructure
      
       databases, cn=ias, cn=products, cn=oraclecontext" 
      
      -s base "objectclass=*" orclpasswordattribute
      
      

      In the syntax:

      production_oid_host is the host of the production directory server.

      production_oid_port is the LDAP port of the production directory server.

      production_orcladmin_password is the password of the superuser DN (cn=orcladmin).

      production_oid_global_dbname is the global database name of the production Metadata Repository.

   5. Import the OracleAS Single Sign-On data to the production Metadata Repository:

      PRODUCTION_HOME/sso/bin/ssomig -import -overwrite -s orasso 
      
      -p production_orasso_passwd -c production_net_service_name 
      
      -log_d $PRODUCTION_HOME/sso/log -discoforce
      
      

      In the syntax:

      production_orasso_passwd is the ORASSO password obtained in the previous step.

      production_net_service_name is the database name of the production Metadata Repository.

   6. Validation step: Verify that the export and import of OracleAS Single Sign-On succeeded.

      Verify that the OracleAS Single Sign-On migration tool reported success. You can also check the following log files for errors:

      TEST_HOME/sso/log/ssomig.log
      
      PRODUCTION_HOME/sso/log/ssomig.log
      

      
      

      See Also: Oracle Application Server Single Sign-On Administrator's Guide for information on interpreting messages in the log files

      
      

   To migrate the Oracle Directory Integration Platform data:

   Run the Oracle Directory Integration Platform configuration assistant command to migrate the profile data and restart the Oracle Directory Integration Platform instance on the new host (the production host). For example, on UNIX, the command takes the following format:

   PRODUCTION_HOME/bin/oidca mode=DIP
   
     -silent
   
     oidhost=production_oid_host connstr=production_oid_db_connect_string
   
     sslport=production_oid_ssl_port
   
     sudn=production_oid_user_dn
   
     supwd=production_oid_user_password
   
     iaspwd=production_ias_admin_password
   
     odspwd=oid_db_schema_password
   
     iasinstance=1014_iasinstance_name -ldapreadonly
   
     masteroidhost=test_oid_host
   
     masteroidport=test_oid_ssl_or_nonssl_port [-ssl]
   
     mastersudn=test_user_dn 
   
     mastersupwd=test_user_password
   
   

   In the example:

   • production_oid_host is the hostname of the production Oracle Internet Directory.

   • production_oid_db_connect_string is the short name of database connection string. For example, if the connection string is orcl.mydomain.com, the value of this parameter is orcl.

   • production_oid_ssl_port is the SSL port number of the production Oracle Internet Directory.

   • production_oid_user_dn is the DN of the production Oracle Internet Directory user needed to bind to the directory (for example, cn=orcladmin).

   • production_oid_user_password is the user password needed to bind to the production directory.

   • production_iasadmin_password is the password for the ias_admin user.

   • oid_db_schema_password is the password for the Oracle Internet Directory schema.

   • 1014_iasinstance_name is the name for the new instance.

   • test_oid_host is the hostname of the test Oracle Internet Directory.

   • test_oid_ssl_or_nonssl_port is the SSL or non-SSL port number of the test Oracle Internet Directory.

   • test_user_dn is the DN of the test Oracle Internet Directory user needed to bind to the directory (for example, cn=orcladmin).

   • test_user_password is the user password needed to bind to the test directory.

4. (Optional) Perform post-migration cleanup tasks.

   Some middle-tier components might have special cleanup requirements after you have changed to the production environment. You can perform these cleanup tasks to the test environment after the middle-tier instances have been changed to the production node.