The figure shows clients connecting to a load balancer located behind a firewall. The load balancer is configured with three virtual names: mt.mydomain.com, wg.mydomain.com, and wp.mydomain.com. Clients use HTTP(S) to connect to the load balancer.
mt.mydomain.com connects to OracleAS middle tiers.
All the nodes mentioned below are separate nodes, that is, each node runs only one component.
wg.mydomain.com connects to two active nodes. These nodes run Oracle HTTP Server configured with WebGate. Each of the Oracle HTTP Servers connects to three nodes running Access Server. Two of these nodes are active and they serve as the primary server, while the third node is passive and it serves as the secondary server.
wp.mydomain.com connects to two active nodes. These nodes run Oracle HTTP Server configured with WebPass. Each of the Oracle HTTP Server connects to three nodes running Identity Server. Two of these nodes are active and they serve as the primary server, while the third node is passive and it serves as the secondary server.
The Oracle HTTP Servers that are configured with WebGate or WebPass communicate with Access Server and Identity Server using the Access Manager protocol.
To connect to Oracle Internet Directory, all the Access Server and Identity Server nodes connect to a virtual hostname called "oid.mydomain.com". The virtual hostname is placed behind another firewall. The virtual hostname points to a hardware cluster that consists of two nodes, one active and one passive. Oracle Internet Directory runs on these nodes. The passive node runs only if the active node fails.
Communication with Oracle Internet Directory uses LDAP(S).
Oracle Internet Directory, from the active and passive nodes, connect to an OracleAS Metadata Repository in a cold failover cluster database.
Clients can also connect to Access Manager, which runs with Oracle HTTP Server configured with WebPass on its own node. Clients use HTTP(S) for this connection.