9 Deploying in a Clustered WebLogic Configuration

This chapter explains how to deploy Oracle Identity Manager in a clustered WebLogic application server environment.

This chapter discusses the following topics:

• About WebLogic Clusters

• Setting Up a WebLogic Oracle Identity Manager Cluster

• Adding New Servers to Your WebLogic Cluster

• Configuring IIS Proxy Plug-ins

• Configuring Database-based HTTP Session Failover

About WebLogic Clusters

A clustered environment requires multiple host computers. These instructions involve a deployment of 3+n machines. Your configuration may vary.

Table 9-1 describes the entities needed for a cluster, the computers that they run on, and the software required for the entities. Host computers and entities are labeled.

Table 9-1 WebLogic-based Oracle Identity Manager Cluster Host Computers

Host Computers	Entities	Software	Description
ADMIN_SERVER_HOST	Administrative Server	WebLogic	The Administrative Server is the WebLogic Server instance that configures and manages the WebLogic Server instances in its domain.
XLMANAGED_SERVER_HOST_n	xlManagedServer_n node manager	WebLogic Oracle Identity Manager Server	Managed Servers are WebLogic Server instances that are the cluster members. Members are controlled by the Administration Server. Each application server in your cluster runs Oracle Identity Manager. The managed servers run on one or more host computers (replace n with a number, such as xlManagedServer_1). You can have more than one application server for each host computer.
NA	xlCluster		The name of the WebLogic cluster for Oracle Identity Manager.
IIS_HOST	IIS server	IIS WebLogic IIS plug-in	The IIS web server acts as the front end to the WebLogic cluster, and handles load balancing.

Caution: Deploying an application in a clustered environment is a complex procedure. This document assumes that you have expertise in installing and running applications on a WebLogic cluster. These instructions only provide details specific to Oracle Identity Manager. They are not complete instructions for setting up a WebLogic cluster. For more information on clustering, consult your WebLogic documentation.

Setting Up a WebLogic Oracle Identity Manager Cluster

The basic procedure for deploying Oracle Identity Manager in a WebLogic cluster is to install and configure an administrative server and a single managed server, and then clone the managed server for the other cluster members.

Note: This chapter assumes that you are running a dedicated administrative server host which is not running Oracle Identity Manager.

To set up a WebLogic Oracle Identity Manager cluster:

1. Install WebLogic on the ADMIN_SERVER_HOST.

2. Install WebLogic on all managed hosts (XLMANAGED_SERVER_HOST_1...n).

3. Configure the XLMANAGED_SERVER_HOST_1 to listen to the administrative server.

   See "Configuring a Node Manager for a Managed Server" for more information.

4. Create a WebLogic configuration.

   See"Creating a WebLogic Configuration" for more information.

5. Configure the Remote Start options for xlManagedServer1 and start the cluster.

   See "Configuring Remote Start Options" for more information.

6. Install Oracle Identity Manager on the ADMIN_SERVER_HOST.

   See "Installing Oracle Identity Manager" for more information.

7. Configure WebLogic.

   See"Configuring WebLogic Post-Oracle Identity Manager Installation" for more information.

8. Add new servers to your cluster.

   See "Adding New Servers to Your WebLogic Cluster" for more information.

9. (Optional) Configure the IIS Proxy Plug-Ins.

   See "Configuring IIS Proxy Plug-ins" for more information.

10. (Optional) Configure database-based HTTP session failover.

    See "Configuring Database-based HTTP Session Failover" for more information.

Installing WebLogic

Install WebLogic on the Administrative Server and XLMANAGED_SERVER_HOST_1 and any other XLMANAGED_SERVER_HOST_n machines. Configure the Node Manager on all MANAGED_SERVER_HOST machines so they can be controlled by the Administrative Server. See "Configuring a Node Manager for a Managed Server" for more information.

Configuring a Node Manager for a Managed Server

To control your remote servers from the Administrative Server after you install WebLogic on a host machine, you must edit the nodemanager.hosts file. On each machine where WebLogic is installed, edit the nodemanager.hosts file and specify the IP address of your administrative host.

Note: After installing WebLogic, you must start (or restart) the Node Manager to generate the initial nodemanager.hosts file.

The default location of the nodemanager.hosts file is:

Windows:

<BEA_HOME>\weblogic81\common\nodemanager

UNIX:

<BEA_HOME>/weblogic81/common/nodemanager

Creating a WebLogic Configuration

Before installing Oracle Identity Manager, prepare your administrative server host (ADMIN_HOST). Use the WebLogic Configuration Wizard to create a configuration. The configuration includes a domain for Oracle Identity Manager, a cluster, and settings for your managed server (xlManagedServer_1) and its host machine (XLMANAGED_SERVER_HOST_1).

To create a WebLogic Oracle Identity Manager cluster configuration, install WebLogic on ADMIN_HOST and create (or edit) a WebLogic configuration using the WebLogic Configuration Wizard.

Overview

The following steps are an overview of the process for creating a WebLogic Oracle Identity Manager cluster configuration:

1. Create (or use an existing) domain to host the Oracle Identity Manager application.

2. Add a managed server entry (xlManagedServer_1).

3. Create a cluster (xlCluster).

4. Add xlManagedServer_1 to the cluster.

5. Add a host entry for your managed server (XLMANAGED_SERVER_HOST_1).

6. Assign xlManagedServer_1 to XLMANAGED_SERVER_HOST_1.

7. Create the WebLogic administrator account.

8. Create the Internal user and the User group.

9. Add the Internal user to the User group.

10. Set start up mode and choose the SDK.

11. Save your configuration.

Procedure

Perform the following steps to create a WebLogic Oracle Identity Manager cluster configuration:

1. Start the Configuration Wizard:

   Windows:

   Click Start, select Programs, select BEA WebLogic Platform 8.1, then select Configuration Wizard.

   UNIX:

   Run <BEA_HOME>/weblogic81/common/bin/config.sh.

2. On the Create or Extend a Configuration page, create a new configuration:

   1. Click the Create a new WebLogic configuration option to select it.

   2. Click Next.

3. On the Select a Configuration Template page, select the basic template:

   1. Select the Basic WebLogic Server Domain template.

   2. Click Next.

4. On the Choose Express or Custom Configuration page, choose a custom configuration:

   1. Click the Custom option to create a custom configuration.

   2. Click Next.

5. On the Configure the Administration Server page, enter your administration server information:

   1. Enter a name for the Administrative server (such as AdminServer).

   2. Accept the defaults for the other fields.

   3. Click Next.

6. On the Managed Servers, Clusters, and Machine Options page, set up your cluster:

   1. Click the Yes radio button to create the cluster.

   2. Click Next.

7. On the Configure Managed Servers page, configure your managed server:

   1. Click the Add button to create a Managed Sever entry.

   2. Select the IP address from the Listen Address list.

   3. Enter the listening port, for example 7051.

   4. Accept the default values for all other fields.

   5. Click Next.

8. On the Configure Cluster page, configure your cluster:

   1. Click the Add button to create a cluster entry.

   2. Specify a name for the cluster (such as xlCluster).

   3. Provide a unique multicast address and port number.

      At this time, the Cluster Address is not required.

   4. Click Next.

9. On the Assign Servers to Cluster page, assign the managed server to your cluster:

   1. Highlight the managed server name from the Server section.

   2. Use the right arrow to assign it to the cluster.

   3. Click Next.

10. On the Configure Machines page, configure your managed server host machine:

    For a Windows host:

    1. Click the Machine tab.

    2. Click the Add button.

    3. Enter the name of the managed server host (such as XLMANAGED_SERVER_HOST_1).

    4. Enter the Node Manager listen address.

    5. Accept the default value of 5555 for the listening port.

    6. Click Next.

    For a UNIX host:

    1. Click the UNIX Machine tab.

       The Configure Machines page UNIX machine tab appears.

    2. Click the Add button.

    3. Enter the name of the managed server host (such as XLMANAGED_SERVER_HOST_1).

    4. Select if you want to enable GID binding.

    5. Enter the GID to bind as.

    6. Select if you want to enable UID binding.

    7. Enter the UID to bind as.

    8. Enter the host address.

    9. Enter the listen port.

    10. Click Next.

11. On the Assign Servers to Machines page, assign the managed server to the managed server host machine:

    1. Select the server.

    2. Select the host machine.

    3. Click the right-arrow button to assign the server to the host machine.

    4. Click Next.

12. On the Database (JDBC) Options page, the JDBC component is defined by the Oracle Identity Manager installer. Do not define your JDBC component:

    1. Click No.

    2. Click Next.

13. On the Messaging (JMS) Options page, the JMS component is defined by the Oracle Identity Manager installer. Do not define your JMS component:

    1. Click No.

    2. Click Next.

14. On the Configure Administrative Username and Password page, enter your administrator information:

    1. The default user name is weblogic. Use this name, or enter another name.

    2. Enter a password and confirm it.

    3. If desired, enter a description for the user. (Optional)

    4. Click the Yes option to create an additional user and group which are required by Oracle Identity Manager (so the Internal user can be created for Oracle Identity Manager).

    5. Click Next.

15. On the Configure Users and Groups page, configure the user and group information:

    1. Click Add to create a new user.

    2. Enter Internal for the user name.

       
       

       Note: The Internal user name is case-sensitive.

       
       

    3. Enter a password and confirm it.

    4. Enter a description for this user.

    5. Click the Group tab.

16. The Configure Users and Groups page displays the Group list. Enter the group information:

    1. Click the Add button to create a user group.

    2. Enter User for the group name.

       
       

       Note: The User group name is case-sensitive.

       
       

    3. Enter a description for the group.

    4. Click Next.

17. On the Assign Users Groups page, assign the Internal user to the User group:

    1. Select the User group from the Group list on the right side of the screen.

    2. Click the Internal user check box in the User list to select it.

    3. Click Next.

18. On the Assign Groups to Groups page, it is not necessary to assign groups to other groups.

    To continue, click Next.

19. On the Assign Users and Groups to Global Roles page, it is not necessary to assign users or groups a global role.

    To continue, click Next.

    If you are running the Wizard on a Windows machine, the Configure Windows Options page appears. Otherwise, the The Configure Server Start Mode and Java SDK page appears. In this case, skip this step and continue with step 21.

20. Configure your Windows Options.

    You can choose to create a start menu shortcut for the administrative server, and to run the administrative server as a Windows service.

    1. Click the Yes or No options to indicate your preferences.

    2. Click Next.

       
       

       Note: If you add a shortcut to the Start Menu, the Build Start Menu Entries screen appears. Select or decline the options, then click Next.

       
       

21. On the Configure Server Start Mode and Java SDK page, select the server start mode and the Java SDK.

    1. Select the desired mode for WebLogic.

    2. Select the Sun SDK.

    3. Click Next.

22. On the Create WebLogic Configuration page, select the configuration directory:

    • Enter the name of your domain in the Configuration Name field.

    • If desired, change the Configuration Location.

    • Review other configuration details. If desired, go back to make any changes.

    • Click Create.

23. On the Creating Configuration page, complete your configuration and start the administrative server.

    • On Windows, click the Start Admin Server check box.

      To start the admin server on UNIX, see "Starting the Administration Server on UNIX".

    • Click Done.

The wizard exits and the server starts and prompts you for the WebLogic user name and password. Enter weblogic for the user name and weblogic for the password if you accepted the default values for user name and password when you created the WebLogic domain. If you created a unique user name and password when you created the WebLogic domain, enter those values.

Starting the Administration Server on UNIX

To start the admin server on a UNIX machine, use the following commands:

cd <BEA_HOME>/user_projects/domains/<domain_name>
sh startWebLogic.sh

The server starts.

Configuring Remote Start Options

To allow the managed servers to be controlled remotely by the administration console, set the server classpath and the memory parameters. Use the WebLogic administration console to configure the server.When you clone the managed server (to add members to your cluster), these settings are copied to the clone. If you install WebLogic in another directory on the new host machine, you must manually edit the remote start settings for the new managed server.To configure the server remote start options:

1. Open the WebLogic administration console by pointing your browser to the following URL:

   http://localhost:7001/console
   
   

2. Click the server name (for example xlManagedServer_1) under <domain name>/Servers.

3. Click the Remote Start tab.

   1. Set the Java Home field to the Sun JDK that is included with WebLogic. For example, if WebLogic is installed on the C drive, you set the Java Home field to C:\bea\jdk142_05

   2. Set the BEA Home field. For example, if WebLogic is installed on the C drive, you set the BEA Home field to C:\bea\

   3. Increase the memory by setting the Arguments field to -Xmx1024m

   4. For deployments on Windows, locate the Class Path field and enter the path to the weblogic.jar, for example:

      c:\bea\weblogic81\server\lib\weblogic.jar; 
      
      

   5. Click Apply to save the setting on the Remote Start tab.

4. Make sure the Node Manager is running on the remote host, for example XLMANAGED_SERVER_HOST_1. If the Node Manager is not running, start it by running the <BEA_HOME>\weblogic81\server\bin\startNodeManager script.

5. Start the server, for example, xlManagedServer_1, from the administration console.

   1. Click <domain>, select Clusters, select xlCluster, then select <xlManagedServer_n> in the navigation bar on the left side of the screen.

   2. Select the Control tab in the main pane.

   3. To start the server, click Start this server.

   
   

   Note: If you have a problem starting the server because of Host Name validation, go to server for both Admin and Managed servers, select Key Stores & SSL under the Configuration tab and change None to Hostname Verification under the Advanced Options and start the server again.

   
   

   The server starts, and its state changes from UNKNOWN to RUNNING.

Installing Oracle Identity Manager

Install Oracle Identity Manager on ADMIN_HOST. See either Chapter 5, "Installing the Oracle Identity Manager Server on Windows" or Chapter 6, "Installing the Oracle Identity Manager Server on UNIX" for more information.

Configuring WebLogic Post-Oracle Identity Manager Installation

After you have installed Oracle Identity Manager, you must further configure WebLogic. Some of the configuration is cluster-specific, and some is the same as you would do for any Oracle Identity Manager system.To perform post-installation configuration of WebLogic:

1. Stop the managed server and administration server.

2. Restart the administration server using xlStartServer.bat for Windows, or xlStartServer.sh for UNIX.

   See Chapter 8, "Starting the Oracle Identity Manager Server" for more information on starting the administration server.

3. Complete the post-installation tasks to configure Oracle Identity Manager for WebLogic, including creating the Xellerate authenticator and setting the control flags to sufficient for both the Default authenticator and Xellerate Authenticator. See "Configuring WebLogic for Oracle Identity Manager" for more information.

4. Copy the complete Oracle Identity Manager directory from ADMIN_HOST to XLMANAGED_SERVER_HOST_1, maintaining the identical directory hierarchy structure.

   If the XLMANAGED_SERVER_HOST_1 is located on the same machine as ADMIN_HOST, you do not need to copy the Oracle Identity Manager directory.

5. Each server in the cluster needs to know the location of the others. See for more information.

   See "Specifying Cluster Members" for more information.

6. If XLMANAGED_SERVER_HOST_1 is a different machine than ADMIN_HOST, copy the following Oracle Identity Manager files to the WebLogic installation directory on the XLMANAGED_SERVER_HOST_1:

   • Copy <XL_HOME>\ext\nexaweb-common.jar to the <BEA_HOME>\weblogic81\server\lib directory

   • copy <XL_HOME>\xellerate\lib\wlXLSecurityProviders.jar to the <BEA_HOME>\weblogic81\server\lib\mbeantypes directory

7. Start the cluster.

Adding New Servers to Your WebLogic Cluster

Once you have set up your cluster, you can add more servers by cloning your first managed server (xlManagedServer1).

Note: If you install WebLogic in a different location on a new managed server host, additional configuration is necessary.

To add a server to your cluster:

1. Install WebLogic on XLMANAGED_SERVER_HOST_n.

   See "Installing WebLogic" for more information.

   
   

   Note: To control the server remotely, you must edit the nodemanager.hosts file.

   
   

2. Configure the Node Manager for xlManagedServer_n.

   See "Configuring a Node Manager for a Managed Server" for more information.

3. Set up the Oracle Identity Manager Server on XLMANAGED_SERVER_HOST_n.

   See "Installing the Oracle Identity Manager Server on New Hosts" for more information.

4. Configure the XLMANAGED_SERVER_HOST_n machine.

   See "Configuring New Host Machines" for more information.

5. Add the new host machine to the list of cluster members.

   See "Specifying Cluster Members" for more information.

6. Configure new JMS servers corresponding to the new cluster member managed servers.

   See "Creating JMS Entries for New Cluster Members" for more information.

Installing the Oracle Identity Manager Server on New Hosts

To install Oracle Identity Manager onto a new host in your WebLogic Cluster:

1. Copy the <XL_HOME> directory, where Oracle Identity Manager is installed in the cluster, to the new host, maintaining the identical directory hierarchy structure.

2. Copy the wlXLSecurityProviders.jar from <XL_HOME>\Xellerate\lib directory into the <BEA_HOME>\weblogic81\server\lib\mbeantypes directory.

3. Copy the <XL_HOME>\ext\nexaweb-common.jar file to the <BEA_HOME>\weblogic81\server\lib\ directory.

Configuring New Host Machines

To configure a new host to your WebLogic Cluster, you must create an entry for the host, clone the server, then set up a JMS server.To add a new host to your WebLogic cluster:

1. Open the WebLogic administration console (http://localhost:7001/console).

2. Click <domain_name>.

3. Using the directory tree on the left pane, click Machines.

4. Click Configure a new Machine.

   • Enter a name for this machine, for example XLMANAGED_SERVER_HOST_2.

   • Click Create.

5. Click the Node Manager tab open it.

   • Enter the Listen Address (IP address) for this machine.

   • Accept the default for the Listen Port.

   • Do not check the Debug Enabled box.

   • Click Apply.

6. Right-click the existing manager server name, for example, xlManagedServer_1, and select Clone <server_name> from the shortcut menu.

   • Enter a name for the new server, for example, xlManagedServer2.

   • Select the host computer from the Machine menu, for example, XLMANAGED_SERVER_HOST_2.

   • Make sure your cluster, for example xlCluster, is selected in the Cluster menu.

   • Scroll down and click Clone.

7. If WebLogic is installed in a different directory than xlManagedServer1, then change the remote start configuration to include the directory location. Remove the -Xmx350m entry from the Arguments field in the Remote Start tab.

8. Go to the host machine and start the node manager.

Creating JMS Entries for New Cluster Members

1. On the Administration Server host, run the setup_wl_server script to configure a new JMS server corresponding to the new managed server and configure the distributed queue.

   To run the setup_wl_server script:

   1. Change directories (cd) to the <XL_HOME>/xellerate/setup directory.

   2. Run setup_wl_server.cmd for Windows and setup_wl_server.sh for UNIX, making sure to append the following parameters:

      <BEA_HOME> <ADMIN_SERVER_HOST> <ADMIN_SERVER_HOST_port> <WEBLOGIC_admin_login> <WEBLOGIC_admin_password> <XLMANAGED_SERVER_HOST_n>
      
      

      The following sub-sections show what the complete command-line string looks like, depending on the operating system of the machine hosting your Oracle Identity Manager server.

      UNIX

      ./setup_wl_server.sh /opt/bea814 t3://192.168.50.172 8001 wladmin wladmin XLMANAGED_SERVER_HOST_2
      
      

      Windows

      setup_wl_server.cmd c:\bea814 t3://192.168.50.172 8001 wladmin wladmin XLMANAGED_SERVER_HOST_2
      
      

   3. Stop all Managed Servers gracefully using the Admin Console and then gracefully stop the Admin Server.

   4. Start the Admin Server by running the <XL_HOME>\xellerate\bin\xlStartServer script.

Specifying Cluster Members

To specify the location of all the cluster members, perform the following steps:

1. Edit the <XL_HOME>\xellerate\config\xlconfig.xml file for each Oracle Identity Manager component. Modify the Discovery section to specify the cluster members. You can accomplish this one of two ways:

   • Specify the cluster address which resolves to multiple machines instead of specifying individual members. This enables you to update the DNS server when adding new members rather than editing the xlconfig.xml file for each Oracle Identity Manager component.

     If you use this approach, the port number has to be same on all the machines.

   • Specify a list of server URLs (including port), for each of the servers in the cluster.

     
     

     Note: If you use this approach, the xlconfig.xml file must be updated each time a server is added to your cluster. You must do this for every Oracle Identity Manager component (server or Design Console) in the cluster.

     
     

     In the Discovery section of the xlconfig.xml file, add the list of hosts to each of the four occurrences of the <java.naming.provider.url> property, for example:

     <Discovery>    <CoreServer><java.naming.provider.url>t3://192.168.50.28:7051,192.168.50.184:7051</java.naming.provider.url><java.naming.factory.initial>weblogic.jndi.WLInitialContextFactory</java.naming.factory.initial>     </CoreServer>        <BackOffice><java.naming.provider.url>t3://192.168.50.28:7051,192.168.50.184:7051</java.naming.provider.url><java.naming.factory.initial>weblogic.jndi.WLInitialContextFactory</java.naming.factory.initial>     </BackOffice>        <Scheduler><java.naming.provider.url>t3://192.168.50.28:7051,192.168.50.184:7051</java.naming.provider.url><java.naming.factory.initial>weblogic.jndi.WLInitialContextFactory</java.naming.factory.initial>      </Scheduler> <!-- For JBoss use ConnectionFactory             (non-clustered and HAILXAConnectionFactory (Clustered) -->  <JMSServer>          <connectionFactory>xlConnectionFactory</connectionFactory><java.naming.provider.url>t3://192.168.50.28:7051,192.168.50.184:7051</java.naming.provider.url><java.naming.factory.initial>weblogic.jndi.WLInitialContextFactory</java.naming.factory.initial>    </JMSServer></Discovery>
     
     

2. Start all cluster members using the Admin Console.

Configuring IIS Proxy Plug-ins

To configure the Microsoft IIS proxy plug-ins:

1. For the web clients to failover properly, either:

   1. Place the load balancer before the WebLogic server cluster and configure it for session affinity.

      or

   2. Configure a WebLogic proxy plug-in into the application server.

2. To configure IIS proxy plug-in, use the iisproxy.dll and iisforward.dll extension and filters.

   Follow the WebLogic documentation to perform this activity:

   1. Use the documentation at:

      http://e-docs.bea.com/wls/docs81/plugins/isapi.html#113486

   2. You will be using Request Forwarding based on a context name xlWebApp and Nexaweb, while deploying the whole application.

      The following is a sample iisproxy.ini file.

      WlForwardPath=/xlWebApp*,/NexaWeb*
      Debug=ON
      WebLogicCluster=192.168.50.28:7051,192.168.50.184:7051
      

Configuring Database-based HTTP Session Failover

The WebLogic cluster is by default, configured to provide memory-to-memory session replication and failover. However, it is possible to use database-based replication.To enable database-based replication:

1. Edit the profile weblogic.profile in <XL_HOME>/Profiles on the application server host, and change the replication mechanism from InMemory to Database.

2. To patch the application, run the patch_weblogic script found in the <XL_HOME>\xellerate\setup directory.

   
   

   Note: The database tables required to hold the sessions must be created manually. Refer to http://e-docs.bea.com/wls/docs60/adminguide/config_web_app.html#jdbc_persistence for more information.

   
   

   It is possible to use other types of failover mechanisms in WebLogic. To use them, change the descriptor template (weblogic.xml) in the <XL_HOME>/DDTemplates/xlWebApp directory, then insert the proper settings for the web application descriptor. After the change, run patch_weblogic to fix the existing application. Be aware, however, that if the DDTemplate is changed (for example, when upgraded), the same changes must be performed to the template again.