6 Secondary Datasource Reporting

You can configure Oracle Identity Manager to use one database for current transactional data and a secondary database for historical data. The secondary database eases the load on the transactional database.

You can use different data sources for the secondary database. The following sections describe how to configure Oracle Identity Manager and your application server to use a secondary data source.

This chapter discusses the following topics:

• Writing User Profile Audits to a Secondary Datasource

• Steps to Set Up a Secondary Data Source

• Using JBoss Application Server with a Secondary Data Source

• Using BEA WebLogic Server with a Secondary Data Source

• Using IBM WebSphere Application Server with a Secondary Data Source

• Using Oracle Application Server with a Secondary Data Source

Writing User Profile Audits to a Secondary Datasource

User profile audit data can increase in size quickly. Oracle recommends that you use a secondary database to store this information. The following system property enables reading and writing to this database directly:

XL.UserProfileAuditInSecondaryDS.

By default, the XL.UserProfileAuditInSecondaryDS property is set to false. If this property is set to true, the system reads and writes all user profile data directly to and from the secondary database.

If you configure a secondary database, all historical reports are automatically configured to run against it.

The user profile audit interacts directly with the secondary database. You must replicate other tables from the transactional database because the report needs them for access control and filtering of the report. You can disable these tables and constraints for ease of data backup, restore, or replication.

Table 6-1 lists the tables and constraints.

Table 6-1 Tables and Constraints Used in Historical Reports

Table Name	Foreign Key Constraint Name	Referenced Table Name	Referenced Column Name
AAD	FK_AAD_FK_AAD_AC_ACT	ACT	ACT_KEY
	FK_AAD_FK_AAD_UG_UGP	UGP	UGP_KEY
ACT	FK_ACT_ACT	ACT	PARENT_KEY
	FK_ACT_SRP	SRP	SRP_KEY
GPG	FK_GPG_UGP	UGP	UGP_KEY
	FK_GPG_UGP_KEY_UGP	UGP	GPG_UGP_KEY
OUG	FK_OUG_OBJ	OBJ	OBJ_KEY
	FK_OUG_UGP	UGP	UGP_KEY
POL
PTY
REQ	FK_REQ_ORC	ORC	ORC_KEY
	FK_REQ_OST	OST	OST_KEY
	FK_REQ_USR	USR	USR_KEY
UGP
USG	FK_USG_RUL	RUL	RUL_KEY
	FK_USG_UGP	UGP	UGP_KEY
	FK_USG_USR	USR	USR_KEY
USR	FK_USR_ACT	ACT	ACT_KEY
OSI	FK_OSI_ACT	ACT	ACT_KEY
	FK_OSI_ASSIGNED_TO_USR	USR	USR_KEY
	FK_OSI_MIL	MIL	MIL_KEY
	FK_OSI_ORC	ORC	ORC_KEY
	FK_OSI_ORD	ORD	ORD_KEY
	FK_OSI_PKG	PKG	PKG_KEY
	FK_OSI_REQ	REQ	REQ_KEY
	FK_OSI_RSC	RSC	RSC_KEY
	FK_OSI_SCH	SCH	SCH_KEY
	FK_OSI_SCH_OSI_RECOVERY_FOR	SCH	SCH_KEY
	FK_OSI_SCH_OSI_RETRY_FOR	SCH	SCH_KEY
	FK_OSI_TLG	TLG	TLG_KEY
	FK_OSI_TOS	TOS	TOS_KEY
	FK_OSI_TO_UGP	UGP	UGP_KEY
	FK_OSI_TO_USR	USR	USR_KEY
OST	FK_OST_OBJ	OBJ	OBJ_KEY
OBI	FK_OBI_OBJ	OBJ	OBJ_KEY
	FK_OBI_ORC	ORC	ORC_KEY
	FK_OBI_QUE	QUE	QUE_KEY
	FK_OBI_REQ	REQ	REQ_KEY
	FK_OBI_USR	USR	USR_KEY
OBJ	FK_OBJ_SDK	SDK	SDK_KEY
OBA	FK_OBA_OBJ	OBJ	OBJ_KEY
	FK_OBA_UGP	UGP	UGP_KEY
RCE	FK_RCE_ACT	ACT	ACT_KEY
	FK_RCE_ADMIN_UGP	UGP	UGP_KEY
	FK_RCE_ADMIN_USR	USR	USR_KEY
	FK_RCE_OBJ	OBJ	OBJ_KEY
	FK_RCE_ORC	ORC	ORC_KEY
	FK_RCE_USR	USR	USR_KEY
MIL	FK_MIL_DEFAULT_ASSIGNEE_USR	USR	USR_KEY
	FK_MIL_EVT	EVT	EVT_KEY
	FK_MIL_TOS	TOS	TOS_KEY
RCX
ORC	FK_ORC_ACT	ACT	ACT_KEY
	FK_ORC_ORC_PARENT_KEY	ORC	ORC_KEY
	FK_ORC_ORD	ORD	ORD_KEY
	FK_ORC_PKG	PKG	PKG_KEY
	FK_ORC_PKH	PKH	PKH_KEY
	FK_ORC_REQ	REQ	REQ_KEY
	FK_ORC_TOS	TOS	TOS_KEY
	FK_ORC_USR	USR	USR_KEY
OIU	FK_OIU_LAST_ATTESTED_USR	USR	USR_KEY
	FK_OIU_OBI	OBI	OBI_KEY
	FK_OIU_ORC	ORC	ORC_KEY
	FK_OIU_OST	OST	OST_KEY
	FK_OIU_POL	POL	POL_KEY
	FK_OIU_REQ	REQ	REQ_KEY
	FK_OIU_USR	USR	USR_KEY
OSH	FK_OSH_BY_USR	USR	USR_KEY
	FK_OSH_SCH	SCH	SCH_KEY
	FK_OSH_STA	STA	STA_KEY
	FK_OSH_TO_UGP	UGP	UGP_KEY
	FK_OSH_TO_USR	USR	USR_KEY
SCH
RQU	FK_RQU_REQ	REQ	REQ_KEY
	FK_RQU_USR	USR	USR_KEY
RQO	FK_RQO_OBI	OBI	OBI_KEY
	FK_RQO_OBJ	OBJ	OBJ_KEY
	FK_RQO_POL	POL	POL_KEY
	FK_RQO_REQ	REQ	REQ_KEY
STA

Steps to Set Up a Secondary Data Source

To set up a secondary database:

1. Create the secondary database.

   You can back up and restore the transactional database under a different database name, or you can replicate the transactional database.

2. Set up the application server to use the secondary database.

   See the following sections for details.

3. Set the system property XL.UserProfileAuditInSecondaryDS to True.

   This stores user profile audit data in the secondary database.

4. Configure daily replication of the data so that the tables in the secondary database listed in Table 6-1 are updated from the primary database. After the secondary database is functional, do not replicate the entire primary database in the secondary database or any audit data that has been stored in the secondary database will be deleted.

   Or, set up either a full restore or replication.

5. Ensure that all stored procedures are replicated correctly in the secondary database.

6. Define a connection URL as follows:

   • For Oracle Database:

     jdbc:oracle:thin:@IP of database:SID

   • For Microsoft SQL Server:

     Note:

     Microsoft SQL Server is not supported in Oracle Identity Manager release 9.1.0. See ÒCertified ComponentsÓ in Oracle Identity Manager Release Notes for information about certified components.

     jdbc:Microsoft:sqlserver://IP of database:Port;DatabaseName=SID;SelectMethod=Cursor

Using JBoss Application Server with a Secondary Data Source

Note:

Microsoft SQL Server is not supported in Oracle Identity Manager release 9.1.0. See ÒCertified ComponentsÓ in Oracle Identity Manager Release Notes for information about certified components.

To create a new data source on JBoss Application Server, a new file called xlreportds-service.xml is created by the setup in the deployment directory. This file creates an alias to the transactional database by using the java:jdbc/xlXAReportingDS setting.

To point to a secondary database on JBoss Application Server:

1. Open the xell-ds.xml file in an editor.

2. Add the following to xell-ds.xml as a second xa-datasource tag for the Oracle database:

   <xa-datasource>
   <jndi-name>jdbc/xlXAReportingDS</jndi-name>
   <track-connection-by-tx>true</track-connection-by-tx>
   <isSameRM-override-value>false</isSameRM-override-value>
   <xa-datasource-class>oracle.jdbc.xa.client.OracleXADataSource </xa-datasource-
   class>
   <xa-datasource-property name="URL">jdbc:oracle:thin:@<IP of database system>:
   1521:XELL </xa-datasource-property> 
   <xa-datasource-property name="User">sysadm</xa-datasource-property> 
   <xa-datasource-property name="Password">sysadm</xa-datasource-property> 
   <exception-sorter-class-name> org.jboss.resource.adapter.jdbc.vendor.
   OracleExceptionSorter </exception-sorter-class-name> 
   <no-tx-separate-pools/> 
   <valid-connection-checker-class-name> org.jboss.resource.adapter.jdbc.vendor.
   OracleValidConnectionChecker </valid-connection-checker-class-name> 
   </xa-datasource>
   

   For Microsoft SQL Server, the secondary database tag is as follows:

   <xa-datasource>
       <jndi-name>jdbc/xlXADS</jndi-name>
       <track-connection-by-tx>true</track-connection-by-tx>
       <xa-datasource-class>
         com.microsoft.jdbcx.sqlserver.SQLServerDataSource</xa-datasource-class>
       <xa-datasource-property name="ServerName"><IP of database system>      </xa-datasource-property>
       <xa-datasource-property name="DatabaseName">XELL</xa-datasource-property>
       <xa-datasource-property name="SelectMethod">cursor</xa-datasource-property>
       <xa-datasource-property name="PortNumber">1433</xa-datasource-property>
       <user-name>sysadm</user-name>
       <password>sysadm</password>
       <check-valid-connection-sql>
         select 1 from USR where 1=2
       </check-valid-connection-sql>
     </xa-datasource>
   

   The class names for Oracle Database and Microsoft SQL Server vary as indicated:

   • Oracle:

     oracle.jdbc.xa.client.OracleXADataSource

   • Microsoft SQL Server:

     com.microsoft.jdbcx.sqlserver.SQLServerDataSource

3. Change the database name, user name, and password to connect to the database you set up as the secondary database.

4. Delete the xlreportds-service.xml file.

5. Restart the JBoss server.

Note:

Do not add the xa-datasource block in this section or point the jdbc/xlXAReportingDS to the transactional database because it causes errors. To point to the same transactional database, keep the xlreportds-service.xml file as is.

Cluster Configuration for JBoss Application Server

Note:

JBoss Application Server clustered environments are not supported in Oracle Identity Manager release 9.1.0. See ÒCertified ComponentsÓ in Oracle Identity Manager Release Notes for information about certified components.

In a standalone setup, the xell-ds.xml and xlreportds-service.xml files are in the JBOSS_HOME/server/default/deploy/ directory.

In a clustered setup, the xell-ds.xml file is in the JBOSS_HOME/server/all/farm/ directory, and xlreportds-service.xml in the JBOSS_HOME/server/all/deploy/ directory.

To configure a cluster for JBoss Application Server:

1. Copy the changes to the xell-ds.xml file to all computers in the cluster.

2. Restart the JBoss servers on all computers in the cluster.

Using BEA WebLogic Server with a Secondary Data Source

Before changing the data source that Oracle Identity Manager uses for reporting, create a new data source in BEA WebLogic Server. Follow the BEA WebLogic Server manuals to set up a new data source.

To configure BEA WebLogic Server with a secondary data source by using the Oracle database:

1. Log in to the WebLogic administrative console.

2. Navigate to JDBC Connection Pools

3. Create a Connection Pool with the following credentials:

   • Name: xlXAReportConnectionPool

   • URL: jdbc:oracle:thin:@database_IP_address:port_no:SID

   • Class Name: oracle.jdbc.xa.client.OracleXADataSource

   • Username: secondary_database_user_name

   • Password: secondary_database_password

4. Create a secondary data source and deploy it on the server.

   Navigate to JDBC Data Sources on the WebLogic administrative console and create a data source with the following credentials:

   • JNDI name: jdbc/xlXAReportingDS

   • Pool Name: xlXAReportConnectionPool

5. Edit the weblogic.profile file in the OIM_HOME/xellerate/Profiles/ directory to point to the new data source.

   Add the JNDI name to weblogic.profile as follows:

   datasource.report=jdbc/xlXAReportingDS

6. Run the patch command (patch_weblogic) for the changes to take effect.

Cluster Configuration for BEA WebLogic Server

To configure a cluster for BEA WebLogic Server, you must deploy the secondary data source on all members of the cluster.

Using IBM WebSphere Application Server with a Secondary Data Source

Before changing the data source used by Oracle Identity Manager for reporting, you must create a new data source in IBM WebSphere Application Server. See the IBM WebSphere Application Server manuals for information about setting up a new data source.

To configure IBM WebSphere Application Server with a secondary data source by using the Oracle database:

1. Log in to the WebSphere administrator console.

2. Create a new data source with the following details:

   • Name: XAReportingDataSource

   • JNDI name: jdbc/xlXAReportingDS

3. Define the connection URL as follows:

   jdbc:oracle:thin:@IP_of_database:port_number:SID

   For example: jdbc:oracle:thin:@192.168.161.134:1521:xeltest

4. Use the following J2C authentication data values:

   • Alias: secondary_user_alias

   • User: secondary_user

   • Password: secondary_user_password

   • Description: Descriptive_text_for_the_data

5. Select the component-managed authentication aliases for XAReportingDatasource with the following values:

   • Component-managed authentication alias: J2C_Authentication_Data Entries

   • Container-managed authentication alias: J2C_Authentication_Data Entries

6. Save and synchronize changes among all nodes.

7. Open the websphere.profile file, and add the JNDI information that points to the new data source in the OIM_HOME/xellerate/Profiles/ directory.

   Comment out the existing data source entry for xlXADS and add the information for xlXAReportingDS as follows:

   # Reporting data source
   #datasource.report=jdbc/xlXADS
    datasource.report=jdbc/xlXAReportingDS
   

8. Set the following Java Client System property to true:

   XL.UserProfileAuditInSecondaryDS=True
   

9. Run patch_websphere.cmd or patch_websphere.sh as applicable from the OIM_HOME/xellerate/setup directory.

Cluster Configuration for IBM WebSphere Application Server

To configure a cluster for IBM WebSphere Application Server:

1. Modify each websphere.profile file on all nodes participating in the cluster.

2. Run the patch_websphere.cmd or patch_websphere.sh as applicable from the OIM_HOME/xellerate/setup directory from the network deployment manager (NDM) node.

3. Stop and restart all nodes and servers.

Using Oracle Application Server with a Secondary Data Source

Before changing the data source used by Oracle Identity Manager for reporting, you must create a new data source in Oracle Application Server.

To configure Oracle Application Server with a secondary data source by using the Oracle database:

1. Log in to the Oracle Enterprise Manager 10g Application Server Console for the Oracle Application Server instance.

2. Click the Oracle Application Server instance on which Oracle Identity Manager is deployed.

   The Administration tab displays the list of administration tasks you can perform on the selected Oracle Application Server instance.

3. Expand the Services section of the table by either clicking the expand icon or clicking Expand All.

4. In the JDBC Resources row, click the task icon.

5. To create a connection pool, in the Connection Pools section, click Create and then select the following values for the Application and Connection Pool Type parameters:

   • Application: default

   • Connection Pool Type: New Connection Pool

6. Click Continue.

7. For the following parameters, enter (or change to) the specified values:

   • Name: xlXAReportingConnectionPool

   • Connection Factory Class: oracle.jdbc.xa.client.OracleXADataSource

   • JDBC URL: jdbc:oracle:thin:@IP_of_database:port_number:SID

     For example: jdbc:oracle:thin:@127.0.0.1:1521:xeltest

   • Username: Enter the secondary database user name.

   • Use Cleartext Password: Enter the secondary database password.

   See Also:

   Oracle Application Server documentation for information about using the Indirect Password feature

   Alternatively, to view information about this feature, click the i icon displayed next to the Use Indirect Password field in the Credentials section of the same tab.

8. On the Attributes tab, enter the values specified for xlXAConnectionPool. To view those values:

   1. Log in to another instance of the Oracle Enterprise Manager 10g Application Server Console for the Oracle Application Server instance.

   2. Click the Oracle Application Server instance on which Oracle Identity Manager is deployed.

   3. On the Administration tab, expand the Services section of the table.

   4. In the JDBC Resources row, click the task icon.

   5. Click xlXAConnectionPool.

      The values that you must copy are displayed on the Attributes tab.

9. Click Finish.

10. In the Data Sources section, click Create to create a datasource with the following parameters:

    • Application: default

    • Datasource Type: Managed Data Source

11. Click Continue.

12. For the following parameters, enter (or change to) the specified values:

    • Name: xlXAReportingDS

    • JNDI Location: jdbc/xlXAReportingDS

    • Transaction Level: Global & Local transaction

    • Connection Pool: xlXAReportingConnectionPool

13. Click Finish.

14. Open the oc4j.profile file, and add the JNDI information that points to the new data source in the OIM_HOME/Profiles/ directory. Comment out the existing data source entry for xlXADS and add the information for xlXAReportingDS as follows:

    # Reporting data source
    #datasource.report=jdbc/xlXADS
    datasource.report=jdbc/xlXAReportingDS
    

15. Based on the operating system on which Oracle Identity Manager is installed, run one of the following scripts:

    For UNIX:

    patch_oc4j.sh oc4j_admin_password oim_db_user_password

    For Microsoft Windows:

    patch_oc4j.cmd oc4j_admin_password oim_db_user_password

16. Restart Oracle Application Server.

Cluster Configuration for Oracle Application Server

To configure a cluster for Oracle Application Server:

1. Perform steps 2 through 13 of the procedure to configure Oracle Application Server with a secondary data source in all the Oracle Application Server instances on which Oracle Identity Manager is installed.

2. Modify each OIM_HOME/profiles/oc4j.profile file on all cluster members participating in the cluster.

3. Based on the operating system on which Oracle Identity Manager is installed, run patch_oc4j.sh or patch_oc4j.cmd on all cluster members participating in the cluster.

4. Stop and restart all cluster members.