This chapter explains how to migrate an Oracle WebLogic Server domain from test to production for Oracle Enterprise Content Management Suite applications.
This chapter includes the following sections:
Section 9.1, "Introduction to Migrating a Domain from Test to Production"
Section 9.3, "Migrating an Oracle IRM Domain from Test to Production"
You can migrate an Oracle Enterprise Content Management Suite application from test to production by using the test Oracle WebLogic Server domain to which the application is deployed as a template to install and reconfigure the domain on the production system. Your test domain might be a test, pilot, or proof of concept (POC) domain configured as a development system.
You can migrate a domain to roll out a template of an Oracle Information Rights Management (Oracle IRM) development domain to separate production domains for different customers, deploy a pilot Oracle IRM service to customers, or migrate a domain from production to a staging environment for upgrade testing.
Before you can migrate a domain, you need to back it up, or pack it. Then you can restore, or unpack. the domain in a different environment.
Note:
Before packing and unpacking an Oracle IRM domain, you need to configure a key store. For more information, see Section 6.1.2, "Configuring a Key Store for Oracle IRM."Some recommendations follow for backing up a domain that includes an Oracle Imaging and Process Management (Oracle I/PM) or Oracle IRM Managed Server.
The following Oracle Information Rights Management data must be backed up and restored.
Configuration files, which are located in the domain home:
MW_HOME/user_projects/domains/domain_name directory (UNIX system) or MW_HOME\user_projects\domains\domain_name (Windows system)
Database repository dependencies:
ORAIRM schema
Back up the domain, the ECM Oracle home, and the database containing the ORAIRM schema. Also, back up the LDAP directory and the key store.
Note:
The database and the key store must be kept synchronized. Back up both from the same point in time.Restore the domain, the ECM Oracle home, and the shared file system, depending on the severity of the failure.
Recover the database containing the ORAIRM schema to the most recent point in time, if needed.
Note:
The database and the key store must be kept synchronized. If you restore one, restore the other to the same point in time.The following Oracle Imaging and Process Management data must be backed up and restored:
Configuration files, which are located in the domain home:
MW_HOME/user_projects/domains/domain_name directory (UNIX system) or MW_HOME\user_projects\domains\domain_name (Windows system)
Database repository dependencies:
Oracle I/PM and Oracle UCM schemas.
Back up the domain, the ECM Oracle home, and the database containing the schemas.
Restore the domain and the ECM Oracle home, depending on the severity of the failure.
Recover the database containing the schemas to the most recent point in time, if needed.
For information about backing up an Oracle Enterprise Content Management Suite domain, see "Backing Up Your Environment" in Oracle Fusion Middleware Administrator's Guide.
To restore an Oracle Enterprise Content Management Suite domain, you can recover the Oracle WebLogic Server domain, the database that includes your metadata repository, and the Oracle Information Rights Management and Oracle Imaging and Process Management applications.
You can recover an Oracle WebLogic Server domain that was corrupted or deleted from the file system.
Caution:
Performing a domain-level recovery can impact other aspects of a running system and all of the configuration changes performed after the backup was taken will be lost.To recover an Oracle WebLogic Server domain:
Stop all relevant processes; that is, stop all processes that are related to the domain.
For example, stop the Administration Server and Managed Servers. To stop the Administration Server, you can use the Oracle WebLogic Server Administration Console, WebLogic Scripting Tool (WLST), or the following script:
DOMAIN_HOME/bin/stopWeblogic.sh username password admin_url
Recover the domain directory from backup:
cd DOMAIN_HOME
(UNIX) tar -xf domain_backup_092909.tar
(Windows) jar xtf domain_backup_092909.jar
Start all relevant processes. That is, start all processes that are related to the domain. For example, start the Administration Server:
DOMAIN_HOME/bin/startWebLogic.sh -Dweblogic.management.username=username -Dweblogic.management.password=password -Dweblogic.system.StoreBootIdentity=true
If your database that contains your metadata repository, including the MDS Repository, is corrupted, you can recover it using RMAN. You can recover the database at the desired level of granularity, either a full recovery or a tablespace recovery.
For best results, recover the database to the most current state, using point-in-time recovery (if the database is configured in Archive Log mode.) This ensures that the latest data is recovered. For example:
rman> restore database; rman> recover database;
For detailed steps, see Oracle Database Backup and Recovery User's Guide, which is available on the Oracle Database Documentation page on Oracle Technology Network at
http://www.oracle.com/technology/documentation/database.html
To recover Oracle Information Rights Management:
Restore the domain, as described in Section 9.2.4.1, "Recovering an Oracle WebLogic Server Domain."
Restore the shared file system.
Restore the database, if necessary, as described in Section 9.2.4.2, "Recovering a Database."
Note:
The database and the key store must be kept synchronized. Back up both from the same point in time.Restore the key store.
To recover Oracle Imaging and Process Management:
Restore the domain, as described in Section 9.2.4.1, "Recovering an Oracle WebLogic Server Domain."
Restore the database containing the Oracle I/PM and Oracle UCM schemas, if necessary, as described in Section 9.2.4.2, "Recovering a Database."
An Oracle WebLogic Server domain that includes an Oracle IRM Managed Server is an Oracle IRM domain. You can migrate Oracle IRM from a development test domain to a production domain. Oracle Fusion Middleware provides the following ways to migrate your Oracle IRM application:
Organizations that host Oracle IRM as a service for customers, where each deployment needs to be completely separated from other deployments, can use templates of an Oracle IRM development domain to configure production domains for the customers. For example, Oracle On Demand might use this approach to rapidly deploy Oracle IRM applications for new customers.
The Oracle WebLogic Server domain that includes the Oracle IRM Managed Server in the source environment would be packed ready for deployment to the target environment. After the migration, the target environment would have a fully configured Oracle IRM Server, only requiring the server, host name, privacy policy URL, database, key store, and SSL certificate to be changed.
After unpacking a template Oracle IRM domain installation, you need to do the following configuration to make that installation machine specific and domain specific:
Oracle WebLogic Server configuration
A number of configuration settings are managed by Oracle WebLogic Server and are alterable using the Administration Console.
Database Connection configuration
Log in to the Administration Console using your administrator account, typically weblogic. Click domain_name, then Services, then JDBC, and then Data Sources. In the list there should be an entry for Oracle IRM. Click this entry. On the next page, click the Connection Pool tab. Depending on where the database is located and what the DBMS type is, the following settings might need to be changed:
Setting Description: Oracle SQL Server
URL, database host, and port details: jdbc:oracle:thin:host:port/sid jdbc:sqlserver://host:port;database=database
Driver Class Name: database specific, oracle.jdbc.OracleDriver com.microsoft.sqlserver.jdbc.SQLServerDriver
Properties: database user name
Password: database password
RCU
This step is based on the assumption that the Oracle IRM schema has been installed on the database using Repository Creation Utility.
SSL
For Oracle IRM, SSL should be enabled so that Oracle IRM Desktop does not show prompts to accept certificates when it contacts the Managed Server. The certificate used must be trusted by Microsoft Internet Explorer on computers running Oracle IRM Desktop.
To set up SSL, follow the standard SSL setup instructions for Oracle WebLogic Server. You can find these instructions on the Configuring SSL page on Oracle Technology Network at
http://download.oracle.com/docs/cd/E15051_01/wls/docs103/secmanage/ssl.html
Oracle IRM Configuration
A number of configurations for an Oracle IRM Managed Server are specific to an installation. These settings are stored in the JMX-managed configuration file irm-config.xml. The settings can be altered using Oracle Enterprise Manager 11g Fusion Middleware Control, WLST commands, or direct edits to the configuration file. Changing these settings with Fusion Middleware Control or WLST requires the Administration Server for the domain to be running.
The Oracle IRM configuration file, irm-config.xml is in the WL_HOME/config/fmwconfig directory.
The Server URL setting is the URL value that is sealed into sealed content and used by Oracle IRM Desktop to request rights, keys, and settings. The value is typically the public-facing URL of the server pointing at the load balancer or Oracle HTTP Server (OHS). The default value is https://irm.example.com/irm_desktop.
This is a mandatory setting and must be specified.
You can use any of the following ways to set the Server URL:
Fusion Middleware Control
The Server URL setting can be altered from the Oracle IRM General Settings page.
WLST
The Server URL setting can be altered using the setIRMServerURL WLST command:
wls:/offline> connect('weblogic','welcome1','t3://adminServerHost:adminServerPort')
wls:/base_domain/serverConfig>
setIRMServerURL('https://acme.example.com/irm_desktop')
For more information about the custom WLST commands for Oracle IRM, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Configuration file
The Server URL can be updated in the classificationUrl element of the configuration file:
<classificationUrl>https://irm.example.com/irm_desktop</classificationUrl>
The Privacy URL setting is a URL to a page hosting the Oracle IRM usage privacy policy for the installation. There is no default value, so typically this setting will not need to be altered after unpacking a domain. The default behavior is to show the built-in privacy page.
You can set Privacy URL in any of the following ways:
Fusion Middleware Control
The Privacy URL setting can be altered from the Oracle IRM General Settings page.
WLST
The Privacy URL setting can be altered using the setIRMPrivacyURL command:
wls:/offline> connect('weblogic','welcome1','t3://adminServerHost:adminServerPort')
wls:/base_domain/serverConfig>
setIRMPrivacyURL('http://acme.example.com/privacy')
For more information about the custom WLST commands for Oracle IRM, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Configuration file
The Privacy URL can be updated in the privacyUrl element:
<privacyUrl>http://acme.example.com/privacy</privacyUrl>
This is an optional setting. Absence of the privacyUrl element means that there is no privacy page configured.
Status Page Redirection
The Status Page Redirection setting is an optional URL to a page hosting alternative Oracle IRM Desktop status pages. There is no default value, so typically this setting will not need to be altered after a domain is unpacked. The default behavior is to use the built-in status pages.
You can set Status Page Redirection in any of the following ways:
Fusion Middleware Control
The status page redirection settings can be altered from the Oracle IRM General settings page.
WLST
The status page redirection settings can be altered using the setIRMStatusPageRedirectTarget command:
wls:/offline> connect('weblogic','welcome1','t3://adminServerHost:adminServerPort')
wls:/base_domain/serverConfig> setIRMStatusPageRedirectTarget('http://acme.example.com/status_pages', 'POST')
For more information about the custom WLST commands for Oracle IRM, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Configuration file
The Status Page Redirection setting can be updated in the statusPageRedirectTarget element:
<statusPageRedirectTarget>
<uri>http://acme.example.com/status_pages</uri>
<method>POST</method>
</statusPageRedirectTarget>
This is an optional setting. Absence of the statusPageRedirectTarget element means that there is no status page redirection configured.
Key store
Each Oracle IRM installation requires access to a key store with installation-specific keys. The unpacked domain may have a key store. If it does this key store must deleted and the passwords details cleared:
Delete the old key store.
The key store file can be found in the domain-home/config/fmwconfig directory. This file is typically called irm.jks. Delete this file if it exists.
Clear the credentials.
The key store passwords are stored in the credential store. If passwords have been set in the template domain; the passwords need to be cleared before you create a new key store. This is done using the following WLST commands:
> connect('weblogic', 'welcome1', 'adminserver:')
> deleteCred('IRM', 'keystore:irm.jks')
> deleteCred('IRM', 'key:irm.jks:oracle.irm.wrap')
Create a new key store.
The instructions used to create the key store after installation can be followed after unpacking a template domain. For more information, see Section 6.1.2, "Configuring a Key Store for Oracle IRM."
Organizations that run a proof of concept or pilot deployment can copy the operational service into a production environment.
In this scenario, you should ensure that the server host name used for the pilot is the host name that is required for the production service. The database and the entire Oracle WebLogic Server domain that includes the Oracle IRM Managed Server can then be backed up from the source (pilot) environment and deployed to the target (production) environment. All pilot content, contexts, and rights will be available after the migration.
A number of steps are required to move a pilot environment into a clustered production environment. The steps include backing up elements of the pilot installation, installing the production installation, and restoring pilot configuration and data.
When moving from a pilot to production system, all sealed content created during the pilot installation can be used as long as the URL sealed into the content does not change.
The domain name and protocol scheme used in the Oracle IRM server URL for the pilot must be the same as for the production system. Failure to do this will result in sealed content created during the pilot installation being unusable with the production system. It is therefore important to choose a domain name before starting the pilot installation; for example, choose something like irm.example.com rather than a machine-specific host name like machine1234.example.com. It is also important to ensure that SSL is used in the pilot system because switching from http in the pilot system to https in the production system would prevent pilot-sealed content from working in a production system.
After the pilot to production installation has been completed, the DNS entries for domain name can be switched from the pilot server to the production system.
A number of elements of the pilot installation will be need to be manually backed up and used after the clustered production environment is installed:
Database
If the production database is different from the pilot database, you should make a backup of the Oracle IRM schema. This backup will be restored into the production database.
Key store
The Oracle IRM key store set up during the pilot installation should be backed up. This is typically called irm.jks. This file is usually located in the domain-home/config/fmwconfig directory. The key store and key passwords set during the pilot installation should also be recorded.
Configuration
The Oracle IRM configuration is stored in the JMX-managed configuration file irm-config.xml. This file can be in the domain-home/config/fmwconfig directory. You should make a copy of this file.
The production installation requires a full installation, apart from the Repository Creation Utility (RCU) database schema creation step.
The RCU schema installation should be skipped. This step should be replaced by a restore of the Oracle IRM schema from the database backup. If the pilot database is being used directly, there is no action to take.
Oracle WebLogic Server should be installed on the production system. Appropriate production-level settings should be selected.
Oracle Enterprise Content Management Suite
Oracle Enterprise Content Management Suite should be installed into the Middleware home for the Oracle WebLogic Server installation. During the configuration template stage, when database details are required, enter the database details of the backup. Appropriate cluster and production configuration settings should be made.
After Oracle Enterprise Content Management Suite is installed, the pilot configuration and key store must be restored. This should be done before starting the Managed Servers. The Administration Server must be running.
The variable domain-home refers to the home directory of the Oracle WebLogic Server domain on which the Oracle IRM Java EE application is deployed. In examples, replace domain-home with the appropriate path.
Restoration of the Oracle IRM Configuration
The pilot configuration file, irm-config.xml, should be copied into the production domain-home/config/fmwconfig directory.
Oracle IRM Key Store Restoration
The pilot key store file (for example, irm.jks) should be copied into the production domain-home/config/fmwconfig directory.
The pilot configuration file may contain pilot specific settings, so the contents of this file should be reviewed. The following settings may require alteration:
The Privacy URL setting is a URL to a page hosting the Oracle IRM usage privacy policy for the installation. There is no default value, so typically this setting will not need to be altered after unpacking a domain. The default behavior is to show the built-in privacy page.
You can set Privacy URL in any of the following ways:
Fusion Middleware Control
The Privacy URL setting can be altered from the Oracle IRM General Settings page.
WLST
The Privacy URL setting can be altered using the setIRMPrivacyURL command:
wls:/offline> connect('weblogic','welcome1','t3://adminServerHost:adminServerPort')
wls:/base_domain/serverConfig>
setIRMPrivacyURL('http://acme.example.com/privacy')
For more information about the custom WLST commands for Oracle IRM, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Configuration file
The Privacy URL can be updated in the privacyUrl element:
<privacyUrl>http://acme.example.com/privacy</privacyUrl>
This is an optional setting. Absence of the privacyUrl element means that there is no privacy page configured.
Status Page Redirection
The Status Page Redirection setting is an optional URL to a page hosting alternative Oracle IRM Desktop status pages. There is no default value, so typically this setting will not need to be altered after a domain is unpacked. The default behavior is to use the built-in status pages.
You can set Status Page Redirection in any of the following ways:
Fusion Middleware Control
The status page redirection settings can be altered from the Oracle IRM General settings page.
WLST
The status page redirection settings can be altered using the setIRMStatusPageRedirectTarget command:
wls:/offline> connect('weblogic','welcome1','t3://adminServerHost:adminServerPort')
wls:/base_domain/serverConfig> setIRMStatusPageRedirectTarget('http://acme.example.com/status_pages', 'POST')
For more information about the custom WLST commands for Oracle IRM, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Configuration file
The Status Page Redirection setting can be updated in the statusPageRedirectTarget element:
<statusPageRedirectTarget>
<uri>http://acme.example.com/status_pages</uri>
<method>POST</method>
</statusPageRedirectTarget>
This is an optional setting. Absence of the statusPageRedirectTarget element means that there is no status page redirection configured.
Key store location
The key store location is stored in this configuration. The path should reflect the location of the restored pilot key store. The suggested location for the key store file is the domain-home/config/fmwconfig directory.
You can set the key store location in any of the following ways
Fusion Middleware Control
The key store path can be set on the Oracle IRM General settings page.
WLST
The key store location can be altered using the setIRMKeyStore command:
wls:/offline> connect('weblogic','welcome1','t3://adminServerHost:adminServerPort')
wls:/base_domain/serverConfig> setIRMKeyStore('JKS',
'${domain.home}/config/fmwconfig/irm.jks')
Configuration file
The key store path and key store type can be updated in the keyStore element.
<keyStore>
<type>JKS</type>
<path>${domain.home}/config/fmwconfig/irm.jks</path>
</keyStore>
Key store passwords
The Oracle IRM Java EE application needs a password for the key store and each key stored in the key store. If the passwords are not specified, the Oracle IRM Java EE application will not be able to retrieve the keys. WLST commands can be used to set the credentials. The next example shows connecting to an Administration Server and setting the key store credentials.
In the following example, the key store is called irm.jks. Replace both occurrences of password with appropriate values for the production system.
> connect("weblogic", "welcome1", "t3://adminServerHost:adminServerPort")
> createCred("IRM", "keystore:irm.jks", "dummy", "password")
> createCred("IRM", "key:irm.jks:oracle.irm.wrap", "dummy", "password")
If the key store and key passwords are to be changed in a production system, use the keytool command-line application to change the passwords prior to setting the passwords using the WLST commands.
Organizations can test a server upgrade in a staging environment before upgrading the production server. They can also use the production-to-test procedure for testing an integration.
The database and the entire Oracle WebLogic Server domain that include the Oracle IRM Managed Server will be backed up from the source (production) environment and deployed to the target (test) environment. The host name (and SSL certificate) will be changed so that production content cannot be accessed via the test server. All production contexts and rights will be available after the migration; but new test content will be required for end-to-end testing.