Skip Headers
Oracle® Exalogic Elastic Cloud Enterprise Deployment Guide for Oracle Identity and Access Management
Release EL X2-2 and EL X3-2

E35832-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

4 Configuring Storage for an Enterprise Deployment

This chapter describes how to prepare the storage for an Oracle Identity Management enterprise deployment.

The file system model described in this guide was chosen for maximum availability, best isolation of components, symmetry in the configuration, and facilitation of backup and disaster recovery. The rest of the guide uses this directory structure and directory terminology. Other directory layouts are possible and supported.

This chapter contains the following topics:

4.1 Overview of Preparing Storage for an Enterprise Deployment

Before you begin preparing the storage for your enterprise deployment on Exalogic, review the following sections:

4.1.1 General Information About the Enterprise Deployment File System

It is important to set up your file system in a way that makes the enterprise deployment easier to understand, configure, and manage. Oracle recommends setting up your files system according to information in this chapter. The terminology defined in this chapter is used in diagrams and procedures throughout the guide.

4.1.2 Specific Information About the Exalogic File System

Each Exalogic machine provides an Sun ZFS Storage 7320 appliance that provides extensive storage capabilities for all the compute nodes on the machine. The instructions in this guide assume you will be using the appliance to deploy the enterprise topology on your Exalogic machine.

This guide assumes you have performed the initial hardware setup and configuration steps, and the Sun ZFS Storage 7320 appliance is running and available for use. For more information, see "Configuring the Sun ZFS Storage 7320 appliance" in the Oracle Exalogic Elastic Cloud Machine Owner's Guide.

4.2 Terminology for Directories and Directory Variables

This section describes the directory variables used throughout this guide for configuring the Exalogic Oracle Identity Management enterprise deployment. You are not required to set these as environment variables. The following directory variables are used to describe the directories installed and configured in this guide:

4.3 Shared Storage Recommendations for Enterprise Deployments

This section contains the following topics:

4.3.1 Shared Storage Recommendations for Binary (Middleware Home) Directories

The following sections describe guidelines for using shared storage for your Oracle Fusion Middleware home directories:

4.3.1.1 About the Binary (Middleware Home) Directories

When you install any Oracle Fusion Middleware product, you install the product binaries into a Middleware home. The binary files installed in the Middleware home are read-only and remain unchanged unless the Middleware home is patched or upgraded to a newer version.

In a typical production environment, the Middleware home files are saved in a separate location from the domain configuration files, which you create using the Oracle Fusion Middleware Configuration Wizard.

The Middleware home for an Oracle Fusion Middleware installation contains the binaries for Oracle WebLogic Server, the Oracle Fusion Middleware infrastructure files, and any Oracle Fusion Middleware product-specific directories.

For more information about the structure and content of an Oracle Fusion Middleware home, see Oracle Fusion Middleware Concepts.

4.3.1.2 About Using Redundant Binary (Middleware Home) Directories

For maximum availability, Oracle recommends using redundant binary installations on shared storage.

In this model, you install two identical Middleware homes for your Oracle Fusion Middleware software on two different shares. You then mount one of the Middleware homes to one set of servers, and the other Middleware home to the remaining servers. Each Middleware home has the same mount point, so the Middleware home always has the same path, regardless of which Middleware home the server is using.

Should one Middleware home become corrupted or unavailable, only half your servers are affected. For additional protection, Oracle recommends that you disk mirror these shares.

If separate shares are not available on shared storage, Oracle recommends simulating separate shares using different directories within the same share and mounting these to the same mount location on the host side. Although this does not guarantee the protection that multiple shares provide, it does allow protection from user deletions and individual file corruption.

4.3.2 Shared Storage Recommendations for Domain Configuration Files

The following sections describe guidelines for using shared storage for the Oracle WebLogic Server domain configuration files you create when you configure your Oracle Fusion Middleware products in an enterprise deployment:

4.3.2.1 About Oracle WebLogic Server Administration and Managed Server Domain Configuration Files

When you configure an Oracle Fusion Middleware product, you create or extend an Oracle WebLogic Server domain. Each Oracle WebLogic Server domain consists of a single Administration Server and one or more managed servers.

For more information about Oracle WebLogic Server domains, see Oracle Fusion Middleware Understanding Domain Configuration for Oracle WebLogic Server.

In an enterprise deployment, it is important to understand that the managed servers in a domain can be configured for active-active high availability. However, the Administration Server must be active-passive, meaning that if the active instance fails, the other instance takes over.

4.3.2.2 Shared Storage Requirements for Administration and Managed Server Domain Configuration Files

Oracle recommends creating two copies of the domain configuration files:

  • One copy is for the Administration Server configuration files.

    This is known as the ASERVER_HOME directory, and you install this directory on shared storage and mount it exclusively to the host that is running the Administration Server.

    In the event of the failure of that host, you can mount the directory on a different host and the Administration Server started on that host.

  • The other copy is for the managed server configuration files.

    This is known as the MSERVER_HOME directory, and it can reside in private or shared storage.

    As a result, the deployment you decide upon should conform to the requirements (if any) of the storage system. Some storage systems offer configuration options to facilitate multiple machines mounting the same shared volume.

    The configuration steps provided for this enterprise deployment topology assume that a local domain directory for each node is used for each managed server.

4.3.3 Shared Storage Recommendations for JMS File Stores and Transaction Logs

JMS file stores and JTA transaction logs must be placed on shared storage in order to ensure that they are available from multiple hosts for recovery in the case of a server failure or migration.

For more information about saving JMS and JTA information in a file store, see "Using the WebLogic Persistent Store" in Oracle Fusion Middleware Configuring Server Environments for Oracle WebLogic Server.

4.4 Directory Variables for an Oracle Identity Management Enterprise Deployment

This section describes the directory variables used throughout this guide for configuring the Oracle Identity Management enterprise deployment. You are not required to set these as environment variables. Table 4-1 lists and describes directory variables used to identify the directories installed and configured in the guide.

Note:

Figure 4-1, Figure 4-2, and Figure 4-3 also depict the directory variables used to identify the directories installed and configured in this guide.

Table 4-1 Directories and Directory Variables

Variable Description

ORACLE_BASE

This environment variable and related directory path refers to the base directory under which all Oracle products are installed.

MW_HOME

This variable and related directory path refers to the location where Oracle Fusion Middleware resides.

Each MW_HOME has a WL_HOME, an ORACLE_COMMON_HOME and one or more ORACLE_HOME directories.

In this guide, this value might be preceded by a product suite abbreviation, for example: IAM_MW_HOME.

WL_HOME

This variable and related directory path contains installed files necessary to host a WebLogic Server.

ORACLE_HOME

This variable points to the location where any Oracle Fusion Middleware product, such as, Oracle SOA Suite, or Oracle Unified Directory is installed and the binaries of that product are being used in a current procedure.

In this guide, this value might be preceded by a product suite abbreviation, such as WEB_ORACLE_HOME and IAM_ORACLE_HOME.

ORACLE_COMMON_HOME

This variable and related directory path refer to the location where the Oracle Fusion Middleware Common Java Required Files (JRF) Libraries and Oracle Fusion Middleware Enterprise Manager Libraries are installed.

Domain Directory

This path refers to the file system location where the Oracle WebLogic domain information (configuration artifacts) is stored. Different WebLogic Servers can use different domain directories even when in the same node as described Section 4.3, "Shared Storage Recommendations for Enterprise Deployments."

ORACLE_INSTANCE

An Oracle instance contains one or more system components, such as Oracle Traffic Director. An Oracle instance directory contains updatable files, such as configuration files, log files, and temporary files.

In this guide, this value might be preceded by a product suite abbreviation, such as WEB_ORACLE_INSTANCE.

JAVA_HOME

This is the location where JDK is installed.

ASERVER_HOME

This is the primary location of the domain configuration where the Administration server is running. It is installed in the ORACLE_BASE directory on shared storage.

MSERVER_HOME

This is a copy of the domain configuration used to start and stop managed servers. It is installed in the ORACLE_BASE directory on the private storage volume or share.


4.5 Recommended Directory Locations for an Identity Management Enterprise Deployment

This section describes the recommended directory structure for an Identity Management enterprise deployment.

Wherever a shared storage location is directly specified, it is implied that shared storage is required for that directory. When using shared storage is optional, the mount specification is qualified with "if using a shared disk." The shared storage locations are examples and can be changed as long as the provided mount points are used. However, Oracle recommends this structure in the shared storage device for consistency and simplicity.

Note:

References to the Web Tier directories and to WEBHOST1 and WEBHOST2 are included here to accommodate the topologies that include installing Oracle Traffic Director on the Exalogic machine.

If you are using remote Oracle HTTP Server instances as your Web tier, then you will be installing the Oracle HTTP Server software and creating the Oracle HTTP Server instances on the private storage for the remote Web Tier host computers, rather than on the Sun ZFS Storage 7320 appliance.

This section includes the following topics:

4.5.1 Shared Storage for Identity Management Enterprise Deployment on Exalogic

In an Identity Management Enterprise Deployment on Exalogic, it is recommended that the shares shown in Table 4-2 be created on shared Storage.

You can mount shared storage either exclusively or shared. If you mount it exclusively, it will be mounted to only one host at a time. (This is typically used for active/passive failover).

When scaling out or scaling up, you can use the shared MW_HOME for additional servers of the same type without performing more software installations.

Table 4-2 Shared Storage Directories

Environment Variable Mount Point Mounted on Hosts Exclusive

MW_HOME

/u01/oracle/products/access

IDMHOST1 IDMHOST2

No

ASERVER_HOME

/u01/oracle/config/

IDMHOST1 IDMHOST2

Yes


Figure 4-1 Shared Storage for an Identity Management Enterprise Deployment

shared storage directory structure
Description of "Figure 4-1 Shared Storage for an Identity Management Enterprise Deployment"

4.5.2 Private Storage for an Enterprise Deployment

Table 4-3 shows the recommended directories to be created on private storage for an enterprise deployment. These directories are not installed on the local disk of the compute node, but instead the mount points are used to point to a specific share on the ZFS file share for each compute node rather than the local physical disk of the compute node.

Table 4-3 Private Storage Directories

Tier Environment Variable Directory Hosts

Web Tier

WEB_MW_HOME

/u02/private/oracle/products/web

WEBHOST1

WEBHOST2

Web Tier

WEB_ORACLE_HOME

/u02/private/oracle/products/web/web

WEBHOST1

WEBHOST2

Web Tier

WEB_ORACLE_INSTANCE

/u02/private/oracle/config/instances/webn

WEBHOST1

WEBHOST2

Directory Tier

OUD_ORACLE_INSTANCE

/u02/private/oracle/config/instances/oudn

IDMHOST1

IDMHOST2

Application Tier

MSERVER_HOME

/u02/private/oracle/config/domains/IDMDomain

IDMHOST1

IDMHOST2


Figure 4-2 Private Storage for Identity Management Enterprise Deployment

private storage directory structure
Description of "Figure 4-2 Private Storage for Identity Management Enterprise Deployment"

While it is recommended that you put ORACLE_INSTANCE directories onto private storage, you can use shared storage.

4.6 Configuring Exalogic Storage for Oracle Identity Management

The following sections describe how to configure the Sun ZFS Storage 7320 appliance for an enterprise deployment:

4.6.1 Summary of the Storage Appliance Directories and Corresponding Mount Points

For the Oracle Identity Management enterprise topology, you install all software products on the Sun ZFS Storage 7320 appliance, which is a standard hardware storage appliance available with every Exalogic machine. No software is installed on the local storage available for each compute node.

To organize the enterprise deployment software on the appliance, you create a new project, called IDM. The shares (/products and /config) are created within this project on the appliance, so you can later mount the shares to each compute node.

To separate the product binaries from the files specific to each compute node, you create a separate share for each compute node. Sub-directories are for the hostnames are created under config and products directories. Each private directory is identified by the logical host name; for example, IDMHOST1 and IDMHOST2.

Figure 4-3 shows the recommended physical directory structure on the Sun ZFS Storage 7320 appliance.

Table 4-4 shows how the shares on the appliance map to the mount points you will create on the compute nodes that host the enterprise deployment software.

Figure 4-3 Physical Structure of the Shares on the Sun ZFS Storage Appliance

physical structure of shares on storage appliance
Description of "Figure 4-3 Physical Structure of the Shares on the Sun ZFS Storage Appliance"

Table 4-4 Mapping the Shares on the Appliance to Mount Points on Each Compute Node

Project Share Mount Point Host Mounted On

IDM

products

/export/IDM/products

IDMHOST1/ IDMHOST2

/u01/oracle/products

IDM

config

/export/IDM/config

IDMHOST1/ IDMHOST2

/u01/oracle/config

IDM

idmhost1config

/export/IDM/idmhost1config

IDMHOST1

/u02/private/oracle/config

IDM

idmhost2config

/export/IDM/idmhost2config

IDMHOST2

/u02/private/oracle/config

IDM

webhost1config

/export/IDM/webhost1config

WEBHOST1

/u02/private/oracle/config

IDM

webhost2config

/export/IDM/webhost2config

WEBHOST2

/u02/private/oracle/config

IDM

webhost1products

/export/IDM/webhost1products

WEBHOST1

/u02/prívate/oracle/products

IDM

webhost2products

/export/IDM/webhost2products

WEBHOST2

/u02/prívate/oracle/products


4.6.2 Prerequisite Storage Appliance Configuration Tasks

The instructions in this guide assume that the Sun ZFS Storage 7320 appliance is already set up and initially configured. Specifically, it is assumed you have reviewed the following sections in the Oracle Exalogic Elastic Cloud Machine Owner's Guide:

4.6.3 Creating the IDM Project Using the Storage Appliance Browser User Interface (BUI)

To configure the appliance for the recommended directory structure, you create a custom project, called IDM, using the Sun ZFS Storage 7320 appliance Browser User Interface (BUI).

After you set up and configure the Sun ZFS Storage 7320 appliance, the appliance has a set of default projects and shares. For more information, see "Default Storage Configuration" in the Oracle Exalogic Elastic Cloud Machine Owner's Guide.

The instructions in this section describe the specific steps for creating a new "IDM" project for the enterprise deployment. For more general information about creating a custom project using the BUI, see "Creating Custom Projects" in the Oracle Exalogic Elastic Cloud Machine Owner's Guide.

To create a new custom project called IDM on the Sun ZFS Storage 7320 appliance:

  1. Direct your browser to the storage system BUI, using either the IP address or host name you assigned to the NET0 port as follows:

    https://ipaddress:215
    

    Or, for example:

    https://elsn01-priv:215
    
  2. Log in to the BUI using the storage administrator's user name (root) and password.

  3. Navigate to the Projects page by clicking on the Shares tab, then the Projects sub-tab.

    The BUI displays the Project Panel.

  4. Click Add next to the Projects title to display the Create Project window.

    Enter Name: IDM

    Click Apply.

  5. Click Edit Entry next to the newly created IDM Project.

  6. Click the General tab on the project page to set project properties.

  7. Add Set Mountpoint to /export/IDM.

  8. For the purposes of the enterprise deployment, you can accept the defaults for the remaining project properties.

    For more information about the properties you can set here, see the "Project Settings" table in the Oracle Exalogic Elastic Cloud Machine Owner's Guide.

  9. Click Apply on the General tab to create the IDM project.

4.6.4 Creating the Shares in the IDM Project Using the BUI

After you have created the IDM project, the next step is to create the required shares within the project.

The instructions in this section describe the specific steps for creating the shares required for an Oracle Identity Management enterprise deployment. For more general information about creating custom shares using the BUI, see "Creating Custom Shares" in the Oracle Exalogic Elastic Cloud Machine Owner's Guide.

Table 4-5 lists the shares required for all the topologies described in this guide. The table also indicates what privileges are required for each share.

Table 4-5 Shares Required on the Sun ZFS Storage 7320 appliance

Share Name Privileges to Assign to User, Group, and Other

products

R and W (Read and Write)

config

R and W (Read and Write)

idmhost1config

R and W (Read and Write)

idmhost2config

R and W (Read and Write)

webhost1config

R and W (Read and Write)

webhost2config

R and W (Read and Write)

webhost1products

R and W (Read and Write)

webhost2products

R and W (Read and Write)


Note:

The products directory can be changed to read only after the configuration is complete if desired.

To create each share, use the following instructions, replacing the name and privileges, as described in Table 4-5 :

  1. Login to the storage system BUI, using the following URL:

    https://ipaddress:215
    

    For example:

    https://elsn01-priv:215
    
  2. Navigate to the Projects page by clicking the Shares tab, and then the Projects sub-tab.

  3. On the Project Panel, click IDM.

  4. Click the plus (+) button next to Filesystems to add a file system.

    The Create Filesystems screen is displayed.

  5. In the Create Filesystems screen, choose IDM from the Project pull-down menu.

  6. In the Name field, enter the name for the share.

    Refer to Table 4-5 for the name of each share.

  7. From the Data migration source pull-down menu, choose None.

  8. Select the Permissions option and set the permissions for each share.

    Refer to Table 4-5 for the permissions to assign each share.

  9. Select the Inherit Mountpoint option.

  10. To enforce UTF-8 encoding for all files and directories in the file system, select the Reject non UTF-8 option.

  11. From the Case sensitivity pull-down menu, select Mixed.

  12. From the Normalization pull-down menu, select None.

  13. Click Apply to create the share.

Repeat the procedure for each share listed in Table 4-5.

4.7 Allowing Local Root Access to Shares

If you want to run commands or traverse directories on the share as the root user, you must add an NFS exception to allow you to do so. You can create exceptions either at the individual, share, or project level.

To keep things simple, in this example you create the exception at the project level.

To create an exception for NFS at the project level:

  1. In the Browser User Interface (BUI), access the Projects user interface by clicking Configuration, STORAGE, Shares, and then Projects.

    The Project Panel appears.

  2. On the Project Panel, click Edit next to the project IDM.

  3. Select the Protocols tab.

  4. Click the + sign next to NFS exceptions.

  5. Select Type: network.

  6. In the Entity field, enter the IP address of the compute node as it appears on the Storage Network (bond0) in CIDR format. For example: 192.168.10.3/19

    192.168.10.3/19
    
  7. Set Access Mode to Read/Write and check Root Access.

  8. Click Apply.

  9. Repeat for each compute node that accesses the ZFS appliance.