20.2 Setting Up a Multi-Data Center

For a successful set-up of a Multi-Data Center with data replication using T2P, the configuration spans two Data Centers with two nodes per Data Center. The nodes are configured in Active/Active Mode.

Install the Java Development Kit (JDK) 1.7.0.60 on all four of the Nodes and set the appropriate environment variables.
Run the Repository Creation Utility (RCU) 11.1.1.9.0 on Data Center 1 and Data Center 2.

This will create and load the appropriate database schemas for Oracle Identity and Access Management products.
Install WebLogic Server 10g (10.3.6) on Data Center 1, Node 1.

This process creates the Middleware Home (<MW_HOME>).
Install the Oracle Identity and Access Management 11g (11.1.2.3.0) software on Data Center 1, Node 1.

Oracle Identity and Access Management contains the Oracle Access Management suite which includes Oracle Access Manager. The default name of this Oracle product home directory after installation is Oracle_IDM1.
Run the Oracle Fusion Middleware Configuration Wizard script to configure Oracle Access Management on Data Center 1, Node 1.

The Wizard script is Oracle_IDM1/common/bin/config.sh script (on Linux or UNIX), or Oracle_IDM1\common\bin\config.cmd (on Windows). Minimally, you will be configuring:
- a new WebLogic domain
- an Oracle Access Management Administration Server
- an Oracle Access Management Managed Server
- Oracle Access Manager
Run the configureSecurityStore.py script on Data Center 1, Node 1 to configure the Database Security Store.
1. <MW_HOME>/oracle_common/common/bin/wlst.sh
2. <MW_HOME>/Oracle_IDM1/common/tools/configureSecurityStore.py -c IAM -d <MW_HOME>/user_projects/domains/OAMDomain -p Oracle123 -m create -v
Modify the following WebLogic scripts on Data Center 1, Node 1.
1. Open startWeblogic.sh and startManagedWeblogic.sh using vi and enter the appropriate value for WLS_USER.
  
  Enter the password when asked; do not hard code it here.
2. Save startWeblogic.sh and startManagedWeblogic.sh.
3. Open setDomainEnv.sh using vi and add the following line:
```
USER_MEM ARGS=“-Xms1024m -Xmx1024m -XX:MaxPermSize=512m"
```
4. Save setDomainEnv.sh.
Create and run a cConfig.sh script in the MDC folder on Data Center 1, Node 1.

The cConfig.sh script concatenates the necessary environment variables and copyConfig.sh into one script. You will need to create the MDC folder to serve as the T2P_HOME.
1. Add the following contents and save as cConfig.sh.
```
export JAVA_HOME=/u01/app/jdk1.7.0_60;
export MW_HOME=/u01/app/Middleware;
export T2P_HOME=/u01/bits/MDC;
export WL_DOMAIN_HOME=$MW_HOME/user_projects/domains/OAMDomain;
```
2. Source cConfig.sh.
```
$<>. cConfig.sh
```
Execute copyBinary.sh on Data Center 1, Node 1.

copyBinary.sh and pasteBinary.sh will be used to avoid a time-consuming installation process on the remaining nodes. When running copyBinary.sh, the Administration and Managed Servers can be running or stopped.
1. Change to the bin directory.
```
cd $MW_HOME/oracle_common/bin/;
```
2. Run the script.
```
./copyBinary.sh -javaHome $JAVA_HOME 
 -archiveLoc $T2P_HOME/oamt2pbin.jar -sourceMWHomeLoc $MW_HOME 
 -idw true -ipl $MW_HOME/oracle_common/oraInst.loc -silent true 
 -ldl $T2P_HOME/oam_cln_log
```
Copy the following files to the MDC folder on Data Center 1, Node 1.
- $T2P_HOME/cConfig.sh (already in the MDC folder)
- $T2P_HOME/oamt2pbin.jar (already in the MDC folder)
- $MW_HOME/oracle_common/bin/pasteBinary.sh
- $MW_HOME/oracle_common/jlib/cloningclient.jar
- $MW_HOME/oracle_common/oraInst.loc
Copy the MDC folder (populated with the five files) to Data Center 1, Node 2, and Data Center 2, Nodes 1 and 2.

Execute pasteBinary.sh on Data Center 1, Node 2.

Source cConfig.sh.
```
$<>. cConfig.sh
```

Run pasteBinary.sh on Data Center 1, Node 2.

$T2P_HOME/pasteBinary.sh -javaHome $JAVA_HOME 
-al $T2P_HOME/oamt2pbin.jar -tmw $MW_HOME -silent true 
-idw true -esp false -ipl $T2P_HOME/oraInst.loc 
-ldl $T2P_HOME/oam_cln_log -silent true

Create a Managed Server JAR on Data Center 1, Node 1 and copy it to Data Center 1, Node 2.

pack.sh is used to create the JAR and is located in the <MW_HOME>/oracle_common/common/bin directory. The pack and unpack (used in the next step) scripts must be executed in the same Data Center only whereas copyConfig and pasteConfig (used later in the procedure) must be executed to the Master node of the other Data Center and then run Pack/UnPack within those data centers.
1. Run pack.sh.
```
./pack.sh -domain=$MW_HOME/user_projects/domains/OAMDomain 
-template=OAMManagedServer.jar -template_name=“OAM Domain" -managed=true
```
2. Copy OAMManagedServer.jar to the MW_HOME/oracle_common/common/bin directory on Data Center 1, Node 2.
Unpack the Managed Server JAR on Data Center 1, Node 2 using unpack.sh.

The JAR is used as a template to create the OAMDomain Domain Structure on Data Center 1, Node 2.
1. mkdir -p $MW_HOME/user_projects/domains/OAMDomain
2. cd <MW_HOME>/oracle_common/common/bin
3. ./unpack.sh -domain=$MW_HOME/user_projects/domains/OAMDomain -template=OAMManagedServer.jar
Modify the following WebLogic scripts on Data Center 1, Node 2.
1. Open startManagedWeblogic.sh using vi and enter the appropriate values for WLS_USER and WLS_PW.
2. Save startWeblogic.sh and startManagedWeblogic.sh.
3. Open setDomainEnv.sh using vi and add the following line:
```
USER_MEM ARGS=“-Xms1024m -Xmx1024m -XX:MaxPermSize=512m"
```
4. Save setDomainEnv.sh.
At this point in the sequence, the Data Center 1 cluster and its two nodes are configured and ready for Multi-Data Center configurations. Start the Administration Server and the oam_server1 and oam_server2 Managed Servers. Disable the SSL port number 14101.
Enable Multi-Data Center mode on Data Center 1, Node 1.
1. cd $T2P_HOME/MDC
2. Create OAMMDC.properties on Data Center 1, Node 1 using vi.
  
  Add the following lines to OAMMDC.properties and save.
```
SessionMustBeAnchoredToDataCenterServicingUser=false
SessionDataRetrievalOnDemand=true
Reauthenticate=false
SessionDataRetrievalOnDemandMax_retry_attempts=3
SessionDataRetrievalOnDemandMax_conn_wait_time=80
SessionContinuationOnSyncFailure=true
MDCGitoCookieDomain=.customerpoc.com
```
3. Change to the ../Oracle_IDM1/common/bin directory and run WLST.
4. ./wlst.sh
5. connect()
6. domainRuntime()
7. enableMultiDataCentreMode(propfile=“../OAMMDC.properties")
8. setMultiDataCentreClusterName(clusterName="<string_value>")
9. setMultiDataCenterWrite(WriteEnabledFlag="true")
10. validateMDCConfig()
11. exit()
Create oamt2pconfig.jar on Data Center 1, Node 1 and copy it to Data Center 2, Node 1.

copyConfig.sh is located in $MW_HOME/oracle_common/bin/ and must be executed on the Master node. To run copyConfig.sh, the Administration and Managed Servers should be up and running.
1. Source cConfig.sh.
```
$<>. cConfig.sh
```
2. Create $T2P_HOME/t2p_domain_pass.txt using vi.
  
  Add a password value for use with copyConfig.sh; for example, Oracle123 (without quotes).
3. ./copyConfig.sh -javaHome $JAVA_HOME -archiveLoc $T2P_HOME/oamt2pConfig.jar -sourceDomainLoc $WL_DOMAIN_HOME -sourceMWHomeLoc $MW_HOME -domainHostName oam1-dc1.customerpoc.com -domainPortNum 7001 -domainAdminUserName weblogic -domainAdminPassword $T2P_HOME/t2p_domain_pass.txt -silent true -ldl $T2P_HOME/oam_cln_log_config -opssDataExport true -debug true
4. Copy oamt2pconfig.jar to the Data Center 2, Node 1.
Execute pasteBinary.sh on Data Center 2, Node 1.
1. Source cConfig.sh.
```
$<>. cConfig.sh
```
2. Run:
  
  $T2P_HOME/pasteBinary.sh -javaHome $JAVA_HOME -al $T2__HOME/oamt2pbin.jar -tmw $MW_HOME -silent true -idw true -esp false -ipl $T2P_HOME/oraInst.loc -ldl $T2P_HOME/oam_cln_log -silent true
Execute pasteBinary.sh on Data Center 2, Node 2.
1. Source cConfig.sh.
```
$<>. cConfig.sh
```
2. Run:
  
  $T2P_HOME/pasteBinary.sh -javaHome $JAVA_HOME -al $T2__HOME/oamt2pbin.jar -tmw $MW_HOME -silent true -idw true -esp false -ipl $T2P_HOME/oraInst.loc -ldl $T2P_HOME/oam_cln_log -silent true
Execute extractmovePlan.sh on Data Center 2, Node 1.
1. mkdir $T2P_HOME/moveplan
2. cd $MW_HOME/oracle_common/bin/
3. Source cConfig.sh.
```
$<>. cConfig.sh
```
4. ./extractMovePlan.sh -javaHome $JAVA_HOME -al $T2P_HOME/oamt2pConfig.jar -planDirLoc $T2P_HOME/moveplan/
5. Backup the moveplan and then make the following modifications using vi.
```
Search and Replace the hostnames

:1,$s/oam1-dc1/oam1-dc2/g
:1,$s/oam2-dc1/oam2-dc2/g

Search and replace datasource names

:1,$s/DC1/DC2/g

Search for the two instances of "Password File" and add the previously created t2p_domain_pass.txt Password File location as a <value>.

<value>/u01/bits/final/MDC/t2p_domain_pass.txt</value>
```
6. Create $T2P_HOME/t2p_pass.txt with a password value you want.
  
  This file is used to create new components on the target environment with the associated password. The moveplan has a reference to it so that when the components are created the password will be assigned.
Execute pasteConfig.sh on Data Center 2, Node 1.

The same JDK used on the source must be used on the target.

$MW_HOME/oracle_common/bin/pasteConfig.sh -javaHome $JAVA_HOME -archiveLoc $T2P_HOME/oamt2pConfig.jar -targetMWHomeLoc $MW_HOME -targetDomainLoc $WL_DOMAIN_HOME -movePlanLoc $T2P_HOME/moveplan/moveplan.xml -domainAdminPassword $T2P_HOME/t2p_domain_pass.txt -ldl $T2P_HOME/oam_cln_log -silent true

Note:

Comment out all keystore <> tags in the moveplan if there is an issue.
Modify the following WebLogic scripts on Data Center 2, Node 1.
1. Open startWeblogic.sh and startManagedWeblogic.sh using vi and enter the appropriate values for WLS_USER and WLS_PW.
2. Save startWeblogic.sh and startManagedWeblogic.sh.
3. Open setDomainEnv.sh using vi and add the following line:
```
USER_MEM ARGS=“-Xms1024m -Xmx1024m -XX:MaxPermSize=512m"
```
4. Save setDomainEnv.sh.
Create a Managed Server JAR on Data Center 2, Node 1 and copy it to Data Center 2, Node 2.

pack.sh is used to create the JAR and is located in the <MW_HOME>/oracle_common/common/bin directory. The pack and unpack (used in the next step) scripts must be executed in the same Data Center only.
1. Run pack.sh.
```
./pack.sh -domain=$MW_HOME/user_projects/domains/OAMDomain 
-template=OAMManagedServer.jar -template_name=“OAM Domain" -managed=true
```
2. Copy OAMManagedServer.jar to the <MW_HOME>/oracle_common/common/bin directory on Data Center 2, Node 2.
Unpack the Managed Server JAR on Data Center 2, Node 2 using unpack.sh.

The JAR will be used as a template to create the OAMDomain Domain Structure on Data Center 2, Node 2.
1. mkdir -p $MW_HOME/user_projects/domains/OAMDomain
2. cd <MW_HOME>/oracle_common/common/bin
3. ./unpack.sh -domain=$MW_HOME/user_projects/domains/OAMDomain -template=OAMManagedServer.jar
Modify the following WebLogic scripts on Data Center 2, Node 2.
1. Open startManagedWeblogic.sh using vi and enter the appropriate values for WLS_USER and WLS_PW.
2. Save startWeblogic.sh and startManagedWeblogic.sh.
3. Open setDomainEnv.sh using vi and add the following line:
```
USER_MEM ARGS=“-Xms1024m -Xmx1024m -XX:MaxPermSize=512m"
```
4. Save setDomainEnv.sh.
At this point in the sequence, the Data Center 2 cluster and its two nodes are configured and ready for Multi-Data Center configurations. Start the Administration Server and the oam_server1 and oam_server2 Managed Servers. Disable the SSL port number 14101.
Enable Multi-Data Center mode on Data Center 2, Node 1.
1. Restart the Administration Server on Data Center 2, Node 1.
2. Change to the ../Oracle_IDM1/common/bin directory and run WLST.
3. ./wlst.sh
4. connect()
5. domainRuntime()
6. enableMultiDataCentreMode(propfile=“//OAMMDC.properties")
7. setMultiDataCentreClusterName(clusterName="<string_value>")
8. setMultiDataCenterWrite(WriteEnabledFlag="true")
9. exit()
Create two WebGate agents using the Oracle Access Management Console on Data Center 1, Node 1 only.
- Name the agents MDC-DC1 and MDC-DC2
- Check AccessClientPassword and AllowManagementOperations
- Be sure the Primary Server List has Access Server listed as “Other" - ideally it will have global load balancer/LTM entries rather than the local hosts entries.

Create the MDCPartner-DC1 and MDCPartner-DC2 property files using vi

Create these files on both Data Center 1, Node 1 and Data Center 2, Node 1 with the following data.

vi MDCPartner-DC1.properties

remoteDataCentreClusterId=FINALDC1
oamMdcAgentId=MDC-DC1
PrimaryHostPort=oam1-dc1.poc.com:5575
SecondaryHostPort
AccessClientPasswd
oamMdcSecurityMode=Open
agentVersion=11g
trustStorePath
keyStorePath
globalPassPhrase
keystorePassword
RESTEndpoint=http://oam1-dc1.poc.com:7001

vi MDCPartner-DC2.properties

remoteDataCentreClusterId=FINALDC2
oamMdcAgentId=MDC-DC2
PrimaryHostPort=oam1-dc2.poc.com:5575
SecondaryHostPort
AccessClientPasswd
oamMdcSecurityMode=Open
agentVersion=11g
trustStorePath
keyStorePath
globalPassPhrase
keystorePassword
RESTEndpoint=http://oam1-dc2.poc.com:7001

Register the partners on Data Center 1, Node 1 using wlst.sh.
1. Change to the ../Oracle_IDM1/common/bin directory and run WLST.
2. ./wlst.sh
3. connect()
4. domainRuntime()
5. addPartnerForMultiDataCentre(propfile=“../MDCPartner-DC1.properties")
6. addPartnerForMultiDataCentre(propfile=“../MDCPartner-DC2.properties")
7. setMultiDataCenterType(DataCenterType=“Master")
8. exit()
Register the partners on Data Center 2, Node 1 using wlst.sh.
1. Change to the ../Oracle_IDM1/common/bin directory and run WLST.
2. ./wlst.sh
3. connect()
4. domainRuntime()
5. addPartnerForMultiDataCentre(propfile=“../MDCPartner-DC1.properties")
6. addPartnerForMultiDataCentre(propfile=“../MDCPartner-DC2.properties")
7. setMultiDataCenterType(DataCenterType=“Clone")
8. exit()
Export the partner and policy information from Data Center 1, Node 1 and then import it to Data Center 2, Node 1.
1. Change to the ../Oracle_IDM1/common/bin directory and run WLST to export from Data Center 1, Node 1.
2. ./wlst.sh
3. connect()
4. exportAccessStore(toFile=”<name and location of ZIP file>”, namePath=”/”)
5. exit()
6. Copy the binary file (that is, <name and location of ZIP file>) to Data Center 2, Node 1.
7. Change to the ../Oracle_IDM1/common/bin directory and run WLST to import on Data Center 2, Node 1.
8. ./wlst.sh
9. connect()
10. importAccessStore(fromFile=”<name and location of ZIP file>”, namePath=”/”)
11. exit()