Parent topic: Preparing for an Enterprise Deployment
This section explains how to configure the hardware load balancer for an enterprise deployment.
The following topics explain how to configure the hardware load balancer, provide the summary of the virtual servers required, and provide additional instructions for these virtual servers.
As shown in the topology diagrams, you must configure the hardware load balancer to recognize and route requests to several virtual servers and associated ports for different types of network traffic and monitoring.
In the context of a load-balancing device, a virtual server is a construct that allows multiple physical servers to appear as one for load-balancing purposes. It is typically represented by an IP address and a service, and it is used to distribute incoming client requests to the servers in the server pool.
The virtual servers should be configured to direct traffic to the appropriate host computers and ports for the various services available in the enterprise deployment.
In addition, you should configure the load balancer to monitor the host computers and ports for availability so that the traffic to a particular server is stopped as soon as possible when a service is down. This ensures that incoming traffic on a given virtual host is not directed to an unavailable service in the other tiers.
Note that after you configure the load balancer, you can later configure the Web server instances in the Web tier to recognize a set of virtual hosts that use the same names as the virtual servers you defined for the load balancer. For each request coming from the hardware load balancer, the Web server can then route the request appropriately, based on the server name included in the header in the request. For more information, see Configuring Oracle HTTP Server for Administration and Oracle Web Services Manager.
The following procedure outlines the typical steps for configuring a hardware load balancer for an enterprise deployment.
Note that the actual procedures for configuring a specific load balancer will differ, depending on the specific type of load balancer. There may also be some differences depending on the type of protocol that is being load balanced. For example, TCP virtual servers and HTTP virtual servers use different types of monitors for their pools. Refer to the vendor-supplied documentation for actual steps.
Create a pool of servers. This pool contains a list of servers and the ports that are included in the load-balancing definition.
For example, for load balancing between the Web hosts, create a pool of servers that would direct requests to hosts WEBHOST1 and WEBHOST2 on port 7777.
Create rules to determine whether or not a given host and service is available and assign it to the pool of servers described in Step 1.
Create the required virtual servers on the load balancer for the addresses and ports that receive requests for the applications.
For a complete list of the virtual servers required for the enterprise deployment, see Summary of the Virtual Servers Required for an Enterprise Deployment.
When you define each virtual server on the load balancer, consider the following:
If your load balancer supports it, specify whether or not the virtual server is available internally, externally or both. Ensure that internal addresses are only resolvable from inside the network.
Configure SSL Termination, if applicable, for the virtual server.
Assign the pool of servers created in Step 1 to the virtual server.
This section provides the details of the virtual servers required for an enterprise deployment.
The following table provides a list of the virtual servers you must define on the hardware load balancer for the Oracle SOA Suite enterprise topology.
| Virtual Host | Server Pool | Protocol | SSL Termination? | External? |
|---|---|---|---|---|
|
|
|
HTTP |
No |
No |
|
|
|
HTTPS |
Yes |
Yes |
|
|
|
HTTP |
No |
No |
|
|
|
HTTPS |
No |
Yes |
|
|
|
TCP |
No |
Yes |
|
|
|
TCP |
No |
Yes |
Note:
If SOA Suite and Oracle Managed File Transfer are deployed on the same host, then Managed File Transfer can share the HTTP and HTTPS virtual servers that are used by SOA to access the Managed File Transfer console. However, a separate Managed File Transfer virtual server is required for TCP protocol 7 (used to load balance SFT requests).
This section provides the additional instructions required for the virtual server—admin.example.com.
When you configure this virtual server on the hardware load balancer:
Enable address and port translation.
Enable reset of connections when services or hosts are down.
When you configure this virtual server on the hardware load balancer:
Use port 80 and port 443. Any request that goes to port 80 (non-ssl protocol) should be redirected to port 443 (ssl protocol).
Specify ANY as the protocol (non-HTTP protocols are required for B2B).
Enable address and port translation.
Enable reset of connections when services and/or nodes are down.
Create rules to filter out access to /console and /em on this virtual server.
These context strings direct requests to the Oracle WebLogic Server Administration Console and to the Oracle Enterprise Manager Fusion Middleware Control and should be used only when accessing the system from admin.example.com.
When you configure this virtual server on the hardware load balancer:
Enable address and port translation.
Enable reset of connections when services or nodes are down.
As with the soa.example.com, create rules to filter out access to /console and /em on this virtual server.
When you configure this virtual server on the hardware load balancer:
Use port 80 and port 443. Any request that goes to port 80 (non-ssl protocol) should be redirected to port 443 (ssl protocol).
Specify ANY as the protocol (non-HTTP protocols are required for B2B).
Enable address and port translation.
Enable reset of connections when services and/or nodes are down.
Create rules to filter out access to /console and /em on this virtual server.
These context strings direct requests to the Oracle WebLogic Server Administration Console and to the Oracle Enterprise Manager Fusion Middleware Control and should be used only when accessing the system from admin.example.com.
Each Healthcare Minimum Lower Layer Protocol (MLLP) endpoint requires a separate virtual server in the load balancer. The load balancer routes to the MLLP service that will run in one of the Healthcare Managed Servers on a specific port. The pool for this virtual server points to the hostname and port that was used in the Healthcare Console for creating the endpoint.
For example, if an endpoint is created on SOAHOST1:9501 (with failover to SOAHOST2:9501), then you should create a virtual server, using 9501 as service port and with a pool containing SOAHOST1:9501 and SOAHOST2:9501. The Healthcare load balancer virtual servers should use TCP as protocol and use Address and Port translation preserving the sort port of the connection.
Managed File Transfer requires a single Oracle Traffic Director virtual server for the Secure File Transfer Protocol (SFTP). For more information, see Configuring Oracle Managed File Transfer in an Enterprise Deployment.
In the Managed File Transfer scenario, the load balancer routes SFTP requests across two Oracle Traffic Director instances. The Oracle Traffic Direct instances routes the requests to the SFTP embedded servers, which are running on the Managed File Transfer Managed Servers. For consistency, the port used in the hardware load balancer, in Oracle File Transfer, and in the SFTP servers is 7501.
As an administrator, it is important that you become familiar with the port numbers used by various Oracle Fusion Middleware products and services. This ensures that the same port number is not used by two services on the same host, and that the proper ports are open on the firewalls in the enterprise topology.
The following tables lists the ports that you must open on the firewalls in the topology.
Note:
The TCP/IP port for B2B is a user-configured port and is not predefined. Similarly, the firewall ports depend on the definition of TCP/IP ports.
Firewall notation:
FW1 refers to the outermost firewall.
FW2 refers to the firewall between the web tier and the application tier.
FW3 refers to the firewall between the application tier and the data tier.
Firewall Ports Common to All Fusion Middleware Enterprise Deployments
| Type | Firewall | Port and Port Range | Protocol / Application | Inbound / Outbound | Other Considerations and Timeout Guidelines |
|---|---|---|---|---|---|
|
Browser request |
FW0 |
80 |
HTTP / Load Balancer |
Inbound |
Timeout depends on the size and type of HTML content. |
|
Browser request |
FW0 |
443 |
HTTPS / Load Balancer |
Inbound |
Timeout depends on the size and type of HTML content. |
|
Browser request |
FW1 |
80 |
HTTPS / Load Balancer |
Outbound (for intranet clients) |
Timeout depends on the size and type of HTML content. |
|
Browser request |
FW1 |
443 |
HTTPS / Load Balancer |
Outbound (for intranet clients) |
Timeout depends on the size and type of HTML content. |
|
Callbacks and Outbound invocations |
FW1 |
80 |
HTTPS / Load Balancer |
Outbound |
Timeout depends on the size and type of HTML content. |
|
Callbacks and Outbound invocations |
FW1 |
443 |
HTTPS / Load Balancer |
Outbound |
Timeout depends on the size and type of HTML content. |
|
Load balancer to Oracle HTTP Server |
n/a |
7777 |
HTTP |
n/a |
n/a |
|
OHS registration with Administration Server |
FW1 |
7001 |
HTTP/t3 |
Inbound |
Set the timeout to a short period (5-10 seconds). |
|
OHS management by Administration Server |
FW1 |
OHS Admin Port (7779) |
TCP and HTTP, respectively |
Outbound |
Set the timeout to a short period (5-10 seconds). |
|
Session replication within a WebLogic Server cluster |
n/a |
n/a |
n/a |
n/a |
By default, this communication uses the same port as the server's listen address. |
|
Administration Console access |
FW1 |
7001 |
HTTP / Administration Server and Enterprise Manager t3 |
Both |
You should tune this timeout based on the type of access to the admin console (whether it is planned to use the Oracle WebLogic Server Administration Console from application tier clients or clients external to the application tier). |
|
Database access |
FW2 |
1521 |
SQL*Net |
Both |
Timeout depends on database content and on the type of process model used for SOA. |
|
Coherence for deployment |
n/a |
8088 Range: 8000 - 8090 |
n/a |
n/a |
|
|
Oracle Unified Directory access |
FW2 |
389 636 (SSL) |
LDAP or LDAP/ssl |
Inbound |
You should tune the directory server's parameters based on load balancer, and not the other way around. |
|
Oracle Notification Server (ONS) |
FW2 |
6200 |
ONS |
Both |
Required for Gridlink. An ONS server runs on each database server. |
*External clients can access SOA servers directly on RMI or JMS (for example, for JDeveloper deployments and for JMX monitoring), in which case FW0 might need to be open or not depending on the security model that you implement.
Firewall Ports Specific to Oracle SOA Suite Enterprise Deployments
| Type | Firewall | Port and Port Range | Protocol / Application | Inbound / Outbound | Other Considerations and Timeout Guidelines |
|---|---|---|---|---|---|
|
WSM-PM access |
FW1 |
7010 Range: 7010 - 7999 |
HTTP / WLS_WSM-PMn |
Inbound |
Set the timeout to 60 seconds. |
|
SOA Server access |
FW1* |
8001 Range: 8000 - 8010 |
HTTP / WLS_SOAn |
Inbound |
Timeout varies based on the type of process model used for SOA. |
|
Oracle Service Bus Access |
FW1 |
8011 Range: 8011-8021 |
HTTP / WLS_OSBn |
Inbound/ Outbound |
Set the timeout to a short period (5-10 seconds). |
|
BAM access |
FW1 |
9001 Range: 9000 - 9080 |
HTTP / WLS_BAMn |
Inbound |
Connections to BAM WebApps are kept open until the report/browser is closed, so set the timeout as high as the longest expected user session. |
|
MLLP Requests |
FW0, FW1 |
9500 — 95nn |
Application: MLLP/HC |
Inbound |
Timeout depends on the expected MLLP transfer sizes. |