4 Configuring the Application Infrastructure for myPortalCompany.com

This chapter provides instructions for creating the Application and Web Server tiers, distributing the software components into the DMZs shown in the Enterprise Deployment architecture depicted in Figure 1-2.

Before you perform the tasks in this chapter, a two-node Real Application Clusters (RAC) database must be installed. In this chapter, the server names for the database hosts are APPDBHOST1 and APPDBHOST2. Ideally, these are separate physical databases from INFRADBHOST1 and INFRADBHOST2. In addition to isolating the security components, separate application databases provide the flexibility needed to maintain and tune application and security parameters separately.

This chapter contains the following topics:

Section 4.1, "Installing the Metadata Repository for the Application Infrastructure"

Section 4.2, "Installing the Application Tier"

Section 4.3, "Testing the Application Server Tier"

Section 4.4, "Configuring Custom Java Portal Development Kit (JPDK) Providers"

Section 4.5, "Setting the OracleAS Single Sign-On Query Path URL for External Applications"

Note: For detailed information on OracleAS Portal and its configurations, see the Oracle Application Server Portal Configuration Guide.

4.1 Installing the Metadata Repository for the Application Infrastructure

You must install the OracleAS Metadata Repository before you install components into the Application Infrastructure. Oracle Application Server provides a tool, the Oracle Application Server Metadata Repository Creation Assistant, to create the OracleAS Metadata Repository in an existing database.

The OracleAS Metadata Repository Creation Assistant is available on the OracleAS Metadata Repository Creation Assistant CD-ROM or the Oracle Application Server DVD-ROM. You install the OracleAS Metadata Repository Creation Assistant in its own, separate Oracle home.

To install the OracleAS Metadata Repository, you must perform these steps:

1. Install the OracleAS Metadata Repository Creation Assistant, following the steps in Section 2.1.1.

2. Ensure that the database meets the requirements specified in the "Database Requirements" section of the Oracle Application Server Metadata Repository Creation Assistant User's Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using. In addition, ensure that:

   • The database computer has at least 512 MB of swap space available for execution of the OracleAS Metadata Repository Creation Assistant

   • There are no dependencies of any kind related to the ultrasearch directory in the database's Oracle home. The OracleAS Metadata Repository Creation Assistant replaces this directory with a new version, renaming the existing version of the directory to ultrasearch_timestamp.

3. Execute the OracleAS Metadata Repository Creation Assistant, following the steps in Section 2.1.2 or Section 2.1.3.

   • To install into a database using raw devices, follow the steps in Section 4.1.1, "Installing the Metadata Repository in a Database Using Raw Devices".

   • To install into a database using Oracle Cluster File System, follow the steps in Section 4.1.2, "Installing the Metadata Repository in an Oracle Cluster File System (OCFS)".

4. Perform the post-installation step described in Section 2.1.4.

4.1.1 Installing the Metadata Repository in a Database Using Raw Devices

Follow these steps to install the Metadata Repository into an existing two-node Real Application Clusters (RAC) database using raw devices:

1. Create raw devices for the OracleAS Metadata Repository, using the values in Section B.2, "Tablespace Mapping to Raw Devices Sample File".

   
   

   Tip: The command to create tablespaces is specific to the volume manager used. For example, the command to create a tablespace in VERITAS Volume Manager is vxassist.

   
   

2. Create a file to map the tablespaces to the raw devices. Each line in the file has the format:

   tablespace name=raw device file path
   
   

   You can use the sample file shown in Example B-1, "Tablespace to Raw Device Mapping (Sample File)", replacing the file paths with the paths on your system. Append a 1 to the tablespace names, as shown in the sample file.

   
   

   Note: Creating the sample file is not mandatory; you can enter the tablespace values into the Specify Tablespace Information screen during execution of the OracleAS Metadata Repository Creation Assistant.

   
   

3. Populate the DBCA_RAW_CONFIG environment variable with the full path and filename of the tablespace mapping file.

4. Ensure that the database and listener are running.

5. Ensure that the NLS_LANG environment variable is not set to a non-English locale, or is set to american_america.us7ascii, with one of the following commands:

   • unsetenv NLS_LANG

   • setenv NLS_LANG american_america.us7ascii

     
     

     Note: If you need to, you can set NLS_LANG to its original value after executing the OracleAS Metadata Repository Creation Assistant.

     
     

6. Start the OracleAS Metadata Repository Creation Assistant from the OracleAS Metadata Repository Creation Assistant Oracle home with this command:

   runRepca

   The Welcome screen appears.

7. Click Next.

   The Specify Oracle Home screen appears.

8. In the Oracle Home field, specify the full path of the database Oracle home.

   In the Log File Directory field, specify the full path of the directory on the current computer in which you want the OracleAS Metadata Repository Creation Assistant to write its log files. Ensure correct input for the Log File Directory on this screen, as you will not be able to change it after you have proceeded beyond this screen.

9. Click Next.

   The Select Operation screen appears.

10. Select Load and Register and click Next.

    The Specify Database Connection screen appears.

11. Enter the SYS user name and password and the host and port information. For example:

    infradbhost1.mycompany.com:1521,infradbhost2.mycompany.com:1521
    

12. Click Next.

    The Specify Storage Options screen appears.

13. Select Regular or Cluster File System.

    The Specify Tablespace Information screen appears, displaying the values from the file specified by the DBCA_RAW_CONFIG environment variable.

14. Correct the values, if necessary, and click Next.

    The Warning: Check Disk Space dialog appears if your SYSTEM and UNDO tablespaces are set to autoextend.

15. Check the disk space as specified in the dialog and click OK.

    The Specify Oracle Internet Directory Connect screen appears.

16. Enter the virtual host name for the Oracle Internet Directory, oid.mycompany.com, and port 389.

    The Specify Login for Oracle Internet Directory screen appears.

17. Enter the user name and password to log in to Oracle Internet Directory. Note that:

    • The user must belong to the iASAdmins group.

    • You can provide the user's simple name (for example, jdoe) or the user's Distinguished Name (DN) (for example, cn=orcladmin).

    • If the Oracle Internet Directory has multiple realms, you must enter the realm that contains the specified user. (The realm value is not used if you log in as cn=orcladmin, since the superuser does not belong to any realm.)

18. Click Next.

    The Specify Oracle Context screen appears.

19. Specify the location in Oracle Internet Directory in which the OracleAS Metadata Repository will be installed, and click Next.

    The Loading Repository screen appears. The tablespaces and schemas are created and populated.

    The Success screen appears.

20. Click OK.

    The OracleAS Metadata Repository Creation Assistant exits.

4.1.2 Installing the Metadata Repository in an Oracle Cluster File System (OCFS)

Follow these steps to install the Metadata Repository into an existing two-node Real Application Clusters (RAC) database using an OCFS file system:

1. Ensure that the database and listener are running.

2. Start the OracleAS Metadata Repository Creation Assistant from the OracleAS Metadata Repository Creation Assistant Oracle home with this command:

   runRepca

   The Welcome screen appears.

3. Click Next.

   The Specify Oracle Home screen appears.

4. In the Oracle Home field, specify the full path of the database Oracle home.

   In the Log File Directory field, specify the full path of the directory on the current computer in which you want the OracleAS Metadata Repository Creation Assistant to write its log files. Ensure correct input for the Log File Directory on this screen, as you will not be able to change it after you have proceeded beyond this screen.

5. Click Next.

   The Select Operation screen appears.

6. Select Load and Register and click Next.

   The Specify Database Connection screen appears.

7. Enter the SYS user name and password and the host and port information. For example:

   infradbhost1.mycompany.com:1521,infradbhost2.mycompany.com:1521
   

8. Click Next.

   The Specify Storage Options screen appears.

9. Select Regular or Cluster File System.

   The Specify Tablespace Information screen appears.

10. Select a directory option (Use Same Directory for All Tablespaces or Use Individual Directories for Each Tablespace) and complete the remaining fields. When specifying a directory, ensure that it is an existing, writeable directory with sufficient free space. Click Next.

    The Warning: Check Disk Space dialog appears if your SYSTEM and UNDO tablespaces are set to autoextend.

11. Check the disk space as specified in the dialog and click OK.

    The Specify Oracle Internet Directory Connect screen appears.

12. Enter the virtual host name for the Oracle Internet Directory, oid.mycompany.com, and port 389.

    The Specify Login for Oracle Internet Directory screen appears.

13. Enter the user name and password to log in to Oracle Internet Directory. Note that:

    • The user must belong to the iASAdmins group.

    • You can provide the user's simple name (for example, jdoe) or the user's Distinguished Name (DN) (for example, cn=orcladmin).

    • If the Oracle Internet Directory has multiple realms, you must enter the realm that contains the specified user. (The realm value is not used if you log in as cn=orcladmin, since the superuser does not belong to any realm.)

14. Click Next.

    The Specify Oracle Context screen appears.

15. Specify the location in Oracle Internet Directory in which the OracleAS Metadata Repository will be installed, and click Next.

    The Loading Repository screen appears. The tablespaces and schemas are created and populated.

    The Success screen appears.

16. Click OK.

    The OracleAS Metadata Repository Creation Assistant exits.

4.2 Installing the Application Tier

Follow these steps to install the Application Tier components (APPHOST1 and APPHOST2) into the Application tier.

4.2.1 Installing the First Application Server on APPHOST1

Follow these steps to install an Oracle Application Server middle tier on APPHOST1:

1. Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.

2. Copy the staticport.ini file from the Disk1/stage/Response directory to a local directory, such as TMP.

3. Edit the staticport.ini file to assign the following custom ports:

   Oracle HTTP Server port = 7777
   Oracle HTTP Server Listen port = 7778
   Web Cache HTTP Listen port = 7777
   Web Cache Administration port = 4000
   Web Cache Invalidation port = 4001
   Web Cache Statistics port = 4002
   Application Server Control port = 1810
   
   

   
   

   Notes: Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature as described to install the Application Server Tier ensures that the port assignments will be consistent with the documentation in this section, if the ports are correctly specified in the file and the port is not already in use. Otherwise: If a port is incorrectly specified, then the Oracle Universal Installer will assign the default port. If a port is already in use, then the Oracle Universal Installer will assign the next available port. See Section B.3, "Using the Static Ports Feature with Oracle Universal Installer" for more information.

   
   

4. Start the Oracle Universal Installer as follows:

   On UNIX, issue this command: runInstaller

   On Windows, double-click setup.exe

   The Welcome screen appears.

5. Click Next.

   On UNIX systems, the Specify Inventory Directory and Credentials screen appears.

6. Specify the directory you want to be the orainventory directory and the operating system group that has write permission to it.

7. Click Next.

   On UNIX systems, a dialog appears, prompting you to run the orainstRoot.sh script.

8. Open a window and run the script, following the prompts in the window.

9. Return to the Oracle Universal Installer screen and click Next.

   The Specify File Locations screen appears with default locations for:

   • The product files for installation (Source)

   • The name and path to the Oracle home (Destination)

10. Click Next.

    The Select a Product to Install screen appears.

    Figure 4-1 Oracle Universal Installer Select a Product to Install Screen

    
    Description of the illustration mid5.gif
    
    

11. Select Oracle Application Server 10g, as shown in Figure 4-1, and click Next.

    The Select Installation Type screen appears.

    Figure 4-2 Oracle Universal Installer Select Installation Type Screen

    
    Description of the illustration portal2.gif
    
    

12. Select Portal and Wireless, as shown in Figure 4-2, and click Next.

    The Confirm Pre-Installation Requirements screen appears.

13. Ensure that the requirements are met and click Next.

14. The Select Configuration Options screen appears.

    Figure 4-3 Oracle Universal Installer Select Configuration Options Screen

    
    Description of the illustration portal4.gif
    
    

15. Select OracleAS 10g Portal, as shown in Figure 4-3, and click Next.

    The Specify Port Configuration Options screen appears.

16. Select Manual, specify the location of the staticports.ini file, and click Next.

17. The Register with Oracle Internet Directory screen appears.

    Figure 4-4 Oracle Universal Installer Register with Oracle Internet Directory Screen

    
    Description of the illustration portal5.gif
    
    

18. Enter the host name and port of the Oracle Internet Directory load balancing router. Do not select the SSL configuration option.

19. Click Next.

    The Specify OID Login screen appears.

20. Enter the user name and the password and click Next.

    The Select OracleAS 10g Metadata Repository screen appears, displaying the connect string for the repository database that the installer detected.

21. Click Next.

    The Specify Instance Name and ias_admin Password screen appears.

22. Specify an instance name and the OracleAS administrator's password and click Next.

    The Summary screen appears.

23. Click Next.

    On UNIX systems, a dialog appears, prompting you to run the root.sh script.

24. Open a window and run the script, following the prompts in the window.

25. Return to the Oracle Universal Installer screen and click Next.

    The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.

26. Click Exit, and then confirm your choice to exit.

27. Verify that the installation was successful by accessing the OracleAS Portal page at:

    http://apphost1.mycompany.com:7777/pls/portal

28. Access the ORACLE_HOME/portal/conf/iasconfig.xml file. The contents of the file are shown in the subsequent example:

    <IASConfig XSDVersion="1.0">
       <IASInstance Name="iAS-1.apphost1.mycompany.com" Host="apphost1.mycompany.com">
           <WebCacheComponent ListenPort="7777" AdminPort="4000" InvalidationPort="4001" InvalidationUsername="invalidator" InvalidationPassword="@Bd4D+TnapIEqRc3/kle0A=" SSLEnabled="false"/>
    <EMComponent ConsoleHTTPPort="1810" SSLEnabled="false"/>
       </IASInstance>
    
       <IASInstance Name="iAS.login.mycompany.com" Host="login.mycompany.com">
    <OIDComponent AdminPassword="@BVs2Kn8lbTxUY=" SSLEnabled="false" LDAPPort="389" AdminDN="cn=orcladmin"/>
       </IASInstance>
    
       <PortalInstance DADLocation="/pls/portal" SchemaUsername="portal" SchemaPassword="@BeyhA5zRtuYc=" ConnectString="cn=iasdb,cn=oraclecontext">
    <WebCacheDependency ContainerType="IASInstance" Name="iAS-1.apphost1.mycompany.com"/>
    <OIDDependency ContainerType="IASInstance" Name="iAS.login.mycompany.com"/>
    <EMDependency ContainerType="IASInstance" Name="iAS-1.apphost1.mycompany.com"/>    </PortalInstance>
    
    </IASConfig>
    
    

Note: The value iAS-1 in the IASInstance element is the instance name specified in step 22.

4.2.2 Configuring the First Application Server on APPHOST1

Upon installation of the first application server, the iasconfig.xml file shown above yields an OracleAS Web Cache configuration with the functionality shown in Figure 4-5.

Figure 4-5 Pre-Configuration Listener Setup on First Application Server

Description of the illustration asted003.gif

Before you begin this configuration, ensure that the following is configured:

• A virtual IP address (VIP1) that listens for requests to portal.mycompany.com on port 443 (an HTTPS listening port), and balances them to the Application tier OracleAS Web Cache running on APPHOST1 port 7777 (an HTTP listening port). You must configure the Load Balancing Router to perform the protocol conversion.

• The virtual IP address VIP1 listens for requests to portal.mycompany.com on port 7777 (an HTTP listening port), and balances them to the Application tier OracleAS Web Cache on APPHOST1 port 7777 (an HTTP listening port). Port 7777 on the Load Balancing Router receives the HTTP loop-back requests made by the Parallel Page Engine on APPHOST1. This 7777 port also receives requests from the Portal Metadata Repository for web provider design time messages. This configuration may require a Network Address Translation (NAT) rule in the Load Balancing Router in order for the loop-back request from the PPE to succeed.

  
  

  Note: For security reasons, port 7777 on the Load Balancing Router should not be visible to external users.

  
  

• The virtual IP address VIP1 listens for requests to portal.mycompany.com on port 4001 (an HTTP listening port), and balances them to the Application Tier OracleAS Web Cache on APPHOST1 port 4001 (an HTTP listening port). Port 4001 port on the Load Balancing Router receives invalidation messages from the OracleAS Portal Repository when content that is cached in OracleAS Web Cache becomes stale. This configuration might require a Network Address Translation (NAT) rule in the Load Balancing Router in order for the invalidation requests from the OracleAS Portal repository to succeed.

  
  

  Note: VIP1 listens on 443 for external traffic, on port 7777 for Parallel Page Engine loop-back messages, and port 4001 for invalidation messages. For security reasons, port 4001 on the Load Balancing Router should not be visible to external users.

  
  

• HTTP monitoring of OracleAS Web Cache. The Load Balancing Router must be configured to detect an inoperative computer and stop routing requests to it until it is functioning again. Two OracleAS Web Cache ports must be monitored: the HTTP request port and the invalidation port.

  To monitor port 7777, use the following URL in the Load Balancing Router configuration:

  hostname:port/_oracle_http_server_webcache_static_.html

  For example:

  http://apphost1.mycompany.com:7777/_oracle_http_server_webcache_static_.html

  If the Load Balancing Router receives a response from this URL, then the OracleAS Web Cache instance is running. If not, then the process or the server is down, and the Load Balancing Router will forward all requests to the surviving computer.

  To monitor port 4001, use the following URL in the Load Balancing Router configuration:

  http://hostname.domain.com:4001

  For example:

  http://apphost1.mycompany.com:4001

  The Load Balancing Router sends an HTTP request to this URL; the response header resembles the following:

  HTTP/1.0

  The Load Balancing Router must be configured to detect the string HTTP in the first line of the response header. Thus, when the Load Balancing Router detects HTTP in the first line of the response header, the invalidation port is available. If not, then all invalidation requests are routed to the surviving computer.

The configuration of the OracleAS Portal application server tier on APPHOST1 consists of the following tasks:

• Configuring the Oracle HTTP Server with the Load Balancing Router on APPHOST1

• Configuring the Parallel Page Engine Loop-Back with the Load Balancing Router on APPHOST1

• Configuring the Event Servlet with the Load Balancing Router on APPHOST1

• Modifying the Portal Dependency Settings (iasconfig.xml) File on APPHOST1

• Registering the OracleAS Portal URLs with the Load Balancing Router on APPHOST1

• Re-Setting the Oracle Enterprise Manager 10g Link

• Configuring OracleAS Web Cache with the Load Balancing Router on APPHOST1

• Configuring the Portal Tools Providers on APPHOST1

• Re-registering mod_osso on APPHOST1

• Verifying Connectivity for Invalidation Messages from the Database to the OracleAS Web Cache on APPHOST1 through the Load Balancing Router

• Enabling Monitoring of the Load Balancing Router's OracleAS Portal Host and Port Settings on APPHOST1

• Testing the Configuration on APPHOST1

Configuring the Oracle HTTP Server with the Load Balancing Router on APPHOST1

This step associates the components on which OracleAS Portal depends with the Load Balancing Router hostname and port: portal.mycompany.com:443.

1. Access the Oracle Enterprise Manager 10g Application Server Control Console.

2. Click the link for the APPHOST1 installation.

3. Click the HTTP Server link.

4. Click the Administration link.

5. Click Advanced Server Properties.

6. Open the httpd.conf file.

7. Perform the following steps:

   1. Add the LoadModule certheaders_module directive for the appropriate platform.

      UNIX:

      LoadModule certheaders_module libexec/mod_certheaders.so
      
      

      Windows:

      LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
      

      
      

      Notes: The LoadModule directives (in particular, the LoadModule rewrite_module directive) must appear in the httpd.conf file at a location preceding the VirtualHost directives. The server must load all modules before it can execute the directives in the VirtualHost container. It is a good idea to create the VirtualHost directives at the end of the httpd.conf file.

      
      

   2. Add the following lines to create a NameVirtualHost directive and a VirtualHost container for portal.mycompany.com and port 443.

      NameVirtualHost *:7778
      <VirtualHost *:7778>
        ServerName portal.mycompany.com
        Port 443
        ServerAdmin you@your.address 
        RewriteEngine On 
        RewriteOptions inherit
        SimulateHttps On
      </VirtualHost> 
      
      

   3. Create a second VirtualHost container for apphost1.mycompany.com and port 7777.

      <VirtualHost *:7778>
        ServerName apphost1.mycompany.com
        Port 7777
        ServerAdmin you@your.address 
        RewriteEngine On 
        RewriteOptions inherit
      </VirtualHost> 
      
      

8. Save the httpd.conf file, and restart the Oracle HTTP Server when prompted.

Configuring the Parallel Page Engine Loop-Back with the Load Balancing Router on APPHOST1

In this step, you configure (non-SSL) loop-back communication between the Load Balancing Router and the Parallel Page Engine on APPHOST1.

Before you start this configuration, ensure that:

• You are able to resolve portal.mycompany.com from APPHOST1, either with DNS or with an entry in the hosts file, such that it contacts the Load Balancing Router. To ensure you can resolve portal.mycompany.com, issue this command from APPHOST1:

  nslookup portal.mycompany.com

  The IP address for the Load Balancing Router should be returned.

• You are able to contact port 7777 on portal.mycompany.com from APPHOST1. Issue this command on APPHOST1:

  telnet portal.mycompany.com 7777

  Verify that no connection failure message is returned.

Follow these steps to create the loop-back configuration:

1. Open the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml file.

2. Locate the Page servlet section.

3. Add the lines shown in bold:

   <servlet>
   <servlet-name>page</servlet-name>
      <servlet-class>oracle.webdb.page.ParallelServlet</servlet-class>
             <init-param>
                <param-name>useScheme</param-name>
                <param-value>http</param-value>
             </init-param>
             <init-param>
                <param-name>usePort</param-name>
                <param-value>7777</param-value>
             </init-param>
   </servlet>
   
   

4. Save the web.xml file.

Configuring the Event Servlet with the Load Balancing Router on APPHOST1

Follow these steps to configure the event servlet:

1. Open the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml file.

2. Locate the Event servlet section.

3. Add the lines shown in bold:

   <servlet> 
    <servlet-name>event</servlet-name> 
       <servlet-class>oracle.webdb.event.EventServlet</servlet-class> 
               <init-param> 
                  <param-name>httpsports</param-name> 
                  <param-value>443</param-value> 
               </init-param> 
   </servlet>
   
   

4. Save the web.xml file.

5. Issue this command in ORACLE_HOME/dcm/bin to update the DCM repository:

   dcmctl updateconfig

6. Issue these commands in ORACLE_HOME/opmn/bin to restart the instance:

   opmnctl stopall

   opmnctl startall

Modifying the Portal Dependency Settings (iasconfig.xml) File on APPHOST1

The Portal Dependency Settings file iasconfig.xml must contain the correct host, port and farm name to enable access to OracleAS Portal and perform OracleAS Web Cache invalidation. Follow these steps to edit the file to include this information:

1. Create a backup copy of the APPHOST1_ORACLE_HOME/portal/conf/iasconfig.xml file.

2. Open the APPHOST1_ORACLE_HOME/portal/conf/iasconfig.xml file and perform the following steps:

   1. Make the additions and changes shown in bold in Example 4-1.

      Example 4-1 Modifications to the iasconfig.xml File

      <IASConfig XSDVersion="1.0">
       <IASFarm Name="Farm1.portal.mycompany.com" Host="portal.mycompany.com">
        <WebCacheComponent AdminPort="4000" ListenPort="443"  InvalidationPort="4001" InvalidationUsername="invalidator" InvalidationPassword="@Beyh8p2bOWELQCsA5zRtuYc=" SSLEnabled="true"/>
       </IASFarm>
        <IASInstance Name="iAS-1.apphost1.mycompany.com" Host="apphost1.mycompany.com">
      <WebCacheComponent AdminPort="4000" ListenPort="7777"  InvalidationPort="4001"  InvalidationUsername="invalidator" InvalidationPassword="@BYgvINNtK1/ux15zmARPURHM2GMAkwK9UA=="  SSLEnabled="false"/> 
       <EMComponent ConsoleHTTPPort="1810" SSLEnabled="false"/>
      </IASInstance> 
         <OIDComponent AdminPassword="@BVs2KPJEWC5a0l4n8lbTxUY=" SSLEnabled="false" LDAPPort="389" AdminDN="cn=orcladmin"/>
      </IASInstance>
      <PortalInstance DADLocation="/pls/portal" SchemaUsername="portal"   SchemaPassword="@BYgvINNtK1/uohU/kv+WvG21XiMAp6Wryw=="  ConnectString="cn=orcl1012,cn=oraclecontext">  <WebCacheDependency ContainerType="IASFarm"   Name="Farm1.portal.mycompany.com"/>  <OIDDependency ContainerType="IASInstance" Name="iAS-1.iasclha3"/>  <EMDependency ContainerType="IASInstance"   Name="apphost1.mycompany.com"/>  </PortalInstance>  </IASConfig>
      <IASInstance Name="iAS-1.apphost1.mycompany.com" Host="apphost1.mycompany.com">   <OIDComponent AdminPassword="@BYgvINNtK1/ux15zmARPURHM2GMAkwK9UA=="  AdminDN="cn=orcladmin" SSLEnabled="false" LDAPPort="389"/> 
      

   2. Save the iasconfig.xml file.

   3. Encrypt any plain text passwords in the iasconfig.xml configuration file by setting the ORACLE_HOME environment variable, if necessary, and then issuing this command from ORACLE_HOME/portal/conf:

      ptlconfig -encrypt

Registering the OracleAS Portal URLs with the Load Balancing Router on APPHOST1

In this step, you register the OracleAS Portal URLs using the Load Balancing Router hostname and port instead of the OracleAS Web Cache hostname and port. Follow the steps in this section to use the OracleAS Portal Configuration Assistant to register the URLs.

1. Ensure that the ORACLE_HOME environment variable is set.

2. Register the URLs using the Portal Dependency Settings tool (available in APPHOST1_ORACLE_HOME/portal/conf):

   ptlconfig -dad dadname -wc -site

   In the preceding command, dadname is the name of the OracleAS Portal Database Access Descriptor.

Re-Setting the Oracle Enterprise Manager 10g Link

To prevent access to Oracle Enterprise Manager 10g from the outside, the link provided by OracleAS Portal must be changed back to point to the internal server. To do this, on APPHOST1, issue the following command in ORACLE_HOME/portal/conf:

ptlconfig -dad portal -em

Configuring OracleAS Web Cache with the Load Balancing Router on APPHOST1

You must configure a site definition, site alias, and a site-to-server mapping to make OracleAS Web Cache function correctly with the Load Balancing Router.

Use the Web Cache Manager, the graphical user interface provided for editing the configuration stored in the webcache.xml file.

1. Access the Web Cache Administrator at:

   http://apphost1.mycompany.com:4000/webcacheadmin

   The Web Cache Administrator password dialog appears.

2. Enter the OracleAS Web Cache administrator password.

   
   

   Note: At installation time, The OracleAS Web Cache administrator password is set to the same password as the ias_admin password. The OracleAS Web Cache administrator password must be identical for all cache cluster members.

   
   

   The Web Cache Cache Operations page appears. A scrollable frame on the left side of the window contains groups of configuration elements. To access an element, click its link. The content area of the page is then populated with the values for that element.

3. Click the Site Definitions link in the Origin Servers, Sites and Load Balancing section.

   The Site Definitions window opens.

4. Click Add Site.

5. Enter the following information (leave other fields blank):

   • Host name: portal.mycompany.com

   • Port: 443

   • Client-side Certificate: Not required

   • Default Site: Yes

   • Create Alias from Site Name with/without www: No

6. Click Submit.

7. Select the radio button for the site for which the alias will be added (portal.mycompany.com).

8. Click Add Alias.

   The Add Alias for Site window opens.

9. Enter portal.mycompany.com for the host name and 7777 for the port. (7777 is the value for the usePort parameter in the web.xml file in the Parallel Page Engine configuration.)

10. Click Submit.

    The alias is added. An alias is needed in the configuration because Portal sends invalidation messages with the value of the HOST attribute in the invalidation message the same as the site name (in this case, portal.mycompany.com:443), but OracleAS Web Cache caches the portal content keyed on a host:port combination such as portal.mycompany.com:7777; thus, the invalidation is not executed. Therefore, it is necessary to define an alias, so that OracleAS Web Cache manages the content caching so that it recognizes portal.mycompany.com:443 and portal.mycompany.com:7777 as one and the same, and thereby correctly invalidating OracleAS Portal content, although the content is keyed on a different host:port combination than the site name.

11. Click Add Alias.

    A window with host name and port fields opens.

12. Enter portal.mycompany.com for the host name and 80 for the port.

13. Click Submit.

    The alias is added.

    
    

    Note: An alias for port 80 is needed because the HOST header sent by the browser will be portal.mycompany.com (without a port number appended to it). Since OracleAS Web Cache is listening on the HTTP port, it will assume that the port number is 80 and use this to determine the site-to-server mapping, and for any cache key creation.

    
    

14. Click Apply Changes.

15. Click the Site-to-Server Mapping link in the Origin Servers, Sites, and Load Balancing section.

    The Site-to-Server Mapping page appears, in which you map the site and site alias to an origin server.

16. Select the first mapping in the table and click Insert Above.

    The Edit/Add Site-to-Server Mapping page appears.

17. Select the Select From Site Definitions option.

18. Select portal.mycompany.com.

19. Select apphost1.mycompany.com in the Select Application Web Servers section.

20. Click Submit.

21. Remove unused mappings or entries containing the wild card character *.

22. Click Apply Changes.

23. Click Restart.

Configuring the Portal Tools Providers on APPHOST1

You must configure the OracleAS Portal Tools providers (OmniPortlet and OracleAS Web Clipping) to work in this configuration. Follow these steps on APPHOST1 to configure the Portal Tools Provider:

1. Configure OmniPortlet to use a shared preference store. (By default, the OmniPortlet provider uses the file-based preference store. However, in a multiple middle tier environment, you must use a shared preference store, such as the database preference store DBPreferenceStore.) To configure OmniPortlet to use DBPreferenceStore, perform the following steps:

   1. Navigate to the directory ORACLE_HOME/j2ee/OC4J_Portal/applications/jpdk/jpdk/doc/dbPreferenceStore.

   2. Create a user on the database containing the PORTAL schema, and grant create resource and connect privileges, using these commands in SQL*Plus:

      create user prefstore identified by welcome;

      grant connect, resource to prefstore;

   3. Execute the jpdk_preference_store2.sql script by issuing this command:

      @jpdk_preference_store2

   4. Edit the ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml file to add the entry in the subsequent example:

      <data-source
       class="com.evermind.sql.DriverManagerDataSource"
       name="omniPortletprefStore"
       location="jdbc/UnPooledConnection"
       xa-location="jdbc/xa/XAConnection"
       ejb-location="jdbc/PooledConnection"
       connection-driver="oracle.jdbc.driver.OracleDriver"
       username="prefstore"
       password="welcome"
        url="jdbc:oracle:thin:@(description=(address_list= (address=(host=appdbhost1.mycompany.com)"(protocol=tcp)(port=1521)) (address=(host=appdbhost2.mycompany.com)(protocol=tcp)(port=1521))
      (load_balance=yes)(failover=yes))(connect_data=(service_name= db9i)))"
       inactivity-timeout="30"
      />
      
      

   5. Edit the ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml file to edit the preferenceStore tag as shown in the subsequent example:

      <provider class="oracle.webdb.reformlet.ReformletProvider">
       <vaultId>0</vaultId>
       <session>true</session>
       <preferenceStore class="oracle.portal.provider.v2.preference.DBPreferenceStore">
        <name>omniPortletprefStore</name>
        <connection>jdbc/PooledConnection</connection>
       </preferenceStore>
      
      

2. Update the trusted certificates file used by OmniPortlet with the certificate of the Web site's certificate authority:

   1. Follow step 1 in "Enabling Monitoring of the Load Balancing Router's OracleAS Portal Host and Port Settings on APPHOST1". The HTTPS URL you can use to obtain the certificate from is https://portal.mycompany.com/pls/portal.

      At the end of this step, you will have a certificate file named ias_certificate.cer.

   2. Locate the provider.xml file in the ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/ directory. Look in this file to find the location of the trusted certificates file, specified in the trustedCertificateLocation tag.

      If the tag is not specified or is commented out, the default is ORACLE_HOME/portal/conf/ca-bundle.crt. This file contains a list of Base64 certificates trusted by the OmniPortlet Provider.

   3. Edit the OmniPortlet trusted certificates file by adding the contents of the certificate file you exported in step a (ias_certificate.cer) to the end of the file. Be sure to include all of the Base64 text from the certificate, including the BEGIN and END lines.

   4. Restart the OC4J_Portal instance.

3. Optionally, you can change the settings for the HTTP proxy configuration, or the repository used by OmniPortlet and OracleAS Web Clipping.

   You can change the settings on the Portal Tools Edit Provider pages accessible from the Portal Tools providers' test pages. The test pages are located at the following URLs:

   • OmniPortlet provider test page on APPHOST1:

     http://apphost1.mycompany.com:7777/portalTools/omniPortlet/providers/omniPortlet

   • Web Clipping provider test page on APPHOST1:

     http://apphost1.mycompany.com:7777/portalTools/webClipping/providers/webClipping

4. Verify that OmniPortlet and the Web Clipping Provider work properly through the HTTP port of the Load Balancing Router, by accessing the test pages at the following URLs:

   OmniPortlet Provider:

   http://portal.mycompany.com:7777/portalTools/omniPortlet/providers/omniPortlet

   Web Clipping Provider:

   http://portal.mycompany.com:7777/portalTools/webClipping/providers/webClipping

5. Configure the OmniPortlet and Web Clipping Provider registration URLs to go through the HTTP port of the Load Balancing Router:

   1. Access the OracleAS Portal page at https://portal.mycompany.com/pls/portal and log in as the portal administrator.

   2. Click on the Navigator link.

   3. Click on the Providers tab.

   4. Click on the Registered Providers link.

   5. Click on the Edit Registration link.

   6. Click on the Connection tab and change the beginning of the provider registration URL from https://portal.mycompany.com/ to http://portal.mycompany.com:7777/.

   7. Perform steps d and e for both the OmniPortlet Provider and the Web Clipping Provider.

6. Refresh the Portlet Repository so that the Portal Tools portlets appear in the Portlet Builders folder in the Portlet Repository:

   1. Log in as the portal administrator, and click on the Builder link.

   2. Click on the Administrator tab.

   3. Click on the Portlets sub-tab.

   4. Click on the Refresh Portlet Repository link in the Portlet Repository portlet.

   5. The refresh operation continues in the background.

Note: Running ptlconfig again at any time after you have completed the steps in "Configuring the Portal Tools Providers on APPHOST1" will require you to repeat steps 4 and 5 in this section.

Re-registering mod_osso on APPHOST1

1. Set the ORACLE_HOME environment variable to the current Oracle home.

2. Execute the SSO registration script ORACLE_HOME/sso/bin/ssoreg. Example 4-2 shows the usage of ssoreg.sh on UNIX. (On Windows, the script name is ssoreg.bat.)

   
   

   Note: The script shown in Example 4-2 has multiple lines for readability only. When you execute the script, all parameters are on a single continuous line.

   
   

   Example 4-2 ssoreg Usage

   ORACLE_HOME/sso/bin/ssoreg.sh
   -site_name portal.mycompany.com
   -mod_osso_url https://portal.mycompany.com
   -config_mod_osso TRUE
   -oracle_home_path ORACLE_HOME 
   -config_file ORACLE_HOME/Apache/Apache/conf/osso/osso.conf
   -admin_info cn=orcladmin
   -virtualhost
   
   

   A partner application, portal.mycompany.com, is created.

3. Access the following URL:

   https://login.mycompany.com/pls/orasso

4. Log in to the OracleAS Single Sign-On Administration page as the Administrator, and use the Administer Partner Applications page to delete the entry for the partner application apphost1.mycompany.com.

Verifying Connectivity for Invalidation Messages from the Database to the OracleAS Web Cache on APPHOST1 through the Load Balancing Router

When an object is changed in the database, the application metadata repository database sends an invalidation message to Webcache to invalidate that object if it exists in the cache. Since the target configuration has two instances of OracleAS Web Cache, the invalidation message must be load balanced across both OracleAS Web Cache instances. This is an example of component level load balancing.

Before you proceed with this verification, ensure that messages can be sent from the computer hosting the database to the Load Balancing Router. To do this, issue the following command from INFRADBHOST1 and INFRADBHOST2:

telnet portal.mycompany.com 4001

Verify that no connection failure message is returned.

Enabling Monitoring of the Load Balancing Router's OracleAS Portal Host and Port Settings on APPHOST1

You must first configure a certificate in Oracle Enterprise Manager 10g in order to successfully monitor the OracleAS Portal metrics using the Oracle Enterprise Manager 10g Application Server Control Console. To configure the Application Server Control Console to recognize the Certificate Authority that was used by the Web Site to support HTTPS:

1. Obtain the Certificate of the Web site's Certificate Authority, as follows:

   1. In Microsoft Internet Explorer, connect to the HTTPS URL of the application server you are attempting to monitor.

   2. Double-click the lock icon at the bottom of the browser screen, which indicates that you have connected to a secure Web site. The browser displays the Certificate dialog box, which describes the Certificate used for this Web site. Other browsers offer a similar mechanism to view the Certificate detail of a Web Site.

   3. Click the Certificate Path tab, and select the first entry in the list of certificates.

   4. Click View Certificate to display a second Certificate dialog box.

   5. Click the Details tab in the Certificate window.

   6. Click Copy to File to display the Certificate Manager Export wizard.

   7. In the Certificate Manager Export wizard, select Base64 encoded X.509 (.CER) as the format you want to export, and save the certificate to a text file with an easily identifiable name, such as ias_certificate.cer.

   8. Open the certificate file using a text editor, and confirm that the content of the certificate file looks similar to the content in the subsequent example:

      -----BEGIN CERTIFICATE-----
      MIIDBzCCAnCgAwIBAgIQTs4NcImNY3JAs5edi/5RkTANBgkqhkiG9w0BAQQFADCB
      ...
      base64 certificate content
      ...
      -----END CERTIFICATE-----
      
      

2. Update the list of Certificate Authorities, as follows:

   1. Locate the b64InternetCertificate.txt file in the ORACLE_HOME/sysman/config directory. This file contains a list of Base64 Certificates.

   2. Edit the b64InternetCertificate.txt file and add the contents of the certificate file you just exported to the end of the file, taking care to include all the Base64 text of the certificate, including the BEGIN and END lines.

   3. Use the orapki utility to update the monwallet Oracle wallet by issuing the following command:

      ORACLE_HOME/bin/orapki wallet add -wallet ORACLE_HOME/sysman/config/monwallet -trusted_cert -cert certificate location

      In the preceding command, certificate location is the full path to the location of the ias_certificate.cer file.

   4. When prompted, enter a password for the monwallet wallet file. The default password is welcome.

   5. Restart the Application Server Control Console by issuing the following commands in ORACLE_HOME/bin:

      emctl stop iasconsole

      emctl start iasconsole

Perform these steps to enable monitoring of the Load Balancing Router's front-end host and port settings for OracleAS Portal:

1. Open the ORACLE_HOME/sysman/emd/targets.xml file.

2. Locate the OracleAS Portal targets, for example, TYPE="oracle_portal".

3. Edit the PortalListeningHostPort property so that it points to the Load Balancing Router. For example:

   <Property NAME="PortalListeningHostPort" VALUE="https://portal.mycompany.com:443"/>
   
   

4. Save and close the targets.xml file.

5. Reload the targets.xml file in the Application Server Control Console by issuing this command in ORACLE_HOME/bin:

   emctl reload

Testing the Configuration on APPHOST1

1. Perform the following tests:

   1. Access OracleAS Web Cache and Oracle HTTP Server through the Load Balancing Router with following URL:

      https://portal.mycompany.com

   2. Test the connection to the Oracle Application Server Metadata Repository through the Load Balancing Router, by accessing the following URL:

      https://portal.mycompany.com/pls/portal/htp.p?cbuf=test

      The response should be test. If this succeeds, then the Oracle Application Server middle tier can connect to the OracleAS Metadata Repository. If this test fails, then examine the Oracle HTTP Server ORACLE_HOME/Apache/Apache/logs/error_log file to determine the cause.

   3. Test the Oracle AS Portal using following URL (ensure that you can log in):

      https://portal.mycompany.com/pls/portal

   4. Verify that content is being cached in OracleAS Web Cache on APPHOST1, using Web Cache Administrator. Under Monitoring, click Popular Requests. Select Cached from the Filtered Objects drop-down list, and click Update.

      If you accessed OracleAS Portal, portal content (for example, URLs that contain /pls/portal) will appear. If there is no portal content, open another browser and log in to OracleAS Portal. Return to the Popular Requests page, and click Update to refresh the page content.

   5. Add a portlet to a page, and then verify that the new content is present. If the new content does not display properly, or if errors occur, then the OracleAS Web Cache invalidation is not configured correctly.

4.2.3 Installing the Second Application Server on APPHOST2

Follow these steps to install an Oracle Application Server middle tier on APPHOST2:

1. Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.

2. Copy the staticport.ini file from the Disk1/stage/Response directory to a local directory, such as TMP.

   
   

   Notes: Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature as described to install the Application Server Tier ensures that the port assignments will be consistent with the documentation in this section, if the ports are correctly specified in the file and the port is not already in use. Otherwise: If a port is incorrectly specified, then the Oracle Universal Installer will assign the default port. If a port is already in use, then the Oracle Universal Installer will assign the next available port. See Section B.3, "Using the Static Ports Feature with Oracle Universal Installer" for more information.

   
   

3. Edit the staticport.ini file to assign the following custom ports:

   Oracle HTTP Server port = 7777
   Oracle HTTP Server Listen port = 7778
   Web Cache HTTP Listen port = 7777
   Web Cache Administration port = 4000
   Web Cache Invalidation port = 4001
   Web Cache Statistics port = 4002
   Application Server Control port = 1810
   
   

   
   

   Notes: Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature as described to install the Application Server Tier ensures that the port assignments will be consistent with the documentation in this section, if the ports are correctly specified in the file and the port is not already in use. Otherwise: If a port is incorrectly specified, then the Oracle Universal Installer will assign the default port. If a port is already in use, then the Oracle Universal Installer will assign the next available port. See Section B.3, "Using the Static Ports Feature with Oracle Universal Installer" for more information.

   
   

4. Start the Oracle Universal Installer as follows:

   On UNIX, issue this command: runInstaller

   On Windows, double-click setup.exe

   The Welcome screen appears.

5. Click Next.

   On UNIX systems, the Specify Inventory Directory and Credentials screen appears.

6. Specify the directory you want to be the orainventory directory and the operating system group that has write permission to it.

7. Click Next.

   On UNIX systems, a dialog appears, prompting you to run the orainstRoot.sh script.

8. Open a window and run the script, following the prompts in the window.

9. Return to the Oracle Universal Installer screen and click Next.

   The Specify File Locations screen appears with default locations for:

   • The product files for installation (Source)

   • The name and path to the Oracle home (Destination)

     
     

     Note: Ensure that the Oracle home directory path for APPHOST2 is the same as the path to the Oracle home location of APPHOST1. For example, if the path to the Oracle home on APPHOST1 is: /u01/app/oracle/product/AS10gPortal then the path to the Oracle home on APPHOST2 must be: /u01/app/oracle/product/AS10gPortal All instructions for copying files from one computer to another assume this convention.

     
     

10. Specify the path and click Next.

    The Select a Product to Install screen appears.

    Figure 4-6 Oracle Universal Installer Select a Product to Install Screen

    
    Description of the illustration mid5.gif
    
    

11. Select Oracle Application Server 10g, as shown in Figure 4-6, and click Next.

    The Select Installation Type screen appears.

    Figure 4-7 Oracle Universal Installer Select Installation Type Screen

    
    Description of the illustration portal2.gif
    
    

12. Select Portal and Wireless, as shown in Figure 4-7, and click Next.

    The Confirm Pre-Installation Requirements screen appears.

13. Ensure that the requirements are met and click Next.

14. The Select Configuration Options screen appears.

    Figure 4-8 Oracle Universal Installer Select Configuration Options Screen

    
    Description of the illustration portal3.gif
    
    

15. Do not select any configuration options, as shown in Figure 4-8, and click Next.

    
    

    Note: Selecting the Oracle Application Server 10g Portal option in this screen now will overwrite the previously created configuration entries. For more information, refer to the Oracle Application Server Portal Configuration Guide, section titled "Configuring OracleAS Portal During and After Installation".

    
    

    The Specify Port Configuration Options screen appears.

16. Select Manual, specify the location of the staticports.ini file, and click Next.

17. The Register with Oracle Internet Directory screen appears.

    Figure 4-9 Oracle Universal Installer Register with Oracle Internet Directory Screen

    
    Description of the illustration portal5.gif
    
    

18. Enter the host name and port of the Oracle Internet Directory load balancing router. Do not select the SSL configuration option.

19. Click Next.

    The Specify OID Login screen appears.

20. Enter the user name and the password and click Next.

    The Select OracleAS 10g Metadata Repository screen appears, displaying the connect string for the repository database that the installer detected.

21. Click Next.

    The Specify Instance Name and ias_admin Password screen appears.

22. Specify an instance name and the OracleAS administrator's password and click Next.

    The Summary screen appears.

23. Click Next.

    On UNIX systems, a dialog appears, prompting you to run the root.sh script.

24. Open a window and run the script, following the prompts in the window.

25. Return to the Oracle Universal Installer screen and click Next.

    The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.

26. Click Exit, and then confirm your choice to exit.

4.2.4 Configuring the Second Application Server on APPHOST2

The configuration of the OracleAS Portal application server tier on APPHOST2 consists of the following tasks:

• Enabling Portal on APPHOST2

• Configuring the Oracle HTTP Server with the Load Balancing Router on APPHOST2

• Configuring the Parallel Page Engine Loop-Back with the Load Balancing Router on APPHOST2

• Configuring the Event Servlet with the Load Balancing Router on APPHOST2

• Modifying the Portal Dependency Settings (iasconfig.xml) File on APPHOST2

• Configuring the Portal Tools Providers on APPHOST2

• Re-registering mod_osso on APPHOST2

• Enabling Monitoring of the Load Balancing Router's OracleAS Portal Host and Port Settings on APPHOST2

Enabling Portal on APPHOST2

The first task is to configure OracleAS Portal, using the Oracle Enterprise Manager 10g Application Server Control Console. Follow these steps to configure OracleAS Portal, beginning on the Application Server page:

1. Click Configure Component.

   The Select Component page appears.

2. Select Portal from the drop-down list.

   The Login page appears.

3. Enter the ias_admin password and click Finish.

   The configuration process may take 10-20 minutes to complete.

Before you continue with the OracleAS Portal application server configuration, ensure that the following is configured:

• You are able to resolve portal.mycompany.com from APPHOST2, either with DNS or with an entry in the hosts file, such that it contacts the Load Balancing Router. To ensure you can resolve portal.mycompany.com:

  • Issue this command from APPHOST2:

    nslookup portal.mycompany.com

    The IP address for the Load Balancing Router should be returned.

• You are able to contact port 7777 on portal.mycompany.com from APPHOST2. Issue this command on APPHOST2:

  telnet portal.mycompany.com 7777

  Verify that no connection failure message is returned.

Configuring the Oracle HTTP Server with the Load Balancing Router on APPHOST2

This step associates the components on which OracleAS Portal depends with the Load Balancing Router, portal.mycompany.com on port 443.

1. Access the Oracle Enterprise Manager 10g Application Server Control Console.

2. Click the link for the APPHOST2 installation.

3. Click the HTTP Server link.

4. Click the Administration link.

5. Click Advanced Server Properties.

6. Open the httpd.conf file.

7. Perform the following steps:

   1. Add the LoadModule certheaders_module directive for the appropriate platform.

      UNIX:

      LoadModule certheaders_module libexec/mod_certheaders.so
      
      

      Windows:

      LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
      

      
      

      Notes: The LoadModule directives (in particular, the LoadModule rewrite_module directive) must appear in the httpd.conf file at a location preceding the VirtualHost directives. The server must load all modules before it can execute the directives in the VirtualHost container. It is a good idea to create the VirtualHost directives at the end of the httpd.conf file.

      
      

   2. Add the following lines to create a NameVirtualHost directive and a VirtualHost container for portal.mycompany.com and port 443.

      NameVirtualHost *:7778
      <VirtualHost *:7778>
        ServerName portal.mycompany.com
        Port 443
        ServerAdmin you@your.address 
        RewriteEngine On 
        RewriteOptions inherit
        SimulateHttps On
      </VirtualHost> 
      
      

   3. Create a second NameVirtualHost directive and a VirtualHost container for apphost2.mycompany.com and port 7777.

      NameVirtualHost *:7778
      <VirtualHost *:7778>
        ServerName apphost2.mycompany.com
        Port 7777
        ServerAdmin you@your.address 
        RewriteEngine On 
        RewriteOptions inherit
      </VirtualHost> 
      
      

8. Save the httpd.conf file, and restart the Oracle HTTP Server when prompted.

9. Copy the APPHOST1_ORACLE_HOME/Apache/modplsql/conf/dads.conf file to APPHOST2_ORACLE_HOME/Apache/modplsql/conf/.

Configuring the Parallel Page Engine Loop-Back with the Load Balancing Router on APPHOST2

In this step, you provide (non-SSL) loop-back communication between the Load Balancing Router and the Parallel Page Engines on APPHOST1 and APPHOST2. If the OracleAS Web Cache on APPHOST1 is down, the Parallel Page Engine can loop back to the OracleAS Web Cache on APPHOST2 through the Load Balancing Router to reach mod_plsql. This is an example of component-level high availability.

Follow these steps to create the loop-back configuration:

1. Open the APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml file.

2. Locate the Page servlet section.

3. Add the lines shown in bold:

   <servlet>
   <servlet-name>page</servlet-name>
      <servlet-class>oracle.webdb.page.ParallelServlet</servlet-class>
             <init-param>
                <param-name>useScheme</param-name>
                <param-value>http</param-value>
             </init-param>
             <init-param>
                <param-name>usePort</param-name>
                <param-value>7777</param-value>
             </init-param>
   </servlet>
   
   

4. Save the web.xml file.

   The configuration now provides component-level high availability, since if the OracleAS Web Cache on APPHOST1 is down, the Parallel Page Engine can loop back to the OracleAS Web Cache on APPHOST2, through the Load Balancing Router, to reach mod_plsql.

5. Save the manual configuration changes in the Distributed Configuration Management repository by issuing the following command on APPHOST2 in ORACLE_HOME/dcm/bin:

   dcmctl updateconfig

6. Restart all components on APPHOST2 by issuing the following command in ORACLE_HOME/opmn/bin:

   opmnctl stopall

   opmnctl startall

Configuring the Event Servlet with the Load Balancing Router on APPHOST2

Follow these steps to configure the event servlet:

1. Open the APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml file.

2. Locate the Event servlet section.

3. Add the lines shown in bold:

   <servlet>
    <servlet-name>event</servlet-name> 
       <servlet-class>oracle.webdb.event.EventServlet</servlet-class> 
               <init-param> 
                  <param-name>httpsports</param-name> 
                  <param-value>443</param-value> 
               </init-param> 
   </servlet>
   
   

4. Save the web.xml file.

5. Issue this command in ORACLE_HOME/dcm/bin to update the DCM repository:

   dcmctl updateconfig

6. Issue these commands in ORACLE_HOME/opmn/bin to restart the instance:

   opmnctl stopall

   opmnctl startall

Modifying the Portal Dependency Settings (iasconfig.xml) File on APPHOST2

The Portal Dependency Settings file iasconfig.xml must contain the correct host, port and farm name to enable access to OracleAS Portal and perform OracleAS Web Cache invalidation.

1. Copy the APPHOST1_ORACLE_HOME/portal/conf/iasconfig.xml file to APPHOST2_ORACLE_HOME/portal/conf/.

2. Overwrite the file on APPHOST2 when prompted.

Configuring the Portal Tools Providers on APPHOST2

You must propagate the configuration made to Portal Tools providers on APPHOST1 to APPHOST2 by following these steps:

1. Copy the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml file to:

   APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml

2. Copy the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/webClipping/WEB-INF/providers/webClipping/provider.xml file to:

   APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/webClipping/WEB-INF/providers/webClipping/provider.xml

3. Copy the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml file to:

   APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml.

4. Copy the OmniPortlet trusted certificates file that you updated in APPHOST1 to APPHOST2. If you are using the default location, copy APPHOST1_ORACLE_HOME/portal/conf/ca-bundle.crt to APPHOST2_ORACLE_HOME/portal/conf/ca-bundle.crt.

5. Restart the OC4J_Portal instance.

Re-registering mod_osso on APPHOST2

1. Back up the APPHOST2_ORACLE_HOME/Apache/Apache/conf/osso.conf file.

2. Use FTP binary mode to copy the APPHOST1_ORACLE_HOME/Apache/Apache/conf/osso.conf file to APPHOST2_ORACLE_HOME/Apache/Apache/conf.

3. Synchronize the DCM repository with the FTP file by issuing the following command:

   $ORACLE_HOME/Apache/Apache/bin/ssotransfer $ORACLE_HOME/Apache/Apache/conf/osso/osso.conf

   
   

   Note: This does not create any new partner applications; it enables the partner application portal.mycompany.com forAPPHOST1 and APPHOST2.

   
   

4. Restart the components on APPHOST2 by issuing these commands in APPHOST2_ORACLE_HOME/opmn/bin:

   opmnctl stopall

   opmnctl startall

5. Access the following URL:

   https://login.mycompany.com/pls/orasso

6. Log in to the OracleAS Single Sign-On Administration page as the Administrator, and use the Administer Partner Applications page to delete the entry for the partner application apphost2.mycompany.com.

4.2.5 Configuring OracleAS Web Cache Clusters

To cluster the OracleAS Web Cache instances, you will perform the configuration steps on APPHOST1 and propagate them to APPHOST2.

From the Oracle Enterprise Manager Application Server Control, you can access the Web Cache Manager, the graphical user interface provided for editing the configuration stored in the webcache.xml file. Start the Oracle Application Server instance on APPHOST1, then follow these steps to access the Web Cache Manager from the System Components page:

1. Access the Web Cache Administrator at:

   http://apphost1.mycompany.com:4000/webcacheadmin

   The Web Cache Administrator password dialog appears.

2. For the user name, enter ias_admin or administrator, and enter the OracleAS Web Cache administrator password.

   
   

   Note: At installation time, The OracleAS Web Cache administrator password is set to the same password as the ias_admin password. The OracleAS Web Cache administrator password must be identical for all cache cluster members.

   
   

3. The Web Cache Manager page appears. A scrollable frame on the left side of the window contains groups of configuration elements. To access an element, click its link. The content area of the page is then populated with the values for that element.

4. Click Clustering in the Properties section.

   The Clustering page appears.

5. In the Cluster Members table, click Add.

   The Add Cache to Cluster page appears.

6. Enter the following information for APPHOST2:

   • Host Name: apphost2.mycompany.com

   • Admin. Port: 4000

   • Protocol for Admin. Port: HTTP

   • Cache Manager: apphost2.mycompany.com-Webcache

   • Capacity: 20

7. Click Submit.

8. Click the Origin Server link in the Origin Servers, Sites, and Load Balancing section.

   The Origin Server page appears.

9. Click Add under the Application Web Servers table.

   The Add Application Web Server page appears.

10. Enter the following information:

    • Hostname: apphost2.mycompany.com

    • Port: 7778

    • Routing: ENABLED

    • Capacity: 30

    • Failover Threshold: 5

    • Ping URL: /

    • Ping Interval: 10

    • Protocol: HTTP

11. Click Submit.

12. Click the Site-to-Server Mapping link in the Origin Servers, Sites, and Load Balancing section.

    The Site-to-Server Mapping page appears.

13. Select the mapping for the Load Balancing Router site (portal.mycompany.com) from the table and click Edit Selected.

    The Edit/Add Site-to-Server Mapping page appears.

14. In the Select Application Web Servers section, select an application Web server specified in the Origin Servers page for apphost2.mycompany.com (apphost1.mycopany.com is already mapped).

15. Click Submit.

16. Click Apply Changes.

17. In the Cache Operations page, click Propagate.

    The changes are propagated to apphost2.mycompany.com.

18. Click Restart.

    OracleAS Web Cache is restarted on APPHOST1 and APPHOST2. OracleAS Web Cache on APPHOST1 begins to balance requests to the Oracle HTTP Server and OC4J_Portal instances on APPHOST2.

    After the clustering operation is completed, OracleAS Web Cache on APPHOST1 will start balancing requests to the Oracle HTTP Server and OC4J_Portal instances running on APPHOST2. Repeat the steps in "Testing the Configuration on APPHOST1" to confirm that the Oracle HTTP Server and OC4J_Portal instances on APPHOST2 were configured properly.

    
    

    Tip: If these tests yield unsatisfactory or unexpected results, revisit the configuration steps performed to identify the cause. If the site is accepting live traffic, you might find it useful to temporarily remove the new OracleAS Web Cache instance from the cluster, revisiting the configuration while the new middle tier is completely off-line. After the problem is resolved, you can redo the clustering operation and perform the validation again.

    
    

Enabling Monitoring of the Load Balancing Router's OracleAS Portal Host and Port Settings on APPHOST2

You must first configure a certificate in Oracle Enterprise Manager 10g in order to successfully monitor the OracleAS Portal metrics using the Oracle Enterprise Manager 10g Application Server Control Console. To configure the Application Server Control Console to recognize the Certificate Authority that was used by the Web Site to support HTTPS:

1. Obtain the Certificate of the Web site's Certificate Authority, as follows:

   1. In Microsoft Internet Explorer, connect to the HTTPS URL of the application server you are attempting to monitor.

   2. Double-click the lock icon at the bottom of the browser screen, which indicates that you have connected to a secure Web site. The browser displays the Certificate dialog box, which describes the Certificate used for this Web site. Other browsers offer a similar mechanism to view the Certificate detail of a Web Site.

   3. Click the Details tab in the Certificate window.

   4. Click Copy to File to display the Certificate Manager Export wizard.

   5. In the Certificate Manager Export wizard, select Base64 encoded X.509 (.CER) as the format you want to export, and save the certificate to a text file with an easily identifiable name, such as ias_certificate.cer.

   6. Open the certificate file using a text editor, and confirm that the content of the certificate file looks similar to the content in the subsequent example:

      -----BEGIN CERTIFICATE-----
      MIIDBzCCAnCgAwIBAgIQTs4NcImNY3JAs5edi/5RkTANBgkqhkiG9w0BAQQFADCB
      ...
      base64 certificate content
      ...
      -----END CERTIFICATE-----
      
      

2. Update the list of Certificate Authorities, as follows:

   1. Locate the b64InternetCertificate.txt file in the ORACLE_HOME/sysman/config directory. This file contains a list of Base64 Certificates.

   2. Edit the b64InternetCertificate.txt file and add the contents of the certificate file you just exported to the end of the file, taking care to include all the Base64 text of the certificate, including the BEGIN and END lines.

   3. Use the orapki utility to update the monwallet Oracle wallet by issuing the following command:

      ORACLE_HOME/bin/orapki wallet add -wallet ORACLE_HOME/sysman/config/monwallet -trusted_cert -cert certificate location

      In the preceding command, certificate location is the full path to the location of the ias_certificate.cer file.

   4. When prompted, enter a password for the monwallet wallet file. The default password is welcome.

   5. Restart the Application Server Control Console by issuing the following commands in ORACLE_HOME/bin:

      emctl stop iasconsole

      emctl start iasconsole

Perform these steps to enable monitoring of the Load Balancing Router's front-end host and port settings for OracleAS Portal:

1. Open the ORACLE_HOME/sysman/emd/targets.xml file.

2. Locate the OracleAS Portal targets, for example, TYPE="oracle_portal".

3. Edit the PortalListeningHostPort property so that it points to the Load Balancing Router. For example:

   <Property NAME="PortalListeningHostPort" VALUE="https://portal.mycompany.com:443"/>
   
   

4. Save and close the targets.xml file.

5. Reload the targets.xml file in the Application Server Control Console by issuing this command in ORACLE_HOME/bin:

   emctl reload

4.2.6 Completing the Configuration

Follow these steps to configure the Load Balancing Router to recognize the second application server instance. The Load Balancing Router must be configured to:

• Balance requests to portal.mycompany.com on port 443 (an HTTPS listening port) to the Application tier OracleAS Web Cache running on APPHOST2 port 7777 (an HTTP listening port).

• Balance requests to portal.mycompany.com on port 7777 (an HTTP listening port) to the Application tier OracleAS Web Cache on APPHOST2 port 7777 (an HTTP listening port). Port 7777 on the Load Balancing Router receives the HTTP loop-back requests made by the Parallel Page Engine on APPHOST2. This configuration requires a Network Address Translation (NAT) rule in the Load Balancing Router in order for the loop-back request from the PPE to succeed.

• Balance requests to portal.mycompany.com on port 4001 (an HTTP listening port) to the Application Tier OracleAS Web Cache on APPHOST2 port 4001 (an HTTP listening port). Port 4001 port on the Load Balancing Router receives invalidation messages from the OracleAS Portal Repository when content that is cached in OracleAS Web Cache becomes stale. This configuration might require a Network Address Translation (NAT) rule in the Load Balancing Router in order for the invalidation requests from the OracleAS Portal repository to succeed.

• Monitor OracleAS Web Cache. The Load Balancing Router must be configured to detect an inoperative computer and stop routing requests to it until it is functioning again. Two OracleAS Web Cache ports must be monitored: the HTTP request port and the invalidation port.

  Use this URL in the Load Balancing Router configuration to monitor HTTP request port 7777:

  host name:port/_oracle_http_server_webcache_static_.html

  for example:

  http://apphost2.mycompany.com:7777/_oracle_http_server_webcache_static_.html

  To monitor invalidation port 4001, use this URL:

  http://apphost2.mycompany.com:4001/_oracle_http_server_webcache_static_.html

4.2.7 Enabling Session Binding on OracleAS Web Cache Clusters

The Session Binding feature in OracleAS Web Cache is used to bind user sessions to a given origin server to maintain state for a period of time. Although almost all components running in a default OracleAS Portal middle tier are stateless, session binding is required for two reasons:

• The Web Clipping Studio, used by both the OracleAS Web Clipping Portlet and the Web Page Data Source of OmniPortlet, uses HTTP session to maintain state, for which session binding must be enabled.

• Enabling session binding forces all the user requests to go to a given OracleAS Portal middle-tier, resulting in a better cache hit ratio for the portal cache.

Follow these steps on APPHOST1 or APPHOST2 to enable session binding in OracleAS Web Cache:

1. Access the Web Cache Administrator at:

   http://apphost1.mycompany.com:4000

   The Web Cache Administrator password dialog appears.

2. Enter the OracleAS Web Cache administrator password.

   
   

   Note: At installation time, The OracleAS Web Cache administrator password is set to the same password as the ias_admin password. The OracleAS Web Cache administrator password must be identical for all cache cluster members.

   
   

3. The Web Cache Manager page appears. A scrollable frame on the left side of the window contains groups of configuration elements. To access an element, click its link. The content area of the page is then populated with the values for that element.

4. Click the Session Binding link in the Origin Servers, Sites, and Load Balancing section.

   The Session Binding page appears.

5. Select the Load Balancing Router site, portal.mycompany.com:443, from the table and click Edit Selected.

   The Edit Session Binding window opens.

6. Select Any Set-Cookie from the Please select a session drop-down list.

7. Select Cookie-based from the Please select a session binding mechanism drop-down list.

8. Click Submit.

9. Click Apply Changes.

10. On the Cache Options page, click Propagate.

    The changes are propagated to the OracleAS Web Cache instance on the other computer.

11. Click Restart.

    OracleAS Web Cache is restarted on APPHOST1 and APPHOST2.

4.3 Testing the Application Server Tier

The complete configuration is shown in Figure 4-10.

Figure 4-10 Final Application Server Configuration: APPHOST1 and APPHOST2

Description of the illustration asted002.gif

To ensure that it is working as it should, perform the following tests:

1. Ensure that all components on APPHOST2 are running.

   1. Issue this command ORACLE_HOME/opmn/bin to query the components' status:

      opmnctl status

   2. If necessary, issue this command in ORACLE_HOME/opmn/bin:

      opmnctl startall

2. Stop all components on APPHOST1 by issuing this command in ORACLE_HOME/opmn/bin:

   opmnctl stopall

3. Access OracleAS Web Cache and Oracle HTTP Server through the Load Balancing Router with following URL:

   https://portal.mycompany.com

4. Test the connection to Oracle Application Server Metadata Repository through the Load Balancing Router, by accessing the following URL:

   https://portal.mycompany.com/pls/portal/htp.p?cbuf=test

   The response should be test. If this is the result, the Oracle Application Server middle-tier was able to connect to the OracleAS Metadata Repository. If it is not, review the Oracle HTTP Server APPHOST2_ORACLE_HOME/Apache/Apache/logs/error_log file for information about how to resolve the error.

5. Test the Oracle AS Portal using following URL (ensure that you can log in):

   https://portal.mycompany.com/pls/portal

6. Verify that content is being cached in OracleAS Web Cache on APPHOST2, using Web Cache Administrator. Under Monitoring, click Popular Requests. Select Cached from the Filtered Objects drop-down list, and click Update.

   If you accessed OracleAS Portal, portal content (for example, URLs that contain /pls/portal) will appear. If there is no portal content, open another browser and log in to OracleAS Portal. Return to the Popular Requests page, and click Update to refresh the page content.

7. Add a portlet to a page, and then verify that the new content is present. If the new content does not display properly, or if errors occur, then the OracleAS Web Cache invalidation is not configured correctly.

8. Repeat steps 3 through 7, first ensuring that all components on APPHOST1 are running, and all components on APPHOST2 are stopped. (Refer to steps 1 and 2 for the commands to do this.)

9. Repeat steps 3 through 7, first ensuring that all components on APPHOST1 and APPHOST2 are running. (Refer to steps 1 and 2 for the commands to do this.)

4.4 Configuring Custom Java Portal Development Kit (JPDK) Providers

There are two types of JPDK providers: custom JPDK providers, which are created by users, and seeded JPDK providers, such as the OracleAS Portal Tools (Web Clipping and OmniPortlet) providers, which are created by the OracleAS Portal installation. This section recommends a deployment scheme, and explains how to configure the custom JPDK providers.

Note: In multiple middle tier environments that use aLoad Balancing Router, all JPDK applications must be re-registered with the Load Balancing Router URL. This URL or port need not be accessible from outside of the firewall; port 7777, which is configured for the Parallel Page Engine loop back, can also be used for the JPDK registration port. You could also designate a separate URL for the JPDK applications on a separate Virtual IP address of the Load Balancing Router.

If you are using custom J2EE applications with session APIs, and you need to replicate state between the JPDK instances on multiple middle tiers, you must deploy JPDK and custom J2EE applications on separate OC4J instances. The applications can then use OC4J session state replication, with OC4J islands, to automatically replicate the session state across multiple processes in an application server instance, and in a cluster, across multiple application instances operating on different computers.

4.4.1 Deploying Custom JPDK Providers

Follow these steps to deploy custom JPDK providers:

1. Use the Oracle Enterprise Manager 10g Application Server Control Console to create a new OC4J instance named OC4J_JPDK on each middle tier instance.

2. Use the Application Server Control Console to deploy the custom providers in the OC4J_JPDK instances.

3. Use the Application Server Control Console to start the OC4J_JPDK on each middle tier instance.

4. Configure your provider registration URL to go through the Load Balancing Router, and verify that the provider works properly through the Load Balancing Router, by accessing the test page at the following URL:

   https://portal.mycompany.com:7777/<webApp>/providers/<provider name>

4.5 Setting the OracleAS Single Sign-On Query Path URL for External Applications

This section explains how to set the URL for the OracleAS Single Sign-On query path. You need only perform this task if you are using external applications.

OracleAS Portal maintains the URL prefix of OracleAS Single Sign-On, which accesses certain information through HTTP requests from the database using the UTL_HTTP package. These requests must be made over the HTTP protocol (rather than HTTPS). Consesquently, even if OracleAS Portal and OracleAS Single Sign-On are configured to use HTTPS, OracleAS Single Sign-On must still have access to an HTTP port, so that it can support these interfaces. The purpose of the requests is to:

• Obtain the list of external applications to allow customization of the External Applications portlet.

• Map OracleAS Single Sign-On user names to external application user names.

Perform these steps to set the URL:

1. Configure the Load Balancing Router (login.mycompany.com) with an internal network address translated port 7777, to receive requests from the OracleAS Portal database and pass them to both OracleAS Single Sign-On Oracle HTTP Servers.

2. Log on to OracleAS Portal as the portal administrator.

3. Click the Administer tab.

4. Click the Portal tab.

5. Click Global Settings in the Services portlet.

6. Click the SSO/OID tab.

7. Edit the Query Path URL Prefix under SSO Server Settings. Enter a URL for OracleAS Single Sign-On, for example:

   http://login.mycompany.com:7777pls/orasso