|
Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) Part No. B14082-01 |
|
 Previous |
 Next |
|
Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) Part No. B14082-01 |
|
|
Previous |
Next |
This chapter describes the directory server in Oracle Application Server Cluster (Identity Management) configuration, which is also known as rack-mounted configuration. This configuration provides high availability of a directory server and involves running multiple directory server instances on different hardware nodes. The directory servers are connected to the same directory store, which is an Oracle Database.
This chapter contains these topics:
About Oracle Application Server Cluster (Identity Management) Directory Server Configurations
Architecture of the Oracle Application Server Cluster (Identity Management) Configuration
How Failover Works in an Oracle Application Server Cluster (Identity Management) Environment
Metadata Synchronization in an Oracle Application Server Cluster (Identity Management) Environment
Rules for Managing an Oracle Application Server Cluster (Identity Management) Environment
|
Notes: This chapter describes a high availability configuration for directory servers. It does not address high availability for database servers that store directory data. For the latter, use one of the standard high availability configurations for database servers such as Oracle Real Applications Clusters or Data Guard. For information about installing the configuration described in this chapter, please see the chapter on installing Oracle Application Server Cluster (Identity Management) in Oracle Application Server Installation Guide. |
|
See Also: Chapter 29, "The Directory in an Oracle Real Application Clusters Environment" The Oracle Application Server Installation Guide for information on installing an Oracle Application Server Cluster (Identity Management) directory server. |
In an Oracle Application Server Cluster (Identity Management) configuration, multiple directory server instances run on different hardware nodes but connect to the same directory store, which is an Oracle Database.
The key benefits of the Oracle Application Server Cluster (Identity Management) configuration are:
Scalability and Performance
Load balancing is achieved by redirecting LDAP clients to multiple directory nodes. Each additional hardware node added to the directory node increases both the number of concurrent clients that can be supported and the throughput of LDAP operations.
High Availability of Directory Servers
High availability of directory servers can be achieved through a network re-director that changes the direction of the LDAP request on the failed directory server node to the other ones that are still running.
Reduced cost of ownership
An Oracle Application Server Cluster (Identity Management) configuration requires only low-cost hardware to achieve all the benefits of high performance, high availability, and scalability.
Figure 27-1 shows the architecture of an Oracle Application Server Cluster (Identity Management) configuration.
Figure 27-1 Architecture of an Oracle Application Server Cluster (Identity Management) Configuration
As Figure 27-1shows, in an Oracle Application Server Cluster (Identity Management) environment, a replication server can reside on one node only. If, after 10 tries, the OID Monitor on one node fails to start either a directory replication server or a directory integration server, then it pushes the start request to the OID Monitor on another node.
Multiple instances of the Oracle directory integration and provisioning server should not be started using the same configuration set entry.
Load balancing needed for high availability of directory servers can be achieved through a network re-director that changes the direction of the LDAP request on the failed directory server node to the other nodes that are still running.
Figure 27-2 shows load balancing in an Oracle Application Server Cluster (Identity Management) configuration.
Figure 27-2 Load Balancing in an Oracle Application Server Cluster (Identity Management) Configuration
As Figure 27-2 shows, when LDAP clients seek to connect to a directory, a load balancer handles that connection. If a directory server node has failed, then this re-director connects the client to one that is running.
In an Oracle Application Server Cluster (Identity Management) environment, it is necessary to synchronize the metadata—for example, definitions of object classes, attributes, matching rules, ACPs, and password policies—on all the directory server nodes. Figure 27-3 and the accompanying text exemplify the process in which directory server metadata is synchronized between two directory server nodes, Host A and Host B, in an Oracle Application Server Cluster (Identity Management) environment.
Figure 27-3 Metadata Synchronization Process in Oracle Application Server Cluster (Identity Management) Environments
In the example in Figure 27-3, metadata in an Oracle Application Server Cluster (Identity Management) environment is synchronized as follows:
On Host A, the directory server writes metadata changes to the shared memory on that same host.
OID Monitor on Host A polls the shared memory on that same host. When it discovers a change in the metadata, it retrieves the change.
OID Monitor sends the change to the Oracle Database, which is the repository for the directory server metadata in the Oracle Application Server Cluster (Identity Management) environment.
OID Monitor on Host B polls the Oracle Database for changes in directory server metadata, and retrieves those changes.
OID Monitor on Host B sends the change to the shared memory on that same host.
The directory server on Host B polls the shared memory on that same host for metadata changes. It then retrieves and applies those changes.
In an Oracle Application Server Cluster (Identity Management) environment, the OID Monitor on each node reports to the other nodes that it is running by sending a message to the Oracle Database every 10 seconds. When it does this, it also polls the database server to verify that all other directory server nodes are also running. If, after 250 seconds, an OID Monitor on one of the nodes has not reported that it is running, then the other directory server nodes regard it as having failed. At this point, the following occurs on one of the other nodes that are still running:
The OID Monitor on that node brings up the processes that were running on the failed node.
The directory server on that node continues processing the operations that were previously underway on the failed node.
The OID Monitor on that node logs that it has brought up the processes that were previously running on the failed node.
Figure 27-4 and the accompanying text exemplify this process on two hypothetical nodes, Node A and Node B.
Figure 27-4 Example of Failover in an Oracle Application Server Cluster (Identity Management) Environment
As the example in Figure 27-4 shows, the failover process in an Oracle Application Server Cluster (Identity Management) environment follows this process:
Every 10 seconds, the OID Monitor on Node A reports that it is running by sending a message to the database.
The OID Monitor on Node B polls the database to learn which, if any, of the other nodes may have failed.
When OID Monitor on Node B learns that Node A has not responded for 250 seconds, it regards Node A as having failed. It then retrieves from the database the necessary information about the Oracle Internet Directory servers that were running on Node A. In this example, it learns that the directory replication server had been running on Node A.
Because a directory replication server was not already running on Node B, the OID Monitor on Node B starts a directory replication server that corresponds to the directory replication server previously running on Node A.
|
Note: If Node A, running either the directory replication server (oidrepld), or the Oracle directory integration and provisioning server (odisrv), or both fails, then the OID Monitor on Node B starts these processes on Node B after five minutes. When Node A is restarted, OIDMON on Node A starts the servers automatically and requests the OIDMON on Node B to stop the servers that were started for Node A.
If OIDMON detects a time discrepancy of more than 250 seconds between the two nodes, OIDMON on the node that is behind stops all servers. OIDMON on the node that is ahead automatically starts the servers. To correct this problem, synchronize the time and restart the servers on the node that was behind. |
|
See Also: "Oracle Internet Directory Architecture" for information about directory server nodes, directory server instances, and the kinds of directory metadata stored in the database "Starting, Stopping, Restarting, and Monitoring Oracle Internet Directory Servers". |
|
Note: Normal shutdown is not treated as a failover—that is, after a normal shutdown of Node A, the OID Monitor on Node B does not start these processes on Node B after five minutes. |
Adhere to the following rules when managing an Oracle Application Server Cluster (Identity Management) environment:
The port numbers (non-SSL port and SSL port) used by the directory servers must be the same on all the nodes and on the hardware load balancer for Oracle Internet Directory if configured.
Synchronize the time value on all nodes using Greenwich mean time so that there is a discrepancy of no more than 250 seconds between them.
If you change the password to the Oracle Internet Directory-designated database, then you must update each of the other nodes in the Oracle Application Server Cluster (Identity Management) environment. You change the ODS database user account password using the oidpasswd utility.
To change the ODS database user password, invoke the following on one of the Oracle Internet Directory nodes:
oidpasswd connect=db-conn-str change_oiddb_pwd=true
On all other Oracle Internet Directory nodes, invoke the following to synchronize the password wallet:
oidpasswd connect=db-conn-str create_wallet=true
|
See Also:
|
