| Oracle® Collaboration Suite Deployment Guide 10g Release 1 (10.1.1) Part Number B14479-02 |
|
|
View PDF |
| Oracle® Collaboration Suite Deployment Guide 10g Release 1 (10.1.1) Part Number B14479-02 |
|
|
View PDF |
This chapter describes some real-life examples of Oracle Collaboration Suite deployments in the following topics:
Oracle Collaboration Suite Simple Deployment (200 to 1,000 Users)
Oracle Collaboration Suite MediumDeployment (1,000 - 5,000 Users)
Oracle Collaboration Suite Large Deployment (Several Thousand Users)
This chapter provides examples of how various organizations have deployed Oracle Collaboration Suite. You can use the deployment examples in this chapter to obtain general idea of how organizations of similar size or with similar requirements to yours chose to deploy Oracle Collaboration Suite. It is strongly recommended that you use the examples in this chapter as a reference only, rather than replicating a particular setup with all of its components.
The Oracle Collaboration Suite simple deployment configuration is available for organizations of typically two hundred to one thousand users, although there is no specific user limitation. The simple deployment configuration contains the following options:
This section describes the Oracle Collaboration Suite components contained in a single computer deployment and explains how those components operate with each other.
In Figure 3-1 all Infrastructure tier and Applications tier components are deployed on a single computer and are accessed by Web browser clients, desktop clients, and telephony devices integrated with a PBX.
In Figure 3-1, the Infrastructure tier contains the Oracle Collaboration Suite database which is an Oracle Database 10g database server, the Oracle Internet Directory, and OracleAS Single Sign-On server. The Oracle Database 10g serves as a repository for Oracle Content Services, Oracle Mail, Oracle Real-Time Collaboration, and Oracle Workspaces. Authentication is handled by the Oracle Internet Directory, and OracleAS Single Sign-On server.
The Applications tier also contains the applications and access methods for Web browser clients, desktop clients, and telephony clients that are integrated with a PBX. These include the Web cache, Oracle HTTP server, OC4J container, protocol servers, Voicemail & Fax server, and the Mobile Collaboration Server.
OC4J Containers
The OC4J containers have the following Java applications that run in the Applications tier:
Oracle Content Services
Oracle Discusssions
Oracle Real-Time Collaboration
Oracle Collaboration Suite Search
Oracle WebMail
Oracle Workspaces
Protocol Servers
The Applications tier contains the following protocol servers:
Oracle Calendar
Oracle Content Services
Oracle Mail
Oracle Calendar is both a protocol server and a repository for calendar data and the Oracle Database does not store calendar data. See Chapter 5, "Deploying Oracle Calendar" for more information about the Oracle Calendar architecture and functionality.
Figure 3-1 provides an overview of the flow of each Oracle Collaboration Suite application from the client to the repository. For a more detailed understanding of these flows, See the individual Oracle Collaboration Suite application deployment chapters in Part II, "Application-Level Deployment".
Web Browser Clients
Web Browser clients typically send an HTTP or HTTPS request to the Web cache which sends the request to the Oracle HTTP Server. The Oracle HTTP Server authenticates with the Oracle Internet Directory, and OracleAS Single Sign-On server and then sends the request to the target application in the OC4J container. Applications such as Oracle Discusssions, Oracle WebMail, and Oracle Workspaces obtain user information from the Oracle Internet Directory and all applications access data stored in the Oracle Collaboration Suite database.
There are two exceptions to this flow, Oracle Calendar, which is not an OC4J application and Oracle WebMail which typically uses the Oracle Mail protocol servers (SMTP and IMAP4) for incoming and outgoing mail.
In Figure 3-1, after Oracle Calendar accesses the Oracle Internet Directory, and OracleAS Single Sign-On server, the Oracle HTTP Server sends all Calendar HTTP or HTTPS requests to the Calendar protocol server. Oracle Calendar also does not store data in the Oracle Collaboration Suite database since it has its own repository deployed on the Applications tier.
Desktop Clients
Desktop clients typically access protocol servers on the Applications tier which authenticate with the Oracle Internet Directory. There are two exceptions to this flow, the Oracle Real-Time Collaboration console which sends TCP/IP requests to the Oracle HTTP Server, or Web cache, the Oracle Real-Time Collaboration Messenger client which connects directly with Applications tier computer that contains the Oracle Real-Time Collaboration core component instance, and the Oracle Content Services desktop client, which accesses the Web Cache.
Telephony Clients Integrated with a PBX
Oracle Mobile Collaboration, and Oracle Voicemail & Fax are both integrated with a PBX. The PBX sends voice information to the Mobile Collaboration Server through a voice XML gateway. The Mobile Collaboration Server authenticates with the Oracle Internet Directory and then accesses content in the Oracle Collaboration Suite database.
The PBX sends voice information to the Voicemail & Fax server either directly using a circuited switch, or through a Voice Over IP Gateway. The Voicemail & Fax server authenticates with the Oracle Internet Directory and then accesses content in the Oracle Collaboration Suite database.
For security reasons, you may wish to put the OracleAS Single Sign-On server within a DMZ. With a single computer configuration, however, placing the OracleAS Single Sign-On server within a DMZ places all the components in the DMZ which may be considered a security risk. To avoid this problem, you can place a reverse proxy in the DMZ and configure it to authenticate directly with the OracleAS Single Sign-On server.
Note:
The reverse proxy can only proxy HTTP or HTTPS traffic. Oracle Real-Time Collaboration consoles do not use HTTP or HTTPS traffic and therefore, will not work behind a reverse proxy.The Oracle Collaboration Suite medium deployment configuration is typical for organizations of typically one thousand to five thousand users, although there is no specific user limitation. The medium deployment configuration contains the following options:
Applications Tier Components and SSO Server on Separate Computers
Applications Tier Components and SSO Server on the Same Optionally Duplicated Computer
Infrastructure Components Distributed on Different Computers
This section describes deploying Oracle Collaboration Suite on two dedicated Applications tier computers and one Infrastructure tier computer.
Figure 3-3 Applications Tier Components and SSO Server on Separate Computers
In Figure 3-3, the Infrastructure tier contains one computer and the Applications tier contains two computers.
The Infrastructure tier contains one computer located behind a firewall. This computer contains the Oracle Collaboration Suite infrastructure, which consists of the Oracle Collaboration Suite database with Identity Management and the Oracle Application Server Metadata Repository.
The Applications tier contains two computers located in a DMZ. One computer contains the Oracle Collaboration Suite Applications tier components and the other contains the OracleAS Single Sign-On server.
In Figure 3-3, Web clients connect with the OracleAS Single Sign-On server using an HTTP/S connection through ports 80 or 443. The OracleAS Single Sign-On server authenticates login information against the Oracle Internet Directory and then passes the user request to the computer with the Applications tier components. The computer with the Applications tier components connects to the Oracle Internet Directory using an LDAP connection on port 389 or a database connection on port 1521.
This section describes deploying Oracle Collaboration Suite on two duplicated Applications tier computers and one Infrastructure tier computer.
Figure 3-4 Applications Tier Components and SSO Server on the Same Optionally Duplicated Computer
In Figure 3-4, the Infrastructure tier contains one computer and the Applications tier contains two computers and an optional SMTP Relay device.
The Infrastructure tier contains one computer located behind a firewall. This computer contains Oracle Internet Directory and the Oracle Collaboration Suite Database.
The Applications tier contains two computers located in a DMZ and an optional SMTP Relay device. Each computer contains the Oracle Collaboration Suite Applications tier components and the OracleAS Single Sign-On server.
In Figure 3-4, Web clients connect with the OracleAS Single Sign-On server using an HTTP or HTTPS connection through ports 80 or 443 and mail clients optionally connect through the SMTP Relay device using port 25. The OracleAS Single Sign-On server authenticates login information against the Oracle Internet Directory and then passes the user request to the computer with the Applications tier components. The Applications tier components connect to the Oracle Internet Directory using an LDAP connection on port 389 or a database connection on port 1521.
This section describes deploying Oracle Collaboration Suite on two duplicated Applications tier computers and three dedicated Infrastructure tier computers.
Figure 3-5 Infrastructure Components Distributed on Different Computer
In Figure 3-5, the Infrastructure tier contains three computers and the Applications tier contains two computers and an optional SMTP Relay device.
The Infrastructure tier contains three computers located behind a firewall. One computer contains the Oracle Collaboration Suite database with Identity Management and Metadata Repository components, another computer contains the repositories for Oracle Mail and Oracle Real-Time Collaboration, and the third computer contains the repositories for Oracle Content Services, and Oracle Workspaces.
The Applications tier contains two computers located in a DMZ and an optional SMTP Relay device. Each computer contains the Oracle Collaboration Suite Applications tier components and the OracleAS Single Sign-On server. The Oracle Calendar server is deployed on the Applications tier.
In Figure 3-5, Web clients connect with the OracleAS Single Sign-On server using an HTTP or HTTPS connection through ports 80 or 443 and mail clients optionally connect through the SMTP Relay device using port 25. The OracleAS Single Sign-On server authenticates login information against the Oracle Internet Directory and then passes the user request to the computer with the Applications tier components. The Applications tier components connect to the Oracle Internet Directory computer using an LDAP connection on port 389. Applications tier components, excluding Oracle Calendar, connect to their respective repositories on the remaining two Infrastructure tier computers using a database connection on port 1521.
The Oracle Collaboration Suite large deployment configuration is available for organizations with several thousand users. The large deployment configuration contains the following options:
This section describes a large deployment of most Oracle Collaboration Suite applications with dedicated Applications tier computers.
Figure 3-6 Large Deployment with Dedicated Application Tiers
The example in Figure 3-6 is limited to a deployment of Oracle Calendar, Oracle Content Services, Oracle Mail, and Oracle Real-Time Collaboration, however, other Oracle Collaboration Suite applications can also be deployed in this configuration.
The Infrastructure tier contains the following:
Two computers that provide identity management high availability
Two computers for the Oracle Real-Time Collaboration RAC database
Two computers for the Oracle Content Services RAC database
Two computers for the Oracle Mail RAC database
The Infrastructure tier computers connect to the following which are located in a Storage Area Network (SAN):
Oracle Internet Directory
Real-Time Collaboration Repository
Content Services Repository
Mail Repository
The Applications tier contains the following components on redundant dedicated computers:
OracleAS Single Sign-On Server
Oracle Calendar in a cold failover cluster
Oracle Real-Time Collaboration
Oracle Content Services
Oracle Mail
Figure 3-6 does not illustrate the connection flow between the various components deployed in this configuration. To understand the connection flow, please see the diagram and text in the "Single Computer Configuration" section. In this configuration, the following protocols are open to the customer network:
HTTP
HTTPS
LDAP
RTC
SMTP
IMAP
Calendar and FTP protocols
In this configuration, the following are limited protocols open to the customer Internet through Proxy:
HTTP
HTTPS
SMTP
RTC
This section describes a large deployment of most Oracle Collaboration Suite applications with duplicated Applications tier computers.
Figure 3-7 Large Deployment with Duplicated Application Tiers
The example in Figure 3-7, is limited to a deployment of Oracle Calendar, Oracle Content Services, Oracle Mail, and Oracle Real-Time Collaboration, however, other Oracle Collaboration Suite applications can also be deployed in this configuration.
The Infrastructure tier contains the following:
Two computers that provide identity management high availability
Two computers for the Oracle Real-Time Collaboration RAC database
Two computers for the Oracle Content Services RAC database
Two computers for the Oracle Mail RAC database
The Infrastructure tier computers connect to the following which are located in a SAN:
Oracle Internet Directory
Real-Time Collaboration Repository
Content Services Repository
Mail Repository
The OracleAS Single Sign-On server is deployed on the Applications tier on redundant dedicated computers. In addition, the following components are deployed on eight pairs of duplicated computers:
Oracle Calendar in a cold failover cluster
Oracle Real-Time Collaboration
Oracle Content Services
Oracle Mail
Figure 3-7 does not illustrate the connection flow between the various components deployed in this configuration. To understand the connection flow, see the diagram and text in the "Single Computer Configuration" section. In this configuration, the following protocols are open to the customer network:
HTTP
HTTPS
LDAP
RTC
SMTP
IMAP
Calendar and FTP protocols
In this configuration, the following are limited protocols open to the customer Internet through Proxy:
HTTP
HTTPS
SMTP
RTC
This section discusses Oracle Collaboration Suite High Availability Architectures
Availability is the degree to which an application or service is available with the expected functionality. This section discusses high availability deployment issues and options for Oracle Collaboration Suite.
This section consists of the Oracle Collaboration Suite high-availability requirements which are common to each Oracle Collaboration Suite architecture described later. Oracle Collaboration Suite high-availability architecture consists of the following components:
When a node contains multiple Oracle homes, a single shared oraInventory is used on each node except for the Oracle Calendar server cold failover cluster installation which must have its own oraInventory.
For high availability, Oracle recommends that this database be deployed as a Real Application Clusters (RAC) database in an active-active configuration.
Oracle home is installed on each node of the hardware cluster.
The hardware requirements for Oracle Collaboration Suite Database tier are as follows:
Hardware cluster with vendor clusterware and Oracle Cluster Ready Services (CRS)
Shared storage for the RAC database files and CRS files. Oracle database files can be on raw devices, Network Attached Storage (NAS), OCFS for Linux, or use Oracle Automatic Storage Management (ASM) or SAN
A virtual IP address for each cluster node
Oracle Internet Directory and OracleAS Single Sign-On tiers together provide the Identity Management service.
For high availability, Oracle recommends that multiple instances of Oracle Internet Directory and OracleAS Single Sign-On tiers be deployed or that the deployment be designed with redundancy to continue the Identity Management services in case there are issues with any of the Identity Management nodes. An active-active deployment of these tiers require load balancers.
Oracle home is installed on multiple nodes.
The hardware requirements for Identity Management tier are as follows:
Single node
Local storage
Nodes are front-ended by a load balancer to route requests to the Identity Management services on both nodes of the cluster.
For high availability, Oracle Calendar server is placed on a cold failover cluster because it is a single point of failure. This cold failover cluster installation requires shared storage for the Oracle home and oraInventory directory trees. The Oracle Calendar server file system database is contained under the Oracle home directory tree. To facilitate a cold failover cluster, a virtual IP address and host are required.
Oracle home and oraInventory are located on a dedicated shared storage of the hardware cluster. This Oracle home should have a separate oraInventory from Oracle home of other components so that when the shared file system is failed over, oraInventory is also failed over with the same mount point.
The hardware requirements for Oracle Calendar server are as follows:
Hardware cluster with vendor clusterware. The Calendar server can be on the same cluster as the Oracle Collaboration Suite Database but in the case of Linux, Oracle Cluster Ready Services and RedHat Cluster Manager cannot coexist. As a result, the failover has to be manual or Oracle Calendar server should be put on a cluster that is separate from the RAC database.
Shared storage for the Oracle home and oraInventory of Oracle Calendar server
A virtual IP address
Oracle Calendar server can be installed on its own cluster that is separate from the Oracle Collaboration Suite Database cluster, if required.
Oracle Collaboration Suite Applications nodes can be deployed in DeMilitarized Zone (DMZ). A load-balancer virtual server forms the front end for multiple application nodes. Client requests to the Oracle Collaboration Suite Application nodes are load balanced across the Oracle Collaboration Suite Applications nodes by the load balancer using the load-balancer virtual server.
An Oracle home is installed on each Oracle Collaboration Suite Applications node.
The hardware requirements for Oracle Collaboration Suite Applications node are as follows:
Single node
Local storage
Configured to work with a load-balancer virtual server front-end to route requests to applications on both nodes
In the architectures documented in the following section, all Oracle Collaboration Suite Applications components are installed on each Oracle Collaboration Suite Applications node. As an alternative to installing all the Oracle Collaboration Suite Applications components on each Oracle Collaboration Suite Applications node, it may be necessary or desirable to separate some Oracle Collaboration Suite Applications components to their own set of nodes.
For example, an installation may have a very large number of e-mail users and because of this you might want to separate the Oracle Mail component from the nodes containing other Oracle Collaboration Suite Applications. This would result in two nodes, one of which would contain only the Oracle Mail component and the other two of which would contain Oracle Collaboration Suite Applications nodes would contain all Oracle Collaboration Suite Applications components except for Oracle Mail. This is based on the assumption that each unique installation of Oracle Collaboration Suite Applications should have at least two nodes to ensure the availability of Oracle Collaboration Suite Applications. Therefore, if you do decide to separate an Oracle Collaboration Suite Application component from the rest of the Oracle Collaboration Suite Applications, plan on at least two additional nodes.
Oracle Collaboration Suite provides high-availability solutions for maximum protection against any kind of failure with flexible installation, deployment, and security options. There are three sample high-availability architectures for Oracle Collaboration Suite defined here:
Oracle Collaboration Suite Single Cluster Architecture
Oracle Collaboration Suite Colocated Identity Management Architecture
Oracle Collaboration Suite Distributed Identity Management Architecture
Details of these architectures are discussed in the following subsections.
The following table summarizes the details of Oracle home in the high-availability architectures.
Table 3-1 Oracle Home Details in High Availability Architecture
| Architecture | Oracle Collaboration Suite Database | Oracle Internet Directory/Directory Integration and Provisioning | OracleAS Single Sign-On/Delegated Administration Services | Oracle Calendar server | Oracle Collaboration Suite Applications |
|---|---|---|---|---|---|
|
Single Cluster Architecture with 2 nodes |
Separate Oracle homes are created on Node 1 and Node 2. |
Oracle homes are created on Node 1 and Node 2. Oracle Internet Directory/Directory Integration and Provisioning and OracleAS Single Sign-On/Delegated Administration Services have same Oracle homes. |
Same as the previous column. |
The Oracle home on shared disk is mounted and active on Node 1. If failover occurs the Oracle home on shared disk is mounted and active on Node 2. |
Separate Oracle homes are created on Node 1 and Node 2. |
|
Colocated Identity Management Architecture with 4 nodes
|
Separate Oracle homes are created on Node 1 and Node 2. |
Oracle homes are created on Node 3 and Node 4. Oracle Internet Directory/Directory Integration and Provisioning and OracleAS Single Sign-On/Delegated Administration Services have same Oracle homes. |
Same as the previous column. |
The Oracle home on shared disk is mounted and active on Node 1. If failover occurs the Oracle home on shared disk is mounted and active on Node 2. |
Separate Oracle homes are created on Node 3 and Node 4. |
|
Distributed Identity Management Architecture with 6 nodes
|
Separate Oracle homes are created on Node 1 and Node 2. |
Oracle homes are created on Node 3 and Node 4. |
Separate Oracle homes are created on Node 5 and Node 6. |
The Oracle home on shared disk is mounted and active on Node 1. If failover occurs the Oracle home on shared disk is mounted and active on Node 2. |
Separate Oracle homes are created on Node 5 and Node 6. |
Note:
For high availability, we require a RAC database configuration for Oracle Collaboration Suite Database which in turn requires Cluster Ready Services to be running. We cannot have a single cluster architecture on linux platform because Cluster Ready Services and RedHat Cluster Manager cannot coexist on the same hardware cluster.This architecture is a minimal box configuration so all the following tiers are installed on a single cluster.
Oracle Collaboration Suite Database
Identity Management Service
Oracle Calendar server
Oracle Collaboration Suite Applications
This architecture is not an out-of-box solution and requires multiple installations of Oracle Collaboration Suite and manual post-installation configuration. In this architecture, the highly available configuration is active-active or for Real Application Cluster (RAC) for Oracle Collaboration Suite Database 10.1.0.5, and active-active for Identity Management. Multiple active instances provide continued availability in case of failure of one instance. The database instance processes run on both the nodes of the hardware cluster. For the Identity Management to be highly available, the cluster is front ended by a load balancer.
See Also:
For information on installing Oracle Calendar, please see the following;The cluster configuration for Oracle Collaboration Suite consists of Oracle Collaboration Suite Database deployed on a cluster with two or more nodes. Figure 3-8 shows Node1 and Node2 in the cluster. Each Oracle Collaboration Suite Database node has a local copy of the Oracle Collaboration Suite software installed. All file-system based configuration files are local to each node as well. There is one single Oracle Collaboration Suite Database shared by all the database nodes. This RAC database is installed on a shared volume accessible by all Oracle Collaboration Suite Database nodes.
Oracle database instances exist on each node and concurrently open the database for read or write operation. The database instance processes and Identity Management processes run on both the nodes of the hardware cluster. Oracle home #1 and Oracle home #2 for Oracle Collaboration Suite Database are created in Node1 and Node2.
Oracle home #3 and Oracle home #4 are created for Identity Management service. Oracle home #6 and Oracle home #7 are created for Oracle Collaboration Suite Applications 10.1.1 and can include the following components:
Oracle Mail
Oracle Content Services
Oracle Search
Oracle Mobile Collaboration
Oracle Voicemail and Fax
Oracle Calendar
Oracle Real Time Collaboration
Oracle Discussions
Oracle Workspaces
Oracle Calendar server will store its data on file system residing on shared disk, which is accessed by only one node of the cluster at any given time. So Oracle Calendar server will only be running on cluster Node1 shown in Figure 3-8. Only after a failure of Oracle Calendar server on Node1, Oracle Calendar server becomes active on cluster Node2. Oracle home #5 is created for Oracle Calendar server and it includes the file system level database that stores all calendar-related data. This database is not an Oracle database.
Oracle Collaboration Suite Infrastructure
Oracle Collaboration Suite Infrastructure 10.1.1 requires some work around to configure highly available configuration for Identity Management and Oracle Collaboration Suite Database installation on a two-node cluster running Oracle Cluster Ready Services (CRS). If you plan to use Oracle Calendar server in a highly available configuration, you must have hardware cluster manager installed with Oracle CRS to support the cold hardware failover. Oracle home, where Oracle Collaboration Suite Infrastructure resides, must be on local file system on each node of the cluster.
The Identity Management components will be based on Oracle Application Server 10g (Release 10.1.2.0.2). The components will run on all nodes of the cluster in active-active node. A load balancer will be placed in front of Identity Management nodes to route requests to the Identity Management services on the nodes of the cluster.
Oracle Collaboration Suite Database is the Oracle 10g (Release 10.1.0.5) RAC database containing Oracle Collaboration Suite component schema information and Oracle Application Server 10g (Release 10.1.2.0.2) Metadata Repository. The RAC database will run in active-active mode. All instances of the RAC database can service requests.
This architecture separates the Oracle Collaboration Suite Database tier and the Identity Management tier rather than sharing nodes as in the Single Cluster Architecture. This architecture is not an out-of-box Oracle Collaboration Suite Database tier and requires multiple installations of Oracle Collaboration Suite and manual post-installation configuration.
In this architecture, the highly available configuration is active-active (RAC) for Oracle Collaboration Suite Database 10.1.0.5 and Identity Management.
The Oracle Collaboration Suite Database tier is created by using Metadata Repository Configuration Assistant (MRCA) or the Oracle Collaboration Suite Database only install option. The Identity Management tier is installed separately against the Oracle Collaboration Suite Database on multiple non-clustered machines.
Figure 3-9 shows Node1 and Node2 in the cluster. Oracle home #1 and Oracle home #2 are created for the existing Oracle 10g database with Oracle Collaboration Suite Database 10.1.1 in Node1 and Node2 respectively.
Oracle Calendar server will store its data on file system residing on shared disk, which is accessed by only one node of the cluster at any given time. So Oracle Calendar server will only be running on cluster Node1 shown in Figure 3-9. Only after a failure of Oracle Calendar server on Node1, Oracle Calendar server becomes active on cluster Node2. Oracle home #5 is created for Oracle Calendar server and it includes the file system level database that stores all calendar-related data. This database is not an Oracle database.
Oracle home #3 and Oracle home #4 are created for Identity Management on Node3 and Node4. On this tier, Identity Management includes the following components:
Oracle Internet Directory
OracleAS Single Sign-On
Delegated Administration Services
Oracle Directory Integration and Provisioning
Oracle home #6 and Oracle home #7for Oracle Collaboration Suite Applications 10.1.1 are created. On this tier, Oracle Collaboration Suite Applications 10.1.1 can include the following components:
Oracle Mail
Oracle Content Services
Oracle Search
Oracle Mobile Collaboration
Oracle Voicemail and Fax
Oracle Calendar
Oracle Real Time Collaboration
Oracle Discussions
Oracle Workspaces
A hardware load balancer is placed at the front end of the Identity Management machines and it balances the Identity Management traffic load.
Oracle Collaboration Suite Applications
In Colocated Identity Management Architecture, Oracle Collaboration Suite Applications is installed on separate machines outside Oracle Collaboration Suite Infrastructure. Each installation of Oracle Collaboration Suite will contain all the following components:
Oracle Mail
Oracle Content Services
Oracle Search
Oracle Mobile Collaboration
Oracle Voicemail and Fax
Oracle Calendar
Oracle Real Time Collaboration
Oracle Discussions
Oracle Workspaces
A load balancer front ends the Oracle Collaboration Suite Applications tier to load balance the requests to all the Applications tier servers.
This architecture is similar to Colocated Identity Management Architecture except that the Identity Management components, Oracle Internet Directory and OracleAS Single Sign-On, are distributed across multiple non-clustered servers in a DMZ.
This architecture is not an out-of-box Oracle Collaboration Suite Database tier and requires multiple installations of Oracle Collaboration Suite and manual post-installation configuration.
In this architecture, the highly available configuration is active-active (RAC) for Oracle Collaboration Suite Database 10.1.0.5, Oracle Internet Directory and OracleAS Single Sign-On.
In this configuration, Oracle Internet Directory is deployed on multiple non-clustered servers in DMZ and OracleAS Single Sign-On is installed on multiple non-clustered servers in DMZ. This configuration is not an out-of-box Oracle Collaboration Suite high-availability solution and it requires multiple installation of Oracle Collaboration Suite Infrastructure and manual post-installation configuration.
Oracle home #1 and Oracle home #2 are created for the existing Oracle 10g database with Oracle Collaboration Suite Database 10.1.1 in Node1 and Node2 respectively.
Oracle Calendar server will store its data on a file system residing on shared disk, which is accessed by only one node of the cluster at any given time. As a result, Oracle Calendar server only runs on cluster Node1 shown in Figure 3-10. Only after a failure of Oracle Calendar server on Node1, Oracle Calendar server becomes active on cluster Node2. Oracle home #5 is created for Oracle Calendar server and it includes the file system level database that stores all calendar-related data. This database is not an Oracle database.
Oracle home #3 and Oracle home #4 are created for Identity Management. On the Oracle Internet Directory tier, Identity Management includes the following components:
Oracle Internet Directory
Oracle Directory Integration and Provisioning
Oracle home #8 and Oracle home #9 for Oracle Collaboration Suite Applications 10.1.1 are created on Node5 and Node6. On this tier, Oracle Collaboration Suite Applications 10.1.1 includes the following components:
Oracle Mail
Oracle Content Services
Oracle Search
Oracle Mobile Collaboration
Oracle Voicemail and Fax
Oracle Calendar
Oracle Real Time Collaboration
Oracle Discussions
Oracle Workspaces
Oracle home #6 and Oracle home #7 for Identity Management in Oracle Collaboration Suite Infrastructure 10.1.1 are created on Node5 and Node6 as shown in Figure 3-10. On the Oracle Application Server Single Sign-On tier, Identity Management includes the following components:
Oracle Application Server Single Sign-On
Delegated Administration Services
The firewall ports to be opened are as follows:
Oracle Net
Oracle Internet Directory port
Oracle Internet Directory SSL port
A hardware load balancer is placed at the front end of the Oracle Internet Directory tier machines of Identity Management. It balances the Oracle Internet Directory traffic load. Another hardware load balancer is placed at front of the OracleAS Single Sign-On tier machines and it balances the HTTP traffic load.
Oracle Collaboration Suite Applications
In Distributed Identity Management Architecture, Oracle Collaboration Suite Applications is installed on separate machines outside Oracle Collaboration Suite Infrastructure. Each installation of Oracle Collaboration Suite will contain all the following components:
Oracle Mail
Oracle Content Services
Oracle Search
Oracle Mobile Collaboration
Oracle Voicemail and Fax
Oracle Calendar
Oracle Real Time Collaboration
Oracle Discussions
Oracle Workspaces
A load balancer front ends the Oracle Collaboration Suite Applications tier to load balance the requests to all the Applications tier servers.
Load balancers play a key role in all the high-availability architectures. Not only can load balancers balance the load across nodes but they can also detect when a node or the necessary application on a node is down and reroute traffic to an active node. Where a hardware load balancer is required, it will be configured to direct incoming requests for Oracle Application Server Single Sign-On, Oracle Internet Directory, and Oracle Collaboration Suite Applications. The load balancer will only be used for non-Oracle Net traffic such as HTTP, LDAP, HTTPS and so on. It is configured with three virtual servers as indicated in the preceding diagrams:
Oracle Internet Directory/Directory Integration and Provisioning: Virtual server A, ldap.mydomain.com
OracleAS Single Sign-On/Delegated Administration Services: Virtual server B, sso.mydomain.com
Oracle Collaboration Suite Applications: Virtual server C, ocs_app.mydomain.com
This section describes the configuration requirements for the load balancer for all the highly available configurations of Oracle Collaboration Suite. For high availability, the recommendations for load balancers are as follows:
The load balancer should be deployed in a fault tolerant configuration. Two load balancers should be used. These fault tolerant load balancers should be identical in terms of their configuration and capacity. Their failover should be automatic and seamless.
The load balancer type used should be able to handle both HTTP and LDAP traffic in the highly available configurations described in this chapter. Any load balancing mechanism that supports only one of the protocols cannot be used in the default configuration.
The load balancer should not drop idle connections. Any timeouts associated with dropping of connection should be eliminated.
Two load balancer settings are of primary importance for the highly available configuration:
The nodes to which the load balancer directs traffic.
The persistence setting of the load balancer
The persistence mechanism used should provide session level stickiness. By default, HTTP and Oracle Internet Directory requests both use the same virtual host address configured for the load balancer. Hence, the persistence mechanism used is available for both kinds of requests.
If the load balancer enables for the configuration of different persistence mechanisms for different server ports (LDAP and HTTP) for the same virtual server, then this is the recommended strategy. In this case, a cookie-based persistence with session-level timeout is more suitable for the HTTP traffic. No persistence setting is required for the LDAP traffic. If the load balancer does not allow specification of different persistence mechanisms for LDAP and HTTP, then the timeout value for session level stickiness should be configured based on the requirements of the deployed application. The recommended default stickiness timeout is 60 seconds. It should be adjusted based on the nature of the deployment and the load balancing achieved across the Oracle Collaboration Suite nodes. It should be increased if session timeouts are experienced by Delegated Administration Services users. It should be decreased if even load balancing is not achieved.
Load balancers come in many flavours and each may have its own configuration mechanism. Consult your load balancer documentation for the specific instructions to achieve these configurations
Each high-availability architecture option offers advantages and disadvantages.The following table summarizes the differences among the high-availability architectures.
| Single Cluster Architecture | Colocated Identity Management Architecture | Distributed Identity Management Architecture | |
|---|---|---|---|
| Type of Configuration | It is a minimal box configuration because all the tiers are installed on a single cluster. | Oracle Collaboration Suite Database tier, Oracle Collaboration Suite Applications and Identity Management tier are deployed separately. | Oracle Collaboration Suite Database tier, Oracle Collaboration Suite Applications, Oracle Internet Directory and OracleAS Single Sign-On are deployed separately. |
| Management | More system resource is required because everything is running on only two nodes.Also, it is not easy to secure this setup. | System usage is distributed since the Oracle Collaboration Suite Database tier is separated and network security can be stronger. | System usage is distributed even further than Colocated since the Oracle Collaboration Suite Database tier, Oracle Internet Directory tier, and OracleAS Single Sign-On tier are separated and network security can be stronger. |
| Cost | Cheapest solution | Cheaper than Distributed architecture. | Expensive solution |
