| Oracle® Identity Manager Installation Guide for WebSphere Release 9.0.3.1 Part Number B32462-02 |
|
|
View PDF |
| Oracle® Identity Manager Installation Guide for WebSphere Release 9.0.3.1 Part Number B32462-02 |
|
|
View PDF |
This chapter describes how to deploy Oracle Identity Manager in a clustered WebSphere application server environment.
This chapter discusses the following topics:
Overview of Setting Up a WebSphere Oracle Identity Manager Cluster
Installing Oracle Identity Manager Cluster using a Shared Directory
Post-Installation Configuration for Clustered Environments
Caution:
Deploying an application in a clustered environment is a highly complex procedure. This document assumes that you have expertise in installing and using applications in a WebSphere cluster. These instructions provide the Oracle Identity Manager-specific details only. They are not complete instructions for setting up a WebSphere cluster. For more information on clustering, refer to your WebSphere documentation.For a clustered environment, several host computers are required. Your configuration may vary, but these instructions describe using 4+n machines and are primarily focussed on Microsoft Windows. The following table describes the entities needed for a cluster, the computers that they run on, and the software required for the entities. Host computers and entities are labeled descriptively.
Table 9-1 WebSphere-based Oracle Identity Manager Cluster Host Computers
| Host Computer | Entities | Software | Description |
|---|---|---|---|
|
NDM_HOST |
XL_MODEL_NODE XL_MODEL_SERVER XL_CLUSTER |
WebSphere OracleIdentityManager |
Use the model node and server as a template. Configure the model server and copy it to the nodes for each application server in the cluster. Note: The model node is not part of the cluster. |
|
JMS_HOST |
XL_JMS_NODE |
WebSphere |
This is the Oracle Identity Manager message queue host computer. Create the XL_JMS_NODE on this computer. |
|
IIS_HOST |
IIS server |
IIS WebSphere Plug-in |
This is the IIS web server. The IIS server acts as the front end to the WebSphere cluster, and handles the load balancing. Install IIS and the WebSphere plug-in on this computer. |
|
XL_NODEn_HOST |
XL_NODEn |
WebSphere OracleIdentityManager |
Each application server in your cluster runs Oracle Identity Manager. The application servers run on one or more node host computers (replace n with the node number, such as XL_NODE1). You can have more than one application server for each node host computer. |
The following are the high-level tasks involved in setting up a WebSphere Oracle Identity Manager cluster.
Note:
Before setting up a clustered environment for WebSphere, make sure that all cluster members (machines) have their clock synchronized so that the Scheduler can operate properly.Task overview: Setting up a WebSphere Oracle Identity Manager cluster:
Install and upgrade the Network Deployment Manager on NDM_HOST.
See "Installing WebSphere Network Deployment Manager" for more information.
Install and upgrade WebSphere application server on NDM_HOST.
For steps 2-4, see "Installing WebSphere Application Server for a Cluster" for more information.
Install and upgrade WebSphere application server on JMS_HOST.
Install and upgrade WebSphere application server on each node host (XL_NODE1_HOST, XL_NODE2_HOST, and so on.).
Add the XL_MODEL_NODE and XL_JMS_NODE to the Network Deployment Manager.
See "Adding the Model and JMS Nodes to the Node Manager" for more information.
Create the XL_MODEL_SERVER on the XL_MODEL_NODE.
See "Creating the Model Server" for more information.
Create the XL_CLUSTER.
See "Creating the Cluster" for more information.
Prepare your database.
See "Using an Oracle Database for Oracle Identity Manager" or "Using a SQL Server Database for Oracle Identity Manager" for more information.
Install Oracle Identity Manager on NDM_HOST.
See "Installing Oracle Identity Manager on the Node Manager" for more information.
Copy the <XL_HOME> directory from NDM_HOST to JMS_HOST.
See "Copying the Oracle Identity Manager Directory to JMS_NODE" for more information.
Set up the WebSphere custom registry on NDM_HOST, XL_MODEL_NODE and XL_JMS_NODE.
See "Setting up a Custom Registry" for more information.
To add a node, copy the <XL_HOME> directory from NDM_HOST to XL_NODE1_HOST.
For steps 12-15, see "Adding Nodes and Servers to the Cluster" for more information.
Add Node XL_NODEn (for example, XL_NODE1) to the Node Manager.
Create a server (for example, XL_SERVER_ON_NODE1) on XL_NODE1 as a cluster member.
Set up virtual host information for the server.
Repeat steps 14-15 for each server you want to add to the node.
Repeat steps 12-15 for each node you want to add to the cluster.
Get the JNDI URL and update the JNDI references in the xlconfig.xml file associated with each server.
See "Updating the JNDI References" for more information.
Install the WebSphere Plug-in on IIS_HOST.
See "Installing the WebSphere Plug-in for IIS" for more information.
Set up the IIS server.
See "Configuring the IIS Plug-in" for more information.
Set up the Design Console.
See "Post-install Requirements for the Design Console" for more information.
Perform the post-installation tasks after deploying Oracle Identity Manager in your cluster.
See "Post-Install Configuration for Oracle Identity Manager and WebSphere" for more information.
WebSphere host (and component) computers require the IBM JVM. Conflicts may arise if any of the following is true:
Other JVM instances exist in PATH.
JAVA_HOME or CLASSPATH point to anything other than an IBM JVM 1.4.x installation.
If you have any other JVMs on the cluster machines, remove (uninstall) them before proceeding.
Unset the JAVA_HOME, ANT_HOME and CLASSPATH variables.
For a full WebSphere installation, you need the application server, application client and Network Deployment Manager installers.
Oracle recommends that at various points during the cluster setup, you make backups of the various components. This enables you to roll back changes rather than restart the entire process. WebSphere provides a script (backupconfig.<bat/sh>) that makes a compressed (zip) file of the configuration settings. This script takes the backup file name (with complete path) as an argument.
The configuration backup script stops the Node Manager as well as all the nodes on which it is run. (It is possible to get backups without stopping the nodes or Node Manager. However, Oracle recommends that you stop them before making the configuration backups.) After completing the configuration backups, make sure to restart the Node Manager (startmanager.<bat/sh>) as well as the Nodes (startnode.<bat/sh>).
Note:
After Oracle Identity Manager is installed and the custom registries are created, you must specify the user name and password to start the Node Manager or the nodes.When setting up the cluster, run the script at various times to save the current settings.
To back up your server configurations:
On the server host computer, create backup directories for the configurations you are backing up.
For example, to make a back up the Node Manager configuration, use the following command to create a directory for the backup:
mkdir C:\WAS_Backups\PreXL\NodeManagerConfig
or
mkdir /opt/WAS_Backups/PreXL/NodeManagerConfig
Change directories to the application server bin directory. For example:
cd <WEBSPHERE_HOME>\bin
Run backupconfig.<bat/sh> and specify a file name that is in the backup directory you created. For example:
backupconfig.bat
c:\WAS_Backups\PreXL\NodeManagerConfig\ConfigBkp.zip
or
./backupconfig.sh
/opt/WAS_Backups/PreXL/NodeManagerConfig/ConfigBkp.zip
Zip the installedApps directory under application server home directory, and store that in the same backup directory:
C:\WAS_Backups\PreXL\NodeManagerConfig\installedApps.zip
To install and upgrade Network Deployment Manager (NDM) on NDM_HOST you need the WebSphere NDM 5.1 installer. Ensure that your host meets the WebSphere requirements. See "WebSphere Software Host Requirements" for more information.
To install the NDM for Oracle Identity Manager:
Launch the NDM installer (double click Install.exe).
Note:
Node and host names are case-sensitive.For Host Name, enter a host name or enter the IP address of the host.
For Node Name, enter XL_MANAGER_NODE.
For Cell Name enter XL_CELL.
When you get to the node information screen:
Continue with the installation. When the NDM installer launches the WebSphere "First Steps" application, exit it and finish the installation.
To upgrade the NDM from 5.1 to 5.1.1 to 5.1.1.5 to 5.1.1.12, run the upgrade script from IBM.
Install the relevant fix packs.
Accept default values.
To verify Node Manager installation:
Use a browser to connect to the Node Manager administrative console using the following URL:
http://<NDM_HOST>:9090/admin
Note:
If the Node Manager is not running, use the Start menu on the host computer to start it.Log in and check the Cell name (which is displayed as the User ID) and the version number.
Back up the Node Manager. See "Backing Up the Configurations" for more information on creating backups.
Create back up directories, for example, use the commands:
mkdir C:\WAS_Backups
mkdir C:\WAS_Backups\Basic\NodeManagerConfig
or
mkdir /opt/WAS_Backups/
mkdir /opt/WAS_Backups/Basic/NodeManagerConfig
Change directories to the Deployment manager bin directory.
Run the back up batch file backupconfig.bat, for example, use the command:
backupconfig.bat C:\WAS_Backups\Basic\NodeManagerConfig\ConfigBkp.zip
or
backupconfig.sh /opt/WAS_Backups/Basic/NodeManagerConfig/ConfigBkp.zip
Zip the installedApps directory under DeploymentManager and store that in the same backup directory.
To install and upgrade WebSphere application server, you need the WebSphere 5.1 installer and upgrade scripts. Ensure that your host meets the WebSphere requirements. See "WebSphere Software Host Requirements" for more information.
Install WebSphere on:
NDM_HOST (for the model node)
JMS_HOST
Any node host computers (XL_NODE1, XL_NODE2, and so on.)
For each WebSphere host computer:
Install the server.
See Installing WebSphere Application Server for more information.
Upgrade the server.
See "Upgrading WebSphere Server" for more information.
Enable SOAP communications.
See "Enabling SOAP Communication to WebSphere" for more information.
Verify the installation.
See "Verifying Installation" for more information.
Create Backups.
See "Creating Backups" for more information.
Install version 5.1 of WebSphere with the full (default) installation option. During installation, specify the following values for the Node Name:
XL_MODEL_NODE for the Oracle Identity Manager model node (on NDM_HOST).
XL_JMS_NODE for the JMS host (on JMS_HOST).
XL_NODEn for any node host computers (on XL_NODE1, XL_NODE2, and so on.).
Note:
node names are case-sensitive.If you select a custom installation of WebSphere:
The path you specify for the application server location must end with AppServer (for example C:\IBM\WebSphere\AppServer).
Make sure that the following WebSphere components are installed during the WebSphere installation:
Admin scripting
Ant utilities
Assembly and Deployment tools
Embedded Messaging Server and Client
Once you install the WebSphere server, update it to the latest fix packs from IBM. Refer to the Oracle Identity Manager Release Notes to learn the certified WebSphere versions.
The Oracle Identity Manager installer communicates with WebSphere as a SOAP client (using JACL commands to create data sources, set up message queues, and other operations).
To enable SOAP:
Edit the following properties in the <WEBSPHERE_HOME>\properties\soap.client.props file on all application servers in the cluster:
com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid=xelsysadm com.ibm.SOAP.loginPassword=xelsysadm
Note:
If you used a user ID or password other than xelsysadm for WebSphere, enter those here.Edit the following properties in the <NDM_HOME>\properties\soap.client.props file, where <NDM_HOME> is the location of the WebSphere Network Deployment Manager and includes the /WebSphere/DeploymentManager/ directories.
com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid=xelsysadm com.ibm.SOAP.loginPassword=xelsysadm
Note:
If you used a user ID or password other than xelsysadm for WebSphere, enter those here.Once you have installed and upgraded the WebSphere application server, use the First Steps interface to verify the installation and stop the server.
Open the First Steps interface.
From the Start menu, select IBM WebSphere, then select Application Server v5.1, and then select First Steps.
Click Verify Installation.
Once you have verified the installation, click Stop the Server.
Back up the Nodes. See "Backing Up the Configurations" for more information on creating backups.
Back up the configurations of the following components:
MODEL_NODE
JMS_NODE
Each XL_NODEn
To create the backups, for each node:
Create a backup directory for each node you have installed.
For example, create the following:
C:\WAS_Backups\Basic\<Node>Config
or
/opt/WAS_Backups/Basic/<Node>Config
Run the backup script from the application server's bin directory.
Zip the installedApps directory, and save it in the same location.
Once you have installed WebSphere on the NDM_HOST and JMS_HOST, add those nodes to the Node Manager. Follow these instructions for each host computer.
Note:
Make sure the Node Manager is running.To add a node:
On the node host computer, open a command prompt.
Change directories to the bin directory on the application server.
Run the addNode.<bat/sh> script, specifying the Node Manager host name.
For example:
addNode.bat <NDM_HOST>
Note that <NDM_HOST> is the host name of the node manager's computer.
Note:
Host name is case-sensitive.To verify that the nodes have been added:
Use a browser to connect to the Node Manager administrative console at the following URL:
http://<NDM_HOST>:9090/admin
Log in to the system.
Click System Administration.
Click Nodes.
If the nodes were added, they should be displayed with status as synchronized. You can see the status by rolling your mouse over the icon displayed for the Node name in the Administrative and User Console.
Log out, then log back in again to refresh the list of nodes.
The model server serves as a template to create other servers for the cluster. The model server is not part of the cluster, and it does not serve any requests.
To create the model server:
Use a browser to connect to the Node Manager administrative console at the following URL:
http://<NDM_HOST>:9090/admin
Log in to the system.
Click Servers on the left panel.
Click Application Servers.
Click New.
Select the model node (XL_CELL/XL_MODEL_NODE).
Enter XL_MODEL_SERVER as the server name.
Make sure that the Generate Unique Http Ports option is enabled.
Select the first option for the template (default application server template).
Click Next.
Click Finish.
XL_MODEL_SERVER is displayed in the list of application servers.
Note:
Your changes are not saved until you click Save.At the top of the page, click Save.
Select Synchronize changes with Nodes.
Click Save to commit your changes.
A cluster is a group of application servers that appear as one to the client. All application servers that are used to service incoming calls must be part of this cluster. After you create the empty cluster, back up the system.
To create the cluster:
Use a browser to connect to the Node Manager administrative console at the following URL:
http://<NDM_HOST>:9090/admin
Log in to the system.
Click Servers on the left panel.
Click Clusters.
Click New.
Enter XL_CLUSTER as the cluster name.
Make sure you select the check boxes labelled Prefer local enabled and Create Replication Domain for this cluster.
Make sure the Do not include an existing server in this cluster option is selected.
Click Next.
Click Next (without entering any data).
Click Finish.
Click Save.
Your changes are saved.
Make sure the Synchronize changes with Nodes check-box is selected.
Click Save.
The XL_CLUSTER is created. At this point, it is an empty cluster.
Back up the Nodes. See "Backing Up the Configurations" for more information on creating backups.
Back up the configurations of the following components:
NDM_HOST
XL_MODEL_NODE
XL_JMS_NODE
To create the backups, for each node:
Create the backup directories:
C:\WAS_Backups\PreXL\<Node>Config
or
/opt/WAS_Backups/PreXL/<Node>Config
<Node> represents the name of the component.
Run the backup script from the bin directory on the application server.
Zip the installedApps directory, then save it in the same location.
The configuration backup command stops the Node Manager as well as all the nodes that it is run on. (While it is possible to get backups without stopping the nodes or Node Manager, Oracle recommends that you stop them before getting the configuration backups.) After completing the configuration backups, make sure to restart the Node Manager (use startmanager.<bat/sh>) as well as the Nodes (use startnode.bat/sh>).
In a WebSphere cluster, install Oracle Identity Manager server on the Node Manager. From that installation, deploy Oracle Identity Manager to the application servers in the cluster. Because the Oracle Identity Manager installer needs to communicate with the Node Manager server during the installation, make sure the deployment manager is running.
Note:
Stop all other applications running on the NDM_HOST, except for the Node Manager and the Model Node.Windows
To install the Oracle Identity Manager on the Node Manager on Windows:
Double click the setup_server.exe file.
After it launches, click Next.
Select a language on the Installer screen and click OK. The Welcome screen appears.
Click Next on the Welcome screen. The Admin User Information screen appears.
Enter a password you want to use for the Oracle Identity Manager Administrator, confirm the password by entering it again, and then click Next. The OIM Application Options screen appears.
Select Oracle Identity Manager or Oracle Identity Manager with Audit and Compliance Module and click Next.
Select the destination directory to install Oracle Identity Manager and click OK.
Click Next.
Click Next.
Select your database type and click Next.
Enter the database information and click Next.
Select the authentication and click Next.
Select WebSphere Application Server and click Next.
Select Yes for clustering.
Enter the cluster name and click Next.
Enter the Network Deployment Manager Information.
Provide the location where the Deployment Manager is installed. The default value is C:\Program Files\WebSphere\DeploymentManager.
Provide the location of the Deployment Manager's JDK. The default value is C:\Program Files\WebSphere\DeploymentManager\java.
Click Next.
For the WebSphere information.
Provide the hostname of the machine running the Deployment Manager (NDM-HOST)
Note:
Do not use localhost. Specify the hostname or IP address.Enter the cell name (XL_CELL).
Enter the model node name (XL_MODEL_NODE).
Enter the model server name (XL_MODEL_SERVER).
Click Next.
Enter the name of the JMS node name (XL_JMS_NODE) and click Next.
Click Next and then click Install to install Oracle Identity Manager.
This may take some time. Watch the SystemOut.log file in the C:\Program Files\WebSphere\DeploymentManager\logs\dmgr directory to monitor the progress.
Click Finish when installation has completed.
UNIX or Linux
To install the Oracle Identity Manager on the Node Manager on UNIX or Linux:
From the console, change directory (cd) to the installServer directory on the installation CD and run the install_server.sh using the following command:
sh install_server.sh
Note:
If you are not installing Oracle Identity Manager from distributed media (a CD), you must set the execute bit of all shell scripts under in the installServer directory. To set the execute bit for all shell scripts recursively, cd to the installServer directory and run the
chmod -R u+x *.sh command.The installer starts in console mode.
Choose a language by entering a number from the list of languages.
Enter 0 to apply the language selection. The Welcome Message panel appears.
Enter 1 on the Welcome Message panel to display the next panel.
The Admin User Information panel appears.
Enter a password you want to use for the Oracle Identity Manager Administrator, confirm the password by entering it again, and then enter 1 to move to the next panel.
The OIM Application Options panel appears.
Enter 1 on the OIM Application Options panel to display the next panel.
The Select the Oracle Identity Manager application to install panel appears.
Select the application to install:
Enter 1 for Oracle Identity Manager.
Enter 2 for the Oracle Identity Manager with Audit and Compliance Module.
Enter 0 when you are finished and then enter 1 to move to the next section. The Target directory panel appears.
On the Target directory panel, complete one of the sub-steps that follow:
Enter the path to the directory where you want to install Oracle Identity Manager, for example, /opt/oracle/.
Enter 1 to move to the next panel.
If the directory does not exist, you are asked to create it. Enter y, for yes. The Database Server Selection panel appears.
Specify the type of database you are using.
Enter 1 to select Oracle.
Enter 2 to select SQL Server.
Enter 0 to finish.
Enter 1 to move to the next panel.
The Database Information panel appears.
Enter your database information:
Enter the database host name or IP address.
Enter (or accept the default) port number.
Enter the SID for the database name.
Enter the database user name for the account that Oracle Identity Manager uses to connect to the database.
Enter the password for the database account that Oracle Identity Manager uses to connect to the database.
Enter 1 to move to the next panel.
The Authentication Information panel appears.
Select the authentication mode for the Oracle Identity Manager web application.
Enter 1 for Oracle Identity Manager Default Authentication.
Enter 2 for SSO Authentication.
Enter 0 when you are finished.
If you select SSO authentication, you must provide the header variable used in the Single Sign-On system when prompted.
Enter 1 to move to the next panel.
The Application Server Selection panel appears.
Specify your application server type.
Enter 2 for IBM WebSphere.
Enter 0 when you are finished.
Enter 1 to move to the next panel.
The Cluster Information panel appears.
On the Cluster Information panel:
Enter 1 for Yes.
Enter 0 when you are finished.
Enter the cluster name at the prompt.
Enter 1 to move to the next section.
The Application Server Information panel appears.
Enter the Network Deployment Manager Information.
Provide the location where the Deployment Manager is installed. The default value is /opt/WebSphere/DeploymentManager.
Provide the location of the Deployment Manager's JDK. The default value is /opt/WebSphere/DeploymentManager/java.
Enter 1 to move to the next section.
For the WebSphere information:
Provide the hostname of the machine running the Deployment Manager (NDM-HOST)
Note:
Do not use localhost. Specify the hostname or IP address.Enter the cell name (XL_CELL).
Enter the model node name (XL_MODEL_NODE).
Enter the model server name (XL_MODEL_SERVER).
Enter 1 to move to the next section.
Enter the name of the JMS node name (XL_MODEL_SERVER) and enter 1 to move to the next panel.
When a message appears warning you to back up your application server, proceed to back up your installation, then enter 1 to move to the next section.
On the Installation summary information page, verify the information displayed, then do one of the following:
Enter 2 to go back and make changes.
Enter 1 to start the installation.
After Oracle Identity Manager installs, the Completed panel appears. Enter 3 to finish and exit.
After successful installation, the Oracle Identity Manager application is visible on the Deployment Manager administrative console.
To verify the installation:
Use a browser to connect to the Node Manager administrative console at the following URL:
http://<NDM_HOST>:9090/admin
Note:
If you were using an administrative console browser window that you had logged into before the Oracle Identity Manager installation, log out, then log back in to refresh the display.Log in to the system.
Click Applications on the left panel.
Click Enterprise Applications.
Xellerate and Nexaweb are displayed in the list of applications.
Copy the <XL_HOME> directory (the default is C:\oracle) to JMS_NODE.
Note:
All Oracle Identity Manager cluster participant machines must have their <XL_HOME> directory in the same location.Oracle Identity Manager uses J2EE JAAS authentication mechanism to authenticate users. This requires a custom registry. It also requires the JAAS authentication model to be installed on each of the nodes. You must perform the following steps on NDM_HOST, XL_MODEL_NODE and XL_JMS_NODE.
To set up the custom registry on NDM_HOST:
Open a command window on NDM_HOST.
Change to the Oracle Identity Manager setup directory. For example:
cd C:\oracle\xellerate\setup
Run the setupWebsphereCustomRegistry.cmd <NDM_HOME> command, where <NDM_HOME> is the location of the WebSphere Network Deployment Manager and includes the /WebSphere/DeploymentManager/ directories.
To set up the custom registry on XL_MODEL_NODE:
Open a command window on XL_MODEL_NODE.
Make sure the <XL_HOME> directory was copied from NDM_HOST to XL_MODEL_NODE.
Note:
This step is not needed if XL_MODEL_NODE is created on the same machine as NDM_HOST.Change to the Oracle Identity Manager setup directory. For example:
cd C:\oracle\xellerate\setup
Run the setupWebsphereCustomRegistry.cmd <WEBSPHERE_HOME> command, where <WEBSPHERE_HOME> represents the location where WebSphere is installed on XL_MODEL_NODE.
To set up the custom registry on JMS_HOST:
Open a command window on JMS_HOST.
Make sure the <XL_HOME> directory was copied from NDM_HOST to JMS_HOST.
Change to the Oracle Identity Manager setup directory. For example:
cd C:\oracle\xellerate\setup
Run the setupWebsphereCustomRegistry.cmd <WEBSPHERE_HOME> command where <WEBSPHERE_HOME> represents the location where WebSphere is installed on JMS_HOST.
XL_CLUSTER is now created, but at this point it is an empty cluster that does not contain any Oracle Identity Manager nodes.
Back up the configurations for the following components:
NODE_MANAGER
MODEL_NODE
JMS_NODE
To create the backups for each node:
Create the backup directories, for example:
C:\WAS_Backups\PostXL\<Node>Config
or
/opt/WAS_Backups/PostXL/<Node>Config
Run the backup script from the bin directory of the application server (or Node Manager).
Zip the installedApps directory, then save it in the same location.
Restart the Node Manager and the Nodes.
The backup command stops the node manager and the node agents (on their respective machines). All these nodes and the node manager must be restarted to continue with the installation.
To restart the node manager on NDM_HOST:
Change to the bin directory. For example:
cd C:\Program Files\WebSphere\DeploymentManager\bin
Run the start command and specify the user and password.
For example:
startmanager.bat -username xelsysadm -password xelsysadm
Note:
If you used a user ID or password other than xelsysadm, enter those here.Note:
From this point on, you must specify the proper user name and password to start or stop the Node Manager or the nodes in this cell. This is the result of Oracle Identity Manager setting up the WebSphere custom registry for JAAS authentication.To restart a node on the node host:
Change to the bin directory. For example:
cd <WEBSPHERE_HOME>\bin
Run the start command and specify the user and password.
For example:
startnode.bat -username xelsysadm -password xelsysadm xelsysadm
The Oracle Identity Manager WebSphere cluster (XL_CLUSTER) is now created, but it is empty. You need to add servers to the cluster. When you installed WebSphere on your Node hosts (XL_NODE1_HOST, XL_NODE2_HOST… XL_NODEnHOST) you named each node. Before you can add a node, you need the SOAP port number that Node Manager uses to listen for and service administrative commands.
To get the SOAP port:
Make sure that Node Manager is running.
Use a browser to connect to the Node Manager administrative console at the following URL:
http://NDM_HOST:9090/admin
Log in using Oracle Identity Manager Administrator name and password you specified during installation.
Click System Administration in the left-hand side panel.
Click DeploymentManager.
Click End Points.
Click SOAP CONNECTOR ADDRESS.
The port number displayed on this page is the one that is needed to add a node to the cell. Make note of the port number (SOAP_PORT).
Note:
You also need this port number to update the JNDI references See "Updating the JNDI References" for more information.To finish setting up the cluster, for each node:
Copy the <XL_HOME> directory from NDM_HOST to the node host.
Make sure you copy it to the same location (such as, C:\oracle).
On the node host, change directories and move to the Oracle Identity Manager setup directory. For example, use the following command:
cd C:\oracle\xellerate\setup
Open the xlAddNode.<bat/sh> script and set the path to the WebSphere installation directory on the node host.
Run the xlAddNode.<bat/sh> script. This script adds the node to the Node Manager, sets up the custom registry, sets the system properties, synchronizes the node with the node manager, and starts the node. Run the script with the following parameters:
xlAddNode.bat <NODE_NAME> <NDM_HOST> <SOAP_PORT> <user> <password>
For example, to add XL_NODE1, use the command:
xlAddNode.bat XL_NODE1 NDM_HOST 8879 xelsysadm
xelsysadm
Notes:
Node names are case-sensitive.
Create one or more servers on each node.
See "Creating a Server" for more information.
Set up virtual host information for each server.
See "Setting up the Server Virtual Host Information" for more information.
On each node, create one or more servers that are members of the XL_CLUSTER. Use the Node Manager administrative console to do this.
To create a server:
Make sure that Node Manager is running.
Use a browser to connect to the Node Manager administrative console at the following URL:
Log in using Oracle Identity Manager Administrator name and password you specified during installation.
Click Servers.
Click Clusters.
Click XL_CLUSTER.
Click Cluster members.
Click New.
Name the server. Use a descriptive naming convention for the cluster member name (such as XL_SERVER1_ON_NODE1).
Select the node to manage this server (XL_NODE1).
Make sure the Generate Unique Http Ports check-box is selected.
In the template section, select the Existing application server option.
From the list, select XL_CELL/XL_MODEL_NODE/XL_MODEL_SERVER as the template server.
Click Apply.
Click Next.
Click Finish.
At the top of the page, click Save.
Make sure the Synchronize changes with Nodes check-box is selected.
Click Save.
The server is created as a member of the XL_CLUSTER.
The application server uses the virtual host information setup on the Node Manager to properly configure the web server plug-ins to distribute the load and deal with failover. When you add a server to the cluster, update the virtual host information.
To update the virtual host information:
Make sure that Node Manager is running.
Use a browser to connect to the Node Manager administrative console at the following URL:
http://NDM_HOST:9090/admin
Log in using Oracle Identity Manager Administrator name and password you specified during installation.
In the left panel, click Servers.
Click Application Servers.
Click XL_SERVER1_ON_NODE1.
Click Web Container.
Click HTTP transports.
Note the port numbers shown on this page, for example, port 9082 for HTTP and 9445 for HTTPS.
In the left panel, click Environment.
Click Virtual Hosts.
Click default_host.
Click Host Aliases.
Click New.
Enter * for the Host Name.
Enter the previously noted HTTP port number in the Port field.
Click Apply.
At the top of this page, click Host Aliases.
Click New.
Enter * for the Host Name.
Enter the previously noted HTTPS port number in the Port field.
Click Apply.
At the top of this page, click Save.
Make sure the Synchronize changes with Nodes check-box is selected.
Click Save.
Virtual host setup for the server is complete.
When cluster members are added or removed, the JNDI references in Oracle Identity Manager must be updated. The JNDI references include the hostname and WebSphere bootstrap port numbers for each server in the cluster. The JNDI references are specified in Oracle Identity Manager's xlconfig.xml file.
Oracle provides a tool that communicates with the Node Manager, gets the list of servers that are part of the cluster (with the corresponding bootstrap ports), constructs the JNDI URL, and prints it out. Update the xlconfig.xml file on each of the nodes with this URL.
To update the JNDI reference:
On NDM_HOST, change to the Oracle Identity Manager setup directory.
For example, use the command:
cd C:\oracle\xelleate\setup
Edit the websphereConfigUtility.cmd file to make sure that the values of the WS_HOME and XL.HomeDir variables are set correctly.
If they aren't, change these values to appropriate values.
Execute the command file.
For example, use the following command with arguments.
websphereConfigUtility.cmd <NDM_HOST> <SOAP_PORT>
xelsysadm xelsysadm getjndiurl
Note:
If you used a user ID or password other than xelsysadm for WebSphere, enter those here.Note:
For instructions on how to get the SOAP_PORT number, see "Adding Nodes and Servers to the Cluster" for more information.The output from the tool includes a JNDI URL. For example:
corbaloc:iiop:XL_NODE1_HOST:9812,XL_NODE2_HOST:9813
Note:
This sample URL includes references to two cluster members (servers).Edit the xlconfig.xml file in the C:\oracle\xellerate\config directory.
Replace all four instances of the java.naming.provider.url with the URL from the tool.
Note:
Use the URL for the Design Console also. See "Installing Oracle Identity Manager Cluster using a Shared Directory" for more information.Save and close the xlconfig.xml file.
Copy the modified xlconfig.xml file to all the nodes in XL_CELL (in other words, to the corresponding C:\oracle\xellerate\config directory).
After you copy this file to all the nodes, restart the servers in the XL_CLUSTER.
Use the Node Manager administrative console to do this. Make sure that Node Manager is running.
Use a browser to connect to the Node Manager administrative console (http://NDM_HOST:9090/admin).
Log in using Oracle Identity Manager Administrator name and password you specified during installation.
In the left panel, click Servers.
Click Application Servers.
Make sure the check-boxes for all the Oracle Identity Manager servers (<XL_SERVERn_ON_NODEn>) are selected.
These are the servers that run the Oracle Identity Manager application.
Click Start.
After the servers start, the green arrow in the status column indicates that the servers are running.
To verify that the application was deployed properly on the nodes, point a browser at one of these servers. Use the HTTP port number added in the Virtual Host setup section. See "Setting up the Server Virtual Host Information" for more information.
For example, use the following URL:
http://XL_NODE1_HOST:<HTTP_PORT>/xlWebApp
The front end for your WebSphere cluster is an IIS server (running on IIS_HOST). Clients connect to this server, which sends requests to the servers in your cluster. Install the WebSphere plug-in on IIS_HOST.
To verify that IIS is installed:
On IIS_HOST, open the Control Panel and select Add/Remove Programs.
Click Add/Remove Windows Components.
Select Application Server and click Details.
If IIS is not installed, select the Internet Information Service (IIS) check-box.
Click Next.
IIS installs.
Click Finish.
The WebSphere plug-in is installed by performing a custom WebSphere installation.
To install the plug-in on Microsoft Windows 2000:
Launch the WebSphere 5.1 base installer.
Choose the Custom setup option.
Ensure that only the Web Server Plug-ins and the Microsoft Internet Information Services options are selected. Deselect all other features.
Pick the install location and complete the installation.
To enable the plug-in within IIS, then verify that it is working, launch the Internet Services Manager in Administrative Tools.
Right-click the icon for the IIS server, then select Restart IIS from the shortcut menu.
Click OK to restart the IIS Service and enable the WebSphere plug-in for IIS.
After the restart process finishes, right-click the server, then select Properties from the shortcut menu.
Click Edit beside WWW Services under Master Properties.
In the ISAPI Filters tab, ensure that sePlugins is displayed with high priority and a green upward arrow.
To install the plug-in on Microsoft Windows 2003:
Launch the WebSphere 5.1 base installer.
Choose the Custom setup option.
Ensure that only the Web Server Plug-ins and the Microsoft Internet Information Services options are selected. De-select all other features.
Select the installation location, and complete the installation.
To enable the plug-in within IIS, then verify that it is working, launch the Internet Infromation Services (IIS) Manager in Administrative Tools.
Expand the computer name.
Expand the Web Sites folder.
Right-click Default Web Site, choose New, and then click Virtual Directory.
In the Welcome to Virtual Directory Creation Wizard window, click Next to go to the next window.
In the Virtual Directory Alias window, enter sePlugins as the alias and then click Next.
In the Web Site Content Directory window, browse to the location where you install the WebSphere Plugins. Ensure that you include the bin directory (for example, C:\WSPlugin\bin) then click Next.
In Virtual Directory Access Permissions, ensure that Read, Run Scripts, and Execute are selected. Click Next after you finish checking permissions.
Click Finish on the next window.
Right-click the computer icon, select All Tasks, and then click Restart IIS.
Click OK to restart the IIS Service and enable the WebSphere plug-in for IIS.
After the restart process finishes, expand the Web Site folder, right-click Default Web Site, then select Properties from the shortcut menu.
In the ISAPI Filters tab, ensure that sePlugins is displayed with high priority and a green upward arrow.
The following procedure describes how to configure the IIS plug-in, export the configuration from the Node Manager and install it.
To configure the IIS plug-in and install the configuration:
Make sure that Node Manager is running.
Use a browser to connect to the Node Manager administrative console (http://NDM_HOST:9090/admin).
Log in using Oracle Identity Manager Administrator name and password you specified during installation.
In the left panel, click Environment.
Click Update Web Server Plug-in.
Click OK.
The web server plug-in configuration updates and a message appears at the top of the page.
The generated file is:
<NDM_HOME>\config\cells\plugin-cfg.xml
<NDM_HOME> is the location of the WebSphere Network Deployment Manager and includes the /WebSphere/DeploymentManager/ directories.
Make a backup copy of the existing IIS server WebSphere plug-in configuration file.
The default location is <WEBSPHERE_IISPlugin_HOME>\config\cells\plugin-cfg.xml, where <WEBSPHERE_IISPlugin_HOME> refers to the installation directory of the IIS Plugin.
Copy the new plugin-cfg.xml file from the Node Manager to the install directory of the IIS server WebSphere plug-in.
Open the file on the IIS server.
Several of the paths in the new configuration file must be updated to reflect the files of the IIS server. Generally the Node Manager is installed in a folder named DeploymentManager, while the plug-in is always installed in AppServer. Change the directories in the configuration file to specify the correct paths for the logs and key files.
Save and close the file.
Restart the IIS server.
Use the following task overview to install Oracle Identity Manager on a WebSphere clustered environment using a shared directory. You must perform the steps in the task overview in the order shown.
Task overview: Installed a cluster using a shared directory:
Create a shared directory on the file server designated for Oracle Identity Manager.
This shared directory can be on a Solaris machine with NFS or on a Windows share.
On all the machines that will be hosting Oracle Identity Manager, map this drive using the same drive letter on each machine.
If the installation is on Solaris, mount the NFS partition on the same mount point.
Install Oracle Identity Manager using the standard installation instructions.
Provide the installation location on the shared drive.
When adding a new host to the cluster, map the drive as in step 2, thereby making Oracle Identity Manager home directory available for use.
Modify the xlAddNode command to provide the proper Oracle Identity Manager location as well as the WebSphere location.
Run the xlAddNode command.
Note:
If the log.properties file is modified to include a File Appender to log the Oracle Identity Manager messages into a separate file, make sure to provide a location on the local drive. Also, ensure that the same location exists on all the nodes.This section describes how to perform a partitioned installation of Oracle Identity Manager onto a WebSphere clustered environment.
WebSphere clustered environments for a partitioned installation are the following:
An independent clustered environment – where Scheduled Task and Front Office are processed.
Two independent installations of Oracle Identity Manager share the same database.
A multiple clustered environment – where the same Network Deployment Manager (NDM) is used for hosting different components.
Here are some important points to consider before you choose the type of clustered environment you wish to install the partitioned Oracle Identity Manager:
Adapters and scheduled jobs can invoke APIs and submit messages.
These API calls are processed where APIs are hosted (at the Core Server). Also, the submitted messages are processed where Message Driven Beans (MDBs) are hosted. Hence, scheduled job execution is truly distributed among three components: the APIs, MDBs and Schedule Job itself.
All off-lined tasks will be executed partly by the API layer and partly by the MDB layer.
Currently, request initiation and reconciliation are off-lined, but more tasks are planned to be off-lined in the future.
In theory, it is possible to install a Scheduler a single machine.
However when a schedule task executes, it calls the APIs. For the reconciliation tasks, they call APIs as well as submit messages. Hence, true processing of scheduled tasks occurs in the APIs and MDBs.
For an independent clustered environment, two separate Oracle Identity Manager installations that will share the same database. The first installation of Oracle Identity Manager is designed to handle Front Office (that is, user requests for administration, provisioning and so on.) The second installation is designed to handle Back Office (for only the Schedule Task execution).
The Figure 9-1 shows two independent clustered environments: Front Office and Back Office:
The following items discuss some important points needed for the independent clustered environment:
The Front Office installation must include MDBs, as the Front Office is unaware of the existence of the Back Office.
However, it is possible to overcome this limitation by using WebSphere MQ.
The Back Office installation must include APIs, as they are called by the Scheduled Tasks.
Both installations can be either clustered or non-clustered.
For example, Front Office can be a cluster, while Back Office runs on a single (but powerful) machine.
Caching must be configured as a single cluster by using the same multi-cast IP address between both the clusters.
If the same IP cannot be used, the cache must be flushed in both the clusters after an import or a change to process definition, resource object definition, and so on.
The following advantages inhere to the independent clustered environment:
The clustered environments use different platform types.
For example, the Front Office can be Windows-based, while the Back Office is Solaris-based.
The entire Schedule Task execution is processed in the Back Office cluster with reasonable predictability.
There is one Java Virtual Machine (JVM) for each machine (or one application server instance running for each machine).
The following disadvantages inhere to the independent clustered environment:
The clusters are rigid in their processing duties.
For example, the Front Office processing cannot be delegated to the Back Office cluster, and vice-versa even if the other cluster is under-utilized at that time. Therefore, under no circumstances can the Front Office cluster share the load on the Back Office cluster.
The Design Console must be configured to work with the Back Office cluster and be able to schedule jobs, and so on.
Since the Back Office cluster does not qualify as a true "back-office cluster", it causes the limitation of off-lined tasks.
It also restricts processing to the Front Office cluster. For example, off-lining task approvals occur in the Front Office cluster.
The following are guidelines for installation:
Install Oracle Identity Manager in the Front Office cluster by following the clustered installation steps in this guide.
During the installation, select Database Install to install the database.
During the installation deselect Scheduler, as you do not want the Scheduler to execute in the Front Office cluster.
Install Oracle Identity Manager in the Back Office cluster by following the instructions in this guide.
For the Back Office you must use the appropriate steps (clustered or non-clustered) based on how you configure your environment.
During the installation, do not select "Install Database" for the Back Office.
During the installation, do not select the web application.
Make sure the Cache\MultiCastAddress is same for both the Front Office and Back Office installations to ensure cache flushing on both clusters.
After installing Oracle Identity Manager in a multiple-clustered environment, where clusters share the same Node Domain Manager (NDM), you can add more servers and create more clusters. You can also map modules to different clusters using the WebSphere administrative console.
Figure 9-2 shows that the multiple-clustered environment is hosting different modules. If you need to configure a machine (host) for multiple functions, then you can map multiple modules to this host.
Note:
When creating the Oracle Identity Manager Cluster using the WebSphere administrative console, make sure that you select the Prefer Local checkbox so that the local EJBs are "preferred" over the remote EJBs.The following are advantages of the multiple-clustered environment:
Has the ability to load balance processing where the Back Office cluster can take on work, and vice versa.
For example, there are times when the API cluster on the Front Office can process scheduled tasks.
The Back Office cluster represents a true "Back Office" where designated off-lined tasks are processed within the Back Office machines.
The Design Console points to the same cluster for all operations.
There is a central administration of the WebSphere cluster.
The following are disadvantages of the multiple-clustered environment:
Multiple JVMs will be running on all the machines within the cluster.
The impact on performance is unknown.
After applying patches, you must perform manual steps to map modules into the proper cluster, as the current patch mechanism cannot accommodate the two separate deployments.
Install WebSphere by following the clustered installation steps in this guide, but name the cluster XL_API_CLUSTER (instead of XL_CLUSTER).
Create additional clusters: XL_API_CLUSTER, WebCluster and BackOfficeCluster.
Add servers into the clusters using the same model server for all of them.
In the web cluster, add servers into the nodes participating in the Front Office.
Note:
To indicate that the server is hosting web components, append the word "Web" to the end of the server name. For example, Node1Server1Web.In the Back Office cluster add servers into the nodes participating in the "Back Office." Use the suffix, BackOffice or BO.
Create servers in XL_API_CLUSTER and add the suffix API to the servers.
Map modules into different clusters:
Click Enterprise Applications, then click Oracle Identity Manager.
Click Map modules to Application Servers.
Select the xlWebApp.war and then select the WebCluster from the list on the top.
Click Apply.
xlWebApp.war runs on Web Cluster.
Select xlBackOfficeBeans, xlScheduler.war, and SchedulerBean, then map them to the BackOffice cluster.
Save the changes.
Modify xlconfig.xml and change the Discovery section. Include the boot strap ports of the correct servers to find the various components.
Edit the websphere.profile and make sure the cluster name is XL_API_CLUSTER.
Run websphereConfigUtility.cmd to get the list URL to be used for CoreServer component.
Perform the same steps for "BackOfficeCluster" to get the JNDI URL to be used for BackOffice, Scheduler and JMSServer components.
Start all the clusters.
Restart the application.
Follow these guidelines when scaling up your environment:
To add more machines to handle Front Office requests, add a new node then add servers in both the WebCluster and the API Cluster.
To add more processing power in the Back Office cluster, add a new node, then add servers to the API Cluster and the Back Office Cluster on that node.
To deploy an Oracle Identity Manager-supported integration on your WebSphere clustered environment, you must make sure that the integration is accessible for all cluster members. Refer to the Oracle Identity Manager Connector Pack Release Notes located at the Oracle Technology Network site to learn about supported connectors for Oracle Identity Manager.
During the Oracle Identity Manager installation, the Oracle Identity Manager folder, Oracle (by default) is generated. This folder contains configuration information, for example, third-party libraries, keystores, scheduled tasks, adapter classes, and so on. In a WebSphere clustered environment, make sure that this folder is installed as a shared folder and is centrally located so that all cluster members can access the latest configuration information referenced by the application server.
Note:
See "Installing Oracle Identity Manager Cluster using a Shared Directory" for detailed instructions.For any Oracle Identity Manager-supported integrations that are deployed using a Secure Socket Layer (SSL) connection between the target system (for example, Active Directory) and the clustered WebSphere application server, you must import the target system SSL certificate file into the trusted store for each cluster member machine.
For a standard WebSphere deployment, the target system SSL certificate must be imported to <WEBSPHERE_HOME>/etc/DummyServerTrustFile.jks. The default password for this file is WebAS. In a customized WebSphere deployment where a different trusted store is used, you must import the target system SSL certificate to that store.
Make sure that all cluster members (computers) have their system clocks synchronized. Oracle recommends that you do not run clustering on separate machines unless their system clocks are synchronized using some form of time-sync service (daemon) that runs frequently. The clocks must be within a second of each other. See http://www.boulder.nist.gov/timefreq/service/its.htm for more information using the time-sync service.
Caution:
Never start a non-clustered instance against the same set of tables that another instance is running against. You will experience serious data corruption and erratic behavior.After completing the steps in this chapter, be sure to perform the post-installation configuration tasks for your clustered environment by referring to "Post-Install Configuration for Oracle Identity Manager and WebSphere" to complete the cluster deployment.
